JP4451666B2 - Document security maintenance management method, document security maintenance management system, and program - Google Patents

Description

  In the present invention, there are a plurality of domains that maintain security of copy images formed by an image forming apparatus that forms a copy image of a document on a recording medium based on a common security policy. The present invention relates to a document security maintenance management method, a document security maintenance management system, and a program capable of maintaining security even when copying is performed.

  At present, there is an increasing interest in how to ensure the security of information assets regardless of individuals or companies, such as confidential management of customer information, information system management and operation systems, security holes, computer viruses, and so on. Many standards such as ISO15408, ISO17799, BS7799, and ISMS have been established for standardization related to information security, and the need for strict implementation of security policy establishment and information security operation management is increasing in general offices.

  However, even if a security policy is established and a mechanism is established to ensure security in a consistent manner throughout the entire information security system, the security policy and system built by the user who uses the constructed information system The security system can be said to be effective only when its intention is fully understood and operated as intended. Therefore, there is a need to develop a system in which the entire information system is constructed in a consistent state and is easy to operate.

  In other words, the handling policy related to document security is defined as “document security policy”, and based on this policy, the document system and various devices operate in cooperation, and the “policy” that enables document management in a consistent manner Development of a “base document security system” is indispensable.

  For example, a rule table in which a policy is in the form of a rule is stored, a server that centrally manages security related to creation and copying of documents in the domain by the rule table, and a document attached to a document in the domain A system that maintains and manages security related to documents in the domain based on attributes and attributes of users in the domain registered in advance can be considered.

  In this case, an ID managed by the document profile management table is added to a document having an electronic form and encrypted, whereby it becomes possible to issue and manage a protected document. A policy-based document security system can be realized by performing a procedure for inquiring access authority to the security server in a dedicated program for opening a document having an electronic form.

  In addition, the ID managed by the print profile management table is added to the document, printing is performed, the ID is read from the document output on paper, and the access authority is inquired to the security server by the read ID. A security system can also be realized.

  For documents having such an electronic form, even if documents are exchanged between domains with different document security policies, the above-mentioned policy base / Security management based on the document security system can be applied as it is.

  However, for documents output on paper, it is not practical to describe the document security policy inquiry destination in the document due to limitations on the print space and limitations on reading means. It is difficult to apply.

Therefore, a TTP (Trusted Third Party) that supervises multiple domains with different document security policies is established, and a comprehensive security policy is set for TTP. Proposals have been made regarding security management devices in open distributed environments that make decisions (see Patent Document 1).
JP-A-7-141296

  However, the method described in Patent Document 1 has a restriction that each domain must be connected in an open environment, and a comprehensive document security policy must be set.

  Therefore, even if a comprehensive document security policy is established between multiple domains, even if overcoming difficulties, and even when a reliable TTP is established, access judgment cannot be delegated to the outside. It cannot be adopted.

  In view of the above circumstances, the present invention applies the document security policy of each domain even when documents (documents) printed on paper between domains with different security policies are exchanged via the document system. It is an object of the present invention to provide a document security maintenance management method, a document security maintenance management system, and a program capable of consistent maintenance management related to security.

The document security maintenance and management method of the present invention that achieves the above object unifies the determination of permission or prohibition related to creation or copying of documents in each domain by a security server having a security rule table based on the security policy of each domain In a document security maintenance method for maintaining and managing security related to the document,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain The equipment
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, Receiving a user ticket issued by an authentication server that centrally manages the attributes of operators of information devices in each domain from the second security server;
Extracting the identifier of the first domain from the document;
Location information including a domain name related to the first security server that centrally determines the permission or rejection in the first domain represented by the identifier to the second security server using the extracted identifier And receiving a reply from the second security server regarding the location information of the first security server provided by the location management server that centrally manages the location information relating to each security server;
A procedure for accessing the first security server based on the received position information and requesting permission for copying the document using the user ticket is performed.

As described above, even when the document with the identifier of the first domain is copied by the information device in the second domain, the information device in the second domain unifies the attributes of the operator. After obtaining a user ticket issued by the authentication server to be managed, extracting the domain identifier from the document, obtaining and accessing the location information of the security server of the domain, and requesting permission for copying the document Since processing is performed, security can be maintained even if the domains are different.

The document security maintenance and management method of the present invention that achieves the above object unifies the determination of permission or prohibition related to creation or copying of documents in each domain by a security server having a security rule table based on the security policy of each domain. In a document security maintenance method for maintaining and managing security related to the document,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain The equipment
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, Receiving a user ticket B issued by a second authentication server that centrally manages the attributes of the operator of the information device of the second domain from a second security server;
Extracting the identifier of the first domain from the document;
Location information including a domain name related to the first security server that centrally determines the permission or rejection in the first domain represented by the identifier to the second security server using the extracted identifier Receiving a reply from the second security server regarding the location information of the first security server provided by the location management server that centrally manages the location information relating to each security server;
Based on the attribute input by the operator who copies the document, an authentication request for the operator is sent to the first security server, and the information device of the first domain is sent from the first security server. Receiving a user ticket A issued by a first authentication server that centrally manages the attributes of the operator of
A procedure for accessing the first security server based on the received location information and requesting permission for copying the document using the user ticket A is performed.

In this way, when the operator attribute is managed by the authentication server installed in each domain and the document with the identifier of the first domain is copied on the information device in the second domain, In addition, the information device in the second domain obtains a user ticket from each authentication server according to instructions from the security server in each domain, extracts a domain identifier from the document, and obtains location information of the security server in that domain. Since processing is performed after obtaining, accessing, and requesting permission for copying the document, security can be maintained even if the domains are different.

The document security maintenance and management method of the present invention that achieves the above object unifies the determination of permission or prohibition related to creation or copying of documents in each domain by a security server having a security rule table based on the security policy of each domain. In a document security maintenance method for maintaining and managing security related to the document,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain The equipment
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, Receiving a user ticket issued by an authentication server that centrally manages the attributes of operators of information devices in each domain from the second security server;
Extracting the identifier of the first domain from the document;
First, the location management server that centrally manages the location information related to each security server, using the extracted identifier, makes a judgment of permission or rejection in the first domain represented by the identifier in a unified manner. A procedure for referring to location information including a domain name and acquiring the location information according to one security server;
The first security server is accessed based on the acquired position information, and a procedure for requesting permission for copying the document using the user ticket is performed.

As described above, even when the document with the identifier of the first domain is copied by the information device in the second domain, the information device in the second domain unifies the attributes of the operator. Acquires a user ticket issued by the authentication server to be managed, extracts a domain identifier from the document, acquires location information of the security server of the domain directly from the location information server, and accesses the security server of the domain. Therefore, processing is performed after requesting permission for copying the document, so that security can be maintained even if the domains are different.

The document security maintenance and management method of the present invention that achieves the above object unifies the determination of permission or prohibition related to creation or copying of documents in each domain by a security server having a security rule table based on the security policy of each domain. In a document security maintenance method for maintaining and managing security related to the document,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain The equipment
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, Receiving a user ticket B issued by a second authentication server that centrally manages the attributes of the operator of the information device of the second domain from a second security server;
Extracting the identifier of the first domain from the document;
First, the location management server that centrally manages the location information related to each security server, using the extracted identifier, makes a judgment of permission or rejection in the first domain represented by the identifier in a unified manner. A procedure for referring to location information including a domain name and acquiring the location information according to one security server;
Based on an operator attribute input from an operator who performs copying of the document, an authentication request relating to the operator is sent to the first security server, and the first security server sends the authentication request of the first domain. A procedure for receiving a user ticket A issued by a first authentication server that centrally manages attributes of an operator of an information device;
Accessing said first security server, based on the acquired positional information, you and performing a procedure for obtaining a permission of the copy of the document using the user ticket A.

In this way, when the operator attribute is managed by the authentication server installed in each domain and the document with the identifier of the first domain is copied on the information device in the second domain, In addition, the information device in the second domain obtains a user ticket from each authentication server according to an instruction from the security server in each domain, extracts a domain identifier from the document, and obtains location information of the security server in the domain. Since processing is performed after obtaining directly from the location information server and requesting permission to copy the document by accessing the security server of the domain, it is possible to maintain and manage security even if the domains are different.

The document security maintenance management system of the present invention that achieves the above object is created by an information device in each domain and assigned with an identifier of each domain by a security server having a security rule table based on the security policy of each domain. In addition to making a centralized decision on whether or not to permit copying of a document, whether to permit or not to copy a document created by an information device in a different domain is requested from the security server of the domain that created the document. A document security maintenance management system for maintaining and managing such security,
An authentication server that includes a table in which a list of attributes of operators of information devices in each domain is described, and that manages the operators in each domain based on the table and issues a user ticket ;
A correspondence table of the location information including the domain name and the identifier of the domain related to each security server of each domain is provided, and when the inquiry of the location information is received, the security server corresponding to the identifier is identified by the correspondence table. A location management server for providing the location information,
The information device in each domain has an identifier extracting means for extracting an identifier representing each domain from the created document,
An information device in which an identifier of a different domain is extracted from a document that has received a copy request by the identifier extracting unit is
The location management server is provided with the location information corresponding to the identifier by referring to the extracted identifier, and the authentication server is authenticated based on an attribute input by an operator who copies the document. A user ticket is acquired by making a request, and a security server that determines permission / inhibition relating to the copying of the document is accessed based on the received location information, and the copying of the document is performed using the acquired user ticket. It is characterized by seeking permission.

