JP2010009621A - Information processing method and apparatus therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve a problem wherein an access right settable application is limited in an access right management system, and wherein a desired access right can not be set to an electronic document when a specified application is not mounted on information equipment used by a user. <P>SOLUTION: Data is received from an outside (S103), and an access right ID is extracted from a prescribed position of the received data (S104), the access right ID is transmitted to an access right management server (S108), and a document ID and a cryptographic key are acquired from the access right management server (S110). Then, the received data is enciphered using the cryptographic key (S111), and the document ID is added to the enciphered data to be stored in a memory (S112, S113). <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to information processing for controlling access rights of electronic data.

  In recent years, access to electronic documents (viewing, editing, printing, etc.) is permitted only to specific users in order to prevent information leakage. Alternatively, an electronic document access right management system having a function of setting an expiration date for an electronic document and prohibiting access to the electronic document after the expiration date has been developed. In such an access right management system, when an electronic document is created, the access right is controlled by a policy applied to the document.

  As such an access right management server, there is a policy server (Non-Patent Document 1) of Adobe (registered trademark), for example. Policy Server can control the above access rights for PDF (Portable Document Format) files. However, the company's Acrobat (registered trademark) is the only application that can set access rights using Policy Server.

  In addition, Information Rights Management (IRM) (Non-Patent Document 2) announced by Microsoft (registered trademark) enables the above-described access right control. However, the only application that can set access rights is the company's office application.

  In other words, in the conventional access right management system, the applications for which access rights can be set are limited, and if a specific application is not installed in the information device used by the user, the desired access rights can be set in the electronic document. Can not.

  Further, a conditional access permission method is known as an evaluation method of access right control regarding data (Patent Document 1). A policy distribution method that describes what kind of control is to be performed is also known (Patent Document 2).

  On the other hand, a multifunction device connected to a public network or a network has a function of receiving an electronic document from various external devices via various routes. It has a function of storing received electronic documents in various data formats in an area of a storage device called its own box or transferring it to another information device. In other words, the electronic document received by the multifunction device circulates in the network environment. Therefore, when an access right management system is introduced in an environment such as an office, a multifunction device that accumulates received electronic documents in a box or sends them to a network environment may become a security hole.

JP 2001-184264 JP 2004-166241 A

http://www.adobe.co.jp/products/server/policy/main.html http://office.microsoft.com/en-us/assistance/HA010397891041.aspx

  An object of the present invention is to perform access right control of received data according to transmission source information and a reception method.

  The present invention has the following configuration as one means for achieving the above object.

The information processing according to the present invention is performed by associating and managing an access right ID that specifies an access right indicating an operation right for data and a document ID that specifies the data, and is specified by the document ID based on the document ID. Information processing apparatus that is connected to an access right management server capable of specifying an access right to data to be stored via a network, and can be connected to an information device different from the access right management server via the network or public line an information processing in, receives data from the information apparatus, a document ID for identifying the received data received from the access right managing server, consistent with the predetermined information in the data received; searches the rule that the information processing apparatus is set in the table that holds, the access ID set in the matching rules Transmitted to access right managing server receives the encryption key transmitted from the access right managing server based on the fact that transmitted the access right ID, encrypts the received data using the encryption key to the received, the The document ID is added to the encrypted data and stored in a memory.

  According to the present invention, access right control of received data can be performed according to transmission source information and a reception method.

The figure which shows the structural example of an information processing system, Figure explaining document encryption and adding document ID to encrypted document FIG. 1 is a block diagram showing a configuration example of an information device such as an access right management server, a client, a multifunction peripheral, and a facsimile machine shown in FIG. A flowchart for explaining processing at the time of facsimile reception by the multifunction device; A flowchart showing details of data reception processing; A flowchart showing access right ID extraction processing; A flowchart showing encryption processing; A flowchart showing access right ID extraction processing; Flowchart for explaining processing at the time of e-mail reception by the multifunction machine of the second embodiment, A flowchart showing details of data reception processing; A flowchart showing access right ID extraction processing; A flowchart showing encryption processing; A flowchart showing access right ID extraction processing; A flowchart showing details of data reception processing; A flowchart showing details of the encryption process; A diagram showing a configuration example of a system in the embodiment 4, Block diagram showing a configuration example of a multifunction device, Block diagram showing a configuration example of the software module of the controller, The figure which shows an example of the policy data which an access right management server manages, The figure which shows an example of the electronic document list which an access right management server manages, A diagram showing an example of an electronic document format, The figure which shows an example of the data which the reception rule shown in FIG. 18 hold | maintains, The figure which shows an example of the rule registration screen displayed when registering a reception rule, A flowchart showing an example of processing for setting a policy in a received electronic document; The figure which shows an example of the data which the reception rule of Example 5 holds, The figure which shows an example of the rule registration screen displayed when registering a reception rule, A flowchart showing an example of processing for setting a policy in a received electronic document; It is a figure which shows an example of the reception log | history screen containing the policy setting log | history of the received electronic document.

