The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, the approaches described in this section may not be prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
The proliferation of communications networks, and in particular the Internet, has raised growing concerns about the security of information transmitted over networks. Numerous protection schemes have been implemented to secure electronic documents transmitted over the Internet, ranging from simple passwords to strong encryption. Some printing devices are configured with a feature known as “locked printing” to provide control over the printing of electronic documents. When a printing device is configured with a locked printing feature and print data is sent to the printing device, a printed version of an electronic document reflected in the print data is not generated until a password is verified at the printing device. Typically a user enters a password through an operation panel on the printing device. The printing device verifies the password and if the password is successfully verified, allows the user to access and print stored print data.
In addition to locked printing, some electronic documents are also password protected. For example, when a user creates an electronic document using an application program, the user may protect the electronic document using a password. The print data is encrypted based upon the password and transmitted to the printing device. After accessing locked print jobs and selecting particular print data, the user is queried for the password associated with the particular print data. If the user enters the correct password, the print data is processed and the electronic document contained in the print data is printed.
Policy-based solutions have also been developed that allow business organizations to control access to electronic documents. An electronic document for which the access thereto is controlled using a policy is referred to hereinafter as “policy-enabled document.” A policy defines the conditions under which a user is granted access to an electronic document. For example, a policy might specify that particular users are allowed access to the electronic document. Alternatively, the policy might specify that all users on a particular project, or all users at a specified level or higher within a business organization, may access the electronic document.
When a user attempts to open the electronic document through an application, the application prompts the user for user credentials, typically in the form of a user ID and password. The user credentials are authenticated to verify the user. Then, the credentials are provided to a policy server along with data that identifies the electronic document that the user is attempting to access. The policy server retrieves a policy associated with the electronic document and then determines, based upon the policy, whether the user should be allowed to access the electronic document. The policy server returns data to the application that indicates whether the user is allowed to access the electronic document. The application selectively allows the user access to the electronic document based upon the data provided by the policy server.
One of the main benefits of the policy-based approach is that the access rights for any number of electronic documents may be changed by changing single policy, without having to change each of the electronic documents. For example, a business organization may change a single policy for a product that may affect access to a hundreds or even thousands of electronic documents.
One of the issues with password protecting documents is that printing devices must be capable of processing the protected print data into a form so that the electronic document can be printed. For example, the printing device may decrypt encrypted print data to recover original print data that can be processed. The processing required to successfully process a protected document varies depending upon the application that was used to protect the electronic document. For example, a word processing application may use one type of encryption while a spreadsheet application may use a different type of encryption. The printing device must be capable of using both types of decryption. Furthermore, the type or version of encryption used by an application program may change over time. Thus, in some situations a printing device must support multiple types of encryption and multiple versions of each type of encryption.