JP2010073087A - Information processor and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To manage a policy for expressing use restriction on a document. <P>SOLUTION: A label holding part 100 of a policy server 10 stores information about a label added to the policy. A policy registration part 150 receives designation of a label to be added to the policy and setting information indicating a content of the policy and registers a record of the policy including a label ID of the designated label and a policy ID newly generated to the policy holding part 110. The content of the record of the policy newly registered is set according to the received setting information. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an information processing apparatus and a program.

  There is a technique for restricting the use of a document in accordance with a security policy set for the document. The security policy represents, for example, the type of operation permitted or prohibited for each user or user group, the valid period during which use of a document is permitted, and the like.

  Patent Document 1 discloses a technique for managing a plurality of documents including an electronic document and a paper document with the same policy. In the system described in Patent Document 1, unified policy rules are set for a plurality of documents, and a security server that manages the policy rules determines whether or not the documents can be used.

  For example, Patent Literature 2 discloses a technique for suppressing generation and registration of security policies having similar contents. In the technique described in Patent Document 2, the similarity between the input policy information and the policy information registered in the policy management unit is determined according to a specific condition, and the policy information is similar to the input policy information. Are registered in the policy management unit, the similar policy information is displayed in a list.

JP 2005-38371 A JP 2007-233610 A

  In a system that allows a general user who is not a system administrator to register a security policy, it may be desired to manage which user registers what security policy.

  The invention according to claim 1 refers to a label information storage unit that stores label information indicating a classification of use restriction information indicating a use restriction policy for information to be used, and responds to a registration request specifying the use restriction policy. Usage restriction information registration means for registering usage restriction information indicating the usage restriction policy specified in the registration request in the usage restriction information storage means, wherein the label information is associated with the label information. Including information representing a registration-permitted user who is permitted to register restriction information in the use restriction information registration unit, and the use restriction information registering unit includes a use representing the specified use restriction policy. Use the restriction information in association with the label information specified by the requester among the label information including the requester who made the registration request as the registration-permitted user. Registered in the limit information storing means, it is an information processing apparatus according to claim.

  The invention according to claim 2 is the invention according to claim 1, wherein the label information includes a naming rule indicating a rule of a name that can be given to the use restriction information associated with the label information, and the use The restriction information registration means further receives an input of a name of usage restriction information representing the specified usage restriction policy from the registration requester, and the naming rule includes the received name in the designated label information The received name is registered in the use restriction information storage means as the name of the use restriction information indicating the specified use restriction policy.

  The invention according to claim 3 is the invention according to claim 2, wherein the naming rule is similar to the name of the usage restriction information registered in the usage restriction information storage means in association with the label information including the naming rule. This rule prohibits the assignment of names.

  The invention according to claim 4 is the invention according to claim 2, wherein the naming rule includes a name of usage restriction information registered in the usage restriction information storage means in association with the label information including the naming rule. This rule prohibits the granting of

  According to a fifth aspect of the present invention, in the invention according to any one of the first to fourth aspects, the designated registration-permitted user is indicated in response to a registration request for label information designating the registration-permitted user. Label information registration means for registering label information including information in the label information storage means is further provided.

  The invention according to claim 6 is the invention according to any one of claims 1 to 5, wherein the use restriction information stored in the use restriction information storage means, label information associated with the use restriction information, Output means for associating and outputting.

  The invention according to claim 7 is a registration that specifies a use restriction policy by referring to label information storage means for storing label information representing a classification of use restriction information representing a use restriction policy for information to be used in a computer. In response to the request, a use restriction information registration step of registering use restriction information indicating a use restriction policy specified in the registration request in a use restriction information storage unit is executed, and the label information is associated with the label information. Information indicating a registered authorized user who is permitted to register the use restriction information registered in the use restriction information registration means, and in the use restriction information registration step, the specified use restriction information Designated by the requester among the use restriction information indicating the policy and the label information including the requester who made the registration request as the registration-permitted user. And label information, and registers the usage restriction information storing unit in association with a program, characterized in that.

  According to the first or seventh aspect of the invention, it is possible to manage which type of usage restriction information is registered by which user.

  According to the invention which concerns on Claim 2, a name can be provided with respect to use restriction information according to the preset naming rule.

  According to the third aspect of the invention, registration of a plurality of usage restriction information having names similar to each other can be prohibited.