Thus, an authentication server having a table in which a list of operator attributes is described, a location management server that provides location information of a security server by a domain identifier, and an identifier extraction unit that extracts an identifier representing a domain; To obtain the location information of the security server from the identifier recorded in the document, and ask for permission to copy the document from the security server using the user ticket authenticated by the authentication server. Security management can be achieved even for documents that have been processed.

The program of the present invention that achieves the above object is a copy of a document created by an information device in each domain and assigned with an identifier of each domain by a security server having a security rule table based on the security policy of each domain. Consistency determination related to the document is centralized, and permission determination related to copying of documents created by information devices in different domains is maintained by requesting the security server of the domain that created the document to maintain the security related to the document A program used for a document security maintenance management system to be managed,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain On the equipment,
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, A user ticket issued by an authentication server that includes a table in which a list of attributes of operators of information devices in each domain is described from the second security server, and that centrally manages the operators in each domain based on the table The procedure to receive,
Extracting the identifier of the first domain from the document;
Location information including a domain name related to the first security server that centrally determines the permission or rejection in the first domain represented by the identifier to the second security server using the extracted identifier And a correspondence table of location information including protocols, domain names, and directories and domain identifiers related to each security server of each domain from the second security server, and based on the correspondence table, A procedure of receiving a reply about the position information of the first security server provided by the position management server that centrally manages the position information;
The first security server is accessed based on the received location information, and a procedure for requesting permission for copying the document using the user ticket is executed.

As described above, even when the document with the identifier of the first domain is copied by the information device in the second domain, the information device in the second domain unifies the attributes of the operator. After obtaining a user ticket issued by the authentication server to be managed, extracting the domain identifier from the document, obtaining and accessing the location information of the security server of the domain, and requesting permission for copying the document Since it is programmed to perform processing, it is possible to maintain and manage security even when the domains are different.
The program of the present invention that achieves the above object is a copy of a document created by an information device in each domain and assigned with an identifier of each domain by a security server having a security rule table based on the security policy of each domain. Consistency determination related to the document is centralized, and permission determination related to copying of documents created by information devices in different domains is maintained by requesting the security server of the domain that created the document to maintain the security related to the document A program used for a document security maintenance management system to be managed,
A second domain having a display unit for displaying a copy of a document with an identifier of the first domain created by an information device in the first domain and displaying a predetermined command In the information equipment in
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, A second authentication server comprising a table in which a list of attributes of operators of information devices in the second domain is described from a second security server, and managing the operators in the second domain in an integrated manner To receive user ticket B issued by
Extracting the identifier of the first domain from the document;
Location information including a domain name related to the first security server that centrally determines the permission or rejection in the first domain represented by the identifier to the second security server using the extracted identifier And a correspondence table of location information including protocols, domain names, and directories and domain identifiers related to each security server of each domain from the second security server, and based on the correspondence table, A procedure of receiving a reply about the position information of the first security server provided by the position management server that centrally manages the position information;
After receiving a reply about the location information, accessing the first security server based on the location information and using the user ticket B to request permission for copying the document;
A procedure for displaying an authentication dialog on the display unit when the presentation of the user ticket A is requested from the first security server that has requested the permission;
Based on the attribute input by the operator who copies the document, an authentication request for the operator is sent to the first security server, and the information device of the first domain is sent from the first security server. Receiving a user ticket A issued by a first authentication server that centrally manages the operator of the first domain, comprising a table in which a list of operator attributes of the first domain is described;
The first security server is accessed based on the received location information, and a procedure for requesting permission for copying the document using the user ticket A is executed.

In this way, when the operator attribute is managed by the authentication server installed in each domain and the document with the identifier of the first domain is copied on the information device in the second domain, In addition, the information device in the second domain obtains a user ticket from each authentication server according to an instruction from the security server in each domain, extracts a domain identifier from the document, and obtains location information of the security server in the domain. Since it is programmed to perform processing after obtaining and accessing the document and requesting permission for copying the document, security can be maintained even if the domains are different.

The program of the present invention that achieves the above object is a copy of a document created by an information device in each domain and assigned with an identifier of each domain by a security server having a security rule table based on the security policy of each domain. Consistency determination related to the document is centralized, and permission determination related to copying of documents created by information devices in different domains is maintained by requesting the security server of the domain that created the document to maintain the security related to the document A program used for a document security maintenance management system to be managed,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain On the equipment,
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, A user ticket issued by an authentication server that includes a table in which a list of attributes of operators of information devices in each domain is described from the second security server, and that centrally manages the operators in each domain based on the table The procedure to receive,
Extracting the identifier of the first domain from the document;
Using the extracted identifier, a location table including a protocol, a domain name, and a directory related to each security server of each domain is provided corresponding to the domain identifier, and based on the correspondence table, A location management server that centrally manages location information is queried for location information including a domain name related to the first security server that performs the judgment of permission or denial in the first domain represented by the identifier. Procedures to get information,
The first security server is accessed based on the acquired position information, and a procedure for requesting permission for copying the document using the user ticket is executed.

As described above, even when the document with the identifier of the first domain is copied by the information device in the second domain, the information device in the second domain unifies the attributes of the operator. Acquires a user ticket issued by the authentication server to be managed, extracts a domain identifier from the document, acquires location information of the security server of the domain directly from the location information server, and accesses the security server of the domain. Since it is programmed to perform processing after requesting permission for copying the document, it is possible to maintain and manage security even if the domains are different.

The program of the present invention that achieves the above object is a copy of a document created by an information device in each domain and assigned with an identifier of each domain by a security server having a security rule table based on the security policy of each domain. Consistency determination related to the document is centralized, and permission determination related to copying of documents created by information devices in different domains is maintained by requesting the security server of the domain that created the document to maintain the security related to the document A program used for a document security maintenance management system to be managed,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain On the equipment,
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to the second security server that centrally determines the permission / refusal in the second domain. Receiving a user ticket B issued by the second authentication server that centrally manages the attributes of the operator of the information device in the second domain from the second security server;
Extracting the identifier of the first domain from the document;
Using the extracted identifier, a location table including a protocol, a domain name, and a directory related to each security server of each domain is provided corresponding to the domain identifier, and based on the correspondence table, A location management server that centrally manages location information is queried for location information including a domain name related to the first security server that performs the judgment of permission or denial in the first domain represented by the identifier. Procedures to get information,
Based on an operator attribute input from an operator who performs copying of the document, an authentication request relating to the operator is sent to the first security server, and the first security server sends the authentication request of the first domain. A procedure for receiving a user ticket A issued by a first authentication server that centrally manages attributes of an operator of an information device;
The first security server is accessed based on the acquired position information, and a procedure for requesting permission for copying the document using the user ticket A is executed.

In this way, when the operator attribute is managed by the authentication server installed in each domain and the document with the identifier of the first domain is copied on the information device in the second domain, In addition, the information device in the second domain obtains a user ticket from each authentication server according to an instruction from the security server in each domain, extracts a domain identifier from the document, and obtains location information of the security server in the domain. It is programmed to acquire directly from the location information server and to access the security server of the domain and ask for permission to copy the document before processing, so even if the domain is different, security maintenance management is possible. I can plan.

  According to the document security maintenance management method, document security maintenance management system, and program of the present invention, when security management of a document in each domain is performed by a security server having a rule table based on a security policy, the domain is maintained. When a printed document created in the web is copied in a different domain, the domain that created the document is identified by the domain ID recorded in the document, and the location of each security server is managed by the domain ID In addition to acquiring the location from the management server and using a user ticket issued by checking the user attributes with a common authentication server, permission is granted to copy the document to the security server each time, preventing unauthorized access And A case across the main can be performed consistent maintenance security documents also.

  Embodiments of a document security maintenance management method, document security maintenance management system, and program according to the present invention will be described below.

The embodiment of the document security maintenance management method and program of the present invention is used in the embodiment of the document security maintenance management system of the present invention, and will be described in the embodiment of the document security maintenance management system.
(First embodiment)
In the document security maintenance management system of this embodiment, security rules related to a document are created based on a security policy applied to the entire domain 50, and the security server 10 stores the security rules in a table. An information system of each domain 50 including information devices 1 such as copiers and printers, which are connected via a network and are centrally made to determine whether a document is created or copied by the security server 10, and each domain 50 Authentication server 20 that performs authentication based on attributes such as the name and affiliation of an operator who operates information device 1 in the system, and location information including the protocol and domain name of each security server 10 based on the domain ID of each domain. Location management server 30 to be managed It is equipped with a.

  The security server 10 of each domain 50 performs a centralized decision on whether to permit copying of a document created by the information device 1 in each domain 50 and attached with the identifier of each domain 50, and also by the information device 1 in a different domain. The permission / refusal judgment regarding the copy of the created document is requested to the security server 10 of the domain 50 that created the document.

  Therefore, the document security maintenance management system of the present embodiment is configured to be able to maintain and manage the security related to the document across a plurality of domains 50.

  Next, a method for maintaining and managing security related to documents in each domain and a method for maintaining and managing security related to document copying when copying documents in different domains will be described.

  FIG. 1 is a diagram illustrating a method for maintaining and managing security related to a document in a domain in the document security maintenance and management system according to the first embodiment.

