WO2007020987A1 - Document management apparatus, document management method, document management program, and storage medium - Google Patents

Document management apparatus, document management method, document management program, and storage medium Download PDF

Info

Publication number
WO2007020987A1
WO2007020987A1 PCT/JP2006/316199 JP2006316199W WO2007020987A1 WO 2007020987 A1 WO2007020987 A1 WO 2007020987A1 JP 2006316199 W JP2006316199 W JP 2006316199W WO 2007020987 A1 WO2007020987 A1 WO 2007020987A1
Authority
WO
WIPO (PCT)
Prior art keywords
program
screen
display
application
screen image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2006/316199
Other languages
English (en)
French (fr)
Inventor
Shuuji Ozawa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Priority to US11/914,569 priority Critical patent/US7992084B2/en
Publication of WO2007020987A1 publication Critical patent/WO2007020987A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Definitions

  • DOCUMENT MANAGEMENT APPARATUS DOCUMENT MANAGEMENT METHOD
  • DOCUMENT MANAGEMENT PROGRAM DOCUMENT MANAGEMENT PROGRAM
  • STORAGE MEDIUM DOCUMENT MANAGEMENT APPARATUS, DOCUMENT MANAGEMENT METHOD
  • DOCUMENT MANAGEMENT PROGRAM DOCUMENT MANAGEMENT PROGRAM
  • STORAGE MEDIUM DOCUMENT MANAGEMENT APPARATUS, DOCUMENT MANAGEMENT METHOD, DOCUMENT MANAGEMENT PROGRAM, AND STORAGE MEDIUM
  • the present invention relates to a document management technique, and more particularly, to a document management apparatus and document management method for implementing security management on electronic data that is handled on a server, an output device, an input device and so on that are interconnected via a network.
  • secure data electronic data including confidential information
  • a confidentiality preserving application that generates or edits secure data will be called a “secured application”
  • secured application electronic data including confidential information
  • various devices such as personal computers, servers, output devices and input devices over a network. Consequently, there are increasing chances of secure data leaking to the outside world, e.g., printing out of secure data from an output device, saving of secure data to a personally managed personal computer or to a USB storage, or taking out of such saved data.
  • document management techniques security management techniques
  • Such efforts include various system management techniques so far proposed, such as one that encrypts secure data itself and permits only those who have access right to the encrypted secure data, one that encrypts data transmitted on a network and has a sender and a receiver share a decryption key, and one that manages access to a printing apparatus itself with a user ID or password and enables printing only, when the user is authenticated.
  • a feature of the secure document system is that it has a database for storing encrypted secure data and a security management server for performing access right management, and that a PC or an input/output device connected to a network has to be authenticated by the security management server before being able to access the encrypted secure data.
  • PCs and input/output devices need to be connected to a security server because authentication by the security management server is essential to access encrypted secure data. Even if secure data is taken outside the network, no access can be made to the secure data because authentication by the security management server cannot be obtained.
  • a security management server can collectively manage all access conditions and access history of PCs, applications, or input/output devices that access the secure data.
  • the secure document system has a problem in that , when new data other than secure data (data partially including secure data) is generated by- obtaining image data and the like with print screen function (i.e., function of hard-copying a display screen) of a PC that accessed secure data and inserting or attaching the image data to data other than secure data, access restriction does not work for the resulting data and the data is not covered by management of the secure document system.
  • print screen function i.e., function of hard-copying a display screen
  • the present invention has been made in view of the problems, and is intended to attain at least one of following objects.
  • An object of the invention is to safely manage data that should be protected and to secure such data from leakage or unauthorized use.
  • Another object of the invention is to provide a document management technique that enables security management on data that is obtained with print screen function while maintaining utility of print screen function.
  • a document management apparatus that communicates with a server and manages confidentiality of electronic data generated by a confidentiality preservation program, comprising: a screen image deletion unit adapted to delete a screen image displayed on a display unit that is based on the electronic data when the confidentiality preservation program transitions to termination processing or suspension processing; and an object deletion unit adapted to delete an object that is registered as copy of a screen image displayed on the display unit.
  • a document management method for a document management apparatus that communicates with a server and manages confidentiality of electronic data generated by a confidentiality preservation program, comprising: a screen image deleting step of deleting a screen image displayed on a display unit that is based on the electronic data when the confidentiality preservation program transitions to termination processing or suspension processing; and an object deleting step of deleting an object that is registered as copy of a screen image displayed on the display unit.
  • FIG. IA is a block diagram showing the hardware configuration of a document management apparatus 40 according to an embodiment of the invention.
  • FIG. IB illustrates the module configuration of software programs that are executed on the document management apparatus ;
  • FIG. 1C shows an example of screen images expanded in graphic memory
  • FIG. ID shows an example of pasted objects registered in object saving memory
  • FIG. IE shows a state in which screen display for a suspended secure application and that for an active secure application are displayed on a CRT concurrently;
  • FIG. 2A and 2B illustrate the procedure of operation relating to pasting of objects using print screen function
  • FIG. 3A and 3B illustrate the procedure of operation relating to pasting of objects using print screen function
  • FIG. 4A illustrates the flow of process relating to screen display on CRT 107 and FIG. 4B illustrates the flow of process relating to saving and pasting of a screen image for a case print screen function is executed;
  • FIG. 5 illustrates the flow of termination of a security application included in various application modules 101;
  • FIG. 6A illustrates the flow of processing for a case where there is another secure application as a suspended application when a secure application is terminated
  • FIG. 6B shows a task management table managed by a task control module
  • FIG. '7 illustrates the flow of terminating a secure application which is a currently active application when an application to be newly activated is a normal application
  • FIG. 8 illustrates the flow of terminating secure application 502 that is a currently active application when an application to be newly activated is secure application 802;
  • FIGS. 9A- 1 to 9A-3 are flowcharts generally illustrating the flow of processing by software modules ;
