JP2010226250A - Information processing apparatus, method for controlling the same, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow decoding of data which are encrypted using biological information at a transmission destination in the case where the data are collectively transmitted to a plurality of destinations corresponding to a plurality of users. <P>SOLUTION: There are provided an encryption means for encrypting data based on biological information of a specific user, a transmission means for transmitting the data having been encrypted by the encryption means to the plurality of transmission destinations corresponding to a plurality of users, a reception means for receiving a decoding request for the data that has been transmitted by the transmission means, a determination means for determining from which of a plurality of transmission destinations the decoding request having been received by the reception means is transmitted, and a control means which permits a transmission destination that has transmitted the decoding request to decode the data having been encrypted by the encryption means when the decoding request is determined to have been transmitted from one of the plurality of transmission destinations by the determination means. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an information processing apparatus that transmits encrypted data, a control method for the information processing apparatus, and a program.

  2. Description of the Related Art Conventionally, there is an information processing apparatus that can add a password to data to be transmitted, transmit the data to a transmission destination, and restrict the use of the data until the password is input at the transmission destination. The destination device receives the data and password, restricts the use of the data until the password is input, and permits the use of the data when the correct password is input.

  For example, a PC, which is an example of an information processing apparatus, accepts a password input from a user, and transmits the accepted password and image data as a print job to a destination printing apparatus. Then, the destination printing apparatus holds the image data transmitted from the PC, and when a password is input, performs user authentication based on the password and prints the image data corresponding to the job. Start. Thereby, it is possible to prevent the print result of the image data transmitted from the PC from being viewed by a third party.

  In addition to a method using a password, there is a method of encrypting data using user-specific biometric information such as fingerprint information and transmitting the data (see Patent Document 1). According to such a method, the data to be transmitted can be protected by the biological information, and the data can be used in response to the input of the biological information at the transmission destination device.

JP 2006-146665 A

  However, when data encrypted using biometric information is collectively transmitted to a plurality of transmission destinations corresponding to a plurality of users, the data cannot be decrypted at the transmission destination.

  For example, when data is encrypted with the biometric information of user A, and the encrypted data is transmitted collectively with user A, user B, and user C as destinations, user A decrypts the data by inputting his / her biological information. it can. However, since the user B and the user C cannot input the biometric information of the user A, the data cannot be decoded.

  The present invention has been made to solve the above-described problems of the prior art, and when data encrypted using biometric information is collectively transmitted to a plurality of destinations corresponding to a plurality of users, the data Is to provide a mechanism capable of decrypting at the transmission destination.

  An encryption unit that encrypts data based on biometric information of a specific user, a transmission unit that transmits data encrypted by the encryption unit to a plurality of transmission destinations corresponding to a plurality of users, and a transmission unit Receiving means for receiving a decryption request for transmitted data; and determining means for determining whether or not the decryption request received by the receiving means is transmitted from any one of a plurality of destinations. When the determination unit determines that the decryption request is one of a plurality of transmission destinations, the transmission destination that has transmitted the decryption request decrypts the data encrypted by the encryption unit. Control means for permitting

  According to the present invention, when data encrypted using biometric information is collectively transmitted to a plurality of transmission destinations corresponding to a plurality of users, the data can be decrypted at the transmission destination.

1 is a configuration diagram showing an entire information processing system as an embodiment of the present invention. The block diagram which shows the structure of the information processing apparatus in embodiment of this invention. The block diagram which shows the internal structure of the user share PC in embodiment of this invention. The figure which shows the example of the menu screen displayed on the transmission terminal in embodiment of this invention. The figure which shows the example of the data transmission destination setting screen displayed on the transmission terminal in embodiment of this invention. The figure which shows the example of the authentication request | requirement setting screen to a transmission partner displayed on the transmission terminal in embodiment of this invention. The figure which shows the example of the screen which sets the authentication method of the other party of transmission displayed in the transmission terminal in embodiment of this invention to fingerprint authentication. The figure which shows the example of the data reception screen displayed on the receiving terminal in embodiment of this invention. The figure which shows the example of the fingerprint information acquisition request command display screen to a transmission partner displayed on the receiving terminal in embodiment of this invention. The figure which shows the example of the fingerprint information previously registered into the server in embodiment of this invention. The figure which shows the example of the authentication permission display screen to the other party of transmission displayed on the receiving terminal in embodiment of this invention. The figure which shows the example of the data reception screen when access permission falls with respect to the authentication request | requirement displayed on the receiving terminal in embodiment of this invention. The flowchart which shows the data transmission process of the information processing system in embodiment of this invention. It is a flowchart which shows the user authentication process of the information processing system in embodiment of this invention. The figure which shows the example of the screen displayed on the operation part screen by the side of the data transmission in embodiment of this invention which sets the authentication method of a transmission partner to face authentication. The figure which shows the example of the BOX screen displayed on the operation part screen of the information processing apparatus by the side of data reception in embodiment of this invention. The figure which shows the example of the face information acquisition request command display screen to a transmission other party displayed on the operation part screen of the information processing apparatus by the side of data reception in embodiment of this invention. The figure which shows the example of the face information previously registered into the information processing apparatus by the side of data transmission in embodiment of this invention. The figure which shows the example of the authentication permission display screen to a transmission partner displayed on the operation part screen of the information processing apparatus by the side of data reception in embodiment of this invention. The figure which shows the example of the data reception screen when access permission is given with respect to the authentication request displayed on the operation part screen of the information processing apparatus of the data reception side in embodiment of this invention. The flowchart which shows the data transmission process of the information processing system in embodiment of this invention. The flowchart which shows the face authentication process in embodiment of this invention.

