Patent Application
20090100525
The present invention relates to an information processing apparatus, an information processing method, and information processing program, and more particularly to reception/transfer processing of electronic data with access authority in an information processing apparatus.
An information processing apparatus has conventionally been known, which is capable of receiving electronic data such as an electronic document attached with an access authority and transferring the received electronic document in a state that it remains attached with the access authority. In particular, an access authority management system for electronic documents has recently been developed in order to prevent leakage of information.
Such access authority management system has functions, for example, of permitting only authorized users to peruse, edit, and print an electronic document and prohibiting perusal of an electronic document after passage of the expiration date set on the electronic document itself. For access authority management in the access authority management system, a desired policy is generally selectively applied to an electronic document at the time of creation of the electronic document.
By way of example, there is known Policy Server manufactured at Adobe corporation (“Adobe Live Cycle Policy Server” searched on Feb. 27, 2006 on the Internet (URL: http://www.adobe.co.jp/products/server/policy/main.html). The Policy Server is capable of performing the above described access authority control on PDF (portable document format) files.
As a method for evaluating access control of data of the above kind, there is known a method of accepting accesses under some conditions (see, Japanese Laid-open Patent Publication No. 2001184264). Also known is a method for distributing a policy in which it is written what type of control is to be performed (Japanese Laid-open Patent Publication No. 2004-166241). Further known is a printer mounted with the aforementioned type of an access control unit (Japanese Laid-open Patent Publication No. 2004-152263).
On the other hand, information processing apparatuses such as image processing apparatuses adapted for connection with a public telephone line or a network each comprise routes to receive electronic documents from external processing apparatuses in various receiving methods (facsimile, e-mail, etc.). Some of these information processing apparatuses have such a function of receiving electronic documents of various data formats through various receiving methods and then accumulating the received electronic documents in a storage device called as a box or transferring the received electronic documents to other computers.
In general, as means for performing the above described selective operation at the time of document reception, rules are set in advance which include information representing senders such as senders' mail addresses and processing operations such as transfer destinations and transfer methods corresponding to respective ones of the information representative of the senders. Via the above described information processing apparatuses, documents are distributed in a computer environment.
In some cases, however, transfer means and transfer method specified in accordance with the rules are not capable of setting access authority for an electronic document due to protocol specifications, even if an access authority has been set for a received electronic document. For example, in the case of facsimile or internet facsimile, access authority cannot be set for an electronic document due to protocol for use in facsimile communication. In that case, a problem is caused that the authority to access the electronic document is lost.
Electronic document formats permitting access authority setting are sometimes limited to particular file formats. In that case, the access authority once set for an electronic document is lost at the destination, if the electronic document has been converted for transfer into a file format such as JPEG or TIFF in which the access authority for electronic document cannot be set.
Therefore, if an electronic document is transferred via the information processing apparatus in a transfer method not intended by a sender or distributed via the information processing apparatus in a format not intended by the sender, an access authority once set by the sender can be lost. In that case, the information processing apparatus can be a security hole.
The present invention provides an information processing apparatus, an information processing method, and an information processing program that are capable of permitting electronic data with access authority to be available at a transfer destination, without the access authority being lost.
According to a first aspect of the present invention, there is provided an information processing apparatus comprising a reception device adapted to receive electronic data, a hold device adapted to hold transfer conditions, each of the transfer conditions including information representative of a transfer destination, a determination device adapted, in a case where an access authority has been set for the received electronic data, to make a determination based on the transfer condition as to whether or not the received electronic data is capable of being transferred in a state that it remains set with the access authority, and a transfer control device adapted to transfer the received electronic data with the access authority in a state that it remains set with the access authority to the transfer destination represented by the transfer condition in a case where the determination device has determined that the received electronic data is capable of being transferred, the transfer control device being adapted to limit the received electronic data set with the access authority being transferred to the transfer destination represented by the transfer condition in a case where the determination device has determined that the received electronic data is not capable of being transferred.
