1. Technical Field
The present invention relates to a technique for generating an electronic document, and more particularly to a technology for ensuring security of a generated electronic document.
2. Related Art
Meanwhile, a technique of electronic document management using a security policy in which operation rights (read, write, copy, print, or other rights) of users are written has been known. FIG. 14 is a diagram explaining an outline of the technique, and depicts a state of processing performed among an electronic document author 200 generating an electronic document, a policy management server 202 managing security policy, an electronic document user 204 using the generated electronic document, and a user authentication server 206 implementing user authentication.
The electronic document author 200 generates a new electronic document 208 (S500). As a security policy to be assigned to the electronic document 208, the electronic document author 200 selects one of security policies registered in the policy management server 202 or creates a new security policy. Then, the electronic document author 200 associates the selected or created security policy with the electronic document 208 and registers the security policy in the policy management server 202 (S502). The electronic document 208 associated with the security policy is referred to as an electronic document 210 and is distributed to the electronic document user 204 by a method such as transmission via e-mail or downloading (S504). Because the electronic document 210 to be distributed to the electronic document user 204 is associated with the security policy registered in the policy management server 202, the electronic document 210 is in a state locked by a “key” for access control. When the electronic document user 204 attempts to access the distributed electronic document 210, user authentication is performed in the user authentication server 206 (S506), and operation rights of the electronic document user 204 are checked through an inquiry to the policy management server 202 (S508). Thus, the electronic document user 204 can use the electronic document 210 only when the electronic document user 204 has a predetermined right.
In the above-described technique, the electronic document and the security policy are individually managed, thereby enabling the manager to modify the security policy after distribution of the electronic document. In other words, the manager can control when, by whom, and how processing is performed on which electronic document.