JP2009098779A - Document management system, document management device and document management program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a document management system for performing control so that a policy set in a document so as to manage security on the system and each security information of policy tags imparted to the document match with each other, and a document management device and a document management program. <P>SOLUTION: This document management system has: an indication information impartment distinction means distinguishing whether indication information for prescribing an operation limit of the document is imparted to the document or not; an extraction means extracting the indication information when it is distinguished by the indication information impartment distinction means that the indication information is imparted; and a setting means setting operation limit information corresponding to the operation limit prescribed by the indication information extracted by the extraction means so as to correspond to the document. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a document management system, a document management apparatus, and a document management program.

  In Patent Document 1, a confidential policy including designation of a person who is permitted to view a document is managed by a management server, a client on the creation side that creates a confidential document acquires the confidential policy from the management server, and based on the acquired confidential policy. Disclosure of technology that executes confidential document processing including document encryption and image pasting, manages information related to confidential documents on the management server, and controls whether the management server can view or print Has been.

  Patent Document 2 discloses information (selection information) for comparing a document for which security information is not set with information stored in the document for which security information is set (comparison target information). A technique is disclosed in which security information corresponding to a security attribute value estimated from a calculation result of similarity between selection information and comparison target information is applied to a document for which security information is not set. .

In Patent Document 3, image data is created and stored as an image pattern in a network system that transmits a document by connecting to an external network from an internal network in which a server for storing the document and a plurality of client terminals are connected. An image pattern management device that inserts an image pattern into a document stored on a server is connected to the internal network, a gateway is provided between the internal network and the external network, and a document transmitted from the internal network to the external network is: The gateway detects whether the image pattern is inserted, and if the image pattern is detected, the gateway disconnects the connection from the internal network to the external network. Technology for relaying the connection is disclosed.
JP 2004-151163 A JP 2007-034618 A JP 2006-048193 A

  The present invention relates to a document management system and a document management apparatus for controlling so that operation restriction information set for a document for security management of the document on the system matches each security information of labeling information given to the document And provide document management programs.

  In order to achieve the above object, the document management apparatus according to the first aspect of the present invention includes a labeling information addition determining unit that determines whether labeling information that defines operation restrictions on the document is attached to the document, and the labeling information addition determination. When it is determined by the means that the labeling information is given, an extraction unit for extracting the labeling information, and operation restriction information corresponding to the operation restriction defined by the labeling information extracted by the extraction unit are displayed in the document. And setting means for setting corresponding to the above.

  The document management apparatus of the invention of claim 2 prescribes a restriction on the operation of the document in the invention of claim 1 when the labeling information addition determining means determines that the labeling information is not given. Operation restriction information setting determining means for determining whether operation restriction information is set for the document; and, when the operation restriction information is not set for the document, predetermined predetermined labeling information is set for the document. Marking information setting means.

  According to a third aspect of the present invention, there is provided a document management apparatus comprising: an operation restriction information setting determining unit configured to determine whether operation restriction information that defines an operation restriction of a document corresponding to a document is set; and the operation restriction information setting When it is determined by the determining means that the operation restriction information is set, a specifying means for specifying the labeling information corresponding to the operation restriction information, and a grant for giving the labeling information specified by the specifying means to the document Means.

  According to a fourth aspect of the present invention, there is provided a document management apparatus according to a fourth aspect of the present invention, comprising: labeling information that is assigned to a document and defines operation restrictions on the document; Storage means for storing the information in association with each other, first determination means for determining whether the labeling information is given to the document, and second for determining whether the operation restriction information is set corresponding to the document. When the marking information is determined to be given to the document by the determining means and the first determining means, and the operation restriction information is not stored in the storage means corresponding to the marking information. The operation restriction information corresponding to the operation restriction defined by the labeling information is stored in the storage unit corresponding to the labeling information, and the first determination unit determines that the labeling information is not given to the document. And said When it is determined by the determining means of 2 that the operation restriction information is set corresponding to the document, the labeling information corresponding to the operation restriction information is stored in the storage means corresponding to the operation restriction information. Storage control means for controlling to do so.

  According to a fifth aspect of the present invention, there is provided a document management system according to the present invention, wherein a document management apparatus that manages operation restriction information that defines operation restrictions on a document corresponding to a document, and operation restriction information managed by the document management apparatus A document operation device that operates a restricted document, and the document management device stores labeling information that is given to the document and defines operation restrictions on the document and the operation restriction information in association with each other. The document operation device includes: a first determination unit configured to determine whether the labeling information is attached to the document; and a second determination unit configured to determine whether the operation restriction information is set corresponding to the document. When it is determined by the determination means and the first determination means that the labeling information is given to the document, and the operation restriction information corresponding to the labeling information is not stored in the storage means, in front The operation restriction information corresponding to the operation restriction defined by the labeling information is stored in the storage unit corresponding to the labeling information, and it is determined that the labeling information is not given to the document by the first determination unit, In addition, when it is determined by the second determination means that the operation restriction information is set corresponding to the document, the labeling information corresponding to the operation restriction information is stored in correspondence with the operation restriction information. Storage control means for controlling to store in the means.

  According to a sixth aspect of the present invention, there is provided a document management program comprising: a display information addition determination unit that determines whether a computer is provided with labeling information that defines operation restrictions on the document; and the display information addition determination unit. When it is determined that the labeling information is given, an extraction unit for extracting the labeling information and an operation restriction information corresponding to an operation restriction defined by the labeling information extracted by the extraction unit are associated with the document. And function as setting means for setting.

  According to the first aspect of the present invention, it is possible to synchronize the labeling information given to the document and the operation restriction information set for the document.