  • FIG. 9B is a flowchart generally illustrating the flow of processing by software modules
  • FIG. 9C is a flowchart generally illustrating the flow of processing by software modules; and [0036] FIG. 9D is a flowchart generally illustrating the flow of processing by software modules.
  • FIG. IA is a block diagram showing the hardware configuration of a document management apparatus 40 according to an embodiment of the invention.
  • Reference numeral 1 denotes a system bus, to which components to be discussed below are connected.
  • Reference numeral 2 denotes a CPU, which is capable of controlling overall processing relevant to management of data confidentiality preservation (security management) on the document management apparatus 40.
  • Reference numeral 3 denotes program memory (PMEM) which stores programs for executing various processing relevant to data editing and/or security management under overall control by the CPU 2.
  • Specific modules of programs stored therein include various application modules 101, a pasted object management module 102, and a screen hardcopy control module 103 shown in FIG. IB. They will be described below with reference to FIG. IB.
  • the CPU 2 selects from these programs as appropriate and reads in a program for security management and the like to execute it.
  • Reference numeral 4 denotes a communication control section for controlling input/output data at a network interface (I/F) 113. Signals output from the network interface 113 are sent over a communication line 19 to a communication port of a security management server 115 that is connected to a network 114. Reference numeral 115 denotes a security server that is connected over the network 114. Processing relating to output of data to an output device 7 (e.g., a printer) that is shared on the network 114 and/or saving and reading of secure data to/from the security management server 115 are performed via the communication control section 4 under the overall control of the CPU 2.
  • an output device 7 e.g., a printer
  • Reference numeral 5 denotes an input device for inputting image data and the like, and data input from the input device 5 is also input to the network interface 113.
  • the input device 5 may be a scanner or a digital camera.
  • a confidentiality preservation program (hereinafter referred to as a "secured program” ) can edit image data input from the input device 5 and edited image data is saved as secure data.
  • Reference numeral 8 denotes an input control section, to which a keyboard 9 and a pointing device (PD) such as a mouse 10 are connected. An operator can instruct operation of the system by operating the keyboard 9. For example, the operator can perform operation relating to security management for a document that utilizes print screen function.
  • Reference numeral 106 denotes a display control section, which is capable of display control in accordance with position or rendering property information of data to be displayed on the CRT 107.
  • Reference numerals 15 and 16 denote storage devices for storing electronic data and the like; 15 can be formed by a hard disk (hereinafter abbreviated as a "HD") and 16 by a USB storage, for example.
  • the storage device 15 includes graphic memory 105 for storing images generated by an image display formation module 104 (see FIG. IB), application data 108 for use when various application program modules 101 (see FIG. IB) are executed, and object saving memory 110 for saving various images (hereinafter "objects”) that are managed by the pasted object management module 102 (see FIG. IB).
  • various programs stored in the program memory (PMEM) 3 may be stored in the storage device 15.
  • a storage medium for storing electronic data and various application modules may also be a device such as a flexible disk, CD-ROM, DVD, memory card, and magneto-optical disk.
  • the document management apparatus 40 that is connected to the security management server 115 via the network 114' forms a secure document system.
  • the security management server 115 can manage saving and registration of encrypted secure data on the document management apparatus 40 and access to registered secure data.
  • the document management apparatus 40 connected to the network 114 needs to be authenticated by the security management server 115 as appropriate in order to access encrypted secure data.
  • Various cryptographic techniques can be applied to encryption in the document management apparatus 40. For example, secret key and public key encryption used in key cryptography and other cryptographies can be applied, but detailed description on them is omitted herein.
  • the document management apparatus 40 which communicates with the security management server 115 and manages confidentiality of electronic data (secure data) generated by a confidentiality preservation program (a secure application) has a screen image deletion section for deleting screen data based on electronic data displayed on the CRT 107 when the confidentiality preservation program transitions to termination process or suspension process, and an object deletion section for deleting an object which is registered as copy of a screen image displayed on the CRT 107.
  • a secure application whose execution is controlled under control of the CPU 2 can function as the screen image deletion section and the object deletion section.
  • Suspension processing refers to processing performed in suspended state and/or interrupting a task and waiting for an instruction from an operating system. Suspended state includes a state in which, when a task for a secure application is not selected by window switching program of the operating system, processing already accepted is handled by the task in the background of a main task.
  • FIG. IB illustrates the module configuration of software that is executed under control of the CPU 2 on the document management apparatus 40 (i.e., a host computer) appropriate for the embodiment.
  • Various application modules 101 are program modules capable of editing a document, business form, and/or image, and a secure application for performing processing for preserving confidentiality of electronic data can function as a program module included in the application modules 101.
  • the application modules 101 can retrieve application data 108 from the storage device 15 of the document management apparatus 40 and save result of a user's editing or deletion in the storage device 15.
  • a secure application included in the application modules 101 is also capable of communicating via the network I/F 113 with the security management server 115 that is connected to the network 114, retrieving secure data 116 relevant to security management from the database of the security management server 115 after authentication by the security management server 115, decoding the secure data 116, and saving result of the user's editing and deletion on the document management apparatus 40 in the database of the security management server 115 again encrypting the same.
  • Secure applications included in the application modules 101 enable management of security of electronic data as secure data that is processed on the document management apparatus 40.
  • the application data 108 and secure data 116 are copied to memory (not shown) that is managed by the application modules 101 and data copied into the memory is edited (including data deletion) by the application modules 101.
  • the application modules 101 rewrite the application data 108 and secure data 116 to edited data in the memory after all editing is complete.