  According to the invention which concerns on Claim 4, registration of the use restriction information which has a name including the name of the registered use restriction information can be prohibited.

  According to the invention which concerns on Claim 5, the user who can register the utilization restriction information of a certain classification | category can be designated.

  According to the invention which concerns on Claim 6, utilization restriction information and its label information can be matched and shown to a user.

  FIG. 1 shows an example of a schematic configuration of a system that manages the use of documents. The system illustrated in FIG. 1 has a configuration in which a policy server 10, protected document registration apparatuses 20 and 22, and protected document utilization apparatuses 30 and 32 are connected to each other via a network 40.

  FIG. 2 shows a schematic example of the internal configuration of the policy server 10. The policy server 10 manages a security policy (hereinafter simply referred to as “policy”) set for a document used in the system and a relationship between the document and the policy. The policy server 10 includes a label holding unit 100, a policy holding unit 110, a document information holding unit 120, a label registration unit 130, an administrator authentication unit 140, a user management unit 142, a policy registration unit 150, a naming rule determination unit 160, a policy application Unit 170, policy reference unit 172, and operation availability determination unit 180.

  The label holding unit 100 stores information related to labels given to policies. The label represents the classification of the policy. In the example of the present embodiment, the policy server 10 assigns one of the labels stored in the label holding unit 100 to each policy to be managed. FIG. 3 shows an example of data contents of the label holding unit 100. The information on one line in the table in the example of FIG. 3 corresponds to information on one label. Referring to FIG. 3, each label includes a label ID (identifier), a label name, a registerable user, and a naming rule. The label ID is identification information unique to the system assigned to each label. The label name is a name of each label given by, for example, an administrator. The registrable user represents a user or a group who is permitted to register the policy with the label in the policy server 10. For example, in the table of the example of FIG. 3, a policy assigned the label with the label ID “PL-00120” can be registered in the policy server 10 by a user belonging to the “HR department” represented by the registerable user. The naming rule represents a name rule that can be set for a policy to which the label is assigned. For example, the naming rule “not including registered name” of the label ID “PL-00120” in the example of FIG. 3 is newly registered when a policy with the label is newly registered in the policy server 10. The policy name indicates that the policy should have the label and should not include the same name as the policy registered in the policy server 10. Further, for example, the naming rule “add employee name to the end of the policy name” of the label ID “PL-00999” in the example of FIG. 3 is that the name of the policy to which the label is assigned registers the policy at the end. Indicates that the employee must have the employee name. As a naming rule, various rules other than those illustrated in FIG. 3 may be used. For example, naming rules such as “does not match already registered name”, “different from registered name by N characters or more”, and “different from registered name by more than a predetermined ratio” can be considered. . For example, the naming rule is set to a rule such that a similar name is not given between policies to which the label is assigned.

  Note that the table in the example of FIG. 3 is merely an example of the data contents of the label holding unit 100. For example, if a set of label IDs and registrable users is stored, other items need not be set. Further, if there are items necessary for management purposes, information other than the items illustrated in FIG. 3 may be stored for each label. For example, the date and time when each label was registered, the identification information of the administrator who registered each label, and the like are stored.

  Referring again to FIG. 2, the policy holding unit 110 stores information related to policies that are managed by the policy server 10. FIG. 4 shows an example of data contents of the policy holding unit 110. The information of each record r1, r2 in the table of the example of FIG. 4 represents information related to one policy. Referring to FIG. 4, each policy record includes items of label ID, policy ID, policy name, creator, and usage restriction. The label ID is a label ID of a label assigned to the policy and is set to one of the label IDs of the labels stored in the label holding unit 100 described above. The policy ID is identification information unique within the system assigned to the policy. The policy name is a name given to the policy by a user or the like. The policy name is set according to the naming rule if a naming rule is set in the label attached to the policy. The creator represents a user who created the policy and registered it in the policy server 10. The use restriction represents the contents of the use restriction of the document for which the policy is set. The items of usage restriction include sub-items of target, permitted operation, valid period, and operational restriction. The target represents an execution subject of the operation on the document, and is represented by user or group identification information. The permitted operation item represents the type of operation permitted for the user or group represented by the corresponding “target”. The types of operations include, for example, application (applying the policy to a document), browsing of electronic documents, editing, printing, copying of paper documents, and scanning. The effective period represents a period during which the user or group represented by the corresponding “target” can use the document in which the policy is set. For example, the validity period “five years from the registration date” indicates that the document in which the policy is set can be used for five years from the date when the document is registered in the policy server 10. The operational restriction item represents the content of processing performed when the user or group represented by the corresponding “target” executes a specific type of operation. In the record r1 in the table of the example of FIG. 4, the operational restriction associated with each of the target “registrant” and “HR department” “prints the confidential mark when printing” is set in the policy of the record r1. This means that when a user corresponding to a “registrant” and a “personnel department” prints an electronic document, the electronic document is printed with an external secret mark superimposed.

