JP2010108051A - Document access control system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a document access control system for controlling a using method by a user of a distributed document. <P>SOLUTION: A document access control system includes a policy management server and a client computer. The policy management server is provided with a policy application means for applying a valid policy to a document only within a designated period, and the client computer is provided with: a policy acquisition means for acquiring a policy applied to a document by performing access to the policy management server; an off-line environment determination means for determining an off-line environment when access to the policy management server have not been performed; an edition content storage means for storing the edition contents of the off-line environment in the document as a difference; and a browsing means for displaying the browsing contents in the off-line environment as the edited document by applying the edition contents stored as the difference. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a document access control system, a document access control method, a computer program, and a storage medium that control a user's use of a distributed document (electronic document).

  In recent years, in order to prevent information leakage of a document, a document access control system has been devised in which access rights (viewing rights, editing rights, printing rights, etc.) are set for a document to control the usage method by the user. . In this system, an expiration date can also be set for a document. After the set expiration date, the access right becomes invalid no matter what access right is set.

  A policy management server (LiveCycle ES Rights Management) of Adobe Systems Incorporated (hereinafter referred to as Adobe) has already appeared on the market as a system for managing access rights to documents. In this policy management server, the above-mentioned access rights and expiration date can be set by applying the policy issued by the policy management server to a PDF (Portable Document Format) file that is a type of document. . In the policy, information related to the user who uses the document is defined in association with the access right to the document.

  In such a document control system, when a user opens a document, the user accesses the server that manages the policy, and confirms the authority permitted / denied by the user online via the network (the policy management server cannot be accessed). Use of the document is not allowed). Each time the document is opened, the policy management server is accessed to check the policy, so the policy change held in the policy management server is immediately applied to the document.

In addition, a method has been proposed in which a policy managed by the policy management server is assigned to a document so that the document can be used in an offline environment (the policy management server cannot be accessed) only within a specified validity period ( Patent Document 1).
JP 2005-141746 A

  However, even if the document owner or administrator changes the policy to disable editing, the document used in the offline environment is edited immediately without being applied. is there.

  In order to solve the above problems, a document access control system according to the present invention is a document access control system comprising a policy management server for managing a policy applied to a document and a client computer. A policy granting unit that grants a policy that is valid only during the specified period to the document, and the client computer cannot access the policy management server by accessing the policy management server to obtain the policy applied to the document. Offline environment judging means that judges that the environment is offline, editing contents holding means that keeps the edited contents in the offline environment in the document, and editing contents held as the differences are applied to the offline environment browsing Edit And a reading means for displaying as of the document.

  According to the present invention, even if a document policy is changed so that editing is not permitted while a document with a policy that permits editing is taken out to an offline environment, the edited content is not reflected in the document. Can be controlled.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. First, a document access control system as a premise of the present invention will be described.

  FIG. 1 is a basic configuration diagram when document access right control is performed using a policy management server.

  The network 101 is a communication network that supports, for example, the TCP / IP protocol, and may be wired or wireless. The client computer 102 and the policy management server 103 communicate with each other via the network 101, and the access right of the document used by the client computer 102 can be controlled.

  The client computer 102 is a computer for a user to use a document. When the document to be used is a PDF file, the user uses Adobe Acrobat (registered trademark) or Adobe Reader to access the document to which the policy is applied. The client computer 102 may be a mobile PC such as a notebook computer.

  The policy management server 103 is a server device or a server program that controls access to a document used in a client computer. FIG. 1 is a diagram showing an example for performing document access right control by a policy management server, and a plurality of client computers 102 may exist.

