JP2002351743A - Document distribution system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a document distribution system which can improve security. SOLUTION: A transmission-side computer 1 generates a document only for browsing according to an original document, specifies a printer 3 which is made to print the original document, obtains a ciphering key related to the printer 3 from an open key server 4, and generates a ciphered document by ciphering the original document with the obtained ciphering key. Then a document container containing the document only for browsing and the ciphered document is distributed to a reception-side computer 2, which displays the document only for browsing and outputs the ciphered document to the printer 3 as instructed. The printer 3 deciphers the ciphered document by using a deciphering key stored in a storage part 33 and prints the document.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a document distribution system for printing a document to be distributed, and more particularly to an improvement for specifying a leak point of a document.

[0002]

2. Description of the Related Art In recent years, an electronic document distribution technique using an e-mail or a Web server has been developed. Although these technologies allow anyone to access electronic documents to be distributed, there is a concern that security will be reduced. That is, a user of an e-mail or a Web server reproduces the original document (original document) on a personal computer used by the user and operates the original document in addition to operations such as display and printing, processing, Processing such as copying and transfer becomes possible.

[0003] Then, an encryption process is performed on these electronic documents using an encryption key published by a valid distribution destination, and
There is a system (public encryption key system) in which the other party decrypts with a decryption key kept secret in correspondence with the public key. According to this, there is less concern about security deterioration as described above. This is because the document that can be obtained from the Web server is in an encrypted state.

However, as a mode of information leakage in recent years, there is a problem of information leakage in an organization of a distribution destination. Specifically, once a document has been properly distributed as an encrypted document and decrypted, the decrypted original document can be stored in a computer and leaked electronically, or printed to make paper. Will be distributed through copying and the like.

[0005] Here, a special printing technique (so-called "cherry blossom printing") for making a character string such as "prohibited copying" appear during copying for paper copying as in the latter case is known. I have.

[0006]

However, in the above-mentioned conventional techniques such as printing on cherry blossom paper, the source of the leaked information is whether the original document stored electronically was copied illegally or the printed document was copied. It cannot be distinguished whether it is distributed or not.

[0007] In the conventional public key cryptosystem, a public key is issued to a person of a distribution destination. Therefore, an original document encrypted with the public key is handled by the distribution destination. It is left to the person. Therefore, there is a problem that the user of the distribution source cannot specify the source of the information, and it is difficult to specify the source, which cannot contribute to improvement of security.

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and has as its object to provide a document distribution system capable of improving the security by enabling a user of a distribution source to specify a source of information. And

[0009]

SUMMARY OF THE INVENTION The present invention for solving the above-mentioned problems of the prior art is provided in a document distribution system at a document provider, and can be decrypted only by a predetermined printing device based on an original document. A document providing apparatus that generates an encrypted document and a read-only document obtained by performing an appropriate encryption process, and distributes the generated encrypted document and the read-only document as a document container; Receiving the encrypted document container, providing the browse-only document included in the document container for browsing, and outputting an encrypted document included in the document container to a printing device capable of decrypting the encrypted document according to an instruction. Device and a printing device for decrypting an encrypted document input from the document acquisition device to reproduce the original document and printing the reproduced original document The a, the selected encryption process in the file server side, characterized in that the identifiable by providing source printing destination of the print device. As a result, the printing apparatus as an information output point can be specified by the document provider, and the source of information distribution can be easily specified, thereby improving security.

[0010] The document providing apparatus distributes the encrypted document to be included in the document container, including information to be printed when the encrypted document is printed, and the printing apparatus decrypts the encrypted document. The obtained original document is preferably printed together with the information to be overlaid. With this overlay printing, the setting of the cherry blossom paper can be set by the provider, which can contribute to improvement of security.

The present invention for solving the above-mentioned problems of the prior art is a printing apparatus which receives an input of an encrypted document as a print target and decrypts the encrypted document by a predetermined decryption process. And a means for printing the original document obtained by the decryption process.

If the encrypted document includes additional information to be printed with the document together with the overlay document, the original document obtained by decrypting the encrypted document is printed, and the additional information is overlaid. Printing is also preferred.