  In addition, the specific aspect of the data content of the policy holding | maintenance part 110 is not restricted to the table | surface illustrated in FIG. For example, in the example of FIG. 4, “Allowed operation” is set for each “target” user or group in the policy use restriction item. In all of the types of operations that can be performed on a protected document, permission or prohibition may be explicitly set. Alternatively, for example, in the policy, a list of types of operations prohibited for the subject represented by “target” may be set, and execution of types of operations not included in this list may be permitted. .

  Referring to FIG. 2 again, the document information holding unit 120 stores information on the protected document for which the policy is set. FIG. 5 is an example of the data contents of the document information holding unit 120. One row of the table in the example of FIG. 5 is a record representing information related to one protected document. Referring to FIG. 5, the document information holding unit 120 stores a policy ID, a registration date, and a registrant in association with the document ID of each document. The document ID is identification information unique within the system assigned to each protected document. The policy ID is a policy ID of a policy set for each protected document, and is one of the policy IDs of the policies stored in the policy holding unit 110. The registration date represents the date when the corresponding protected document is registered in the policy server 10. Instead of simply storing the registration date, the registration date and time may be stored. The registrant represents a user who has registered the corresponding protected document in the policy server 10.

  Returning to the description of FIG. 2, the label registration unit 130 performs a process of newly registering a label in the label holding unit 100. For example, the label registration unit 130 receives a label registration instruction from the administrator, generates a new label ID, and associates the label content set by the administrator with the label ID (label name, registerable user, And a naming rule) are registered in the label holding unit 100.

  The administrator authentication unit 140 performs authentication processing for the system administrator. For example, the administrator authentication unit 140 stores in advance a combination of an administrator ID and password in a storage device (not shown), and inputs the input ID and password and the administrator ID and password stored in the storage device. To determine whether the operator who has input the ID and password is an administrator. For example, the administrator authentication unit 140 performs an authentication process when the label registration unit 130 is requested to determine whether or not the operator who issued the label registration instruction is an administrator.

  The user management unit 142 manages information related to a user registered in advance as a system user. For example, the user management unit 142 refers to a user information database (not shown), performs user authentication processing, or acquires a list of user IDs of users belonging to a specific group.

  The policy registration unit 150 registers a policy in the policy holding unit 110. For example, after requesting the user management unit 142 to authenticate the user, the policy registration unit 150 receives an input for designating the label and policy content stored in the label holding unit 100, and receives the specified label. Records corresponding to the assigned policy are registered in the policy holding unit 110. If a policy naming rule is set for the specified label, the naming rule determining unit 160 is requested to determine whether or not the policy name input by the user complies with the naming rule. If the policy name conforms to the naming rule, the designated policy name is set in the policy name field of the corresponding record in the policy holding unit 110. If the policy name does not conform to the naming rule, the user is prompted to input another name. .

  In response to a request from the policy registration unit 150, the naming rule determination unit 160 determines whether or not the policy name input by the user conforms to the naming rule set by the label specified by the user.

  The policy application unit 170 sets a policy for a document in response to a protected document registration request from the protected document registration devices 20 and 22, and registers information that associates the document with the policy in the document information holding unit 120. . In registering a protected document, for example, when the policy application unit 170 receives an inquiry about an applicable policy from the protected document registration devices 20 and 22, the policy application unit 170 requests the policy reference unit 172 to search for a policy. The list of policies of the received search result is returned to the protected document registration apparatuses 20 and 22. Thereafter, the policy ID of the policy selected by the user from the policy list and the document ID of the document in which the policy is set are received from the protected document registration apparatuses 20 and 22, and the record corresponding to the document is stored in the document information. Register in the holding unit 120.

