1. Field of the Invention
The present invention relates to an image forming apparatus, method and a medium storing program, which convert and process document data.
2. Description of the Related Art
In recent years, image forming apparatuses such as an MFP and a printer keep growing more sophisticated. This provides a way for performing, via a network such as a LAN, PDL printing or transmission/reception of data containing images and texts stored in an image forming apparatus. It consequently becomes possible to exchange a document or an image represented by PDL data between image forming apparatuses by data transmission without any intervening PC or workstation.
FIG. 1 shows the configuration of a plurality of apparatuses connected to a network, including such an image forming apparatus. Personal computers (PCs) 101-0-0 and 101-0-1 can execute display, generation, editing, transfer, and print instruction of document data in accordance with user operations. An image forming apparatus 104-0 can digitize document data or visualize it on a paper medium, and also transmit/receive an image or document data via a network 102-0. These processes can be implemented based on instructions input from the information processing apparatuses 101-0-0 and 101-0-1 via the network 102-0 as well as in accordance with user operations on the image forming apparatus. That is, the image forming apparatus connected to the network such as a LAN can more easily execute more advanced processes.
Such a system capable of easily printing, copying, and transferring documents must have a way to define authority for these processes and place restrictions on various processes including printing, copy, and transfer for the sake of preventing information leakage and exercising strict internal control.
FIG. 2 is a view showing an example of a system arrangement for implementing restrictions on document processing. An authentication apparatus 107-0 is connected to the network 102-0, like the information processing apparatuses 101-0-0 and 101-0-1 and the image forming apparatus 104-0. The authentication apparatus 107-0 can respond to an authentication process request from the information processing apparatuses 101-0-0 and 101-0-1 and the image forming apparatus 104-0 via the LAN.
An arrangement and process sequence for implementing PDL data printing via an authentication process will be described below.
FIG. 3 is a block diagram showing the arrangement of the authentication apparatus 107-0 and the image forming apparatus 104-0 connected via the network 102-0. The image forming apparatus 104-0 includes a network IF 10401. The network IF 10401 implements communication with the network 102-0. A user system 10402 controls the network IF 10401, an IO controller 10403, a UI controller 10406, an engine controller 10408, a PDL interpreter 10410, and a RIP 10409. This arrangement implements, for example, visualization on a medium represented by paper. The IO controller 10403 can control an HDD 10404 and store information represented by PDL data. The UI controller 10406 controls a UI panel 10405 to receive an instruction or information associated with authentication from the user and transmit it to the user system 10402. The UI controller 10406 can also control the UI panel 10405 to display and present, to the user, information such as progress of a print process or an error. The engine controller 10408 controls a printer engine 10407 to form a visible image on a visible medium represented by paper.
FIG. 4 is a flowchart illustrating the procedure of an authentication process. In step S1001, the PDL interpreter 10410 receives a process start instruction for target PDL data from the user system 10402. In step S1002, the PDL interpreter 10410 checks, based on the instruction from the user system 10402, whether the target PDL data needs authentication. Whether the PDL data requires authentication can be determined based on a flag in it.
Upon determining in step S1002 that authentication is necessary, the PDL interpreter 10410 reads user authentication information in step S1003. The user authentication information is obtained based on user input from the UI panel 10405 controlled by the UI controller 10406. This information includes, for example, an ID and password. In step S1004, the PDL interpreter 10410 requests the authentication apparatus 107-0 to execute an authentication process based on the information represented by an ID and password. The authentication process request is implemented by transmitting, to the authentication apparatus 107-0 via the network 102-0, data transmitted/received by the network IF 10401 controlled by the user system 10402.
The authentication apparatus 107-0 receives the authentication process request and determines, based on the information represented by an ID and password, whether the target PDL data can undergo a process. This process corresponds to a print process if the image forming apparatus is going to form a visible image. Processes for which the authentication apparatus 107-0 can perform authentication determination include display, editing, and transfer in addition to the print process. In correspondence with one or more IDs, the authentication apparatus 107-0 holds information representing whether the above-described processes are possible. In step s1005, the PDL interpreter 10410 executes an interpretation process of a target PDL.
FIG. 5 is a view showing the relationship between PDL data and information used for authentication determination. As shown in FIG. 5, PDL data 20001 held in the image forming apparatus is associated with an authentication information DB 20002 provided in the authentication apparatus 107-0. The authentication information DB 20002 has an authentication information table 20003 associated with each PDL data 20001. The authentication information table shows pieces of authority information the users associated with the IDs have for the respective processes. Communicating with the authentication apparatus 107-0 to refer to the authority information enables to derive, for each PDL data, which user is allowed to perform which process.
Besides this technique, Japanese Patent Laid-Open No. 2000-357064 describes a technique of managing information of operations permitted for each user, and giving authority to permit or prohibit an operation to be performed by each user on a device based on the management information. A URI to be described later is described in Uniform Resource Identifiers, RFC3986. PDL data is described in “PDF Reference, Sixth Edition, version 1.7”, available at the URL www.adobe.com/devnet/pdf/pdf_reference.html or “Postscript® Language Reference third edition”, available at the URL www.adobe.com/products/postscript/resources.html#white.
Document data such as PDL data can impose restrictions on processes such as distribution and printing. However, this restriction function depends on the structure of PDL data. Once PDL data is converted into intermediate data or the like, the processes cannot be restricted any more. Hence, when exchanging intermediate data between image forming apparatuses, no restrictions can be placed on the above-described processes, and the security level decreases.