JP4509091B2 - Image processing system and print job output method - Google Patents

Description

  The present invention relates to a technique for registering a print job transmitted from a data processing apparatus in a storage device of the image processing apparatus, and a technique for outputting a print job registered in the image processing apparatus.

  2. Description of the Related Art Conventionally, a security policy (hereinafter simply referred to as a policy) indicating the authority to access and operate data is applied to electronic data stored in a data processing apparatus such as a PC. A user other than those who are registered in the server device that manages such a policy cannot set access authority so that the electronic data cannot be accessed or cannot perform printing (for example, Patent Document 1). Thereby, the access permission of the electronic data registered in the image processing apparatus can be restricted to an appropriate user.

  Also, in the technology related to electronic data printing, print job data generated based on electronic data by a data processing apparatus is transmitted to the image processing apparatus and stored in a storage device of the image processing apparatus. A function for realizing such an operation is called box printing. By using the box print function, it is possible to repeatedly print the print job data stored in the storage device of the image processing apparatus.

  There is also a function called secure printing. In the secure print, the following operation is performed. First, the image processing apparatus receives print job data with a password generated by the printer driver of the data processing apparatus and temporarily stores it in the storage device. When the correct password is input from the operation unit, the image processing apparatus prints out the print job data stored in the storage device.

As described above, when box printing or secure printing is performed, print job data generated based on electronic data is stored in the storage device of the image processing apparatus.
JP 2005-38371 A

  However, when box printing is performed on the electronic data to which the policy is applied or secure printing is performed, the print job data stored in the storage device of the image processing apparatus is applied to the electronic data. The policy cannot be applied in the same way as the policy. This is because the data related to the policy applied when the electronic data is converted into the print job data by the printer driver in the data processing apparatus is lost.

  SUMMARY An advantage of some aspects of the invention is that a policy of electronic data to be a target of a print job is applied to print job data generated by a data processing apparatus.

  It is another object of the present invention to make it possible to change the policy of electronic data that is the target of the print job to print job data generated by the data processing apparatus.

The image processing system of the present invention that achieves the above object has the following configuration.

An image processing system including an image processing device and a data processing device that can communicate with a server device that manages information indicating operational authority for electronic data, wherein the data processing device operates on electronic data in the server device First storage means for storing electronic data including first data for specifying information indicating print information, print instruction reception means for receiving print settings and print instructions for the electronic data, and print job data from the electronic data and print job data generating means for generating, adding the the first acquisition means for acquiring the first data included in the electronic data, the first data by the first acquisition means has acquired the print job data adding And the print setting generated by the generation unit in the print setting received by the print instruction reception unit. Print data to which the first data is added by the adding means when the job processing data or image data generated based on the print job data is stored in the image processing apparatus. The job data is transmitted to the image processing apparatus, and when the save setting is not included in the print setting received by the print instruction receiving unit, the print job data to which the first data is not added is transmitted to the image processing apparatus. First transmission means, and the image processing device stores either print job data received from the data processing device or image data generated based on the print job data; User specifying means for specifying a user who operates the image processing apparatus, and stored in the second storage means Receiving means for receiving an instruction to output print job data or image data, user information for identifying the user specified by the user specifying means, and print job data that is a target of the output instruction received by the receiving means And a second transmission means for transmitting to the server apparatus first data for identifying information indicating an operation authority for the print job data added to the server apparatus, and the second transmission means transmitted by the second transmission means. Second acquisition means for acquiring operation authority for the print job data specified in the server device according to user information and the first data, and information indicating the operation authority acquired by the second acquisition means The output of the print job data or the image data is selectively limited based on And a means.

The print job output method of the present invention that achieves the above object has the following configuration.
An image processing apparatus capable of communicating with a server device that manages information indicating operation authority for electronic data, and electronic data including first data for specifying information indicating operation authority for electronic data in the server device A print job output method in an image processing system including a data processing device stored in one storage means , wherein the data processing device receives a print setting and a print instruction for the electronic data; and print job data generating step of generating a print job data from the electronic data, the a first obtaining step of obtaining the first data included in the electronic data, the first acquisition step in the acquired first data to the print Addition process added to job data and print setting received in the print instruction reception process When a storage setting indicating that either the print job data generated in the generation process or the image data generated based on the print job data is stored in the image processing apparatus is included, Print job data to which the first data is added is transmitted to the image processing apparatus, and the print setting accepted in the print instruction accepting step does not include the save setting when the print setting is not included. the run a first transmission step of transmitting to the image processing apparatus, the image processing apparatus, the print job data received from the data processing device, or any of the image data generated based on the print job data a storage step of storing in the second storage means, Yoo for identifying the user operating the image processing apparatus A receiving step for receiving an instruction to output print job data or image data stored in the second storage unit, user information for identifying a user specified in the user specifying step, and the receiving step A second transmission step of transmitting, to the server device, first data added to the print job data that is the target of the output instruction received in step S1 and for specifying information indicating an operation authority for the print job data by the server device; A second acquisition step of acquiring information indicating an operation authority for the print job data specified in the server device in accordance with the user information and the first data transmitted in the second transmission step; Based on the information indicating the operation authority acquired in the acquisition step, the print job data or the image And a control step of selectively limiting data output .

  According to the present invention, it is possible to apply a policy applied to electronic data that is a target of a print job, to the print job data generated by the data processing apparatus. Therefore, management of access authority and operation authority similar to those of the electronic data can be performed for a print job stored in the image processing apparatus.

  In addition, since it is possible to change the policy of the electronic data that is the target of the print job to the print job data generated by the data processing apparatus, the printing operation and the policy changing operation are performed together. This improves convenience for the user.

  Next, the best mode for carrying out the present invention will be described with reference to the drawings.

<Description of system configuration>
[First Embodiment]
Next, the best mode for carrying out the present invention will be described with reference to the drawings.

<Description of system configuration>
Embodiments of the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram illustrating an example of a system including a data processing apparatus and an image processing apparatus according to the first embodiment of the present invention.

  In the present embodiment, although not shown, many other computers, MFPs, and other terminals may be connected. In the following description, the computer is represented as the PC 102, and the MFP is represented as the MFP 107.

<Hardware configuration of PC and policy server>
FIG. 2 is a diagram illustrating a hardware configuration of the PCs 102 to 105 and the policy server 106 illustrated in FIG. The PCs 102 to 105 and the policy server 106 have a common configuration in terms of hardware.

  In FIG. 2, a CPU 1201, a RAM 1202, a CRT (Cathode Ray Tube) 1203, and a keyboard 1204 are connected to each other via a system bus 1210.

  Further, a ROM 1206, a DISK 1207, a pointing device 1205, and a communication interface (I / F) 1208 are connected to the system bus 1210. The DISK 1207 is a non-volatile storage device such as a hard disk.

  In this embodiment, the CRT 1203 is used as a display device, but other display devices such as a liquid crystal display device may be used.

  Programs for controlling the PCs 102 to 105 and the policy server 106 are stored in the ROM 1206 or the DISK 1207, read out to the RAM 1202, and executed by the CPU 1201.

  The CPU 1201 displays an operation screen and data through the CRT 1203. The CPU 1201 also receives user instructions from the keyboard 1204 and the pointing device 1205.

