JP2008035501A - Multifunction machine, control method therefor, and image processing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To scan a document using an existing MFP function and register the scanned image data in a box, a security policy cannot be set for the data.
Read data or data input via a network is registered in a box (203), a security policy is set for the registered data (205), and the set security policy is set. Is registered in the security server via the network (204).
[Selection] Figure 10

Description

  The present invention relates to a multifunction peripheral, a control method thereof, and an image processing system including the multifunction peripheral.

  In recent years, due to laws and regulations such as the Personal Information Protection Act, companies and public offices are required to take measures to prevent leakage of various business information and personal information. Electronic document data is extremely convenient for exchanging information, but has a high risk of information leakage because of its good distribution.

  In a system in which an application such as a host computer (PC) applies a security policy, a user who creates document data sets the security policy when the document data is created. As a result, an application that creates, edits, and creates the document data sets the security policy. Here, the security policy means that, for example, the user A can refer to, edit, and print the document data. User B can refer to the document data but cannot edit and print. As described above, the security policy indicates an access right for each user to the document. The access right includes the right to operate the document such as reference (display), editing, and printing. The security policy may include information such as the expiration date of the document.

  The policy information set in this way is accumulated in a server (policy server) that manages the policy, and the user can refer to the policy information by logging in to the policy server. When the user B accesses the document data to which the policy is applied, the PC application logs in to the policy server and acquires the policy information of the document data. Then, referring to the policy information, after confirming various restrictions and function restrictions set for the user, permission / non-permission of each process is determined. Here, a user who is set to be unable to refer to document data cannot refer to the document data, and a user who is set to be unable to print the document data prints the document data. I can't.

  As a system to which the printing apparatus applies a policy, a user list that permits the use of the printing apparatus is stored in the policy server. And when there is a print request from an information terminal device such as a PC, it is known to log in to the policy server and refer to the user list to restrict the use of the printing device for each user (patent) Reference 1).

  Further, in a copying machine having a plurality of functions such as an MFP (multifunction processing apparatus), a user list that allows the use of the MFP itself and the use of the functions of the MFP is stored in the server. When requesting various types of printing, log in to the server and refer to the user list to limit not only the use of the copier but also the various functions of the copier for each user. (Patent Document 2).

As a system using the above-mentioned policy server, a policy server (Policy Server) of Adobe Systems is known. With the advent of this policy server, a consistent and dynamic security policy (hereinafter sometimes simply referred to as policy or document policy) is applied to document files, and the user, method of use, and period of use of document data. Can be specified and secure document management can be realized. In particular, since the creator of the document data can change the security policy at any time after the document data is distributed, it is possible to manage and monitor access to the document data wherever the document data is located. In order to take advantage of these advantages described above, collaboration between the policy server and an MFP (document scanning, printing, and storage) that plays a central role in the office is desired.
JP 2002-063008 A JP 2004-289302 A

  However, it has been pointed out that the system using the policy server described above cannot be used by all host computers, and has a loophole in security. In other words, a device that does not have a document creation application that can use the policy server cannot perform access control of a document using the policy. For example, an apparatus that is not a host computer such as an MFP has a function of scanning a document and registering the scanned image data in a box (Scan to Box registration function). This function has a problem that a security policy cannot be set for scanned image data.

  An object of the present invention is to solve the above-mentioned problems of the prior art.

  A feature of the present invention is that it provides a technique for setting a security policy for data registered in a multifunction machine.

In order to achieve the above object, a multifunction machine according to one embodiment of the present invention has the following configuration. That is,
A multifunction device that can be connected to a network,
Registration means for registering read data or data input via a network;
Obtaining means for obtaining a security policy that is information indicating an access right to the data from a security server connected via the network, based on data identification information corresponding to data registered in the registration means;
Control means for controlling access to the data by applying the security policy acquired by the acquisition means to the data;
Policy setting means for setting a security policy for data registered in the registration means;
Policy registration means for registering the security policy set by the policy setting means in the security server.

In order to achieve the above object, an image processing system according to an aspect of the present invention has the following arrangement. That is,
An image processing system for connecting a security server that manages a data security policy in association with user information and data identification information and a multifunction peripheral via a network,
The MFP is
Registration means for registering read data or data input via a network;
Based on the identification information of the user who requests access to the data registered in the registration means, and the data identification information corresponding to the data, a security policy that is information indicating the access right to the data from the security server Acquisition means for acquiring;
Control means for controlling access to the data by applying the security policy acquired by the acquisition means to the data;
Policy setting means for setting a security policy for data registered in the registration means;
Policy registering means for registering the security policy set by the setting means in the security server.

In order to achieve the above object, a method for controlling a multifunction peripheral according to an aspect of the present invention includes the following steps. That is,
A method of controlling a multifunction device that can be connected to a network,
A registration step of registering the read data or data input via the network in a box;
An acquisition step of acquiring a security policy that is information indicating an access right to the data from a security server connected via the network based on data identification information corresponding to data registered in the box;
Applying the security policy acquired in the acquisition step to the data to control access to the data;
A policy setting step for setting a security policy for the data registered in the box;
A policy registration step of registering the security policy set in the policy setting step in the security server.

  The means for solving this problem does not enumerate all the features of the present invention, and other claims described in the claims and combinations of these feature groups can also be the invention. .

