1. Field of the Invention
The present invention relates to an information processor having a function to transmit and receive data such as document/image data via a network.
2. Description of the Related Art
Electronic document data may consist of document/image data and attribute data (for example, print attributes). For example, print job data transmitted from a host computer or the like to a printer and digital multi-function apparatus includes document/image data and print attributes and printer operations are controlled by data of the print attributes.
Moreover, the electronic document data may be stored in devices in a network or transferred between devices. If image data input from an image input device such as a scanner is stored in a secondary memory device inside an image output device, such as a printing device in file format, a user can pick out images at a desired time to repeatedly print out images. A function to store image data in a secondary memory device of an image output device in file format for the purpose of reusing the image data in this manner is called a box function, and a file system to store image data is called a box. Content of a file in the box is bit map data read by a scanner and PDL data received from a host computer via a network. Such methods of storing data in devices in a network and handling of electronic documents transferred between devices are also controlled by attribute data.
Incidentally, limitations on handling of electronic document data are increasing from the viewpoint of ensuring security such as preventing leakage of information and functions to enhance security are also considered. Functions to enhance security include, for example, an upper limit setting of the number of permitted print copies, numbering of print copies for security control, and pattern printing (printing of a copy forgery inhibited pattern image). An upper limit setting of the number of print copies is to permit printing of only the minimum necessary number of copies by limiting the number of copies that may be printed. Numbering of print copies for security control is to attach numbers that do not mutually overlap to a plurality of printout copies. Accordingly, if a leakage of information occurs, the pathway of leakage can be identified by checking the number. In addition to numbers, information about history from generation to printing out of electronic document data may be attached. Pattern printing (i.e. printing of a copy forgery inhibited pattern image) is to perform overlay printing of a latent image pattern that is visually difficult to identify on printed matter by combining dots that are different in density and diameter. When printed matter having such a pattern is copied, an embedded latent image pattern is exposed to indicate a copy so that optical copies of the printed matter can be prevented.
In print jobs, usable functions may be limited for each user to save printing costs. Such limitations include, for example, permitting color printing only by specific users, forcing users other than certain permitted users to perform double-sided printing, and forcing users other than certain permitted users to use a reduced layout (N-in-1).
Such handling of electronic document data is also controlled by print attributes.
On the other hand, print attributes contained in normal electronic document data are described in plain text (data that is not encrypted) and thus, there is a possibility that a malicious third party can falsify print attributes.
There is a method by which a host computer, when transmitting print job data to an image output device such as a printer and digital multi-function apparatus, encrypts the print job data and transmits it to the image output device (Japanese Patent Laid-Open No. H09-134264/1997). This method is called a network secure print. In a network secure print, the host computer encrypts all print job data and thus, in addition to document/image data, print attributes are also encrypted. Print attributes include information about job control (e.g., whether or not a job is needed) and thus, an image output device cannot determine whether or not a job is needed before all received print job data is decrypted. Therefore, it is desirable that print attributes do not require decryption or can be decrypted by simple processing.
Similarly, if print attributes including information about the range in which data can be transferred, transfer history, and creator of an electronic document is in plain text when the electronic document data is transferred between devices, there is a possibility of the print attributes being falsified. However, it is efficient to perform transfer control of electronic documents based on print attributes only and thus, print attributes are preferably in plain text.
According to Japanese Patent Laid-Open No. 2006-86777, on the other hand, whether or not header information has been falsified can be determined by storing digital signature information in the header information (attribute data).
Japanese Patent Laid-Open No. 2006-86777 discloses a method of attaching an electronic signature to separated print attributes (plain text). While this method can prevent falsification of print attributes, new processing (electronic signature confirmation processing) to check that print attributes have not been falsified is needed. In addition, providing a control/authentication mechanism such as a policy server (registered trademark) in a network entails costs for installation/operation.
Japanese Patent Laid-Open No. 2006-109428, on the other hand, discloses a method of generating parameters for encryption based on metadata. This method uses metadata to generate a key stream for encryption of stream data. In this method, a common key encryption scheme is used in a generation process of a key stream. The value of security is lost in the common key encryption scheme when a malicious third party knows a common key and thus, sufficient care must be taken to control the common key in a process of distributing the common key.