Further, the present invention for solving the above-mentioned problems of the prior art is characterized in that, in an output device, means for decrypting an encrypted document input as an output target by a preset decryption process; And a means for outputting the original document obtained by the conversion processing in a predetermined mode.

Further, according to the present invention, in order to solve the above-mentioned problems of the prior art, a document distribution apparatus is provided with a decoding process which is uniquely set for a printing apparatus arranged at a distribution destination in order to distribute an original document. Means for generating an encrypted document by encrypting the original document so that it can be decrypted by
Means for distributing the encrypted document, and a printer capable of printing the original document at a source of the original document can be specified.

According to another aspect of the present invention, there is provided a document delivery method which can be decrypted by a decryption process which is set uniquely for a printing apparatus arranged at a delivery destination of an original document. Identifying a printing device that includes a step of encrypting an original document and generating an encrypted document, and a step of delivering the encrypted document, and causing the original document to be printed at the source of the original document. The feature is that it is possible.

The present invention for solving the problems of the above-mentioned conventional example is a program to be executed by a microcomputer built in a printing apparatus. , And a procedure for performing control for printing the original document obtained by the decryption is performed.

Further, the present invention for solving the problem of the above-mentioned conventional example provides a document distribution system which reads an original document which is arranged at a document provider and which is to be distributed, and which has a predetermined encryption. A scanner for encrypting with a key to generate and output an encrypted document, a document providing device for delivering the encrypted document input from the scanner, and receiving the encrypted document delivered from the document providing device. A document acquisition device that decrypts the encrypted document with a decryption key associated with the information for identifying the scanner and reproduces the original document. It is characterized in that the scanner used for inputting a document can be specified on the acquisition side.

[0018]

[First Embodiment] A first embodiment of the present invention will be described with reference to the drawings. As shown in FIG. 1, the document distribution system according to the first embodiment of the present invention is provided at a sending computer 1 as a document providing device provided at a document providing source and at a document providing destination. Receiving computer 2a as a plurality of document acquisition devices,
, A printer 3 as a printing device, and a public key server 4.
The receiving side computer 2 and the public key server 4 are connected via a network so as to be able to communicate with each other, and the printer 3 is via a local area network (LAN) so as to be able to communicate with the receiving side computer 2. It is connected. The transmitting computer 1 and the receiving computer 2 are both general personal computers. It should be noted that the network is actually connected to a greater number of document destinations and printers.
Here, these descriptions are omitted for the sake of explanation.

The printer 3 includes a data interface (I / F) 31, a control unit 32, a storage unit 33, and a print processing unit 34. As shown in FIG. 2, the public key server 4 stores information for identifying the printer (organization name, device name, Ethernet (registered trademark) address, IP address, and the like) and a code corresponding to a decryption key uniquely stored in the printer. It stores a table in which keys are associated with each other.

The transmitting computer 1 obtains, from the public key server 4, an encryption key corresponding to the printer 3 for printing the original of the electronic document to be distributed (original document) in accordance with an instruction from the operator. Then, the original document is encrypted using the encryption key. This encryption process is the same as that in the widely known public key cryptosystem, and a detailed description thereof will be omitted. The transmitting computer 1 distributes the encrypted original document (encrypted document) via the network. Specifically, the transmitting computer 1 may process the image data read by the scanner as an original document, or may process data generated by a word processor or the like as an original document.

The receiving computer 2 receives and stores the encrypted document via a network. Here, since the encrypted document can be decrypted only with the decryption key unique to the printer 3, the user cannot obtain the original document on the receiving computer 2. The receiving computer 2 receives the instruction from the user and outputs the encrypted document to the printer 3 via the LAN.

The printer 3 is shared by a plurality of receiving computers 2a, 2b,. The data interface 31 of the printer 3 is connected to the LAN, and outputs data input from any of the receiving computers 2 via the LAN to the control unit 32.

The control unit 32 includes a data interface 31
If the data input via the is not an encrypted document, the print control unit 34 is controlled based on the data to perform printing. If the data is an encrypted document, a decryption process is started. That is, upon receiving the input of the encrypted document, the control unit 32 activates a decryption processing program stored in the storage unit 33, and first reads a secret decryption key from the storage unit 33. Then, the encrypted document is decrypted using the decryption key to generate an original document. The control unit 32 controls the print processing unit 34 based on the original document, and prints the contents of the original document. Note that the control unit 32 is, for example, a processing language (P) for controlling the print processing unit 34 based on the input data.
An instruction using a language such as ostscript (trademark) is generated, and the print processing is executed by outputting the instruction to the print processing unit 34.