  According to the present invention, there is an effect that a security policy can be set for data registered in a multifunction peripheral.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The following embodiments do not limit the present invention according to the claims, and all combinations of features described in the present embodiments are essential to the solution means of the present invention. Not exclusively.

  The embodiment described below provides a security system that makes it easy for users to use in consideration of the security of document data (documents). That is, in a security system having a security server (also referred to as a policy server) and an MFP, document data is registered in the MFP box from a user environment in which a document application that cannot use the security server is installed. In the present embodiment, the document data includes a document created by a PC application, image data generated by scanning a paper document by the MFP, and the like. In the present embodiment, the security policy (also simply referred to as policy) defines authority (also referred to as access authority) for various operations (display, editing, printing, etc.) on document data. Further, the security policy may set an expiration date of the document data.

Also, the scanned image is registered in the box using the above-described Scan to Box function in the MFP. At that time, for the saved document data (security policy not set)
(1) Whether or not a security policy is set can be identified from a document list described later (box document data for which a security policy is set and box document data for which a security policy is not set are managed separately).
(2) For the document data stored in the box in which no security policy is set, the document security policy can be set by the MFP operation unit or the remote UI, and the security policy is registered in the security server. Note that the remote UI is a function capable of performing settings equivalent to performing various settings from the external host computer 105 using the operation unit of the MFP 104 by the web server function.
(3) At that time, in cooperation with user authentication for the user who uses the MFP, only the owner of the document data, for example, the user who performed the Scan to Box operation, can set the security policy.

  With this configuration, when registering document data in a box from a user terminal in which a document application that can use the policy server is not installed, a security policy can be set for the document data (policy registration). . In addition, when performing Scan to Box in the MFP, a security policy can be set for the document data to be stored. This will be described in detail below.

  FIG. 1 is a diagram showing a configuration of a security system according to an embodiment of the present invention. In this embodiment, an image processing system including a policy server and an MFP (multi-function peripheral) will be described as an example. However, the present embodiment is not limited to this configuration, and another system having other configurations with similar functions is used. It goes without saying that is also applicable.

  In FIG. 1, a policy server 101 as an example of a security server is a server that centrally manages document security policies. By adopting such a policy server 101, it is possible to safely manage document data by dynamically performing the management of users who can use the document data by accessing, revoking, and replacing the document data after distribution. Can be realized. The user authentication server 102 controls the system so that unauthorized users cannot access it. Depending on the system configuration, the policy server 101 itself may have a user authentication function, and the user authentication server 102 may be omitted. Thus, it is possible to flexibly construct a system according to the user environment. The file server 103 stores a document data file in a format such as PDF. The MFP 104 can be connected to a network, has functions such as copy, print, scanner, and facsimile, and can store document data. Host computers (PCs) 105 and 106 (user terminals) are mainly operated by a user, and perform operations on document data, that is, creation, browsing, printing instructions, and the like of document files.

Next, “creation of document data and definition and distribution of security policy” using the system according to the present embodiment will be described.
(1) First, the user operates the host computer 105 to access the user authentication server 102. The user authentication server 102 authenticates the user. This prevents unauthorized users from accessing this system. This is indicated at 110 in FIG. Note that reference numeral 111 in FIG. 1 denotes user authentication when the policy server 101 has a user authentication function.
(2) A document data creator (user A) creates document data on the host computer 105. That is, a document file is created using a document creation application installed in the host computer 105 (112). It is assumed that this document creation application is an application capable of controlling access to a document based on a security policy in cooperation with the policy server 101.
(3) The security policy of the created document data is registered in the policy server 101 together with the document ID (document data identification information) and user information. The document ID is identification information for the policy server 101 to uniquely specify document data. A document ID is added to the document data for which the security policy is set. Here, as a security policy, an access range, an expiration date, and the like can be set for each user. For example, the user B (or a group to which the user B belongs) can refer to the document data, but the document data cannot be edited, and the reference expiration date can be set to 30 days or the like. Thereafter, whenever the document creation application of the host computer 105 accesses the document data, access control using the policy server 101 is applied.
(4) The distribution of the document data itself is free (file server, e-mail, website), and may be registered (113) in the file server 103 or sent to the user B attached to the mail. (115). Alternatively, it may be stored in the box of the MFP 104 (114).

  When accessing document data distributed from the host computer 105, it is possible to acquire a security policy from the policy server 101 and perform access control in accordance with the security policy.

  Next, an example of a security policy that can be set by the policy server 101, which is a supplementary explanation of (3) described above, will be described with reference to FIG. It should be noted that, here, only an example is shown, and it goes without saying that various settings and permission / non-permission may be possible.

  FIG. 2 is a diagram illustrating an example of a UI screen for explaining security setting processing in the host computer 105.

First, the following authentication is possible as password authentication.
-Password authentication for opening document files-Password authentication for printing and editing
-Do not allow printing,
-Only low-resolution (150 dpi) printing is possible-High-resolution printing is possible. And as a change permission setting,
-Do not allow changes-Insert / delete / rotate pages-Enter form fields and sign existing signature fields-Create annotations, fill form fields and sign existing signature fields-All operations except page extraction Can be set. In this way, various security policies can be set on the host computer 105 and registered in the policy server 101. The UI screen of FIG. 2 is a screen for setting a security policy for a certain user. When setting different security policies for a plurality of users, the operation using the UI screen of FIG. 2 is repeated. become.