  As shown in FIG. 1, an information device 1 such as a document management system 101, a document viewer 102, a printer, a scanner, and a copier is provided at a base 100 in the office, and the information device is operated at several bases. An authentication server 20 that authenticates a user 200 and a security server 10 that centrally maintains and manages security related to documents in the domain according to document attributes, user attributes, and access processing contents are installed.

  When there is an access or document processing request from a user 200 to a document managed at the office 100 in the office, the information device 1 such as the document management system 101, document viewer 102, printer / scanner / copier 103, etc. Request for authentication based on the attribute input by the user, obtain an authentication ticket, and obtain the security management permission for the document from the security server 10 using the authentication ticket, and then request the document processing request. Execute.

  Here, the authentication server 20 authenticates whether or not the inquired user is registered based on the user management table in which the user name and affiliation are described, and issues an authentication ticket.

Further, the security server 10 centrally performs permission / rejection determination regarding access and processing related to a document by using a rule table 11 created based on a document security policy in which a document category and a confidential level are described.
The rule table 11 includes a user authority level management table in which authority levels related to user security are described, a document profile management table in which attributes related to document security are described, and attributes when a document is output on paper. There are a print profile management table described, and a zone management table describing the affiliation of the system and device.

  For example, when copying a paper document, the user makes a copy request to the copier 103 (S1).

  The copier 103 requests the user to input attribute information, and inquires the authentication server using the obtained attribute information to obtain an authentication ticket (S2).

  Next, the copying machine 103 scans the paper document and acquires the document ID recorded on the paper document (S3).

  The copier 103 makes an inquiry about, for example, copying authority to the security server 10 using the authentication ticket and the document ID (S4).

  The security server 10 acquires the corresponding user authority level from the user authority management table, and acquires the print profile corresponding to the scanned paper document from the print profile management table (S5, S6). Also, a document profile corresponding to the print profile is acquired from the document profile management table (S7). Further, the zone to which the requested copier 103 belongs is acquired from the zone management table (S8).

  Then, the user authority for copying is acquired from the rules described in the document security policy and the user authority level, document profile and affiliation zone obtained in (S5, S7, S8), and the result is stored in the copying machine. Reply (S9).

  The copier 103 performs a copying process based on the acquired user authority (S10).

  In this case, an ID managed by the document profile management table is added to a document having an electronic form and encrypted, whereby the protected document can be issued and managed. In addition, in a dedicated program for opening a document having an electronic form, a procedure for inquiring access authority to the security server can be performed.

  In addition, printing may be performed by adding an ID managed by the print profile management table to the document, reading the ID from the document output on paper, and inquiring the access authority to the security server 10 using the read ID. Good.

  FIG. 2 is a schematic configuration diagram showing the first embodiment of the document security maintenance management system of the present invention.

  As shown in FIG. 2, the document security maintenance management system according to the first embodiment creates and creates documents in each domain 50 by the security server 10 having the rule table 11 based on the security policy of each domain 50. When the copied document 2 is copied, it is determined whether copying is permitted or not based on the attributes of the operator and the attributes of the document input from the operator to the copying machine 1B. Regarding the copy of the created document, the security of the document exchanged across the plurality of domains 50 is maintained and managed by requesting the security server 10A of the domain that created the document to determine whether or not to permit the copy. It is configured to be.

  Then, an authentication server 20 common to each domain that centrally manages an operator who operates the information device 1 in each domain 50, and a location management server 30 common to each domain 50 that manages location information of each security server 10 and provides information. When requesting the determination of permission or not, the corresponding security server 10 is accessed by the position information obtained from the position management server 30, and the permission of copying is granted using the authentication ticket of the authentication server 20. Ask.

  Further, although not shown in the figure, the printer 1A and the copying machine 1B in each domain are connected to respective security servers 10A and 10B for maintaining and managing security in each domain via a network. In addition, each security server 10 and the location management server, and each security server and the user authentication server are connected via a network.

  Here, the number of domains is typically shown as two, but the number of domains is not limited to two, and three or more domains may exist. In each domain, only one information device, such as a printer or a copier, is included in the security server. For convenience of explanation, it is not necessary to have one information device.

  The document 2 created in each domain to which this embodiment is applied is assigned a domain ID indicating each domain 50, and the information device 1 (here, printer 1A and copier 1B) in each domain. Includes an identifier extracting means 5 (here, identifier extracting means 5A, 5B) for extracting an identifier representing each domain from the created document, so that each information device 1 has a domain ID assigned to the document. Can be extracted by the identifier extracting means 5 and the domain in which the document is created can be known.

  Here, the domain ID may be recorded in a visible state like a barcode, or may be recorded in an invisible state like a digital watermark.

  In the first domain 50A, a first security server 10A for maintaining and managing security of a document created and copied in the first domain 50A according to the first security policy, and the first security server 10A. Is provided with a printer 1A that is subject to security restrictions on documents printed under the above.

  In the second domain 50B, a second security server 10B for maintaining and managing the security of a document created and copied in the second domain 50B according to the second security policy, and the first security server 10B. Is provided with a copier 1B that is subject to security restrictions on documents printed under the control of

  The security server 10 includes a rule table 11, for example, a user authority level management table in which authority levels relating to user security are described, a document profile management table in which attributes relating to document security are described, and a document output on paper A rule table such as a print profile management table in which attributes are described, a zone management table in which the affiliation of the information system or the information device 1 is described, and a security policy table in which the document category type and the security level are described. Each table is referred to based on the user attribute acquired from the client and the document ID read from the document, and it is determined whether the requested document can be copied.

  In addition, a table in which the location of each security server is described, such as a URL, corresponding to the domain ID representing the domain 50 in which security is managed by each security server 10, is a location that is commonly used in each domain 50. A management server 30 is provided.

  FIG. 3 is a diagram illustrating an example of the location of the security server managed by the location management server.

  As shown in FIG. 3, the location management server 30 includes a domain in which a security server location 52 is described as, for example, an Internet address (URL) and is subject to security restrictions by the address (URL) and security server 10. Is stored as a location management table that corresponds to the domain ID 51 of each. That is, in the first security server 10A that performs security maintenance in the first domain 50A, the domain ID 51 is “1”, and the location 52 is “http: //foo.baa/abcde/”. http: // indicates an example of a protocol, for example, foo. “baa” indicates a domain name. For example, “/ abcde” indicates a directory in the host. In the second security server 10B that performs security maintenance in the second domain 50B, the domain ID is “2”, and the location is “http: //foo2.baa/abcde/”. .

The position management server 30 of the present embodiment has a function of newly registering, deleting, or changing the location of the domain name and the security server location in the location management table.
In this embodiment, access to the location management server is configured to be performed by the security server, but it can also be configured to be performed directly from each client.

  Again, referring back to FIG.

  The document security maintenance management system of this embodiment includes an authentication server 20 that manages attribute information such as a user's name and affiliation, authenticates a user who has made an inquiry, and issues an authentication ticket.

  The authentication server 20 includes a table in which a list of attributes of operators of information devices (here, the printer 1A and the copier 1B) 1 in each domain is described, and information devices in each domain are based on the table. Centrally manages the operators to operate. When there is an inquiry from the security server based on the user attribute information, the user management table is referred to authenticate the user who has made the inquiry.

  In the document security maintenance management system of this embodiment, a copy of a document created in each domain and attached with the domain ID based on the domain ID attached to the document maintains the security of the domain centrally. Whether or not to permit is determined by each security server to be managed.

  Therefore, when a document copy request (1) is received by an information device in each domain, first, the information device 1B inquires of the security server 10B about the attribute input by the operator who has received the copy request, and the security server 10B. Inquires of the attribute to the authentication server 20 to obtain an authentication ticket (2) (3). For a copy request that extracts a domain ID recorded in the document and makes a different domain, the position management server manages the domain for each domain ID attached to the document for which the copy request has been made. Queries the management server for the location (2) (4). Then, it accesses the security server that manages the document based on the location, receives an instruction for copying the document from the security server using the acquired authentication ticket, and executes a copy request according to the instruction (5). .

  As a result, the security related to the creation and copying of documents in each domain 50 is centrally maintained and managed by the security server 10 having the security rule table for each domain, and also for copy requests across domains. Security maintenance can be achieved.

  FIG. 4 is a timing chart showing an example of a message transmitted / received to maintain and manage security in the document security maintenance management system of this embodiment.

In the timing chart shown in FIG. 4, a scanner or copier 1B, a security server 10B, a security server 10A, a location management server 30, and an authentication server 20 are arranged from the left side to the right side, and a message is sent by an arrow. Shows direction. And it is illustrated under the following preconditions.
Condition 1: A document printed by the printer 1A belonging to the domain 50A is read by the scanner 1B belonging to the domain 50B, or is copied by the copying machine 1B.
Condition 2: The domain ID “1” of the domain 50A is recorded in the printed document.

  When the user 200 makes a document reading by the scanner 1B or makes a copying request by the copying machine 1B, the scanner or the copying machine 1B sends an authentication request for accessing the system to the security server 10B (S11).

  The security server 10B sends an access authentication request to the requested system to the common authentication server 20 (S12).

  Upon confirming the requested scanner or copier 1B, the authentication server 20 issues a system ticket to the security server 10B (S13).

  The security server 10B sends the issued system ticket to the requested scanner or copier 1B (S14).

  Here, the system ticket is not necessarily requested every time of reading or copying, but may be requested when the scanner or copying machine is activated or when the expiration date of the ticket has expired.

  Next, the scanner or copying machine 1B requests the security server 10B to authenticate the user 200 who has requested copying (S15).