According to a second aspect of the present invention, there is provided an information processing apparatus comprising a reception device adapted to receive electronic data, a hold device adapted to hold reception conditions, first transfer conditions, and second transfer conditions so that each of the reception conditions is made to correspond to an associated one of the first transfer conditions and to an associated one of the second transfer conditions, each of the first and second transfer conditions at least including information representative of a transfer destination, and a transfer control device adapted, in a case where the received electronic data meets any of the reception conditions held by the hold device and no access authority has been set for the received electronic data, to transfer the received electronic data to a transfer destination represented by the first transfer condition corresponding to the reception condition met by the received electronic data, the transfer control device being adapted, in a case where the received electronic data meets any of the reception conditions held by the hold device and an access authority has been set for the received electronic data, to transfer the received electronic data in a state that it remains set with the access authority to a transfer destination represented by the second transfer condition corresponding to the reception condition met by the received electronic data.
According to third and fourth aspects of the present invention, there are provided information processing methods applied to respective ones of the information processing apparatuses according to the first and second aspects of the present invention. According to fifth and sixth aspects of the present invention, there are provided information processing programs each for causing a computer to execute a corresponding one of the information processing methods according to the third and fourth aspects of the present invention.
With the information processing apparatus, the information processing method, and the information processing program according to the first, third, and fifth aspects of the present invention, the received electronic data is transferred or the received electronic data is limited from being transferred depending on whether or not the received electronic data is capable of being transferred in a state that it remains set with the access authority. As a result, the electronic data with the access authority can be made available at the transfer destination, without the access authority being lost.
With the information processing apparatus, the information processing method, and the information processing program according to the second, fourth, and sixth aspects of the present invention, the received electronic data is transferred to a desired one of different transfer destinations depending on presence or absence of the access authority, whereby the electronic data with the access authority can be made available at the transfer destination, without the access authority being lost.
The above and other features and advantages of the present invention will be apparent from the following description taken in conjunction with the accompanying drawings, in which like reference characters designate the same name or similar parts throughout the figures thereof.
In the following, preferred embodiments of the present invention will be described with reference to the appended drawings.
The copiers 1001, 1002 are connected to an access authority management server 1007 via an Ethernet (registered trademark) 1008, which is a network and to which are connected a database/mail-server 1004, a client computer 1005, and a printer 1006.
A facsimile machine 1003 is connected to the copier 1001 via a public telephone line 1009. The facsimile machine 1003 receives data read by the copier 1001 via the public telephone line 1009 and prints the received data. In the database/mail-server 1004, an application server operates to store data read by the copier 1001 or 1002. The client computer 1005 is capable of downloading and displaying the data stored in the database/mail-server 1004. The printer 1006 is a printing apparatus that prints image data read by the copier 1001 or 1002 and PDL data generated by the client computer 1005. The access authority management server 1007 is a server that manages access authority information on electronic documents.
The copier 101 includes a controller unit 2000 to which are connected a scanner 2070 and a printer 2095 that are an image input device and an image output device. When the controller unit 2000 is connected with a LAN 2011 or a WAN 2051 which is a public telephone line, image information and device information can be inputted into and outputted from the controller unit 2000.
The controller unit 2000 includes a CPU (an access authority determination device, a transfer eligibility determination device, or a transfer control device) 2001 to which a RAM 2002 is connected via a system bus. Further connected to the CPU 2001 via the system bus 2007 are a ROM 2003, an HDD 2004, an operation unit I/F 2006, a network I/F 2010, a modem 2050, and an IC card slot 2100.
The CPU 2001 is a controller for controlling the entire system. The RAM 2002 is a system work memory for use for operation of the CPU 2001 and is an image memory for temporal storage of image data. The ROM 2003 is a boot ROM in which a boot program for the system is stored. The HDD 2004 is a hard disk drive for storing system software and image data. The operating unit I/F 2006 is an interface with an operating unit 2012 having a touch panel. Image data to be displayed on the operating unit 2012 is outputted thereto via the operating unit IF 2006. Information inputted by a user from the operating unit 2012 to the system is transmitted through the operating unit I/F 2006 to the CPU 2001. A network I/F 2010 is connected to the LAN 2011 for input and output of information. The modem 2050 is connected to the WAN 2051 for input and output of information.