FIG. 3 is a conceptual diagram for explaining “document data acquisition and operation” in the system according to the present embodiment. Here, a case will be described in which user B uses the host computer 106 to access document data to which a security policy is attached by the above-described operation.
(1) First, as indicated at 120, the user B operates the host computer 106 to access the user authentication server 102 to authenticate the user. This prevents unauthorized users from accessing this system.
(2) User B starts operating document data using the host computer 106. That is, the document data stored in the file server 103 is acquired (121), or the document data stored in the box of the MFP 104 is acquired (122). Then, based on the ID of the document data, a security policy for the user B of the document data is acquired from the policy server 101 (123). At this time, it is also possible to acquire only the security policy applied to the user based on the ID of the document data and the user information of the user B (for example, the user ID managed by the user authentication server 102).
(3) The document creation application (or document viewer application) of the host computer 106 applies the security policy acquired in this way, and controls access to the document data.

FIG. 4 is a conceptual diagram illustrating dynamic security policy change in the system according to the present embodiment.
(1) First, the user A operates the host computer 105 to access the user authentication server 102 and performs user authentication (110). This prevents unauthorized users from accessing this system.
(2) If the user authority of user A is OK by this user authentication, the change of the security policy is permitted. As a result, the user A changes the security policy (131). The UI screen for changing the security policy is the same as that shown in FIG.
(3) Then, for example, the access authority of the user B is changed as the changed security policy (132). From then on, every time user B accesses the document data, the changed security policy is applied.

  FIG. 5 is a block diagram illustrating a configuration of MFP (multifunction processing apparatus) 104 according to the embodiment of the present invention.

  The control unit 2000 controls input / output of image information and device information, and is connected to a scanner 2070 as an image input device and a printer 2095 as an image output device. On the other hand, it is also connected to a LAN 2011 and a public line (WAN) 2051.

  A CPU 2001 is a controller that controls the entire system. A RAM 2002 is a system work memory for operating the CPU 2001, and is also an image memory for temporarily storing image data. A ROM 2003 is a boot ROM and stores a system boot program. An HDD 2004 is a hard disk drive that stores an OS, system software, image data, a history record (sometimes simply referred to as a log), and the like. An image storage area called “box” to be described later is also configured in the HDD 2004. An operation unit I / F 2006 controls an interface with an operation unit (UI) 2012 having a touch panel. In addition, image data to be displayed on the operation unit 2012 is output to the operation unit 2012. Also, it plays a role of transmitting information input by the user from the operation unit 2012 to the CPU 2001. A network I / F 2010 is connected to the LAN 2011 and inputs / outputs information to / from the LAN 2011. The modem 2050 is connected to the public line 2051 and inputs / outputs information to / from the line 2051. The IC card slot 2100 can input / output keys used for encryption and decryption by inputting an appropriate PIN (Personal Identifier Number) code after inserting the IC card medium. An image bus I / F 2005 is a bus bridge that connects a system bus 2007 and an image bus 2008 that transfers image data at high speed and converts a data structure. The above devices are arranged on the system bus 2007.

  The image bus 2008 is configured by a PCI bus or IEEE1394. On the image bus 2008, the following devices are arranged. A raster image processor (RIP) 2060 expands the PDL code into bitmap data. The device I / F unit 2020 connects the scanner 2070 and the printer 2095, which are image input / output devices, and the control unit 2000, and performs synchronous / asynchronous control of image data. A scanner image processing unit 2080 corrects, processes, and edits image data input by the scanner 2070. A printer image processing unit 2090 performs correction, resolution conversion, and the like on print data. The image rotation unit 2030 rotates image data. The image compression unit 2040 performs compression / decompression processing using JPEG for multi-value image data and JBIG, MMR, MH, etc. for binary image data. The encryption / decryption processing unit 2110 is a hardware accelerator board that performs data encryption / decryption processing using a key stored in the IC card slot 2100. The OCR / OMR processing unit 2111 performs processing for decoding character information and two-dimensional barcodes included in image data and converting them into character codes.

  FIG. 6 is an external view showing an example of the operation unit 2012 of the MFP 104 according to the present embodiment.

  The operation unit 2012 includes a numeric keypad 406, a start key 407, a stop key 408, a touch panel type liquid crystal display unit 405, a copy function key 401, a box function key 402, a transmission / FAX function key 403, and an extended function key 404. The numeric keypad 406 is used when inputting numerical values. A start key 407 is used to instruct the start of copying or the start of scanning, and the stop key 408 instructs to interrupt operations such as copying or scanning of the MFP. In the MFP 104, the copy function key 401 is pressed when using the copy function, and the box function key 402 is pressed when using the box function. The box function is a function that can store various data in a box area assigned to each individual user or department on the hard disk 2004 of the MFP 104. Image data obtained by developing print data (PDL data) transmitted from the host computer 105 can be stored in a box. This function or this operation is called “store job” or “PDL to Box”. The image data scanned and read by the scanner 2070 can be stored in the box. This function or this operation is called “Scan to Box”. In this box, image data and attribute information associated with the image data are stored for each job, and the stored image data is referred to as box document data. Further, the user can perform various processes such as printing or deleting the stored box document data at an arbitrary timing using the box function. A transmission / FAX function key 403 is used when transmitting data such as a document or box document data to a host computer or another device via a network. An extended function key 404 is used when an operation is performed on PDL data.

  FIG. 7 is a diagram for explaining a box used in the box function of the MFP 104 according to the present embodiment.