  According to the second aspect of the present invention, even if neither labeling information nor operation restriction information is set in the document, it is possible to synchronize the provision of the labeling information to the document and the corresponding operation restriction information. , Have an effect.

  According to the third aspect of the invention, there is an effect that the operation restriction information set for the document can be synchronized with the labeling information given to the document.

  Moreover, according to the invention of Claim 4, it has the effect that it can divert and use the correspondence of the newly matched label | marker information and operation restriction information.

  According to the fifth aspect of the present invention, the correspondence relationship between the labeling information newly operated by the document operation device and the operation restriction information is centrally managed by the document management device, and the correspondence relationship is diverted. Can be used.

  According to the sixth aspect of the invention, there is an effect that the computer can execute processing for synchronizing the labeling information given to the document and the operation restriction information set for the document.

  DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of a document management system, a document management apparatus, and a document management program according to the present invention will be described below in detail with reference to the accompanying drawings.

  FIG. 1 is a configuration diagram showing the main configuration of a document management system 100 according to the present invention.

  As shown in FIG. 1, in a document management system 100, a client PC 1, a multifunction device 2, a document policy server 3, and a document management device 4 are connected via a network 5 such as a LAN (= Local Area Network). , Client PC 1, document policy server 3, and document management device 4 include an input device (for example, a keyboard and a mouse), an output device (for example, a display), a central processing unit (for example, CPU), and a storage device (ROM, RAM). , Hard disk, external storage device, etc.).

  CPU is an abbreviation for Central Processing Unit, ROM is an abbreviation for Read Only Memory, and RAM is an abbreviation for Random Access Memory.

  In addition to the above-described devices, the document management system 100 is connected to various devices such as a server that manages various devices connected to the network 5, and the network 5 includes the client PC 1, the multifunction device 2, and the like. A plurality of these devices may be connected.

  The client PC 1 constituting the document management system 100 according to the present invention performs various document processing such as document creation, display, editing, and printing (for example, processing functions by general-purpose document processing software such as a document editor and a word processor). In addition to the above function, setting of operation restriction information (hereinafter referred to as “policy” for convenience of description) to the document, provision of labeling information (hereinafter referred to as “policy tag” for convenience of description) to the document, A diagram for detecting a policy set in a document and a policy tag attached to the document, obtaining security information associated with the policy and the policy tag, and controlling operation restrictions on the document based on the policy set in the document. A policy control function (PC) not shown is provided.

  The policy here refers to security information that defines the handling of documents when performing security management of documents (electronic documents or paper documents, etc.). Documents that manage documents in association with security information It is said that the policy is set to.

  Security information includes, for example, access rights and usage rights for documents, such as users, affiliations (departments in the company), related parties, related groups, etc., document types (HR, accounting, general affairs, etc.), There is information associated with each type, such as secret level (confidential, confidential, private, group secret, etc.), expiration date (time limit for the document).

  By managing such security information in association with each document, the handling of the document is restricted and the document is protected unless it is a person or condition having access authority, use authority, or the like.

  The policy tag described above is information expressed in correspondence with each security information set as a document policy. For example, an image (for example, a JPEG image) as shown in FIG. b) vector graphic (for example, SVG), information that can be set by an interface provided for various document processing functions as shown in FIG. 2 (c) and FIG. 2 (d) (for example, set by header / footer function) 2), QR code as shown in FIG. 2 (e), RFID as shown in FIG. 2 (f), one-dimensional or two-dimensional barcode mark, sticker, Information expressed by trust marking, invisible ink, paper fingerprints, printed marks such as stamps, and complex tag information combining these information. Grayed is applied to the document.

  JPEG is an abbreviation for Joint Photographic Experts Group, SVG is an abbreviation for Scalable Vector Graphics, RFID is an abbreviation for Radio Frequency Identification, and QR is an abbreviation for Quick Response. 2A is an example of a policy tag expressed by an image when the document is to be protected as a confidential document or a copy-prohibited document. FIG. 2B is a vector when the document is to be protected as a confidential document. FIG. 2C shows an example of a policy tag represented by an image. FIG. 2C shows an example of a setting operation and a policy tag for protecting a document as confidential by setting operation of an interface function included in the document processing function. Is an example of a paper document to which a policy tag set by an interface function included in the document processing function is assigned. FIG. 2E is an example of a paper document to which a policy tag expressed by a QR code is assigned. (F) is an example of a paper document to which a policy tag expressed by RFID is attached. The multifunction device 2 optically scans a paper document (a document printed on paper) to read an image of the paper document, and sends a print instruction instructed to print, in addition to a scan processing function for transmitting the read image to a designated destination. In addition to conventional functions such as a print processing function for printing data, a duplication processing function for copying a paper document, and a facsimile communication function for performing facsimile communication of a paper document or an electronic document, an image read from a paper document (hereinafter referred to as “scan”). "Image"), policy setting or policy tag assignment to print data instructed for printing and images received by facsimile communication function, detection of policy or policy tag set or assigned to paper document or scanned image, Acquisition of security information associated with policies and policy tags, and the paper text based on policies set for paper documents, scanned images, etc. Not shown policy control function performs control of the operation restrictions on and scanned images, and the like and a (MFP).

  The document policy server 3 performs management of policies set for documents managed by the document management system 100, management of document operation history, log information, etc., authentication of each user, and the like.

