WO2009142096A1 - Electronic document control apparatus, method, program and system - Google Patents

Electronic document control apparatus, method, program and system Download PDF

Info

Publication number
WO2009142096A1
WO2009142096A1 PCT/JP2009/058218 JP2009058218W WO2009142096A1 WO 2009142096 A1 WO2009142096 A1 WO 2009142096A1 JP 2009058218 W JP2009058218 W JP 2009058218W WO 2009142096 A1 WO2009142096 A1 WO 2009142096A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic document
content
verification
layout
page
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2009/058218
Other languages
English (en)
French (fr)
Inventor
Yusuke Fukasawa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Priority to US12/865,530 priority Critical patent/US8484555B2/en
Publication of WO2009142096A1 publication Critical patent/WO2009142096A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1062Editing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to an electronic document control apparatus, method and program for editing an electronic document created by a preparer, and to a system that includes this apparatus.
  • an electronic document (original) created by a preparer is subjected to an operation such as editing by another user.
  • another user subjects an original electronic document to editing so as to change the layout to a "4-in-l" layout, etc.
  • Such editing is performed in accordance with a security policy such as access privilege given to the electronic document (i.e., the original) by the preparer.
  • a security policy such as access privilege given to the electronic document (i.e., the original) by the preparer.
  • a server for managing security policy and the like is set up and the server is connected to multiple client terminals to thereby construct an electronic document control system. If the number of users increases and the system becomes one of large scale, the network may become increasingly diversified and the environment may not be one in which users and preparers can communicate directly. However, the necessity of the system is premised upon an environment in which users and preparers can communicate, although this is not necessarily realized depending upon the particular electronic document control system. Accordingly, it is necessary to construct an environment which takes into account the fact that approval of the preparer in regard to edited content is obtained when a user edits the electronic document created by the preparer.
  • the present invention provides an electronic document control apparatus capable of enhancing convenience when a user edits an electronic document.
  • the present invention in its first aspect provides an electronic document control apparatus for editing an electronic document, which has been imparted with a policy for permitting page layout or for permitting background rendering of content in addition to page layout, and in which a digital signature has been applied to the content, the apparatus comprising: first verification means configured to verify that the content to which the digital signature has been applied has not been altered; second verification means configured to verify that a referential target of a new page generated afresh in editing of the electronic document is a signature area to which a digital signature has been applied; third verification means configured to, if the electronic document has been imparted with a policy for permitting page layout, verify that the referential target of a new page generated afresh in editing of the electronic document does not include anything other than the content to which the digital signature has been applied, and if the electronic document has been imparted with a policy for permitting page layout and background rendering of content, verify that the referential target
  • the present invention in its second aspect provides an electronic document control method executed in an electronic document control apparatus for editing an electronic document, which has been imparted with a policy for permitting page layout or for permitting background rendering of content in addition to page layout, and in which a digital signature has been applied to the content, the method comprising: a first verification step of verifying that the content to which the digital signature has been applied has not been altered; a second verification step of verifying that a referential target of a new page generated afresh in editing of the electronic document is a signature area to which a digital signature has been applied; a third verification step of verifying that the referential target of a new page generated afresh in editing of the electronic document does not include anything other than the content to which the digital signature has been applied if the electronic document has been imparted with a policy for permitting page layout, and verifying that the referential target of a new page generated afresh in editing of the electronic document does not include anything other than the content and a background object of the content if the electronic document has been
  • the present invention in its third aspect provides an electronic document control system including a terminal device for creating an electronic document, an electronic document control apparatus for editing a created electronic document, and a server for controlling a policy imparted to the electronic document, the terminal device and electronic document control apparatus being connected via the server and a network, wherein the terminal device and server include: imparting means configured to impart the electronic document with a policy for permitting page layout or for permitting background rendering of content in addition to page layout; and signature means configured to apply a digital signature to content in the electronic document to which the policy has been imparted by the imparting means; and the electronic document control apparatus includes: first verification means for verifying that the content to which the digital signature has been applied has not been altered; second verification means configured to verify that a referential target of a new page generated afresh in editing of the electronic document is a signature area to which a digital signature has been applied; third verification means configured to, if the electronic document has been imparted with a policy for permitting page layout, verify that the referential target of a new