The system bus 2007 is connected to an image bus 2008 via an image bus I/F 2005. The image bus I/F 2005 is a bus bridge through which image data is transferred at high speed between the system bus 2007 and the image bus 2008 and data structure thereof is converted. The image bus 2008 is implemented by a PCI bus or an IEEE 1394 bus.
Connected to the image bus 2008 are an RIP 2060, a device I/F 2020, a scanner image processing section 2080, a printer image processing section 2090, an image rotating section 2030, an image compressing section 2040, and an encryption/decryption processing section 2110.
The RIP 2060 is a raster image processor that expands PDL code into bit map data. The device I/F 2020 is for connecting the controller unit 2000 with the scanner 2070 and a printer 2095 as an image input device and an image output device and for performing synchronous/asynchronous conversion of image data. The scanner image processing section 2080 carries out correction, processing, and editing of the inputted image data. The printer image processing section 2090 carries out printer correction and resolution conversion for print-out image data.
The image rotating section 2030 carries out rotation of image data. The image compressing section 2040 carries out JPEG compression/expansion for multi-valued image data and JBIG, MMR (modified modified read), or MH (modified huffman) for binary image data.
The IC card slot 2100 permits the input/output of an encryption/decryption key when an IC card medium is inserted thereto and then an appropriate PIN (personal identifier number) code is inputted. The encryption/decryption processing section 2110 is a hardware accelerator board that performs encryption/decryption processing using the key inputted to the IC card slot 2100.
The software is adapted for being executed by the controller unit 2000 incorporated in the copier 1001 as image processing apparatus. The software is installed as firmware and executed by the CPU 2001 (see
The real-time OS 3001 is a real-time operating system and provides software running thereon with various resource management services and frameworks optimized for control of a built-in system. Various resource management services and frameworks provided by the real-time OS 3001 include multitask management (thread management) of substantially parallel-operating a plurality of processes by managing a plurality of execution contexts of processes performed by the CPU 2001, inter-task communication for implementing synchronization and data exchange between tasks, memory management, interrupt management, various device drivers, and protocol stacks implementing various protocol processes for a local interface, network, communication, and the like.
The controller platform 3002 is comprised of a file system 3003 and a job/device control module 3004. The file system 3003 is a mechanism for storing data in a storage device such as the HDD 2004 or the RAM 2002 (see
The application 3006 is a built-in application for inputting and outputting image or text data via the LAN 2011 or the WAN 2051 (see
The transmission management module 3007 includes an I-FAX (internet fax) transmission module 3009, a FAX transmission module 3010, an FTP transmission module 3011, and an email transmission module 3012. The reception management module 3008 includes an I-FAX reception module 3013, a FAX reception module 3014, an FTP reception module 3015, and an email reception module 3016. Each of the transmission management module 3007 and the reception management module 3008 controls various transmission/reception jobs.
Furthermore, as a mechanism for assisting the above described transmission and reception, the application 3006 includes an address book section 3017, a reception rule section (hold device) 3018, a history manager 3019, a setting manager 3020, and the like. The address book section 3017 manages mail addresses and URIs (uniform resource identifiers) as transmission destinations. The reception rule section 3019 manages processing rules for reception. The history manager 3019 manages a history of transmission and reception. The setting manager 3200 manages various setting information.
The policy data includes policy IDs 4001 to identify respective ones of policies, and policy names 4002 each used by users to identify a corresponding one of the policies. The policy data further includes, as data fields, UID/GID fields 4003 in which are recorded user IDs (to identify individual users) and group IDs (to identify groups each including a plurality of users). As other data fields, there are provided reading authority fields 4004, edit authority fields 4005, and print authority fields 4006 in each of which is indicated the presence/absence of reading authority, edit authority, or print authority of a corresponding one of the user IDs and the group IDs. As shown in
To create a format as shown in
First, the client computer 1005 accesses the access authority management server 1007 and specifies a policy ID corresponding to the content of the access authority desired to be provided to the given electronic document.
