1. Field of the Invention
The present invention relates to a technique for controlling authorities to operate a document.
2. Description of the Related Art
With the increase in consciousness on information security in recent years, there has been in companies a demand for measures for minimizing the risk of information leakage from the viewpoint of the personal information protection law and the protection of intellectual properties. To meet this demand, there has been provided a system capable of minimizing the risk of information leakage by setting access authorities and operating authorities for specific users to each document (electronic document) as a security policy (hereinafter simply referred to as policy).
For example, an access control management server has been put on the market. Various types of access control (whether viewing, editing, and printing are possible or not) for each individual user can be set to a file (document) via the access control management server. Further, access control is possible for a distribution file when a file author specifies detailed control levels for each individual user.
As an exemplary access control management server, Adobe has announced Live CyclePolicy Server which enables access control for portable document format (PDF) documents. Access authorities for policies registered in the access control management server can be set for each user or group, on a time slot basis, and on a network or domain basis. Settable operating authorities include the viewing, printing, and editing authorities (whether viewing, printing, and editing are possible or not).
Even after distributing a document, authorities can be easily deprived of or modified via the access control management server. The policy registered in the access control management server is registered by an administrator. Commonly, the user acquires a list of user-settable policies and uses the policies.
The configuration of the access control management server handling PDF documents will be described below. A PDF document can be encrypted, and the user registers file information in the access control management server at the time of encryption. Then, when the user opens the PDF document from a client, the user acquires a decryption key from the access control management server and decrypts the PDF document.
When this method is used, the author of the PDF document can change the file access authority by changing the information on the access control management server even after a file has been distributed.
To view a PDF document, the user commonly opens the file by using a specific application such as Adobe Reader or Acrobat® from Adobe Systems. Although description will be made based on Adobe Reader, an application for viewing the PDF document is not limited thereto but may be Acrobat® or other applications that can handle PDF documents.
For example, when a user views a file encrypted by using the access control management server, Adobe Reader accesses a relevant access control management server. Then, when the user has the file viewing authority for the file, Adobe Reader acquires a decryption key and decrypts the file to open it. Then, the user can view the file.
This configuration also applies to the printing authority and editing authority. Further, operations (viewing, printing, and editing) and users who have performed each operation can be recorded in the access control management server. Hereinafter, a PDF document encrypted by the access control management server is referred to as policy PDF document.
To meet the present demand, it is necessary to handle a PDF document in the off-line environment (for example, when the user cannot access the access control management server because of fire wall or when the user wants to use the PDF document on a location where the user cannot make network connection) while protecting security. In such an off-line environment, since Adobe Reader cannot access the access control management server, the user cannot acquire a result of access authority determination and a decryption key, and therefore cannot basically use the document.
However, to achieve access control following a policy even in the off-line environment, the access control management server may be provided with a function to convert a policy PDF document under management into a PDF document usable in the off-line environment only in a specified effective period. The public format (PDF) is disclosed on the Internet (for example, Portable Document Format Reference Manual Version 1.2).
When making a document with policy usable in the off-line environment, there is a case where a document with policy is converted into a document incorporating a mechanism for opening only in an effective period and password-based limitation is provided to maintain security at a certain level. In the case of a PDF document, for example, it is necessary to give a certain access limitation to the document since only one password can be given to each PDF document because of PDF specifications. For example, one method for giving an access limitation to the PDF document is to give the same limitation as the strictest one among permitted limitations given to the policy PDF document.
Hereinafter, a PDF document given an access limitation in this way is referred to as commonized PDF document. For example, another method for giving an access limitation to the PDF document is to give an access limitation corresponding to the user access authority used in the off-line environment. Hereinafter, a PDF document given an access limitation in this way is referred to as password PDF document.
However, there may be a situation that the user cannot even view a commonized PDF document that is given a strict limitation. With the commonized PDF document, the user cannot give an access limitation according to a policy given to each user. With the password PDF document, since it is necessary to generate a password for each user access authority, the number of PDF documents increases in the off-line environment, making management difficult.