JP2012164347A - Information processor and method for restricting file operation - Google Patents

Abstract

PROBLEM TO BE SOLVED: To restrict, when a predetermined operation to a first file is restricted, the predetermined operation even to a second file relating to the first file.SOLUTION: The information processor is configured to determine whether or not a predetermined operation to, for example, a first file is restricted, and to, when the predetermined operation to the first file is restricted, restrict the predetermined operation even to a second file relating to the first file.

Description

  The present invention relates to a technique for restricting a predetermined operation on an electronic document in an information processing apparatus typified by an image forming apparatus.

  In recent years, digitized documents (hereinafter referred to as electronic documents) are frequently used. An electronic document is very convenient because it can be easily transmitted to a third party by attaching it to an electronic mail. On the other hand, the ease of distributing electronic documents causes new problems such as information leakage.

  Currently, in some files such as a PDF (Portable Document Format) file, a technique for restricting operations such as display, editing, and printing has been introduced. In such a file, only a legitimate user can execute printing or the like.

  By the way, in the image forming apparatus, print job data sent from a host computer via a network is developed as a bitmap, and image data for printing is generated. This image data is temporarily stored in the hard disk drive of the image forming apparatus, but may be stored continuously after the printing is completed. This is because image data of an arbitrary document is read from the hard disk drive and printed again. In addition, the image data can be transmitted to another device. A function for storing electronic documents or the like with high printing frequency in a document box secured in the hard disk drive is called a document box function. A document box is like a folder or directory in a file system.

  Since image data of a confidential document may be stored in the document box, it is desirable that only a predetermined user can access the document box. According to Patent Document 1, by setting a password in a document box, only a user who knows the password can access image data in the document box.

JP-A-11-227267

  As described above, even for an electronic document whose operation is restricted on the host computer, for example, when the printing operation is executed, the image data of the electronic document is stored in the image forming apparatus. With respect to the image data for printing generated in this way, a predetermined operation cannot be restricted as in the original electronic document. Further, for example, there is a case where data of both an electronic document that can be operated by scanning a paper document and an image format unique to the image forming apparatus to which such operation is not applied is generated and stored. Even in this case, the operation restriction similar to that of the electronic document cannot be performed for the image format unique to the image forming apparatus.

  If image data is stored in the document box described in Patent Document 1, access to the image data can be restricted by a password. However, if the image data is further attached to an e-mail and transmitted from the image forming apparatus to another apparatus, the image data can no longer be protected. That is, the technique described in Patent Document 1 cannot suitably protect image data taken out from a document box.

  Therefore, an object of the present invention is to solve at least one of such problems and other problems. Other issues can be understood throughout the specification.

An information processing apparatus according to the present invention is, for example,
An information processing apparatus capable of communicating with a server for storing identification information for identifying image data and information indicating an operation authority for the image data in association with each other,
First image data, second image data having a format different from that of the first image data generated by converting the first image data, management information of at least the second image data, and Storage means capable of storing
The format of the first image data is a format in which identification information and operation authority can be stored in association with each other by the server, and the first image data is stored with respect to the first image data. Setting means for setting the server so that the operation authority for the first image data can be specified by adding identification information for specifying;
When the identification information for the first image data is added by the setting means, the operation for the second image data can be performed by rewriting the management information of the second image data related to the first image data. Restriction means to allow restriction and
It is characterized by including .

  As described above, according to the present invention, when a predetermined operation on the first file is restricted, the predetermined operation is restricted also on the second file related to the first file. Therefore, the operation restriction equivalent to that of the first file can be realized for the second file.

FIG. 1 is a diagram illustrating a schematic configuration of an information processing system according to an embodiment. FIG. 2 is a diagram illustrating an example of the operation authority database according to the embodiment. FIG. 3 is a diagram illustrating an example of license information according to the embodiment. FIG. 4 is an exemplary block diagram of the information processing apparatus according to the embodiment. FIG. 5 is an exemplary block diagram of the information processing apparatus (image forming apparatus) according to the embodiment. FIG. 6 is an exemplary block diagram of an image memory unit according to the embodiment. FIG. 7 is a diagram illustrating an example of an operation panel of the image forming apparatus according to the embodiment. FIG. 8 is a diagram for explaining the box according to the embodiment. FIG. 9 is a diagram illustrating an example of a user interface of the box function according to the embodiment. FIG. 10 is a diagram illustrating an example of a user interface of the box function according to the embodiment. FIG. 11 is a diagram illustrating an example of a destination table according to the embodiment. FIG. 12A is a diagram illustrating an example of a document management table according to the embodiment. FIG. 12B is a diagram illustrating another example of the document management table according to the embodiment. FIG. 13 is a flowchart illustrating an example of the file operation restriction method according to the embodiment. FIG. 14 is a flowchart illustrating another example of the file operation restriction method according to the embodiment. FIG. 15 is a flowchart illustrating another example of the file operation restriction method according to the embodiment. FIG. 16 is a flowchart illustrating another example of the file operation restriction method according to the embodiment. FIG. 17 is a sequence diagram illustrating an example of a method for outputting a document with a policy according to the embodiment. FIG. 18 is a flowchart illustrating an example of output processing according to the embodiment. FIG. 19 is a flowchart illustrating an example of thumbnail display according to the embodiment. FIG. 20 is a flowchart illustrating another example of thumbnail display according to the embodiment. FIG. 21 is an exemplary flowchart of box storage processing according to the embodiment. FIG. 22 is an exemplary flowchart illustrating a method for printing an image file stored in a box according to the embodiment. FIG. 23 is a diagram illustrating another example of the operation authority database according to the embodiment. FIG. 24 is another exemplary flowchart illustrating a method for printing an image file stored in a box according to the embodiment. FIG. 25 is an exemplary flowchart showing transmission of a job document stored in a box according to the embodiment. FIG. 26 is a flowchart illustrating an example of a transmission determination process according to the embodiment. FIG. 27 is a flowchart illustrating an example of electronic document transmission processing (S2505) according to the embodiment.

  In the following, an embodiment useful for understanding the high-level concept, middle-level concept, and low-level concept of the present invention is shown. Note that not all of the concepts included in the following embodiments are described in the claims. However, it should be understood that this is not intentionally excluded from the technical scope of the patented invention, but is not described in the scope of claims because it is equivalent to the patented invention.

  FIG. 1 is a diagram illustrating a schematic configuration of an information processing system according to an embodiment. The directory server 101 is a computer that manages operation authority information for files. The operation authority is a general term for, for example, an authority to display an electronic document, an authority to edit, and an authority to print. The operation right is sometimes called an access right. The directory server 101 may be called an operation authority management server, an access authority management server, or a policy server. As the directory server 101, for example, Adobe's live cycle policy server may be used.

  The user authentication server 102 is a computer that authenticates a user who uses a host computer or a user who uses an image forming apparatus. The host computer 103 is an information processing apparatus such as a personal computer (PC). The image forming apparatus 104 is a printer, a copier, a multifunction machine, or the like. Needless to say, the image forming apparatus is also a kind of information processing apparatus. These devices are connected via a network.