  Embodiments of the present invention will be exemplarily described in detail below with reference to the drawings. However, the components described in the following embodiments are merely examples, and are not intended to limit the technical scope of the present invention only to them.

<System configuration>
FIG. 1 is a schematic configuration diagram of an information processing system according to the first embodiment of the present invention. This information processing system includes an MFP 101 as a first information processing apparatus, a shared PC 102 as a second information processing apparatus, a server 103, and an MFP 105, and each is connected via a network 104.

  FIG. 2 is an internal configuration diagram of the MFP 101. In the figure, a CPU 201 is a controller for controlling the entire MFP 101, and starts up an OS by a boot program stored in a ROM 202. The controller program and various application programs stored in the HDD 204 are executed on the OS. The CPU 201 is connected to each unit by an internal bus of the data bus 216.

  The RAM 203 operates as a temporary storage area such as a main memory or work area of the CPU 201. It is also used as a temporary storage area for image formation. The HDD 204 is a storage device that can read and write data, and stores data such as a control program for controlling the entire system, various application programs, and scan image data. The LAN controller 205 transmits / receives data such as image data to / from the network.

  The operation display unit 206 includes a touch panel for inputting user instructions, buttons, switches, a liquid crystal display panel for displaying processing results and selection items from the CPU 201, and the like.

  The fingerprint authentication device 208 acquires fingerprint information for identifying an individual and converts it into electrical signal data. The fingerprint authentication controller 207 controls the fingerprint authentication device 208.

  The face authentication device 210 acquires face information for identifying an individual and converts it into electrical signal data. The face authentication controller 209 controls the face authentication device 210.

The scan controller 211 controls the scan device 212 to capture input electric signal data. The scan device 212 converts input image data into electrical signal data using a scanner such as a CCD. The engine controller 213 controls the engine device 214 to print the print data formed by the CPU 201 and the video controller 215. The video controller 215 performs image processing such as image image data formation, rotation processing, scaling processing, and color conversion processing.
The MFP 105 has the same configuration as the MFP 101 and can perform the same operation.

  FIG. 3 is an internal configuration diagram of the shared PC 102. In the figure, a CPU 301 is a controller for controlling the entire shared PC 102 and starts up an OS by a boot program stored in a ROM 302. The controller program and various application programs stored in the HDD 304 are executed on the OS. The CPU 301 is connected to each unit by an internal bus of the data bus 310.

  A RAM 303 operates as a temporary storage area such as a main memory or work area of the CPU 301. It is also used as a temporary storage area for image formation.

  The HDD 304 is a storage device that can read and write data, and stores data such as a control program and various application programs for controlling the entire system. The LAN controller 305 transmits / receives data such as image data to / from the network. The operation display unit 306 includes a keyboard, a mouse for inputting a user instruction, a liquid crystal display panel for displaying processing results and selection items from the CPU 301, and the like.

  The fingerprint authentication device 308 acquires fingerprint information for identifying an individual and converts it into electrical signal data. The fingerprint authentication controller 307 controls the fingerprint authentication device 308. The video controller 309 performs image processing such as image image data formation, rotation processing, scaling processing, and color conversion processing.

<Encrypted data transmission processing>
A process for transmitting encrypted data from the MFP 101 serving as a transmission terminal will be described with reference to the flowchart of FIG. 13 and FIGS. Each step shown in the flowchart of FIG. 13 is performed by the CPU 201 of the MFP 101 reading and executing a program stored in the ROM 202 or the HDD 204. 4 to 7 are operation screen diagrams illustrating an example of the operation display unit of the MFP 101.