  Hereinafter, information processing according to an embodiment of the present invention will be described in detail with reference to the drawings. In the following description, an electronic document in which sentences and images that can be read and interpreted by a person are recorded will be described as an access right control and management target. However, it goes without saying that an electronic file in which data such as database data that can be read and interpreted by a computer is also subject to access right control and management.

[System configuration]
FIG. 1 is a diagram illustrating a configuration example of an information processing system.

  The access right management server 1007 provides a function of controlling various access rights (for example, browsing, expiration date, copy, print, change, etc.) for each user for each file.

  For example, the user operates a client computer (hereinafter referred to as “client”) 1005 to create a document, and acquires the document ID of the created document from the access right management server 1007 via the network 1008. Then, the access control ID (policy ID) of the access control method (policy) set by the creator and registered in advance in the access right management server 1007 is designated together with the document ID. The access right management server 1007 registers the document ID, the access control ID, and the decryption key in its own storage area. Then, the encryption key is transmitted to the client 1005 via the network 1008. The client 1005 encrypts the created document (FIG. 2 (a)) with the received encryption key, and the information (host) that identifies the document ID and the access right management server 1007 in the encrypted document (FIG. 2 (b)). Name, IP address, etc.) (Figure 2 (c)). After the encryption is completed, the received encryption key may be deleted.

  A user who wants to refer to a document operates the client 1006 to manage access rights for the document ID of the document and various conditions related to the document reference (user ID, viewing, printing, copying, distribution, etc.) via the network 1008. Send to server 1007. The access right management server 1007 compares the access control method indicated by the access control ID corresponding to the received document ID with the received conditions, and determines whether or not to allow reference to the document. If it is accepted, the decryption key corresponding to the received document ID is transmitted to the client 1006 via the network 1008. The client 1006 deletes the document ID from the document file, and decrypts the encrypted document with the received decryption key.

  The above access right control is not limited to between clients but also between the MFP 1001 and clients.

[Configuration of information equipment]
FIG. 3 is a block diagram illustrating a configuration example of the information device such as the access right management server, the client, the multifunction peripheral, and the facsimile apparatus illustrated in FIG.

  The CPU 11 uses the RAM 12 as a work area, executes an operating system (OS) and various programs stored in the ROM 13 and the hard disk drive (HDD) 14, and controls each configuration described later via the system bus 18. To do. In the case of the access right management server 1007 and the clients 1005 and 1006, the programs stored in the HDD 14 and executed by the CPU 13 include the above-described document creation program, the application program for managing the access right, and the processing program described later. It is.

  The keyboard interface (KB I / F) 15 is connected with input devices such as a keyboard and a mouse. A monitor such as an LCD is connected to the video card 19. The CPU 11 displays a user interface on the monitor. Based on the user interface, the user operates the keyboard and mouse to input commands and data to the CPU 11. In the case of the multifunction machine 1001 and the facsimile machine 1003, a numeric keypad instead of the keyboard, various operation keys, and a monitor are arranged on the operation panel.

  MODEM 16 is an interface with a public network, and NIC 17 is an interface with a network 1008 such as a local area network (LAN). Note that the facsimile machine 1003 may not be equipped with the NIC 17.

[Access right management for received fax documents]
In the case of the system configuration shown in FIG. 1, the access right control described above is established not only between clients but also between the multifunction peripheral 1001 and clients as described above. However, access right control is not established for a document that is not connected to the network 1008 and cannot be communicated with the access right management server 1007 and is transmitted by facsimile from the facsimile apparatus 1003 and received by the multifunction peripheral 1001 or the client.

  Hereinafter, a process for setting the access right of the document received by the MFP 1001 from the facsimile apparatus 1003 via the public line via the public line will be described. Note that the facsimile transmission is not limited to the facsimile apparatus 1003, but may be a client or a multifunction machine connected to a public line. In addition, the facsimile reception is not limited to the multifunction peripheral 1001, but may be any information device (for example, the client 1005 or 1006) that can access the access right management server 1007 via the network 1008.