  • a secure application included in the application modules 101 can generate a registration instruction to register data edited in the memory as secure data to the database of the security management server 115, and the edited secure data is encrypted and transmitted to the security management server 115 via the network I/F 113 described above.
  • the security management server 115 Upon receiving the instruction, the security management server 115 performs authentication for the document management apparatus 40 and, after the authentication, stores the transmitted encrypted data in the database as secure data.
  • the task control module 109 is a program module that is responsible for management of application modules that are currently running and operable by the user and ones suspended.
  • Each application registers its application name and ID for indicating that the application has been activated to the task control module 109 upon activated (see FIG. 6B).
  • the image display formation module 104 or screen hardcopy control module 103 as another application can reference either of application name or ID to determine whether an application is a secure application or a normal application (i.e., an application that is not involved in security management).
  • the application modules 101 can have the CRT 107 display the application data 108 or secure data 116 thereon by way of the screen display formation module 104 and the display control section 106.
  • the user can edit data using the input device 112, e.g. the keyboard 9 and the mouse 10, while looking at the CRT 107.
  • the result of the user's operation of the input device 112 is fed back as input information to the application modules 101 via the user input control module 111.
  • the application modules 101 modify data based on input information fed back by the user input control module 111 and input the result of modification to the screen display formation module 104.
  • the application modules 101 are further capable of outputting an instruction to register various images (hereinafter referred to as "objects") to the pasted object management module 102 or delete the objects.
  • the pasted object management module 102 temporarily saves a registered object to the object saving memory 110 under control of an external storage device control section 14.
  • the pasted object management module 102 can retrieve objects from the object saving memory 110 and delete the objects, in addition to registration of objects.
  • the application modules 101 can also output an instruction relating to registration, retrieval, or deletion of objects to the pasted object management module 102 at any time.
  • the pasted object management module 102 can also register an object that is input from the screen hardcopy control module 103. When the user instructs execution of print screen function (i.e.
  • the user input control module 111 inputs the user's instruction as input information to the screen hardcopy control module 103.
  • the screen hardcopy control module 103 obtains image data now displayed on the CRT 107 via the display control section 106 and instructs the pasted object management module 102 to register the obtained image data as an object.
  • the pasted object management module 102 saves the object in the object saving memory 110.
  • the applications 101 can also retrieve an object such as image data obtained by the screen hardcopy control module 103 from the object saving memory 110 in which the object is registered via the pasted object management module 102.
  • the screen display formation module 104 expands image data to be displayed on the CRT 107 (a screen image) and registers the image to the graphic memory 105 based on a request received from the application modules 101. At this point, the screen display formation module 104 can determine whether a requesting application is a secure application or a normal application based on its application name or ID. If it is a secure application, the module 104 can expand the screen image and register the same to the graphic memory 105 in a manner that can distinguish the request from the application from one from a normal application, [0064] FIG. 1C shows an example of screen images (1051 to 1053) that are expanded in the graphic memory 105. Identification information (e.g. identifier "S”) 1054 is added to a screen image that is expanded based on a request from a secure application, which enables it to be distinguished from other screen images (1052 and 1053) .
  • Identification information e.g. identifier "S”
  • the display control section 106 can retrieve the screen image (CRT image) expanded in the graphic memory 105 and output the retrieved screen image (CRT image) to the screen hardcopy control module 103.
  • the display control section 106 can determine that the screen image is an image by a secure application if identification information 1054 is added to the specified screen image.
  • FIGS. 2A, 2B , 3A and 3B illustrate a procedure of operation relating to pasting of an object using print screen function.
  • FIG. 2A by pressing a print screen key 304, which is positioned at 302 as a portion of the keyboard 9 (see FIG. 3A), images displayed on the CRT 107 (201a and 201b) are saved as objects in the object saving memory 110 that is managed by the pasted object management module 102 (204).
  • FIG. 2B shows an example of displayed screen 205 for a secure application.
  • the secure application obtains an object 204 that is saved in the object saving memory 110 via the pasted object management module 102, and rewrites application data to paste an image (an object) obtained with print screen function on the display screen 205 as shown at 208 of FIG. 2B.
  • FIGS. 9A-1 to 9A-3 are flowcharts generally illustrating the flow of processing by software modules.
  • a secure application requests retrieval of secure data saved in the security management server 115 (S901)
  • the security management server 115 sends the specified secure data after authentication (S911).
  • the secure application can edit or delete the secure data after decoding the encrypted secure data (S902).
  • the secure application outputs an instruction on screen display to the screen display formation module 104 (S903).
  • a detailed flow of process associated with screen display on the CRT 107 will be described with reference to the block diagram of FIG. 4A in accordance with FIGS. 9A-1 to 9A-3. Specific details of this process is based on execution of program modules under the overall control by the CPU 2.
  • the screen display formation module 104 determines whether the application that output the instruction on screen display or modification of screen display is a secure application (S913 in FIG. 9A-2). And registration or update of a screen image appropriate for the instruction on screen display or modification of screen display (S401) is made in the graphic memory 105 (S402, and S914 of FIG. 9A-2).
  • the image display formation module 104 adds identification information to the screen image to be expanded and registers it in the graphic memory 105 (see FIG. 1C).
  • the image display formation module 104 notifies the display control section 106 that, the contents of the graphic memory 105 has been changed (S403) .
  • the display control section 106 retrieves a screen image from the graphic memory 105 (S404) and displays the same on the CRT 107 (S405, and S916 of FIG. 9A-2). [0078] With the above described process, processing relating to screen display on the CRT 107 and modification of screen display terminates. [0079] (Execution of print screen function) Next, referring to the block diagram of FIG. 4B, a process relating to saving of a screen image when print screen function is executed will be described in accordance with FIGS. 9A-1 to 9A-3.