  • the present invention in its fourth aspect provides an electronic document control apparatus comprising: layout changing means configured to change page layout of an electronic document; detection means configured to detect a content change in a content contained in the electronic document; and determination means configured to judge whether the detection means has detected a content change in the content in a case where page layout has been changed by the layout changing means; wherein a change in a page layout by the layout changing means is permitted if result of the determination by the determination means is that there has be no content change in the content; and a change in page layout by the layout changing means is not permitted if result of the determination by the determination means is that there has been a content change in the content.
  • the present invention in its fifth aspect provides a method of controlling an electronic document, comprising a changing step of changing a page layout of an electronic document; a detecting step of detecting a content change in a content contained in the electronic document; and a judging step of judging whether a content change in the content has been detected in a case where page layout has been changed; wherein a change in page layout is permitted if result of the determination is that there has be no content change in the content; and a change in page layout is not permitted if result of the determination is that there has been a content change in the content.
  • FIG. 1 is a flowchart illustrating an overview of processing executed by an electronic document control system that includes an electronic document control apparatus according to an embodiment of the present invention
  • FIG. 2 is a flowchart illustrating in greater detail the processing executed by an electronic document control system in this embodiment;
  • FIG. 3 is a diagram illustrating an overview of _ Q _
  • FIG. 4 is a diagram illustrating the composition of an electronic document before and after application of a partial signature to content information of the electronic document by a preparer;
  • FIG. 5 is a flowchart illustrating processing whereby a preparer applies a partial signature solely to content information of an electronic document
  • FIG. 6 is a diagram useful in describing the structure of an electronic document when a user has performed layout editing
  • FIG. 7 is a diagram illustrating an example of the data structure of an electronic document (a PDF file) before layout editing
  • FIG. 8 is a diagram illustrating an example of the data structure of an electronic document (a PDF file) after layout editing
  • FIG. 9 is a flowchart illustrating processing for verifying whether only layout editing has been performed correctly in this embodiment
  • FIG. 10 is a diagram illustrating an example of the data structure of an electronic document in a state in which a partial signature has been applied
  • FIG. 11 is a diagram illustrating an example of a dictionary in which content information has been put into the form of a FormXObject
  • FIG. 12 is a diagram illustrating an example of a content dictionary that has been inserted into a new page
  • FIG. 13 is a diagram illustrating an example of the data structure of a content dictionary in a case where a user has added on background rendering data in layout editing.
  • FIG. 14 is a diagram illustrating an example of the configuration of an information processing apparatus applied to a terminal used by a preparer or user and to the policy server shown in FIG. 3.
  • FIG. 1 is a flowchart illustrating an overview of processing executed by an electronic document control system that includes an electronic document control apparatus according to an embodiment of the present invention.
  • the flowchart shown in FIG. 1 is executed in an electronic document control system shown in FIG. 3 and including a terminal used by a preparer of an electronic document, a terminal used by a user and a policy server for controlling policy imparted to an electronic document.
  • FIG. 3 will be described later.
  • the preparer uses his own terminal to impart an electronic document with a policy for layout control (inclusive of control of background rendering) while communicating with the policy server.
  • the electronic document is a PDF (Portable Document Format) file, by way of example.
  • the preparer using the terminal, applies a digital signature (referred to simply as a "signature” below) solely to content information desired to be protected.
  • a digital signature referred to simply as a "signature” below
  • Such signature processing will be referred to as a "partial signature” below.
  • step S103 the user uses his terminal to edit an electronic document created and provided with a partial signature by the preparer.
  • a created electronic document is subjected to a page layout that includes a "2-in-l" page layout.
  • Page layout (layout processing) in this embodiment includes not only the allocation of pages but also imposition and layout arrangement of content in PDF data created by the preparer.