  The facsimile apparatus 1003 embeds an access right ID (for example, a predetermined character string) designated by the user in the header of the facsimile document to be transmitted, and transmits the facsimile document to a telephone number designated by the user.

  FIG. 4 is a flowchart for explaining processing when the MFP 1001 receives a facsimile.

  The multifunction device 1001 waits until a facsimile is received (S102). When a facsimile is received, data reception processing is performed (S103).

  FIG. 5 is a flowchart showing details of the data reception process. First, the data received by the MODEM 16 is stored in a predetermined area of the HDD 14 (S201). Then, the image portion of the received data is expanded, the image (hereinafter referred to as “received image”) is converted into a file (S202), and the file is stored in a predetermined area of the HDD 14 (S203).

  Next, in FIG. 4, the access right ID designated by the sender is extracted from the received data (S104).

  FIG. 6 is a flowchart showing access right ID extraction processing. A character string is extracted from a predetermined portion of the header of the received data (S204). As the predetermined part of the header, for example, a caller number field may be considered.

  Next, in FIG. 4, it is determined whether or not the extracted character string is correct as the access right ID (S105). If it is not correct, normal reception processing is performed (S106), and the process returns to step S102.

  If the extracted character string is correct as the access right ID, the access right management server 1007 is connected (S107). Then, the access right ID is transmitted to the access right management server 1007 (S108), and a response from the access right management server 1007 is awaited (S109). When the response of the access right management server 1007 indicates “access right ID not registered (NG)”, normal reception processing is performed (S106), and the process returns to step S102.

  If the response of the access right management server 1007 indicates “access right ID already registered (OK)”, it waits to receive a document ID and an encryption key from the access right management server 1007 (S110). When the document ID and the encryption key are received, the encryption process is performed (S111).

  FIG. 7 is a flowchart showing the encryption process. The received image file stored in the HDD 14 is encrypted with the received encryption key (S205). The file before encryption and the encryption key after completion of the encryption process are deleted from the HDD 14 by overwriting or deleting the encrypted key or random number a predetermined number of times.

  Next, in FIG. 4, the document ID is added to the file encrypted in step S111 (S112), the encrypted file with the document ID added is stored in a predetermined area of HDD 14 (S113), and the process goes to step S102. return.

[Modification]
In the above, the example in which the access right ID is embedded in the header defined by the facsimile protocol has been described. However, it is also possible to use nonstandard procedure signals such as NSX for G3 and NSC for G4, which can be used freely by facsimile vendors. In this case, the access right ID is written in NSX for G3 and in NSC for G4.

  In this case, the reception operation differs in the details of step S104 shown in FIG. 4 (FIG. 6). FIG. 8 is a flowchart showing access right ID extraction processing. That is, a character string is extracted from an area that can be freely used by the vendor of the received data (S204 ′).

  In this way, even when the information device in the vicinity of the user does not have a specific application that can set the access right or cannot access the access right management server 1007, the access right is set for the document to be transmitted by facsimile. be able to. For example, in the case of the system configuration shown in FIG. 1, the information device is a client or a multifunction device (not shown) that is not connected to the facsimile machine 1003 or the network 1008.

  The information processing according to the second embodiment of the present invention will be described below. Note that the same reference numerals in the second embodiment denote the same parts as in the first embodiment, and a detailed description thereof will be omitted.

[Access right management for email attachments]
When the network 1008 shown in FIG. 1 is connected to a wide area network (WAN) such as the Internet, the clients 1005 and 1006 and the multifunction peripheral 1001 can receive a document attached to an e-mail via the WAN. However, when the information device that sent the electronic mail cannot access the access right management server 1007 , the access right control described above does not hold.

  In the second embodiment, a process for setting the access right of a document attached to an e-mail received by the MFP 1001 via the WAN will be described. The reception of the electronic mail is not limited to the multifunction peripheral 1001, but may be any information device (for example, the client 1005 or 1006) that can access the access right management server 1007 via the network 1008. Note that the processing at the time of e-mail reception described in the second embodiment can be applied to Internet fax reception when the multifunction peripheral 1001 has the Internet fax function.

  FIG. 9 is a flowchart for explaining processing when the MFP 1001 receives an e-mail.

  The multifunction device 1001 waits until an electronic mail is received (S302). When the electronic mail is received, a data reception process is performed (S303).

  FIG. 10 is a flowchart showing details of the data reception process. First, the received e-mail data is stored in a predetermined area of the HDD 14 (S401). Then, the body of the electronic mail is filed (S402), and the body file is stored in a predetermined area of the HDD 14 (S403). Then, it is determined whether there is an attached file (S404). If there is, the attached file is stored in a predetermined area of the HDD 14 (S405).

