JP2008140341A - Data output device and data output method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method of easily recording an output history when a user outputs electronic data in a client terminal to an external memory device. <P>SOLUTION: A data output device is connected to a client terminal 2 with a fixed storage device 3 through a network; a folder is shared based on an electronic data path specified by a user; electronic data in the fixed storage device 3 is encrypted and outputted to an external storage medium 6, such as optical storage medium and flash memory; and an original electronic data path and user information are recorded as history information. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an apparatus and method for securely outputting electronic data to an external storage medium.

In recent years, threats to information leakage have increased, and the construction of highly secure information management systems has been demanded. As one of the causes of information leakage, there are many cases of illegal data take-off by employers due to inappropriate data management. For this reason, business owners strictly control the use of media that can be taken out, such as paper and external memory devices, and prevent data from being taken out via computers used by employers.
As a technique for such a measure, for example, in Patent Document 1, it is possible to leave a print history on a server by printing an electronic document via a server, and psychologically suppress unauthorized leakage of the electronic document, We provide a system that can investigate and identify the parties involved when fraud is discovered.
JP 2003-330677 A

However, in recent years, the form of information handled in the office has changed from paper to an external memory device. In addition, storage means using a flash memory such as a USB (Universal Serial Bus) memory and an SD (Secure Digital) card are widely used, and a device such as a writable DVD drive can be easily used on a PC. As a result, the threat of information leakage by electronic data is rapidly increasing. For this reason, by prohibiting personal use of external memory devices, electronic data may be prevented from being handled in areas that cannot be managed by business owners. The use of memory devices remains very useful.
The present invention has been made in view of the above circumstances, and an object thereof is to provide a method for easily recording an output history when a user outputs electronic data in a client terminal to an external memory device. It was made.

  In order to achieve the above object, the invention according to claim 1 shares electronic data stored in the fixed storage device with a terminal device having the fixed storage device connected via a network. A data output device comprising: a sharing control unit; and output means for outputting the shared electronic data to an external storage medium, wherein the fixed storage device for the electronic data shared for output to at least the external storage medium Output means when outputting the electronic data to the external storage medium, and supply means for supplying to the terminal device side input means for inputting the logical position in the user and the user name of the user who requests output The data output device includes the logical position of the electronic data and history storage means for storing the user name as history information.

According to a second aspect of the present invention, in the data output device according to the first aspect, the input means can further input a password of a user who requests output, and a user of a user who can use the data output device User information holding means for holding name and password in advance, and authentication means for judging whether the user name and password input by the input means match the user name and password held in the user information holding means And when the authentication unit determines that the user name and the password match, the display unit displays a data output for displaying an input unit for inputting the logical position of the electronic data to be output to the external storage medium Features the device.
According to a third aspect of the present invention, there is provided the data output device according to the first or second aspect, wherein the electronic data is encrypted with an encryption key when the electronic data is output to the external storage medium. The data output device is provided.

According to a fourth aspect of the present invention, there is provided the data output device according to any one of the first to third aspects, wherein the history information is recorded for each user.
The invention according to claim 5 is characterized in that the encryption key is managed for each user, and the data output device according to any one of claims 1 to 4.
The invention according to claim 6 is a step of sharing electronic data stored in the fixed storage medium with a terminal device having a fixed storage device connected via a network, and the shared electronic data Output to an external storage medium, comprising: at least a logical location in the fixed storage device of electronic data shared for output; and a user name of a user who requests output A step of displaying input means for inputting on the terminal device side, and when outputting the electronic data to the external storage medium, the logical position of the electronic data to be output and the user name are stored as history information. And a data output method comprising the steps of:

According to a seventh aspect of the present invention, in the data output method according to the sixth aspect, the user name and password input by the input means capable of further inputting the password of the user who requests output is held in the user information holding means. A step of determining whether or not the user name and password of a user who can use the data output device that has been used match, and outputting to the external storage medium only when it is determined that the user name and password match A data output method for displaying an input means for inputting electronic data is characterized.
The invention according to claim 8 is the data output method according to claim 6 or 7, further comprising the step of encrypting the electronic data with an encryption key when the electronic data is stored in the external storage medium. A data output method characterized by the above.