  • the screen hardcopy control module 103 instructs the display control section 106 to retrieve a screen image (S411).
  • the display control section 106 retrieves a screen image corresponding to the instruction from the graphic memory 105 (S412, and S918 of FIG. 9A-2), and thereafter, the display control section 106 outputs the retrieved screen image to the screen hardcopy control module 103 (S413, and S919 of FIG. 9A-2).
  • the screen hardcopy control module 103 After receiving the screen image output by the display control section 106, the screen hardcopy control module 103 determines whether the screen image accompanies identification information that indicating the image is a screen image for a secure application (S921 in FIG. 9A-3) .
  • an instruction to register the screen image to the pasted object management module 102 is output (S414, and S922 in FIG. 9A-3).
  • the screen hardcopy control module 103 outputs the screen image to the pasted object management module
  • FIG. ID shows an example of pasted objects (1061 to 1063) that are registered in the object saving memory 110.
  • Identification information e.g. identifier "S”
  • S identifier
  • the pasted object management module 102 saves a screen image that has been output to the object saving memory or a HD and registers it as an object based on output from the display control section 106 (see FIG.
  • the instruction is input to the user input control module 111.
  • the user input control module 111 outputs an application termination instruction to the secure application 502 (S501) .
  • the secure application 502 Upon ' receiving the instruction (S904 in FIG. 9A- 1), the secure application 502 instructs the screen display formation module 104 to delete all screen display by the secure application from the CRT 107 (S502, and S905 in FIG. 9A-1).
  • the screen display formation module 104 informs the display control section 106 that all screen images expanded in the graphic memory 105 or screen images accompanying identification information are to be deleted (S915 in FIG. 9A-2).
  • the display control section 106 deletes all screen display on the CRT 107 based on deleted screen images (S926 in FIG. 9A-2).
  • the secure application 502 instructs the pasted object management module 102 to delete objects saved in the object saving memory 110 or a HD after instructing deletion of screen display (S503, and S907 in FIG. 9A- 1) .
  • the pasted object management module 102 upon receiving the instruction on object deletion, deletes all objects in the object saving memory 110 or the HD (S504, and S924 in FIG. 9A-3).
  • deletion of objects is not limited to deletion of all objects registered in the object saving memory 110 or the HD. It is also possible to delete only objects that are registered as data handled by the secure application 502 (i.e. copy of a screen image), for example. In that case, the secure application 502 outputs an instruction to delete objects only for objects that are registered based on screen images from a secure application. After receiving the instruction, the pasted object management module 102 deletes only objects that have identification information (1061 in FIG. ID, for example). This can enable deletion of only certain objects that are subject to confidentiality preservation.
  • the secure application 502 further encrypts data that was being processed by the secure application 502 (secure data) (S908 in FIG. 9A-1), generates an instruction to register the secure data in order to save it in the database of the security management server 115 (S505-1, and S909 in FIG. 9A-1), and outputs the instruction on registration to the security management server 115 via the network I/F 113 (S505-2).
  • the security management server 115 registers the secure data to the database 116 after authentication (S912 in FIG. 9A-1).
  • the secure application 502 instructs to delete the task for the secure application 502 among currently running application modules managed by the task control module 109 (S506, and S910 Of FIG. 9A-1).
  • the task control module 109 deletes the task for the secure application 502 and terminates the process.
  • the user input control module 111 When input that instructs termination of the secure application 502 is input to the user input control module 111, the user input control module 111 outputs an application termination instruction to the secure application 502 (S601).
  • the secure application 502 instructs the screen display formation module 104 to delete all screen display for the secure application 502 from the CRT 107 (S602).
  • processing associated with deletion of screen display is similar to the process at step S502 described with FIG. 5.
  • the secure application 502 requests the task control module 109 to notify whether there is a suspended application, and if there is any, to send its application name or ID (S603, and S930 in FIG. 9B).
  • the task control module 109 checks if there is any suspended application (S935 in FIG. 9B), and if there is a suspended application (Yes at S936), it sends the name and ID of the application to the secure application 502 (S604, and S937 in FIG. 9B). If there is no suspended application, however, the task control module 109 does not return a response to the secure application 502. If no response is returned from the task control module 109 after elapse of a certain time period, the secure application 502 can determine that there is no suspended application. [0103]
  • the task control module 109 is capable of managing tasks for respective applications by means of a task management table 609 shown in FIG. 6B, for example.
  • the task control module 109 can reference the task management table 609 to determine whether there is any suspended application from registration of application name, ID, and identification information (in FIG. 6B, "S" is added as identification information that indicates a secure application) .
  • Distinction between a secure application and a normal application is not limited to determination based on identification information, but they can be also distinguished from each other based on application name.
  • the task control module 109 sends an application name and an ID to the secure application 502.
  • the secure application 502 determines whether a suspended application is a secure application, based on the name, ID, and identification information of the suspended application sent from the task control module 109 (S931 in FIG. 9B) .
  • the suspended applications are all secure applications (in this case, an application to be activated next will be always a secure application) , or if at least one secure application is included in the suspended applications and it is possible to specify that secure application (secure application 601 in FIG. 6A, for example) as an application to run next based on an instruction from the secure application 502 now running (Yes at S931 of FIG. 9B), the secure application 502 now running does not instruct deletion of objects to the pasted object management module 102 (S932 of FIG. 9B) .
  • secure application secure application 601 in FIG. 6A, for example
  • the secure application 502 does not output an instruction to delete objects saved in the object saving memory 110 or the HD to the pasted object management module 102 (in this case, the secure application 502 does not output an instruction corresponding to step S503 of FIG. 5). Consequently, objects registered in the object saving memory 110 remain registered.
  • step S908 of FIG. 9A- 1 the secure application 502 encrypts secure data in order to save the secure data that was being processed by the secure application (S908 in FIG. 9A-1), and generates an instruction to register the encrypted secure data (S605-1, S909 in FIG. 9A-1). And the secure application 502 outputs the registration instruction to the security management server 115 via the network I/F 113 (S605-2).