  Upon receiving the request, the security server 10B transmits the attribute information input to the authentication server 20 and makes an authentication request for the requested user (S16).

The authentication server 20 performs authentication against the management table, and when the requested attribute is described, issues a user ticket to the security server 10B (S17).
The security server 10B sends the issued user ticket to the requested scanner or copier 1B (S18).

  Next, the scanner or copying machine 1B makes a session start request to the security server 10B using the system ticket (S19), and the security server 10B sends a session IDA to the scanner or copying machine 1B (S20).

  Next, the scanner or copying machine 1B extracts the domain ID (1) from the document to be copied (S21). Then, using the session IDA and the system ticket, the security server 10B is inquired about the location of the security server 10A that maintains and manages security over the entire domain 50A represented by the extracted domain ID (1) (S22).

  The security server 10B inquires the location management server 30 for the location of the security server 10A inquired (S23), and the location management server 30 provides the location information of the security server 10A to the security server 10B. (S24).

  The security server 10B returns the position information of the received security server 10A to the scanner or copier 1B (S25), and the scanner or copier 1B accesses the security server 10A based on the position information, and the system ticket Is used to make a session start request (S26).

  The security server 10A sends a session IDB to the scanner or copier 1B (S27), and the scanner or copier 1B requests the security server 10A to read a document using the session IDB or a user ticket or to permit copying. (S28).

The security server 10A determines whether the copying is permitted, prohibited, or permitted by referring to the rule table and returns the determination result to the scanner or the copying machine 1B (S29).
The scanner or copier 1B reads a document or processes a copy request based on the answer from the security server 10A.

In this way, even when there is a copy request across domains, the common authentication server confirms whether the user who received the copy request is a user registered by each domain, and an authentication ticket is issued. publish. Whether or not the request is a copy request from a different domain is confirmed by the domain recorded in the document, and position information is collected from a security server that centrally maintains and manages the security of the confirmed domain. Based on the collected location information, the corresponding security server is accessed, an authentication ticket is presented, and permission for copying is required, so that unauthorized access to the security server is prevented and the security policy of each domain The processing can be performed by the information device of each domain that receives the request.
(Second Embodiment)
The second embodiment differs from the first embodiment in that the user authentication method is different for each domain. Therefore, the second embodiment includes an authentication server for each domain and performs user authentication for each domain. A difference is that a dialog box is displayed on the operation panel (corresponding to the display unit of the present invention) of a scanner or a copier so that attributes can be input from the user when user authentication is requested. Since other system configurations are common, the same components are denoted by the same reference numerals, and differences will be described.
FIG. 5 is a schematic configuration diagram showing a second embodiment of the document security maintenance management system of the present invention.

  As shown in FIG. 5, the document security maintenance management system of the second embodiment manages attribute information such as the name and affiliation of the user who operates the information device in the domain 50A, and authenticates the user who has made the inquiry. The authentication server 20A includes an authentication server 20B that manages attribute information such as the name and affiliation of a user who operates an information device in the domain 50B, and authenticates the user who has made an inquiry. Each authentication server issues an authentication ticket B when the attribute queried in the management table is not found or when the user is a user of a different domain, and when the user is a user of a domain managed by the authentication server, the authentication ticket A is issued. Issue.

  Therefore, when the information device accesses the security server of the domain by using the domain ID extracted from the document and requests permission for copying the document, each security server indicates that the presented authentication ticket is the authentication ticket B , It is possible to confirm that the user is in the domain managed by the user by obtaining the authentication ticket A from the authentication server in the domain managed by the security server.

  When the document copy request (1) is received by the information device 1B of the domain 50B, first, the information device 1B inquires the security server 10B about the attribute input by the operator who has received the copy request, and the security server 10B Then, the attribute is inquired to the authentication server 20B to obtain the authentication ticket B (2) (3). The domain ID recorded in the document is extracted, and in response to a copy request from a different domain, the location management server manages the location of the security server for each domain ID attached to the document for which the copy request has been made. The location management server 30 is inquired (2) (4). Then, it accesses a security server that performs permission / refusal determination regarding copying of the document based on the location, and uses the acquired authentication ticket B to request permission for copying the document from the security server (5). In this case, the security server 10A confirms the location of the security server of the domain 50B that has requested permission with the location management server 30 (6). Then, presentation of the authentication ticket A authenticated by the authentication server 20 is requested (7), and based on the authentication ticket A, the information device 1B of the domain 50B is judged whether copying is permitted or not, and the judgment result is indicated (5). The information device 1B executes a copy request according to the instruction.

  As a result, even when a user is authenticated for each domain, it is possible to maintain and manage security related to document copying across domains by using an authentication ticket issued by the authentication server of each domain.

  FIG. 6 is a diagram showing an operation panel of a scanner or a copier installed in each door.

  As described with reference to FIG. 5, the security server 10A of the present embodiment is configured to request the information device 1B to present the authentication ticket A authenticated by the authentication server 20.

  Therefore, when the information device 1B receives a request from the security server 10A, the attribute information necessary for the authentication request is input by the user to the operation panel (corresponding to the display unit of the present invention) 3. Dialog box 4 is displayed.

  In the user authentication request dialog box 4 displayed on the operation panel shown in FIG. 6, a frame 4 a for inputting “domain name” and “password”, selection keys for “redo”, “cancel”, and “authentication” and 4 b Is displayed.

  Here, it is not always necessary to use a domain name as a user name, and a user name authenticated in Windows (registered trademark of Microsoft) may be used, and a user name of Notes (registered trademark of Lotus) is used. I can see.

  Further, instead of displaying a dialog box and inputting attributes, an IC card or the like can be used.

  FIG. 7 is a timing chart showing an example of a message sent and received for maintaining and managing security in the document security maintenance management system of this embodiment.

In the timing chart shown in FIG. 7, the scanner or copier 1B, the security server 10B, the security server 10A, the location management server 30, the authentication server 20B, and the authentication server 20A are arranged from the left side to the right side. Indicates the direction in which the message is sent. And it is illustrated under the following preconditions.
Condition 1: A document printed by the printer 1A belonging to the domain 50A is read by the scanner 1B belonging to the domain 50B, or is copied by the copying machine 1B.
Condition 2: The domain ID “1” of the domain 50A is recorded in the printed document.

  When the user 200 reads a document by the scanner 1B or makes a copy request by the copying machine 1B, the scanner or the copying machine 1B sends an authentication request for accessing the system to the security server 10B (S31).

The security server 10B sends an access authentication request to the requested system to the authentication server 20B (S32).

Authentication server 20 B, when confirming scanner or copier 1B that has been requested and issues a system ticket A to the security server 10B (S33).

The security server 10B sends the issued system ticket A to the requested scanner or copier 1B (S34).

  Here, the system ticket is not necessarily requested every time of reading or copying, but may be requested when the scanner or copying machine is activated or when the expiration date of the ticket has expired.

  Next, the scanner or copying machine 1B requests the security server 10B to authenticate the user 200 who has requested copying (S35).

Security server 10B which receives the request, performs transmits the attribute information inputted to the authentication server 20 B authentication request of the user has been requested (S36).

Authentication server 20 B authenticates In contrast to the management table, when there was attributes requested are described, issues a user ticket B to the security server 10B (S37). The security server 10B
The issued user ticket B, and sends to the scanner or copier 1B which has received the request (S38).

Next, the scanner or copying machine 1B makes a session start request to the security server 10B using the system ticket A (S39), and the security server 10B sends a session IDA to the scanner or copying machine 1B (S40). .

  Next, the scanner or copying machine 1B extracts the domain ID (1) from the document to be copied (S41). Then, using the session IDA and system ticket, the security server 10B is inquired about the location of the security server 10A that maintains and manages security over the entire domain 50A represented by the extracted domain ID (1) (S42).

  The security server 10B inquires the location management server 30 for the location of the security server 10A inquired (S43), and the location management server 30 provides the location information of the security server 10A to the security server 10B. (S44).

The security server 10B returns the position information of the received security server 10A to the scanner or copier 1B (S45), and the scanner or copier 1B accesses the security server 10A based on the position information, and the system ticket A session start request is made using A (S46).

  The security server 10A inquires the location management server 30 about the location of the security server 10B in the domain 50B (S47), and the location management server 30 returns the location of the security server 10B (S48).

  The security server 10B returns a session IDB to the scanner or copier 1B (S49).

  The scanner or copier 1B requests the security server 10A to read the document using the session IDB and the user ticket B or to permit copying (S50).

  The security server 10A requests authentication by the authentication server 20A (S51).

  The scanner or the copier 1B displays a dialog box on the display unit and prompts the user to input attributes (S52).

  When the user inputs the attribute in the dialog box and makes an authentication request to the security server 10A (S53), the security server 10A refers to the authentication request to the authentication server 20A in its own domain and acquires the user ticket A. (55). The security server 10A passes the acquired user ticket A to the scanner or copier 1B (S56).

  The scanner or copying machine 1B requests the security server 10A to permit copying using the session IDB and the user ticket A (S57).

  The security server 10A determines whether the copying is permitted, prohibited, or permitted by referring to the rule table, and returns the determination result to the scanner or the copying machine 1B (S58).

  The scanner or copier 1B reads a document or processes a copy request based on the answer from the security server 10A.