  According to the present invention, the client terminal connected to the network does not write to the external storage medium individually, centrally manages the data output to the external storage medium in the data output device, and further records the output file history. By recording, it is possible to psychologically suppress the unauthorized leakage of electronic documents, and to investigate and identify the parties involved when unauthorized leakage is found.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
In this embodiment, as a data output device, a copy function, a facsimile (FAX) function, a print function, a scanner function, and an input image (a document image read by a scanner function or an image input by a printer or a FAX function) are distributed. The present invention is applied to a digital color multi-function peripheral called a so-called MFP (Multi Function Peripheral).

FIG. 1 is a diagram showing the configuration of a system including a data output device and a terminal device (client terminal) according to the present invention.
In FIG. 1, an MFP 1 that functions as a data output device of the present invention and client terminals 2, 4, and 5, which are personal computers, are connected via a network. Each of the client terminals 2, 4, and 5 includes an HDD (Hard Disk Drive) 3 as a fixed storage device. The client terminals 2, 4, and 5 all have the same functions and perform the same operations. Here, the client terminal 2 will be used for the description.
The client terminal 2 prevents the user from directly outputting data to an external storage medium 6 such as an optical medium such as a DVD or a flash memory in which data in the HDD 3 can be written.
For example, the client terminal 2 is not provided with a drive device for writing to an optical medium, a connecting means such as a slot for inserting a flash memory, a reader / writer, or the like, and writing to these cannot be performed with user authority. As described above, it can be realized by setting the operating system of the client terminal.

In the data output system of the present invention, data on the HDD 3 of the client terminal 2 is output from the MFP 1 to the external storage medium 6 using a folder sharing function via the network, not from the client terminal.
Furthermore, the MFP 1 outputs the original path (logical position on the file system) of the electronic data (file) requested by the user when outputting the data on the client terminal 2 to the external storage medium 6, and the output request. The user information (user name, etc.) is recorded as history (log) information, and the data on the client terminal 2 is encrypted before being written to the external storage medium 6 such as an optical storage medium or flash memory. .

With this configuration, data output to the external storage medium is centrally managed by the MFP 1 and the history of output data is recorded to psychologically prevent electronic data from being leaked illegally or It is possible to easily control or to identify and identify the person concerned when an illegal outflow is found.
In addition, since the data is written on the external storage medium on the MFP 1 side, it is possible to avoid a decrease in the performance of the client terminal.
Similarly, when there is a data output request, data in the HDD provided in the client terminals 4 and 5 can also be stored in the external storage medium 6 via the MFP 1.

Here, the MFP as the data output apparatus of the present invention will be described with reference to FIGS.
FIG. 2 is an external perspective view schematically showing a multifunction peripheral (MFP) 1 as a data output apparatus of the present invention. The MFP 1 has a configuration in which an image reading device 8 that is an image reading unit that reads an image from a document is disposed above a printing device 7 that is an image forming unit that forms an image on a medium such as transfer paper. An operation panel P that allows various inputs such as display for an operator and function setting from the operator is provided on the outer surface of the image reading device 8. Further, at the lower part of the operation panel P, an external medium (device for reading program codes, image data, etc. stored in the external storage medium 6 or writing program codes, image data, etc. to the external storage medium 6). Storage medium) An input / output device 9 is provided with an insertion port allowing insertion of the external storage medium 6 exposed to the outside.
FIG. 3 is a diagram for explaining the MFP 1 as the data output apparatus of the present invention in more detail.
The image processing unit part A and the information processing unit part B are roughly divided. The printing device 7 and the image reading device 8 belong to the image processing unit part A, and the operation panel P and the external media input / output device 9 are information processing units. Belongs to part B.

