JP4858128B2 - Output management system, output control method thereof, and output device with security management function - Google Patents

Description

  The present invention relates to an output management system in which a plurality of output devices having different security levels are connected to a data processing device such as a PC via a communication line, and output data is output from the output device designated by the data processing device. In particular, the present invention relates to an output management system that performs output management so that output is performed in accordance with security requirements specified as security attribute data in an output data file, an output control method thereof, and an output device with a security management function.

Recently, protection of personal information, management of information such as trade secrets and technical information is required. e With the advent of the Document Law (a legal name that permits the electromagneticization of documents and forms that are required to be created and stored under various laws and regulations), we will eliminate media output and switch to data browsing as necessary. Although there is movement, media output is still necessary due to the need for portability and voucher.
In response to this, a number of security features such as a watermark printing function to prevent copying, log management to prevent unexpected information leakage, and printing of origin information on printed matter as trace data in case of leakage (trace) A function has been devised (see Patent Document 1).
JP 2001-236194 A

  However, the security functions are gradually becoming highly functional, and it is economically difficult to provide these highest level security functions in all output devices arranged in the system. In addition, security management of all output data including unnecessary ones has a concern of increasing the man-hours for management. Also, depending on the concentration of output work to a specific device having a security function and the capability of the device, there is a concern that the convenience of conventional general data output may be impaired.

  The present invention has been made in view of such problems, and even when a plurality of output devices having different security levels are mixed in the same system, output management according to the required security level is possible. It is an object of the present invention to provide an output management system, an output control method therefor, and an output device with a security management function, which do not require complicated settings and can easily replace output devices.

  Furthermore, another object of the present invention is to provide an output management system, an output control method thereof, and an output device with a security management function capable of minimizing the influence on conventional general data output while incorporating a security function. The purpose is to provide.

  In the output management system according to the present invention, at least one data processing device and a plurality of output devices having different security functions are connected, and the output data to which security attribute data is assigned is designated by the data processing device. An output management system for outputting from an output device, wherein the data processing device reads the security attribute data attached to the output data, and designates an output processing unit that determines whether or not output management is necessary, and designated as an output destination The output device designated as the output destination is specified by the security attribute data of the output data by comparing the device security data of the output device with the security attribute data given to the output data to be output. Security data that meets the required security requirements Or it determines, characterized in that it comprises a security control unit for performing control such that only executes the output processing by the output device when it is determined that the security features desired by the output data.

In the output management system according to the present invention, at least one data processing device and a plurality of output devices having different security functions are connected, and the output data to which security attribute data is assigned is designated by the data processing device. a power management system for outputting from the output device the said data processing apparatus reads the security attribute data attached to the output data, and an output processing unit for performing the necessity of output management, specified as the output destination The device security data included in the output device is compared with the security attribute data given to the output data to be output, and the output device specified as the output destination is specified by the security attribute data of the output data Security data that meets security requirements The determination has the security control unit for performing control such that only executes the output processing by the output device when it is determined that the security features required by the output data, the output by the print command from the output processing unit An output device driver that transmits data to the output device, and the output processing unit has a function of waiting for an inquiry about the security attribute data attached to the output data from the output device driver, and the output When there is no inquiry from the device driver, it is determined that the output device does not have a predetermined security function .

  Further, it is preferable that the device security data of the output device and the security attribute data of the output data are associated with each other according to a common security standard. For example, by setting a common security standard, the security levels are ranked in order such as ABCD... In ascending or descending order, and device security data and security attribute data are displayed at this common security level. Thus, by comparing the security levels of the two, it is possible to easily determine whether the designated output device has a security function that satisfies the security requirements required by the output data.

  In the output management system according to another aspect of the present invention, the security control unit includes the security attribute data designated by a security level obtained by grouping a plurality of security functions, and the device security data designated by the security level. And a determination unit that determines whether the output process is correct or not.

  As a result, it is not necessary to directly reflect the difference in security functions that the output device has as a specification, and it is also possible to specify a security level that can be realized by using a part of the functions.

  In the output management system according to another aspect of the present invention, in the security control unit, when the data output event occurs, the security attribute data given to the output data and the security function of the output device designated as the output destination A security information acquisition unit that inquires about the security information of the output device acquired by the security information acquisition unit and the security attribute data attached to the output data. The output device is determined by comparison.

  Thus, it is possible to check the security function of each output device without storing the security function of the output device in the security control unit. This is particularly useful when the security function of the output device can be switched.