  Next, in FIG. 9, the access right ID designated by the sender is extracted from the received data (S304).

  FIG. 11 is a flowchart showing access right ID extraction processing. A character string following the subject (Subject field) in the header of the received data is extracted as an access right ID (S411).

  Next, in FIG. 9, it is determined whether or not the extracted character string is correct as the access right ID (S305). If not correct, a normal reception process is performed (S306), and the process returns to step S302.

  If the extracted character string is correct as the access right ID, connection is made to the access right management server 1007 (S307). Then, the access right ID is transmitted to the access right management server 1007 (S308), and a response from the access right management server 1007 is awaited (S309). If the response of the access right management server 1007 indicates “access right ID not registered (NG)”, normal reception processing is performed (S306), and the process returns to step S302.

  If the response of the access right management server 1007 indicates “access right ID already registered (OK)”, it waits to receive a document ID and an encryption key from the access right management server 1007 (S310). When the document ID and the encryption key are received, the encryption process is performed (S311).

  FIG. 12 is a flowchart showing the encryption process. The body file stored in the HDD 14 is encrypted with the received encryption key (S421). Then, it is determined whether or not there is an attached file (S422). If there is, the attached file stored in the HDD 14 is encrypted with the received encryption key (S423). The file before encryption is deleted from the HDD 14 by overwriting or deleting the file with the encrypted file.

  Next, in FIG. 9, the document ID is added to the file encrypted in step S311 (S312), the encrypted file with the document ID added is stored in a predetermined area of HDD 14 (S313), and the process goes to step S302. return. In the flowchart shown in FIG. 4, it is determined whether there is an attached file in the encryption process in step S311. For example, the presence / absence of an attached file may be determined during the data reception process in step S303. . In this case, the access right ID character string extraction process of step S304 is performed only for the e-mail that is determined to have an attached file in step S303. On the other hand, a normal reception process (S306) may be executed for an e-mail that is determined to have no attached file.

[Modification]
In the above embodiment, an example in which the access right ID is specified in the subject field (Subject field) of the e-mail has been described, but other header elements of the e-mail may be used. Another possible method is to write the access right ID in the body of the e-mail.

  In this case, the receiving operation differs in the details of step S304 shown in FIG. 9 (FIG. 11). FIG. 13 is a flowchart showing access right ID extraction processing. First, an identifier of a predetermined access right ID is searched from the body of the e-mail (S511). When the identifier is detected, the character string designated by the identifier is extracted as the access right ID (S512). The character string to be extracted is, for example, a character string immediately after the identifier to a line feed code or immediately before a predetermined code, or a character string of a predetermined length after the identifier.

  In the above-described embodiment, the example in which the access control corresponding to the extracted access right ID is applied to the body of the electronic mail and the attached file has been described. However, when the multifunction peripheral 1001 has a mail transfer function, a print function, a browsing function, etc., it is desirable to control access to the entire received electronic mail data.

  In this case, the receiving operation differs in the details of step S303 (FIG. 10) shown in FIG. 9 and the details of encryption processing S111 (FIG. 12). FIG. 14 is a flowchart showing details of the data reception process, and the entire received email data is stored as a file in a predetermined area of the HDD 14 (S501). FIG. 15 is a flowchart showing details of the encryption process, and encrypts the entire file of electronic mail data with the received encryption key (S431).

  In this way, even if an information device in the vicinity of the user does not have a specific application for which access rights can be set or does not have access to the access right management server 1007, the access right to the body of an email or attached document can be accessed. Can be set. For example, in the case of the system configuration shown in FIG. 1, the information device is a client or a multifunction peripheral (not shown) that is not connected to the network 1008.

  Hereinafter, information processing according to the third embodiment of the present invention will be described. Note that the same reference numerals in the third embodiment denote the same parts as in the first and second embodiments, and a detailed description thereof will be omitted.

  In each of the above-described embodiments, the method for setting the access right ID in the facsimile header in the facsimile communication including Internet fax, or the method for setting the access right ID in the subject field or body of the e-mail has been described. However, on the transmission side, an access right ID may be added to a document to be facsimile-transmitted by an application or a file attached to an e-mail. In this case, the receiving side may perform access control by extracting the access right ID from the file attached to the received e-mail.

  The information processing according to the fourth embodiment of the present invention will be described below. Note that the same reference numerals in the fourth embodiment denote the same parts as in the first to third embodiments, and a detailed description thereof will be omitted.