  Further, the CPU 1201 communicates with other devices connected to the network 101 through the communication I / F 1208.

  In this embodiment, unless otherwise specified, the CPU 1201 receives user input via the system bus 1210 and the keyboard 1204 and the pointing device 1205. The CPU 1201 controls the RAM 1202, the CRT 1203, the ROM 1206, the DISK 1207, and the communication I / F 1208.

  In the PCs 102 to 105, the DISK 1207 stores later-described printer driver software. Various electronic data are also stored in the DISK 1207.

  In the policy server 106, policy data to be described later and software for operating the policy server are stored in the DISK 1207.

  The printer driver described later displays a driver setting screen as shown in FIGS. 8A and 8B on the CRT 1203.

<Policy server>
The policy server 106 is a server that manages authority (hereinafter referred to as a policy) regarding access to and operation of electronic data handled by the PCs 102 to 105.

  The authority regarding access to and operation of electronic data defines whether or not access to the electronic data is possible and whether operations such as browsing and printing are permitted for each user. The electronic data here includes document data, image data, audio data, moving image data, text data, and the like.

  By registering the electronic data policy in the policy server 106, the policy is applied to the electronic data. The policy server 106 can manage a plurality of electronic data policies. Information related to a policy of electronic data managed by the policy server 106 is referred to as policy data.

<Policy data>
3 and 4 are diagrams showing examples of policy data managed by the policy server 106 shown in FIG. Policy data is stored in the DISK 1207 of the policy server 106.

  In FIG. 3, the policy data is a policy ID 1301 for uniquely identifying a policy and a character string for the user to identify the policy, and includes a policy name 1302 associated with the policy ID. Further, the policy data includes a UID / GID 1303 for recording a user ID and a group ID to which the policy is applied, and a field 1304 indicating the authority granted to each UID and GID.

  The authority field 1304 has a bit indicating permission / non-permission for operations such as data reading, editing, and printing.

  In the case of FIG. 3, ○ indicates permission and × indicates disapproval. With this policy data, it is possible to set what operations are permitted / prohibited for each user or group specified by the UID or GID for each policy ID 1301.

<Electronic document list>
FIG. 4 is a diagram showing an example of an electronic document list managed by the policy server 106 shown in FIG. The electronic document list is stored in the DISK 1207 of the policy server 106.

  The electronic document list is a table showing the correspondence between document IDs and policy IDs 1301. It can be referred to which policy is applied to which electronic data by the electronic document list.

  The electronic data to which the policy is applied is encrypted, and a key 1402 used for the encryption / decryption is stored in the policy server 106 in association with the document ID 1401.

<Electronic Data Format> FIG. 5 is a diagram illustrating an example of a format of electronic data to which the policy according to the present embodiment is applied.

  In FIG. 5, a file header 1501 shows information (specific character string) for identifying the type of electronic data format.

  In the case of FIG. 5, the file header 1501 stores a character string “access_controlled_document”, which indicates that the document is an access right managed.

  A version 1502 represents a version of electronic data. The document ID 1503 is an ID that uniquely identifies the electronic data. The policy server 106 uses the document ID 1503 to determine a policy to be applied to the electronic data.

  The policy server specifying information 1504 represents information for specifying the policy server 106.

  In the case of FIG. 5, the IP address of the policy server 106 is stored as the policy server specifying information 1504, but other information such as a host name may be used.

  The data portion 1505 is electronic data content. The data part 1505 is encrypted with an encryption key issued by the policy server 106.

  In the case where access authority is applied to electronic data stored in the DISK 1207 of the PC 102, that is, when a policy is given, the following operation is performed.

For example, the user operates the PC 102 to create electronic data. Alternatively, existing electronic data may be used instead of newly created data. Then, the PC 102 acquires the document ID of the electronic data from the policy server 106 via the network 101. Then, a policy registered in advance in the policy server 106 is designated together with the document ID. The policy server 106 stores the document ID, the policy ID, and the encryption key in the electronic document list (FIG. 4) in the DISK 1207. Then, the encryption key is transmitted to the PC 102 via the network 101. The PC 105 encrypts the electronic data with the received encryption key (data unit 1505 in FIG. 5). Then, the document ID 1503 acquired from the policy server 106 and information (host name, IP address, etc.) specifying the policy server 106 are added to the encrypted data part (policy server specifying information 1504 in FIG. 5). After the encryption is completed, the received encryption key may be deleted. As a result of the PC 102 performing the above-described processing together with the policy server 106, the electronic data becomes electronic data to which a policy is assigned in a format as shown in FIG.

  Next, a case where the PC 102 performs an operation on electronic data to which a policy is assigned will be described.

  When a user who wishes to operate electronic data operates the PC 102, the PC 102 sends the document ID 1503 of the electronic data and various conditions related to document reference (user ID, browsing, printing, copying, distribution, etc.) via the network 101. Transmit to the policy server 106. The policy server 106 specifies a policy ID corresponding to the document ID 1503 received from the PC 102 with reference to the electronic document list of FIG.

  Then, the authority of the user corresponding to the specified document ID is determined with reference to the policy data in FIG. If the operation requested by the user is an operation permitted by the authority of the user, the policy server 106 transmits the encryption key corresponding to the received document ID 1503 to the PC 102 via the network 101.

  The PC 102 decrypts the data portion 1505 encrypted with the received encryption key, and executes an operation desired by the user on the decrypted data.

  The access right control described above is not limited to the operation on the electronic data on the PCs 102 to 105, but also holds when the MFPs 107 and 108 operate on the electronic data.

<Configuration of MFP 107>
FIG. 6 is a hardware block diagram of the MFP 107 shown in FIG.

  In the present embodiment, the MFP 107 includes a memory such as a hard disk capable of storing data of a plurality of jobs in its own apparatus.

  The image processing apparatus includes a copy function that allows the printer unit to print job data output from the scanner via the memory.

  In addition, the image processing apparatus includes a plurality of functions such as a print function that enables print job data output from an external apparatus such as the PC 102 to be printed by the printing unit via the memory.

  Further, the MFP 107 may be a single function type image processing apparatus (SFP: Single Function Peripheral) having only a print function. In any case, any configuration capable of realizing the control of the present embodiment may be used.

  As shown in FIG. 6, an input image processing unit 801 that reads an image such as a paper document and processes the read image data, and a FAX unit 812 that transmits and receives an image using a telephone line represented by a facsimile or the like. Is provided.

  Also, a network interface card (NIC) unit 811 that exchanges image data and device information using the network 101 is provided. Furthermore, a dedicated interface unit 810 that exchanges information such as image data with an external device is provided. Alternatively, a USB device typified by a USB (Universal Serial Bus) memory (a type of removable media) and a USB interface (USB I / F) unit 809 that transmits and receives image data and the like are provided.

  The job control unit 813 plays a role of traffic control such as temporarily storing image data or determining a route according to the use of the MFP 107. A job control unit 813 includes a CPU, a RAM, and a ROM (not shown), and controls the entire MFP 107.

  The document management unit 807 includes a memory such as a hard disk (HDD) that can store a plurality of image data.

  For example, the CPU provided in the job control unit 813 mainly controls the registration and reading of image data. For example, control is performed so that a plurality of image data from the input image processing unit 801 and image data of a facsimile job input via the FAX unit 812 can be stored in the hard disk.

