JP2005157770A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processor such as a multi-function device capable of restricting transmission as the need arises. <P>SOLUTION: When a destination is specified and a transmission instruction is given by a user, a control part 106 checks whether or not the specified destination is the one to which the transmission is prohibited based on a transmission propriety information DB 122. If the transmission is not prohibited, the control part 106 checks whether or not encryption processing is required for the destination based on a DB 124 of the information on presence or absence of the encryption. If the encryption is required, the control part 106 checks whether or not a public key certificate for the destination can be obtained. If the public key certificate is obtained, an encryption processing part 110 executes encryption processing of the object data with a public key attached to the public key certificate obtained by the control part 106, and the control part 106 controls a transmission part 108 and transmits the object data to which encryption processing is provided, to the specified destination. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus such as a multifunction machine having one or a plurality of functions among a printer function, a copy function, a scanner function, a fax function, and the like.

  With the expansion of the use of digital data such as personal computers (PCs) and digital cameras, the demand for printers for printing documents created on PCs and images taken with digital cameras has increased. Proposed. In particular, in recent years, a multi-function printer (multi-function machine: MF machine) that has many functions such as a copy function, a scanner function, and a fax function in addition to a printer function has been proposed.

  An MF machine is generally shared by a plurality of users, that is, a usage form in which a plurality of PCs are connected to the MF machine via a network, and a plurality of users share one MF machine. It is. As described above, in a use environment connected to a network, information management such as document data used by the MF machine is important.

  In the United States, the “Health Insurance Portability and Accountability Act” HIPAA (Health Insurance Portability and Accountability Act) was enacted, and a law that included the protection of personal information was enacted. Strict management is required. Therefore, when an MF machine is used in a medical institution, if a scan document of a medical record is erroneously transmitted or illegally transmitted outside the organization due to a user's intention or mistake, it becomes a big problem from the viewpoint of privacy protection. For this reason, there is a request to control the MF machine so that transmission to a prohibited address or domain is not possible. In addition, there is a request that even if the destination is permitted, it is necessary to restrict transmission when mail is sent outside the organization.

  In this way, the request for restricting transmission is the same in companies. That is, when a confidential document or important information scan document in a company is erroneously or illegally transmitted outside the company due to intention or mistake of an employee in the company, it becomes a big problem from the viewpoint of security. For this reason, there is a request for controlling the MF machine so that it cannot be transmitted to outside or prohibited addresses and domains. In addition, there is a request that even if the destination is permitted, it is necessary to restrict the transmission to the outside when the mail is transmitted outside the company.

  As an example of an apparatus that performs transmission restriction, a facsimile apparatus described in Patent Document 1 can be cited. The facsimile apparatus described in Patent Document 1 is capable of transmitting an electronic mail, and prohibits direct transmission when a mail address is designated as a destination. However, since the apparatus described in Patent Document 1 does not limit transmission from the viewpoint of information management, it does not satisfy the above-described requirements.

JP 2003-78697 A

  In a conventional MF machine, a transmission mail server is installed in a company, and transmission restrictions can be realized by control of this transmission mail server. However, if the company does not have a mail server and uses, for example, a transmission mail server of an Internet service provider (ISP), transmission must be restricted on the ISP side. Similarly, in the conventional MF machine, it was not possible to control to send an e-mail with encryption according to the destination.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a multi-function device that can restrict transmission as required.

  In order to achieve the above object, an information processing apparatus according to a preferred aspect of the present invention is an information processing apparatus that transmits target data to a transmission destination connected via a network, and an interface unit that receives designation information that designates the transmission destination And a storage unit that stores transmission permission / inhibition information indicating whether transmission to the transmission destination is possible, and based on the transmission permission / inhibition information, determines whether transmission to the specified transmission destination is permitted, and is permitted. And a transmission control unit that prohibits transmission of the target data if not.

  In this configuration, the target data is an e-mail or the like, and may include document data and image data attached to the e-mail. Furthermore, data that can be transmitted via a network is included in the concept of target data without being limited to transmission by e-mail. Further, the transmission permission / inhibition information is information indicating a list of transmission destinations whose transmission should be prohibited, for example. According to this configuration, for example, the device administrator of the MF machine can set transmission permission information in the MF machine in advance, thereby restricting transmission to the user of the MF machine. For this reason, it is suitable for prevention of information leakage due to unauthorized transmission or erroneous transmission by the user.