[System configuration]
FIG. 16 is a diagram illustrating a configuration example of a system according to the fourth embodiment.

  A multifunction peripheral 1001, 1002, an application server 1004, a client 1005, an access right management server 1007, a printer 1009, and the like are connected to a network 1008 such as a LAN.

  The multifunction peripheral 1001 can perform facsimile communication with the facsimile machine 1003 via a public network.

  On the application server 1004, a database (DB) server that stores images read from the original by the multifunction peripherals 1001 and 1002 and a mail server that transmits and receives electronic mail via the WAN operate. The client 1005 connects to the application server 1004, downloads data such as an image stored in the server, and displays it on the monitor. Further, the client 1005 can generate data in a page description language format (PDL data) including images and the like, and can perform printing using the printer 1009 and the multifunction peripherals 1001 and 1002.

[Configuration of MFP]
FIG. 17 is a block diagram illustrating a configuration example of the multifunction peripherals 1001 and 1002.

  The controller 100 is connected to the scanner 200 and the printer 300 to control them, and is connected to the network 1008 and the public network to input / output image data and device information.

  The CPU 103 uses the RAM 107 as a work memory, executes a control program and an image processing program stored in the ROM 108 and the hard disk drive (HDD) 109, and controls each configuration described later via the system bus 101 and the image bus 102. To do. The RAM 107 and the HDD 109 are also used as an image memory for temporarily storing image data.

  An operation unit interface (I / F) 104 is an interface with the operation unit 400, and transmits input (instructions) of a user who operates the operation unit 400 to the CPU 103 and image data to be displayed on the LCD of the operation unit 400. Is output to the operation unit 400.

  A network interface card (NIC) 105 is an interface with the network 1008 and inputs and outputs data and information to and from the network 1008. The MODEM 106 is an interface with the public network and performs facsimile communication via the public network.

  The above configuration is arranged on the system bus 101. The bus bridge 110 is an interface between the system bus 101 and the image bus 102 that transfers image data at a high speed, and bridges the data flow between the system bus 101 and the image bus 102 by converting the data structure. The image bus 102 is configured by a PCI (Peripheral Component Interconnect) bus or a high-speed bus such as IEEE1394.

  Next, a configuration arranged on the image bus 102 will be described. The rendering unit 111 renders (RIP) the PDL data into a bitmap image, and converts information attached to the PDL data into attribute flag data described later that can be used in the controller 100.

  The device I / F 112 is an interface with an image input / output device (such as the scanner 200 and the printer 300), and converts synchronous / asynchronous image data transfer. The device I / F 112 and the image input / output device are connected by a serial bus such as USB (Universal Serial Bus) or IEEE1394.

  The input image processing unit 113 performs correction, processing, and editing processing on image data input from the scanner 200 and image data received from the outside via the NIC 105 in consideration of later printing or image transmission. The intermediate image processing unit 114 performs data compression / decompression processing and image scaling (enlargement / reduction) processing. The output image processing unit 115 performs correction, resolution conversion, and the like corresponding to the printer 300 on the image data to be printed. Note that the intermediate image processing unit 114 JPEG-encodes multi-valued image data and JBIG, MMR, or MH-encodes binary image data.

  Note that image data and attribute flag data, which are rendering results of the rendering unit 111, may be input to the intermediate image processing unit 114 without passing through the input image processing unit 113. Further, as will be described later, when processing image data received from the outside, the attribute flag data assigned according to the image data and the setting from the operation unit 400 does not pass through the input image processing unit 113, but the intermediate image processing unit. It may be input to 114.

  Further, by inserting an IC card medium into the IC card slot 117 and then inputting an appropriate PIN (Personal Identifier Number) code into the operation unit 400, key information used for encryption and decryption can be input / output. The encryption / decryption unit 116 is a hardware accelerator card that encrypts and decrypts data using key information of the IC card medium.

  FIG. 18 is a block diagram illustrating a configuration example of a software module of the controller 100. Note that the software executed by the CPU 103 of the controller 100 is implemented as so-called firmware.

  The OS 3001 is a real-time operating system that provides various resource management services and frameworks optimized for embedded system control to software operating on the OS 3001. Examples of various resource management services and frameworks provided by the OS 3001 include the following.

  Multitask management (thread management) for managing a plurality of execution contexts of processing by the CPU 103, thereby causing the plurality of processes to operate substantially in parallel. Inter-task communication that enables synchronization and data exchange between tasks. Memory management. Interrupt management. Various device drivers, protocol stacks that implement processing of various protocols such as local interface, network and communication.