  • step S104 From step S104 onward, whether only a layout change has been made with no alteration of content information is verified, and it is determined based upon the result of verification whether the electronic document has or has not been altered.
  • step S105 the content information to which the partial signature has been applied is verified (i.e., subjected to partial verification) . If it is determined at this stage that the content information has not been altered, control proceeds to step S106. If alteration is determined, on the other hand, then this processing is exited based upon this result.
  • step S106 whether content information being referred to in the layout editing portion coincides with information in a partial signature area is verified. If it is determined that the two coincide, then it is determined that only layout editing has been performed and not alteration of content information. This processing is then exited based upon this result. If it is determined that the two do not coincide, then it is determined that content information has been altered. This processing is then exited based upon this result.
  • FIG. 2 is a flowchart illustrating in greater detail the processing executed by an electronic document control system in this embodiment.
  • the preparer generates an electronic document at his own terminal.
  • the generated electronic document is the original in the electronic document control system.
  • the terminal of the preparer communicates with the policy server, etc., and imparts the electronic document with a layout- control policy.
  • the preparer uses his own terminal, the preparer applies a partial signature solely to the content information.
  • step S204 the user acquires the electronic document created by the preparer and, using an electronic document editing application, etc., at his own terminal, starts page-layout processing with respect to the partially signatured electronic document. Processing from this point onward is executed in the terminal- of the user. By controlling peripheral blocks using a CPU within the terminal, each processing step is executed.
  • step S205 the total number of pages of the electronic document is acquired.
  • step S206 what the final layout is to be is decided. For example, an ordinary N-in-1 layout is decided. This decision may be made by the user or it may be predetermined. Further, complicated layout processing that differs for every page may also be executed.
  • step S207 the final number of new pages after layout editing is decided.
  • the number of new pages is decided by "total number of pages ⁇ N". For example, if the total number of pages is 100 and the "N" of "N in 1" is "4", then the number of new pages in the layout generated anew will be 25.
  • step S208 whether a page not yet processed at step S209 exists or not is determined. If it is determined that a page not yet processed at step S209 exists, then control proceeds to step S209. On the other hand, if it is determined that all pages have been processed, then control proceeds to step S210. Content information to which each page refers to is converted to an object at step S209.
  • step S210 it is determined whether blank pages, the number of which is the number of new pages after layout editing, have been inserted at the end of the electronic document. If it is determined that blank pages the number of which is the number of new pages have not yet been inserted into the electronic document, then blank pages are inserted into the electronic document in a number equivalent to the number of new pages at step S211. On the other hand, if it is determined that blank pages the number of which is the number of new pages have been inserted into the electronic document, then control proceeds to step S212.
  • step S212 it is determined whether the content of all inserted blank pages has been subjected to the processing of step S213. If it is determined that a page not yet subjected to this processing exists, control proceeds to step S213. On the other hand, if it is determined that the content of all blank pages has been subjected to the processing of step S213, then control proceeds to step S214.
  • Layout editing of pages is performed at step S213. Specifically, in the case of 2-in-l, a "FormXObject" is placed in the content of an inserted blank page in such a manner that reference will be made to the content information of the original page 1 and page 2.
  • the borders of the original pages are deleted but not the content information of the original pages.
  • step S215 Page layout editing of the electronic document is executed in the manner set forth above.
  • step S215 whether only layout editing has been performed correctly (i.e., whether there has been no alteration of the content information of the electronic document as a result of layout editing) is verified. The details of the processing at step S215 will be described later. If is determined at step S216 as a result of the verification at step S215 that the content information has been altered, then control proceeds to step S219, the electronic document is not saved, the policy server is notified of the fact that alteration has occurred and this processing is then exited.
  • step S217 where the layout-edited electronic document is saved. Then, at step S218, the policy server is notified of the fact that there is no alteration and of the content of layout editing and this processing is then exited.
  • the electronic document control system of this embodiment includes the terminal of the preparer of an electronic document, the terminal employed by the user who edits the electronic document created by the preparer, and the policy server for imparting the electronic document with the security policy.