  Specifically, document policy management by the document policy server 3 is performed in response to a document policy setting request from each device such as the client PC 1 or the multifunction machine 2, and identification information of the document and security associated with the document. Information is stored and managed in association with various information such as the storage location of the document. Each time a policy is set for a document, information such as the document identification information and security information associated with the document is transmitted to the document management apparatus 4 to indicate that the policy setting for the document has been made. Notice. Also, in response to a policy inquiry set for a document from each device such as the client PC 1, the multifunction device 2, and the document management device 4, the security information associated with the document and information such as the storage location of the document are inquired. Reply to the original device.

  The document management apparatus 4 synchronizes with the operations of the client PC 1, the multifunction peripheral 2, and the document policy server 3 constituting the document management system 100, and adds a policy tag to the document and the policy tag attached to the document. If there is a detection operation, control is performed so that the security information corresponding to the policy tag is set as the policy of the document, and the policy setting operation for the document on each device and the policy setting for the document are controlled. If there is a detection operation, control is performed so that a policy tag corresponding to the security information associated with the policy is attached to the document, and the policy tag assigned to the document and the policy set for the document Control to align each security information.

  By the way, the main operational feature of the document management system 100 configured as described above is that a policy tag is assigned to an accessed document (hereinafter simply referred to as “accessed document” for convenience of explanation). If the policy tag is attached to the access document, the security information policy setting corresponding to the policy tag is set for the access document, and the policy is set to the access document or the policy is set. In the case of the access document, a security information policy tag corresponding to the policy is attached to the access document to manage the document. Such document management is mainly performed by the control operation of the document management apparatus 4. Is done.

  FIG. 3 is a block diagram showing a functional configuration of the document management apparatus 4 according to the present invention.

  As shown in FIG. 3, the document management apparatus 4 includes a policy tag acquisition unit 40, a policy setting unit 41, a policy acquisition unit 42, a policy tag assignment unit 43, a policy synchronization unit 44, a storage unit 45, a registration unit 46, and an estimation unit. 47 and a presentation unit 48.

  The policy tag acquisition unit 40 performs an operation to add a policy tag to an access document (electronic document or paper document) in each device such as the client PC 1 or the MFP 2 or performs a policy tag detection operation of the access document. If it does, control to acquire the policy tag is performed.

  Specifically, for example, document processing such as creation, editing, and copying of an electronic document is performed by a user operation on the client PC 1, and a policy tag of prohibited copying (see FIG. 2A) is assigned to the document. If the policy tag for prohibition of copying is attached to the access document, the policy tag information is acquired.

  In addition, when a policy tag is given to a scanned image read from a paper document or a policy tag is given to a scanned image read from a paper document by a user operation on the multifunction device 2, the policy is If there is a policy tag assignment operation or a policy tag detection operation in the multifunction device 2, such as when a paper document with a tag attached is printed out, information on the policy tag is acquired.

  As described above, the policy tag is information corresponding to security information expressed by an image, a vector graphic, a header / footer function provided in various document processing functions, and the like.

  The policy setting unit 41 specifies security information corresponding to the policy tag acquired by the policy tag acquisition unit 40 with reference to a policy tag information correspondence table 451 (see FIG. 5) described later stored in the storage unit 45, and Control is performed to register the specified security information in the document policy server 3 as the policy of the document. If security information corresponding to the policy tag is not specified, control is performed so that the security information estimated by the estimation unit 47 as security information corresponding to the policy tag is registered in the document policy server 3 as the policy of the document.

  Specifically, it is estimated from the identification information of the document to which the policy tag is attached and the security information corresponding to the policy tag specified by referring to the policy tag information correspondence table 451 from the policy tag, or the policy tag. The security information is transmitted to the document policy server 3 and a policy setting is requested, so that the document policy server 3 sets the policy for the document based on the identification information of the document and the security information.

  The policy acquisition unit 42, in each apparatus such as the client PC 1 or the multifunction device 2, performs a policy setting operation on the access document (paper document and electronic document) or a policy detection operation set on the access document. If this happens, control is performed to obtain security information for that policy.

  Specifically, for example, when a document operation such as creation, editing, or copying of an electronic document is performed by a user operation on the client PC 1 and a security is associated with the document and a policy is set, or an access document If a policy is set in, security information associated with the policy is acquired.

  In addition, when a policy is set for a scanned image read from a paper document or a policy is set for a paper document to be scanned by a user operation on the multifunction device 2, the paper on which the policy is set on the multifunction device 2 When there is a policy setting operation or a set policy detection operation in the MFP 2 such as when a document is printed out, security information associated with the policy is acquired.

  The policy tag assigning unit 43 specifies a policy tag corresponding to the security information acquired by the policy acquisition unit 42 with reference to the policy tag information correspondence table 451 stored in the storage unit 45, and specifies the specified policy tag. Controls the document. Further, when the policy tag corresponding to the security information is not specified, the estimation unit 47 performs control to give the policy tag estimated as the policy tag corresponding to the security information to the document.

  The policy synchronization unit 44 is set in the policy setting operation or document for the document in each device in synchronization with the operation of each device such as the client PC 1, the MFP 2, and the document policy server 3 connected via the network 5. Detects policy detection operations, policy tag assignment operations on documents, and policy tag detection operations attached to documents, so that the consistency between the policy tag of the document and each security information of the policy is maintained. Control to synchronize operation.

  Specifically, data signals, control signals, status information, and the like transmitted / received between devices via the network 5 are monitored, and policy tags are attached to documents in synchronization with the occurrence of access to the documents at each device. When a detection operation for a policy tag attached to an operation or a document, or a setting operation for a policy or a detection operation for a policy set in a document occurs, the document is based on information notified from each device along with the operation. The security information indicated by the policy tag attached to is set as the policy of the document, and the policy tag corresponding to the security information of the policy set in the document is assigned to the document, and assigned to the same document. Control so that the security information of the policy tag and the set policy is consistent.