  In FIG. 1, one host computer and one image forming apparatus are shown, but there may be a plurality of them. Depending on the system configuration, the directory server may be provided with a user authentication function.

  In addition, the host computer 103 can create or edit an electronic document or set operation authority for the electronic document by using document creation application software. The electronic document is a document file or an image file. For example, a PDF file is well known as an electronic document. The host computer 103 may generate print job data from the created electronic document and send it to the image forming apparatus 104. As the document creation application software, for example, there is Acrobat (Acrobat) of Adobe Corporation.

  The image forming apparatus 104 has a document copy function, a print function, a facsimile function, a scan function, a box function, and the like. The copy function is a function for reading a document and generating a copy of the document. The print function refers to a function for printing a document based on print job data received from the host computer 103. The facsimile function refers to a function of reading a document and transmitting image data of the document to a counterpart facsimile machine. The scan function refers to a function that reads a document and generates image data. The box function creates a box for storing electronic documents such as image data, stores the electronic document in the box, prints and transmits the electronic document stored in the box, and converts the electronic document to only a predetermined user. A function that restricts access. The box can be realized as, for example, a folder or a directory. The box function is sometimes called a document box function. In addition, the name of each function is only a name for convenience.

  The image forming apparatus 104 can perform print processing on the print job data output from the host computer 103 by the printer engine included in the self apparatus via the storage unit included in the self apparatus. The print job data generally means data necessary for printing. The print job data includes, for example, page data described in PDL (page description original language).

  The user authentication server 102 has a database that holds user information (such as IDs and passwords). The user authentication server 102 confirms the legitimacy of the user who tries to log in at the host computer 103 or the image forming apparatus 104. For example, if there is a user login request in the host computer 103, the host computer 103 transmits user information to the user authentication server 102 and requests user authentication. If the user authentication server 102 confirms the validity of the user information, the user can log on to the host computer 103. The user is an operator who operates the device.

  FIG. 2 is a diagram illustrating an example of the operation authority database according to the embodiment. The directory authority 101 holds an operation authority database (sometimes called a policy database). In the database, for example, a document ID, a user name, and operation authority information are stored in association with each other. Here, the document ID is identification information for identifying an electronic document. The user name is a user ID or name. The operation authority information represents the presence / absence of authority for the operation on the electronic document. Examples of operations include browsing (display), change (editing), deletion, copying and printing. The document ID may be a license ID for identifying license information. The license information is information used to specify the operation authority for the electronic document. The electronic document itself does not hold operation authority information. Instead, license information is held in the electronic document. The license information may be held inside the electronic document or may be held outside.

  FIG. 3 is a diagram illustrating an example of license information according to the embodiment. The license information includes the document ID, the file name related to the electronic document, the title, the creator name, the creation date and time, the last update date and time, and the like. Since the document ID is shared between the license information and the operation authority database, the operation authority information can be acquired based on the document ID.

  FIG. 4 is an exemplary block diagram of the information processing apparatus according to the embodiment. In particular, FIG. 4 illustrates the hardware configuration of the directory server 101, the user authentication server 102, and the host computer 103. In general, the hardware configurations of these computers do not necessarily match, but for the sake of convenience of description, a common hardware configuration is used.

  The CPU 401 is a control unit that comprehensively controls each unit of the computer based on the computer program. The ROM 402 is a non-volatile storage unit that stores a control program such as firmware. The RAM 403 is a volatile storage unit that functions as a work area. A hard disk drive (HDD) 404 is a large-capacity storage unit. The display device 405 is a display unit for displaying various information to the user. The operation unit 406 is an input unit such as a pointing device or a keyboard. The communication interface 407 is a communication unit such as a network communication card.

  FIG. 5 is an exemplary block diagram of the information processing apparatus (image forming apparatus) according to the embodiment. In FIG. 5, a CPU 501 is a control unit that performs overall control of each unit of the image forming apparatus 104 and executes various calculations. The ROM 502 is a storage unit that stores a control program. A RAM 503 is a storage unit used as a work area or buffer for the CPU 501. A scanner unit 504 is a device that reads an image of a document. An image memory unit 505 is a storage device for storing image data of a document. The printer unit 506 is a printer engine that prints image data stored in the image memory unit 505 on a recording medium.

  The external interface 507 is a communication interface for connecting to an external device via a network. For example, the external IF 507 receives print job data output from the host computer 103. The CPU 501 expands the print job data into a bitmap image and generates image data. This image data is image data such as JPEG or JBIG. Note that the image data may be generated as a file. The generated image data is stored in the image memory unit 505. The operation panel 508 is an input / output device that outputs information to the user and inputs an instruction from the user. For example, the operation panel 508 includes a touch panel sensor, a liquid crystal display device, various keys, and the like.

  FIG. 6 is an exemplary block diagram of an image memory unit according to the embodiment. The image memory unit 505 includes a page memory 601, a memory controller 602, a compression unit 603, and a hard disk drive (HDD) 604. The memory controller 602 writes the image data sent from the external IF 507 or the scanner unit 504 to the page memory 601. The memory controller 602 reads image data from the page memory 601 and outputs the image data to the printer unit 506. The memory controller 602 writes image data in a box secured in the hard disk drive 604 and reads image data from the box. Note that the control by the memory controller 602 is executed according to a command from the CPU 501.

  FIG. 7 is a diagram illustrating an example of an operation panel of the image forming apparatus according to the embodiment. The operation panel 508 includes a copy function key 701, a box function key 702, a transmission / FAX function key 703, an extended function key 704, a liquid crystal display unit 705 with a touch panel, a numeric key 706, a start key 707, a stop key 708, and the like. When the copy function key 701 is pressed, the CPU 501 executes a copy process. When the box function key 702 is pressed down, the CPU 501 calls a box function. Note that an electronic document (eg, a document file or an image file) is stored for each job in the above-described box. The electronic document stored in the box is called a job document. Further, the user can read out and print a job document at an arbitrary timing or delete the job document by using the box function.

  A transmission / FAX function key 703 is used when data such as a document or a job document is transmitted to the host computer 103 or another apparatus. An extended function key 704 is used when an operation is performed on print job data or a job document. The numeric keypad 706 is used when inputting numerical values. A start key 707 is used to instruct the start of copying and the start of scanning. A stop key 708 is used to instruct to stop the operation.

  FIG. 8 is a diagram for explaining the box according to the embodiment. The HDD 604 includes a temporary area 801 and a box area 802. The temporary area 801 is used, for example, to change the output order of image data, or used when a plurality of prints are executed in one scan. The temporary area 801 is temporarily used before image data or an electronic document is stored in the box area 802 or the like, or image data obtained by developing print job data or image data from a scanner is temporarily stored. Used to save on. Note that after each processing is completed, the image data stored in the temporary area 801 is automatically deleted.

  The box area 802 is divided into a plurality of smaller storage areas 803a to 803d. These small storage areas are called boxes. Boxes 803a to 803d are assigned to each individual or department. The operator designates in advance a box in which image data is stored through the operation panel 508. The CPU 501 stores print job data and scan job data in a box designated by the operator.