  A hard disk 2004 in the MFP 104 includes a temporary area 501 and a box area 502. The temporary area 501 is an area for temporarily storing image data and the like. For example, in order to change the output order of image data, when the image data is electronically sorted or when a plurality of originals are copied, the scanned image data is saved, so that the scanner 2070 can perform one time. Also used to allow scanning to copy. It is also used when temporarily storing data before storing it in the box area 502 or the like, or when temporarily storing image data obtained by developing PDL data, or image data from the scanner 2070. Any data stored in the temporary area 501 is deleted after the processing is completed.

  The box area 502 is a storage area for using the box function, and is divided into a plurality of smaller storage areas 503a to 503d as shown in FIG. Each of these small storage areas is called a box. Each of the boxes 503a to 503d is assigned to each individual user or department. The user can store the above-mentioned PDL to Box job or Scan to Box job in the designated box or a box previously associated with the user. In addition, the user can select a box function by pressing a box function key 402 on the operation unit 2012, change settings of a job stored in the box, and perform various processes such as print output and job transfer. it can.

  In the present embodiment, it is assumed that MFP 104 accepts an operation after performing user authentication. Each box area is managed in association with a specific user. For example, the box document data of user A is managed in box 1 (503a). Information that associates the box area with the user is also held in an area (not shown) in the HDD 2004. Also, no security policy is set for the document data (image data) itself registered in the box by Scan to Box. Therefore, a security policy is set for these document data so as to give access rights to users who have been authenticated or who are associated with registered boxes.

  FIG. 8 is a diagram showing an example of a basic box function screen displayed on the liquid crystal display unit 405 after the box function key 402 of the operation unit 2012 of the MFP 104 according to the present embodiment is pressed.

  This screen is a screen for allowing the user to select a box to be used. Reference numeral 602 displays box numbers 601a to 601d, names of the boxes, and a percentage (%) indicating a percentage used by the box with respect to the hard disk capacity of each box area. Reference numeral 603 denotes a scroll button for scrolling the screen up and down in order to display a plurality of boxes. Reference numeral 604 denotes a “return” key which is pressed when instructing to return to the initial screen.

  FIG. 9 is a diagram showing a display example displayed on the liquid crystal display unit 405 when one “box name 2” box is selected in the state of FIG.

  Reference numeral 701 denotes a display area of a list of box document data stored in the box (box name 2), in which the storage date and time of each box document data, document names, and the like are displayed in a list. When the line displaying the document name is pressed, the box document data line is highlighted. For example, in FIG. 9, “document name 2” is selected. Reference numeral 702 denotes a scan key. By instructing the key 702, image data scanned by the scanner 2070 can be added to the selected box as box document data. Reference numeral 703 denotes a print key. By depressing the key 703, the document data of the reversed line can be printed. A setting change key 704 can change the print setting of the document data of the selected job. Functions that can be changed with the setting change key 704 include the number of copies to be printed and the addition or change of a print function. An erase key 705 is used when erasing selected document data. A vertical scroll key 706 is used to scroll up and down the screen when document data of a plurality of jobs is stored in a box and cannot be displayed on the liquid crystal display unit 405 at a time. Reference numeral 707 denotes a “return” key which is pressed when returning to the screen of FIG.

  Next, features of the present embodiment will be described. Here, in the security system including the policy server 101 and the MFP 104, it is assumed that a document application that can use the policy server 101 is not installed in the host computer 105. A case will be described in which box document data is registered from the host computer 105 and then a security policy is set for the box document data. This security policy setting is executed by the operation unit 2012 of the MFP 104 or the remote UI.

FIG. 10 is a conceptual diagram illustrating setting of a security policy in the system according to the present embodiment. Here, it is assumed that a document application that can use the policy server 101 is not installed in the host computer 105 used by the user A.
(1) First, the user A operates the host computer 105 to access the user authentication server 102 and authenticate the user (201). This prevents unauthorized users from accessing the system.
(2) A document data creator (user A) creates document data on the host computer 105. That is, a document file is generated by a document creation application.
(3) Since the host computer 105 cannot set the security policy for the document data (202), the security policy for the document cannot be registered in the policy server 101.
(4) Next, the user A registers the document data in the box of the MFP 104 (203).
(5) If no security policy is set for the document data, the security policy is set for the document data and registered in the policy server 101 from the operation unit 2012 of the MFP 104 or the remote UI (204). At this time, user information and document ID are also stored. Thereafter, the security policy registered and managed in the policy server 101 can be traced from the document ID, and the security policy can always be applied to the document data. Further, when the MFP 104 detects that no security policy is set in the document data registered in the box, the MFP 104 may automatically set the security policy. In this case, for example, a security policy that grants an access right to the user who registered the document (user A in FIG. 10) is registered in the policy server 101, and the registered security policy is set in the document. It may be. Alternatively, a security policy that grants access rights to the user associated with the box in which the document is registered may be registered in the policy server 101, and the registered security policy may be set in the document. Alternatively, a security policy that grants access rights to the user who registered the document and the user associated with the box that registered the document may be set. The automatic security policy setting by the MFP 104 will be described in detail later. By doing so, it is possible to prevent a document without a security policy from being set in the box of the MFP 104, and it is possible to strengthen security for the box of the MFP 104.