  The inquiry about the security function of the output device is output by a predetermined inquiry procedure. The security function inquiry procedure is preferably in a form that can be realized by an output device driver that is private, encrypted, and bundled with the output device for the purpose of securing the management level of the system.

  The output management system according to another aspect of the present invention provides an output process performed by the output device only when the security control unit determines that the output unit has a security function for obtaining output data by the determination unit. Is continued, and when the determination information indicating that the output is not permitted is received, the output processing procedure is stopped, and a message output process for outputting an error message is executed.

  In this aspect, an error message is output when output is not permitted. The output of the message may be displayed on a display device provided in the data processing device or the like, or may be printed out on an output device such as a printing device.

  Since the output device driver is installed in association with the output device in the data processing device, the output management system of the present invention can be easily introduced by incorporating the determination unit of the present invention into the output device driver. Become.

According to the aspect of the present invention, even when an output device that does not have a security function or an output device that does not support the present invention is mixed in the system, the security management required by the output data is executed. Is possible. For example, if an output request is made for output data that requires a predetermined security function to an output device that does not have a security function, output is not permitted and the output attribute of the output data is set to require no security output. In such a case, it is possible to output using an output device that does not have such a security function. In this way, even if output devices with different device security levels are mixed, the security level is confirmed, so that output is performed only under appropriate security. Further, non-security management target data for which a data security level is not set can be output by an output device without a security function, and the convenience of outputting general data is not impaired.

The output control method of the output management system according to the first aspect of the present invention is an output management system in which at least one data processing device and a plurality of output devices having different security functions are connected.
A step of inquiring device security data representing a security function of the output device that is requested to be output to the output device driver by the output processing unit;
(A) comparing the device security data representing the security function obtained in the device security data inquiry step with the security attribute data representing the security attribute assigned to the output data;
(B) a security determination step for permitting output of the output data only when the security function of the output device satisfies the requirements for the security attribute of the output data; and (c) only when output is permitted. An output control process for continuing output processing of output data; and
Equipped with a,
The device security data querying step is characterized that you cancel the print processing when a predetermined time responses were not obtained after inquiry to the device output driver.

An output control method for an output management system according to another aspect of the present invention includes:
The security judgment step (b)
(B-1) When the device security data of the output device satisfies the requirements for the security attribute of the output data, a security determination step that permits the output of the output data;
(B-2) stopping the printing process when the device security data of the output device does not satisfy the requirements of the security attribute of the output data;
It is characterized by providing.

  The output control method of the output management system according to another aspect of the present invention provides the security attribute data and the device security data in which the security level required for the output data is compared with the security function groups of the available output devices. Then, it is set by grouping.

  This makes it possible to construct an output management system according to the frequency of use of the output device by setting the security function of the high-function output device on an ad hoc basis and corresponding to the security attribute data that requires the device security level. Become. In addition, when new security management functions are introduced due to technological innovations or security functions required by security levels are reviewed, the specifications of the security functions required by the corresponding security levels can be used without modifying the security attribute data already in operation. Can be dealt with by revising and revising the device security function, and a high degree of freedom of operation can be secured even after the output management system is introduced.

  According to the present invention, data output is permitted only when the device security level matches the data security level by comparing the data security level of the output data with the device security level of the designated output device. As a result, when the output data is to be output to an output device with an inappropriate security level, the output is not permitted. Therefore, even when a plurality of output devices having different security levels are used in the same system, it is possible to ensure output security of output data. Further, security management-unnecessary data whose data security level is not set can be output even by an output device without a security function.

  In other words, data that requires security management is appropriately output, and general output work that does not require security management can be output as before without impairing convenience. By mixing an expensive output device with security and an inexpensive output device in an appropriate ratio, an output management system with better economic efficiency can be constructed.

  In addition, since security class setting and judgment criteria can be set from required data security and available device security, it is possible to introduce equipment with device security without requiring complicated system changes, Future expandability as a system can also be provided.

Embodiments of the present invention will be described with reference to the drawings.
In the following description, an output management system using a printer (printing apparatus) as an output apparatus will be described as a typical example of the present invention.

  FIG. 1 shows a configuration example of an output management system (print management system) according to an embodiment of the present invention. A data processing apparatus 11 such as a PC and a plurality of printers 12 to 15 having different security functions are connected via a network 17 such as a LAN. Further, a management server 16 that manages the print log may be provided as necessary. The data processing apparatus 11 is installed with various application software such as document creation software and spreadsheet. The data processing device 11 can operate as a document (document) creation device that creates electronic data (print data or the like) to be output by operating various applications. The data processing apparatus 11 also has a function as a print control apparatus that causes the printers 12 to 15 to print the created print data. Hereinafter, a case where printing is performed using the printers 12 to 15 will be described.

