1. Field of the Invention
The present invention relates to a printing system and the like capable of preventing, information leakage and, more particularly, to a printing system and the like which prevent information leakage by accumulating contents printed by an image forming apparatus as a log so as to enable tracking the print log.
2. Description of the Related Art
As a conventional measure against leakage of information saved in computers, there is widely used a method of setting an access right to confidential information or a storage server which stores it, and limiting users who can access the confidential information. However, most of the recent information leakage cases are intentional inside jobs by persons permitted to access confidential information.
Information to be protected from leakage includes not only an enormous amount of information typified by customer information of an enterprise, but also information which is small in amount but important in content. Such a small amount of information can be easily brought out as a printed material. For example, a person with an access right to given information may bring it out by printing.
To prevent this, demands have arisen for a measure against leakage of data saved in computers in the form of a printed material. For this purpose, many measures have been proposed as follows.
(1) Print permission information is set for a document to be printed or print data, and referred to in printing (see, e.g., patent reference 1).
(2) A user is authenticated to use a device connected to a network (see, e.g., patent reference 2).
(3) A print server saves print data in a reprintable state, and also saves information such as a job name, client name, and user name together with a time stamp. Further, bitmap data is generated from print data, and saved as a print log (see, e.g., patent reference 3).
(4) The printer side acquires a print log and stores it in a server (see, e.g., patent reference 4).
(5) Simultaneously when receiving print data from a client, a print server also receives information capable of uniquely specifying a user, generates a print log on the basis of the print data and user information, and enables searching, browsing, and reprinting the print data (see, e.g., patent reference 5).    [Patent Reference 1] Japanese Patent Application Laid-Open No. 2004-252784    [Patent Reference 2] Japanese Patent Application Laid-Open No. 2003-288327    [Patent Reference 3] Japanese Patent Application Laid-Open No. 2002-149371    [Patent Reference 4] Japanese Patent Application Laid-Open No. 2003-330677    [Patent Reference 5] Japanese Patent Application Laid-Open No. 2004-118243
However, the conventional method (patent reference 1) of embedding print permission information and the conventional method (patent reference 2) of authenticating a user require a special application and a network device such as a special printer. These methods are applied to limited applications. For example, information leakage can be prevented by introducing a special printing application and a network device such as a special printer into an office where users treat highly confidential information such as personal information in daily work. However, these methods can prevent information leakage in the use of a special application and special printer. That is, these methods narrow an environment where the information leakage prevention measure is applicable.
To the contrary, the methods of patent references 3 to 5 are free from these limitations. These methods do not pose any trouble in the operation in a general office. By limiting these methods to printing via a print server, print content information can be collected, accumulated, and tracked.
However, according to the methods of patent references 3 to 5, prevention of information leakage targets only printing via the print server. In other words, these methods are incompatible with transmission of print data from a client PC directly to a printing device such as a printer. For example, these methods do not cope with local port connection between a client and a printer, and connection by a network protocol. The print server must collect and generate print content information in addition to a normal printing process. When a plurality of client PCs nearly simultaneously request the same printer to print, the printing performance is expected to decrease. These methods require installation of the print server, and the installation space must be physically ensured.
In addition to these problems, the information leakage preventing system must consider leakage prevention effects corresponding to the property of treated information and the date and time of an output operation. For example, considering daily printing in an office, an action to print a large amount of confidential information stands out during the daytime on business days, and a user would refrain from it. That is, the time period of the daytime on business days prevents information leakage to some extent. In contrast, during the weekend or time period from the night to morning on business days, few people witness an action to print a large amount of confidential information. The information leakage prevention force depending on the time period weakens.
The following problems arise if information contents to be collected to prevent information leakage and the inspection level of collected information are kept unchanged during all the time periods regardless of the above-mentioned facts. More specifically, information contents to be collected and the inspection level must be adjusted in accordance with a time period during which the information leakage prevention force is weak (i.e., leakage is highly likely to occur); otherwise, generated information leakage may be missed. Even during a time period during which the information leakage prevention force is high, superfluous information is collected and inspected. These processes decrease the value of collected log information and the verification efficiency of the inspection result. This results in the necessity for a large-capacity storage medium, a long inspection time, and high management cost.
Companies, government offices, organizations, and the like, which treat information to be open to the public (e.g., information on the settlement of accounts of companies, information on new products and services, patent information, and information on takeover bids), must strictly manage these pieces of information before opening to the public. After opening to the public, the confidentiality of these pieces of information is lost, and they need not be managed as confidential information. For open information, it is enough to collect normal-level log information and inspect the log. Hence, it raises the management cost, similar to the above-described case, to collect log information of open information at the same level as that for confidential one and inspect the collected log information regardless of whether information is open to the public.