1. Field of the Invention
The present invention relates to a printing system. More particularly, the invention relates to a technique for enhancing security by application of a security policy.
2. Description of the Related Art
The spread of personal computers and an increase in speed thereof in recent years have been accompanied by the acceleration of digitization of information in office operations. Under these circumstances, the management of electronic documents such as confidential documents is becoming increasingly important. A printing system of growing popularity as a system for implementing the management of electronic documents is one that applies a prescribed security policy to electronic documents flooding offices, thereby controlling access and functions and enhancing security.
An example of such a printing system is one in which a computer application sets policy information on a user-by-user basis. The application registers, edits and creates a security policy per document in response to an indication from the user. The set policy information includes information as to whether a document is permitted to be referred to, edited or printed, as well as the term of validity of this information. The policy information is stored in a server (a policy server) that manages policy, and it is possible to refer to the policy information by logging in to the server. That is, an application running on a personal computer logs in to the policy server, acquires the policy information and operates in accordance with the policy information. For example, a user for which the setting does not permit reference cannot refer to the relevant document, an a user for which the setting does not permit printing cannot print the document.
The specification of Japanese Patent Application Laid-Open No. 2002-63008 proposes a system in which whether utilization of a printing apparatus is restricted is determined upon connecting a terminal device to a server that stores a list of users for which access is restricted.
Further, the specification of Japanese Patent Application Laid-Open No. 2004-289302 proposes a printing system in which whether utilization is restricted is determined upon accessing a user database that contains access privilege per user of various functions possessed by an MFP (multifunction peripheral).
These conventional techniques, however, involve the following problems: For example, in a system in which a specific host application performs a policy check, there is the danger that a route that does not have the host application as an intermediary will arise. Examples are a case where application data is transmitted directly to a printing apparatus by ftp, and a case where a removable medium such as a USB memory is connected to a printing apparatus and the application data on the medium is printed (this represents direct printing from a medium).
Furthermore, with the foregoing systems, there is the danger that printing that reflects the latest policy information cannot be performed. With the foregoing systems, policy information is verified by the host application. If printing is possible, the print data is transmitted to the printing apparatus. There is the danger that after the print data has been transmitted, the policy will change during the time that the data is stored within the printing apparatus as a saved job awaiting printing. Further, there is the danger that the policy will change while printing is being suspended owing to paper jam of the transmitted document or because of an out-of-paper error. In such cases, the foregoing printing systems are such that when a saved or suspended job is resumed, printing that does not reflect the latest policy is executed as is.
Further, in the printing systems described in Japanese Patent Application Laid-Open Nos. 2002-63008 and 2004-289302 in which a device such as a printer or MFP applies the policy, the only restriction is utilization of the device and functions on a per-user basis, and it is difficult to restrict scope of utilization on a per-document basis. From the standpoint of security, it is more preferred that restriction of utilization on a per-document basis be adopted in an actual office.