  First, the CPU 201 receives a login operation from the user (S1400). For example, the CPU 201 receives input of a user ID and password from the user, and determines whether or not the received user ID and password match the user ID and password registered in the HDD 204 in advance. If they do not match, the CPU 201 does not log the user in to the MFP 101, and if they match, causes the user to log in to the MFP 101. When the user logs in to the PC 102, the CPU 201 displays the top screen 501 on the operation display unit 206. When the “scan + send” button 502 is selected on the top screen 501, the CPU 201 displays the transmission destination designation screen 601 shown in FIG. 5 on the operation display unit 206 and waits for the input of the transmission destination from the user. The transmission destination designation screen 601 includes an option with an individual as a transmission destination and an option with a group as a transmission destination.

  When any “group” button 602 is selected on the transmission destination designation screen 601, the CPU 201 sets a plurality of addresses registered in advance in the group as data transmission destinations (S1401), and the authentication shown in FIG. The request setting screen 701 is displayed (S1402). Note that the group and the plurality of addresses are registered in advance in association with the HDD 204. A plurality of groups can be registered in the HDD 204, and the user can select a specific group from the plurality of groups.

  When the “no authentication request setting” button is selected on the screen illustrated in FIG. 6, upon receiving a data transmission instruction, the MFP 101 transmits the data to the transmission destination selected in FIG. 5 without encryption. On the other hand, if the “authentication request setting present” button is selected, the process proceeds to step S1403, and the operation display unit 206 displays an authentication method setting screen 801 shown in FIG. When an authentication method is selected from a plurality of types of authentication methods on the authentication method setting screen 801 (S1403), a biometric information request command based on the selected authentication method is added to transmission data (S1404). Here, a case where fingerprint information is selected and a fingerprint information acquisition request is added to transmission data will be described. Next, the transmission data is encrypted with the encryption key (S1405), and the data is transmitted to a plurality of transmission destinations at once (S1406). At this time, a decode key (decryption key corresponding to the encryption key) necessary for decrypting the encrypted data is stored in the server 103 as a decryption key storage device (S1407). Here, when transmitting data to a plurality of transmission destinations at once, the MFP 101 may transmit data to the plurality of transmission destinations at different timings, or may transmit data at the same timing. . Further, as the encryption key and the decryption key, the biometric information of the user who has logged into the MFP 101 may be used, or a key composed of a predetermined code other than that may be used.

  Thereafter, the receiving apparatus stores the received encrypted data in association with the destination information specified as the transmission destination of the encrypted data. For example, when the group A is designated and encrypted data is transmitted, the receiving apparatus stores the encrypted data and the information of group A in association with each other.

<Encrypted data reception processing>
Next, an authentication process in the shared PC 102 as a receiving terminal will be described using the flowchart of FIG. 14 and FIGS. Each step shown in the flowchart of FIG. 14 is performed by the CPU 301 of the PC 102 reading and executing a program stored in the ROM 302 or the HDD 304. 8, 9, 11, and 12 are diagrams illustrating an example of a display screen of the receiving terminal.

  The PC 102 receives a login request from the user (S1501). For example, the CPU 301 of the PC 102 accepts a user ID and password via the operation display unit 306, and if the accepted user ID and password match those registered in advance, the user is logged in to the PC 102. Next, when an instruction to open the mail inbox is received, an inbox screen 901 shown in FIG. 8 is displayed. In the reception box screen 901, the horizontal columns indicate the respective reception data. For example, the reception data 01 is a presentation material 01 of size 12501 bytes sent from ONO on October 15, 2007. Similarly, the reception data 02 is a minutes 071014 of size 18437 bytes sent from Tanaka on October 14, 2007.

  The received data 01 indicated by the thick line 902 is displayed with a key mark, which indicates that this is received data with a fingerprint information acquisition request set on the screens 601, 700, and 800. Yes.

  When any received data is selected from the received data shown in FIG. 8, the process proceeds to a received file open process (S1502), and it is determined whether or not there is a fingerprint information acquisition request for the selected received data (S1503). If there is no fingerprint information acquisition request, the CPU 301 opens the file and causes the operation display unit 306 to display the data of the file. On the other hand, if there is a fingerprint information acquisition request, the process advances to step S1504 to display an alert image 1002 as shown in FIG. In this state, when fingerprint information is acquired by the fingerprint authentication device 308 (S1504), the CPU 301 of the PC 102 transmits the destination information of the transmitted data and the acquired fingerprint information to the MFP 101 (S1505).

  The MFP 101 receives the destination information and fingerprint information transmitted in step S1505, and determines the corresponding destination group (originally designated in FIG. 5) from the received destination information (S1506). Then, the fingerprint information of the transmission destination group registered in the server 103 in association with the destination information is acquired (S1507). For example, when the received destination information indicates the A group, the CPU 201 acquires the fingerprint information of the user included in the A group from the server 103.