  • the terminals shown in FIG. 3 are connected to the policy server via a network.
  • the policy server is used to control (manage) the privilege (policy such as the access privilege) that has been set regarding an electronic document such as a PDF file. For example, assume that whether or not a certain electronic document is allowed to be changed or printed has been set on a per-user basis.
  • FIG. 14 is a diagram illustrating an example of the configuration of an information processing apparatus applied to a terminal used by a preparer or user and to the policy server shown in FIG. 3. As shown in FIG.
  • the information processing apparatus is equipped with a CPU 1401 which, based upon a program and the like stored in a ROM or external memory, executes processing of a document that is a mixture of figures, images, text and tables (inclusive of spreadsheets, etc.); by way of example.
  • the CPU exercises overall control of various blocks connected to a system bus.
  • An operating system program which is the control program of the CPU, has been stored in a ROM 1403 or external memory 1410.
  • Various data conforming to processing has been stored in the ROM or external memory.
  • a RAM 1402 functions as the main memory or work area, etc., of the CPU 1401.
  • An input interface 1404 controls inputs from an input unit 1408 such as a keyboard and mouse.
  • An output interface 1405 controls a display presented on an output unit 1409 such as a CRT display.
  • a disk controller 1406 controls access to an external memory 1410 storing a booting program, various applications, user files and an edit file, etc.
  • the external memory 1410 employs a hard disk, etc.
  • a network interface 1407 is connected to a network such as a LAN and can communicate with another apparatus. The various components mentioned above are interconnected by a system bus 1411. [0048] FIG.
  • step S301 after the preparer has created an electronic document, the preparer uses the electronic document editing application to set the fact that the electronic document is to be imparted with a policy for controlling layout. In this case, if necessary, the preparer may also set a subsidiary policy to the effect that background rendering is allowed.
  • step S302 using the electronic document editing application and entering the preparer 1 S own ID and password, the preparer logs in to the policy server, which imparts the policy, and requests the server to impart the electronic document with the layout control policy.
  • step S303 after receiving the request, the policy server sends an encryption key and policy information back to the electronic document editing application.
  • the electronic document editing application imparts the electronic document with the policy by means of the policy information and encrypts the electronic document by the encryption key.
  • the electronic document editing application then subjects the electronic document to partial-signature processing (described later) using a preparer certificate.
  • the electronic document imparted with the layout control policy is distributed to the user. Distribution may be performed by e-mail or by the Web using a network or may be carried out by a medium such as a USB memory, CD-ROM or DVD-ROM without relying upon a network.
  • the user who has acquired the electronic document imparted with the layout control policy sends the policy server his own ID and password.
  • the policy server executes processing for authenticating that the user is the user intended by the preparer. If this can be authenticated, then the policy server sends a decryption key and policy information back to the electronic document editing application.
  • step S308 the electronic document editing application decrypts the encrypted electronic document based upon the decryption key and policy information and displays the electronic document. Further, the user is capable of performing an operation that is based upon the policy information.
  • FIG. 4 is a diagram illustrating the composition of an electronic document before and after application of a partial signature to content information of the electronic document by a preparer
  • FIG. 5 is a flowchart illustrating processing whereby a preparer applies a partial signature solely to content information of the electronic document.
  • An electronic document 400 shown in FIG. 4 indicates the internal structure of an electronic document before partial-signature processing is executed.
  • the electronic document will be described as a PDF below.
  • the electronic document 400 contains a page dictionary, a content dictionary and a resource dictionary on a page-by-page basis.
  • the page dictionary refers to the content dictionary
  • the content dictionary refers to the resource dictionary.
  • the content dictionary and resource dictionary will also be referred to collectively as "content information" below. Further, if the resource dictionary refers to other information as well, then it will be assumed that the information referred to also is contained in the content information.
  • electronic-signature information is generated by calculating hash values with regard to the content information of all pages and encrypting the hash values using a secret key that forms a pair with a public key included in the certificate of the content preparer.
  • the generated electronic-signature information, the certificate and the hash range are inserted at the end of the data of the electronic document as a signature dictionary, as indicated in an electronic document 401 (the electronic document that results after partial-signature processing is executed) .
  • the hash range indicates, in the form of an array, the offset values from the uppermost portion of the electronic document file and the numbers of bytes of the content dictionary and resource dictionary in each page.