  FIG. 11 is a diagram showing an example of a security policy (access right information) held by the policy server 101 according to the present embodiment. The box document data itself holds a document ID unique to the box document data, not access right information. Therefore, by checking whether or not a document ID is assigned to the document data, it is possible to identify whether or not access right information is set for the document data. As described above, a document in which a document ID is assigned to document data is referred to as a “document with a security policy”.

This access right information registers a user name or group ID 1102 and an access right 1103 corresponding to the document ID. A user name or group ID 1102 indicates a name uniquely given to a user who uses the document data, and this name is managed by the user authentication server 102. The access right 1103 is set independently for each user for one document data. In this embodiment, an access right is set for each user, but an access right may be set for a group to which the user belongs. In the access right 1103, permission / prohibition with respect to electronic document data reference, change, deletion, copy, and print operations is defined, and a circled column in FIG. 11 indicates “permitted” and is blank. The column indicates “prohibited”. Furthermore, the access right 1103 can be specified not only for permission / prohibition but also for finer print settings. In FIG. 11, settings for stamp printing are defined. This stamp printing is a function for printing a stamp image such as “copy” or “secret” on the background of each page of the document data when printing the document data. In addition, it is possible to specify printing such as “confidential”, “draft (DRAFT)”, and arbitrary stamp images. With this access right, it is possible to specify which stamp image is to be printed in stamp printing. As print settings, it may be possible to designate copy-forgery-inhibited pattern printing in addition to the stamp. Furthermore, information indicating the expiration date of the document may be included in the access right information.
(6) Next, in 205 (FIG. 10), it is assumed that user B who is an operator of the MFP 104 receives an operation request for box document data.
(4) Based on the operation request for the box document data, the policy server 101 confirms the security policy of the document based on the document ID of the document that has received the operation request (206). At this time, it is also possible to acquire only the security policy applied to the user B based on the document ID and user information.
(7) The security policy acquired in this way is applied to the box document data, and the user B operates the document on the MFP 104 under access control based on the security policy (207).

  Next, the flow of processing for registering document data in a box and printing document data after registration will be described with reference to FIGS.

  FIG. 12 is a flowchart for explaining processing for determining whether or not a security policy is set for document data registered in a box in MFP 104 according to the present embodiment. A program for executing this processing is loaded into the RAM 2002 at the time of execution, and is executed under the control of the CPU 2001.

  First, in step S1101, it is checked whether or not document data is registered in the box. If there is registered document data, the process proceeds to step S1102, and it is determined whether or not a security policy is set for the document data. To do. That is, it is checked whether the document ID is embedded in the document data. If it is determined in step S1103 that a security policy is set, the process advances to step S1103 to register and manage that there is a security policy. On the other hand, if it is determined in step S1104 that no security policy is set, the process advances to step S1104 to register and manage that there is no security policy.

  FIG. 13 is a diagram showing a list display example of document data registered in the box of the MFP 104 according to the present embodiment.

  In FIG. 13, it is possible to display only the corresponding document according to the instruction state of the “access control present” and “access control absent” buttons 1301 and 1302 of the operation unit 2012. In the example of FIG. 13, since the “no access control” button 1302 is instructed, only the document name of the document data for which no security policy is set is displayed among the document data registered in the box.

  Next, processing when the user stores document data in the box of the MFP 104 or prints it will be described.

  FIG. 14 is a flowchart for explaining storing and printing processing of document data in a box according to the present embodiment. In FIG. 14, the processing is divided by a broken-line square, 1401 indicates processing in the host computer 105, and 1402 indicates processing in the MFP 104.

  In the host computer 105, first, in step S1301, the user requests use of electronic document data. As a result, the host computer 105 displays a screen for prompting the user name and password (not shown). In step S1302, when the user inputs his / her user name and password, the host computer 105 requests the user authentication server 102 to confirm the validity of the user in step S1303 based on the user name and password. If the validity is confirmed in step S1304, the user login is successful. On the other hand, if the login is not successful, the process advances to step S1305, and the host computer 105 displays an error message indicating that login is not possible. Note that the processing in steps S1302 to S1304 may be performed before step S1301, for example, when the host computer 105 is activated.

  If the login is successful, the process advances to step S1306, and the host computer 105 transmits the document ID accompanying the document data and user information to the policy server 101. In step S1307, access right information corresponding to the user is acquired from the policy server 101. In step S1308, when the user requests the host computer 105 to store the document data in the box of the MFP 104, the host computer 105 acquires an access right for printing from the access right information of the user. In step S1309, it is determined whether the user is permitted to print the document data. If the print permission is not given here, the process advances to step S1310, and the host computer 105 displays an error message to that effect. In this embodiment, when an operation for registering a document of the host computer 105 in the box of the MFP 104 is performed, whether or not the operation can be performed is determined based on the printing authority of the security policy. When a document is registered from the host computer 105 to the MFP 104, the MFP 104 does not perform an operation of printing. However, since the document registered in the MFP 104 is often printed out from the MFP 104, it is appropriate to apply the print authority. Because there is. When the host computer 105 registers a document in the MFP 104, the host computer 105 generates print data for the MFP 104. Therefore, it is suitable to use the print authority as the type of authority to be applied. However, other operation authority may be applied depending on the environment in which the system is used.

  On the other hand, if printing of the document data is permitted, the process advances to step S1311, and the host computer 105 generates print data according to the access right of the user. When the print data is generated in this way, the process advances to step S1312, and the print data is transmitted to the MFP 104 together with the document ID attached to the document data and access right information adapted to the document data.