  As described above, even when an authentication server is provided for each domain and a user in each domain is authenticated, each security server requests the presentation of an authentication ticket issued by the respective authentication server to obtain the first. As in the first embodiment, unauthorized access to the security server is prevented, and processing can be performed by the information device of each domain that has received the request while matching the security policy of each domain.

In the document security maintenance management system according to the first and second embodiments, the security server makes a central location inquiry to the location management server, so that each security server knows the location of the location management server. Therefore, there is an advantage that communication in an emergency such as when an abnormality occurs in the location management server does not become complicated.
(Third embodiment)
The third embodiment is different from the first embodiment in that the information device directly makes a location inquiry to the position management server. However, since the rest is common, the same components are denoted by the same reference numerals, and differences will be described.

  FIG. 8 is a schematic configuration diagram showing a third embodiment of the document security maintenance management system of the present invention.

  As shown in FIG. 8, in the first domain 50A, there is a first security server 10A for maintaining and managing the security of a document created and copied in the first domain 50A according to the first security policy. A printer 1A that is subject to security restrictions on documents to be printed under the control of the first security server 10A is provided.

  In the second domain 50B, a second security server 10B for maintaining and managing the security of a document created and copied in the second domain 50B according to the second security policy, and the first security server 10B. Is provided with a copier 1B that is subject to security restrictions on documents printed under the control of

  Further, each security server (in this case, the first security server 10A and the second security server 10B shown representatively) used in common for the first domain 50A and the second domain 50B is regulated. The location management server 30 having a table in which the location of each security server such as a domain ID, for example, a URL is described, and attribute information such as the user's name and affiliation are managed to authenticate the user who has made the inquiry A user authentication server 20 that issues tickets is provided. The authentication server 20 includes a table in which a list of attributes of operators of information devices (here, the printer 1A and the copier 1B) in each domain is described, and operates information devices in each domain based on the table. Centralized management of operators

  In this embodiment, since each information device knows the location of the location management server 30, when the domain ID is extracted from the document and the domain ID is different from the domain ID of the information device, Since the location management server 30 can be directly inquired about the location of the security server in the domain in which the document is created to receive information, the procedure can be simplified.

  FIG. 9 is a timing chart showing an example of a message transmitted / received to maintain and manage security in the document security maintenance management system of this embodiment.

In the timing chart shown in FIG. 9, the scanner or copier 1B, the security server 10B, the security server 10A, the location management server 30, and the authentication server 20 are arranged from the left side to the right side, and a message is sent by an arrow. Shows direction. And it is illustrated under the following preconditions.
Condition 1: A document printed by the printer 1A belonging to the domain 50A is read by the scanner 1B belonging to the domain 50B, or is copied by the copying machine 1B.
Condition 2: The domain ID “1” of the domain 50A is recorded in the printed document.

  When the user 200 makes a document reading by the scanner 1B or makes a copying request by the copying machine 1B, the scanner or the copying machine 1B sends an authentication request for accessing the system to the security server 10B (S61).

  The security server 10B sends an access authentication request to the requested system to the common authentication server 20 (S62).

  Upon confirming the requested scanner or copying machine 1B, the authentication server 20 issues a system ticket to the security server 10B (S63).

  The security server 10B sends the issued system ticket to the requested scanner or copier 1B (S64).

  Here, the system ticket is not necessarily requested every time it is read or copied, but may be requested when the scanner or the copying machine is activated or when the ticket expires.

  Next, the scanner or copying machine 1B requests the security server 10B to authenticate the user 200 who has requested copying (S65).

  Upon receiving the request, the security server 10B transmits the attribute information input to the authentication server 20 and makes an authentication request for the requested user (S66).

The authentication server 20 performs authentication against the management table, and when the requested attribute is described, issues a user ticket to the security server 10B (S67).
The security server 10B sends the issued user ticket to the requested scanner or copier 1B (S68).

  Next, the scanner or copying machine 1B makes a session start request to the security server 10B using the system ticket (S69), and the security server 10B sends a session IDA to the scanner or copying machine 1B (S70).

  Next, the scanner or copying machine 1B extracts the domain ID (1) from the document to be copied (S71).

  Next, the scanner or copying machine 1B uses the session IDA and system ticket to inquire the location management server about the location of the security server 10A that manages the security of the entire domain 50A represented by the acquired domain ID (1) (S72).

  The location management server 30 provides the location information of the security server 10A with the domain ID (1) to the scanner or the copying machine 1B (S73).

  The scanner or copying machine 1B makes a session start request to the security server 10A using the system ticket (S74).

  The security server 10A returns a session IDB to the scanner or copier 1B (S75). The scanner or copying machine 1B requests the security server 10A to read the document or permit copying using the session IDB and the user ticket (S76).

  The security server 10A determines whether the copying is permitted, prohibited, or permitted by referring to the rule table, and returns the determination result to the scanner or the copying machine 1B (S77).

  The scanner or copier 1B reads a document or processes a copy request based on the answer from the security server 10A.

  In this way, even if each information device directly inquires the location management server for the location of the security server and simplifies the procedure, unauthorized access to the security server is prevented as in the first embodiment. In addition, processing can be performed by the information device of each domain that receives the request while matching with the security policy of each domain.

However, since it is necessary for each information device to know the location of the location management server, it is complicated to communicate in an emergency such as when an abnormality occurs in the location management server.
(Fourth embodiment)
The fourth embodiment is different from the second embodiment in that the location inquiry to the location management server is directly made by the information device. However, since other points are common, the same components are denoted by the same reference numerals, and differences will be described.

  FIG. 10 is a schematic configuration diagram showing a fourth embodiment of the document security maintenance management system of the present invention.

  As shown in FIG. 10, a first security server 10A and a printer 1A are provided in the first domain 50A, and a second security server 10B and a copying machine are provided in the second domain 50B. 1B.

  Further, each security server (in this case, the first security server 10A and the second security server 10B shown representatively) used in common for the first domain 50A and the second domain 50B is regulated. Location management server 30 having a table in which domain IDs and locations are described, and attribute information such as names and affiliations of users in each domain, authenticate users who have made inquiries, and issue authentication tickets Each user authentication server 20A, 20B to be performed is provided.

  In this embodiment, since each information device knows the location of the location management server 30, when the domain ID is extracted from the document and the domain ID is different from the domain ID of the information device, Since the location management server 30 can be directly inquired about the location of the security server in the domain in which the document is created and receive information, the procedure can be simplified.

  FIG. 11 is a timing chart showing an example of a message transmitted / received to maintain and manage security in the document security maintenance management system of this embodiment.

In the timing chart shown in FIG. 11, the scanner or copier 1B, the security server 10B, the security server 10A, the location management server 30, and the authentication server 20 are arranged from the left side to the right side, and a message is sent by an arrow. Shows direction. And it is illustrated under the following preconditions.
Condition 1: A document printed by the printer 1A belonging to the domain 50A is read by the scanner 1B belonging to the domain 50B, or is copied by the copying machine 1B.
Condition 2: The domain ID “1” of the domain 50A is recorded in the printed document.

  If the user 200 reads a document by the scanner 1B or makes a copy request by the copying machine 1B, the scanner or the copying machine 1B sends an authentication request for accessing the system to the security server 10B (S81).

  The security server 10B sends an access authentication request to the requested system to the common authentication server 20 (S82).

  Upon confirming the requested scanner or copying machine 1B, the authentication server 20 issues a system ticket to the security server 10B (S83).

  The security server 10B sends the issued system ticket to the requested scanner or copier 1B (S84).

  Here, the system ticket is not necessarily requested every time of reading or copying, but may be requested when the scanner or copying machine is activated or when the expiration date of the ticket has expired.

  Next, the scanner or copying machine 1B requests the security server 10B to authenticate the user 200 who has requested copying (S85).

  Upon receiving the request, the security server 10B transmits the attribute information input to the authentication server 20 and makes an authentication request for the requested user (S86).

The authentication server 20 performs authentication against the management table, and when the requested attribute is described, issues a user ticket to the security server 10B (S87).
The security server 10B sends the issued user ticket to the requested scanner or copier 1B (S88).

  Next, the scanner or copying machine 1B makes a session start request to the security server 10B using the system ticket (S89), and the security server 10B sends a session IDA to the scanner or copying machine 1B (S90).

  Next, the scanner or copier 1B reads the document and acquires the domain ID (1) (S91).

  Then, using the session IDA and the system ticket A, the scanner or copier 1B inquires of the location management server 30 about the location of the security server 10A that manages the security of the entire domain 50A represented by the acquired domain ID (1) ( S92).

  The location management server 30 provides the location information of the security server 10A with the domain ID (1) to the scanner or copier 1B (S93).

  The scanner or copier 1B uses the system ticket A to the security server 10A and makes a session start request indicating the domain 50B (S94).

  The security server 10A requests a new system ticket from the scanner or the copier 1B because the system ticket A is not valid in the domain 50A (S95).

  The scanner or copier 1B makes a system authentication request to the security server 10A (S96), and the security server 10A makes a system authentication request to the authentication server 20A (S97). The authentication server 20A issues a system ticket B to the security server 10A (S98), and the security server 10A passes the system ticket B to the scanner or copier 1B (S99).

  The scanner or copying machine 1B uses the system ticket B to make a session start request to the security server 10A (S100), and the security server 10A passes the session IDB to the scanner or copying machine 1B (S101).

  The scanner or copying machine 1B uses the session IDB and the user ticket B to request permission for document copying from the security server 10A (S102).

  Since the security server 10A does not work with the user ticket B, it requests authentication by the authentication server 20A (S103).