  • An example of a signature dictionary is described in FIG. 10.
  • step S501 the total number of pages of the electronic document is acquired.
  • step S502 it is determined whether offset values and numbers of bytes of the content information referred to by the page dictionary have been acquired for all pages. If it is determined that these have been acquired for all pages, control proceeds to step S509. On the other hand, if it is determined that these have not been acquired for all pages, then control proceeds to step S503.
  • step S503 reference is had to the content dictionary from the page dictionary. Generally, if an electronic document is a structured document in particular, it has been separated into the framework of pages corresponding to the page dictionary and the content information indicating the content of the document.
  • Page framework contains one or more items of content information.
  • the offset value and number of bytes from the beginning of the file of the electronic document are acquired with regard to the content dictionary to which reference is made.
  • the acquired offset value and number of bytes are stored in memory temporarily.
  • step S505 reference is made to the resource dictionary from the page dictionary.
  • step S506 the offset value and number of bytes from the beginning of the file of the electronic document are acquired with regard to the resource dictionary to which reference is made. The acquired offset value and number of bytes are stored in memory temporarily.
  • step S507 it is determined whether information to which further reference is being made from the resource dictionary exists. If it is determined that information to which further reference is being made from the resource dictionary exists, control proceeds to step S508.
  • step S508 the offset value and number of bytes from the beginning of the file of the electronic document are acquired with regard to resource information such as images and fonts to which further reference is being made from the resource dictionary. The acquired offset value and number of bytes are stored in memory temporarily.
  • step S509 hash values are acquired based upon the offset values and byte values of the content dictionaries stored temporarily in the memory at step S504. The acquired hash values are also stored in memory temporarily.
  • step S510 hash values are acquired based upon the offset values and byte values of the resource dictionaries stored temporarily in the memory at step S506. The acquired hash values are also stored in memory temporarily.
  • step S511 the hash values stored in memory temporarily are encrypted by the secret key of the preparer of the electronic document and the electronic- signature information is generated.
  • a signature dictionary is generated and, at step S513, the electronic-signature information and the certificate containing the public key of the preparer of the electronic document are inserted into the signature dictionary.
  • the offset values and numbers of bytes that have been stored temporarily in memory are inserted into the signature dictionary as information of a signature target area.
  • the information of the signature target area indicates the hash range described in FIG. 4.
  • Processing of a partial signature in an electronic document by the preparer is performed as set forth above. The processing indicated at steps S512 to S514 is executed in such a manner that the signature is inserted at the end of the electronic document, as illustrated in FIG. 4. Such processing is referred to as "incremental save" in the case of a PDF file.
  • FIG. 6 is a diagram useful in describing the structure of an electronic document when a user has performed layout editing.
  • An electronic document 600 illustrates the internal structure of electronic-document data after application of a partial signature to content information and execution of layout editing. As shown in FIG. 6, all information that has undergone layout editing has been incrementally saved at the end of the electronic document, as indicated by data 601.
  • the layout editing content shown at data 601 is that the content information of electronic document 600 is wrapped using "FormXObject" . This corresponds to the processing at step S209 in FIG. 2.
  • This is followed by a description to the effect that a blank page is inserted anew and that "FormXObject" is reduced in size and pasted at designated positions in a number equivalent to the number of impositions.
  • insertion of a blank page corresponds to step S211 of FIG.
  • FIG. 6 An image 602 (FIG. 6) is an image diagram displayed to the user as a result of execution of layout editing. This indicates the display content of a new layout page in a case where a "2-in-l" imposition has been performed.
  • FIG. 7 is a diagram illustrating an example of the data structure of an electronic document (a PDF file) before layout editing
  • FIG. 8 is a diagram illustrating an example of the data structure of an electronic document (a PDF file) after layout editing.
  • Data 700 shown in FIG. 7 is a parent dictionary for managing each of the page dictionaries in the PDF file; it is referred to as the "pages dictionary" .
  • the information of pages actually used (displayed) is described in the pages dictionary.
  • reference to a page dictionary is described in an array format as the value of "/Kids”.
  • Data 701 indicates a page dictionary and makes reference to content information and a resource dictionary, as described earlier.
  • Data 702 is a resource dictionary to which reference is made from the page dictionary and gathers resource information such as images and fonts.
  • the resource dictionary refers to various resource information.