  Thus, in step S1313, the MFP 104 determines that the received job is a job stored in a box, and converts the print data into image data. In step S1314, the document ID sent together with the print data is attached to the converted image data and saved in the box of the MFP 104 designated by the user.

Next, the setting of the security policy for the document data for which the security policy stored in the box is not set will be described. The MFP 104 can execute the following processing.
(1) Whether or not a security policy is set for document data can be identified in the job list. If necessary, document data for which no security policy is set is collectively displayed as shown in FIG.
(2) On the operation unit 2012 or the remote UI (display screen of the host computer 105 or 106) of the MFP 104, document data for which no security policy is set is selected, and the security policy is set for the document data. In this case, the same security policy can be set by batch operation for a plurality of document data for which no security policy is set. Note that the screen for setting the security policy displayed on the operation unit 2012 of the MFP 104 or the display screen of the host computers 105 and 106 is the same as the operation screen shown in FIG.
(3) The security policy of the document data set in this way is registered in the policy server 101.

  With this configuration, it is possible to set a security policy for a plurality of document data stored in a box with a simple operation by a user.

The operation of the system of the present embodiment related to the processing of the MFP 104 will be described with reference to FIG.
(1) First, the user A operates the host computer 105 to access the user authentication server 102 to authenticate the user. This prevents unauthorized users from accessing the system. (201)
(2) User A, who is the creator of document data, creates document data on the host computer 105. That is, a document file is generated by a document creation application.
(3) In this case, since this document creation application cannot set a security policy for document data, it cannot be registered in the policy server 101.
(4) Next, the document data whose security policy is not set is registered in the box of the MFP 104 (203).
(5) With respect to the document data that is registered in the box of the MFP 104 and for which the security policy is not set, the document data in the box is selected on the operation unit 2012 of the MFP 104 or the remote UI. Then, the same security policy is set for these document data in a batch operation. Thereafter, the policy of the document data is registered in the policy server 101 together with the document ID. Thereafter, the security policy registered and managed in the policy server 101 can be traced from the document ID.

  FIG. 15 is a view for explaining an example of access right information for each document data stored in the box of the MFP 104 according to the second embodiment. 15 is an example of the security policy setting contents set from the operation unit 2012 of the MFP 104 or the remote UI, and the security policies having the setting contents as shown in FIG. 15 are collectively set for documents in which the security policy is not set. . It is a figure explaining the access right information which is hold | maintained.

  The access right information includes a user name 1502 and an access right 1503. A user name 1502 indicates a name uniquely assigned to a user who uses document data, and this user name is managed by the user authentication server 102. The access right 1503 is set for each user. In the second embodiment, the access right is set for each user, but the access right may be set for a group to which the user belongs. The access right 1503 defines permission / prohibition for document data reference, change, deletion, copying, and printing operations, and the column with a circle in FIG. 15 indicates “permitted”. In addition to this permission / prohibition setting, this access right can be specified for finer print settings.

In the example of FIG. 15, watermark printing settings are defined. The watermark printing is a function for printing a watermark image such as “copy” or “secret” on the background of each page of the document data when printing the document data. In addition to this, “confidential”, “draft (DRAFT)”, an arbitrary image, and the like can be embedded as a watermark image. The access right designates which image is added by watermark printing. Here, as shown in FIG. 11, the printing of the stamp image may be instructed.
(6) Next, it is assumed that the user B who is the creator of the document data has made an operation request for the document data registered in the box of the MFP 104.
(7) In response to the operation request for the document data, the policy server 101 confirms the security policy for the document data based on the document ID.
(8) In this way, the security policy of the document data acquired from the policy server 101 is applied to the document data, and access control is performed based on the security policy.

  Further, the MFP 104 may automatically set a security policy for a plurality of document data for which no security policy is set. For example, the MFP 104 registers in the policy server 101 a security policy that grants access rights to the user who registered the document (user A in the case of FIG. 10), and bundles the registered security policy into these documents. May be set. Also, a security policy that grants access rights to the user associated with the box in which the document is registered may be registered in the policy server 101, and the registered security policy may be set in the document collectively. . Alternatively, a security policy that grants access rights to the user who registered the document and the user associated with the box that registered the document may be collectively set for these documents. In this way, the security policy can be applied to the document data.

  FIG. 16 is a flowchart for describing processing in which the MFP 104 according to the second embodiment automatically sets a security policy. A program for executing this flowchart is loaded into the RAM 2002 at the time of execution, and is executed under the control of the CPU 2001.

  First, in step S1601, it is checked whether there is box document data for which no security policy is set. If there is no box document data for which no security policy is set, the processing according to this flowchart ends.

  On the other hand, if there is box document data for which no security policy is set, the process of loop 1 (L0001 to L0002) is repeatedly executed on the box document data.

  Here, first, in step S1602, it is determined whether or not to automatically set a security policy for box document data for which no security policy is set. Whether or not to automatically set the security policy is set in advance in the MFP 104, and the setting content is stored in the HDD 2004 or the like. In step S1602, the setting contents are read to determine whether to automatically set the security policy.

  FIG. 17 is a diagram showing an example of an operation screen for setting whether or not to automatically set a security policy in the MFP 104 according to the second embodiment.