  Further, print job data from the external device of the PC 102 input via the NIC unit 811 and image data generated based on the print job data are controlled to be stored in the document management unit 807. Also, the document management unit 807 is controlled so that a plurality of types of image data such as various image data input via the dedicated I / F unit or the USB I / F unit 809 can be stored.

  Then, the image data stored in the document management unit 807 is appropriately read out and transferred to an output unit such as the printer unit 805 so that output processing such as print processing by the printer unit 805 can be executed.

  Further, in accordance with an instruction from the operator, the image data read from the document management unit 807 is controlled to be transferable to an external device such as the PC 102 or another MFP.

  As an option, the printer unit 805 can be connected to a post-processing unit 805A that performs post-processing such as stapling.

  When storing the image data in the document management unit 807, the image data is compressed and stored as necessary, or conversely, when the stored image data is read out, it is decompressed to the original image data. For example, the processing such as returning is performed via the compression / decompression unit 808.

  The document management unit 807 can store print job data input from the NIC unit 811, intermediate language data generated by the job control unit 813, and bitmap data rasterized by the RIP unit 803.

  The resource management unit 806 stores various parameter tables that are commonly handled, such as fonts, color profiles, and gamma tables. Then, it can be called as necessary, and a new parameter table can be stored or modified and updated.

  Next, when PDL data is input as print job data, the job control unit 813 performs RIP (Raster Image Processor) processing in the RIP unit 803 to generate rasterized bitmap data. The output image processing unit 804 performs image processing for printing on the image to be printed as necessary.

  Further, intermediate data or print ready data (bitmap data for printing or data obtained by compressing it) can be stored again by the document management unit 807 as necessary.

  Note that the job control unit 813 controls whether the data generated from the output job is image data (bitmap data) or is registered in the document management unit 807 as intermediate data or a display list.

  Then, it is sent to the printer unit 805 that performs image formation. The sheet printed out by the printer unit 805 is sent to the post-processing unit 805A, where sheet sorting processing and sheet finishing processing are performed.

  Here, the job control unit 813 plays a role of smoothly flowing a job, and path switching is performed as follows according to how the MFP is used. However, although it is generally known that image data is stored as intermediate data as needed, access other than the document management unit 807 serving as a start point and an end point is not described here. Also, processing such as the compression / decompression unit 808 and post-processing unit used as necessary, or the job control unit 813 serving as the entire core is omitted, and an approximate flow is shown.

  The copying function is a processing function through the data processing path of the input image processing unit 801 → the output image processing unit 804 → the printer unit.

  The FAX transmission function is a processing function through the data processing path from the input image processing unit 801 to the FAX unit 812.

  The FAX reception function is a processing function through the data processing path of the FAX unit 812 → the output image processing unit 804 → the printer unit 805.

  The network scan is a processing function through the data processing path of the input image processing unit 801 → NIC unit 811.

  The network printing is a processing function through the data processing path of the NIC unit 811 → RIP unit 803 → output image processing unit 804 → printer unit 805.

  Scanning to an external device is a processing function through the data processing path of the input image processing unit 801 → the dedicated I / F unit 810.

  Printing from an external device is a processing function through the data processing path of the dedicated I / F unit 810 → the output image processing unit 804 → the printer unit.

  The scan to the external memory is a processing function through the data processing path from the input image processing unit 801 to the USB I / F unit 809.

  The printing from the external memory is a processing function through the data processing path of the USB I / F unit 809 → RIP unit 803 → output image processing unit 804 → printer unit 805.

  The box scan function is a processing function through the data processing path of the input image processing unit 801 → the output image processing unit 804 → the document management unit.

  The box print function is a processing function via the data processing path from the document management unit 807 to the printer unit 805. Alternatively, it is a processing function via the data processing path of the document management unit 807 → the output image processing unit 804 → the printer unit 805.

  The box reception function is a processing function via the data processing path of the NIC unit 811 → RIP unit 803 → output image processing unit 804 → document management unit 807.

  The box transmission function is a processing function via the data processing path from the document management unit 807 to the NIC unit 811.

  The preview function is a processing function via the data processing path from the document management unit 807 to the operation unit 802.

  In addition to the above, combinations with various functions such as an E-mail service and a Web server function are conceivable, but are omitted here.

  Box scan, box print, box reception, or box transmission is a processing function of the MFP that involves writing and reading of data using the document management unit 807. In addition, the memory in the document management unit 807 is divided for each job or for each user, data is temporarily stored, and data is input / output by combining a user ID and a password.

  Further, the operation unit 802 is used for selecting the above-described various flows and functions and instructing operations. However, as the resolution of the display device of the operation unit 802 is increased, the image stored in the document management unit 807 Data can be previewed and printed after confirmation if it is OK.

<Operation screen of MFP>
FIG. 7 is a plan view showing an example of the operation unit 802 of the MFP 107 shown in FIG.

  As shown in FIG. 7, the operation unit 802 includes a touch panel type LCD 301 that can display and instruct the state of the MFP 107 and hard keys such as a numeric keypad and a power button.

  An operation screen corresponding to each function realized by the MFP 107 is displayed on the LCD 301, and the operation screen is changed according to an input from a touch panel or an input from a hard key, or an instruction is given to the MFP 107.

  The operation unit 802 can display a plurality of operation screens. The MFP 107 can display operation screens according to operations (copying, faxing, box insertion, remote scanner, etc.), and the user can select each by instructing buttons and hard keys displayed on the touch panel. .

  Also, the job processing status of the MFP 107 and the status of the MFP 107 (door open, no paper, etc.) can be displayed.

  The hard key includes a contrast volume (Contrast) B1 for changing the contrast of the LCD and a counter button (Counter Check) B2 for displaying a counter screen. In addition, a power button B3 for turning off / on the power and a power saving button (Power Saving) B4 for turning off only the power of the LCD are provided.

  Further, a reset button B5 for canceling the operation and a guide button (Guide) B6 for displaying a guide for the operator are provided.

  Further, a user mode button (Additional Function) B7 for transitioning to the user mode screen, a numeric keypad button B8 for inputting numbers, and an execution button B9 for starting copying and scanning are provided.

  Information input from the hard key is constantly updated by exchanging with the job control unit and the like, and the screen transition is performed using the result.

<Generate print job>
Hereinafter, an operation in which the PC 102 generates print job data from electronic data stored in the DISK 1207 and transmits the print job data to the MFP 107 when the user operates the PC 102 will be described.

  When a user who has access rights (viewing and printing) to an electronic document performs printing, when printing is instructed from a printer driver installed on the PC 102, an operation screen as shown in FIG. 8A is displayed on the PC 102. The following procedure differs depending on the job form, and is described separately for each job.

  8A and 8B are diagrams showing operation screens of the printer driver installed in the PC 102 shown in FIG. The operation screen 4000 is displayed on the CRT 1203 by a printer driver installed on the PC 102. The user operates the printer driver by pressing a button or inputting a character string on the operation screen 4000 using the keyboard 1204 or the pointing device 1205.

  8A and 8B show the same operation screen, but the display contents in the window 4008 are different by scrolling the display in the window 4008 using the scroll bar 4010.