  As described above, the storage unit 45 is configured by a storage device such as a ROM, a RAM, and a hard disk, and is a device that performs control of writing data to each storage device and reading data from each storage device. The storage unit 45 stores and holds various programs and data necessary for the operation of the policy tag information correspondence table 451, the policy tag estimation DB 452, the security information estimation DB 453, the document estimation DB 454, and the document management apparatus 4.

  The policy tag information correspondence table 451 is information (see FIG. 5) that defines the correspondence between policy tags and security information, and details will be described later.

  The policy tag estimation DB 452 is a database that manages a policy tag and characteristic information included in the policy tag in association with each other. For example, a keyword included in the policy tag (secret, prohibited copy, confidential, group disclosure, etc.) ), A specific image shape (partial shape such as QR code), signal information (specific signal such as RFID), and the like, and a policy tag related to the information can be searched.

  The security information estimation DB 453 is a database that manages security information in association with characteristic information included in the security information. For example, keywords included in the security information (prohibition of copying, handling under section managers, printing restrictions) Security information related to such information can be searched from such as editing disabled, browsing only, etc.

  The document estimation DB 454 is a database that manages the characteristic information such as texts and images included in the document and the identification information of the document in association with each other. For example, from the keywords and characteristic images included in the document, The document identification information related to the information can be searched.

  The policy tag estimation DB 452 and the security information estimation DB 453 store and manage the policy tag and security information registered in the policy tag information correspondence table 451 and their characteristic information in association with each other, and the document estimation DB 454 stores the information. The document identification information managed by the document policy server 3 and the characteristic information of the document are stored and managed in association with each other.

  The registration unit 46 registers information such as the policy tag, security information, policy tag information correspondence table 451, policy tag estimation DB 452, and security information estimation DB 453 managed by the document management system 100.

  The estimation unit 46 estimates the security information corresponding to the policy tag assigned to the document and the policy tag associated with the security information corresponding to the policy set for the document.

  Specifically, when security information corresponding to a policy tag assigned to an access document or a policy set to the access document is not registered in the policy tag information correspondence table 451, it is the same as characteristic information of the policy tag or A similar policy tag is estimated with reference to the policy tag estimation DB 452, or security information that is the same as or similar to characteristic information of the security information is estimated with reference to the security information DB 453.

  The presentation unit 48 can provide various types of information that can be provided from the policy tag information correspondence table 451, the policy tag estimation DB 452, the security information estimation DB 453, and the document management device 4 in accordance with user's requested operations of the client PC 1, the multifunction device 2, and the document management device 4. Information is output to the request source or output to an output device (for example, a display) (not shown) of the document management device 4.

  When the document management apparatus 4 configured as described above is assigned a policy tag or a policy is set to a document in each apparatus such as the client PC 1 or the multifunction machine 2, a policy is set for the document to which the policy tag is assigned. 4 and 7 will be described with reference to FIG. 4 to FIG. 7 in which a policy tag is assigned to a document in which a policy is set, and control is performed so that the policy tag of the same document matches each security information of the policy.

  FIG. 4 is a flowchart showing a document management operation flow according to the present invention when a policy tag is attached to a document or a policy is set.

  As shown in FIG. 4, the document management device 4 synchronizes with the operations of the devices such as the client PC 1, the multifunction peripheral 2, and the document policy server 3 connected to the network 5 constituting the document management system 100. The apparatus detects whether there has been a policy tag assigning operation or policy setting operation to the access document, or a policy tag attached to the access document or a detection operation of the set policy (step S401).

  Specifically, the policy synchronization unit 44 of the document management device 4 monitors the operation of each device such as the client PC 1, the multifunction device 2, and the document policy server 3, and for example, assigns a policy tag to an access document or sets a policy. Alternatively, it is detected by detecting whether each device has performed an operation such as detection of a policy tag attached to an access document or detection of a policy set in an access document.

  In step S401, when an operation for adding a policy tag to the access document is detected (YES in step S402), the policy tag is acquired (step S403).

  Specifically, for example, when the user assigns a policy tag to an electronic document (access document) created by the document processing software on the client PC 1, a detection screen for the client PC 1 (not shown) is detected. Since “add policy tag” is selected on the menu screen displayed above, the policy control function (PC) of the client PC 1 requests the document management apparatus 4 to acquire policy tag list information. Based on the tag acquisition request, the document management apparatus 4 detects that there has been a policy tag assignment operation in the client PC 1.

  The policy tag assignment operation for the access document is specifically performed by the policy tag acquisition unit 40 of the document management apparatus 4 in cooperation with the policy control function (PC) of the client PC 1 from the policy control function (PC). In response to the policy tag acquisition request, the policy tag information correspondence table 451 stored and managed by the storage unit 45 and all of the security information associated with the policy tag are sent back to the client PC 1, and the policy control function (PC) acquires the policy tag and security information returned from the document management apparatus 4, displays the information on the list screen, and the user selects the policy tag to be assigned to the access document from the list screen. Then, the selected policy tag is given to the access document.

  Further, the policy tag acquisition operation given to the access document is specifically selected by the policy tag acquisition unit 40 of the document management apparatus 4 on the list screen notified from the policy control function (PC) of the client PC 1. Receive and retrieve policy tags.

  The policy tag acquisition unit 40 cooperates with each device such as the multifunction device 2 and receives a policy tag notified from each device when there is a policy tag assigning operation to the access document in each device. And get.