  • Data 703 is a content dictionary to which reference is made from the page dictionary. Here rendering content actually displayed on the display monitor has been described.
  • the information in the content dictionary makes reference to information such as images and fonts.
  • Data 704 is various dictionaries to which reference is had from a resource dictionary of image and fonts, etc. [0067]
  • the content information described in FIG. 4 contains the resource dictionaries (data 702), content dictionaries (data 703) and various dictionaries (data 704).
  • the portion enclosed by the black frame formed by the bold line in FIG. 7 is the target area of the partial signature.
  • FIG. 8 is a diagram illustrating an example of the data structure of an electronic document (a PDF file) after layout editing.
  • Data 800 in FIG. 8 is a pages dictionary in the data structure of the electronic document (PDF file) after layout editing.
  • data 801 to 805 is inserted into a blank page that has been inserted at step S211 of FIG. 2, and the structure is changed in such a manner that reference is had to a page in which the values of "/Count" and "/Kids" of data 800 have been inserted.
  • the value of "/Kids" shown in data 800 indicates the page dictionary that has been created anew.
  • the page reference information (the value of "Kids" in data 700 of FIG. 7) that existed before layout editing has been detected, as described in conjunction with FIG. 6.
  • Data 801 is a page dictionary that has been added on anew with execution of layout editing and is referring to the resource dictionary indicated by data 802 and the content data indicated by data 803.
  • the data 802 is referring to data 804 and 805 obtained by putting the content information into object form by "FormXObject".
  • the fact that this layout is "2-in-l” is indicated by the description "Do/Pagel Do/Page2" of data 803.
  • the items of data 804 and 805 are dictionaries obtained by putting the content information into object form by "FormXObject" before layout editing.
  • FIG. 9 is a flowchart illustrating processing for verifying whether only layout editing has been performed correctly in this embodiment.
  • the processing shown in FIG. 9 is classified broadly into three portions, namely a portion (first verification) indicated at steps S901 to S905, a portion (second verification) indicated at steps S906 to S910, and a portion (third verification) indicated at steps S911 to S914.
  • the portion indicated at steps S901 to S905 performs partial verification with regard to a portion related to content information.
  • the portion indicated at steps S906 to S910 verifies whether the referential target of a content dictionary of "FormXObject" created as a new page coincides with a content dictionary to which a partial signature has been applied by the preparer.
  • FIG. 9 is described with regard to a case where the electronic document is a PDF file. However, in a case where another structured document is used, processing corresponding to the processing of FIG. 9 is executed in such a manner that the objectives of the three types of verification described above can be achieved. In such case the division of processing into three portions need not be in accordance with the flowchart shown in FIG. 9. For example, some of the steps of the third verification may be performed at steps indicated by the second verification.
  • a signature dictionary is acquired from the electronic document and then, at step S902, the area that has been signatured (the signature area), i.e., the information that is the pair of offset value and number of bytes, is acquired from the acquired signatured dictionary.
  • the hash values are acquired based upon the signature area acquired at step S902.
  • the electronic- signature information and the public key which is contained in the certificate, are acquired. Further, by using the acquired public key, the electronic- signature information is decrypted and a message digest is acquired.
  • the message digest is composed of the hash values included in the electronic-signature information.
  • step S905 the hash values acquired at step S903 and the message digest acquired at step S904 are compared. If agreement is determined, control proceeds to step S906. If there is no agreement, then it is determined that an alteration has occurred and this processing is exited. [0074]Next, at step S906, it is determined whether the processing of steps S907 to S910 has been executed with respect to all new pages. If it is determined here that the processing has been executed with respect to all pages, control proceeds to step S911. On the other hand, if it is determined that an unprocessed page remains, then control proceeds to step S907. [0075]At step S907, reference is had to "FormXObject" in the content within the page dictionary.
  • FormXObject indicates the data 804 or 805 shown in FIG. 8.
  • step S908 reference is had to the content in the stream information in "FormXObject". For example, this means making reference to the content that has been described in "stream” of data 804 shown in FIG. 8.
  • step S909 the offset value and number of bytes from the beginning of the file of the electronic document of the content referred to at step S908 are acquired.
  • step S910 it is determined whether the pair formed by the offset value and number of bytes acquired at step S909 is in the information (i.e., hash range) of the signature area acquired from the signature dictionary.
  • step S911 it is determined whether the processing of steps S912 to S914 has been executed with respect to all new pages. If it is determined here that an unprocessed page still exists, control proceeds to step S912.
  • step S912 reference is made to "FormXObject" in the content within the page dictionary.