  The data processing apparatus 11 can designate a security level (security requirement) of print data when creating a document or after the document is created. The designated security level is recorded together with the print data as attribute data relating to the security of the print data. When printing the created print data, the data processing device 11 designates one of the printers 12 to 15 to execute printing.

  Printing is executed by designating one of the printers 12 to 15 by an application and passing it to the printer driver as control data and print data based on various generated print commands. The printer driver converts control data and print data so as to conform to the designated printer. The control data and print data converted by the printer driver are transmitted to the designated printer, and predetermined printing is executed.

  In the example of FIG. 1, the security function corresponding to each of the printers 12 to 15 will be described assuming that the device security level is expressed in four stages A to D. This device security level is stored and managed for each of the printers 12 to 15 as device security data A to D. In this embodiment, the device security level is expressed by four levels of security A to D. However, a higher or lower security level can be set according to the type of the security function of the printer. In addition, the security level does not have to represent the difference in security function as it is, and even if there is a slight difference, a plurality of security functions within a certain range can be grouped and specified as one security level. is there.

  Further, in FIG. 1, in order to clearly indicate the “data security level” that is the security level of the document, the data security levels “A” to “A” are added to the documents 80 to 84 before printing and the documents 90 to 93 after printing. Although “D” is added, “A”, “B”, “C”, “D”, etc. are not actually printed.

  FIG. 2 illustrates the contents of the data security level of the document. In the example shown in the table of FIG. 2, for the document (print data), the security level “A” is the highest, and the security level decreases in the order of “B” → “C” → “D”. “D” is a document that is not subject to security management. In the actual form, security attribute data is not assigned to the document of the security level “D”.

  Also in the case of a printer, the security level A is the highest, and the security level is lowered in the order of B → C → D. The security level D is a printer that is not subject to security management. In the actual form, the device security data is not set in the printer of the security level D.

  The data security level of the document (output data) is specified by “security attribute data”, and the device security level of the printer is specified by “device security data”. The data security level specifies what security level should be output (printed) when the created print data is output (printed). Depending on the document to be handled, the data security level may be automatically specified, or the creator or administrator may specify it.

  In the example shown in FIG. 2, when the highest security level “A” is specified for a document, information specifying the data processing device 11 that generates and transmits print data, print document specifying information, print data Various log data (trace information) such as a creator, a print performer, a printer used for printing, and a printing date and time are acquired from the stored management server 16 and stored in the printer. Furthermore, as shown in FIG. 1, the same trace information 95 is printed on the print medium (printed material) itself. This makes it possible to track the history of printed documents using log data, and the origin and creator of the printed document can be identified by looking at the printed matter. it can. Details such as the print position and print contents of the trace information 95 can be freely set by the creator or the administrator. In general, a small print is often printed on the bottom or top of the printing paper. Examples of print data requiring security management of such a security level “A” include data such as a customer list, customer credit card information, other customer information, and agency information.

  When the security level “B” is designated, only electronic log data is recorded at the time of printing, but the trace information is not printed on the printed matter itself. In this case, it is possible to track the specific information of the printed document, the printer that printed the document, the printing time, the printer, and the like based on the log data, thereby exhibiting the effect of tracking and suppressing illegal printing. For example, it is preferable to designate such a security level “B” for highly confidential documents such as sales information and in-house business information that are slightly less important but do not have a social impact.

  At the security level “C”, print output is performed only when a predetermined ID or the like is input from the printer. Thereby, only a person who knows the ID can print out. For example, this designation is made for a document of a security level that is desired to prevent leaving a printed matter after printing, such as a business memo. Furthermore, in this security level specification, since printing is started only when an ID is input, it takes time until the printed output of a large number of pages is completed. For this reason, in the case of mass printing, the output of the security level “B” or “A” is inevitably designated. As a result, in the security level “C”, a business output that requires on-demand output with a small number of copies is designated, and the output destination of the large-volume printed material and the small-number on-demand printed material is distinguished. To dissatisfaction of printing work (such as time inconvenience such as printing important memos between large-scale printing, which is occupied by equipment for a long time, security issues such as memos being lost due to mass printing) It becomes a countermeasure. In addition, for devices with security level “C” where small number of on-demand printed materials are concentrated, an output device excellent in ID authentication function and on-demand processing function is selected. Such a registration device is not necessary. As described above, the security level “C” is also intended to guide use to the optimum output according to the characteristics of the output product and the function of the output device.