  In FIG. 8A, the operation screen 4000 can be displayed by switching the three operation screens using three tabs, a layout tab 4002, a paper / quality tab 4004, and a setting tab 4006. An operation screen (not shown) displayed by pressing the layout tab 4002 is a screen for setting a print layout. An operation screen (not shown) displayed by pressing the paper / quality tab 4004 is a screen for setting the paper size and type specified in the print job, and the print quality (resolution, etc.). Note that the operation screen 4000 shown in FIGS. 8A and 8B is an operation screen displayed when the setting tab 4006 is pressed.

  The window 4008 can scroll the display in the window by operating the scroll bar 4010. A window 4008 is a display area for selecting and setting a printing method. The output destination designation field 4014 selects one of the three printing methods of “normal printing”, “box printing”, and “secured printing” by operating the spin box 4012 as a printing method.

  In the example of FIG. 8A, secure printing has been selected. In this case, a key icon indicating that the print job is secure is displayed next to the output destination designation field 4014.

  “Normal printing” is a printing method in which the print job data transmitted from the PC 102 is received by the MFP 107 and then printed out without being held in the document management unit 807. However, the document management unit 807 does not store print job data at all, but may store it temporarily. However, after the printing is completed, the print job data or the image data after the RIP processing of the print job data is deleted from the document management unit 807.

  “Box print” is an operation in which the MFP 107 receives print job data transmitted from the PC 102 and stores the print job data in the designated area of the document management unit 807 without performing print output. The data stored in the document management unit 807 may be print job data itself or image data after the print job data is subjected to RIP processing.

  Further, it may be an intermediate code generated during the conversion of print job data into image data.

  In the following description, print job data before RIP processing, image data after RIP processing, and intermediate codes are collectively referred to as “print job data”. The print job data held in the document management unit 807 by box printing can be printed out or faxed by an operation from the operation unit 802 of the MFP 107.

  In “Secured Print”, after the MFP 107 receives the print job data transmitted from the PC 102, it is not printed immediately but is held in the document management unit 807 and stands by. Thereafter, based on the user operating the operation unit 802 to give a print instruction, the held print job data is printed out.

  As will be described in detail later, when the electronic data to which the policy is attached is subjected to box printing or secure printing, the same policy as the electronic data can be applied to the print job data held in the document management unit 807. .

  A box number designation column 4016 is a column in which input becomes valid when box printing is selected in the output destination designation column 4014.

  When a printing method other than box printing is selected, it is grayed out and input is not accepted. In a box number designation column 4016, information for specifying a storage area in the document management unit 807 for storing print job data when box printing is executed is designated.

  In this embodiment, 100 storage areas to which numbers 0 to 99 are assigned are prepared in the document management unit 807 as boxes areas. A user instructing execution of box printing designates a desired area in the document management unit 807 with a number from 0 to 99.

  This is a column in which input becomes valid when box printing is selected in the confirmation print check box 4018 and the output destination designation column 4014. When a printing method other than box printing is selected, it is grayed out and input is not accepted.

  When box printing is selected in the output destination designation field 4014 and the confirmation print check box 4018 is checked, the MFP 107 holds print job data in the document management unit 807 and performs print output based on the print job data.

  On the other hand, if the confirmation print check box 4018 is not checked, the MFP 107 holds the print job data in the document management unit 807 and does not perform print output at this point.

  The window 4020 displays setting contents such as a paper size set on a setting screen (not shown) displayed by pressing the paper / quality tab 4004. The window 4022 displays an outline of the print layout set on a setting screen (not shown) displayed when the layout tab 4002 is pressed.

  In FIG. 8B, a window 4008 displays security settings that are items to be further set when executing box printing or secure printing.

  These items are grayed out when normal printing is selected in the output destination designation field 4014, and input is not accepted.

  The secure password input field 4025 is an item that can be input when secure printing is selected in the output destination designation field 4014. In the secure password input field 4025, the user inputs a secure password (hereinafter simply referred to as a password) by combining desired characters and numbers using the keyboard 1204.

  How the password entered here is used will be described in detail later.

  The policy server name column 4028, the registered user name column 4030, and the registered policy name column 4032 are used when printing electronic data to which a policy is assigned or when a policy is newly added to electronic data to which no policy is assigned by a printer driver. It is a column to input to.

  The policy server name column 4028 is a column for inputting information (IP address or host name) for specifying a policy server that manages the policy data when a policy is assigned to the electronic data to be printed. In the case of the present embodiment, when printing the electronic data shown in FIG. 5, the printer driver acquires information described in the policy server specifying information 1504 and automatically sets the information as a default in the policy server name column 4028. Set. The user can also change the default set by the printer driver.

  The registered user name column 4030 is information (for example, a user who is not permitted to print or view according to the policy assigned to the electronic data to be printed and who wants to give the authority to permit viewing or printing on the MFP 107 (for example, User ID). A plurality of user IDs can be input here.

  The registered policy name column 4032 is a policy ID 1301 managed by the policy server 106 and / or the policy to which the authority to permit browsing or printing is added to the user ID input in the registered user name column 4030. This is a field for inputting a policy name 1302 corresponding to the ID.

  When printing the electronic data shown in FIG. 5, the printer driver acquires the document ID 1503 and inquires the policy server 106. Then, the policy ID and / or policy name corresponding to the document ID returned from the policy server is received and set in the registration policy name column 4032 as a default.

  Further, the printer driver can acquire a list of policy IDs and / or policy names managed in the policy server 106 from the policy server 106 and display them as a pull-down menu in the registered policy name column 4032. . The user can also select a desired policy ID from the pull-down menu.

  When a policy is not assigned to the document to be printed, the user inputs setting values for the policy server name column 4028, the registered policy name column 4032, and the registered user name as necessary. As a result, a policy can be assigned to the print job data generated by the printer driver. Details of this operation will be described later.

  When an OK button 4024 is pressed, the printer driver generates print job data based on the contents set on the operation screen 4000 and transmits the print job data to the MFP 107. The print job data transmitted here includes data obtained by converting electronic data to be printed into a page description language (PDL), and information indicating setting contents set in the operation screen 4000.

  On the other hand, when a cancel button 4026 is pressed, the print driver cancels the contents set on the operation screen 4000.

  In this embodiment, the printer driver installed in the PC 102 generates a page description language based on an electronic document. However, the printer driver may generate image data such as a bitmap format based on the electronic document. .

  In response to pressing of the OK button, the printer driver accesses the policy server specified by the information input in the policy server name column. Then, the user ID input in the registered user name column 4030 is requested to add authority to allow browsing or printing to the policy ID specified in the registered policy name column 4032. Accordingly, a user who is permitted to print or view when printing is executed by the printer driver can be added.

<Operations with the printer driver>
A user operation procedure in the PC 102 when the user operates the printer driver screen to instruct generation of a print job will be described with reference to FIGS. 8A and 8B. Here, it is assumed that the settings to be performed on the respective operation screens by pressing the layout tab 4002 and the paper / quality tab 4004 have been completed, and the setting items on the operation screen using the setting tabs 4006 will be described.

<Secured printing of electronic data with policies>
(1) In FIG. 8A, the user selects a secured print in the output destination designation field 4014.

  (2) In FIG. 8B, enter a password in the secure password input field 4025. Entering a password is not mandatory.