  The image processing unit A will be described. The image processing unit A including the printing device 7 and the image reading device 8 includes an image processing control unit 10 that performs overall control of image processing in the image processing unit A. The image processing control unit 10 includes a printing unit. A print control unit 11 that controls the apparatus 7 and an image reading control unit 12 that controls the image reading apparatus 8 are connected. The print control unit 11 outputs a print instruction including image data to the printing apparatus 7 under the control of the image processing control unit 10, and causes the printing apparatus 7 to form and output an image on a medium such as transfer paper. The image reading control unit 12 drives the image reading device 8 under the control of the image processing control unit 10, and reflects the reflected light of the lamp irradiation on the surface of the document to a light receiving element (for example, a CCD (Charge Coupled Device)) using a mirror and a lens. Condensed and read, and A / D converted to generate 8-bit RGB digital image data. Such an image processing control unit 10 includes a CPU (Central Processing Unit) 13 which is a main processor and a memory device which temporarily stores the image data read from the image reading device 8 so as to be imaged by the printing device 7 ( For example, the SDRAM (Synchronous Dynamic Random Access Memory) 14, the ROM (Read Only Memory) 15 storing the control program, and the system log / system setting / log information etc. are recorded even when the power is turned off. The microcomputer has a configuration in which NVRAM 16 that can be held is connected by a bus. Further, the image processing control unit 10 includes an image processing unit via an HDD (Hard Disk Drive) 17 serving as a storage device for storing a large amount of image data and a job history, and a HUB 19 which is a concentrator provided inside the device. A LAN control unit 18 for connecting the part A to the LAN 2 and a FAX control unit 20 for performing FAX control are connected. The FAX control unit 20 is connected to a private branch exchange (PBX) 22 leading to a public telephone network (not shown), and the MFP 1 can communicate with a remote facsimile machine.

  In addition, a display control unit 23 and an operation input control unit 24 are connected to the image processing control unit 10. The display control unit 23 outputs an image display control signal to the information processing unit unit B via the communication cable 26 connected to the control panel I / F 25 under the control of the image processing control unit 10. The image display is controlled on the operation panel P. Further, the operation input control unit 24 connects an input control signal corresponding to the function setting or input operation by the operator from the operation panel P of the information processing unit B to the control panel I / F 25 by the control of the image processing control unit 10. Input via the communication cable 26. In other words, the image processing unit A is configured to be able to directly monitor the operation panel P of the information processing unit B via the communication cable 26. Accordingly, the image processing unit A is configured such that the communication cable 26 is connected to the image processing unit provided in the conventional MFP, and the operation panel P of the information processing unit B is used. That is, the display control unit 23 and the operation input control unit 24 of the image processing unit A operate as if they are connected to the operation panel P. With such a configuration, the image processing unit A analyzes print data that is image information from the outside (for example, a server computer, a client computer, a facsimile, etc., not shown) and a command that instructs printing, and outputs the print data as an output image. The bitmap is expanded so that it can be printed as data, and the operation is determined by analyzing the print mode from the command. The print data and command are received and operated through the LAN control unit 18 or the FAX control unit 20. Further, the image processing unit A can transfer print data, document read data, output image data obtained by processing these data for output, and compressed data obtained by compressing them to the outside, stored in the SDRAM 14 or the HDD 17. it can.

Next, the information processing unit B including the operation panel P will be described.
The information processing unit B is configured to be controlled by a general-purpose OS (Operating System) generally used for personal computers. The information processing unit section B has a CPU 31 that is a main processor. The CPU 31 includes a memory unit 32 that includes a read-only memory that stores a RAM, a startup program, and the like as a work area. A storage device 34 such as an HDD for storing the OS and application programs, and a storage device control unit 35 for controlling input / output of data to / from the storage device 34 are connected via a bus. The CPU 31 is connected to a LAN control unit 33 for connecting the information processing unit unit B to the LAN 2 via the HUB 19. The IP address assigned to the LAN controller 33 is different from the IP address assigned to the LAN controller 18 of the image processing unit A described above. That is, two IP addresses are assigned to the digital color multifunction peripheral 1 of the present embodiment. In other words, the image processing unit A and the information processing unit B are separately connected to the LAN 2, and data exchange between the image processing unit A and the information processing unit B via the LAN 2 is performed. Is configured to be possible. Further, a display control unit 36 and an operation input control unit 37 that control the operation panel P are connected to the CPU 31.