  The security level “D” is a general document that does not require security management, and print data is simply printed as it is in accordance with a command from the data processing device 11. Many ordinary documents that do not need to be kept secret have little need for security management. Since an output device without a security function is generally inexpensive, it is desirable that many such general documents can be output without unnecessary security management.

  According to the present invention, even when output devices of various levels having different security levels are mixed in the system, output management can be performed so that an appropriate output corresponding to the security level required by the document is obtained.

  Next, the relationship between the device security level and the data security level that is the attribute data of the document will be described with reference to FIG. FIG. 3 shows the operation of the output management system according to the present invention when there is a print request for a document of data security levels “A” to “D” to the printers 12 to 15 for which the device security levels A to D are set. It is a table | surface which shows an example of conditions. In the figure, “◯” means “printing permission” by the determination unit provided in the data processing apparatus 11 or the printers 12 to 15 that determines whether printing is possible, and “x” means “printing permission”.

  In the operation conditions shown in FIG. 3, the data security levels “A” to “D” (documents A to D) specified in the document are the device security levels “A” to “D” of the specified output device. In the example, printing is permitted when the same or lower, but printing is not permitted when the data security level is higher than the device security level. Here, it is possible to freely set what kind of combination of operation conditions permitting the output and what kind of operation should be performed in relation to the security function.

  For example, in FIG. 3, printing may be permitted only when the data security level and the device security level completely match. When the device security level is lower than the data security level, the data processing device 11 or the printers 12 to 15 automatically print by specifying “cannot print” or “a printer with a higher security level”. Specifically, the printer number may be printed) or may be displayed on the display device 51 (display) of the data processing device 11.

  Also, the output condition can be set to a certain security level or higher, or can be set to a combination other than when the security levels match. For example, when there are multiple factors that determine the security level, such as the functions of each company and owned device, assign each factor in units of bits of predetermined data, and compare the bits to create more complex operating conditions. Setting is possible.

  FIG. 4 is a functional block diagram of the data processing apparatus 11 and the security level “A” printer 12 according to an embodiment of the present invention. The data processing apparatus 11 includes an application unit 21 that performs document output management such as creation of various documents and file creation, and a printer driver unit (print control unit) 25. The application unit 21 includes a document creation unit 22, a security setting unit 23, and an output processing unit 24. The application unit 21 may have the same function as that of document creation software, spreadsheet software, presentation material creation software, or the like. The data security setting unit 23 has a function of designating a document security level (data security level) according to the content of the document created by the application unit 21. The designated data security level is stored in association with the print data as data (security attribute data) representing the security attribute of the created print data. The output processing unit 24 activates the printer driver designated at the time of occurrence of the print event, performs the print processing procedure, and also uses the security attribute data set by the data security setting unit 23 as in the case of normal application software. The necessity of security management is determined by reading and the presence or absence of security attribute data, and output management is executed by waiting for a security attribute data inquiry from the printer driver as necessary.

  The display device 51 is a display terminal that displays a created document, and the operation device 52 is an operation device such as an input of the data processing device 11 for performing document creation, specifying a data security level, executing a print command, and the like. Operating terminals (input terminals such as a keyboard and a mouse). The operation terminal basically has the same functions and configurations as those of a display terminal and an operation terminal used for a general PC. The basic operation of the display device 51 and the operation device 52 is controlled by the basic software (OS) and the device driver of the data processing device 11, and functions as an operation terminal.

  The printer driver unit 25 includes a security control unit 26 and a print data conversion unit 30. The security control unit 26 includes a security information acquisition unit 27, a security determination unit (hereinafter simply referred to as “determination unit”) 28, and an output control unit 29. When the printer driver unit 25 receives a print command from the output processing unit 24 of the application unit 21, the security information acquisition unit 27 receives data security level and printer device security level information (“security attribute data” and “device security data”). )) And get.

  When there is a print command, the security information acquisition unit 27 reads and acquires data security level information (security attribute data) stored as attribute data of data to be printed (print data). Also, the printer 12 designated for printing is accessed (transmitted / received) to acquire device security level information (device security data).