  FIG. 9 is a diagram illustrating an example of a user interface of the box function according to the embodiment. This example is a basic screen displayed on the liquid crystal display unit 705 after the box function key 702 is pressed. This screen is a screen for allowing the user to select a box to be used. In the display area 902, buttons 901a to 901d displaying box numbers, box names, and used capacities are displayed. This used capacity is the percentage of the box used with respect to the total storage capacity of the box area. The scroll button 903 is a button for scrolling the screen up and down in order to display a plurality of boxes. The return key 904 is pressed down when returning to the initial screen.

  FIG. 10 is a diagram illustrating an example of a user interface of the box function according to the embodiment. When one box is selected by the operator on the screen shown in FIG. 9, the CPU 501 detects the box selected by the touch panel sensor. Further, the CPU 501 displays a screen as shown in FIG. 10 on the liquid crystal display unit 705.

  Reference numeral 1001 denotes a list of job documents stored in the box. The date and time of each job document, the name of the job document, etc. are displayed in a list. When the display area of any job document name is depressed, the CPU 501 highlights the line of the job document. For example, in FIG. 10, job document 2 is selected.

  When the scan key 1002 is pressed down, the CPU 501 scans the document and adds the obtained image data as a job document to the selected box. When the print key 1003 is pressed, the CPU 501 executes printing of the job document that is highlighted. When the setting change key 1004 is pressed, the CPU 501 changes the print setting related to the selected job document. For example, addition or change regarding the number of copies to be printed or the print function.

  When the delete key 1005 is pressed, the CPU 501 deletes the selected job document. The up / down scroll key 1006 is used to scroll the screen. For example, it is used when a plurality of job documents are stored in a box and cannot be displayed on the liquid crystal display unit 705 at a time. A return key 1007 is pressed down to return to the screen of FIG.

  FIG. 11 is a diagram illustrating an example of a destination table according to the embodiment. The destination table is displayed on the liquid crystal display unit 705 when the transmission button 1010 is pressed. Reference numeral 1101 denotes destination information. The destination information 1101 includes, for each destination, the type of transmission method, the name of the destination, destination information, and the like. The destination information is an e-mail address, a facsimile telephone number, a network address, or the like.

  When the line on which the name of the destination is displayed is pushed down, the CPU 501 highlights the destination line. For example, FIG. 11 shows that user 1 is selected. The up / down scroll key 1102 is used to scroll the screen when all the destinations cannot be displayed at once. Reference numeral 1103 denotes a return key. When the enter button 1104 is pressed, the CPU 501 transmits the job document to the selected destination.

  FIG. 12A is a diagram illustrating an example of a document management table according to the embodiment. This management table is used to manage the correspondence between the image data (document data) stored in the box and the license information. The management table is stored in the hard disk drive 604, for example.

  The document management table 1201 includes a box number 1202, a document name 1203, a date 1204, a time 1205, a document file name 1206, and a license information file name 1207. A box number 1202 is an identifier that uniquely represents a document box. Document name 1203, date 1204, and time 1205 represent the document name, date, and time displayed in FIG. 10, respectively. Note that the image data and the license information are stored in the box area.

  A document whose license information 1207 is blank indicates that the correspondence between the image data and the license information is not established. That is, if license information exists for image data included in a document, the image data is secure data to which an operation authority is set. On the other hand, if there is no license information for image data included in a document, the image data is data that anyone can operate freely.

  FIG. 12B is a diagram illustrating another example of the document management table according to the embodiment. A document management table 1210 is a table of management information related to image data in a device-specific format of the image forming apparatus 104. The device-specific format will be described later. Among the items of the document management table 1210, the box number 1212, the document name 1213, the date 1214, the time 1215, and the document file name 1216 are the same as the items of the same name in the document management table 1201. That is, these correspond to the box number 1202, the document name 1203, the date 1204, the time 1205, and the file name 1206 of the document. A password 1217 indicates a password set for the document in the box. This password is used as a key for encryption and decryption when the document in the box is encrypted. By converting the device-specific document format, a generic format that is not device-specific may be generated and stored in the box. In such a case, information (here, a file name) for specifying a document in the general format is set in the related general format 1218. There may be a case where the document in the general format exists in the box first, and the device specific format document of the document is generated later. In this case, the information is similarly set in the document management table 1210. The attribute information 1219 describes the types of permitted operations as information indicating the operation authority for the image data in the device-specific format. For example, for the document name 6, document reference and document printing are permitted as operations for the document. In the attribute information 1219, for example, operation authority for each user may be described as finer operation authority information.

<Method to create and store an encrypted document by scanning a paper document>
FIG. 13 is a flowchart illustrating an example of the file operation restriction method according to the embodiment. In this example, a general-purpose document file (document data) (for example, PDF file) is generated from an image file (image data) of a document input using a scanner. That is, the document file is derived from the image file. File operations of document files are restricted by encryption. Furthermore, file operations are also restricted for image files related to document files.

  Prior to generating the PDF file (first file), the CPU 501 generates a second file from the document image in step S1301. The second file is, for example, image data in a device-specific format (eg, JPEG, JBIG, TIFF, etc.). Specifically, the CPU 501 drives the scanner unit 504 in accordance with a scan instruction from the operation panel 508 to read an image on a paper document. The read image is once converted into image data or an image file according to a device-specific format and stored in the image memory 505. The device-specific format is, for example, a data format suitable for processing in the image forming apparatus (eg, JPEG, JBIG, TIFF, etc., or a unique format). When a general-purpose document file and a device-specific format image file are generated from an original image file and the image file is transmitted to the outside, a general-purpose document file that can be handled by the transmission destination may be used. . When printing an image file, a document file in a device-specific format suitable for processing in the image forming apparatus may be used. In this way, it will be possible to use the most appropriate format depending on the application.

  In step S1302, the CPU 501 determines whether or not a predetermined operation restriction is requested for the first file that is a document file. For example, the CPU 501 may determine whether there is an encryption request for the first file. This is because the operation on the file can be restricted if encryption is performed. Note that the encryption request is input from the operation panel 508 in advance, for example. If there is no request for encryption, the process advances to step S1310, and the CPU 501 generates a document file with no operation restrictions.

  On the other hand, if an operation restriction request is made, the process advances to step S1303, and the CPU 501 prompts the operator to input a password via the operation panel 508. The password is used as an encryption key, for example. Further, the CPU 501 writes the password input through the operation panel 508 in the RAM 503.

  In step S1304, the CPU 501 converts image data that is a device-specific format to generate a document file that is a general-purpose format. Further, the CPU 501 encrypts the document file using the input password. As a result, only the user who knows the password can operate this document file.

  In step S1305, the CPU 501 restricts a predetermined operation for the second file. For example, the second file that is an image file in a unique format is also encrypted using the password. Thereby, an encrypted image file is generated. As described above, since the image file is a file related to the document file in which the predetermined operation is restricted, the predetermined operation is also restricted for the image file.