  In addition, as described above, the policy tag assigned to the access document should be expressed and assigned by various methods such as images, vector graphics, information that can be set by the interface provided for various document processing functions, QR code, RFID, and the like. The policy tag acquisition unit 40 is configured to be able to acquire policy tags expressed in various expression methods, and each device such as the client PC 1 and the multifunction peripheral 2 is expressed in various expression methods. It is configured to be able to detect or add a policy tag.

  In step S403, when the policy tag assigned to the access document is acquired, the security information associated with the acquired policy tag is specified with reference to the policy tag information correspondence table 451 (step S404).

  Specifically, the policy synchronization unit 44 of the document management apparatus 4 specifies the security information corresponding to the policy tag acquired by the policy tag acquisition unit 40 with reference to the policy tag information correspondence table 451 stored in the storage unit 45. To do.

  As shown in FIG. 5, the policy tag information correspondence table 451 is configured so that the policy tag and the security information are associated with each other, and the security information corresponding to the policy tag or the policy tag corresponding to the security information can be specified. Has been.

  FIG. 5 is a diagram conceptually showing an example of a policy tag information correspondence table 451 in which policy tags expressed in images and their security information are associated with each other. In the case of image information expressed in secret, the image information 463 that matches the image information expressed in secret in the policy tag item 461 of the policy tag information correspondence table 451 is searched and corresponds to the searched image information 463. The attached security information 464 (security information item 462), that is, information indicating that the document is a confidential document prohibited from being handled by persons below the section manager of each department can be specified.

  The policy tag information correspondence table 451 configured as described above stores a policy tag corresponding to each policy tag expression method (image, vector graphic, QR code, RFID information, etc.) and its security information in association with each other. The security information corresponding to the policy tag or the policy tag corresponding to the security information can be specified.

  In addition, when a policy tag is not attached to a document and no policy is set, a policy tag defined by default for attaching to the document and security information corresponding to the policy tag are also provided. ing. The policy tag may be arbitrarily determined according to the implementation status of the document management system. For example, when this document management system is used only in a specific company, a policy tag expressed as “confidential” and security information corresponding to the policy tag may be set. Further, a minimum required policy tag and security information corresponding to the policy tag may be prepared and set. When the security information of the policy tag given to the access document is specified in step S404 (YES in step S405), the specified security information is set and registered in the document policy server 3 as the policy of the access document, and the present invention The document management operation related to the above is terminated (step S406).

  Specifically, the policy setting operation for the access document is performed by the policy setting unit 41 of the document management apparatus 4 in which the identification information of the access document and the security information specified from the policy tag attached to the access document are documented. The policy is sent to the policy server 3 to request registration of the policy, and the document policy server 3 sets the policy for the access document based on the identification information and security information of the access document.

  If security information corresponding to the policy tag assigned to the access document cannot be specified in step S404, that is, if the policy tag is not registered in the policy tag information correspondence table 451 (NO in step S405). The security information corresponding to the policy tag is estimated (step S407), the estimated security information is set and registered in the document policy server 3 as the policy of the access document, and the document management operation according to the present invention is terminated.

  The security information estimation operation corresponding to the policy tag in step S407 will be described later.

  If the policy setting operation for the access document is detected in step S401 described above (NO in step S402, YES in step S408), security information corresponding to the set policy is acquired (step S409).

  If the policy setting operation for the access document is not detected (NO in step S408), the policy tag set by default for the document is set (step S413), and the process returns to step S401.

  Specifically, for example, when the user sets a policy for an electronic document (access document) created by document processing software on the client PC 1, the policy setting operation is detected on a screen (not shown) of the client PC 1. Since “policy setting” is selected on the displayed menu screen, the policy control function (PC) of the client PC 1 requests the document management apparatus 4 to acquire security information list information. Based on the request, the document management apparatus 4 detects that there has been a policy setting operation in the client PC 1.

  In addition, the policy setting operation for the access document is specifically performed by the policy acquisition unit 42 of the document management apparatus 4 in cooperation with the policy control function (PC) of the client PC 1 and security from the policy control function (PC). In response to the information acquisition request, all the security information in the policy tag information correspondence table 451 stored and managed in the storage unit 45 is returned to the client PC 1, and the security information returned from the document management apparatus 4 by the policy control function (PC). The information is displayed on the list screen, and the user selects the security information to be set in the access document from the list screen, so that the selected security information, the identification information of the access document, and the access document Each information such as the storage destination is transmitted to the document policy server 3, and the information is stored in the document policy server. In the association with the stored and managed.

  In addition, the operation for acquiring the security information of the policy set for the access document, specifically, receives the identification information and security information of the access document for which the policy setting is notified from the document policy server 3, and receives this security information. Is acquired as security information of the policy set in the access document by the client PC 1.

  When security information corresponding to the policy set in the access document is acquired in step S409, a policy tag corresponding to the acquired security information is specified (step S410), and the specified policy tag is assigned to the access document. Then (YES in step S411, step S412), the document management operation according to the present invention is terminated.

  For example, the specific operation of the policy tag corresponding to the policy set in the access document is as follows. For example, when the user sets a policy in an electronic document (access document) created by the document processing software on the client PC 1, The policy synchronization unit 44 of the document management apparatus 4 specifies a policy tag corresponding to the security information of the policy set in the access document acquired by the policy acquisition unit 42 with reference to the policy tag information correspondence table 451.

  In addition, the operation of assigning the identified policy tag to the access document is, specifically, the policy tag assigning unit 43 of the document management apparatus 4 performs the policy setting operation for the policy tag identified by the policy synchronization unit 44. The policy control function (PC) of the client PC 1 sends a request to the device (for example, the client PC 1) to request the policy tag, and the policy control function (PC) of the client PC 1 sends the transmitted policy tag and a request for adding the policy tag to the access document to the client. The policy tag is displayed on a screen (not shown) on the PC 1 and the policy tag is assigned to the access document based on the user's assignment operation.