  In order to achieve the above object, an information processing apparatus according to another preferred embodiment of the present invention provides designation information for designating a transmission destination in an information processing apparatus that transmits target data to a transmission destination connected via a network. An interface unit that accepts data, a storage unit that stores encryption presence / absence information indicating the presence / absence of encryption processing for the destination, and transmission to the designated destination based on the encryption presence / absence information is encrypted. An encryption unit that determines whether it is necessary and performs encryption processing on the target data when encryption is required, and the encryption processing is performed on the transmission destination that requires encryption And a transmission unit for transmitting the target data.

  According to this configuration, for example, when the device administrator of the MF machine sets the encryption presence / absence information in the MF machine in advance, the user of the MF machine can perform encryption control. In other words, the necessity or unnecessity of encryption can be limited according to the transmission destination, which is suitable for preventing information leakage due to unauthorized transmission or erroneous transmission by the user.

  In order to achieve the above object, an information processing apparatus according to another preferred embodiment of the present invention provides designation information for designating a transmission destination in an information processing apparatus that transmits target data to a transmission destination connected via a network. An interface unit that accepts information, a transmission unit information indicating whether transmission to a transmission destination is possible, a storage unit that stores encryption presence / absence information indicating whether encryption processing is performed on the transmission destination, and the designation based on the transmission availability information A transmission control unit that determines whether transmission to the specified transmission destination is permitted, and prohibits transmission when the transmission is not permitted; and based on the encryption presence / absence information, An encryption unit that determines whether encryption is required and performs encryption processing on the target data when encryption is required, and the encryption to the permitted transmission destination that requires encryption Process and having a transmitter which transmits the target data subjected.

  Preferably, the information processing apparatus further includes a destination information registration unit that registers destination information of a transmission destination in the storage unit, and the destination information registration unit is configured to determine a destination for which a registration is instructed by a user based on the transmission permission information. It is determined whether or not transmission to the destination is permitted, and registration of destination information regarding the destination is prohibited when the transmission is not permitted. In this configuration, the destination information is information indicating destinations regarding one or a plurality of transmission destinations, and functions as a so-called address book.

  Preferably, the encryption process is an encryption process using a public key of an authorized transmission destination that requires the encryption. More preferably, the error part prohibits the transmission of the target data when the public key of the permitted transmission destination that requires the encryption cannot be acquired. Preferably, the transmission permission / inhibition information is information corresponding to a user. Here, the information corresponding to the user is information set for each user, for example. Transmission permission / inhibition information may be set for a plurality of users, that is, for each group.

  In order to achieve the above object, an operation processing method according to a preferred aspect of the present invention is an operation processing method executed by an information processing apparatus, based on transmission permission / inhibition information indicating whether transmission to a transmission destination is possible. In the transmission permission / inhibition determining step for determining whether or not transmission to the specified transmission destination is permitted, and in the transmission permission / inhibition determining step based on the encryption presence / absence information indicating the presence / absence of the encryption processing for the transmission destination. An encryption determination step for determining whether or not encryption is required for the permitted transmission destination permitted to transmit, and encryption is performed on the target data when it is determined that encryption is necessary in the encryption determination step. An encryption processing step for performing encryption processing, and a transmission step for transmitting the target data subjected to the encryption processing to an authorized transmission destination determined to require encryption. To.

  According to the present invention, it is possible to provide an information processing apparatus capable of restricting transmission as necessary.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of the invention will be described with reference to the drawings.

  FIG. 1 shows a preferred embodiment of the present invention, and FIG. 1 is a diagram showing a configuration of a network system including a multi-function device that is an information processing apparatus.

  The multifunction machine (MF machine) 100 is connected to a plurality of computers (PC) 200a to 200c. That is, a local area network in which a plurality of users can use the MF device 100 via the PCs 200a to 200c is configured. For example, the MF device 100 is shared by a plurality of users in the company. The MF machine 100 is further connected to the external PC 400 or the external MF machine 500 via the Internet 300, and data used in the MF machine 100 can be transferred to the external PC 400 or the external MF machine 500.