Note that the key for encrypting the document file and the key for encrypting the image file are not necessarily common. Further, it is not necessary to apply a common encryption algorithm to both files. In short, when the operation is restricted for one related file, the operation should be restricted similarly for the other related file.
For example, as a key for generating an encrypted PDF file, a password input by the user is used. In addition, encryption conforming to Adobe Acrobat specifications is applied to the PDF file. When encrypting an image file in a specific format, even if at least one key registered in advance in the image forming apparatus and a general-purpose encryption algorithm (eg, 3DES) are used. Good. These are just examples.

  In step S1306, the CPU 501 stores the generated document file and the related image file in the HDD 604 in association with each other. A plurality of these related files may be grouped as one apparent document.

  Note that these files may be stored in the above-described box, or may be stored in a storage area other than the box. When stored in the box, the CPU 501 updates the document management table 1210 for these files. Since these files are restricted in predetermined operations due to encryption, the CPU 501 may create the above-described license information and store the created license information in the box.

  In the document management table 1210, the document with the document name 9 corresponds to management information for the document generated as a result of the flowchart of FIG. It can be seen that the device-specific format of the document name 9 is the document name 9.jpg, the general-purpose format is the document name 9.img, and both are encrypted using the password “JJKKL” as a key.

  As described above, in the present embodiment, when a plurality of related files are generated from a scanned document image, when the operation is restricted for one file, the operation is similarly performed for the other file. Try to be restricted. Therefore, a series of related files can be suitably protected from leakage or the like.

  In the example of FIG. 13, an encryption password is input from the operation panel 508. However, an IC card reader device may be added as a part of the operation panel 508. In this case, the CPU 501 may generate a key by reading predetermined information from an IC card inserted into the reader device.

<Method for Restricting Operations on Documents Accumulated in Image Forming Apparatus>
FIG. 14 is a flowchart illustrating another example of the file operation restriction method according to the embodiment. Here, an example will be described in which operations are restricted for documents stored in advance in the HDD 604 of the image forming apparatus.

  When the display of the document list is instructed from the operation panel 508, the CPU 501 creates a list of documents based on the document management information stored in the HDD 604, and displays a list as shown in FIG. 10 on the operation panel 508, for example. To do. Based on the document management information, the CPU 501 can recognize one or more files managed as one document. For example, the document management information manages information such as the document ID, the document title, the file name of each file constituting the document, and the presence / absence of operation restrictions (eg, encryption). The document management information may be the above-described document management tables 1201 and 1210, or may be different. Note that the document management tables 1201 and 1210 shown in FIG. 12 are not configured to manage one document. Therefore, the document ID storage field and the document title storage field will be stored in the document management table 1201.

  When the CPU 501 detects that a document to be encrypted is selected from the list displayed on the operation panel 508 and an encryption instruction is input, the CPU 501 executes this flowchart.

  In step S1401, the CPU 501 displays a message for prompting the input of a password on the operation panel 508. Further, the CPU 501 writes the password input through the operation panel 508 in the RAM 503.

  In step S1402, the CPU 501 reads from the HDD 604 a file in a specific format related to the document selected on the operation panel 508, and executes encryption. When encrypting, the entered password is used.

  In step S1403, the CPU 501 determines whether a file of another related format exists based on the document management information. If encryption is performed for all related files, the process advances to step S1405, and the CPU 501 updates document management information for the encrypted file. That is, the CPU 501 changes the information indicating the presence / absence of encryption of the file to “with encryption”.

  On the other hand, if other files remain, the process proceeds to step S1404, and the CPU 501 executes encryption for the other files in the same manner. This encryption is repeated until the encryption is completed for all files related to the document to be encrypted. It is assumed that the original file that has been encrypted is deleted from the HDD 604. Thereafter, in step S1405, the CPU 501 updates the document management information for the encrypted file.

  As described above, according to the present embodiment, it is possible to restrict the operation for a plurality of related files that are stored in the image forming apparatus in advance. That is, when a predetermined operation is restricted for one file, the predetermined operation is similarly restricted for other related files.

<Method 1 for Setting Policy for Document Accumulated in Image Forming Apparatus>
In the above-described embodiment, operations on files are preferably limited by encryption. However, with encryption alone, it is difficult to individually limit a plurality of different operations (eg display, editing, printing, etc.) on a file. Accordingly, an example will be described below in which a policy indicating operation authority for a file is set to restrict operations on the file.

  FIG. 15 is a flowchart illustrating another example of the file operation restriction method according to the embodiment. When the CPU 501 detects that any document is selected from the list of documents displayed on the operation panel 508 (FIG. 10) and the policy setting is instructed, the CPU 501 executes the following processing. The policy setting instruction is realized, for example, by pressing the setting change key 1004.

  In step S1501, the CPU 501 executes login information input processing to the directory server 101. For example, the CPU 501 displays a screen for prompting the operator to input login information on the operation panel 508. The directory server 101 functions as a so-called policy server. The policy server is a server that manages a policy (file operation authority) for each combination of document ID and user ID.

  In step S1502, the CPU 501 determines whether or not the input login information is valid. For example, the CPU 501 transmits an authentication request to the directory server 101 together with login information. If a response indicating validity is returned from the directory server 101, the CPU 501 determines that the login is successful, and the process advances to step S1503. On the other hand, when the CPU 501 receives information indicating that the login information is invalid from the directory server 101, the CPU 501 ends the policy setting process. Note that the user authentication server 102 described above may execute the login process instead of the directory server 101. The user authentication server 102 may also execute the following authentication process.

  In step S1503, the CPU 501 selects which one of “policy selection processing” or “processing for importing a general-purpose format document with policy” to be executed based on an instruction from the user. If policy selection processing is selected, the process advances to step S1504.

  In step S1504, the CPU 501 displays a screen for selecting a policy to be applied among the plurality of policies on the operation panel 508. These policies are all managed by the directory server 101. Further, the selection screen may be created by the CPU 501 based on information regarding a plurality of policies received from the directory server 101.

  In step S1505, the CPU 501 generates a general-purpose document file (for example, a PDF file) to which the selected policy is assigned. For example, the CPU 501 transmits identification information of the selected policy to the directory server 101. The directory server 101 stores the received document ID, user ID, identification information of the selected policy, and the like in association with each other. Then, the CPU 501 adds the license information received from the directory server 101 to the general-purpose document file. As a result, a policy is assigned. Thus, when the host computer 103 or the like tries to operate the document file to which the policy is assigned, the host computer 103 acquires information on the operation authority corresponding to the combination of the document ID and the user ID from the directory server 101. Thereby, the operation to the document file can be suitably restricted.

  On the other hand, if “processing for importing a general format document with a policy” is selected (S1503), the CPU 501 receives a document file in a general format with a policy from outside the image forming apparatus 104 in step S1509, To store. In step S1510, the CPU 501 generates image data in a device-specific format from the imported general-format document file. Then, the process proceeds to step S1506.