  Therefore, the scanner or the copier 1B displays a dialog box on the display unit (S104), and requests the user to input attributes (S105).

  When the user inputs in the dialog box and makes an authentication request to the security server 10A (S106), the security server 10A queries the authentication server 20A in its own domain for the authentication request and acquires the user ticket A (S107). The acquired user ticket A is transferred to the scanner or the copying machine 1B (S108).

  The scanner or the copying machine 1B uses the session IDB and the user ticket A to request permission for copying from the security server 10A (S109).

  The security server 10A determines whether the copying is permitted, prohibited, or permitted by referring to the rule table, and returns the determination result to the scanner or the copying machine 1B (S110).

  The scanner or copier 1B reads a document or processes a copy request based on the answer from the security server 10A.

Also in the present embodiment, as in the third embodiment, each information device directly queries the location management server for the location of each security server and receives information, so that the processing is simplified.
However, when the location management server changes the location, or when the authentication server changes the location, there is a disadvantage that it is necessary to change the settings of the locations registered in all information devices.

  Therefore, in the present embodiment, the authentication server 20 and the location management server 30 change the location to the information devices (here, the printer 1A and the copier 1B) 1 and the security servers 10 in each domain when the location is changed. For example, can be broadcast periodically.

  As a result, each time the location is changed, the locations set in the information devices 1 and the security servers 10 in the respective domains can be changed at the same time, so that labor is saved.

  Moreover, it can also be comprised so that it may broadcast when the information apparatus 1 and each security server 10 of each domain start, and can also take the form combined with periodic broadcast.

  If it is decided to broadcast when each of the security servers 10 is activated, it is preferable because, for example, the domain information device 1 and the security server 10 are powered off and can be received even when periodic broadcast is not possible. Furthermore, it is more preferable to broadcast periodically at the time of start-up as well as to ensure quick response.

  Further, instead of broadcasting from the authentication server 20 or the location management server 30, the location is confirmed with the authentication server 20 or the location management server 30 when the information device 1 and each security server 10 of each domain are activated or periodically. You may decide.

It is a figure which shows the method of aiming at the maintenance management of the security regarding a document in a domain in the document security maintenance management system of 1st Embodiment. It is a schematic block diagram which shows 1st Embodiment of the document security maintenance pipe | tube system of this invention. It is a figure which shows an example of the location of a security server. 6 is a timing chart illustrating an example of a message transmitted and received in order to maintain security in the document security maintenance management system according to the present exemplary embodiment. It is a schematic block diagram which shows 2nd Embodiment of the document security maintenance pipe | tube system of this invention. It is a figure which shows the operation panel of the scanner or the copying machine arranged in each door. 6 is a timing chart illustrating an example of a message transmitted and received in order to maintain security in the document security maintenance management system according to the present exemplary embodiment. It is a schematic block diagram which shows 3rd Embodiment of the document security maintenance pipe | tube system of this invention. 6 is a timing chart illustrating an example of a message transmitted and received in order to maintain security in the document security maintenance management system according to the present exemplary embodiment. It is a schematic block diagram which shows 4th Embodiment of the document security maintenance pipe | tube system of this invention. 6 is a timing chart illustrating an example of a message transmitted and received in order to maintain security in the document security maintenance management system according to the present exemplary embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information apparatus 1A Printer 1B Scanner or copier 2 Document 3 Display part 4 Dialog box 4a Frame 4b Selection key 5A, 5B Identifier extraction means 10, 10A, 10B Security server 11, 11A, 11B Rule table 20, 20A, 20B Authentication server 30 location management server 50, 50A, 50B domain
100 bases 101 document management system 102 document viewer 103 printer / scanner / copier 200 user

Claims (51)