  FIG. 2 is a block diagram showing the basic hardware configuration of the client computer 102 and policy management server 103 of FIG. In FIG. 2, a CPU 201, a RAM 202, a ROM 203, a communication interface 204, a video interface 205, an input unit (keyboard) 206, an input unit (mouse) 207, and a hard disk 208 are connected to each other via a system bus 209. Yes. The system bus 209 includes, for example, a PCI bus, an AGP bus, and a memory bus. The CPU 201 executes software stored in the hard disk 208 using the RAM 202 as a work memory. The hard disk 208 stores an operating system (OS), application software, application data, and the like. The ROM 203 stores a so-called BIOS that controls input / output of data to the hard disk 208 and the like in cooperation with the operation system.

  FIGS. 3 and 4 are flowcharts showing the flow of processing when the client computer 102 accesses a document.

  In step S301, the policy management server 103 is connected, and in step S302, it is determined whether or not the policy management server 103 can be connected. If it is determined in step S302 that the policy management server 103 cannot be connected, it is determined that the environment is offline, and the process proceeds to step S304. If it is determined in step S302 that the policy management server 103 can be connected, in step S303, the policy held in the document is updated with the latest policy managed by the policy management server, and the process proceeds to step S304.

  In step S304, a process (described later) for reflecting the edited content held in the document in the document content is performed, and the process proceeds to step S305.

  In step S305, the policy embedded in the document is confirmed, and it is determined whether viewing of the document is permitted. If it is determined in step S305 that document viewing is not permitted, a message to that effect is displayed and the process ends. If it is determined in step S305 that document viewing is permitted, the process proceeds to step S306.

  In step S306, it is determined whether the edited content is retained in the document. If it is determined that the edited content is retained, the edited content is reflected in step S308 to display the document. If it is determined in step S306 that the edited content is not retained, the content of the document is displayed in step S307, and the process proceeds to step S309.

  In step S309, it is determined whether there is an end instruction from the user. If it is determined that there is an end instruction, the process ends. If it is determined in step S309 that there has been no end instruction from the user, the process proceeds to step S310.

  In step S310, the policy held in the document is checked to determine whether editing of the document is permitted. If it is determined in step S310 that editing is not permitted, the process returns to step S306. If it is determined in step S310 that editing is permitted, the process advances to step S311 to accept a document editing operation from the user, and the process advances to step S312.

  In step S312, it is determined whether it is an offline environment (offline environment if connection to the policy management server could not be established in step S302). If it is determined that it is not an offline environment, in step S313, the edited content received from the user is converted into a document. Reflect and return to step S306. If it is determined in step S312 that the environment is offline, the editing content received from the user is held in the document in step S314, and the process returns to step S306.

  FIG. 5 is a flowchart showing a flow of processing (step S304 in FIG. 3) for reflecting the edited content stored in the document on the content of the document.

  In step S501, it is determined whether the edited content is retained in the document. If it is determined that the edited content is not retained, the processing ends. If it is determined in step S501 that the edited content is retained, in step S502, the policy retained in the document is confirmed, and it is determined whether editing of the document is permitted.

  If it is determined in step S502 that editing is permitted, in step S503, the retained editing content is reflected in the document content, and in step S506, the editing content is deleted from the document, and the process ends.

  If it is determined in step S502 that editing is not permitted, in step S504, a message asking the user whether to discard the edited content is displayed, and the process proceeds to step S505. In step S505, it is determined whether or not the user has instructed to discard the edited content. If it is determined that the user has not instructed to discard the edited content, the processing ends. If it is determined in step S505 that an instruction to discard the edited content has been issued, the edited content is deleted from the document in step S506, and the process ends.

  FIG. 6 is a diagram showing the message dialog displayed in step S504 of FIG.

  FIG. 7 is a diagram showing a policy structure managed by the policy management server and held in the document. The policy includes a plurality of access control information, and the access control information includes a user ID or group ID and an access type (browsing, editing, printing, etc.), and an approval type (permission or denial).

  FIG. 8 shows the structure of a document. A document consists of a policy, content, and an edit content list.

  The policy has the structure shown in FIG. 7, and is updated in step S303 in FIG. Also, it is referred to in steps S305 and S310 in FIG. 4 and step S502 in FIG.

  The content includes the content of the document.