  • step S913 it is determined whether "FormXObject" in the content within the page dictionary is positively the "FormXObject” that was created at the time the layout was created.
  • FIG. 12 is a diagram illustrating an example of a content dictionary 1200 that has been inserted into a new page.
  • “FormXObject” other than that of pages 1 and 2 (e.g., page 3), which is content that has been partially signatured, in "stream” in which rendering information has been described. Accordingly, it is determined positively that "FormXObject" in the content within the page dictionary is the "FormXObject” that was created at the time the layout was created.
  • step S913 If it is determined at step S913 that "FormXObject" in the content within the page dictionary is the "FormXObject” that was created at the time the layout was created, control proceeds to step S914.- On the other hand, if it is determined that FormXObject" in the content within the page dictionary is not the "FormXObject” that was created at the time the layout was created, then it is construed that reference is being made to content that is outside the signature area. Accordingly, it is determined that an alteration has been made and this processing is exited. [0079]Next, at step S914, it is determined whether data exists at the end of the content dictionary. [0080]With reference again to FIG.
  • FIG. 10 is a diagram illustrating an example of the data structure of an electronic document in a state in which a partial signature has been applied. As illustrated in FIG. 10, the offset values and numbers of bytes of the content dictionary and resource dictionary of each page in electronic document 1000 have been inserted into the signature dictionary as the hash range. The signature dictionary has been incrementally saved at the end, as already described. Further, in a case where verification of the partial signature indicated at steps S901 to S905 in FIG.
  • FIG. 11 is a diagram illustrating an example of a dictionary in which content information has been put into the form of a FormXObject.
  • Data 1100 indicates a dictionary in which content information has been put into the form of FormXObject.
  • the offset value and number of bytes of the reference information in "stream" in which the rendering information of data 1100 has been described are acquired. If the acquired pair of values exist in the signature dictionary, it can be construed that the content to which the data 1100 refers has been protected by a signature and therefore it can be determined that no alteration has been made.
  • FIG. 13 is a diagram illustrating an example of the data structure of a content dictionary in a case where a user has added on background rendering data in layout editing.
  • the preparer sets a background-rendering possible / not possible policy together with the layout control policy with respect to an electronic document, thereby making it possible to control background rendering.
  • Data 1300 shown in FIG. 13 indicates the content of the content dictionary of a page newly added on for layout editing.
  • the content dictionary is expressed in the PDF format. Here each "FormXObject" puts the content information into the form of an object, as already described.
  • the electronic document ⁇ editing application makes background rendering possible by adding the rendering information to the beginning of the stream data, as indicated at data 1300.
  • a character string is rendered with respect to the designated position information, as indicated at image 1301.
  • FIG. 13 illustrates a "4-in-l" layout.
  • the rendered content background object
  • the rendered content may be an image rather than a character string.
  • the first to third verifications described in FIG. 9 are carried out also in a case where the user performs background rendering.
  • the third verification in particular, what is verified is that the content dictionary of a new page is referring solely to "FormXObject" created in a new page and is not referring to any data other than that of "FormXObject" and a background object.
  • rendering information is added solely to the beginning of the stream data, as illustrated in the data 1300 of FIG. 13, processing does not change because it is determined at step S914 in FIG. 9 whether data exists at the end of the content dictionary.
  • the present invention also includes a case where an operating system or the like running on a computer executes some or all of the actual processing based upon instructions in program code (the code of the electronic document control program) , whereby the functions of the above-described embodiment are implemented by this processing. Furthermore, the present invention is applied also with regard to a case where program code read from a storage medium has been written to a memory provided on a function expansion card inserted into the computer or a memory provided in a function expansion unit connected to the computer. In this case, a CPU or the like provided on the function expansion board or function expansion unit performs some or all of the actual processing based upon the instructions in the written program code and the functions of the foregoing embodiments are implemented by this processing.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Document Processing Apparatus (AREA)
  • Storage Device Security (AREA)
PCT/JP2009/058218 2008-04-24 2009-04-20 Electronic document control apparatus, method, program and system Ceased WO2009142096A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/865,530 US8484555B2 (en) 2008-04-24 2009-04-20 Electronic document control apparatus, method, program and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008114420A JP5400319B2 (ja) 2008-04-24 2008-04-24 電子文書制御装置、方法およびプログラム
JP2008-114420 2008-04-24

