Business case requirements have resulted in related documents that are native to their individual formats being combined into a collection called composite documents. These are used for a variety of activities such as presentations, premium/sensitive content distributions and business workflows, and may include standard types such as PDF, Word, Excel, PowerPoint Slides and other specially formatted files. Additionally, cross-organizational workflow demands have created new challenges for the management of such composite documents. These include access control to individual parts, security and privacy issues in the absence of shared trusted infrastructure, communication over popular and potentially insecure channels, auditing, print control and disposal. These challenges led to the development of Publicly Posted Composite Documents (PPCDs) [1] as a recently proposed document format that enables the secure containment and transfer of personalized document versions over insecure channels, with the access control and policies built into and carried within the document itself (as an integral part). PPCD technology is intended to act as the central pillar of document workflow scenarios, where a single document can be created, controlled, accessed, used and monitored throughout its life cycle as it participates in inter-organizational workflows. However, PPCD technology is currently missing an important property of electronic documents: the ability to be securely printed to a physical copy. The limited resources on multi-function printer (MFP) devices and the security focused structure of PPCDs makes this a challenging and non-trivial problem. Thus, in this paper we utilize the unique structure of PPCDs to describe novel mechanisms and firmware extensions on MFPs for enforcing differential access control and printing.
Read full abstract