  In step S <b> 1506, the CPU 501 determines whether there is a file of another format constituting the selected document based on the document management information. If no other file exists, the process advances to step S1508, and the CPU 501 updates the document management information and ends the process. The other format file is, for example, an image file other than a PDF file, a device-specific format image data, or the like. In the present embodiment, it is possible to assign a policy to a PDF file, but it is not possible to set a policy for files of other formats.

  On the other hand, if another file exists, the process advances to step S1507 to execute encryption processing on the file in another format. As the encryption key, login information input when logging in to the directory server 101 can be used. Alternatively, as described above, the CPU 501 may request the operator to input a password or the like through the operation panel 508. Alternatively, the CPU 501 may use one or more keys stored in advance in the HDD 604 or the like. Furthermore, as described above, an IC card may be used. Thereafter, in step S1507, the CPU 501 updates the document management table.

  As described above, according to the present embodiment, it is possible to suitably restrict operations on files by assigning a policy to all files managed as one document or performing encryption. become.

<Method 2 for setting policy for documents already stored in device>
In the above-described embodiment, a policy is assigned to a document file that can be set with a policy such as a PDF file, and operations of other related files are limited by encryption. In the present embodiment, the operation is suitably limited by giving a protection attribute to other related files. In addition, about the process already demonstrated, the same referential mark is attached | subjected and description is simplified.

  FIG. 16 is a flowchart illustrating another example of the file operation restriction method according to the embodiment. As compared with FIG. 15, it can be understood that in FIG. 16, step S1507 is replaced with step S1607. In step S1607, the CPU 501 updates the attribute information in the document management table 1210 regarding files of other formats. For example, the CPU 501 analyzes the content of the selected policy (for example, whether display is possible, whether editing is possible, whether printing is possible, etc.), generates attribute information of the same content, and assigns it to the file. In step S1508, the CPU 501 updates the document management table so that the document ID is associated with the attribute information.

  An example of the updated document management table will be described with reference to FIG. 12B. In the document management table 1210, it is assumed that a policy that gives authority to refer to, print, and edit is assigned to “document name 8.img” in the general-purpose format. In this case, information indicating the same authority is set in the attribute information 1219 with respect to “document name 8.jpg” which is a related device specific format.

  As described above, when a predetermined operation is restricted for a document file, the CPU 501 acquires the contents of the restriction and gives an attribute according to the acquired contents to another related file. For example, when a PDF file with a policy is generated, for other related files, attribute information reflecting the contents of the policy is generated and attached to the other file. As a result, operations can be suitably limited for a plurality of files managed as one document.

  The image forming apparatus 104 can acquire the contents of the policy assigned to the file by transmitting the document ID, which is the file identification information, to the directory server 101. In this case, if the policy content in the policy database is changed, there is an advantage that the operation restriction content can be changed without changing the file itself. When the operation authority of the general format document file stored in the box of the image forming apparatus 104 is changed on the policy database of the directory server 101, the attribute information 1219 of the document management table 1210 may be updated according to the change.

<How to output a document with a policy>
FIG. 17 is a sequence diagram illustrating an example of a method for outputting a document with a policy according to the embodiment. The devices in the figure are devices that serve as clients, such as the host computer 103 and the image forming apparatus 104. Here, the image forming apparatus 104 will be described as a device.

  In step S <b> 1701, the CPU 501 executes login to the image forming apparatus 104 by the operator through the operation panel 508. This login process may be an authentication process using an IC card. In step S <b> 1701, the CPU 501 detects a log-in request for a document stored in the HDD 604 through the operation panel 508.

  In step S <b> 1703, the CPU 501 transmits the login information of the operator to the directory server 101. This login information is input through the operation panel 508. Note that the login information to the image forming apparatus 104 may be directly applied to the login to the directory server 101 in an environment where the single sign-on service is valid. The single sign-on service refers to a service that omits the authentication process in another network if the authentication process is successful in a certain network.

  In step S1704, the CPU 401 of the directory server 101 checks whether the received login information is valid. In step S1705, the CPU 401 transmits the result of the login process to the image forming apparatus 104. If the login fails, the process advances to step S1730, and the CPU 501 of the image forming apparatus 104 displays an error message on the operation panel 508 and ends the process.

  On the other hand, if the login is successful, in step S1706, the CPU 401 of the directory server 101 verifies whether the logged-in operator has the document output authority. For example, the CPU 401 searches the policy database based on the document ID received from the image forming apparatus 104 and the user ID. The policy database (FIG. 2) stores document IDs, user IDs (user names), and operation authority information in association with each other. In step S1707, the CPU 401 transmits the operation authority information extracted from the database to the image forming apparatus 104 as a verification result notification.

  If the received verification result notification indicates “operation not possible”, the CPU 501 of the image forming apparatus 104 displays an error message on the operation panel 508 and ends the process (S1730).

  On the other hand, if the verification result is OK (when there is an operation authority), in step S1708, the CPU 401 of the directory server 101 transmits a decryption key to the image forming apparatus. It is assumed that the decryption key is also transmitted in advance from the image forming apparatus 104 to the directory server 101 and registered in the policy database.

  In step S1709, the CPU 501 of the image forming apparatus 104 decrypts the PDF file using the received key. When the document transmission is instructed, in step S1710, the CPU 501 attaches the decrypted PDF file to the electronic mail and transmits it to another device. Note that the document may be transmitted to another facsimile machine. However, when it is desired to transmit the document while keeping the confidentiality of the document, the CPU 501 transmits the PDF file with the policy as encrypted.

  On the other hand, when printing of the document is instructed, in step S1711, the CPU 501 decodes the image file in the unique format. It is assumed that the CPU 501 has received the “print authority” information from the directory server 101. In step S1712, the CPU 501 sends the decrypted image file to the printer unit 506 to execute printing. In this case, the PDF file does not need to be decrypted.

  At this time, the key for decrypting the file in the specific format depends on the encryption process. For example, a key received from the directory server 101 may be used. In some cases, a key registered in advance in the image forming apparatus 104 is used. Furthermore, another key may be used to decrypt data other than the PDF file. Furthermore, a password set by the user may be used.

  As described above, according to the present embodiment, the decoding process and the output process are executed for a plurality of files managed as one document according to the purpose of output. When a file is transmitted to another device such as an e-mail, the confidentiality of the file can be maintained by transmitting it in an encrypted form. Further, when printing, it is possible to efficiently execute printing by decoding only the image file for printing without decoding the PDF file.

<How to preview the contents of a document>
In the above-described embodiment, transmission processing and printing processing have been described as examples of output processing. Hereinafter, the preview process will be described. First, in the case of previewing in cooperation with the directory server 101, almost the procedure of FIG. 17 can be adopted. That is, the CPU 501 decodes the file in the unique format by the procedure described with reference to FIG. 17, generates a preview image, and displays it on the operation panel 508. When preview processing is performed, a preview image is generated from image data in a related device-specific format without using a general-purpose format document file.

  FIG. 18 is a flowchart illustrating an example of output processing according to the embodiment. Processing for previewing an encrypted document without linking with the directory server 101 will be described with reference to FIG.