  As described above, the policy tag can be expressed by an image, a vector graphic, information that can be set by an interface provided for various document processing functions, and the like. The tag is configured to be attachable to the access document.

  If the policy tag corresponding to the security information of the policy set in the access document cannot be identified in step S410, that is, the security information of the policy set in the access document is not registered in the policy tag information correspondence table 451. In this case (NO in step S411), the policy tag corresponding to the security information is estimated (step S414), the estimated policy tag is assigned to the access document (step S412), and the document management according to the present invention is performed. End the operation.

  The policy tag estimation operation corresponding to the security information in step S414 will be described later.

  Next, the security information estimation operation (see FIG. 4) corresponding to the policy tag in step S407 described above will be described with reference to FIG.

  As shown in FIG. 6, when the policy tag assigned to the access document is not registered in the policy tag information correspondence table 451, the estimation unit 47 of the document management device 4 includes the policy tag assigned to the access document. Specific information is extracted, and a policy tag including information identical or similar to the extracted information is identified with reference to the policy tag estimation DB 452 (step S4071).

  In step S4071, when a policy tag including information that is the same as or similar to the characteristic information included in the policy tag assigned to the access document is specified, the policy tag information correspondence table 451 is referred to from the policy tag. The security information corresponding to the policy tag is specified, and it is determined whether or not the specified security information is appropriate as the policy of the access document (steps S4072 and S4073).

  In step S4073, it is determined whether or not the specified security information is appropriate as the policy of the access document. Specifically, the document policy server 3 is inquired of the document in which the specified security information policy is set. The characteristic information contained in the acquired document is compared with the characteristic information of the access document. If there is a similarity equal to or greater than the specified value, the identified security information is appropriate as the policy for the access document. If there is no similarity equal to or greater than a predetermined value, it is determined that the specified security information is not appropriate as the policy of the access document.

If it is determined in step S4073 that the security information specified in step S4072 is appropriate as a policy for the access document (YES in step S4074), the security information corresponding to the policy tag assigned to the access document is used. As information (step S4075), the registration unit 46 of the document management apparatus 4 registers the estimated security information in the policy tag information correspondence table 451 in association with the policy tag assigned to the access document (step S4076). The security information estimation operation corresponding to the tag ends.

  In step S4073, if it is not determined that the security information specified in step S4072 is appropriate as the policy of the access document (NO in step S4074), the estimation unit 47 includes text, images, and the like included in the access document. A document including information that is the same as or similar to the characteristic information is identified with reference to the document estimation DB 454 (step S4077), and the security information associated with the identified document is obtained by querying the document policy server 3. Thus, the acquired security information is estimated as the security information corresponding to the policy tag given to the access document (step S4078). The security information estimated in step S4078 is registered in the policy tag information correspondence table 451 in association with the policy tag assigned to the access document by the registration unit 46 of the document management apparatus 4 (step S4076). The corresponding security information estimation operation is terminated.

  Next, the policy tag estimation operation (see FIG. 4) corresponding to the security information in step S414 described above will be described with reference to FIG.

  As shown in FIG. 7, when the policy tag corresponding to the security information of the policy set in the access document is not registered in the policy tag information correspondence table 451, the estimation unit 47 of the document management apparatus 4 is set in the access document. The characteristic information included in the security information of the selected policy is extracted, and the security information including the same or similar information as the extracted information is specified (step S4141).

  In step S4141, when security information that is the same as or similar to the characteristic information included in the security information of the access document set as the policy is specified, the policy tag information correspondence table 451 is referred to based on the specified security information. The policy tag associated with the security information is identified (step S4142), and it is determined whether or not the identified policy tag is appropriate as the policy tag of the access document (step S4143).

  To determine whether or not the identified policy tag is appropriate as the policy tag of the access document in step S4143, specifically, refer to the policy tag information correspondence table 45 for security information corresponding to the identified policy tag. The document policy server 3 is inquired and acquired for the document set with the specified security information policy, and the characteristic information included in the acquired document is compared with the characteristic information of the access document. If the similarity is equal to or greater than a predetermined value, it is determined that the identified policy tag is appropriate as the policy tag of the access document. If there is no similarity greater than the predetermined value, the identified policy tag is determined to be the access document. It is determined that the policy tag is not appropriate.

  If it is determined in step S4143 that the policy tag specified in step S4142 is appropriate as the policy tag of the access document (YES in step S4144), the policy tag is estimated as the policy tag of the access document (step S4145). ), The registration unit 46 of the document management apparatus 4 registers the estimated policy tag in association with the security information set in the access document in the policy tag information correspondence table 451 (step S4146), and the policy tag corresponding to the security information is registered. The estimation operation is terminated.

  If it is determined in step S4143 that the policy tag specified in step S4142 is not appropriate as the policy tag of the access document (NO in step S4144), the estimation unit 47 includes a text or image included in the access document. A document including information that is the same as or similar to characteristic information such as information is identified with reference to the document estimation DB 454 (step S4147), and security information associated with the identified document is obtained by querying the document policy server 3. The policy tag associated with the acquired security information is identified with reference to the policy tag information correspondence table 451, and the identified policy tag is estimated as a policy tag corresponding to the policy set in the access document (step S4148). ). Further, the estimated policy tag is registered in the policy tag information correspondence table 451 in association with the security information of the policy set in the access document by the registration unit 46 of the document management apparatus 4 (step S4146). End the estimation operation of the corresponding policy tag.