The storage unit 33 stores a program executed by the control unit 32. The storage unit 33
Holds a uniquely set decryption key. The print processing unit 34 performs printing in accordance with an instruction input from the control unit 32.

As described above, a characteristic of the present embodiment is that the decoding process is integrated into a device such as the printer 3 which forms the final output point.
That is, by performing the decoding process as part of the output process, the data obtained by the decoding does not leak to other output devices, and the source of the information is specified. In addition, the source of the document specifies the device that is the final output point by using the encryption process, so that the source can be specified by the provider with a simple configuration.

Further, the transmitting computer 1 generates not only the encrypted document but also a document for viewing only in order to transmit what the contents are, and distributes the document together with the encrypted document. Is preferred. Here, a set of an encrypted document and a read-only document is referred to as a “document container”. In this way, the content of the document can be confirmed in the receiving computer 2 without generating the original document. It is preferable that the read-only document be a hard copy of the screen when the original document is displayed, or bitmap image data obtained by concealing a part of the hard copy. This makes it possible to improve the readability (easiness of confirmation) of the content while maintaining a state in which the original document cannot be easily reproduced from the read-only document.

Next, the operation of the document distribution system according to the present embodiment will be described. The transmitting computer 1
According to the instruction of the user, a browsing-only document is generated from the electronic document (original document) to be distributed. Further, an encryption key corresponding to the printer 3 for printing at the distribution destination is obtained from the public key server 4 via the network, and the original document is encrypted using the encryption key to generate an encrypted document.

The transmitting computer 1 generates a document container in which the read-only document and the encrypted document are set, and sends this to the receiving computer 2 via the network.
Send to The receiving computer 2 displays the browsing-only document included in the received document container on a display and presents it to the user according to the user's instruction. Also, when the user instructs printing, the encrypted document is
Output to the printer 3 via the AN.

The printer 3 performs a decryption process on the input encrypted document by using a decryption key preset in the storage unit 33. Then, the original document obtained by the decryption process is printed.

On the other hand, when an output instruction is given to another printer 3 ′ (not shown) that is not intended by the user of the transmitting computer 1, the decryption key set in the printer 3 ′ is different. It cannot be decrypted and the original document is not printed. Further, when the document is output not to the printer 3 according to the present embodiment but to a normal printer, the encrypted document itself is printed, so that a meaningless character string is printed.

As described above, according to the present embodiment, the printer as the output point is selected according to the user's intention of the transmitting computer 1, so that the source is clarified, which contributes to improvement of security. it can.

Incidentally, when printing is performed in this manner,
The security can be further improved by combining cherry-paper printing technology. That is, in this case, information to be printed by being superimposed (overlaid) on the original document at the provider is set in the original document, and the original document after the setting is encrypted. In this case, the control unit 32 of the printer 3
Prints the original document obtained by decrypting the original document by overlaying the information to be printed on the overlay included in the original document.

Here, the information to be overlay-printed includes a character string indicating that the information has been encrypted, the name and name of the destination (recipient), or an instruction to print the printing time.

In the above description, the encrypted document is generated by encrypting the original document itself. However, the original document is converted into a description in a control language for print processing, and the converted description is converted. The document may be encrypted and transmitted as an encrypted document. In this case, the control unit 32 of the printer 3
Decrypts the encrypted document and prints the
4 is output. Then, the print processing unit 34 executes printing based on the decrypted description.

In the above description, when the document container is transferred, the transmitting computer 1 transmits the document container to the receiving computer 2. However, specifically, the document management for storing the document container on the network is performed. Connect the device and send the document management device to the sending computer 1
May transmit the information to the receiving computer 2 by storing the document container and transmitting information (URL and the like) specifying the storage location to the receiving computer 2 by e-mail or the like. In this case, the receiving computer 2
Accesses the document management apparatus with reference to the received URL and acquires the specified document container.