  In step S <b> 1801, the CPU 501 determines whether the document requested to be previewed is an encrypted document with limited operation authority through the operation panel 508. For example, the CPU 501 refers to the document management table based on the document ID and determines whether there is an operation restriction. If the document is a normal document to which the operation authority is not restricted by encryption, the process advances to step S1803, and the CPU 501 generates a preview image from the unique format file and displays it on the operation panel 508.

  On the other hand, if the document has an operation restriction, the process advances to step S1802, and the CPU 501 determines whether the operator has the viewing authority. For example, the CPU 501 prompts the operator to input authentication information (such as a password set during encryption) through the operation panel. Then, the CPU 501 verifies whether or not the input authentication information is valid.

  If the authentication information is not valid, the CPU 501 displays an error message on the operation panel 508, and ends the process without performing a preview display. On the other hand, if the authentication information is valid, the process proceeds to step S1803. The CPU 501 decodes the device-specific format file based on the input authentication information, and further generates a preview image. Furthermore, the CPU 501 displays a preview image on the operation panel 508.

  As described above, according to the present embodiment, the preview process can be suitably executed in cooperation with the directory server 101. Furthermore, even when not cooperating with the directory server 101, the preview process can be suitably executed according to the document management information held by the image forming apparatus 104.

<Prohibiting method of displaying document list by thumbnail when a secure document is included>
As in the past, by assigning a policy to a PDF file, the confidentiality of the file can be maintained. However, it is difficult to maintain confidentiality for files in a specific format in the image forming apparatus. For example, when displaying a thumbnail image from a file in a specific format for the content of the document, the document may be browsed. Therefore, a method for suitably maintaining the confidentiality of a document in thumbnail display will be described.

  FIG. 19 is a flowchart illustrating an example of thumbnail display according to the embodiment. In this embodiment, if any of a plurality of stored documents is a secure document, the confidentiality of the document is maintained by prohibiting the list. A secure document means a document with limited operating authority in this embodiment. When a list display is instructed on the operation panel 508, the processing according to this flowchart is started.

  In step S1901, the CPU 501 determines whether a secure document is stored in the HDD 604 based on the document management information. If no secure document is included, the process advances to step S1902, and the CPU 501 creates a thumbnail image for the stored document and displays a list of documents. On the other hand, if even one secure document is included, the process advances to step S1903, and the CPU 501 creates a list including the document names of the stored documents and displays the list on the operation panel 508.

  According to the present embodiment, when a secure document is always included, the confidentiality of the document can be maintained by forcibly displaying a list (list) based on the document name.

<Displaying a document list with thumbnails when a secure document is included>
In the method described with reference to FIG. 19, if even one secure document is accumulated, thumbnail display is limited for all documents. That is, thumbnail display is prohibited even for general documents that are not restricted in operation. This may lead to lack of flexibility. Therefore, an example will be described in which thumbnail display is prohibited only for documents whose display is prohibited.

  FIG. 20 is a flowchart illustrating another example of thumbnail display according to the embodiment. In addition, description is simplified by attaching | subjecting the same referential mark to the already demonstrated location.

  When the secure document is not included, the process proceeds to step S2020, and the CPU 501 generates a thumbnail image. In step S2006, the CPU 501 displays a list on the operation panel 508 using thumbnail images.

  On the other hand, if a secure document is included, the process proceeds to step S2002. In step S2002, the CPU 501 determines whether or not the operator has viewing authority for the document to be processed. The presence / absence of browsing authority is determined based on, for example, document management information. For example, the CPU 501 displays an authentication information input screen on the operation panel 508. Further, the CPU 501 determines whether or not the input authentication information matches the authentication information registered in the document management information. Alternatively, the presence / absence of viewing authority may be determined by using the input authentication information as a decryption key. Of course, as described above, the directory server 101 may be inquired. Alternatively, a single sign-on service may be applied.

  If there is viewing authority, the process proceeds to step S2004, and the CPU 501 generates a thumbnail image for the processing target document. On the other hand, if there is no viewing authority, the process advances to step S2003, and the CPU 501 excludes the secure document from the list display target.

  In step S2005, the CPU 501 determines whether or not the thumbnail processing (S2002 to S2004) has been completed for all accumulated documents. If not completed, the process returns to step S2002 to process the next document. In step S2006, the CPU 501 executes a list display only for documents for which the operator has browsing authority.

  As described above, according to the present embodiment, since a list of documents for which the operator has browsing authority is displayed, the operator can visually confirm the document having browsing authority. . In addition, since a document with no viewing authority is excluded from the list display, the operator cannot know even the existence of such a document. Therefore, it can be said that the confidentiality of the document is easily maintained.

  In the above-described embodiment, the list display using thumbnail images has been described. However, the present invention is not limited to this. Other forms of list display such as list display by document name may be employed.

  Note that thumbnail image files may be generated in advance and managed as one document. In this case, it may be convenient to omit the process of generating thumbnail images each time.

<Storage of files from the host computer to the user box>
Hereinafter, a process in which the host computer 103 stores an electronic document in the box of the image forming apparatus 104 will be described.

  FIG. 21 is an exemplary flowchart of box storage processing according to the embodiment. In the figure, a frame A indicates processing of the host computer 103. A frame B indicates processing of the image forming apparatus 104.

  In step S <b> 2101, the CPU 401 of the host computer 103 receives an electronic document usage request through the operation unit 406. In step S2102, the CPU 401 displays a login screen for the directory server 101 on the display device 405. The CPU 401 accepts input of a user name and password through the operation unit 406.

  In step S <b> 2103, the CPU 401 sends the input authentication information to the user authentication server 102 to inquire about confirmation of the user's validity. In step S2104, the CPU 401 determines whether the user has successfully logged in. For example, if the validity is confirmed by the user authentication server 102, it is determined that the login is successful. If the login is not successful, the process advances to step S2105, and the CPU 401 displays an error message indicating that the login is impossible on the display device 405.

  On the other hand, if the login is successful, the process advances to step S2106, and the CPU 401 transmits license information (FIG. 3) attached to the document file and user name information to the directory server 101. When receiving the license information and the user name information, the CPU 401 of the directory server 101 reads out the operation authority information (restriction information) for the file from the policy database (FIG. 2) and transmits it to the host computer 103. In step S2107, the CPU 401 of the host computer 103 receives operation authority information.

  In step S <b> 2108, the CPU 401 of the host computer 103 accepts an electronic document storage request for the box of the image forming apparatus 104 from the operation unit 406. In step S <b> 2109, the CPU 401 determines whether or not there is a print authority from the acquired operation authority information.

  The box storage process is similar to the normal printing process. That is, in any process, print job data (eg, PDL data) is transmitted from the host computer 103 to the image forming apparatus 104. However, if the operator does not have the print authority for the target electronic document, printing cannot be executed, and storage in the box is not executed.

  If the operator of the host computer 103 does not have the print authority, the process advances to step S2110, and the CPU 401 displays this as an error message on the display device 405. On the other hand, if the user has print authority, the process advances to step S2111, and the CPU 401 generates print job data from the electronic document. In step S2112, the CPU 401 transmits the license information attached to the electronic document together with the print job data to the image forming apparatus 104.