  The internal configuration of the MF machine 100 is as follows. The printing unit 102 is controlled by the control unit 106 and performs printing based on print target data input from the outside of the MF machine 100. For example, when forming a color image, the printing unit 102 includes a plurality of color material image forming units that form color material images corresponding to each color and an intermediate transfer body. A color image can be formed by superimposing and transferring the color material images respectively formed by the color material image forming unit on the intermediate transfer body based on the input print target document. The present invention is not limited to this configuration.

  The scanner unit 104 has a conventionally well-known configuration and will not be described in detail. However, the scanner unit 104 includes an image reading unit such as a CCD line sensor, and reads an original image recorded on a recording medium such as paper or film into digital data. The digital data is converted and recorded in the confidential box 132. The digital data may be output to the PCs 200a to 200c via the communication interface 140.

  The control unit 106 controls the operation of the MF machine 100 according to a program stored in advance. In this program, information for controlling the overall operation of the MF machine 100 is described, and the control unit 106 controls each part of the MF machine 100 according to this information. The operation panel 142 displays an operation status of the MF machine 100, a mode selection screen, and the like, and accepts an operation from the user. The user performs various settings of the MF machine 100 such as setting various processing conditions such as the number of printers, insertion page conditions, and printing conditions via the operation panel 142. The operation performed by the user is transmitted from the operation panel 142 to the control unit 106. The communication interface 140 is connected to the PCs 200a to 200c via the local area network, and is connected to the external PC 400 and the external MF machine 500 via the Internet 300, and passes print target data and various types of information. The user can also give an operation instruction to the MF machine 100 via the PCs 200a to 200c.

  The transmission unit 108 is controlled by the control unit 106, and based on transmission instructions input from the user via the operation panel 142 or the communication interface 140, target data such as document data and image data used by the MF machine 100 is received. Transmit to the outside of the MF machine 100. There are several forms of transmission of target data by the MF machine 100. For example, scan mail transmission in which target data read by the scanner unit 104 is attached to a mail and transmitted, remote copy in which target data is transmitted to a printer, and the like. The target data is read by the scanner unit 104 and directly transmitted, or is recorded once in the confidential box 132 and then transmitted. The transmission destinations are the PCs 200a to 200c and the external PC 400 for scan mail transmission, and the external MF machine 500 having a printer function or a printer (not shown) for remote copy.

  The target data to be transmitted is subjected to encryption processing by the encryption processing unit 110 as necessary. A public key encryption method is used for this encryption process. In other words, after encrypting the target data with the public key of the destination, the target data is transmitted to the destination, and the destination receiving the target data decrypts the target data with the private key corresponding to its own public key. Execute. The target data transmission operation according to the present embodiment will be described in detail later with reference to FIG.

  The recording unit 120 records various types of information used by the MF machine 100, and is composed of, for example, a hard disk. In the recording unit 120, a transmission permission / inhibition information DB 122, an encryption presence / absence information DB 124, a destination information DB 126, a certificate DB 128, a transmission log DB 130, and a confidential box 132 are configured.

  In the transmission permission / inhibition information DB 122, a destination to be prohibited from transmission is set by the device administrator. FIG. 3 is a diagram for explaining the transmission permission / inhibition information DB 122, and shows a setting example of a transmission prohibited domain, a transmission prohibited mail address, and a transmission prohibited printer address. The transmission prohibited domain indicates a domain of a mail address for which transmission is prohibited. In the example of FIG. 3, transmission to the “a company.co.jp” domain and the “b company.co.jp” domain is prohibited. ing. That is, transmission to all addresses under these domains is prohibited. When prohibition is set for each address, the mail address to be prohibited is set to the transmission prohibition mail address. In the example of FIG. 3, transmission to the “aaa. @ Bbb.co.jp” address and the “ddd. @ Eeee.co.jp” address is prohibited. When it is desired to prohibit transmission to a printer, the printer address is set as a transmission prohibited printer address.

  It is obvious to those skilled in the art that the present invention is not limited to the present embodiment, but can also be applied to transmission prohibition control to a server that transmits target data.