Publications (1)

Publication Number Publication Date
WO2009142096A1 true WO2009142096A1 (en) 2009-11-26

Family

ID=41340029

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/058218 Ceased WO2009142096A1 (en) 2008-04-24 2009-04-20 Electronic document control apparatus, method, program and system

Country Status (3)

Country Link
US (1) US8484555B2 (https=)
JP (1) JP5400319B2 (https=)
WO (1) WO2009142096A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009265927A (ja) * 2008-04-24 2009-11-12 Canon Inc 電子文書制御装置、方法、プログラム、並びに、システム

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6990581B1 (en) 2000-04-07 2006-01-24 At&T Corp. Broadband certified mail
US8782392B1 (en) * 2011-04-11 2014-07-15 Google Inc. Privacy-protective data transfer and storage
US20170039392A1 (en) * 2015-08-05 2017-02-09 Chita Inc. Managing Regulated Content Items Stored on Non-Regulated Storage Platforms
KR101746162B1 (ko) * 2016-02-26 2017-06-12 고려대학교 산학협력단 영상 데이터에 대한 무결성 검증 장치 및 이를 이용한 무결성 검증 방법
US10694330B2 (en) 2016-12-22 2020-06-23 Metadata Solutions, Inc. Validating mobile applications for accessing regulated content
WO2019084179A1 (en) 2017-10-24 2019-05-02 Nike Innovate C.V. IMAGE RECOGNITION SYSTEM
JP7526655B2 (ja) * 2020-12-10 2024-08-01 富士通株式会社 情報処理プログラム、情報処理方法、情報処理装置および情報処理システム
WO2025041484A1 (ja) * 2023-08-24 2025-02-27 ソニーグループ株式会社 画像処理装置および方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001167086A (ja) * 1999-12-07 2001-06-22 Hitachi Ltd 文書のデジタル署名付き管理方法および文書管理装置
JP2004180278A (ja) * 2002-11-15 2004-06-24 Canon Inc 情報処理装置、サーバ装置、電子データ管理システム、情報処理システム、情報処理方法、コンピュータプログラム及びコンピュータ読み取り可能な記憶媒体
JP2005285020A (ja) * 2004-03-30 2005-10-13 Fuji Electric Holdings Co Ltd 原本性保証方法、情報処理装置、プログラム、記録媒体
US20080082829A1 (en) * 2006-09-29 2008-04-03 Fujitsu Limited Recording medium, digital information verification apparatus, and digital information verification method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7735144B2 (en) * 2003-05-16 2010-06-08 Adobe Systems Incorporated Document modification detection and prevention
JP4717509B2 (ja) * 2005-05-17 2011-07-06 キヤノン株式会社 文書管理装置及びその制御方法、コンピュータプログラム、記憶媒体
JP4921065B2 (ja) * 2005-09-08 2012-04-18 キヤノン株式会社 情報処理装置及び方法、並びにコンピュータプログラム及びコンピュータ可読記憶媒体
JP5400319B2 (ja) * 2008-04-24 2014-01-29 キヤノン株式会社 電子文書制御装置、方法およびプログラム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001167086A (ja) * 1999-12-07 2001-06-22 Hitachi Ltd 文書のデジタル署名付き管理方法および文書管理装置
JP2004180278A (ja) * 2002-11-15 2004-06-24 Canon Inc 情報処理装置、サーバ装置、電子データ管理システム、情報処理システム、情報処理方法、コンピュータプログラム及びコンピュータ読み取り可能な記憶媒体
JP2005285020A (ja) * 2004-03-30 2005-10-13 Fuji Electric Holdings Co Ltd 原本性保証方法、情報処理装置、プログラム、記録媒体
US20080082829A1 (en) * 2006-09-29 2008-04-03 Fujitsu Limited Recording medium, digital information verification apparatus, and digital information verification method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009265927A (ja) * 2008-04-24 2009-11-12 Canon Inc 電子文書制御装置、方法、プログラム、並びに、システム

Also Published As

Publication number Publication date
JP2009265927A (ja) 2009-11-12
US8484555B2 (en) 2013-07-09
US20100313117A1 (en) 2010-12-09
JP5400319B2 (ja) 2014-01-29

Similar Documents

Publication Publication Date Title
US8484555B2 (en) Electronic document control apparatus, method, program and system
US8275993B2 (en) Author signatures for legal purposes
Khadam et al. Digital watermarking technique for text document protection using data mining analysis
US8719578B2 (en) Document verifying apparatus, document verifying method, and computer product
US20100031140A1 (en) Verifying An Electronic Document
US20050134896A1 (en) Data processing system, data processing method and apparatus, document printing system, client device, printing device, document printing method, and computer program
US8200975B2 (en) Digital signatures for network forms
US8359473B1 (en) System and method for digital rights management using digital signatures
JP4093723B2 (ja) 構造を持った文書に対する電子署名方法及び装置
US7984302B2 (en) Electronic document management apparatus, electronic document management method, and computer program
CN101751526B (zh) 电子文档保护系统及方法
US8887290B1 (en) Method and system for content protection for a browser based content viewer
Mir Copyright for web content using invisible text watermarking
KR20080105721A (ko) 문서 보안 방법
Jøsang et al. What you see is not always what you sign
EP4250157B1 (en) Image processing apparatus, image processing system, image processing program, and image processing method
Boritz et al. Assurance reporting for XBRL: XARL (extensible assurance reporting language)
US10176334B2 (en) Data security using alternative encoding
US20060203255A1 (en) System for certifying whether printed material corresponds to original
CN109302292A (zh) 文件检验方法、装置、电子设备及存储介质
Alsaid et al. Dynamic content attacks on digital signatures
CN117331477A (zh) 三维模型批注数据的存储方法、装置及电子设备
Hwang et al. Design and Implementation of the Document HTML System for Preserving Content Integrity.
Scheibelhofer What You See Is What You Sign: Trustworthy Display of XML Documents for Signing and Verification
Jøsang et al. Robust WYSIWYS: a method for ensuring that what you see is what you sign

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09750458

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 12865530

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09750458

Country of ref document: EP

Kind code of ref document: A1