  In step S2120, when the CPU of the image forming apparatus 104 recognizes that the received print job is a job stored in a box, the CPU converts the print job data into image data. For example, the CPU 401 generates a file of image data (image file) by expanding the PDL data into a bitmap. It is assumed that the above-mentioned specific format is applied to this image file. Further, the CPU 501 records the correspondence between the image file and the license information in the document management table 1201. Also. The CPU 501 stores the image file and license information in a document box. In step S2120, a general-purpose document file such as PDF may be generated together with a file in a specific format.

  In step S2121, the CPU 401 attaches the received license information to the image file and stores it in the box. When there are a plurality of boxes, any box may be designated from the host computer 103. Note that a document management table 1201 in FIG. 12 is managed by associating device-specific format image data and license information.

  As described above, according to the present embodiment, a secure electronic document whose operation is restricted can be suitably stored from the host computer 103 to the box of the image forming apparatus 104. Of course, a job document (image file for printing) derived from a secure electronic document also has an advantage that operation restrictions equivalent to those of the original electronic document can be applied.

<Printing process of image file stored in box>
FIG. 22 is an exemplary flowchart illustrating a method for printing an image file stored in a box according to the embodiment. In this example, it is assumed that the operator instructs printing through the operation panel of the image forming apparatus 104.

  In step S <b> 2201, the CPU 501 detects a use request for the image forming apparatus 104 through the operation panel 508. In step S22022, the CPU 501 receives input of a user name and a password through the operation panel 508. In step S2203, the CPU 501 transmits the input user name and password to the user authentication server 102.

  In step S2203, the CPU 501 sends the input authentication information to the user authentication server 102, thereby inquiring the operator's validity. In step S2204, the CPU 401 determines whether or not the operator has successfully logged in. For example, if the validity is confirmed by the user authentication server 102, it is determined that the login is successful. If the login is not successful, the process advances to step S2205, and the CPU 501 displays an error message indicating that the login is impossible on the operation panel 508.

  On the other hand, if the login is successful, the process advances to step S2206, and the CPU 501 displays an initial screen on the operation panel 508. When the box function key 702 on the operation panel 508 is pressed, the CPU 501 displays a box selection screen (FIG. 9) on the operation panel 508. Further, when any box is selected, the CPU 501 displays a document selection screen (FIG. 10) on the operation panel 508. The CPU 501 accepts selection of an electronic document (job document) to be printed.

  In step S2207, the CPU 501 transmits the license information held together with the job document to the directory server 101. At this time, the user name of the operator is also transmitted. In step S 2208, the CPU 501 acquires operation authority information from the directory server 101.

  In step S2209, when the CPU 501 detects pressing of the print key 1003 displayed on the operation panel 508, the process proceeds to step S2210. In step S <b> 2210, the CPU 501 determines whether or not there is a print authority in the operation authority information. If the logged-in operator does not have print authority, the process advances to step S2211. The CPU 501 displays an error message on the operation panel 508 that printing is not permitted. On the other hand, if printing is permitted, the process advances to step S2212, and the CPU 501 reads the job document from the box and sends it to the printer unit 506. As a result, a desired job document is printed.

  According to the present exemplary embodiment, there is an advantage that only an operator having a valid authority can reuse a job document generated at the time of printing in the image forming apparatus 104. Of course, an operator who does not have a valid authority for the original electronic document cannot similarly operate the job document.

<Variations related to printing>
According to the above-described embodiment, the example in which printing permission / prohibition is suitably controlled for the job document stored in the box has been described. However, execution authority such as stamp printing execution authority and addition of a user name to the header / footer may be added as operation authority.

  FIG. 23 is a diagram illustrating another example of the operation authority database according to the embodiment. Compared with the database shown in FIG. 2, it can be understood that the operation authority information related to the print setting is added.

  FIG. 24 is another exemplary flowchart illustrating a method for printing an image file stored in a box according to the embodiment. Parts already described are given the same reference numerals to simplify the description.

  In step S 2208, information regarding print settings is also acquired from the directory server 101. If there is a print authority, the process advances from step S2210 to step S2412. The CPU 501 reconfigures the print target job document stored in the box according to the operation authority. If the image cannot be reconstructed according to the operation authority, the printing process may be canceled.

  For example, it is assumed that user B requests printing of a job document holding the license information of FIG. Since user B has the authority to execute printing, he can execute printing. However, the operation authority is obliged to add a non-copyable stamp as a print setting. Therefore, the CPU 501 synthesizes an image indicating that copying is impossible on the background of the job document. In step S2212, the CPU 501 prints the reconstructed job document.

  According to the present embodiment, it is possible to realize image formation according to the operation authority by reconstructing the job document according to the operation authority of the operator. For example, an image in which an image indicating that copying cannot be performed is added to the background of a job document can be formed on a recording medium.

<Send a job document stored in a user box>
FIG. 25 is an exemplary flowchart showing transmission of a job document stored in a box according to the embodiment. When the operator depresses the box function key 702 of the operation panel 508, the CPU 501 displays a box function basic screen (FIG. 9) on the operation panel 508. Subsequently, when the button 901 b is selected from the basic screen of the box function, the CPU 501 displays a job document list display screen (FIG. 10) on the operation panel 508.

  In step S2501, the CPU 501 accepts selection of an electronic document to be transmitted through the operation panel 508. The CPU 501 highlights the selected electronic document. When detecting the depression of the transmission button 1010, the CPU 501 executes a destination selection process in step S2502. For example, the CPU 501 displays the destination table (FIG. 11) on the operation panel 508 and waits for destination selection. Here, a plurality of destinations may be selected. If any of the destinations is selected and the enter button 1104 is pressed, the process advances to step S2503.

  In step S2503, the CPU 501 determines whether or not the selected electronic document can be transmitted to the selected destination. For example, the CPU 501 determines that transmission is possible if the operation restriction on the selected electronic document can be observed even at the selected destination. On the other hand, if it cannot be protected, it is determined that transmission is impossible. For example, if the license information added to the general-purpose format can be interpreted by the receiving device as the destination, it is determined that transmission is possible, and if it cannot be interpreted, it is determined that transmission is impossible. Whether or not the destination device can interpret the license information can be determined, for example, by holding such information in an address book held by the image forming apparatus 104.

  If it is determined that the operation restriction is not observed, the process advances to step S2504, and the CPU 501 stops the transmission process and displays an error message indicating that the operation is not transmitted to the operation panel 508. On the other hand, if it is determined that the operation restriction is observed, the process advances to step S2505, and the CPU 501 transmits the electronic document to the destination. In addition, the CPU 501 displays a message indicating that the transmission has been successful on the operation panel 508.

  FIG. 26 is a flowchart illustrating an example of a transmission determination process according to the embodiment. This flowchart shows step S2503 of FIG. 25 as a subroutine.

  In step S2601, the CPU 501 of the image forming apparatus 104 determines whether the selected electronic document is a secure document. For example, the CPU 501 determines whether or not the license information is associated with the selected electronic document in the document management table 1201.