Maintaining document security that centrally determines whether to authorize or copy documents in each domain by a security server with a security rule table based on the security policy of each domain, and maintains and manages the security associated with the documents In the management method,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain The equipment
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, Receiving a user ticket issued by an authentication server that centrally manages the attributes of operators of information devices in each domain from the second security server;
Extracting the identifier of the first domain from the document;
Location information including a domain name related to the first security server that centrally determines the permission or rejection in the first domain represented by the identifier to the second security server using the extracted identifier And receiving a reply from the second security server regarding the location information of the first security server provided by the location management server that centrally manages the location information relating to each security server;
A document security maintenance management method comprising: accessing the first security server on the basis of the received position information; and obtaining a permission for copying the document using the user ticket. . The second security server is
When receiving an authentication request related to the operator from an information device in the second domain, the attribute related to the authentication request is sent to the authentication server, and a user ticket issued by the authentication server is acquired. And a procedure for sending the acquired user ticket to the information device;
Using the extracted identifier from the information device in the second domain, an inquiry about location information including the domain name related to the first security server of the first domain represented by the identifier is received. And a step of referring to the location management server for the identifier and returning the location information of the first security server provided from the location management server to the information device. The security maintenance management method according to 1. The first security server is
When an information device in the second domain asks for permission to copy the document using the user ticket , the security rule table provided in the first security server is used to store the document. 2. The document security maintenance and management method according to claim 1, further comprising the step of determining whether or not to permit copying and sending a determination result to the information device. The authentication server is
Comprising a table in which a list of attributes of operators of information devices in each domain is described, and managing the operators in each domain based on the table;
The authentication server
When an authentication request for the operator is received from each security server based on an attribute input by the operator who copies the document, and the attribute for the authentication request is described in the table, The document security maintenance and management method according to claim 1, wherein a procedure for issuing the user ticket is performed. The location management server
It has a correspondence table of location information including protocols, domain names, and directories and domain identifiers for each security server in each domain, and centrally manages location information of each security server based on the correspondence table. There,
When receiving an inquiry about the location information related to the security server that centrally performs the determination of permission or rejection within the domain represented by the identifier from each security server using the identifier, the correspondence table indicates the identifier. 2. The document security maintenance management method according to claim 1, further comprising the step of providing each security server with the location information of the corresponding security server. Maintaining document security that centrally determines whether to authorize or copy documents in each domain by a security server with a security rule table based on the security policy of each domain, and maintains and manages the security associated with the documents In the management method,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain The equipment
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, Receiving a user ticket B issued by a second authentication server that centrally manages the attributes of the operator of the information device of the second domain from a second security server;
Extracting the identifier of the first domain from the document;
Location information including a domain name related to the first security server that centrally determines the permission or rejection in the first domain represented by the identifier to the second security server using the extracted identifier Receiving a reply from the second security server regarding the location information of the first security server provided by the location management server that centrally manages the location information relating to each security server;
Based on the attribute input by the operator who copies the document, an authentication request for the operator is sent to the first security server, and the information device of the first domain is sent from the first security server. Receiving a user ticket A issued by a first authentication server that centrally manages the attributes of the operator of
A document security maintenance management comprising: accessing the first security server on the basis of the received position information and performing a procedure for requesting permission for copying the document using the user ticket A Method. The information device in the second domain has a display unit for displaying information and inputting a predetermined command,
After receiving a reply about the location information, accessing the first security server based on the location information and using the user ticket B to request permission for copying the document;
A procedure for displaying an authentication dialog on the display unit when the user ticket A is requested to be presented from the first security server for which the permission is requested;
Receiving an input of an attribute by the operator from the displayed authentication dialog, sending an authentication request for the operator to the first security server, and receiving the user ticket A; Item 7. The document security maintenance management method according to Item 6. The second security server is
When an authentication request related to the operator is received from an information device in the second domain, the attribute related to the authentication request is sent to the second authentication server and issued by the second authentication server A procedure for acquiring the user ticket B and sending the acquired user ticket B to the information device;
Using the extracted identifier from the information device in the second domain, an inquiry about location information including the domain name related to the first security server of the first domain represented by the identifier is received. time, claims query the identifier to the location management server, characterized in that the position information of the first security server provided by the location management server performs a step of replying to the information device Item 7. The document security maintenance management method according to Item 6. The first security server is
When accessed from an information device in the second domain, the location management server is queried for the location information of the second security server in the second domain to which the accessed information device belongs, A procedure for acquiring location information of the second security server;
From the information device in said second domain, when receiving an authentication request according to the operator, sends the attribute of the authentication request to the first authentication server, issued by the first authentication server and acquires the user ticket a, obtained the document security maintenance method according to claim 6, wherein the user ticket a and performs a procedure to send to the information device. The first security server is
When an authentication request relating to the operator is received from an information device in the second domain, the attribute relating to the authentication request is sent to the first authentication server and issued by the first authentication server. acquires the user ticket a has, the procedure for sending the acquired the user ticket a to the information device,
When an information device in the second domain asks for permission to copy the document using the user ticket A, the security rule table provided in the first security server provides the document 7. A document security maintenance and management method according to claim 6, further comprising the step of determining whether or not to permit the copying of the document and sending the determination result to the information device. Each of the first and second authentication servers includes a table in which a list of attributes of an operator of the corresponding information device of the first or second domain is described, and the corresponding first first is based on the table. Alternatively, each operator in the second domain is managed in an integrated manner,
The first and second authentication servers are:
When an authentication request related to the operator is received from each security server based on the attribute input by the operator who copies the document, and the attribute related to the authentication request is described in each table 7. The document security maintenance management method according to claim 6, wherein the user ticket A is issued, and if it is not described in the table, a procedure for issuing the user ticket B is performed. The location management server includes a correspondence table of location information including protocols, domain names, and directories and domain identifiers for each security server in each domain, and centrally manages the location information based on the correspondence table To do,
When receiving an inquiry about the location information related to the security server that performs the determination of permission or rejection in the domain represented by the identifier from each security server using the identifier, the correspondence table indicates the identifier. The document security maintenance and management method according to claim 6, further comprising: a step of providing the location information of the corresponding security server to each security server. Maintaining document security that centrally determines whether to authorize or copy documents in each domain by a security server with a security rule table based on the security policy of each domain, and maintains and manages the security associated with the documents In the management method,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain The equipment
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, Receiving a user ticket issued by an authentication server that centrally manages the attributes of operators of information devices in each domain from the second security server;
Extracting the identifier of the first domain from the document;
First, the location management server that centrally manages the location information related to each security server, using the extracted identifier, makes a judgment of permission or rejection in the first domain represented by the identifier in a unified manner. A procedure for inquiring location information including a domain name and acquiring the location information according to one security server;
A document security maintenance management method comprising: accessing the first security server based on the acquired position information, and performing a procedure for requesting permission for copying the document using the user ticket . The second security server is
When receiving an authentication request related to the operator from an information device in the second domain, the attribute related to the authentication request is sent to the authentication server, and a user ticket issued by the authentication server is acquired. 14. The document security maintenance and management method according to claim 13, further comprising a step of sending the acquired user ticket to the information device. The first security server is
When an information device in the second domain asks for permission to copy the document using the user ticket , the security rule table provided in the first security server is used to store the document. 14. The document security maintenance and management method according to claim 13, wherein a procedure for judging whether or not to permit copying is performed and a result of the judgment is sent to the information device. The authentication server includes a table in which a list of attributes of operators of information devices in each domain is described, and centrally manages the operators in each domain based on the table,
The authentication server
When an authentication request for the operator is received from each security server based on an attribute input by the operator who copies the document, and the attribute for the authentication request is described in the table, The document security maintenance and management method according to claim 13, wherein a procedure for issuing the user ticket is performed. The location management server includes a correspondence table of location information including protocols, domain names, and directories and domain identifiers for each security server in each domain, and centrally manages the location information based on the correspondence table To do,
When an inquiry about the location information is received from an information device of each domain related to a security server that performs the determination of permission or rejection in the domain represented by the identifier using a domain identifier, 14. The document security maintenance and management method according to claim 13, further comprising the step of providing each security server with the location information of the security server corresponding to the identifier. Maintaining document security that centrally determines whether to authorize or copy documents in each domain by a security server with a security rule table based on the security policy of each domain, and maintains and manages the security associated with the documents In the management method,
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain The equipment
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, Receiving a user ticket B issued by a second authentication server that centrally manages the attributes of the operator of the information device of the second domain from a second security server;
Extracting the identifier of the first domain from the document;
First, the location management server that centrally manages the location information related to each security server, using the extracted identifier, makes a judgment of permission or rejection in the first domain represented by the identifier in a unified manner. A procedure for referring to location information including a domain name and acquiring the location information according to one security server;
Based on an operator attribute input from an operator who performs copying of the document, an authentication request relating to the operator is sent to the first security server, and the first security server sends the authentication request of the first domain. A procedure for receiving a user ticket A issued by a first authentication server that centrally manages attributes of an operator of an information device;
A document security maintenance management method comprising: accessing the first security server based on the acquired position information, and performing a procedure for requesting permission for copying the document using the user ticket A. The information device in the second domain has a display unit for displaying information and inputting a predetermined command,
After obtaining the location information, accessing the first security server based on the location information, and using the user ticket B to request permission for copying the document;
A procedure for displaying an authentication dialog on the display unit when the presentation of the user ticket A is requested from the first security server for which the permission is requested;
Receiving an input of an attribute by the operator from the displayed authentication dialog, sending an authentication request for the operator to the first security server, and receiving the user ticket A; Item 18. A document security maintenance management method according to Item 18.   When the first security server receives access from the information device, the location information of the second security server in the second domain to which the accessed information device belongs is sent to the location management server. 20. The document security maintenance and management method according to claim 19, further comprising a step of inquiring and acquiring location information of the second security server. The second security server is
When an authentication request related to the operator is received from an information device in the second domain, the attribute related to the authentication request is sent to the second authentication server and issued by the second authentication server 19. The document security maintenance management method according to claim 18, wherein a procedure for acquiring the user ticket B and sending the acquired user ticket B to the information device is performed. The first security server is
When an authentication request related to the operator is received from an information device in the second domain, the attribute related to the authentication request is sent to the first authentication server and issued by the first authentication server. acquires the user ticket a, the procedure for sending the acquired the user ticket a to the information device,
When an information device in the second domain asks for permission to copy the document using the user ticket A, the security rule table provided in the first security server provides the document 19. The document security maintenance and management method according to claim 18, further comprising: determining whether or not to permit the copying of the document and sending the determination result to the information device. Each of the first and second authentication servers includes a table in which a list of attributes of an operator of the corresponding information device of the first or second domain is described, and the corresponding first first is based on the table. Alternatively, each operator in the second domain is managed in an integrated manner,
The first and second authentication servers are:
When an authentication request related to the operator is received from each security server based on the attribute input by the operator who copies the document, and the attribute related to the authentication request is described in each table 19. The document security maintenance management method according to claim 18, wherein the user ticket A is issued, and the user ticket B is issued when the user ticket A is not described. The location management server includes a correspondence table of location information including protocols, domain names, and directories and domain identifiers for each security server in each domain, and centrally manages the location information based on the correspondence table To do,
When an inquiry about the location information is received from an information device of each domain related to a security server that performs the determination of permission or rejection in the domain represented by the identifier using a domain identifier, 19. The document security maintenance management method according to claim 18, wherein a procedure for providing the location information of the security server corresponding to the identifier is performed. A security server with a security rule table based on the security policy of each domain performs centralized permission / rejection judgments regarding the copying of documents created by information devices in each domain and assigned with identifiers of each domain. The document security maintenance management system that maintains and manages the security of the document by requesting the security server of the domain that created the document to determine whether to permit the copying of the document created by the domain information device,
An authentication server that includes a table in which a list of attributes of operators of information devices in each domain is described, and that manages the operators in each domain based on the table and issues a user ticket ;
A correspondence table of the location information including the domain name and the identifier of the domain related to each security server of each domain is provided, and when the inquiry about the location information is received, the security server corresponding to the identifier is A location management server for providing the location information,
The information device in each domain has an identifier extracting means for extracting an identifier representing each domain from the created document,