  The policy reference unit 172 searches for a policy satisfying the search condition from the policy holding unit 110 according to the specified search condition. The policy reference unit 172 also refers to the label holding unit 100 and acquires the label name of the label given to the policy of the search result.

  The operation availability determination unit 180 refers to the document holding unit and the policy holding unit 110 in response to an operation availability determination request from the protected document utilization devices 30 and 32, and determines whether or not to execute an operation on the protected document. For example, the operation availability determination request includes the document ID of the target protected document, the type of operation, and the user ID of the user who wants to execute the operation. The operation availability determination unit 180 is associated with the document ID in the document holding unit. The policy ID is acquired, and whether or not the operation can be executed is determined based on the content of the record in the policy holding unit 110 corresponding to the policy ID, the operation type, and the user ID.

  It should be noted that all the functions of each part of the policy server 10 described above may be realized by a single information processing apparatus, or may be realized by being distributed to a plurality of information processing apparatuses. For example, the administrator authentication unit 140 or the user management unit 142 may be realized by a server computer that can communicate with an information processing apparatus in which functions of other units are realized. Further, for example, a part or all of the label holding unit 100, the policy holding unit 110, and the document information holding unit 120 may be realized in a storage device that can be referred to from an information processing device in which functions of other units are realized. .

  Referring again to FIG. 1, the protected document registration apparatuses 20 and 22 are apparatuses that set a policy for a document for which no policy is set (unprotected) and register it as a protected document in the policy server 10. The protected document registration apparatuses 20 and 22 acquire a list of policies applicable to the document from the policy server 10 and associate the policy selected by the user from the list with the target document and register the policy in the policy server 10. Process. For example, the protected document registration apparatuses 20 and 22 transmit a protected document registration request including a set of the policy ID of the selected policy and the document ID of the target document to the policy server 10. The set of the policy ID and the document ID is registered in the document information holding unit 120. The protected document registration apparatuses 20 and 22 may be a computer such as a PC (personal computer) or an image forming apparatus having an image forming function such as a scanner function or a printing function.

  The protected document registration apparatus 20 which is a PC generates a protected electronic document by designating an unprotected electronic document and setting a policy. Further, for example, the protected document registration apparatus 20 sets a policy for an unprotected electronic document and causes the printer to print the electronic document to generate a protected paper document. A document ID is printed on the paper document printed at this time together with the contents of the document. The document ID is printed in a machine-readable format such as a barcode or QR code. As will be described later, the printed document ID is used to determine whether or not the operation can be performed when an operation is performed on the paper document in the protected document using apparatus 32 that is an image forming apparatus.

  For example, the protected document registration apparatus 22 as an image forming apparatus sets a policy for image data obtained by reading an unprotected paper document with a scanner, and generates a protected electronic document. Alternatively, the protected document registration device 22 performs a copy operation on an unprotected paper document and sets a policy to generate a protected paper document. In the paper document generated here, the document ID of the document is printed in a machine-readable format in the same manner as in the above-described example of printing a protected paper document by printing an electronic document.

  In the description of the example of the present embodiment, the term “protected document” refers to a protected electronic document or a protected paper document generated by the protected document registration apparatuses 20 and 22 as described above.

  The protected document using devices 30 and 32 execute an operation on the protected document for which the policy is set. When the protected document using devices 30 and 32 receive an instruction to execute an operation on the protected document from the user, the protected document using devices 30 and 32 request the policy server 10 to determine whether or not the operation can be executed, and the execution is permitted. Only when it is determined, the operation is executed. The protected document using devices 30 and 32 may be PCs or image forming devices.

  The protected document utilization apparatus 30 that is a PC executes operations such as browsing, editing, transmission as an email attachment, and printing on the protected electronic document.

  The protected document utilization device 32, which is an image forming device, executes operations such as copying, scanning, and FAX (facsimile) transmission on the protected paper document. When the protected document utilization apparatus 32 is instructed to execute an operation on a protected paper document, the protected document utilization apparatus 32 first reads the paper document with a reading device such as a scanner to obtain image data. Then, the document ID of the document is specified from the code representing the document ID in the image data, and the policy server 10 is inquired of whether or not the operation can be executed using the specified document ID.

  The operation of the system of the example of this embodiment will be described below.