  FIG. 4 is a plan view showing the configuration of the operation panel P. As shown in FIG. 4, the operation panel P includes a display device 40 that is, for example, an LCD (Liquid Crystal Display) and an operation input device 41. The operation input device 41 includes an ultrasonic acoustic wave type touch panel 41a stacked on the surface of the display device 40, and a key operation unit 41b having a plurality of keys. The key operation unit 41b includes a start key for declaring the start of image reading, a numeric keypad for inputting numerical values, a reading condition setting key for setting the transmission destination of the read image data, a clear key, and the like. . That is, the display control unit 36 outputs an image display control signal to the display device 40 via the control panel I / F 38 and causes the display device 40 to display predetermined items corresponding to the image display control signal. On the other hand, the operation input control unit 37 receives, via the control panel I / F 38, an input control signal corresponding to the function setting or input operation by the operator in the operation input device 41.

  In addition, a control panel communication unit 39 connected to the control panel I / F 25 of the image processing unit A via the communication cable 26 is connected to the CPU 31. The control panel communication unit 39 receives the image display control signal output from the image processing unit unit A, and receives the input control signal according to the function setting or input operation by the operator from the operation panel P. Forward to. Although details will be described later, the image display control signal from the image processing unit A received by the control panel communication unit 39 is subjected to data conversion processing for the display device 40 of the operation panel P and then output to the display control unit 36. The input control signal corresponding to the function setting or input operation by the operator from the operation panel P is input to the control panel communication unit 39 after being subjected to data conversion processing in a format according to the specifications in the image processing unit A. . As described above, the storage device 34 stores the OS and application programs executed by the CPU 31. In this sense, the storage device 34 functions as a storage medium that stores application programs.

  In the MFP 1, when the user turns on the power, the CPU 31 activates the activation program in the memory unit 32, reads the OS from the storage device 34 into the RAM in the memory unit 32, and activates the OS. Such an OS activates a program, reads information, and stores information in accordance with a user operation. As a representative OS, Windows (registered trademark) and the like are known. In addition, an operation program that runs on these OSs is called an application program.

FIG. 5 is a diagram showing a module configuration in the MFP 1 for operating as the data output apparatus of the present invention.
A data output procedure using the data output apparatus of the present invention will be described in detail with reference to FIG.
When the MFP 1 is powered on and started up, the files stored in the storage device of FIG. 3 are sequentially expanded in the RAM included in the memory unit 32, and the OS 55, the WEB server 54 operating on the OS 55, and the network sharing control unit 57 are displayed. The application program or the OS 55 subsystem constituting the format conversion unit 58 and the archive control unit 60 is executed.

The client terminals 4 and 5 are connected to the MFP 1 on the intranet 53 here. As will be described later, the WEB server 54 (supplying unit) informs the user of information (user name, password) about the file and folder to be output and the user himself / herself when the user requests data output using the client terminal. A WEB page (input means) for inputting and acquiring by the MPF 1 is provided.
As described above, Windows (registered trademark) is used as the OS 55 of the MFP 1, and when the OS of the client terminal is Windows (registered trademark), folders existing in the fixed storage device of the client terminal are transferred via the network. It is well known that

The authentication control unit 56 controls login of the user who uses the client terminal to the data output device. The authentication control unit 56 permits the connection to the MFP 1 when the user ID and password input from the client terminal through the WEB page (input means) match those already registered. The network sharing control unit 57 is a module that performs the network sharing described above. In Windows (registered trademark), when a user name and a password of a client terminal are set, network sharing can be established from a data output device by a network command.
The format conversion unit 58 is a module that functions when the file on the client terminal is converted for security purposes. For example, PDF (Portable Document Format), which is a document format, can set a password for viewing and editing in file units. In response to requests from client terminals, image files such as BMP (bitmap) and JPEG (Joint Photographic Expert Group), and document files such as Microsoft Word (Word) and Excel (Excel) are transferred to an external storage device. It is possible to convert to PDF with password before output.

The archive control unit 60 as an encryption unit performs file compression when outputting a file and generates a key for encrypting output data.
In this case, encryption may be performed using a common key method that enables encryption and decryption with a single key such as encrypted ZIP, or a public key method that uses a public key and a private key such as RSA. Good.
As described above, by encrypting the output data, even if the output data itself leaks to the outside, it is possible to suppress information leakage to a third party.