  (3) When a policy is assigned to electronic data to be printed, policy server identification information included in the electronic data is set in the policy server name column 4028 by default.

  When the policy server is changed by the user's intention, the user inputs the IP address of the policy server. If the PC 102 and the MFP 107 can access the same policy server, the policy server name column 4028 need not be changed from the default value. However, in an environment where both can access only different policy servers, the user inputs the IP address of a policy server that the MFP 107 can access.

  (4) When adding a user who is not permitted to print to the policy assigned to the electronic data as a print-permitted user to the policy, the ID of the user is entered in the registered user name column 4030. Then, the policy ID or policy name is entered in the registered policy name column 4032. A policy ID or a policy name associated with electronic data to be printed as a default may be set in the registered policy name.

  (5) When the above setting is completed, an OK button 4024 is pressed.

<Secured print of electronic data without policy>
The following is a procedure for secure printing of electronic data to which no policy is attached.

  (1) The user selects secure print as the output destination.

  (2) Enter the secure password.

  (3) If a new policy is not assigned by the print printer driver, the OK button is pressed here.

  On the other hand, when a policy is newly assigned by the printer driver, settings are made in the policy server name column 4028 and the registered policy name column 4032, respectively. In this case, the printer driver may store the IP address of the policy server 106 in advance and set the information as a default value in the policy server name column 4028.

  Furthermore, the registered policy name column 4032 may acquire the policy ID and / or policy name list acquired from the policy server 106 and display them as a pull-down menu so that the user can select them.

<Box print>
The following describes the procedure for box printing.

  (1) On the operation screen of FIG. 8A, the user selects box print in the output destination designation field 4014.

  (2) Enter a box number in the box number designation field 4016. Then, the confirmation print check box 4018 is checked as necessary.

  Thereafter, the policy setting is performed on the operation screen shown in FIG. 8B. This is the same as the operation in the case of the secure print described above, and a description thereof will be omitted.

<Print Job Generation Processing of PC 102>
FIG. 9 is a flowchart illustrating an example of a first data processing procedure of the data processing apparatus according to the present embodiment. This processing corresponds to the data processing procedure at the time of job submission by the PC 102. Each step is realized by the CPU 1201 of the PC 102 loading and executing a printer driver program in the RAM 1202 or the like.

  First, in S401, an instruction for various settings for a print job is received by a user operation.

  FIG. 10 is a flowchart showing an example of a second data processing procedure of the data processing apparatus according to the present embodiment. This flowchart is a flowchart showing details of S401 in FIG.

  In step S1601, various settings input by the user on the operation screen 4000 of the printer driver are received.

  In step S1602, it is determined whether the information set by the user in the output destination designation field 4014 is secure print or box print.

If the determination is affirmative, the process advances to step S1603 to determine whether or not a policy has been assigned to the electronic data to be printed.

  On the other hand, if it is neither box print nor secure print in S1602, the process proceeds to S1609.

  If a policy has been assigned, the process advances to step S1604, and policy server specifying information 1504 for specifying the policy server, such as the document ID 1503 and the IP address of the policy server, is acquired from the electronic data to be printed. Further, the policy server 106 is accessed based on the acquired information, and the policy ID and / or policy name corresponding to the document ID is acquired from the policy server 106.

  In step S1605, the policy server identification information 1504 acquired in the policy server name column 4028 is set as the default value and the policy ID and / or policy name acquired in the registered policy name column 4032 are set as default values. If there is a change input by the user from the default value, the change is accepted.

  In S1606, it is determined whether or not a user ID is input in the registered user name column 4030. If there is no input, the process proceeds to S1608.

  If there is an input, the process advances to step S1607, and the printer driver accesses the policy server 106. Then, a request is made to add, to the policy ID specified in the policy server name field 4028, authority information that permits read authority and print authority for the user ID input in the registered user name field 4030. Upon receiving the request, the policy server 106 adds authority information that permits the read authority and the print authority to the user specified by the specified policy ID in the policy information (FIG. 3) held in the DISK 1207. To do. In the present embodiment, the read authority and the print authority are permitted, but only the print authority may be permitted.

  If the read authority is permitted, the MFP 107 can preview print job data corresponding to the electronic data. On the other hand, when the print authority is permitted, the print job data corresponding to the electronic data can be printed by the MFP 107.

  In step S1608, a policy header 1703 is generated. The policy header, which will be described later with reference to FIG. 11, is a policy header 1703 describing information about a policy included in the print job data 1700. The policy header 1703 describes a document ID 1503 acquired from electronic data to be printed and policy server specifying information 1504. As a result, the policy assigned to the electronic data can be inherited to the print job data.

  In step S1609, the other print setting information set in FIG. 8A is temporarily stored in association with the print job. And this flowchart is complete | finished.

If a policy is not assigned to the electronic data to be printed in S1603, the process proceeds to S1610, and it is determined whether or not a policy is newly assigned.

  This determination is made based on whether or not any information is input to the policy server name column 4028 and the registered policy name column 4032. If any information has been input, it is determined that a new policy is to be assigned, and the process proceeds to S1611. Otherwise, the process proceeds to S1609.

  In step S1611, the policy server 106 is accessed, the policy ID input in the registered policy name field 4032 is notified, and a request for policy assignment for print job data to be generated is requested. Based on the request for policy assignment, the policy server 106 generates a new document ID and associates the generated document ID with the policy ID received from the PC 102. Then, the printer driver of the PC 102 is notified of the new document ID. Then, the process proceeds to S1608. When a new policy is assigned, a new document ID received from the policy server 106 is set in the policy header 1703 in S1608.

  Hereinafter, the description returns to the flowchart of FIG.

  In S402, it is determined whether or not the OK button 4024 in FIGS. 8A and 8B has been pressed. If not, the process returns to S401. If the OK button 4024 is pressed, the process proceeds to S403.

  In S403, it is determined whether the print job is a secure print. If the print job is a secure print, the process proceeds to S404.

  In S404, it is determined whether or not a policy is attached to the electronic data or print job data to be printed. If a policy is assigned, the process proceeds to S405, and print job data is generated.

  FIG. 11 is a diagram showing an example of print job data in the present embodiment.

  The print job data 1700 is generated in S405, S409, S410, S411, and S412 in FIG. The print job data 1700 includes job type information 1701, print settings 1702, policy header 1703, and PDL data 1704.

  The job type information 1701 describes information indicating the type of print job of the print job data 1700. In the present embodiment, there are three types of print jobs: normal print, box print, and secured print. This information is based on the information set in the output destination designation field 4014 in FIG. 8A.

  The print setting 1702 describes various setting information included in the print job specified by the user in FIG. 8A. For example, it includes a paper size, a password that can be set in the case of print layout and secure printing, a box number that can be set in the case of box printing, and the like.

  The policy header 1703 is a header that is assigned when a policy is assigned to electronic data to be printed in the case of secure print or box print, or when a policy is newly assigned to print job data. The policy header 1703 describes the document ID and policy server specifying information.

  PDL data 1704 is data representing the contents of electronic data to be printed. Returning to the description of FIG.

  The print job data generated in S405 includes a policy header 1703 as shown in FIG. 11, and the job type information 1701 describes information indicating secure printing.

  In step S406, the print job data generated in step S405 is transmitted to the MFP 107.