  The prohibited destination set in the transmission permission / inhibition information DB 122 is referred to by the control unit 106, and it is determined whether transmission of the target data is permitted. Accordingly, by appropriately setting the prohibited destination, the device administrator can restrict transmission, for example, prohibiting transmission to the external MF device 500 or prohibiting transmission to the external PC 400. In the transmission permission / inhibition information DB 122, a permitted destination may be set instead of the prohibited destination. That is, a configuration may be adopted in which a transmission permission domain, a transmission permission mail address, and a transmission permission printer address are set, and the control unit 106 can transmit the target data only to a destination permitted to transmit by referring to this.

  In the encryption presence / absence information DB 124, a destination to which the target data is to be transmitted after being encrypted is set by the device administrator. FIG. 4 is a diagram for explaining the encryption presence / absence information DB 124, and shows an example of setting the encryption request domain and the encryption request mail address. The encryption request domain indicates the domain of the destination mail address to be encrypted. In the example of FIG. 4, transmissions to the “x company.co.jp” domain and the “y office.co.jp” domain are sent. At this time, it is required to encrypt the target data. In other words, encryption is required for the target data when transmitting to addresses under these domains. When the encryption request is set for each address, the address is set to the encryption request mail address. In the example of FIG. 4, encryption is requested at the time of transmission to the “fff. @ Ggg.co.jp” address and the “hh. @ Iii.co.jp” address.

  Here, in order to simplify the explanation, description of the encryption request to the printer is omitted, but it is possible to set to perform remote copy encryption in the same way as scan mail transmission.

  The encryption request destination set in the encryption presence / absence information DB 124 is referred to by the control unit 106, and it is determined whether or not to perform encryption when transmitting the target data. Therefore, by appropriately setting the encryption request destination, for example, when the target data is transmitted to the external PC 400 of the company that has a business tie-up relationship via the Internet 300, the encryption process is forcibly performed. The device administrator can restrict transmission. In the encryption presence / absence information DB 124, an encryption unnecessary destination may be set instead of the encryption request destination. In other words, a configuration may be used in which an encryption unnecessary domain and an encryption unnecessary address are set, and transmission is performed by encrypting other destinations.

  Returning to FIG. 1, in the certificate DB 128, a public key certificate for a transmission destination that requires encryption is registered. In the public key encryption method, the public key certificate that is digitally signed by the certificate authority is used for the public key of the data acquisition side (destination), and the correspondence between the key and the destination Is guaranteed. In other words, the data transmission side (the user of the MF device 100) confirms the public key certificate issued by the certificate authority, so that the public key attached to the certificate is indeed the transmission destination public key. Can be confirmed. For this reason, public key certificates are registered in the certificate DB 128 for destinations that require encryption.

  In the destination information DB 126, destination information indicating destinations related to a plurality of transmission destinations is registered, and the user selects a destination from pre-registered destination information when specifying the destination of the transmission destination. be able to. That is, the destination information DB 126 functions as a so-called address book. The destination information may be set for each user of the MF device 100. For example, the destination information of the user A who uses the PC 200a and the destination information of the user B who uses the PC 200b are set. The destination information may be set in units of groups by a plurality of users, and may be configured to be accessible only by users belonging to the group.

  If transmission to the destination registered in the destination information DB 126 is prohibited in the transmission permission / inhibition information DB 122, or if encryption is required in the encryption presence / absence information DB 124, that fact is indicated. It may be registered in the DB 126 so that when the user uses the destination information, the destination to be used may be notified that transmission is prohibited or an encryption request is made. Further, when the user registers the destination information, registration of the destination prohibited in the transmission permission / inhibition information DB 122 is prohibited, and the public key is used even though encryption is required in the encryption presence / absence information DB 124. Registration of a destination for which a certificate cannot be obtained may be prohibited.