In response to the access from the client computer 1005, the access authority management server 1007 creates an electronic document ID corresponding to the electronic document, an encryption key for encryption of the electronic document, and a decryption key for decryption of the electronic document. The electronic document ID, the policy ID specified by the client computer 1005, and the decryption key are managed so that they are made to correspond to one another. Then, the electronic document ID and the encryption key are transmitted to the client computer 1005.
The client computer 105 receiving the encryption key and the electronic document ID from the access authority management server 1007 encrypts the electronic document using the received encryption key, and adds the electronic document ID received from the access authority management server to the encrypted electronic document. As a result, the electronic document with access authority is created, which has the format as shown in
In order that the client computer 1005 performs an operation on the electronic document with access authority (such as to open, edit, or print the document), the following procedures are executed.
First, the client computer 1005 transmits to the access authority management server 1007 the electronic document ID added to the electronic document and the ID (UID or GID) to specify a user or a group who wishes to perform an operation on the electronic document.
The access authority management server 1007, which manages the electronic document IDs and the policy IDs such that they are made to correspond to one another, specifies a policy ID corresponding to the transmitted electronic document ID. Then, the access authority management server 1007 reads information on the authority of the UID or GID defined by the identified policy ID, and transmits to the client computer 1005 the read information together with a decryption key managed so as to correspond to the electronic document ID.
The client computer 1005 decrypts the encrypted data body 6005 part of the electronic document with access authority using the received decryption key, and based on the received access authority information, controls permission/prohibition of the user's operation.
The above described access authority control can similarly be carried out by a different information processing apparatus or the like, not shown, other than the client computer 1005.
The item “rule ID” 7001 contains identification IDs that are unique to respective ones of the rules and utilized for internal management. The item “rule name” 7002 contains arbitrary names for use by users to identify the rules. The item “reception means” 7003 indicates which reception means is to be used for comparison among a plurality of reception means (or reception methods) such as I-FAX reception, FAX reception, FTP reception, email reception, etc. (refer to the modules 3013 to 3016 in
The item “comparison attribute” 7004 represents which attribute is to be used for comparison among various attributes such as sender telephone number, sender mail address, etc. included in a received job. A subject (file name or subject of e-mail) of received data can be used as comparison attribute 7004 of reception condition. The item “comparison value” 7005 represents values each of which is to be used for comparison with the attribute of the received job specified in the item “comparison attribute” 7004. The item “expression” 7006 represents a method for comparison of values, which is selected from comparison methods such as “equal to”;, “ending at” and “starting from”.
The item “transfer means” 7007 represents transfer means (or transfer methods) each of which is to be used for electronic document transfer in a case where the received job meets the condition represented by the items “reception means” 7003, “comparison attribute” 7004, “comparison value” 7005, and “expression” 7006. The item “transfer destination” 7008 represents destinations one of which an electronic document is to be transferred to. The item “file format” 7009 represents file formats one of which is to be used for electronic document transfer.
Electronic documents received by the copier 1001 can have various formats. For example, there are formats in which an access authority is set as shown in
A format set with access authority as shown in
In
Next, it is determined in a step S104 whether or not the registered rule number R is greater than the process counter value n (R>n). If it is determined that the relation of R>n is not satisfied, which indicates that none of the rules registered in the reception rule section 3018 is met, then the process proceeds to a step S105. In the step S105, a default reception process is carried out and then the present process is completed. The default reception process is to perform such as printing or storing in the file system 3003, which is set in advance in the setting manager 3020 (refer to
On the other hand, if the relation of R>n is satisfied, then a rule R(n) is acquired (step S106). The rule R(n) is the n-th rule (n=1, 2, 3, - - - ). Next, whether or not the received job meets the condition specified in the rule R(n) is determined (step S107). If, for example, the received document has been received via fax from a sender telephone number “123456789” and therefore the rule “1” indicated in the item “rule ID” 7001 is satisfied (refer to
If it is determined in the step S107 that the received job does not satisfy the condition in the rule R(n), the process counter value n is incremented by one (step S108), whereupon the process returns to the step S104. On the other hand, if it is determined that the received job satisfies the condition, a determination is made as to whether or not the received electronic document is set with access authority management information (step S109). At this time, the presence/absence of a file header 6001 and a version 6002 in the received electronic document is determined. If such file header and version are attached to the document, it is determined that the received electronic document is set with access authority management information, i.e., the received electronic document is an electronic document with access authority. It should be noted that such determination may be made based on different information and method other than the above described ones so long as they permit execution of a determination to determine whether the access authority management information is set for the electronic document.