  FIG. 6 is a sequence diagram illustrating an example of an operation related to new registration of a label to the label holding unit 100. Referring to FIG. 6, first, the operator is the system administrator at a terminal (not shown in FIG. 1, hereinafter referred to as “operator side terminal”) connected to the policy server 10. Is entered, and the operator side terminal transmits the entered administrator authentication information to the label registration unit 130 of the policy server 10 (step S10). The operator side terminal may be a client terminal realized by, for example, a general-purpose computer. The label registration unit 130 passes the received administrator authentication information to the administrator authentication unit 140 and requests an authentication process (step S12). The administrator authentication unit 140 performs an authentication process using the administrator authentication information acquired from the label registration unit 130, and returns an authentication result (OK or NG) to the label registration unit 130 (step S14). The authentication result is further transmitted from the label registration unit 130 to the operator side terminal (step S16). If the authentication result by the administrator authentication unit 140 is OK, the processing on and after step S18 can be executed in the operator side terminal. The operator side terminal receives the input of the label name from the operator, and transmits the input label name to the label registration unit 130 (step S18).

  Next, in order to set a user who can register a newly registered label, the operator side terminal accesses the user management unit 142 via the label registration unit 130 and makes a search request for information on users and groups of the system. . The user management unit 142 transmits, for example, a list of user groups in the system and a list of users belonging to each group to the operator terminal via the label registration unit 130 (step S20).

  With reference to the list of groups and users acquired from the user management unit 142 and displayed on the display unit of the operator side terminal, the operator inputs information for setting a registerable user to the operator side terminal. The operator may further input information for setting the naming rule of the policy assigned the label to be newly registered to the operator side terminal. The naming rule setting information is input by, for example, causing the label registration unit 130 to display a list of naming rules prepared in advance on the display unit of the operator side terminal, and selecting the naming rule in the list by the operator side terminal. It is done by accepting. The operator side terminal transmits the registerable user and the naming rule setting represented by the input information to the label registration unit 130 (step S22).

  The label registration unit 130 that has received the setting of the registerable user and the naming rule generates a new label ID, associates the label ID with the label ID, and receives the label name received in step S18 and the registerable user received in step S22. The naming rule is registered in the label holding unit 100 (step S24). When the registration of the label in the label holding unit 100 is completed, the label registration unit 130 notifies the operator side terminal of the registration completion (step S26).

  Note that the label registration unit 130 may set a naming rule for the label name in advance and accept only the label name according to the naming rule in step S18. For example, a naming rule that prohibits the assignment of a label name that matches a label name registered in the label holding unit 100 is set in advance.

  Next, an operation related to new registration of a policy in the policy holding unit 110 will be described with reference to FIG. First, in the operator side terminal, an operator who becomes a policy registrant inputs registrant authentication information which is his / her authentication information. The operator side terminal transmits the entered registrant authentication information to the policy registration unit 150 of the policy server 10 (step S30). The policy registration unit 150 passes the registrant authentication information received from the operator side terminal to the user management unit 142 and requests a user authentication process (step S32). Upon receiving this request, the user management unit 142 performs user authentication processing, identifies the registrant (operator) user ID, and returns the identified user ID to the policy registration unit 150 as an authentication result (step S34). The policy registration unit 150 that has acquired the user ID of the registrant requests the user management unit 142 to search for information regarding the group to which the user with this user ID belongs, and the user management unit 142 receives the identification information of the group to which the user belongs. Is received as a search result (step S36).

  Next, the policy registration unit 150 refers to the label holding unit 100 and acquires a list of labels in which the user ID of the registrant or the identification information of the group to which the registrant is set as a registerable user. Then, the acquired list of labels is transmitted to the operator side terminal as a list of labels that can be assigned to the newly registered policy, and the list of labels that can be assigned is displayed on the display means on the operator side terminal, and the operator (Step S38). If a label for which the user ID of the registrant or the identification information of the group to which the registrant is set as a registrant user does not exist in the label holding unit 100, the policy that the registrant is not permitted to register the policy The registration unit 150 determines and the subsequent processing is not executed.

  The operator selects and designates one label from the list of labels that can be given, and the operator terminal that accepts this designation transmits the label ID of the designated label to the policy registration unit 150 (step S40). ). Furthermore, in the operator side terminal, the input of the policy name by the operator is accepted, and the input policy name is transmitted to the policy registration unit 150 (step S42).