  In the transmission log DB 130, a job log indicating the transmission status of the target data executed by the MF device 100 is recorded. FIG. 5 is a diagram for explaining the transmission log DB 130, and shows an example of recording a job log. As shown in FIG. 5, the job log records the date and time of job execution, the name of the job executed (execution job), the job execution status (status), and the user ID. Examples of the job include transmission jobs such as scan mail transmission and remote copy described above. In the example shown in FIG. 5, it is recorded that the remote copy performed by the user a on October 30, 2003 has been completed, and the transmission has been performed successfully. On the other hand, it is recorded that the scan mail transmission performed by the user b on November 7, 2003 was not transmitted due to transmission prohibition. That is, it is recorded that the transmission is prohibited because the user b tried to perform transmission to the prohibited destination set in the transmission permission / inhibition information DB 122. The job log recorded in the transmission log DB 130 is referred to by the device administrator, and the device administrator can check the transmission status of the MF machine 100 through this job log. The job log may be displayed on the operation panel 142, or may be transferred to the PCs 200a to 200c and displayed so that the user can view the job log. However, it is desirable to prohibit the user from rewriting the job log contents.

  Returning to FIG. 1, the confidential box 132 is a storage area in which print target data used by the user is recorded. In the confidential box 132, an available area is provided for each user. That is, for example, a confidential area of the user A who uses the PC 200a and a confidential area of the user B who uses the PC 200b are configured. Access to each confidential area is restricted by a password or the like so that only the corresponding user can access it. Of course, the confidential area may be set by a group of a plurality of users so that only users belonging to the group can access.

  FIG. 2 is a flowchart for explaining the transmission operation of the target data by the MF machine of FIG. Hereinafter, the transmission operation performed by the MF machine 100 will be described with reference to FIG.

  The user designates a destination and gives a transmission instruction via the operation panel 142 or the communication interface 140 (S201). When using the operation panel 142, the user goes to the installation location of the MF machine 100, operates the operation panel 142, inputs a destination address (e-mail address, printer address, etc.), and sends a desired transmission instruction (scan mail transmission). Or remote copy). At this time, the target document to be scanned may be read by the scanner unit 104. In addition, the user may specify a destination or send a transmission instruction via the communication interface 140 using his or her PC (for example, the PC 200a). In this case, for example, the folder name or file name of the target data recorded in the confidential box 132 is designated. Note that the destination information DB 126 may be referred to when specifying the destination.

  When the user designates a destination and sends a transmission instruction, the control unit 106 checks whether or not the designated destination is a destination whose transmission is prohibited (S202). That is, it is determined whether transmission to the designated destination is prohibited based on the transmission permission / inhibition information DB 122 (see FIG. 3). If transmission is prohibited, an error warning is issued without executing the transmission job or by interrupting the execution (S207), and this flow ends. As an error warning, a message is displayed on the operation panel 142 or the user's PC indicating that transmission is prohibited and transmission could not be performed. Further, transmission prohibition is recorded as a status in the transmission log DB 130 (see FIG. 5).

  If transmission is not prohibited in S202, the control unit 106 checks whether or not encryption processing is requested for the destination (S203). That is, based on the encryption presence / absence information DB 124 (see FIG. 4), it is determined whether or not an encryption process is necessary for a transmission permitted destination. When the encryption request is not requested, the control unit 106 controls the transmission unit 108 without performing the encryption process, and transmits the target data to the designated destination (S206).

  When the encryption request is made in S203, the control unit 106 confirms whether or not the public key certificate for the destination can be acquired (S204). That is, it is confirmed whether or not the public key certificate for the destination is registered in the certificate DB 128. If it is registered, the public key certificate is acquired from the certificate DB 128. If the public key certificate is not registered in the certificate DB 128, the public key certificate is acquired from the certificate DB of the certificate authority via the Internet 300 from the communication interface 140. If the public key certificate cannot be acquired, an error warning is issued without executing the transmission job or by interrupting the execution (S207).

  When the public key certificate is acquired in S204, the encryption processing unit 110 executes encryption processing of the target data using the public key attached to the public key certificate acquired by the control unit 106 (S205). ), The control unit 106 controls the transmission unit 108 to transmit the encrypted target data to the designated destination (S206).