If it is determined in the step S109 that no access authority management information is set for the received electronic document, the document is transmitted to a destination specified by the transfer destination 7008 in the rule R(n) (step S110), whereupon the present process is completed. On the other hand, if it is determined that access authority management information is set, the process proceeds to a step S111. In the step S111, it is determined whether or not transfer means 7007 and file format 7009, which are part of the transfer condition in the rule R(n), form such a combination that permit setting of access authority management information. In other words, it is determined whether not the received electronic document is capable of being transferred in a state that it remains set with the access authority management information.
For example, in a case where a file format that permits setting of access authority management information is PDF, the electronic document can be transferred in a state that it remains set with the access authority management information, if the file format 7009 is PDF and if the transfer means 7007 is FTP or email. However, in a case where the file format 7009 is JPEG or TIFF or the transfer means 7007 is FAX or I-FAX, the electronic document cannot be transferred in a state that it remains set with the access authority management information.
If it is determined in the step S111 that the document can be transferred in a state that it remains set with the access authority management information, the process proceeds to the step S110 that transmits the received electronic document to a destination specified by the transfer destination 7008 in the rule R(n) in a state that the received electronic document remains set with the access authority management information. On the other hand, it is determined that the document cannot be transferred in a state that it remains set with the access authority management information, the process proceeds to a step S112. In the step S112, the electronic document is caused to move to the save folder 3003a (refer to
Next, text data is created, which includes a URI as information representing a location of the save folder 3003a (step S113). Then, it is determined whether or not the transfer means 7007 specified in the rule R(n) is FAX or I-FAX (step S114). It should be noted that different information (such as the path of the save folder) other than URI may be used as long as it permits the location of the save folder 3003a to be recognized.
It is determined in the step S114 that the transfer means 7007 is FAX or I-FAX, the text data created in the step S113 is converted into TIFF data (step S115). Then, in a step S116, the TIFF data is transmitted to the destination specified by the transfer destination 7008 in the rule R(n), and the present process is completed.
On the other hand, if it is determined in the step S114 that the transfer means 7007 is not FAX nor I-FAX, the process proceeds to a step S117. In the step S117, the text data created in the step S113 is transmitted to the destination specified by the transfer destination 7008 in the rule R(n), and the present process is completed.
A user receiving the data can know the location of the received electronic document for which access authority management information has been set, and can access the electronic document in a state that the document remains set with access authority.
If whether or not the received electronic document is set with access authority management information cannot be determined in the step S109, then it is uniformly determined that access authority management information is set for the received electronic document. This makes it possible to notify a destination user of the fact that the electronic document, for which whether or not the document is set with access authority has not been determined, has been received and of a method allowing access to the document, whereby the access authority can be prevented from being lost.
According to the present embodiment, in a case where an received electronic document is set with access authority management information, it is determined, referring to the transfer means 7007 and the file format 7009 in the rule R(n), whether or not the received electronic document can be transferred in a state that it remains set with the access authority management information. If it is determined that such document transfer can be carried out, the electronic document is transferred in a state that it remains set with the access authority management information. On the other hand, if it is determined that such document transfer cannot be carried out, the electronic document is saved in the save folder 3003a and text data including a URI indicating the location of the save folder 3003a is created. Subsequently, the text data is transferred, as it is or after being converted into TIFF data, to a destination specified by the transfer destination 7008.