  • processing at steps S605-1 and S605-2 corresponds to that at steps S505-1 and S505-2 in FIG. 5.
  • the secure application 502 instructs that a task for the secure application 502 be deleted from among currently running application modules managed by the task control module 109 (S606, and S910 in FIG. 9A-1).
  • task control module 109 deletes registration of the application (A: secure application 502) that is now running from the task management table 609. And the task control module 109 switches task management by shifting a suspended application (B: secure application 601, for example) to running state.
  • the secure application 601 Even after the secure application 601 is switched from suspended to running state, it is still possible to reference objects that are registered in the object saving memory 110 and the like in connection with processing by the secure application 502 that was previously running, to paste the objects, and manage resulting data as new secure data that partially includes objects. Also, the secure application 601 which has newly entered running state can utilize secure data registered by the previous secure application 502 after being authenticated by the security management server 115.
  • the secure application 502 outputs an instruction to delete all registered objects or objects having identification information (1061 in FIG. ID) to the pasted object management module 102 so that data that is registered as objects cannot be referenced from a normal application (S907 in FIG. 9A-1).
  • the secure application 502 which transitions from running state to termination and the secure application 601 which transitions from suspended to running state can share objects that are saved in the object saving memory 110 and/or secure data saved on the security management server 115. Thus, it is possible to enhance convenience for users while preserving data confidentiality.
  • the normal application 702 Upon receiving the instruction on new application activation (S939), the normal application 702 outputs an instruction to register its task to the task control module 109 (S702). At this point, the normal application 702 notifies the task control module 109 of its application name and ID.
  • the task control module 109 makes registration to the task management table 609 based on the notification from the normal application 702 (S940). And in order to have the normal application 702 that is instructed to be newly activated operate in preference to the secure application 502 now operating, the task control module 109 outputs an instruction on temporary halt to the secure application 502 now operating and also notifies it of the application name and ID of the application to be activated next (S703, and S941a in FIG. 9C).
  • the secure application 502 determines whether the application is a normal application or a secure application based on the application name and ID sent from the task control module 109.
  • the secure application 502 determines that the application to be activated next is a normal application (No at S942 in FIG. 9C, and when identification information ("S") shown in FIG. 6B is not added that indicates a secure application) , the secure application 502 instructs the screen display formation module 104 to modify display on the CRT 107 for the secure application 502 (S704, and S943 in FIG. 9C) .
  • modification of display by the screen display formation module 104 does not delete screen display completely because it is necessary to indicate that a secure application is suspended. Modification of display may be application of shading over screen display to prevent reference from a screen of a normal application and/or minimization of screen display for the secure application 502 as an icon (S946 of FIG. 9C)
  • the secure application 502 instructs the pasted object management module 102 to delete objects saved in the object saving memory 110 or the HD (S705, and S944 of FIG. 9C).
  • the pasted object management module 102 deletes all objects in the object saving memory 110 or the HD (S706, and S947 of FIG. 9C).
  • Deletion of objects is not limited to deletion of all objects registered in the object saving memory 110 or the HD as at step S504 of FIG. 5; it is also possible to delete only objects relating to data handled by a secure application, for example.
  • the secure application 502 outputs an object deletion instruction only for objects that are registered based on a screen image by a secure application.
  • the pasted object management module 102 deletes only objects that have identification information (1061 of FIG. ID, for example). This can enable deletion of only certain objects that are covered by confidentiality preservation.
  • the secure application 502 After outputting the instruction on object deletion, the secure application 502 notifies the task control module 109 that it is ready to transition to suspended state (SlOl, and S945 of FIG. 9C). [0127] In response to the notification from the secure application 502, the task control module 109 puts the secure application 502 into suspended state and switches the task of the normal application 702 to running state (S941b of FIG. 9C).
  • the secure application 802 Upon receiving the instruction, the secure application 802 outputs an instruction that requests the task control module 109 to register its task (S802). At this time, the secure application 802 notifies its application name and ID, and identification information indicating that it is a secure application. [0135] The task control module 109 makes registration to the task management table 609 based on the notification sent from the secure application 802. And, in order for the secure application 802 that has been instructed to newly activate to operate in preference to the secure application 502 now operating, the task control module 109 outputs an instruction on temporary- halt to the operating secure application 502 and also notifies the application name, ID, and identification information of the application to run next (S803). [0136] The secure application 502 determines whether the application is a secure application or a normal application based on the application name, ID, and identification information sent from the task control module 109.
  • the secure application 502 determines that the application to run next is a secure application 802
  • the secure application 502 does not instruct deletion of display, modification such as shading and iconization (minimization), or deletion of objects saved in the object saving memory 110 to the image display formation module 104 and the pasted object management module 102 (S950 of FIG. 9D).
  • the secure application 502 does not instruct deletion of registered object to the pasted object management module 102 (S951 of FIG. 9C), and notifies the task control module 109 that it is ready to transition to suspended state (S804, and S952 of FIG. 9D).
  • the task control module 109 puts the secure application 502 into suspended state and switches the task of the secure application 802 which is to be newly activated to active (i.e., running state) (S953 of FIG. 9D) .
  • the user can operate the secure application 802, but screen display associated with the secure application 502 is not minimized and the task control module 109 can allow the secure application 502 to suspend still being displayed on the CRT 107.