  Note that there may be a plurality of destinations designated by the user in S201. In this case, the operation processing from S202 onward is executed for each of the plurality of designated destinations, and it is determined whether each of the plurality of destinations can be transmitted and whether encryption is necessary. Then, for each destination, transmission is performed with respect to the destination permitted for transmission with or without performing encryption processing on the target data, and transmission of the target data is not performed for the destination for which transmission is prohibited. When a destination to be encrypted and a destination that does not need to be encrypted coexist, all destinations permitted to be transmitted may be subjected to encryption processing and transmitted. In addition, when the user designates a destination in S201, if the designated destination includes a prohibited destination or an encryption request destination, it indicates that a destination that is prohibited or requires encryption for the user is included. You may let me know.

  As mentioned above, although preferred embodiment of this invention was described, embodiment mentioned above is only a mere illustration in all the points, and does not limit the scope of the present invention.

It is a figure which shows the structure of the network system containing the multifunction machine which concerns on this invention. 3 is a flowchart for explaining an operation of transmitting target data by the multi-function device according to the present invention. It is a figure for demonstrating transmission propriety information. It is a figure for demonstrating encryption presence / absence information. It is a figure for demonstrating a transmission log.

Explanation of symbols

  100 multi-function device, 106 control unit, 110 encryption processing unit, 122 transmission enable / disable information DB, 124 encryption presence / absence information DB, 128 certificate DB.

Claims (8)

In an information processing apparatus that transmits target data to a destination connected via a network,
An interface unit for accepting designation information for designating a transmission destination;
A storage unit that stores transmission permission / inhibition information indicating whether transmission to a transmission destination is possible;
A transmission control unit that determines whether transmission to the designated transmission destination is permitted based on the transmission permission information, and prohibits transmission of the target data when the transmission is not permitted;
An information processing apparatus comprising: In an information processing apparatus that transmits target data to a destination connected via a network,
An interface unit for accepting designation information for designating a transmission destination;
A storage unit for storing encryption presence / absence information indicating the presence / absence of encryption processing for the transmission destination;
Based on the encryption presence / absence information, it is determined whether or not transmission to the designated transmission destination requires encryption, and if encryption is required, the target data is encrypted. An encryption unit;
A transmission unit that transmits the target data subjected to the encryption process to a transmission destination that requires the encryption;
An information processing apparatus comprising: In an information processing apparatus that transmits target data to a destination connected via a network,
An interface unit for accepting designation information for designating a transmission destination;
A storage unit that stores transmission permission / inhibition information indicating whether transmission to a transmission destination is possible and encryption presence / absence information indicating whether encryption processing is performed for the transmission destination;
A transmission control unit that determines whether transmission to the designated transmission destination is permitted based on the transmission permission information, and prohibits transmission when the transmission is not permitted;
Based on the encryption presence / absence information, it is determined whether or not transmission to the designated transmission destination requires encryption, and if encryption is required, the target data is encrypted. An encryption unit;
A transmission unit that transmits the target data subjected to the encryption process to an authorized transmission destination that requires the encryption;
An information processing apparatus comprising: The information processing apparatus according to any one of claims 1 to 3,
A destination information registration unit for registering destination information of the transmission destination in the storage unit;
Further comprising
The destination information registration unit determines whether or not transmission to a destination for which registration has been instructed by a user is permitted based on the transmission permission / inhibition information. Prohibit registration of information,
An information processing apparatus characterized by that. The information processing apparatus according to claim 2 or 3,
The encryption process is an encryption process using a public key of an authorized transmission destination that requires the encryption.
An information processing apparatus characterized by that. The information processing apparatus according to claim 5,
An error part that prohibits transmission of the target data when the public key of the transmission destination that requires the encryption cannot be obtained;
An information processing apparatus further comprising: The information processing apparatus according to claim 1 or 3,
The transmission permission / inhibition information is information set for each user.
An information processing apparatus characterized by that. An operation processing method executed by the information processing apparatus,
A transmission permission determination step for determining whether transmission to a specified transmission destination is permitted based on transmission permission information indicating whether transmission to a transmission destination is possible;
An encryption determination step for determining whether or not encryption is required for the specified destination based on the encryption presence / absence information indicating the presence / absence of encryption processing for the destination; and
An encryption processing step of performing encryption processing on the target data when it is determined that encryption is necessary in the encryption determination step;
A transmission step of transmitting the encrypted target data to an authorized transmission destination determined to require encryption;
An operation processing method comprising:

Images