  On the other hand, if no policy is attached to the electronic data in S404, the process proceeds to S412.

  In step S412, the job type information 1701 includes information indicating secured printing, and print job data 1700 including at least a password in the print setting is generated. There is no policy header in the print job data generated in S412.

  If it is determined in step S403 that the print is not secure printing, the process advances to step S407 to determine whether the print job is box print. If it is determined that the print is box print, the process advances to step S408 to determine whether a policy is attached to the electronic data or print job data to be printed.

  If a policy is assigned, the process advances to step S409, and print job data including information indicating box print as job type information, at least a box number set in the print setting, and a policy header added is generated.

  On the other hand, if no policy is assigned, the process advances to step S411 to generate print job data that includes information indicating box printing as job type information, at least a box number is set in the print setting, and does not include a policy header.

  If it is determined in S407 that it is not box print, the process proceeds to S410. In this case, it is determined that the print is normal print, and print job data is generated. In the print job data generated here, the job type information 1701 includes information indicating normal printing, and does not include a policy header.

  Then, the print job data generated in S405, S409, S410, S411, and S412 is transmitted to the MFP 107, and this flowchart is ended.

  According to the processing of the PC 102 as the data processing apparatus described above, when a policy is attached to electronic data to be printed, the policy can be inherited even in a print job generated based on the electronic data. .

  In addition, it is possible to set to permit browsing (reading) and printing for users other than those permitted by the policy on the printer driver, and to make the setting prosper to the policy server 106.

  Furthermore, the printer driver and the policy server 106 can also cooperate with the electronic data to which no policy is assigned to assign a new policy.

  As a result, access right management for electronic data can be similarly managed in an image processing apparatus such as an MFP, and security for electronic data can be improved.

  In addition, since it is possible to add or change a policy using the printer driver, it is possible to collectively execute printing and add or change a policy, thereby improving user convenience.

<Operation for Outputting Print Job in MFP 107>
Hereinafter, processing for print job data received by the MFP 107 will be described with reference to FIGS. 12A, 12B, 12C, 13A, 13B, and 13C.

  12A, 12B, and 12C are diagrams illustrating examples of a display on the operation unit 802 of the MFP 107 according to the present exemplary embodiment.

  FIG. 12A is a diagram showing the display content of the operation unit 802 after the MFP 107 is activated.

  In FIG. 12A, the MFP 107 performs user authentication by inserting an IC card in which information for specifying the user is stored in the card reader 815 in FIG. 12A, and when it is confirmed that the user is the correct user, the normal screen shown in FIG. Note that user authentication performed by the MFP 107 may use a known user authentication technique.

  In this embodiment, user authentication using an IC card is adopted, but a method of inputting a user ID and password from the operation unit 802 or a method using biometric authentication may be used.

  FIG. 12B is a diagram showing a standard screen of the operation unit 802 shown in FIG.

  In FIG. 12B, when the system status / cancel button 6001 is pressed, the display screen of the operation unit 802 transitions to FIG. 12C.

  FIG. 12C is a diagram showing an example of a status confirmation screen of the MFP 107 shown in FIG.

  When the “close” button 6003 is pressed in FIG. 12C, the display returns to the display in FIG. 12B. On the other hand, when the “print” button 6002 is pressed in FIG. 12C, the display screen is changed to the display screen in FIG. 13A.

  13A, 13B, and 13C are diagrams illustrating an example of a print job list screen that shows the status of secured printing and box printing received by the MFP 107 illustrated in FIG.

  The screen in FIG. 13A is displayed when the screen “print” button 6002 in FIG. 12C is pressed.

  In FIG. 13A, print jobs 7100, 7200, and 7300 indicate print jobs held by the document management unit 807, such as secure print and box print, among the print jobs accepted by the MFP 107.

  An icon 7002 is displayed for each print job, and the type of the print job can be identified by this icon.

  FIG. 14 is a diagram showing an example of details of the icon 7002 in the present embodiment.

  In FIG. 14, an icon 8002 indicates a secured print job including a policy header. An icon 8004 indicates a secured print job that does not include a policy header.

  An icon 8006 indicates a box print job including a policy header. An icon 8008 indicates a box print job that does not include a policy header.

  When the user performs an operation of selecting any print job on the print job list screen shown in FIG. 13A, the item of the selected print job is highlighted as shown in FIG. 13B. Further, the user presses a print start button 7102 to instruct the start of printing of the selected print job.

  When the press of the print start button 7102 is accepted, the job control unit 813 of the MFP 107 executes different control depending on the type of print job instructed to start printing.

  When the print job instructed to start printing is a secure print with a policy header or a box print with a policy header, the policy server 106 is accessed. Specifically, the job control unit 813 accesses the policy server 106 via the NIC unit 811 based on the policy server specifying information described in the policy header.

  Then, the document ID and the user ID of the user authenticated in FIG. 12A are transmitted. The policy server refers to the policy information (FIGS. 3 and 4) based on the document ID and user ID received from the MFP 107, identifies the policy ID associated with the document ID, and specifies the user ID of the user ID in the identified policy ID. Identify the permissions granted to the user. Then, the specified authority information is returned to the MFP 107.

  The job control unit 813 of the MFP 107 refers to the authority information returned from the policy server 106, starts printing if printing is permitted, and prints error messages (not shown) without printing if printing is not permitted. Is displayed on the operation unit 802.

  Note that a preview of the print job can be displayed on the operation unit 802 by pressing the detailed information 7104 after selecting the print job in FIG. 13B.

  Even in this case, if the print job instructed to be previewed has a policy header as a print job, authority information is acquired from the policy server 106 in the same manner as described above. Then, it is determined whether reading is permitted by referring to the reading authority, and a preview is displayed or prohibited.

  If the print job instructed to start printing is a secure print that does not include a policy header, the job control unit 813 extracts a password included in the print job data. Then, a screen as shown in FIG. 13C is displayed, and the user is requested to input a password.

  The job control unit 813 permits the start of printing when the password input by the user operating the operation unit 802 matches the password extracted from the print job data, and causes the printer unit 805 to print the print job. If the passwords do not match, an error message (not shown) is displayed on the operation unit 802.

<Processing of MFP 107>
FIG. 15 is a flowchart showing an example of a processing procedure in the image processing apparatus according to the present invention. Each step of this flowchart is realized by the job control unit 813 of the MFP 107 loading various control programs stored in the resource management unit 806 into the internal memory and executing them.

  First, in step S901, an IC card carried by the user is mounted on, for example, an IC card reader 815 that functions as a personal authentication device. Accordingly, the job control unit 813 acquires personal information (such as a user ID) registered in the card from the IC card.

  In addition to the IC card, the card may be a normal magnetic card or a non-contact IC card. Alternatively, a user authentication method that does not use a card (biometric authentication or inputting a user ID and password from the operation unit 802) may be used. Further, in order to perform user authentication, user authentication may be performed in cooperation with an external directory server (not shown).

  Then, based on the user ID acquired in S902, it is confirmed whether or not the user is authorized to use the MFP. If it is a regular user, the process proceeds to S903, and if it is not a regular user, this flow is terminated.

  In step S903, the user accepts pressing of the system status / cancel button 6001 shown in FIG. 12B, transitions to the screen display shown in FIG. 13A, and accepts the output of the print job selected by the user from the print job list. Here, “output” includes both print output and preview output.