  • the secure application 502 that transitions from running state to suspended state and the secure application 802 that is newly activated to enter running state can share objects saved in the object saving memory 110 or secure data saved on the security management server 115.
  • the display screen for the secure application 502 can be referenced from the secure application 802. Screens for two applications can be displayed concurrently on the screen of the CRT 107 as long as both of them are secure applications (502 and 802) (1071 of FIG. IE shows the screen display for the secure application 502 and 1072 shows that for the secure application 802).
  • the user can perform operation such as editing one document while seeing another business form screen with document security maintained, which provides enhanced convenience for the user.
  • the secure applications 502 and 802 each instruct modification such as iconization (minimization) of screen display or shaded display to the image display formation module 104 prior to activation of the normal application (this modification corresponds to step S704 of FIG. 7), and instruct the pasted object management module 102 to delete objects registered in the object saving memory 110 (this deletion corresponds to step S705 of FIG. 7).
  • this modification corresponds to step S704 of FIG. 7
  • the pasted object management module 102 instruct the pasted object management module 102 to delete objects registered in the object saving memory 110
  • the secure applications 502 and 802 notify the task control module 109 that they are ready to transition to suspended state.
  • the task control module 109 places the secure application 502 and 802 into suspended state and switches the task of the normal application that is to be activated newly to running state.
  • the user can operate the normal application that was activated subsequently, but cannot reference the screen for the secure application 802 that was running previously and that for the secure application 502 that was in suspended state due to application of shading or iconization (minimization).
  • shading or iconization minimization
  • process with respect to FIGS. 8 and 9D has referred to termination process when a secure application is newly activated as an example, the same process can be applied to a case where the secure application 802 is managed in suspended state by the task management module 109 as a program that will transition to running state next when the secure application 502 transitions to suspended state.
  • the object of the invention may also be accomplished by supplying a system or an apparatus with a storage medium (or a recording medium) in which a program code of software which realizes the functions of the above-described embodiment is stored, and causing a computer (or CPU or MPU) of the system or apparatus to read out and executed the program code stored in the storage medium.
  • a computer or CPU or MPU
  • the program code itself read out from the storage medium realizes the function of the embodiment, and the storage medium in which the program code is stored constitutes the present invention.
  • the functions of the embodiment may be accomplished not only by executing the program code read out by a computer, but by causing an OS (operating system) and the like operating on the computer to perform some or all of actual operations based on instructions of the program code.
  • OS operating system
  • the function of the embodiment may be accomplished by writing the program code read out from the storage medium into memory provided in an expansion board inserted into a computer or memory provided in an expansion unit connected to the computer and then causing a CPU and the like provided in the expansion board or the expansion unit to perform some or all of actual operations based on instructions of the program code.
  • the present invention may be implemented as a system, apparatus, method, program, or a storage medium, and specifically, may be applied to a system that consists of a plurality of devices or an apparatus that consists of one device.
  • the present invention may also be realized by supplying the program modules of software that realize the functions of the embodiment described above (i.e., program modules corresponding to processes shown in FIGS. IB, 4A, 4B to 8, 9A-1 - 9A-3 to 9D) directly or remotely to a system or an apparatus and reading out and executing the program code by a computer in the system and the apparatus.
  • program modules of software that realize the functions of the embodiment described above (i.e., program modules corresponding to processes shown in FIGS. IB, 4A, 4B to 8, 9A-1 - 9A-3 to 9D) directly or remotely to a system or an apparatus and reading out and executing the program code by a computer in the system and the apparatus.
  • a program code that is installed to the computer for realizing the functions/operations of the invention also realizes the present invention. That is, the invention also includes the computer program itself for realizing the functions/operations of the invention.
  • the program code may take the form of an object code, a program that is executed by an interpreter, or script data supplied to an OS as long as it has program functions.
  • Examples of the storage medium for supplying the program include a floppy (a registered trademark) disk, hard disk, optical disk, magneto-optical disk, MO, CD- ROM, CD-R, CD-RW, magnetic tape, non-volatile memory card, ROM, and DVD (DVD-ROM, DVD-R).
  • the program may also be supplied by connecting to a web site on the Internet using a browser on a host computer and downloading the computer program of the invention itself or a compressed file including automatic installation function from the web site to a storage medium such as a hard disk.
  • the present invention may also be realized by dividing the program code constituting the program of the invention into a plurality of files and downloading each of the files from different web sites. That is, a WWW server that allows a plurality of users to download a program file for realizing the functions/operations of the invention on a computer is also included in the present invention, [0157] It is also possible to encrypt the program of the invention and distribute it to users on a storage medium such as CD-ROM.
  • a user who satisfies predetermined conditions is allowed to download key information for decoding the encrypted program from a web site over the Internet and execute the encrypted program using the key information to install the program on a computer, thereby realizing the invention.
  • the functions of the above-described embodiment may be realized by a reading out and executing the program by a computer, or also by causing an OS operating on the computer to perform some or all of actual operations based on instructions of the program.
  • the functions of the embodiment may also be realized by writing the program read out from a storage medium into memory that is provided in an expansion board inserted to a computer or in an expansion unit connected to the computer, and a CPU provided in the expansion board or expansion unit performing some or all of actual operations based on instructions of the program.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
PCT/JP2006/316199 2005-08-12 2006-08-11 Document management apparatus, document management method, document management program, and storage medium Ceased WO2007020987A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/914,569 US7992084B2 (en) 2005-08-12 2006-08-11 Document management apparatus, document management method, document management program, and storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2005-234699 2005-08-12
JP2005234699A JP2007048216A (ja) 2005-08-12 2005-08-12 文書管理装置、文書管理方法、文書管理プログラム、記憶媒体