  This operation screen 1702 is displayed on the operation unit 2012. A radio button 1704 is a button that is selected when setting to automatically set a security policy. FIG. 17 shows a state where “Set security policy” corresponding to the button 1704 is selected. On the other hand, a radio button 1706 is a button that is selected when setting so as not to automatically set the security policy. An OK button 1708 is a button for confirming the setting contents of the operation screen 1702 and storing the setting contents in the HDD 2004. A cancel button 1710 is a button for canceling the setting content of the operation screen 1702. The operation screen 1702 may be a screen that can be operated only by the administrator of the MFP 104.

  Returning to the description of FIG. If it is determined in step S1602 that the security policy is automatically set, the process advances to step S1603. In step S1603, it is determined whether or not box document data for which no security policy is set is stored in the user box. If the box document data is stored in the user box, the process advances to step S1604; otherwise, the process advances to step S1605.

  In step S1604, it is determined whether or not the user who has executed the job for storing the document data in the user box can be identified. If the user can be identified, the process proceeds to step S1607. Otherwise, the process proceeds to step S1606. In step S1606, a security policy is set to permit access to the box document data for the user associated with the user box, that is, the owner of the user box.

  On the other hand, if the user can be identified in step S1604, the process proceeds to step S1607. In step S1607, a security policy is set so that each user associated with the user box and each user who has executed a job for storing the document data in the user box are permitted to access the box document data. Set.

  On the other hand, if the box document data is not stored in the user box in step S1603, the process advances to step S1605 to determine whether the user who has executed the job for storing the document data in the user box can be specified. If it can be specified here, the process proceeds to step S1608; otherwise, the process proceeds to step S1609. In step S1608, a security policy is set so as to permit the user who has executed the job for storing the document data in the user box to access the box document.

  If it is determined in step S1602 that the security policy is not automatically set, or if it is determined in step S1605 that the user who has executed the job for storing the document data in the user box cannot be specified, the process proceeds to step S1609. In step S1609, a security policy for the document is set manually by the user. Note that the operation screen for the user to manually set the security policy in step S1609 is an operation screen as shown in FIG. 2, for example. An operation screen as shown in FIG. 2 is displayed on the operation unit 2012, and a security policy is set by accepting a security policy setting by the user.

  When the process of loop 1 is executed for box document data for which no security policy is set in this way, this flowchart is terminated.

  By executing the processing as shown in FIG. 16, it is possible to automatically set an appropriate security policy for box document data for which no security policy is set.

[Embodiment 2]
Next, a second embodiment of the present invention will be described. In the second embodiment, control in conjunction with user authentication is performed on document data in which a security policy registered in the box of the MFP 104 is not set. Specifically, when it is determined that the user has administrator authority, another security policy can be set for the document data. Note that the configuration of the server, host, MFP, and the like according to the third embodiment is the same as that of the first embodiment, and a description thereof will be omitted.

  With this configuration, it is not necessary to create a new security policy. Therefore, it is possible to set a security policy for document data with a simpler operation compared to the second embodiment.

  As described above, according to the present embodiment, the following effects can be obtained.

  Even in a user environment in which an application that cannot set a security policy for document data is installed, a security policy can be set for document data registered in a box of the MFP using the operation unit of the MFP or a remote UI. Thereby, a stronger security system can be realized.

  Also, a security policy can be set for the document data registered with me using the operation unit of the MFP or a remote UI. For this reason, an inexpensive security system can be constructed with a simple operation.

(Other embodiments)
Although the embodiments of the present invention have been described in detail above, the present invention may be applied to a system constituted by a plurality of devices or may be applied to an apparatus constituted by one device.

  In the present invention, a software program that implements the functions of the above-described embodiments is supplied directly or remotely to a system or apparatus, and the computer of the system or apparatus reads and executes the supplied program. Can also be achieved. In that case, as long as it has the function of a program, the form does not need to be a program.

  Accordingly, since the functions of the present invention are implemented by computer, the program code installed in the computer also implements the present invention. That is, the claims of the present invention include the computer program itself for realizing the functional processing of the present invention. In this case, the program may be in any form as long as it has a program function, such as an object code, a program executed by an interpreter, or script data supplied to the OS.

  Various recording media for supplying the program can be used. For example, floppy (registered trademark) disk, hard disk, optical disk, magneto-optical disk, MO, CD-ROM, CD-R, CD-RW, magnetic tape, nonvolatile memory card, ROM, DVD (DVD-ROM, DVD- R).

  As another program supply method, the program can be supplied by connecting to a home page on the Internet using a browser of a client computer and downloading the program from the home page to a recording medium such as a hard disk. In this case, the computer program itself of the present invention or a compressed file including an automatic installation function may be downloaded. It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server that allows a plurality of users to download a program file for realizing the functional processing of the present invention on a computer is also included in the claims of the present invention.

  Further, the program of the present invention may be encrypted, stored in a storage medium such as a CD-ROM, and distributed to users. In that case, a user who has cleared a predetermined condition is allowed to download key information to be decrypted from a homepage via the Internet, and by using the key information, the encrypted program can be executed on a computer in a format that can be executed. To be installed.

  Further, the present invention can be realized in a form other than the form in which the functions of the above-described embodiments are realized by the computer executing the read program. For example, based on the instructions of the program, an OS or the like running on the computer performs part or all of the actual processing, and the functions of the above-described embodiments can also be realized by the processing.

  Furthermore, the program read from the recording medium may be written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer. In this case, thereafter, based on the instructions of the program, the CPU or the like provided in the function expansion board or function expansion unit performs part or all of the actual processing, and the functions of the above-described embodiments are realized by the processing. .