  In step S <b> 904, the job control unit 813 determines whether a policy header 1703 is added to the print job data selected by the user. If it is determined that the policy header 1703 is not added to the print job data, the process advances to step S909.

  On the other hand, if it is determined in step S904 that the policy header 1703 is added to the print job data, the process advances to step S905.

  In step S905, the job control unit 813 extracts the document ID and policy server specifying information of the policy header 1703. Then, the policy server 106 is accessed based on the policy server specifying information, and the extracted document ID is transmitted.

  On the other hand, the policy server refers to the policy information (FIGS. 3 and 4) based on the document ID received from the MFP 107 and the user ID authenticated by the user authentication in S901. Then, the policy ID associated with the document ID is specified, and the authority permitted to the user with the user ID is specified in the specified policy ID. The specified authority information is returned to the MFP 107.

  In step S906, it is checked whether the access to the policy server is normally performed and the authority information corresponding to the transmitted document ID is received. For example, when the MFP 107 cannot communicate with the policy server 106 due to a failure of the network 101 or a failure of the policy server 106, the authority information cannot be acquired and the policy cannot be confirmed.

  Even if the description content of the policy header 1703 is destroyed for some reason, the MFP 107 cannot access the policy server 106, and in such a case, the policy cannot be confirmed. If the policy cannot be confirmed, the process proceeds to S914. On the other hand, if it is determined that the policy can be confirmed normally, the process proceeds to S907.

  In S907, the authority information acquired from the policy server in S905 is confirmed, and it is checked whether or not the authenticated user has the authority to output. When the output instruction by the user is print output, the print authority may be checked in the authority information.

  When the output instruction by the user is preview display, the reading (browsing) authority in the authority information may be checked. If the authority information is checked and it is determined that the output is permitted for the authenticated user, the process proceeds to S908, and the output (print output or preview display) instructed by the user is executed and this flowchart is executed. finish.

  On the other hand, if it is determined that output is not permitted for the authenticated user, the instructed output operation is not performed, an error message indicating that the operation unit 802 is not authorized is displayed, and the flowchart ends.

  If the policy header 1703 is not included in the print job in step S904, the process advances to step S909 to check whether the print job instructed to output is a secure print. If the print is not secure printing, the print job is output (printed or displayed), and this flowchart is terminated. On the other hand, if it is a secure print, the process proceeds to S910.

  If the policy cannot be confirmed in step S906, the process advances to step S914 to check whether the print job instructed to be output by the user is a secure print. If it is not secure printing, a message indicating that the policy cannot be confirmed is displayed on the operation unit 802, and this flowchart is terminated. On the other hand, if it is a secure print, the process proceeds to S910.

  In S910, since the print job is a secure print, the password is confirmed. The password input request screen of FIG. 13C is displayed on the operation unit 802, and the password input by the user is confirmed.

  Then, it is checked whether or not the password input in S911 matches the password included in the print setting 1702 of the print job data. If it is determined that they match, the process proceeds to S913. In step S913, a print job is output (print output or preview display), and the process of the flowchart ends.

  On the other hand, if the passwords do not match, a message indicating that the password of the operation unit 802 is incorrect is displayed, and this flowchart is terminated. Here, without ending the flowchart, the password input screen of FIG. 13C may be displayed again to prompt the user to input the password again.

  According to the above-described operation of the MFP 107, when the policy header 1703 is added to the print job stored in the document management unit 807, output permission / prohibition control is performed according to the policy.

  Thereby, the policy of the electronic data that is the generation source of the print job data can be reflected in the operation of the MFP 107, and the security for the electronic data can be further improved.

  In addition, by attaching a password to the print setting 1702 of the print job data, even when the MFP 107 cannot confirm the policy, permitting printing on the condition that the password is verified, the convenience for the user can be improved. .

<Other embodiments>
The configuration of a data processing program that can be read by a data processing system including a data processing apparatus and an image processing apparatus according to the present invention will be described below with reference to the memory maps shown in FIGS.

  FIG. 16 is a diagram for explaining a memory map of a storage medium for storing various data processing programs readable by the data processing apparatus according to the present invention.

  FIG. 17 is a diagram for explaining a memory map of a storage medium for storing various data processing programs that can be read by the image processing apparatus according to the present invention.

  Although not specifically shown, information for managing a program group stored in the storage medium, for example, version information, creator, etc. is also stored, and information depending on the OS on the program reading side, for example, a program is identified and displayed. Icons may also be stored.

  Further, data depending on various programs is also managed in the directory. In addition, a program for installing various programs in the computer, and a program for decompressing when the program to be installed is compressed may be stored.

  The functions shown in FIGS. 9 and 15 in this embodiment may be performed by a host computer by a program installed from the outside. In this case, the present invention is applied even when an information group including a program is supplied to the output device from a storage medium such as a CD-ROM, a flash memory, or an FD, or from an external storage medium via a network. Is.

  As described above, the storage medium storing the software program code for realizing the functions of the above-described embodiments is supplied to the system or apparatus. It goes without saying that the object of the present invention can also be achieved by the computer (or CPU or MPU) of the system or apparatus reading and executing the program code stored in the storage medium.

  In this case, the program code itself read from the storage medium realizes the novel function of the present invention, and the storage medium storing the program code constitutes the present invention.

  Therefore, as long as it has the function of the program, the form of the program such as an object code, a program executed by an interpreter, or script data supplied to the OS is not limited.

  As a storage medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, MO, CD-ROM, CD-R, CD-RW, magnetic tape, nonvolatile memory card, ROM, DVD, etc. Can be used.

  In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the program code constitutes the present invention.

  As another program supply method, a browser on a client computer is used to connect to an Internet home page. Then, the computer program itself of the present invention or a compressed file including an automatic installation function can be downloaded from the homepage by downloading it to a recording medium such as a hard disk. It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server, an ftp server, and the like that allow a plurality of users to download a program file for realizing the functional processing of the present invention on a computer are also included in the claims of the present invention.

  In addition, the program of the present invention is encrypted, stored in a storage medium such as a CD-ROM, distributed to users, and key information for decryption is downloaded from a homepage via the Internet to users who have cleared predetermined conditions. Let It is also possible to execute the encrypted program by using the key information and install the program on a computer.

  In addition, the functions of the above-described embodiments are not only realized by executing the program code read by the computer. For example, based on an instruction of the program code, an OS (operating system) running on the computer performs part or all of the actual processing. Needless to say, the process includes the case where the functions of the above-described embodiments are realized.

  Further, the program code read from the storage medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer. After that, the CPU of the function expansion board or function expansion unit performs part or all of the actual processing based on the instruction of the program code, and the function of the above-described embodiment is realized by the processing. Needless to say.

  The present invention is not limited to the above embodiments, and various modifications (including organic combinations of the embodiments) are possible based on the spirit of the present invention, and these are excluded from the scope of the present invention. is not.

  Although various examples and embodiments of the present invention have been shown and described, those skilled in the art will not limit the spirit and scope of the present invention to the specific description in the present specification.