  The edit contents list is a list of edit contents executed on the document, and is an edit contents list including edit position, edit type (insertion, deletion, change, etc.), and details of the edit contents. The edit content list is referred to in step S306 in FIG. 4 and step S501 in FIG. The edited content is added to the list in step S314 and deleted from the list in step S506 of FIG.

  In the present invention, a storage medium (or recording medium) storing software program codes for realizing the functions of the above embodiments can be supplied to a system or apparatus. It goes without saying that the functions of the embodiments can also be achieved by the computer (or CPU or MPU) of the system or apparatus reading and executing the program code stored in the storage medium.

  In this case, the program code itself read from the storage medium realizes the functions of the above embodiments, and the present invention includes a storage medium that stores the program code.

  Here, the functions of the above embodiments may be realized by executing the program code read by the computer. In addition to this, an operating system (OS) running on the computer may perform part or all of the actual processing based on the instruction of the program code. And the function of the said embodiment may be implement | achieved by the process.

  In addition, all the processes in each step of the flowchart may be performed by one apparatus or may be performed by a plurality of apparatuses. In this specification, the term “system” may refer to a system composed of a single device, or may refer to a system composed of a plurality of devices linked to each other.

  Further, the processing in each step of the flowchart may be performed by one CPU or a plurality of CPUs.

  Further, the program code read from the storage medium may be written to a storage medium of a function expansion card inserted into the computer or a function expansion unit connected to the computer. Thereafter, based on the instruction of the program code, the CPU of the function expansion card or the function expansion unit performs part or all of the actual processing, and the functions of the above-described embodiments may be realized by the processing.

  In the present invention, the program code of the software that realizes the functions of the above-described embodiments is distributed via a network, so that storage means such as a hard disk or a memory of a system or apparatus or a CD-RW, CD-R, etc. It may be stored in a storage medium. Then, the computer (or CPU or MPU) of the system or apparatus may read and execute the program code stored in the storage means or the storage medium.

It is a figure which shows the structure of the document access control system which concerns on embodiment of this invention. It is a block diagram which shows the basic hardware of the client computer of the document access control system which concerns on embodiment of this invention, and a policy management server. 6 is a flowchart showing a flow of processing when a document is accessed by a client computer in the document access control system according to the embodiment of the present invention. 6 is a flowchart showing a flow of processing when a document is accessed by a client computer in the document access control system according to the embodiment of the present invention. 6 is a flowchart showing a flow of processing for reflecting edit contents stored in a document in the document content in the document access control system according to the embodiment of the present invention. It is a figure showing the message dialog which asks a user whether edit contents are discarded in the document access control system concerning an embodiment of the present invention. It is a figure which shows the structure of the policy in the document access control system which concerns on embodiment of this invention. It is a figure which shows the structure of the document in the document access control system which concerns on embodiment of this invention.

Claims (5)

A document access control system comprising a policy management server for managing a policy applied to a document and a client computer,
The policy management server includes a policy granting unit that grants a document a policy that is valid only during a specified period.
The client computer accesses the policy management server to obtain a policy applied to the document, and obtains an offline environment judgment means for judging an offline environment when the policy management server cannot be accessed. Edit content holding means for holding edit contents in a document as a difference, and browsing in an offline environment include a browsing means for applying the edit contents held as a difference and displaying as an edited document. Document access control system.   When editing is permitted by the policy acquired from the policy management server, the client computer edits the edited content reflected as a difference in the document and the policy acquired from the policy management server. 2. The document access control system according to claim 1, further comprising: an edit content discarding unit that discards the edit content held as a difference when the content is not permitted.   3. The document access control system according to claim 2, wherein the edited content discarding unit includes a message display unit that displays a message prompting an input as to whether to discard the edited content.   A computer program for causing a computer to execute control of the document access control system according to any one of claims 1 to 3.   A storage medium storing a computer-readable program, wherein the computer program according to claim 4 is stored.

Images