  When the naming rule is set in the label specified in step S40, the policy registration unit 150 displays the policy name acquired in step S42 and the naming rule in the label specified in step S40. And a determination is made as to whether or not the policy name conforms to the naming rule (step S44). Upon receiving this request, the naming rule determination unit 160 determines whether or not the policy name is a name according to the command rule (step S46). For example, when the label with the label ID “PL-00120” in the table of the example of FIG. 3 is designated in step S40, the naming rule is “not including the name already registered”, and therefore the naming rule determination unit 160 Obtains the policy name of the record including the same label ID “PL-00120” from the policy holding unit 110, and whether or not the policy name requested for determination includes any of the policy names obtained from the policy holding unit 110. Determine whether. If either is included, the determination result is NG, and if neither is included, the determination result is OK. In the case of the label with the label ID “PL-00999” in the example of FIG. 3, the naming rule is “add employee name to the end of the policy name”, so the employee name of the registrant is included at the end of the input policy name. If it is determined, the determination result is OK, and if the employee name is not included, the determination result is NG. The determination result (OK or NG) in step S46 is transmitted to the operator side terminal via the policy registration unit 150 (step S48). If the determination result is NG, the processes in steps S42 to S48 are repeated until the determination result in step S46 becomes OK.

  When the determination result in step S46 is NG, the policy registration unit 150 may transmit information prompting the registrant to input the policy name according to the naming rule together with the determination result to the operator side terminal.

  If the naming rule is not set in the label specified in step S40, or if the determination result in step S46 is OK, search for information on users and groups and the search result to set policy contents Is presented to the registrant (step S50). For example, the user management unit 142 transmits a list of user groups of the system and a list of users belonging to each group to the operator side terminal via the policy registration unit 150, and these lists are stored in the operator side terminal. Displayed on the display means. The registrant refers to these lists and inputs information for setting which type of operation is permitted for which user or group to the operator side terminal. For example, if the policy holding unit 110 has the data contents of the table in the example of FIG. 4, information indicating the contents of the subordinate items of “target” and “permitted operations” of the use restriction items is input. It will be. Furthermore, if there is necessary setting information in addition to the set of the operation execution subject and the permitted operation type, the registrant also inputs the setting information. For example, information representing the contents of “valid period” and “operational restrictions” in the table of the example of FIG. 4 is input. As described above, when receiving the input of the setting information indicating the contents of the policy, the operator side terminal transmits the input setting information to the policy registration unit 150 (step S52).

  Upon receiving the setting information, the policy registration unit 150 generates a new policy ID, and newly registers a record of the generated policy ID in the policy holding unit 110. The label ID value of the newly registered record is set to the label ID of the label specified in step S40, the policy name value is acquired in step S42, and the determination result of the naming rule determination unit 160 is OK. Policy name is set. As the creator, the user ID of the registrant acquired in step S34 is set. Further, the value of the use restriction item is set according to the setting information acquired in step S52 (step S54).

  When the registration of the policy in the policy holding unit 110 is completed, the policy registration unit 150 notifies the operator side terminal of the registration completion (Step S56).

  The label registration and policy registration in the policy server 10 have been described above. According to the operation of the example of FIGS. 6 and 7, a list of labels in which a user or a group permitted to register a policy to which the label is assigned is set by a label, and the registrant is permitted to be assigned at the time of policy registration. A label selected from the above is attached to a newly registered policy. Therefore, users who can register a policy with a specific label are managed.

  In the example of the operation described above with reference to FIGS. 6 and 7, the operator inputs information to the policy server 10 using the operator side terminal connected to the policy server 10, and the information from the policy server 10. Receive the presentation. However, the operator can input information using the input device (not shown) and the display device (not shown) included in the policy server 10 without using the operator-side terminal, and can receive information presented. Good. In this case, in the sequence diagrams of the examples of FIGS. 6 and 7, information transmitted from the operator side terminal to each part of the policy server 10 is information input by the operator using the input device of the policy server 10. The information transmitted from each part of the policy server 10 to the operator side terminal is information displayed on the display device of the policy server 10.

  Hereinafter, registration and use of a protected document using a policy registered in the policy server 10 will be described.

  FIG. 8 is a sequence diagram illustrating an example of an operation related to registration of a protected document.

  First, the protected document registration devices 20 and 22 accept a protected document registration request (step S60). At this time, the protected document registration devices 20 and 22 authenticate the user. User authentication may be performed by accessing the user management unit 142 of the policy server 10 or by using a device such as a server for performing user authentication processing that is prepared separately from the policy server 10 in the system. Also good.