In brief, depending on whether or not a received electronic document can be transferred in a state that it remains set with access authority, the received electronic document is transferred, or information indicating the fact that the received document has been saved and indicating the location where the received document has been saved is transmitted, whereby it is possible to notify a user at the transfer destination of the fact that the electronic document with access authority has been received and of the location of the document. As a result, the document with access authority is made available by the destination user without the access authority being lost.
In the first embodiment, in a case where a document cannot be transferred in a state that it remains set with access authority, information indicating the location of the received document is transmitted, instead of the received document itself being transferred. In contrast, a second embodiment changes a transfer destination depending on the presence/absence of access authority.
The second embodiment is basically the same as the first embodiment (
In
The first transfer means 11007 corresponds to the reception condition specified by the reception means 7003, comparison attribute 7004, comparison value 7005, and expression 7006, and indicates transfer means used for transfer of documents with no access authority. The first transfer destination 11008 indicates a transfer destination. The second transfer means 11009 is transfer means used for a case where a received job meets the reception condition and used for transfer of documents with access authority. The second transfer destination 11010 indicates a transfer destination. Thus, as the second transfer means 11009, transfer means is set by which a document can be transferred in a state that it remains set with access authority management information. Specifically, the second embodiment is configured to set only either the FTP transmission 3011 or the email transmission 3012 (refer to
With the rule registration screen shown in
The processing in steps S201 to S208 is the same as or similar to the processing in the steps S101 to S108 in
If it is determined in the step S209 that the document is set with no access authority management information (i.e., is not a document with access authority), the received electronic document is transmitted via transfer means specified by the first transfer means 11007 to a destination specified by the first transfer destination 11008 in the rule R(n) (step S211), whereupon the present process is completed.
On the other hand, in the case of access authority management information being set, the received electronic document is transmitted via transfer means specified by the second transfer means 11009 to a destination specified by the second transfer destination 11010 in the rule R(n) (step S210), whereupon the present process is completed.
According to this embodiment, an electronic document with access authority is transferred, on a priority basis, via transfer means specified by the second transfer means 11009 to a destination specified by the second transfer destination. The received document with access authority is made available at a desired transfer destination, without causing the lack of access authority.
In the first and second embodiments, it is enough for the “reception condition” specified in each of the rules (
In the above, the copiers 1001, 1002 which are image processing apparatuses have exemplarily been described as information processing apparatuses that receive and transfer electronic documents. However, information processing apparatuses to which the present invention is applicable are not limited to the copiers or the like.
In the above, electronic documents have exemplarily been described as electronic data to be received and transferred. However, the present invention is applicable to various electronic data such as images and music files.
It is to be understood that the present invention may be accomplished by supplying a system or an apparatus with a storage medium stored with a program code of software, which realizes the functions of any of the above described embodiments. The present invention may also be accomplished by causing a computer (or CPU, MPU or the like) of the system or the apparatus to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium realizes the functions of any of the above described embodiments, and therefore the program code and the storage medium in which the program code is stored constitute the present invention.
Examples of the storage medium for supplying the program code include a floppy (registered trademark) disk, a hard disk, a magnetic-optical disk, an optical disk such as a CD-ROM, a CD-R, a CD-RW, a DVD-ROM, a DVD-RAM, a DVD-RW, or a DVD+RW, a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program may be downloaded via a network.
Further, it is to be understood that the functions of any of the above described embodiments may be accomplished by not only by executing the program code read out by a computer, but also by causing an OS (operating system) or the like which operates on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the functions of any of the above described embodiments may be accomplished by writing a program code read out from the storage medium into a memory provided on an expansion board inserted into a computer or a memory provided in an expansion unit connected to the computer and then causing a CPU or the like provided in the expansion board or the expansion unit to perform a part or all of the actual operations based on instructions of the program code.
As many apparently widely different embodiments of the present invention can be made without departing from the spirit and scope thereof, it is to be understood that the invention is not limited to the specific embodiments thereof except as defined in the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2006-141849 | May 2006 | JP | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/JP2007/060657 | 5/18/2007 | WO | 00 | 9/12/2008 |