  Next, when the document management apparatus 4 is assigned a policy tag to an access document accessed by each apparatus such as the client PC 1 or the multifunction machine 2 or when a policy is set, the policy tag is assigned. A description will be given with reference to FIG. 8 of an operation for setting a policy for an existing document and assigning a policy tag to a document for which a policy is set, and controlling so that the policy tag of the same document matches each security information of the policy. To do.

  FIG. 8 is a flowchart showing a document management operation flow according to the present invention when a policy tag is assigned to an access document or when a policy is set.

  As shown in FIG. 8, the document management device 4 synchronizes with the operations of the devices such as the client PC 1, the multifunction device 2, and the document policy server 3 connected to the network 5 constituting the document management system 100. The apparatus detects whether a policy tag is attached to the access document, a policy is set, or whether a policy tag attached to the access document or a set policy is detected (step S801).

  If a policy tag attached to the access document is detected in step S801 (YES in step S802), the policy tag is acquired (step S803).

  For example, when the multifunction device 2 scans a paper document to which a policy tag is attached, the multifunction device 2 uses the policy control function of the multifunction device 2 to detect the policy tag attached to the access document. Based on the control of the (MFP), the scanned image read from the paper document is analyzed to detect whether the scanned image includes a policy tag. If the policy tag is included, the policy tag is Since it is extracted from the scanned image, acquired, and transmitted to the document management device 4, the policy tag acquisition unit 40 of the document management device 4 based on the policy tag notification from the multifunction device 2 scans the paper document scanned by the multifunction device 2. Detect that a policy tag is attached to (access document).

  In addition, the policy tag attached to the access document is specifically acquired by the policy tag receiving unit 40 of the document management apparatus 4 receiving the policy tag transmitted from the policy control function (multifunction device) of the multifunction device 2. And get.

  When the policy tag attached to the access document is acquired in step S803, the security information associated with the acquired policy tag is specified with reference to the policy tag information correspondence table 451 (step S804), and the specified security is specified. Information is set and registered in the document policy server 3 as the policy of the access document, and the document management operation according to the present invention is terminated (step S806).

  If security information corresponding to the policy tag assigned to the access document cannot be specified in step S804 (NO in step S805), the security information corresponding to the policy tag is estimated (step S807). The set security information is set and registered in the document policy server 3 as the policy of the access document, and the document management operation according to the present invention is terminated.

  Note that the security information estimation operation corresponding to the policy tag in step S807 is the same as the security information estimation operation shown in FIG.

  If a policy set in the access document is detected in the above-described step S801 (NO in step S802, YES in step S808), security information corresponding to the set policy is acquired (step S809).

  If the policy setting operation for the access document is not detected (NO in step S808), the policy tag defined by default is set for the document (step S813), and the process returns to step S801.

  Specifically, the policy detection operation set for the access document and the security information acquisition operation associated with the policy are performed when, for example, a paper document (access document) with a policy set is scanned by the multifunction device 2 The MFP 2 analyzes the scanned image read from the paper document based on the control of the policy control function (MFP) of the MFP 2, detects the identification information of the paper document, and associates it with the detected identification information. The security information is obtained by inquiring the document policy server 3 and the document management apparatus 4 is notified that the obtained security information and the policy are set for the paper document. Based on this, the document management apparatus 4 detects that a policy has been set for the paper document scanned by the multifunction device 2, and the notified security information is detected. The acquired as security policy information that is set on the paper documents.

  If no policy is set for the scanned paper document, the document policy server 3 notifies the MFP 2 that no policy is set for the paper document.

  When security information corresponding to the policy set in the access document is acquired in step S809, a policy tag corresponding to the acquired security information is specified (step S810), and the specified policy tag is assigned to the access document. Then (YES in step S811, step S812), the document management operation according to the present invention is terminated.

  Specifically, the policy tag specifying operation corresponding to the policy set in the access document is, for example, when the multifunction device 2 scans a paper document (access document) in which the policy is set. The policy synchronization unit 44 specifies a policy tag corresponding to the security information of the policy set in the paper document (access document) acquired by the policy acquisition unit 42 with reference to the policy tag information correspondence table 451.

  Further, the specified policy tag assigning operation is, specifically, an apparatus (for example, a composite) in which the policy tag assigning unit 43 of the document management apparatus 4 performs the policy setting operation on the policy tag specified by the policy synchronizing unit 44. The policy control function (multifunction device) of the multifunction device 2 sends the transmitted policy tag and the policy tag assignment request to the multifunction device 2. The policy tag is assigned to the scan image based on the user's assignment operation.

  If the policy tag corresponding to the security information of the policy set in the access document cannot be specified in step S810, that is, the security information of the policy set in the access document is not registered in the policy tag information correspondence table 451. In this case (NO in step S811), the policy tag corresponding to the security information is estimated (step S814), the estimated policy tag is assigned to the access document (step S812), and the document management according to the present invention is performed. End the operation.

  The policy tag estimation operation corresponding to the security information in step S814 is the same as the policy tag estimation operation shown in FIG.

  In the above description, the estimation of security information corresponding to the policy tag and the estimation operation of the policy tag corresponding to the security information are performed based on the policy tag, security information, and characteristic information included in the access document. Although an example in which estimation is performed by referring to each of the estimation DB 453 and the document estimation DB 454 has been shown, the correspondence relationship between the policy tag and its security information is constructed by a Bayesian network in addition to the document management system 100, and the policy tag is supported. Security information or policy tag corresponding to the security information is estimated, the security tag corresponding to the policy tag or the policy tag corresponding to the security information is obtained by connecting to the Bayesian network and inquiring. It may be Do configuration.