  Next, the protected document registration apparatuses 20 and 22 accept input of search conditions for searching for applicable policies (step S62). This search condition is, for example, a condition related to a label given to a policy or a condition related to the contents of the policy. Examples of search conditions include: “Search for a policy assigned a label with a specific label name”, “Search for a policy registered by a specific user”, and “Specify a specific type for a specific user or group” Search for policies that are permitted to operate ".

  The protected document registration apparatuses 20 and 22 transmit the accepted policy search condition to the policy application unit 170 of the policy server 10 (step S64). The policy application unit 170 that has received the policy search condition makes a policy search request including the received policy search condition and the user ID of the operator of the protected document registration apparatus to the policy reference unit 172 (step S66). . In response to the policy search request, the policy reference unit 172 searches the policy holding unit 110 for a policy that satisfies the policy search condition. Further, the label holding unit 100 is referred to using the label ID of the label assigned to each policy of the search result, and the label name of the label assigned to each policy is acquired. Then, a list of pairs of the search result policies and their label names is transmitted to the protected document registration apparatuses 20 and 22 via the policy application unit 170 (step S68). At this time, the policy reference unit 172 uses only the policies that are permitted to be “applied” as the operation type for the user with the user ID included in the policy search request among the policies that satisfy the policy search condition. Good.

  In the protected document registration devices 20 and 22, a list of combinations of search result policies and label names received from the policy server 10 is displayed on the display means. For example, the display unit displays a list in which the policy name of each policy in the search result is associated with the label name of the label assigned to each policy. The operator refers to this list and selects a policy to be set for the document. The operator further designates a target document for setting the selected policy. The protected document registration devices 20 and 22 accept the policy selection and document designation as described above (step S70), and receive the policy ID of the selected policy, the document ID of the designated document, and the user ID of the operator. A protected document registration request including this is made to the policy application unit 170 (step S72).

  Upon receiving the protected document registration request, the policy application unit 170 registers the document ID, policy ID, and user ID included in the request in the document information holding unit 120 in association with each other. Here, the user ID is set as the “registrant” of the protected document. Further, the policy application unit 170 registers the date when the protected document registration request is received in the document information holding unit 120 in association with the corresponding document ID as the registration date (step S74).

  When registration in the document information holding unit 120 is completed, the policy application unit 170 notifies the protected document registration apparatuses 20 and 22 of registration completion (step S76).

  Next, an example of an operation related to the use of a protected document registered in the document information holding unit 120 of the policy server 10 will be described with reference to FIG. First, an operation request for a protected document is received by the protected document using devices 30 and 32 (step S80). At this time, the protected document using devices 30 and 32 authenticate the user. User authentication may be performed by accessing the user management unit 142 of the policy server 10 in the same manner as the above-described user authentication in the protected document registration apparatuses 20 and 22, or separately from the policy server 10 in the system. You may perform using apparatuses, such as a server which performs the prepared user authentication process.

  Next, the protected document using devices 30 and 32 send a determination request including the user ID of the authenticated user, the document ID of the protected document to be operated, and the type of requested operation to the operation availability determination unit 180 of the policy server 10. (Step S84).

  The operation availability determination unit 180 acquires a policy ID associated with the document ID included in the determination request from the document information storage unit 120 and acquires a record of the acquired policy ID from the policy storage unit 110. Furthermore, in the acquired policy ID record, it is determined whether or not the type of operation included in the determination request is permitted for the user with the user ID included in the determination request (step S84).

  The operation availability determination unit 180 transmits the determination result (OK or NG) in step S84 to the protected document using apparatus (step S86). At this time, if a restriction on operation is set in the policy record acquired from the policy holding unit 110 for the combination of the user to be determined and the type of operation, information regarding the restriction is also stored in the protected document using apparatus. Send to.

  If the determination result received from the policy server 10 is OK, the protected document using apparatus executes the requested operation (step S88).