Publications (1)

Publication Number Publication Date
WO2007020987A1 true WO2007020987A1 (en) 2007-02-22

Family

ID=37757644

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/316199 Ceased WO2007020987A1 (en) 2005-08-12 2006-08-11 Document management apparatus, document management method, document management program, and storage medium

Country Status (3)

Country Link
US (1) US7992084B2 (enExample)
JP (1) JP2007048216A (enExample)
WO (1) WO2007020987A1 (enExample)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8321538B2 (en) * 2007-09-24 2012-11-27 Hewlett-Packard Development Company, L.P. Autonomous network device configuration method
US8156416B2 (en) * 2008-05-12 2012-04-10 Xerox Corporation Securing printed output
JP2010185957A (ja) * 2009-02-10 2010-08-26 Brother Ind Ltd 表示装置、表示データ削除プログラム及び表示データ削除方法
JP6103797B2 (ja) * 2010-11-17 2017-03-29 エンカレッジ・テクノロジ株式会社 機密管理装置、機密管理方法、及びプログラム
JP5535056B2 (ja) * 2010-12-14 2014-07-02 エンカレッジ・テクノロジ株式会社 機密管理装置、機密管理方法、及びプログラム
JP5625956B2 (ja) * 2011-01-28 2014-11-19 富士通株式会社 情報管理装置、情報管理方法および情報管理用プログラム
JP5919665B2 (ja) * 2011-07-19 2016-05-18 日本電気株式会社 情報処理装置、物体追跡方法および情報処理プログラム
US8695060B2 (en) 2011-10-10 2014-04-08 Openpeak Inc. System and method for creating secure applications
US9100390B1 (en) 2014-09-05 2015-08-04 Openpeak Inc. Method and system for enrolling and authenticating computing devices for data usage accounting
US9350818B2 (en) 2014-09-05 2016-05-24 Openpeak Inc. Method and system for enabling data usage accounting for unreliable transport communication
US20160071040A1 (en) 2014-09-05 2016-03-10 Openpeak Inc. Method and system for enabling data usage accounting through a relay
US9232013B1 (en) 2014-09-05 2016-01-05 Openpeak Inc. Method and system for enabling data usage accounting
US8938547B1 (en) 2014-09-05 2015-01-20 Openpeak Inc. Method and system for data usage accounting in a computing device
RU2595511C2 (ru) * 2014-12-05 2016-08-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ ограничения работы доверенных приложений при наличии подозрительных приложений
US10083196B2 (en) * 2015-02-04 2018-09-25 Delphix Corporation Creating secure virtual databases storing masked data
JP6561707B2 (ja) * 2015-09-10 2019-08-21 富士通株式会社 データ閲覧制御プログラム、データ閲覧制御方法およびデータ閲覧制御装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002288098A (ja) * 2001-03-23 2002-10-04 Hitachi Kokusai Electric Inc プレゼンテーションシステム方法とその装置
JP2005165900A (ja) * 2003-12-05 2005-06-23 Hitachi Ltd 情報漏洩防止装置