Each of the optical drive 59 and the memory drive 61 is a device that performs recording on an external storage medium such as an optical storage medium or a flash memory that constitutes the external media input / output device 9 of FIG. The output log 62 is history information in which a file name of output data and an original file path on the client terminal are recorded. The output log is stored in the MFP for each logged-in user, and allows the network administrator to monitor when and what file is output to the exchangeable external storage medium 6.
In this way, by managing the output data for each user, even if it is found that unauthorized outflow has occurred, the burden of investigation can be reduced.

FIG. 6 is a diagram showing a WEB page screen for the MFP 1 of FIG. 5 to acquire information relating to output data from the client terminal.
The user can browse and input information using a Web browser such as Internet Explorer or Netscape. The folder path 70 is an absolute file path or folder path in the client terminal indicating data to be output. The file path and folder path can be input from the tree display of the folder structure displayed by pressing the reference button 78 in addition to the direct input from the keyboard. Reference numeral 71 denotes an IP address of the client terminal. The user name 72 and the password 73 are information required when the MFP 1 shares the network of the client terminal with the network, and are usually the user name and password of the administrator of the client terminal. These pieces of information are manually input by a user operating the client terminal. The output medium 74 is a selection of a data output destination medium. In the MFP 1 of the embodiment, a flash memory medium such as SD (Secure Digital Memory Card) and CF (Compact Flash (registered trademark)) can be selected in addition to the DVD. The image file encryption 75 is a radio button that is marked when the format conversion unit 58 shown in FIG. 5 outputs an image file and the format conversion to a PDF file is performed to provide encryption in units of files. It is an encrypted password. After the above setting items are entered, the MFP starts data output when the user presses the OK button 77. On the other hand, when the cancel button 76 is pressed, the display of the WEB page is terminated.

  FIG. 7 is a format example of history information for recording that the MFP has output to the external storage medium. A user name 80 is the name of the user who requested data output, and records the name of the login user who is authenticating to the MFP. The output time 81 is the time when output to the external storage medium is started. The output medium 74 indicates the type of the external storage medium that has output the data. The output logs 83 and 84 indicate the history information of the users oz17 and xxssd1720, respectively, and the full path of the output source file is recorded for each line.

  FIG. 8 is a flowchart showing operations of the client terminal and the MFP 1 when the MFP 1 outputs data in the HDD of the client terminal to the external storage medium 6. The client terminal connects to the WEB server of the MFP 1 for the purpose of a data output request (S1). The WEB server 54 displays a login screen (S2) and prompts for input of a user ID and a password. When the user inputs the user ID and password from the client terminal (S3), the MFP 1 (authentication control unit) performs user authentication (S4). In the user authentication of the embodiment, user account information registered in advance in a file or DB (database) as user information holding means is collated with the input information, and if they match, access to the information of the MFP 1 is previously performed. Allow with set access control. The information used for login may be a means for collating physical characteristics such as a card key or a fingerprint owned by the user in addition to a password. If the authentication is successful (Yes in S5), the MFP 1 displays a screen for setting the output file information described with reference to FIG. 6 (S7). On the other hand, if the authentication fails (No in S5), an authentication error screen is displayed on the WEB page (S6), and the screen returns to the login screen. After the authentication, when the user inputs information necessary for output from the client terminal to the external storage medium (S8), the output device sets the shared folder for the folder designated by the client terminal (S9). For the shared folder setting, for example, a NET SHARE command which is one of network commands provided by Windows (registered trademark) can be used. If the shared folder setting is successful (Yes in S10), the files in the shared folder are encrypted (S12). For encryption, a common key method that enables encryption and decryption with a single key such as encrypted ZIP, a method that uses a public key and a secret key such as RSA, and the like can be used. On the other hand, if the shared folder setting has failed (No in S10), the connection error screen is displayed on the WEB page (S11), and the screen returns to the login screen. After encryption, the MFP outputs the encrypted data to the external storage medium (S13). After the output, the MFP 1 creates the history information described with reference to FIG. 7 and stores it in the storage device 34 as the history storage means (S14). A key that enables decryption of encrypted data is stored (S15). By passing the duplicate key to the client terminal, the user can read the output data independently. On the other hand, the key stored in the user information of the MFP can be used for the purpose of providing data when the user logs in and requests data restoration. The data output device cancels the shared folder setting performed in S9 (S16), ends access to the client terminal, and ends all data output processes.