 The determination unit 28 compares the data security level with the device security level of the printer from the acquired information to determine whether the print permission condition is satisfied. Judgment conditions for printing permission can be arbitrarily set according to the security management policy. For example, it is possible to define a print permission condition so that printing with a designated printer is permitted only when the data security level and the device security level match, and the device security level is equal to or higher than the data security level. In this case, a print permission condition that permits printing may be set.

  The output control unit 29 permits the output process by the output device only when the determination unit 28 determines that the output device has a security function for requesting output data. Stop execution of the process.

  When the output process is permitted by the output control unit 29, the print data conversion unit 30 converts the control data such as a print command received from the application unit 21 and the print data into control data and print data corresponding to the designated printer. Convert. When the conversion process is completed, the converted print data is transmitted to the designated printer 12 via the communication interface 34.

  In the printer 12 shown in FIG. 4, a functional block diagram of the printer 12 in which the apparatus security level A is set is illustrated. The printer 12 includes a communication interface 40, a print control unit 41, a security print control unit 42, a security information storage unit 43, and a print mechanism 44 including a print head and a paper feed mechanism. An operation unit 45 for manually changing the device security level can also be provided.

  When the print control unit 41 receives print data, attribute data, and the like via the communication interface 40, preparation for printing is performed by expanding the print data into a print buffer that is a storage unit (not shown) in a bitmap form. In addition, the security print control unit 42 reads the trace information from the management server 16 through the communication interface 40, and prints the trace information 95 at a predetermined position (for example, the lowest level) on the print paper. Trace information is developed into a bitmap at a predetermined position in the buffer, and is added to the print data previously developed into a bitmap. The print control unit 41 controls the printing mechanism 44 so as to print predetermined print data and trace information developed in the print buffer.

  The security information storage unit 43 stores device security level information (device security data) of the printer 12. The device security level may be a value determined in advance at the time of manufacture, but the device security level (device security data) of the printer 12 via the communication line 17 by a management tool installed in the data processing device 11 or the management server 16 or the like. It is good also as a structure which changes. Further, the device security level (device security data) of the printer 12 may be directly set by the operator operating the operation unit 45 such as a panel switch of the printer 12.

  A method of holding the device security level information (device security data) of the printer 12 is fixedly stored in the security information storage unit 43 formed of a nonvolatile memory such as a built-in flash memory, and is detachable (not shown). It can also be variably operated by setting an external memory or a dip switch (not shown).

  Setting and management of the device security level of the printer 12 is performed for each printer 12, and in the process, confidentiality management is performed by encryption of information and protection by a password, so that a change of information by a third party can be prevented. It is desirable.

  The information on the device security level (device security data) set in the printer 12 is stored as information unique to the printer 12 and cannot be disclosed unless a predetermined inquiry procedure from the outside is used.

  In the inquiry procedure of the device security level from the outside, it is desirable to perform processing while being managed by a method such as encryption. Furthermore, it is desirable to manage such that improper use due to impersonation is prevented by applying a means such as providing information for specifying the printer 12.

  When making an inquiry about the device security level from the data processing device 11 to the printer 12, in addition to using the communication line 17, an interface for data communication may be used separately.

  The printer driver unit 25 inquires and acquires the device security level of the printer 12 that can be used in accordance with an instruction from the application unit 21.

  Further, the printer driver unit 25 inquires of the application unit 21 whether file attribute information (security attribute data) including a data security level is given to the document information to be output, and if it is given, acquires it. .

  The determination unit 28 of the printer driver unit 25 compares the data security level information (security attribute data) of the document information to be output with the device security level information (device security data) of the printer 12 and determines whether output is possible. Do. When the data security level of the document information and the device security level of the printer 12 match predetermined conditions, output is permitted. If the data security level of the document information and the device security level of the printer 12 do not match or information cannot be obtained, it is determined that the document information is inappropriate, the output processing is stopped, and an error occurs in the display device 51 of the data processing device 11. Display a message.

  When outputting from the application unit 21, it is desirable to add information identifying the printer 12 to the output data to prevent fraud due to impersonation.

FIG. 5 shows an example of a procedure for creating a document or the like having data security level information. An application, which is a document creation software, is activated to create a document to be managed (S101), and then file attribute setting (S102) and document file saving (S110) are performed.

  File attribute settings (S102) include file information settings (S103) and security information settings (S104). In the file information setting (S103), information such as the file name, creator, creation date / time, and modification date / time is recorded. In security information setting (S104), data viewing right (S105) (right to open and view files), duplication right (S106) (right to copy and use data), content change right (S107) (contents Rights that can be changed), output rights (S108) (rights to output a file), security attribute data (S109) (data security level information in the present invention), and the like can be set.