  If the electronic document and the license information are not associated with each other, the process advances to step S2504 to stop the transmission process. On the other hand, if the electronic document and the license information are associated with each other, the process advances to step S2602, and the CPU 501 acquires destination information for the selected destination. In the present embodiment, the destination information is, for example, the type of transmission method, the destination name, and destination information (FIG. 11). Of course, the present invention is not limited to these exemplified information.

  In step S2603, the CPU 501 refers to the type of transmission method in the acquired destination information, and determines whether the license information attached to the electronic document is used at the destination. For example, if the transmission method is e-mail, FTP (File Transfer Protocol), SMB (Service Message Block), box document transmission, etc., it is determined that the license information is also used at the destination. Accordingly, the process proceeds to step S2505.

  On the other hand, FAX transmission is a transmission method in which license information cannot be used at the destination. That is, in such a transmission method, the electronic document is transmitted to the destination as image data and printed on a recording medium. Therefore, the operation restriction based on the license information becomes invalid. Therefore, if the transmission method is FAX transmission, the CPU 501 determines that the license information is not used, and proceeds to step S2504.

  FIG. 27 is a flowchart illustrating an example of electronic document transmission processing (S2505) according to the embodiment. Here, for convenience of explanation, the transmission process (S2505) is shown as a subroutine.

  In step S2701, the CPU 501 refers to the type of transmission method included in the destination information and determines whether the transmission is a box document to another image forming apparatus. If it is box document transmission, the process advances to step S2703 to transmit the electronic document and license information as they are. This is because if the destination is an image forming apparatus, the control of the operation authority based on the license information functions.

  If the transmission method is other than box document transmission, such as e-mail transmission, the process advances to step S2702. In step S2702, the CPU 501 combines the electronic document and the license information. Thereafter, the processing proceeds to step S2703, and the CPU 501 transmits the electronic document combined with the license information to the destination.

  As described above, according to the present embodiment, the transmission of the electronic document is permitted only when the operation authority information given to the electronic document is used at the destination. For example, transmission to a destination whose operation cannot be restricted, such as facsimile transmission, is prohibited. Therefore, the confidentiality of the electronic document can be suitably maintained according to the destination.

[Other Embodiments]
Although various embodiments have been described in detail above, the present invention may be applied to a system constituted by a plurality of devices, or may be applied to an apparatus constituted by one device. For example, a scanner, a printer, a PC, a copier, a multifunction machine, and a facsimile machine.

  The present invention supplies a software program that implements the functions of the above-described embodiments directly or remotely to a system or apparatus, and a computer included in the system reads and executes the supplied program code. Can also be achieved.

  Accordingly, since the functions and processes of the present invention are implemented by a computer, the program code itself installed in the computer also implements the present invention. That is, the computer program itself for realizing the functions and processes is also one aspect of the present invention.

  In this case, the program may be in any form as long as it has a program function, such as an object code, a program executed by an interpreter, or script data supplied to the OS.

  Examples of the recording medium for supplying the program include a flexible disk, hard disk, optical disk, magneto-optical disk, MO, CD-ROM, CD-R, and CD-RW. Examples of the recording medium include a magnetic tape, a non-volatile memory card, a ROM, a DVD (DVD-ROM, DVD-R), and the like.

  The program may be downloaded from a homepage on the Internet using a browser on a client computer. That is, the computer program itself of the present invention or a compressed file including an automatic installation function may be downloaded from the home page to a recording medium such as a hard disk. It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server that allows a plurality of users to download a program file for realizing the functional processing of the present invention on a computer may be a constituent requirement of the present invention.

  Further, the program of the present invention may be encrypted and stored in a storage medium such as a CD-ROM and distributed to users. In this case, only users who have cleared the predetermined conditions are allowed to download the key information for decryption from the homepage via the Internet, decrypt the program encrypted with the key information, execute it, and install the program on the computer. May be.

  Further, the functions of the above-described embodiments may be realized by the computer executing the read program. Note that an OS or the like running on the computer may perform part or all of the actual processing based on the instructions of the program. Of course, also in this case, the functions of the above-described embodiments can be realized.

  Furthermore, the program read from the recording medium may be written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer. Based on the instructions of the program, a CPU or the like provided in the function expansion board or function expansion unit may perform part or all of the actual processing. In this way, the functions of the above-described embodiments may be realized.

Claims (6)

An information processing apparatus capable of communicating with a server for storing identification information for identifying image data and information indicating an operation authority for the image data in association with each other,
First image data, second image data having a format different from that of the first image data generated by converting the first image data, management information of at least the second image data, and Storage means capable of storing
The format of the first image data is a format of the form that can stores an association and more identification information and the operation authority to the server, the first image data to said first image data Setting means for setting so that the server can specify an operation authority for the first image data by adding identification information for specifying
If identification information for said first image data is added by said setting means, by rewriting the management information of the second image data associated with the first image data, an operation on the second image data An information processing apparatus comprising restriction means for making restriction possible. The limiting means is
Includes acquisition means for acquiring information indicating the content operation authority against the first image data from said server,
The information processing apparatus according to claim 1, wherein the restricting unit rewrites management information of the second image data according to the content of the acquired operation authority. The acquisition means includes
The information according to claim 2 , wherein the operation authority content for the first image data transmitted from the server is acquired by transmitting identification information of the first image data to the server. Processing equipment. The second image data is a thumbnail image generated based on the first image data, and the first image data that is prohibited from being displayed by the operation authority stored in the server is stored in the storage unit. It is if they will be the limiting means information according to any one of claims 1 to 3, characterized in that to limit to display the thumbnail images generated based on the first image data Processing equipment. It is possible to communicate with a server that stores identification information for specifying image data and information indicating an operation authority for the image data in association with each other, and is generated by converting the first image data and the first image data. A method of controlling an information processing apparatus having storage means capable of storing second image data having a format different from that of the first image data and at least management information of the second image data,
  The format of the first image data is a format in which identification information and operation authority can be stored in association with each other by the server, and the first image data is stored with respect to the first image data. A setting step for setting the server so that it is possible to specify the operation authority for the first image data by adding identification information for specifying;
  When identification information for the first image data is added in the setting step, the operation for the second image data is performed by rewriting the management information of the second image data related to the first image data. Restriction process that allows restriction and
A method for controlling an information processing apparatus, comprising: It is possible to communicate with a server that stores identification information for specifying image data and information indicating an operation authority for the image data in association with each other, and is generated by converting the first image data and the first image data. For causing an information processing apparatus having storage means capable of storing second image data having a format different from that of the first image data and at least management information of the second image data to execute the control method A program, the control method comprising:
  The format of the first image data is a format in which identification information and operation authority can be stored in association with each other by the server, and the first image data is stored with respect to the first image data. A setting step for setting the server so that it is possible to specify the operation authority for the first image data by adding identification information for specifying;
  When identification information for the first image data is added in the setting step, the operation for the second image data is performed by rewriting the management information of the second image data related to the first image data. Restriction process that allows restriction and
The program characterized by including.

Images