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3008872B2 (ja) * 1997-01-08 2000-02-14 日本電気株式会社 Guiシステム自動操作装置および操作マクロ実行装置
JP3473676B2 (ja) * 1998-04-13 2003-12-08 富士通株式会社 ハイパーテキストで記述されたドキュメントのハードコピー制御方法、装置及び記録媒体
US6298446B1 (en) * 1998-06-14 2001-10-02 Alchemedia Ltd. Method and system for copyright protection of digital images transmitted over networks
JP2002084413A (ja) 2000-06-28 2002-03-22 Oki Electric Ind Co Ltd 画像処理方法,画像処理装置,画像符号化装置,及び,画像復号化装置
JP4405691B2 (ja) * 2001-04-06 2010-01-27 キヤノン株式会社 印刷システム
US20040064704A1 (en) * 2002-09-27 2004-04-01 Monis Rahman Secure information display and access rights control
JP2005056137A (ja) * 2003-08-04 2005-03-03 Ffc Ltd 機能制限プログラム、インストーラ作成プログラム及びプログラム記録媒体
JP4566679B2 (ja) * 2003-11-13 2010-10-20 キヤノン株式会社 画像形成装置および制御方法およびプログラム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002288098A (ja) * 2001-03-23 2002-10-04 Hitachi Kokusai Electric Inc プレゼンテーションシステム方法とその装置
JP2005165900A (ja) * 2003-12-05 2005-06-23 Hitachi Ltd 情報漏洩防止装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Paint Shop Pro9 User Guide", JASC SOFTWARE, INC., vol. 74, 2004, pages 172, XP003002958 *

Also Published As

Publication number Publication date
US20090037486A1 (en) 2009-02-05
JP2007048216A (ja) 2007-02-22
US7992084B2 (en) 2011-08-02

Similar Documents

Publication Publication Date Title
WO2007020987A1 (en) Document management apparatus, document management method, document management program, and storage medium
US20110164269A1 (en) Image processing apparatus, authentication system, and computer-readable storage medium
US20100024011A1 (en) Document management system and document management method
US8656152B2 (en) Image forming apparatus, host apparatus and encryption method of job object document thereof
JP5280488B2 (ja) アカウント管理装置、画像処理システム、画像処理方法、プログラムおよび記録媒体
JP2008258823A (ja) 画像処理装置、画像処理方法、プログラム、記憶媒体
JP2004341627A (ja) 画像形成装置及び当該装置におけるプログラム起動方法、画像形成システム及びそのプログラムと記憶媒体
JP2018202708A (ja) 設定情報利用システム、電子機器、設定情報利用方法、プログラム
JP5561017B2 (ja) 画像処理装置、編集プログラム、及び編集システム
CN103108100A (zh) 信息处理装置及其控制方法
KR100628572B1 (ko) 프린트 문서 편집 방법 및 그 장치
US20180082067A1 (en) Information Sharing Server, Information Sharing System And Non-Transitory Recording Medium
EP1786196B1 (en) Image processing apparatus, image managing method, document managing apparatus, and document managing method
JP4717509B2 (ja) 文書管理装置及びその制御方法、コンピュータプログラム、記憶媒体
JP5376989B2 (ja) 情報処理装置及びそれらの制御方法並びにプログラム
JP7533192B2 (ja) 情報処理装置およびプログラム
JP2010020698A (ja) 情報処理システム、情報処理方法、情報処理プログラム及び記録媒体
JP2003273860A (ja) 暗号化文書閲覧方法、暗号化文書閲覧システム、暗号化文書閲覧プログラム、暗号化文書閲覧プログラムを格納する記憶媒体、暗号化文書閲覧システムに用いられる管理装置、暗号化文書のデータ構造、暗号化文書のデータ構造生成装置、及び暗号化文書のデータ構造生成プログラム
CN1843025B (zh) 图像处理设备和图像处理方法
JP2013022762A (ja) 印刷装置、印刷装置の制御方法及びコンピュータプログラム
JP6350624B2 (ja) 情報処理装置、情報処理システム、その制御方法及びプログラム
JP7322930B2 (ja) プログラム
JP6375804B2 (ja) プログラム、情報処理装置、情報処理システム、及び情報処理方法
JP6015625B2 (ja) 情報処理装置、情報処理システム、その制御方法及びプログラム
EP3985497A1 (en) Information processing system, output system, output method, and recording medium

Legal Events

Date Code Title Description
DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 11914569

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06796510

Country of ref document: EP

Kind code of ref document: A1