[Second Embodiment] Further, in the first embodiment, the destination of the document is authenticated. However, a system for authenticating the transmitting side from the receiving side may be adopted. That is, the document distribution system according to the second embodiment of the present invention uses signature information to authenticate the transmitting computer 1, and the configuration is the same as that of the first embodiment shown in FIG. However, the processing of the sending computer 1 and the printer 3 is slightly different, and the public key server 4 associates the information identifying the sending computer 1 with the encrypted document received from the sending computer 1. And a decryption key for decrypting the decryption key, and provides the decryption key upon request.

That is, the transmitting computer 1 of the present embodiment encrypts the original document by using the encryption key unique and secret to the transmitting computer 1 and transmits the encrypted original document via the network. 2 receives this and outputs it to the printer 3. The control unit 32 of the printer 3 receives the input of the encrypted document, obtains a decryption key associated with the transmission-side computer 1 that has generated the encrypted document from the public key server 4, and uses the decryption key. To decrypt the encrypted document, and print the original document obtained as a result of the decryption.

Thus, it is possible to authenticate that the source of the document is valid. Although the case where the encryption key is set in the transmission side computer 1 has been described here, the encryption key is set in an input device such as a scanner, and the scanner takes in the image data, The data may be encrypted with the encryption key and output to the transmission-side computer 1. In this case, a magnetic card reader is connected to the scanner, and the encryption key for each user is recorded on a magnetic card and distributed to each user. The card may be read, the encryption key may be read by the scanner, and the scanner may encrypt the image data using the encryption key read from the magnetic card reader.

That is, in the present embodiment, an encrypted document encrypted with a secret encryption key uniquely set to the transmission side is transmitted to the original document, and a public key corresponding to the transmission side secret encryption key is transmitted at the output side. By decrypting the received encrypted document using the decryption key, it is confirmed that the document has been provided from a valid document provider.

[Third Embodiment] Furthermore, the provider confirmation processing according to the second embodiment may be combined with the document distribution system according to the first embodiment. In other words, the document distribution system according to the third embodiment of the present invention has the same configuration as the document distribution system according to the first embodiment shown in FIG. 1, but the operation of each unit is different. .

In the present embodiment, the transmitting computer 1 uses a secret encryption key (first encryption key) set in advance.
Is used to encrypt the original document, and an encryption key (second encryption key) related to the printer 3 on which the original document is to be printed is obtained from the public key server 4. Then, the encrypted document (hereinafter, referred to as a first encrypted document for distinction) encrypted by the first encryption key is further subjected to encryption processing by the second encryption key to obtain another encrypted document (second encrypted document). Document). Then, the transmission side computer 1 transmits the second encrypted document. Here, similarly to the first embodiment, it is preferable that a document container is generated by adding a read-only document to the original document to the second encrypted document, and the document container is transmitted.

The receiving computer 2 receives the document container including the second encrypted document, extracts the read-only document included in the document container, and displays it on the display. Further, the receiving computer 2 responds to an instruction from the user by using the second computer included in the document container.
The encrypted document is output to the printer 3.

Data interface 31 of printer 3
Outputs data input from the receiving computer 2 to the control unit 32. When the input data is the second encrypted document, the control unit 32 determines the unique decryption key (second encryption key) stored in the storage unit 33 according to the decryption processing program stored in the storage unit 33. A decryption key corresponding to the key (hereinafter, referred to as a second decryption key) is read, and the second encrypted document is decrypted with the second decryption key to extract the first encrypted document. Further, the control unit 32 acquires a decryption key (a decryption key corresponding to the first encryption key (referred to as a first decryption key)) stored in the public key server 4 in association with the transmission-side computer 1 and extracts the decryption key. The first encrypted document
Decrypt using the decryption key. With this processing, the original document is extracted, and the control unit 32 causes the print processing unit 34 to print the original document.

According to the present embodiment, the first encryption key and the first
The origin of the original document is confirmed to be valid by the pair with the decryption key, and the output point is specified by the pair of the second encryption key and the second decryption key, thereby further improving the security.

According to the document distribution systems of the first to third embodiments, a secret key is set in an input / output device, and by using this, an input source can be authenticated and an output destination can be specified. . Here, as an example of the device, a case where a secret key is set in the scanner or the printer 3 has been described. However, the present invention is not limited to this, and a tablet, keyboard, or camera as an input device may be set. It may be set to a plotter, a display device, or the like as a device.