An information device in which an identifier of a different domain is extracted from a document that has received a copy request by the identifier extracting unit is
The location management server is provided with the location information corresponding to the identifier by referring to the extracted identifier, and the authentication server is authenticated based on an attribute input by an operator who copies the document. A user ticket is acquired by making a request, and a security server that determines permission / inhibition relating to the copying of the document is accessed based on the received location information, and the copying of the document is performed using the acquired user ticket. Article security maintenance management system and obtains the permission. The authentication server and the location management server broadcast to the information device and security server of each domain when the location including the domain name related to the authentication server or the location management server is changed. Article security maintenance management system of claim 25, wherein. The authentication server and the location management server, document security maintenance management system of claim 26, wherein the s information devices and the security server husband each domain broadcasts when starting. 26. The authentication server and the location management server periodically broadcast a location including a domain name related to the authentication server and the location management server to information devices and security servers in each domain. document security maintenance and management system described. 26. The document according to claim 25, wherein each information device and each security server in each domain confirms a location including a domain name related to the authentication server or the location management server when activated or periodically. security maintenance and management systems. A security server with a security rule table based on the security policy of each domain performs centralized permission / rejection judgments regarding the copying of documents created by information devices in each domain and assigned with identifiers of each domain. The permission / refusal determination relating to the copy of the document created by the domain information device is a program used in the document security maintenance management system that maintains and manages the security related to the document by requesting the security server of the domain that created the document. And
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain On the equipment,
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, A user ticket issued by an authentication server that includes a table in which a list of attributes of operators of information devices in each domain is described from the second security server, and that centrally manages the operators in each domain based on the table The procedure to receive,
Extracting the identifier of the first domain from the document;
Location information including a domain name related to the first security server that centrally determines the permission or rejection in the first domain represented by the identifier to the second security server using the extracted identifier And a correspondence table of location information including protocols, domain names, and directories and domain identifiers related to each security server of each domain from the second security server, and based on the correspondence table, A procedure of receiving a reply about the position information of the first security server provided by the position management server that centrally manages the position information;
A program that accesses the first security server based on the received position information and executes a procedure for requesting permission for copying the document using the user ticket . In the second security server,
When receiving an authentication request related to the operator from an information device in the second domain, the attribute related to the authentication request is sent to the authentication server, and a user ticket issued by the authentication server is acquired. And a procedure for sending the acquired user ticket to the information device;
The domain name relating to the first security server that performs the judgment of permission or denial in the first domain represented by the identifier by using the identifier extracted from the information device in the second domain A procedure for querying the location management server for the identifier and returning the location information of the first security server provided from the location management server to the information device. The program according to claim 30, wherein the program is executed. In the first security server,
When an information device in the second domain asks for permission to copy the document using the user ticket , the security rule table provided in the first security server is used to store the document. 31. The program according to claim 30, further comprising: executing a procedure for determining whether or not to permit copying and sending a determination result to the information device. In the authentication server,
From each security server, based on the attribute input by the operator performing the copying of the document, receives the authentication request according to該操author, said when the attribute of the authentication request is described in the table The program according to claim 30, wherein a program for issuing a user ticket is executed. In the location management server,
When receiving an inquiry about the location information related to the security server that centrally performs the determination of permission or rejection within the domain represented by the identifier from each security server using the identifier, the correspondence table indicates the identifier. 31. The program according to claim 30, wherein a program for causing each security server to execute the location information of the corresponding security server is executed. A security server with a security rule table based on the security policy of each domain performs centralized permission / rejection judgments regarding the copying of documents created by information devices in each domain and assigned with identifiers of each domain. The permission / refusal determination relating to the copy of the document created by the domain information device is a program used in the document security maintenance management system that maintains and manages the security related to the document by requesting the security server of the domain that created the document. And
A second domain having a display unit for displaying a copy of a document with an identifier of the first domain created by an information device in the first domain and displaying a predetermined command In the information equipment in
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, A second authentication server comprising a table in which a list of attributes of operators of information devices in the second domain is described from a second security server, and managing the operators in the second domain in an integrated manner To receive user ticket B issued by
Extracting the identifier of the first domain from the document;
Location information including a domain name related to the first security server that centrally determines the permission or rejection in the first domain represented by the identifier to the second security server using the extracted identifier And a correspondence table of location information including protocols, domain names, and directories and domain identifiers related to each security server of each domain from the second security server, and based on the correspondence table, A procedure of receiving a reply about the position information of the first security server provided by the position management server that centrally manages the position information;
After receiving a reply about the location information, accessing the first security server based on the location information and using the user ticket B to request permission for copying the document;
A procedure for displaying an authentication dialog on the display unit when the presentation of the user ticket A is requested from the first security server that has requested the permission;
Based on the attribute input by the operator who copies the document, an authentication request for the operator is sent to the first security server, and the information device of the first domain is sent from the first security server. Receiving a user ticket A issued by a first authentication server that centrally manages the operator of the first domain, comprising a table in which a list of operator attributes of the first domain is described;
A program for accessing the first security server based on the received position information and executing a procedure for requesting permission for copying the document using the user ticket A. In the second security server,
When an authentication request related to the operator is received from an information device in the second domain, the attribute related to the authentication request is sent to the second authentication server and issued by the second authentication server A procedure for acquiring the user ticket B and sending the acquired user ticket B to the information device;
Using the identifier extracted from the information device in the second domain, a domain name related to the first security server that performs the judgment of permission or denial in the first domain represented by the identifier is determined. A procedure for inquiring of the identifier to the location management server and returning the location information of the first security server provided from the location management server to the information device when receiving an inquiry of location information including 36. The program according to claim 35, wherein the program is executed. In the first security server,
When access is received from an information device in the second domain, the location management server is queried for the location information of the second security server in the second domain to which the accessed information device belongs. Obtaining the location information of the second security server;
A procedure for requesting presentation of the user ticket A by the first authentication server when the information device in the second domain requests permission to copy the document using the user ticket B; 36. The program according to claim 35, wherein the program is executed. In the first security server,
When an authentication request relating to the operator is received from an information device in the second domain, the attribute relating to the authentication request is sent to the first authentication server and issued by the first authentication server acquires the user ticket a, the procedure for sending the acquired the user ticket a to the information device,
When an information device in the second domain asks for permission to copy the document using the user ticket A, the security rule table provided in the first security server provides the document 36. The program according to claim 35, further comprising: determining whether to permit or not to copy the information, and sending a determination result to the information device. In the first and second authentication servers,
When an authentication request related to the operator is received from each security server based on the attribute input by the operator who copies the document, the attribute related to the authentication request is described in each table. 36. The program according to claim 35, wherein the program issues a user ticket A when it is, and executes a procedure for issuing the user ticket B when it is not described. In the location management server,
When receiving an inquiry about the location information related to a security server that centrally performs the permission / rejection determination in the domain represented by the identifier from each security server, the correspondence table corresponds to the identifier. 36. The program according to claim 35, further comprising executing a procedure for providing the location information of the security server to be provided to each security server. A security server with a security rule table based on the security policy of each domain performs centralized permission / rejection judgments regarding the copying of documents created by information devices in each domain and assigned with identifiers of each domain. The permission / refusal determination relating to the copy of the document created by the domain information device is a program used in the document security maintenance management system that maintains and manages the security related to the document by requesting the security server of the domain that created the document. And
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain On the equipment,
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to a second security server that centrally determines the permission or rejection in the second domain, A user ticket issued by an authentication server that includes a table in which a list of attributes of operators of information devices in each domain is described from the second security server, and that centrally manages the operators in each domain based on the table The procedure to receive,
Extracting the identifier of the first domain from the document;
Using the extracted identifier, a location table including a protocol, a domain name, and a directory related to each security server of each domain is provided corresponding to the domain identifier, and based on the correspondence table, A location management server that centrally manages location information is queried for location information including a domain name related to the first security server that performs the judgment of permission or denial in the first domain represented by the identifier. Procedures to get information,
A program for accessing the first security server based on the acquired position information and executing a procedure for requesting permission for copying the document using the user ticket . In the second security server,
When receiving an authentication request related to the operator from an information device in the second domain, the attribute related to the authentication request is sent to the authentication server, and a user ticket issued by the authentication server is acquired. 42. The program according to claim 41, further comprising executing a procedure of sending the acquired user ticket to the information device. In the first security server,
When the information device in the second domain requests permission for copying the document using the user ticket , the security rule table provided in the first security server is used to store the document. 42. The program according to claim 41, further comprising: executing a procedure for determining whether or not to permit copying and transmitting a determination result to the information device. In the authentication server,
An authentication request for the operator is received from each security server based on an attribute input by the operator who copies the document, and when the attribute for the authentication request is described in the table, 42. The program according to claim 41, wherein a program for issuing a user ticket is executed. In the location management server,
When an inquiry about the location information is received from the information device of each domain, using the domain identifier, and the location information related to the security server that centrally performs the determination of the permission / inhibition in the domain indicated by the identifier, 42. The program according to claim 41, wherein a procedure for providing the location information of the security server corresponding to the identifier is executed. A security server with a security rule table based on the security policy of each domain performs centralized permission / rejection judgments regarding the copying of documents created by information devices in each domain and assigned with identifiers of each domain. The permission / refusal determination relating to the copy of the document created by the domain information device is a program used in the document security maintenance management system that maintains and manages the security related to the document by requesting the security server of the domain that created the document. And
When the information device in the second domain makes a copy of the document with the identifier of the first domain created by the information device in the first domain, the information in the second domain On the equipment,
Based on the attribute input by the operator who copies the document, an authentication request related to the operator is sent to the second security server that centrally determines the permission / refusal in the second domain. Receiving a user ticket B issued by the second authentication server that centrally manages the attributes of the operator of the information device in the second domain from the second security server;
Extracting the identifier of the first domain from the document;
Using the extracted identifier, a location table including a protocol, a domain name, and a directory related to each security server of each domain is provided corresponding to the domain identifier, and based on the correspondence table, A location management server that centrally manages location information is queried for location information including a domain name related to the first security server that performs the judgment of permission or denial in the first domain represented by the identifier. Procedures to get information,
Based on an operator attribute input from an operator who performs copying of the document, an authentication request relating to the operator is sent to the first security server, and the first security server sends the authentication request of the first domain. A procedure for receiving a user ticket A issued by a first authentication server for centrally managing attributes of an information device operator;
A program for accessing the first security server based on the acquired position information and executing a procedure for requesting permission for copying the document using the user ticket A. The information device in the second domain has a display unit for displaying information and inputting a predetermined command,
After receiving information about the location information, accessing the first security server based on the location information and using the user ticket B to request permission for copying the document;
A procedure for displaying an authentication dialog on the display unit when the presentation of the user ticket A is requested from the first security server that has requested the permission;
Receiving an attribute input by the operator from the displayed authentication dialog, sending an authentication request for the operator to the first security server, and receiving the user ticket A. The program according to claim 46. In the second security server,
When an authentication request relating to the operator is received from an information device in the second domain, the attribute relating to the authentication request is sent to the second authentication server and issued by the second authentication server. It acquires the user ticket B, according to claim 46, wherein the program acquired the user ticket B, characterized in that to perform the steps to send to the information device. In the first security server,
When an authentication request related to the operator is received from an information device in the second domain, the attribute related to the authentication request is sent to the first authentication server and issued by the first authentication server. acquires the user ticket a, the procedure for sending the acquired the user ticket a to the information device,
When an information device in the second domain requests permission to copy the document using the user ticket A, the document is determined by the security rule table provided in the first security server. 47. The program according to claim 46, further comprising: executing a determination of permission / prohibition relating to copying of said information and sending a determination result to said information device. In the first and second authentication servers,
When an authentication request related to the operator is received from each security server based on the attribute input by the operator who copies the document, and the attribute related to the authentication request is described in each table 47. The program according to claim 46, wherein the program issues the user ticket A, and executes a procedure for issuing the user ticket B when the user ticket A is not described. In the location management server,
When an inquiry about the location information is received from the information device of each domain, using the domain identifier, and the location information related to the security server that centrally performs the determination of the permission / inhibition in the domain indicated by the identifier, 47. The program according to claim 46, wherein a procedure for providing the location information of the security server corresponding to the identifier is executed.

Images