  In the present embodiment, the MFP has been described as an example of the data output device. However, the present invention is not limited to this example, and an ordinary personal computer that can write to an external storage medium and does not have an image processing unit or the like is used. The OS for controlling it is not limited to Windows (registered trademark), but may be another OS such as a UNIX (registered trademark) OS that can share files via a network.

The figure which shows the structure of the system which consists of the data output device and terminal device of this invention. 1 is an external perspective view schematically showing an MFP as a data output apparatus of the present invention. FIG. 3 is a diagram for explaining the MFP as the data output apparatus of the present invention in more detail. The top view which shows the structure of an operation panel. 1 is a diagram showing a module configuration in an MFP for operating as a data output apparatus of the present invention. FIG. 6 is a diagram showing a screen of a WEB page for the MFP of FIG. 5 to acquire information related to output data from a client terminal. FIG. 6 is a diagram illustrating a format example of history information for recording that the MFP has output to an external storage medium. 6 is a flowchart showing operations of the client terminal and the MFP when the MFP outputs data.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 MFP, 2, 4, 5 Client apparatus, 3 Fixed storage apparatus, 6 External storage medium, 7 Printing apparatus, 8 Image reading apparatus, 9 External media (storage medium) input / output apparatus, 10 Image processing control unit, 11 Print control Unit, 12 Image reading control unit, 13 CPU, 15, 31 CPU, 16 NVRAM, 17 HDD, 18, 33 LAN control unit, 19 HUB, 20 FAX control unit, 22 PBX, 23, 36 Display control unit, 24, 37 Operation input control unit, 25, 38 Control panel I / F, 26 Communication cable, 32 Memory unit, 34 Storage device, 35 Storage device control unit, 39 Control panel communication unit, 40 Display device, 41 Operation input device, 41a Touch panel, 41b Key operation unit, 42 Input / output device control Unit, 43 Various interfaces, 53 Intranet, 54 WEB server, 55 OS, 56 Authentication control unit, 57 Network sharing control unit, 58 Format conversion unit, 59 Optical drive, 60 Archive control unit, 61 Memory drive, 62 Output log, 70 Folder path, 71 IP address, 72, 80 User name, 73 Password, 74 Output media, 75 Image file encryption, 81 Output time, 82 Output destination media, 83, 84 Output log

Claims (8)

A sharing control unit that shares electronic data stored in the fixed storage device with a terminal device having a fixed storage device connected via a network, and an output that outputs the shared electronic data to an external storage medium A data output device comprising:
Supply to the terminal device input means for inputting at least a logical position in the fixed storage device of the electronic data shared for output to the external storage medium and a user name of a user who requests output And a history storage unit that stores the logical position of the output electronic data and the user name as history information when the electronic data is output to the external storage medium. Data output device. The data output device according to claim 1, wherein the input means can further input a password of a user who requests output,
User information holding means for holding in advance a user name and password of a user who can use the data output device, and the user name and password input by the input means are stored in the user information holding means. Authentication means for determining whether or not the user name and password match, the display means displays the logical position of the electronic data to be output to the external storage medium. A data output device characterized by displaying an input means for inputting.   3. The data output device according to claim 1, further comprising an encryption unit that encrypts the electronic data with an encryption key when the electronic data is output to the external storage medium. apparatus.   The data output apparatus according to claim 1, wherein the history information is recorded for each user.   The data output apparatus according to claim 1, wherein the encryption key is managed for each user.   Sharing electronic data stored in the fixed storage medium with a terminal device having a fixed storage device connected via a network; outputting the shared electronic data to an external storage medium; A terminal for inputting input means for inputting at least a logical position in the fixed storage device of electronic data shared for output and a user name of a user who requests output A step of displaying on the device side, and a step of storing the logical position of the electronic data to be output and the user name as history information when the electronic data is output to the external storage medium. Characteristic data output method.   7. The data output method according to claim 6, wherein the data output device in which the user name and password input by the input means capable of further inputting the password of the user who requests output is held in the user information holding means can be used. A step of determining whether or not the user name and password of a correct user match, and only when they match, the input means for inputting the electronic data to be output to the external storage medium is displayed. output method.   8. The data output method according to claim 6, further comprising a step of using the encryption key when the electronic data is stored in the external storage medium.

Images