  In the security information setting (S104), the security attribute data setting (S109) is valid only for the authorized person of the output right (S108), and the output right (S108) and the content change right (S107) are the copy right (S106). ) Is effective for the authorized person, and the copy right (S106) is valid for the authorized person for the data browsing right (S105).

 In other words, a user who is not permitted to browse data is not permitted to open a document file, and therefore cannot output. Note that the concept of the security hierarchy in the security information setting (S104) as described above is arbitrarily set according to the security management policy.

  After the document creation and file attribute setting procedures are completed, the document file is stored as data (S110). Finally, when the completion of work is confirmed by confirmation of completion of creation processing (S111), the document creation processing procedure by the application is completed.

  FIG. 6 shows an example of a print processing procedure by an application, a printer driver, and a printer having the security management function of the present invention.

  On the application side, the document file is read (S201), a print instruction is issued (S202), and the processing flow on the printer driver side is activated (S206). On the application side, the security attribute data is confirmed (S203), and for data that has security attribute data and needs security management (S203; Yes), a security attribute data inquiry from the printer driver is awaited. (S204).

  On the other hand, the printer driver whose print processing flow is activated (S206) makes an inquiry about device security data to the printer (S211). In response to this, the printer answers the set device security data (S212). The printer driver stores the acquired device security data. Next, the security attribute data is inquired of the application (S207). In response to this, the application sends the print data (S209) together with the answer (S208) to the security attribute data set in the output data.

  At this time, for data that does not require security management (S203; No), the application does not wait for an inquiry from the printer driver, and sends the print data (S209) together with the security attribute data as a reply (S208).

  When the printer driver acquires and saves the security attribute data, the printer driver determines whether the acquired security level requires output management (S210).

  In the case of management unnecessary data (no security attribute data) (S210; No), the print data is transferred to the print data conversion unit 30, the print data conversion (S214) is performed, and the print data is transmitted to the printer for printing (S215). And it complete | finishes (S216).

  On the other hand, if the acquired security level is the management required level (S210; Yes), the printer driver compares the security attribute data added to the print data acquired from the application with the device security data returned from the printer, and the security level Are matched, or the device security data is higher than the security attribute data, for example, it is determined whether the set security conditions are satisfied (S213).

  When the security condition is satisfied (S213; YES), the printer driver adds a control command or the like based on the print data received from the application, or converts the print data into data that can be processed by the printer (S214). After that, the data is transmitted to the printer. The printer prints the data received from the printer driver on the print medium (S215), and ends the output process (print process) (S216).

  On the other hand, if it is determined in the security condition satisfaction determination (S213) that the set security condition is not satisfied (S213; NO), the printing process stop information is transmitted to the application (S217). Based on the print cancellation information, the application displays an error message on the display device 51 (S218), stops the printing process (S219), and ends the process (S220).

  Further, while the application is waiting for a security attribute data inquiry from the printer driver (S204; YES), it is monitored whether the predetermined time is reached (S205). If the predetermined time is not reached (S205; NO), keep waiting. When security attribute data is answered from the printer driver within a predetermined time, the process stops waiting (S204; NO), and sends the print data together with the answer (S208) with the security attribute data.

  If the predetermined time has elapsed, it is determined that the time is over (S205; YES), an error message is displayed on the display device 51 (S218), the printing process is stopped (S219), and the process is terminated (S220).

  FIG. 7 shows a list of combinations of application software and printer drivers / printers and ideal output results in the present invention. (A) shows the case of a document with security attribute data, and (b) shows the case of a document without security attribute data.

  The security management target document having the security attribute data is appropriately output after the security level is determined in the combination of the application proposed by the present invention and the printer driver / printer. On the other hand, when the application or the printer driver / printer does not support security management, security management is performed because output is not performed.

  Further, a security management non-target document having no security attribute data can be output in any combination, and the convenience of outputting general data is not impaired.

In the combination of the output security compatible application and the output security compatible printer driver / printer, the satisfaction of the security condition is judged by comparing the security attribute data given to the document and the device security data set in the output device as described above. As a result, both the document with security attribute data and the document without security attribute data are output under appropriate output management. (See Figure 6)
A combination of an application that does not support output security and a printer driver / printer that does not support output security is a normal output system, and a document without security attribute data is normally output. However, the document with security attribute data in the present invention cannot be output at all because the file cannot be browsed due to the function defect of the file attribute (security information such as data browsing) set in FIG.