  The controller platform 3002 includes a file system 3003 and a job device control 3004. The file system 3003 is a mechanism for storing data constructed in the HDD 109, the RAM 107, etc., and is used for spooling jobs handled by the controller 100 and storing various data. The job device control 3004 controls the hardware of the multifunction peripheral, and also controls jobs that use basic functions (print, scan, communication, image conversion, etc.) provided mainly by the hardware of the multifunction peripheral.

  The application 3006 is an embedded application that inputs and outputs images and text data via the network 1008 and the public network using a mechanism provided by the OS 3001 and the controller platform 3002. As main mechanisms of the application 3006, there are a transmission management 3007 that integrally manages transmission jobs, and a reception management 3008 that integrally manages reception jobs.

  The transmission management 3007 includes an Internet fax (I-FAX) transmission 3009, a FAX transmission 3010, an FTP transmission 3011, and an Email transmission 3012, and controls a transmission job. The reception management 3008 includes an I-FAX reception 3013, a FAX reception 3014, an FTP reception 3015, and an email reception 3016, and controls a reception job. As a mechanism for assisting such transmission / reception, there is an address book 3017 for managing a destination mail address and URI (Uniform Resource Identifier). Further, there are a reception rule 3018 for managing processing rules at the time of reception, a history management 3019 for managing transmission / reception history, a setting management 3020 for managing various setting information, and the like.

[Policy Data]
FIG. 19 is a diagram showing an example of policy data managed by the access right management server 1007.

  The policy data includes a policy ID that identifies the policy, a policy name 4002 that is a character string for the user to identify the policy, a UID / GID that records the user ID and group ID to which the policy is applied, and permission for each UID and GID. A field indicating the authorized authority is provided. In the authority field, there are bits indicating permission / denial of reading, editing, and printing of data. With this policy data, what kind of data operation is permitted for a user or group can be set for each policy. Note that the access control method and the access control ID of the first embodiment correspond to a policy and a policy ID, respectively.

[Electronic Document List]
FIG. 20 is a diagram showing an example of an electronic document list managed by the access right management server 1007.

  The electronic document list shows a correspondence relationship between the document ID and the policy ID, and can refer to which policy is applied to which document.

[Electronic document format]
FIG. 21 is a diagram showing an example of an electronic document format.

  The file header 6001 indicates information (specific character string) for identifying the electronic document format. Version 6002 represents a version of the electronic document format. A document ID 6003 indicates a unique identification ID for the electronic document, and is used to determine a policy to be applied to the electronic document. The data length 6004 represents the amount of data stored in the data portion 6005. The data portion 6005 is the document data itself, but is encrypted with an encryption key issued by the access right management server 1007.

[Reception rules]
FIG. 22 is a diagram illustrating an example of data held by the reception rule 3018 illustrated in FIG.

  The rule ID is a unique identification ID for each rule and is used for internal management. The rule name is an arbitrary character string for the user to identify the rule. The receiving means indicates which of a plurality of receiving means such as I-FAX reception 3013, FAX reception 3014, FTP reception 3015, and Email reception 3016 is targeted.

  The comparison attribute indicates which of various attributes included in the received job, such as a caller ID and a transmission address, are to be compared. The comparison value represents a value for comparing the attribute specified as the comparison attribute with the received job. The expression represents a value comparison method, and is selected from comparison methods such as “equal to”, “ends with”, and “starts with”.

  The transfer destination represents the transfer destination of the electronic document when the received job matches the conditions indicated by the receiving means, the comparison attribute, the comparison value, and the expression. Similarly, the policy ID represents a policy ID set for the electronic document when the condition matches. The policy name is a character string for the user to identify the policy. The multi-function peripheral acquires the policy ID and policy name by communicating with the access right management server 1007.

  The user name and password represent authentication information used when the multifunction peripheral communicates with the access right management server 1007.

  FIG. 23 is a diagram illustrating an example of a rule registration screen displayed on the operation unit 400 or the like by the CPU 103 when a rule is registered in the reception rule 3018.

  The rule shown in FIG. 23 sets a policy corresponding to the policy name “manager” in the electronic document when the caller number of the received facsimile is equal to “123456789”. Then, the electronic document with the policy set is transferred to the path name “// server / honsya” by the file transfer protocol (ftp).

[Access right control]
FIG. 24 is a flowchart showing an example of processing for setting a policy for a received electronic document, which is executed by the CPU 103.