1 is a diagram illustrating an example of a data system including a data processing apparatus and an image processing apparatus according to a first embodiment of the present invention. It is a figure which shows the hardware constitutions of PC shown in FIG. 1, and a policy server. It is a figure which shows an example of the policy data which the policy server 106 shown in FIG. 1 manages. It is a figure which shows an example of the policy data which the policy server 106 shown in FIG. 1 manages. It is a figure which shows an example of the format of the electronic data to which the policy which shows this embodiment was applied. FIG. 2 is a hardware block diagram of the MFP shown in FIG. 1. FIG. 3 is a plan view illustrating an example of an operation unit illustrated in FIG. 2. It is a figure explaining the user interface screen of the printer driver of PC shown in FIG. It is a figure explaining the user interface screen of the printer driver of PC shown in FIG. It is a flowchart which shows an example of the 1st data processing procedure in the image processing apparatus which concerns on this invention. It is a flowchart which shows an example of the 2nd data processing procedure of the data processor which concerns on this embodiment. G 6 is a diagram illustrating an example of print job data according to the present exemplary embodiment. FIG. FIG. 2 is a diagram illustrating an example of a user interface screen of the MFP illustrated in FIG. 1. FIG. 2 is a diagram illustrating an example of a user interface screen of the MFP illustrated in FIG. 1. FIG. 2 is a diagram illustrating an example of a user interface screen of the MFP illustrated in FIG. 1. FIG. 6 is a diagram illustrating an example of a print job list screen showing a status of secured printing and box printing received by the MFP shown in FIG. 1. FIG. 6 is a diagram illustrating an example of a print job list screen showing a status of secured printing and box printing received by the MFP shown in FIG. 1. FIG. 6 is a diagram illustrating an example of a print job list screen showing a status of secured printing and box printing received by the MFP shown in FIG. 1. FIG. 3 is a diagram illustrating an example of a file icon that can identify an attribute of a job registered in the document management unit illustrated in FIG. 2. It is a flowchart which shows an example of the data processing procedure in the image processing apparatus which concerns on this invention. It is a figure explaining the memory map of the storage medium which stores the various data processing program which can be read with the data processor which concerns on this invention. It is a figure explaining the memory map of the storage medium which stores the various data processing program which can be read with the image processing apparatus which concerns on this invention.

Explanation of symbols

101 network 102-105 PC
107, 108 MFP
106 Policy server

Claims (10)

An image processing system including an image processing device and a data processing device that can communicate with a server device that manages information indicating operational authority for electronic data,
The data processing device includes:
First storage means for storing electronic data including first data for specifying information indicating an operation authority for the electronic data in the server device;
Print instruction accepting means for accepting a print setting and a print instruction for the electronic data;
Print job data generating means for generating print job data from the electronic data;
First acquisition means for acquiring the first data included in the electronic data;
Adding means for adding the first data acquired by the first acquiring means to the print job data;
A storage setting indicating that the print setting received by the print instruction receiving unit is to store either the print job data generated by the generation unit or the image data generated based on the print job data in the image processing apparatus. Is included, the print data to which the first data has been added by the adding unit is transmitted to the image processing apparatus, and the print setting received by the print instruction receiving unit does not include the save setting. A first transmission unit configured to transmit print job data to which the first data is not added to the image processing apparatus ;
The image processing apparatus includes:
Second storage means for storing either print job data received from the data processing device or image data generated based on the print job data;
User specifying means for specifying a user who operates the image processing apparatus;
Receiving means for receiving an instruction to output print job data or image data stored in the second storage means;
User information for identifying the user specified by the user specifying unit, and information indicating the operation authority of the server device for the print job data added to the print job data that is the target of the output instruction received by the receiving unit Second transmission means for transmitting first data for specifying the server to the server device;
Second acquisition means for acquiring information indicating an operation authority for the print job data specified in the server device in accordance with the user information and the first data transmitted by the second transmission means;
Control means for selectively restricting output of the print job data or the image data based on information indicating the operation authority acquired by the second acquisition means;
An image processing system comprising: The data processing device further includes:
User information accepting means for accepting information identifying a user who is permitted to operate the electronic data;
Instruction means for instructing the server device to change the authority information indicated by the policy data specified by the first data so that the user received by the user information receiving means has the authority to operate the electronic data; ,
The image processing system according to claim 1, further comprising: The data processing apparatus further comprises password accepting means for accepting an input of a password used for permitting the image processing apparatus to output an image of the print job data transmitted by the first sending means.
The image processing system according to claim 1, wherein the adding unit further adds the password received by the password receiving unit to the print job. The image processing system according to claim 1, wherein the adding unit adds the print setting received by the print instruction receiving unit to the print job data. The first storage means can further store electronic data that does not include the first data, and further, when the electronic data to be printed is electronic data that does not include the first data, based on the electronic data Requesting means for requesting the server to manage the operation authority for the print job data to be generated,
The first acquisition unit acquires first data for specifying policy data indicating an operation authority for the print job data in the server device, which is transmitted from the server device in response to a request from the request unit. ,
The image processing system according to claim 1, wherein the adding unit adds the first data acquired from the server by the acquiring unit to the print job data. The control unit, when the acquisition unit is not able to normally acquire the information indicating the operation authority from the server device, when the password input by the user matches the password added to the print job The image processing system according to claim 1 , wherein output of the print job is permitted. The control means, when the first data is not added to the print job data that is the target of the output instruction received by the receiving means, the password input by the user, the password added to the print job, There permitting output of the print job on condition that matched, the image processing system according to any one of claims 1 to 6. The image according to any one of claims 1 to 7 , wherein the image processing apparatus further includes display means for displaying a list of print job data stored in the second storage means. Processing system . 9. The image processing according to claim 8 , wherein the display unit displays the print job data to which the first data is added and the print job data to which the first data is not added so as to be distinguishable. apparatus. An image processing apparatus capable of communicating with a server device that manages information indicating operation authority for electronic data, and electronic data including first data for specifying information indicating operation authority for electronic data in the server device A print job output method in an image processing system including a data processing device stored in one storage means ,
The data processing device is
A print instruction receiving step for receiving a print setting and a print instruction for the electronic data;
A print job data generation step for generating print job data from the electronic data;
A first acquisition step of acquiring the first data included in the electronic data;
An adding step of adding the first data acquired in the first acquiring step to the print job data;
A storage setting indicating that either the print job data generated in the generation process or the image data generated based on the print job data is stored in the image processing apparatus in the print setting received in the print instruction reception process Is included, the print job data to which the first data is added in the adding step is transmitted to the image processing apparatus, and the print setting received in the print instruction receiving step does not include the save setting. If, executes a first transmission step of transmitting the print job data is not added to the first data to the image processing apparatus,
The image processing apparatus is
A storage step of storing either print job data received from the data processing apparatus or image data generated based on the print job data in a second storage unit;
A user specifying step for specifying a user who operates the image processing apparatus;
Receiving a print job data or image data output instruction stored in the second storage means;
User information for identifying the user specified in the user specifying step, and information indicating the operation authority of the server device for the print job data added to the print job data that is the target of the output instruction received in the receiving step. A second transmission step of transmitting first data for identification to the server device;
A second acquisition step of acquiring information indicating operation authority for the print job data specified in the server device according to the user information and the first data transmitted in the second transmission step;
A control step of selectively restricting output of the print job data or the image data based on the information indicating the operation authority acquired in the second acquisition step;
A print job output method.

Images