  Similarly, in the combination of an output security non-compliant application and an output security compatible printer driver / printer, the document with security attribute data in the present invention has the function of the file attribute (security information such as data browsing) set in FIG. Due to deficiencies, the file cannot be browsed and no output is possible. However, a document without security attribute data can be output by the procedure shown in FIG.

  Further, in the combination of the output security compatible application and the non-output security compatible printer driver / printer, the procedure shown in FIG. 8 will be described, and only security management unnecessary data can be output.

  As a result, appropriate output management can be realized in the combination of the output security compatible application and the output security compatible printer driver / printer, and the minimum output management can be performed while securing the normal output service even in the inappropriate combination. It can be realized.

  FIG. 8 shows an example of a print processing procedure when an application having the security function of the present invention, a printer driver without a security function, and a printer are selected. 8, the same two steps as those in FIG. 6 are denoted by the same numbers as those in FIG. 6 for the last two digits of each step number in FIG. 8. In addition, since the security function is not supported, functions and processes that are not actually provided are indicated by broken lines for comparison with FIG.

  On the application side, the document file is read (S301), a print instruction is issued (S302), and the processing flow on the printer driver side is activated (S306). On the application side, security attribute data is confirmed (S303), and for data that requires security management (S303; Yes), a security attribute data inquiry from the printer driver is awaited (S304; YES).

  However, if the printer driver does not have the security management function of the present invention, the security attribute data inquiry (S307), the presence or absence of security attribute data (S310), the device security data inquiry (S311), the device security data Answer (S312), security condition satisfaction judgment (S313) based on comparison between security attribute data and device security data is not included. For this reason, the application side continues to wait for the security attribute data inquiry from the printer driver (S304; YES), time is over (S305; Yes), an error message is displayed on the display device 51 (S318), and the printing process is stopped (S319). ) To finish the process (S320).

  On the other hand, for data that does not require security management (S303; No), the application does not wait for an inquiry from the printer driver, and sends the print data (S309) together with the security attribute data as a reply (S308). The printer driver adds a control command or the like based on the print data received from the application or performs conversion processing (S314) for converting the print data into data that can be processed by the printer, and then transmits the data to the printer. The printer prints the data received from the printer driver on the print medium (S315), and ends the output process (print process) (S316).

  FIG. 9 shows an example of a print processing procedure when an application that does not have a security function of the present invention, a printer driver that has a security function, and a printer are selected. 9, the same two steps as those in FIG. 6 are denoted by the same numbers as those in FIG. 6 for the last two digits of each step number in FIG. 9. In addition, since the security function is not supported, functions and processes that are not actually provided are indicated by broken lines for comparison with FIG.

  As described above, since an application that does not have the security function of the present invention cannot browse data for which a security level is set, the application side can read a file such as a document that does not have a data security level set. Once executed (S401), a print instruction is issued (S402), and the processing flow on the printer driver side is activated (S406).

  The printer driver instructed to print inquires the device security data to the printer (S411). In response to this, the printer returns the set device security data (S412). The printer driver stores the acquired device security data. Next, the application is inquired about the data security level (S407).

  However, if the application does not have the security management function of the present invention, it is determined whether security management is necessary (S403), waits for an inquiry from the printer driver (S404), time-over management (S405), and security attribute data reply (S408). ) And other functions and processing. Therefore, the application transmits the print data (S409) regardless of the security attribute data inquiry (S407) from the printer driver.

  When acquiring the print data from the application, the printer driver determines whether the acquired print data needs to be output-managed (S410).

  At this time, print data from an application that does not support the security function of the present invention is security management unnecessary data that does not always have security attribute data, as described above. For this reason, the security management necessity determination (S410) is always management unnecessary (S410; No).

  Unnecessary management data (document without security attribute data) (S410; No) is transferred as print data to the print data conversion unit, and after print data conversion (S414) is performed, printing is executed (S415), and the process ends. (S416).

  In addition to the printer described above, the present invention provides various recording media (CD-ROM, flash ROM, memory card (compact flash (registered trademark), smart media, memory stick, etc.)), hard disk, magneto-optical disk, and digital versatile as an output device. The present invention can also be applied to a recording device that stores data on a disk or a flexible disk.