  First, the occurrence of a reception job is detected (S901), and when the data reception is completed (S902), the format of the received electronic document is determined (S903). If the electronic document has the format shown in FIG. 21, the process proceeds to S905. However, if the received document is MMR, MH, or JBIG encoded by facsimile, the format is converted and a document ID is generated (S904). The document ID may be acquired from the access right management server 1007 or the like. Similarly, if the file attached to the received e-mail does not have a predetermined format (a format that does not correspond to the policy setting), the process of step S904 is performed in the same manner.

  Next, the number R of registered rules is acquired from the reception rule 3018, and the counter n is initialized to 0 (S905). Then, R> n is determined (S906). If R ≦ n, the reception rule is not met, a default reception process is performed (S907), and the process ends. Note that the default reception processing is performed in advance, such as printing an electronic document or storing it in the file system 3003 in the setting management 3020.

  On the other hand, if R> n in step S906, the nth rule is acquired (S908), and it is determined whether or not the received job matches the conditions of the acquired rule (S909). If not, the counter n is incremented (S910), and the process returns to step S906.

  On the other hand, if the received job matches the conditions of the acquired rule, the information of the access right management server 1007 is acquired from the setting management 3020, and connection to the access right management server 1007 is attempted (S911). If the connection fails, the electronic document is stored in a save folder prepared in advance in the file system 3003 when an error occurs (S913), and the process ends.

  On the other hand, if the connection to the access right management server 1007 is successful, the document ID is extracted from the electronic document (S914), and the policy ID and the user authentication information set in the nth rule are acquired (S915). Then, the document ID, policy ID, and user authentication information are transmitted to the access right management server 1007 (S916). Then, the response of the access right management server 1007 is determined (S917), and if the policy setting fails, the electronic document is stored in the save folder at the time of occurrence of an error prepared in the file system 3003 (S913), The process ends.

  If the policy setting is successful, the electronic document is encrypted with the encryption key included in the response of the access right management server 1007 (S918), and the encrypted electronic document is transferred to the transfer destination set in the nth rule. Send or save in a box (S919) and end the process.

  The success or failure of the policy setting can be determined by decrypting the response of the access right management server 1007. However, if the encryption key is attached to the response, it is determined to be successful. May be. Further, after transmitting the encrypted electronic document, the electronic document before and after encryption is deleted.

  Further, the CPU 103 challenges the policy setting again after a predetermined time has elapsed for the electronic document stored in the error saving folder after the connection to the access right management server 1007 or the policy setting has failed. Alternatively, the system administrator or the administrator of the multifunction device may periodically check the error saving folder, and if there is a stored electronic document, the CPU 103 may be instructed to reset the policy at that time. Of course, it is preferable that the CPU 103 notifies the administrator's client terminal of the failure.

  The access right of the electronic document is desirably set by the creator of the document according to the nature of the document, but there are cases where no access right is set for the electronic document received from the public network or the network. If a uniform access right is set in an electronic document, the mechanism is inflexible, and the access right intended by the user cannot be set, which is inconvenient. On the other hand, according to the fourth embodiment, the access right corresponding to the electronic document receiving means and the sender information is set in the electronic document. In addition, the electronic document can be transferred to a destination according to the means for receiving the electronic document and the sender information, or distributed in a multi-function device box (specific storage area). can do.

  Hereinafter, information processing according to the fifth embodiment of the present invention will be described. Note that the same reference numerals in the fifth embodiment denote the same parts as in the first to fourth embodiments, and a detailed description thereof will be omitted.

[Reception rules]
FIG. 25 is a diagram illustrating an example of data held by the reception rule 3018 of the fifth embodiment, and an overwrite field is added. When the overwrite field is set to “Yes”, the access right of the electronic document is overwritten (updated) according to the reception rule when the received job matches the rule and the access right is set for the electronic document of the received job. )

  FIG. 26 is a diagram illustrating an example of a rule registration screen displayed on the operation unit 400 or the like by the CPU 103 when a rule is registered in the reception rule 3018.

  The rule shown in FIG. 26 sets a policy corresponding to the policy name “manager” in the electronic document when the sender address (From :) of the electronic mail is equal to “honsya@aaa.com”. Then, the electronic document with the policy set is transferred to the path name “// server / honsya” by the file transfer protocol (ftp). At this time, if the access right is already set in the received electronic document, the rule is to overwrite the access right.