It is a figure which shows the structure of the security system which concerns on embodiment of this invention. It is a figure which shows the example of a UI screen explaining the setting process of the security in the host computer which concerns on this Embodiment. It is a conceptual diagram explaining "acquisition and operation of document data" in the system according to the present embodiment. It is a conceptual diagram explaining the change of the dynamic security policy in the system which concerns on this Embodiment. 1 is a block diagram illustrating a configuration of an MFP (multifunction processing apparatus) according to an embodiment of the present invention. 3 is an external view showing an example of an operation unit of the MFP according to the present embodiment. FIG. It is a figure explaining the box utilized with the box function of MFP concerning this Embodiment. 6 is a diagram showing an example of a basic screen of a box function displayed on the liquid crystal display unit after a box function key on the operation unit of the MFP according to the present embodiment is pressed. FIG. FIG. 9 is a diagram showing a display example displayed on the liquid crystal display unit 405 when one “box name 2” box is selected in the state of FIG. 8. It is a conceptual diagram explaining the setting of a security policy in the system according to the present embodiment. It is a figure which shows an example of the access right information which the policy server concerning this Embodiment hold | maintains. 6 is a flowchart illustrating processing for determining whether or not a security policy is set for document data registered in a box in the MFP according to the present embodiment. 6 is a diagram showing a list display example of document data registered in a box of the MFP according to the present embodiment. FIG. 6 is a flowchart for explaining document data storage and printing processing in a box according to the present embodiment. It is a figure explaining the access right information which each document data preserve | saved at the box of MFP which concerns on this Embodiment hold | maintains. It is a flowchart explaining the process which sets a security policy automatically with respect to the document data in which the security policy which concerns on this Embodiment is not set. It is a figure which shows an example of the operation screen for setting whether to set a security policy automatically based on this Embodiment.

Claims (13)

A multifunction device that can be connected to a network,
Registration means for registering read data or data input via a network;
Obtaining means for obtaining a security policy that is information indicating an access right to the data from a security server connected via the network, based on data identification information corresponding to data registered in the registration means;
Control means for controlling access to the data by applying the security policy acquired by the acquisition means to the data;
Policy setting means for setting a security policy for data registered in the registration means;
Policy registration means for registering the security policy set by the policy setting means in the security server;
A multi-function machine comprising:   The multifunction device according to claim 1, further comprising a display unit that displays a list of data registered in the registration unit so as to be identifiable as to whether the data has the security policy set therein.   3. The multi-function peripheral according to claim 2, further comprising means for collectively setting a security policy for data for which the security policy is not set among data registered in the registration means. The registration means registers the data in any storage area of storage means each having a plurality of storage areas associated with a specific user,
If the data for which no security policy is set is registered in any of the storage areas, the policy setting means gives an access right to a user associated with the storage area in which the data is registered. 4. The multifunction device according to claim 1, wherein a security policy is set. The registration means registers the data together with information for identifying a user who created the data,
The policy setting means, when a security policy is not set for the data, sets a security policy that gives an access right to the user based on information for identifying the user who created the data. The multifunction device according to claim 1, wherein the multifunction device is a multi-function device. An image processing system for connecting a security server that manages a data security policy in association with user information and data identification information and a multifunction peripheral via a network,
The MFP is
Registration means for registering read data or data input via a network;
Based on the identification information of the user who requests access to the data registered in the registration means, and the data identification information corresponding to the data, a security policy that is information indicating the access right to the data from the security server Acquisition means for acquiring;
Control means for controlling access to the data by applying the security policy acquired by the acquisition means to the data;
Policy setting means for setting a security policy for data registered in the registration means;
Policy registration means for registering the security policy set by the setting means in the security server;
An image processing system comprising:   The image processing system according to claim 6, further comprising an authentication server for authenticating the user, wherein only the user authenticated by the authentication server can register the data and access the data. .   8. The multifunction device according to claim 6, further comprising display means for displaying a list of data registered in the registration means so as to be identifiable as to whether or not the data has the security policy set therein. The image processing system described.   9. The multifunction device according to claim 8, further comprising means for collectively setting a security policy to data for which the security policy is set among data registered in the registration means. Image processing system.   The image processing system according to claim 7, wherein the security policy is set in association with identification information of a user authenticated by the authentication server and data identification information of corresponding data.   The image processing system according to claim 6, further comprising a user terminal that is operated by a user to input data. A method of controlling a multifunction device that can be connected to a network,
A registration step of registering the read data or data input via the network in a box;
An acquisition step of acquiring a security policy that is information indicating an access right to the data from a security server connected via the network based on data identification information corresponding to data registered in the box;
Applying the security policy acquired in the acquisition step to the data to control access to the data;
A policy setting step for setting a security policy for the data registered in the box;
A policy registration step of registering the security policy set in the policy setting step in the security server;
A method for controlling a multifunction machine, comprising: A program for causing a multifunction device to execute a control method of a multifunction device,
The control method is:
A registration step of registering the read data or data input via the network in a box;
An acquisition step of acquiring a security policy that is information indicating an access right to the data from a security server connected via the network based on data identification information corresponding to data registered in the box;
Applying the security policy acquired in the acquisition step to the data to control access to the data;
A policy setting step for setting a security policy for the data registered in the box;
A policy registration step of registering the security policy set in the policy setting step in the security server;
The program characterized by having.

Images