1 is a diagram illustrating a connection configuration example of a print management system according to an embodiment of the present invention. FIG. It is a chart which illustrates the contents of 4 steps of security levels A thru / or D. 6 is a chart showing an example of output conditions of the output management system according to the present invention using printer device security data A to D and security attribute data A to D of output data. 1 is a functional block diagram of a data processing apparatus and a security level A printer according to an embodiment of the present invention. FIG. It is a flowchart which shows an example of a document etc. preparation process procedure of this invention provided with data security information. 6 is a flowchart illustrating an example of a print processing procedure of the present invention by an application, a printer driver, and a printer when printing is performed based on a print instruction from an application. In the present invention, a list of ideal output management results when various applications and printer drivers are combined is shown. An example of a print processing procedure when a printer driver / printer that does not support security is selected is shown. 6 is a flowchart illustrating an example of a print processing procedure in the case of an application that does not support security.

Explanation of symbols

DESCRIPTION OF SYMBOLS 11 Data processor 12-15 Printer 16 Print management server 17 Communication line 21 Application part 22 Document etc. preparation part 23 Data security setting part 24 Output processing part 25 Printer driver part 26 Security control part 27 Security information acquisition part 28 Judgment part 29 Output Control unit 30 Print data conversion unit 31 Display control unit 32 Input control unit 33 Input / output interface 34 Communication interface 40 Communication interface 41 Print control unit 42 Security print control unit 43 Security information storage unit 44 Printing mechanism 45 Printer operation unit 51 Display device 52 Operating device 80-83 Electronic data such as documents 90-93 Printed matter 95 Trace information

Claims (8)

An output management system in which at least one data processing device and a plurality of output devices having different security functions are connected, and output data to which security attribute data is given is output from the output device designated by the data processing device Because
The data processing device includes:
It reads the security attribute data attached to the output data, and an output processing unit for performing the necessity of power management,
The device security data representing the security function of the output device designated as the output destination is compared with the security attribute data attached to the output data, and the output device designated as the output destination It is determined whether or not a security function that satisfies the security requirements specified by the attribute data is provided, and control is performed so that output processing by the output device is executed only when it is determined that the security function that requires output data is provided. An output device driver that transmits the output data to the output device in accordance with a print command from the output processing unit.
Prepared ,
The output processing unit has a function of waiting for an inquiry about the security attribute data attached to the output data from the output device driver. When there is no inquiry from the output device driver, the output device An output management system characterized by determining that a predetermined security function is not provided .   The security control unit compares the security attribute data specified by a security level obtained by grouping a plurality of security functions with the device security data specified by the security level, thereby determining whether or not the output process is appropriate. The output management system according to claim 1, further comprising a determination unit for determining. The security control unit further includes:
When a data output event occurs, the security attribute data attached to the output data, and a security information acquisition unit that inquires about the security function of the output device designated as the output destination,
The determination unit determines the output device by comparing the device security data representing the security function of the output device acquired by the security information acquisition unit with the security attribute data attached to the output data. The output management system according to claim 2 , wherein: The security control unit continues the output process by the output device only when the determination unit determines that the output device has a security function for obtaining output data, and receives the output non-permission determination information. 4. The output management system according to claim 2, wherein the output processing procedure is interrupted and a message output process for outputting an error message is executed.   The output processing unit transmits the output data to the device output driver without waiting for the inquiry from the output data when output management is unnecessary for the output data. The output management system according to claim 1. In an output management system in which at least one data processing device and a plurality of output devices having different security functions are connected,
A step of inquiring device security data representing a security function of the output device that is requested to be output to the output device driver by the output processing unit;
(A) comparing the device security data obtained in the step of inquiring the device security data with security attribute data representing a security attribute assigned to output data;
(B) a security determination step for permitting output of the output data only when the security function of the output device satisfies the requirements for the security attribute of the output data; and (c) only when output is permitted. An output control process for continuing output processing of output data,
The device security data querying step, the output controlling method of the power management system, characterized that you cancel the print processing when a predetermined time responses were not obtained after inquiry to the device output driver. The security judgment step (b)
(B-1) a security determination step for permitting output of the output data when the device security data of the output device satisfies the requirements for the security attribute of the output data; and (b-2) device security of the output device. A step of stopping the printing process when the data does not satisfy the requirements of the security attribute of the output data;
The output control method of the output management system according to claim 6 , further comprising: The security attribute data and the device security data, the security level required for output data, by comparing the security function set of available output devices, according to claim 6 or, characterized in that it is set by grouping 8. An output control method for the output management system according to 7 .

Images