  In this case, the policy tag estimation DB 452, the security information estimation DB 453, and the document estimation DB 454 are not required, and the query is performed by querying the Bayesian network for the security information corresponding to the policy tag and the policy tag corresponding to the security information. Policy tag and security information can be acquired.

  In the present embodiment, the policy set in the document is managed by the document policy server 3, and the policy tag assigned to the document by each device such as the client PC 1 or the MFP 2 and the policy set in the document In the above example, the document management apparatus 4 performs control for matching the security information items. However, these operations may be performed by one document management apparatus.

  In this case, each device such as the client PC 1 or the multifunction device 2 is a document management device, and also performs control to match policy management and policy information assigned to the document with security information set in the document. The configuration is as follows.

  In the present invention, the program is executed from a recording medium (CD-ROM, DVD-ROM, etc.) storing a program for executing the above-described operation in a document operation system having a communication function or configuring the above-described means. Can be configured to execute the above-described processing by installing the program in a computer and executing the program.

The medium for supplying the program may be a communication medium (a medium for temporarily or fluidly holding the program such as a communication line or a communication system). For example, the program may be posted on an electronic bulletin board (BBS: Bulletin Board Service) of a communication network and distributed through a communication line.

  The present invention can be applied to a document management technique corresponding to various usage forms for protecting a document.

1 is a block diagram showing the main configuration of a document management system 100 according to the present invention. Diagram showing an example of a policy tag 1 is a block diagram showing a functional configuration of a document management apparatus 4 according to the present invention. A flow chart showing a flow of document management operation according to the present invention when a policy tag is attached to a document or a policy is set. The figure which shows an example of the policy tag information correspondence table 451 Flow chart showing control operation of security information estimation Flow chart showing policy tag estimation control action Flow chart showing the flow of document management operation according to the present invention when a policy tag is assigned to an access document or a policy is set

Explanation of symbols

1 Client PC
2 MFP 3 Document Policy Server 4 Document Management Device 5 Network 40 Policy Tag Acquisition Unit 41 Policy Setting Unit 42 Policy Acquisition Unit 43 Policy Tag Assignment Unit 44 Policy Synchronization Unit 45 Storage Unit 46 Registration Unit 47 Estimation Unit 48 Presentation Unit 100 Document Management System 451 Policy tag information correspondence table 452 Policy tag estimation DB
453 Security information estimation DB
454 Document estimation DB
461 Policy tag item 462 Security information item 463 Image information 464 Security information

Claims (6)

Labeling information addition determining means for determining whether or not the document is provided with labeling information that defines the operation restriction of the document;
When it is determined that the labeling information is added by the labeling information addition determining unit, an extracting unit that extracts the labeling information;
A document management apparatus comprising: setting means for setting operation restriction information corresponding to the operation restriction defined by the labeling information extracted by the extraction means corresponding to the document. Operation restriction information setting determination means for determining whether or not operation restriction information that defines operation restrictions on the document is set in the document when the label information addition determination means determines that the label information is not provided. When,
When the operation restriction information is not set in the document, a label information setting unit that sets predetermined predetermined label information in the document;
The document management apparatus according to claim 1. Operation restriction information setting determining means for determining whether operation restriction information that defines operation restrictions for the document is set corresponding to the document;
If it is determined by the operation restriction information setting determination means that the operation restriction information is set, a specifying means for specifying labeling information corresponding to the operation restriction information;
A document management apparatus comprising: an adding unit that adds the labeling information specified by the specifying unit to the document. A storage unit that associates and stores labeling information that is assigned to a document and defines operation restrictions on the document, and operation restriction information that is set in association with the document and defines operation restrictions on the document;
First discriminating means for discriminating whether or not the marking information is given to the document;
Second determining means for determining whether or not the operation restriction information is set corresponding to a document;
When it is determined by the first determining means that the labeling information is given to the document, and the operation restriction information is not stored in the storage means corresponding to the labeling information, the labeling information is Operation restriction information corresponding to the prescribed operation restriction is stored in the storage unit in correspondence with the labeling information, and it is determined by the first determination unit that the labeling information is not given to the document, and the first When it is determined by the determining means of 2 that the operation restriction information is set corresponding to the document, the labeling information corresponding to the operation restriction information is stored in the storage means corresponding to the operation restriction information. And a storage control means for controlling the document management. A document management apparatus that manages operation restriction information that defines operation restrictions of the document corresponding to the document;
A document operation device for operating a document whose operation is restricted by the operation restriction information managed by the document management device,
The document management apparatus includes:
Storage means for storing labeling information assigned to a document and defining operation restrictions on the document and the operation restriction information in association with each other;
The document operation device includes:
First discriminating means for discriminating whether or not the marking information is given to the document;
Second determining means for determining whether or not the operation restriction information is set corresponding to a document;
When it is determined by the first determining means that the labeling information is given to the document, and the operation restriction information is not stored in the storage means corresponding to the labeling information, the labeling information is Operation restriction information corresponding to the prescribed operation restriction is stored in the storage unit in correspondence with the labeling information, and it is determined by the first determination unit that the labeling information is not given to the document, and the first When it is determined by the determining means of 2 that the operation restriction information is set corresponding to the document, the labeling information corresponding to the operation restriction information is stored in the storage means corresponding to the operation restriction information. And a storage control means for controlling the document management system. Computer
Labeling information addition determining means for determining whether or not the document is provided with labeling information that defines the operation restriction of the document;
If it is determined by the display information addition determination means that the labeling information is provided, an extraction means for extracting the labeling information;
A document management program that functions as a setting unit that sets operation restriction information corresponding to the operation restriction defined by the labeling information extracted by the extraction unit, corresponding to the document.

Images