  The policy server 10 described above is typically realized by executing a program that describes the function or processing content of each unit of each device described above on a general-purpose computer. As shown in FIG. 10, for example, the computer includes a CPU (central processing unit) 90, a memory (primary storage) 91, various I / O (input / output) interfaces 92, and the like connected via a bus 93. Circuit configuration. A disk drive 95 for reading portable non-volatile recording media of various standards such as an HDD (Hard Disk Drive) 94, a CD, a DVD, or a flash memory via the I / O interface 92, for example, is connected to the bus 93. Connected. Such a drive 94 or 95 functions as an external storage device for the memory. A program in which the processing content of the embodiment is described is stored in a fixed storage device such as the HDD 94 via a recording medium such as a CD or DVD, or via a network, and is installed in a computer. The program stored in the fixed storage device is read into the memory and executed by the CPU, whereby the processing of the embodiment is realized.

It is a block diagram which shows the example of schematic structure of the system which manages utilization of a document. It is a block diagram which shows the example of the outline of an internal structure of a policy server. It is a figure which shows the example of the data content of a label holding | maintenance part. It is a figure which shows the example of the data content of a policy holding | maintenance part. It is a figure which shows the example of the data content of a document information holding part. It is a sequence diagram which shows the example of the operation | movement regarding registration of a label. It is a sequence diagram which shows the example of the operation | movement regarding policy registration. It is a sequence diagram which shows the example of operation | movement regarding registration of a protected document. It is a sequence diagram which shows the example of operation | movement regarding utilization of a protected document. It is a figure which shows the example of the hardware constitutions of a computer.

Explanation of symbols

  10 Policy Server, 20, 22 Protected Document Registration Device, 30, 32 Protected Document Utilization Device, 40 Network, 90 CPU, 91 Memory, 92 I / O Interface, 93 Bus, 94 HDD, 95 Disk Drive, 100 Label Holding Unit, 110 policy storage unit, 120 document information storage unit, 130 label registration unit, 140 administrator authentication unit, 142 user management unit, 150 policy registration unit, 160 naming rule determination unit, 170 policy application unit, 172 policy reference unit, 180 operation Availability determination unit.

Claims (7)

Referring to the label information storage means for storing the label information indicating the classification of the usage restriction information indicating the usage restriction policy for the information to be used, and specified in the registration request in response to the registration request specifying the usage restriction policy. Usage restriction information registration means for registering usage restriction information representing the usage restriction policy in the usage restriction information storage means,
The label information includes information representing a registration-permitted user who is a user permitted to register the use restriction information associated with the label information in the use restriction information registration unit,
The use restriction information registering unit is designated by the requester among the use restriction information indicating the specified use restriction policy and the label information including the requester who has made the registration request as the registration-permitted user. The associated label information and register it in the usage restriction information storage means,
An information processing apparatus characterized by that. The label information includes a naming rule representing a name rule that can be given to the usage restriction information associated with the label information,
The usage restriction information registration unit further receives an input of a name of usage restriction information representing the specified usage restriction policy from the registration requester, and the received name is included in the designated label information When the name conforms to a naming rule, the received name is registered in the use restriction information storage unit as the name of use restriction information indicating the specified use restriction policy.
The information processing apparatus according to claim 1. The naming rule is a rule for prohibiting the assignment of a name similar to the name of the usage restriction information registered in the usage restriction information storage means in association with the label information including the naming rule.
The information processing apparatus according to claim 2. The naming rule is a rule for prohibiting the assignment of a name including the name of the usage restriction information registered in the usage restriction information storage unit in association with the label information including the naming rule.
The information processing apparatus according to claim 2. A label information registration unit for registering label information including information representing the designated registration-permitted user in the label information storage unit in response to a registration request for label information designating the registration-permitted user;
The information processing apparatus according to claim 1, further comprising: Output means for associating and outputting the use restriction information stored in the use restriction information storage means and the label information associated with the use restriction information;
The information processing apparatus according to claim 1, further comprising: On the computer,
Referring to the label information storage means for storing the label information indicating the classification of the usage restriction information indicating the usage restriction policy for the information to be used, and specified in the registration request in response to the registration request specifying the usage restriction policy. Usage restriction information registration step for registering usage restriction information indicating the usage restriction policy in the usage restriction information storage means;
And execute
The label information includes information representing a registration-permitted user who is a user permitted to register the use restriction information associated with the label information in the use restriction information registration unit,
In the use restriction information registration step, specified by the requester among the use restriction information indicating the specified use restriction policy and the label information including the requester who has made the registration request as the registration-permitted user. The associated label information and register it in the usage restriction information storage means,
A program characterized by that.

Images