[Access right control]
FIG. 27 is a flowchart illustrating an example of processing for setting a policy for a received electronic document according to the fifth embodiment, which is executed by the CPU 103. The same processes as those in FIG. 24 are denoted by the same reference numerals, and detailed description thereof is omitted.

If the connection to the access right management server 1007 is successful in step S912, the document ID is extracted from the electronic document and transmitted to the access right management server 1007 to inquire about the policy setting state (S921). Then, the determination of the policy setting unset (S922), the policy in the document ID is performing Step S 915 and subsequent steps if not set, with reference to the override field of n-th rule if preset It is then determined whether to overwrite the policy (S923). When overwriting, the processing from step S915 is executed, and when not overwriting, the electronic document is transferred to the transfer destination set in the nth rule (S919).

  As described above, it is possible to set whether to give priority to the access right set by the creator of the electronic document or to give priority to the rule set to the information device that has received the electronic document, by the overwrite field.

[Reception History]
FIG. 28 is a diagram showing an example of a reception history screen including a policy setting history of a received electronic document, which is displayed on the operation unit 400 by the CPU 103.

  The policy assignment field indicates the policy setting status of the electronic document, “rule priority” indicates that the policy is set according to the reception rule, and “original priority” indicates that the existing policy is left. Further, “-” indicated by reference numeral 1302 indicates that the reception rule is not matched, and “NG” indicated by reference numeral 1303 indicates that connection to the access right management server 1007 or policy setting has failed.

  The administrator of the system or information device can grasp and track how the policy is set for the received electronic document with reference to the reception history screen.

[Other embodiments]
Note that the present invention can be applied to a system including a plurality of devices (for example, a host computer, an interface device, a reader, and a printer), and a device (for example, a copying machine and a facsimile device) including a single device. You may apply to.

  Another object of the present invention is to supply a storage medium (recording medium) that records software for realizing the functions of the above embodiments to a system or apparatus, and a computer (CPU or MPU) of the system or apparatus executes the software. Is also achieved. In this case, the software itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the software constitutes the present invention.

  In addition, the above functions are not only realized by the execution of the software, but an operating system (OS) running on a computer performs part or all of the actual processing according to the instructions of the software, and thereby the above functions This includes the case where is realized.

  In addition, the software is written in a function expansion card or unit memory connected to a computer, and the CPU of the card or unit performs part or all of the actual processing according to instructions of the software, thereby This includes the case where is realized.

  When the present invention is applied to the storage medium, the storage medium stores software corresponding to the flowchart described above.

Claims (4)

The access right ID that specifies the access right that indicates the right to operate the data is associated with the document ID that specifies the data, and the access right to the data specified by the document ID is specified based on the document ID. An information processing method in an information processing apparatus that is connected to an access right management server capable of being connected via a network and is capable of connecting to an information device different from the access right management server via the network or a public line ,
The receiving unit of the information processing apparatus receives data from the information device , receives a document ID specifying the received data from the access right management server,
The transmission means of the information processing device searches for a rule set in a table held by the information processing device that matches predetermined information in the received data , and accesses set in the matching rule A right ID to the access right management server ,
The receiving means receives the encryption key transmitted from the access right managing server based on the fact that transmitted the access right ID,
The encryption unit of the information processing apparatus encrypts the received data using the received encryption key,
A storage unit of the information processing apparatus adds the document ID to the encrypted data and stores it in a memory. Further, the conversion unit of the information processing apparatus, when the received data is not a predetermined format, to claim 1, wherein the conversion of the received data before the encryption to the predetermined format Information processing method described. The access right ID that specifies the access right that indicates the right to operate the data is associated with the document ID that specifies the data, and the access right to the data specified by the document ID is specified based on the document ID. An information processing apparatus that is connected to an access right management server capable of being connected via a network, and that can be connected to an information device different from the access right management server via the network or a public line,
One receiving means for receiving data from the information device ;
Two receiving means for receiving a document ID specifying data received by the one receiving means from the access right management server;
And search means for searching for a match with the predetermined information in the data to which the first receiving means has received, the information processing apparatus is set in the table that holds the rule,
Transmitting means for transmitting the access right ID set in the matching rule detected by the search means to the access right management server ;
Three receiving means for receiving an encryption key transmitted from the access right management server based on the transmission means transmitting the access right ID ;
Encryption means for encrypting data received by the one receiving means using an encryption key received by the three receiving means ;
The data to which the encryption means are encrypted, the information processing apparatus characterized by having a storage means for storing in the memory by adding a document ID which the second receiving means receives. 3. A program for controlling an information processing apparatus to execute the information processing described in claim 1 or claim 2 .

Images