[0046]

According to the present invention, an encrypted document obtained by a document providing device arranged at a document providing source performing an encryption process that can be decrypted only by a predetermined printing device based on an original document. In addition, a browse-only document is generated, and the generated encrypted document and the browse-only document are distributed as a document container. The document acquisition device receives the document container distributed from the document providing device and includes the document container in the document container. In addition to providing the browse-only document to be browsed, the encrypted document included in the document container is output to a printing device capable of decrypting the encrypted document in response to an instruction, and the printing device outputs the encrypted document input from the document acquisition device. Is a document distribution system that decrypts the original document and reproduces the original document. Therefore, the reproduced original document is printed and the encryption process selected by the document providing apparatus is performed. Ri, identifiable and becomes in provider printing destination of the print device, it is possible to improve the security to clarify the origin of the document.

[Brief description of the drawings]

FIG. 1 is a configuration block diagram of a document distribution system according to an embodiment of the present invention.

FIG. 2 is an explanatory diagram illustrating an example of contents of a public key server.

[Explanation of symbols]

1 sending computer, 2 receiving computer, 3
Printer, 4 public key server, 31 data interface, 32 control unit, 33 storage unit, 34 print processing unit.

Claims (9)

[Claims] 1. An encrypted document and a browsing-only document, which are arranged at a document provider and are obtained by performing an encryption process that can be decrypted only by a predetermined printing device based on an original document, and a browsing-only document, are generated. A document providing device that distributes the encrypted document and the read-only document as a document container, receives the document container distributed from the document providing device, provides the read-only document included in the document container for viewing, and issues an instruction. A document acquisition device that outputs an encrypted document included in the document container to a printing device that can decrypt the encrypted document, and decrypts the encrypted document input from the document acquisition device to reproduce the original document, And a printing device for printing the reproduced original document. The encryption device selected on the document providing device side specifies the printing destination printing device by the providing source. Document delivery system, characterized in that it was possible. 2. The document distribution system according to claim 1, wherein the document providing device distributes the encrypted document included in the document container including information to be printed by overlaying when the encrypted document is printed. The document distribution system according to claim 1, wherein the printing apparatus prints an original document obtained by decrypting the encrypted document together with the information to be overlaid. 3. A means for receiving an encrypted document as a print target and decrypting the encrypted document by a predetermined decryption process, and printing the original document obtained by the decryption process. A printing apparatus, comprising: a unit; 4. The printing apparatus according to claim 3, wherein, when the encrypted document includes additional information to be overlaid with the document, the original obtained by decrypting the encrypted document. A printing apparatus for printing a document and overlay printing the additional information. 5. A means for decrypting an encrypted document input as an output target by a preset decryption process, a means for outputting an original document obtained by the decryption process in a predetermined mode, An output device, comprising: 6. To distribute an original document, encrypt the original document and generate an encrypted document so that the original document can be decrypted by a decryption process uniquely set to a printing device arranged at the distribution destination. And a means for distributing the encrypted document, wherein a printing apparatus that allows the original document to be printed at the source of the original document can be specified. 7. A process of encrypting an original document and generating an encrypted document so that the original document can be decrypted by a decryption process uniquely set to a printing device arranged at a distribution destination of the original document; A document distribution method, comprising the steps of: distributing an encrypted document; and specifying a printing apparatus that causes the original document to be printed at the source of the original document. 8. A procedure for receiving an input of an encrypted document from a microcomputer built in the printing apparatus, a procedure for decrypting the encrypted document by a predetermined decryption process, and a procedure for decrypting the encrypted document. A program for performing control for printing the obtained original document, and a program for executing the following. 9. A scanner arranged at a document provider and configured to read an original document to be distributed and to perform an encryption process using a preset encryption key to generate and output an encrypted document; A document providing apparatus that delivers an encrypted document input from a scanner, and receives the encrypted document delivered from the document providing apparatus,
A document acquisition device that decrypts the encrypted document with a decryption key associated with the information for identifying the scanner and reproduces the original document, and obtains the document by an encryption process performed by the document provider. A document distribution system wherein a scanner used for inputting a document can be specified on the side.