  FIG. 10 shows fingerprint information of users registered in the A group registered in the server 103 in advance. The MFP 101 compares and collates the fingerprint information 1101 read from the server 103 with the fingerprint information received from the data receiving terminal (S1508), and determines authentication from the collation result (S1509). When the authentication is successful (when there is matching fingerprint information), the MFP 101 acquires a decode key (decryption key) for decrypting transmission data from the server 103, and transmits it to the receiving terminal (S1510). If the authentication is not permitted, an authentication NG message is transmitted to the receiving terminal (S1511).

  The receiving terminal receives the authentication result (S1512), and determines whether authentication is permitted by the MFP (S1513). If the authentication is permitted, the encrypted data is decrypted using the decode key received from the MFP 101 (S1514), and the access permission display screen 1202 shown in FIG. 11 is displayed (S1515). In the screen 1301 shown in FIG. 12, the key mark attached to the reception data 01 indicated by the thick line 902 is removed and displayed (1302). This is the reception data 1302 on the reception box screen 901. To show that is available. On the other hand, if authentication is not permitted in S1513, the alert screen 1002 is displayed again. The user can refer to, edit, and transmit the data that has become available.

  With the control described above, even when the sender selects data as a group and sends the data encrypted with biometric information to a plurality of destinations included in the selected group, the receiver side The transmission data can be decoded. For example, UCHIDA included in group A encrypts data using his / her own biometric information and transmits the data to a plurality of destinations included in group A (IDA, INOUE, UCHIDA, ONO, etc.) in a batch. it can. And a user (IDA, Mr. INOUE, Mr. ONO, etc.) corresponding to a destination other than the sender (Mr. UCHIDA) included in the group A inputs his / her biometric information, and the encrypted data is received. Can be decrypted. That is, Mr. IDA, Mr. INOUE, Mr. ONO, etc. can decrypt the encrypted data without inputting the biometric information of Mr. UCHIDA.

  In the present embodiment, a case has been described in which the receiving device stores the received encrypted data and the destination information specified as the transmission destination of the encrypted data in association with each other. For example, when group A is designated and encrypted data is transmitted, the receiving side apparatus has explained the case where the encrypted data and the information of group A are stored in association with each other. The following control may be performed.

  In the present embodiment, for example, the meeting minutes are scanned by the MFP 101, and the members participating in the meeting are registered as the group A in advance, so that the group A is designated as the transmission destination and the data is transmitted in a batch. be able to. At that time, the transmitted data can be encrypted or decrypted with the biometric information. The transmission destination is not limited to the PC, and may be an MFP. In that case, the MFP receives the encrypted data, stores it in the HDD, and displays the received data transmitted to the user for the user who has logged into the MFP.

(Second Embodiment)
In the first embodiment described above, a case has been described in which data is transmitted from the MFP 101 of FIG. Here, a case will be described in which an encrypted data transmission based on biometric information is performed from the MFP 101 of FIG. In this embodiment, face authentication is used as biometric authentication that is an authentication unit with a high security level. In other words, the difference between the present embodiment and the first embodiment is the difference between using a fingerprint or a face image as biometric information, and other configurations and operations are the same as in the first embodiment. Detailed description of the configuration is omitted.

  User processing procedures of the information processing system according to the present embodiment will be described with reference to the flowcharts of FIGS.

  First, encrypted data is transmitted from the MFP 101 according to the flowchart of FIG. The data sender logs in to the MFP 101 using the face authentication function provided in the MFP 101 (S2200). Specifically, for example, the MFP 101 captures a user's face with the face authentication device 210 such as a camera, and the captured face data matches the face data registered in the HDD 204 in advance. Log in. Next, the user selects a transmission destination, selects an individual or a group as a data transmission destination (S2201), and sets the presence / absence of an authentication request (S2202).

  At this time, an inquiry is made as to whether an authentication device is installed in the MFP 105 as the transmission destination terminal (S2203). If the MFP 105 has an authentication device, the authentication method is displayed on the operation display unit of the MFP 101 (S2205). If there is no authentication device in MFP 105, an authentication request NG message is displayed on the operation display unit (S2206). FIG. 15 is a screen of the operation display unit when there is a face authentication device and a fingerprint authentication device as a result of an inquiry to the MFP 105.

  If the MFP 105 has an authentication device, the MFP 101 then accepts an authentication method setting from the user (S2207). The authentication method setting screen on the screen 1601 is displayed so that only an authentication method in which an authentication device is installed at the transmission destination can be selected. When face authentication is set in S2207, a face information acquisition request command is attached to the transmission data (S2208), the transmission data is encrypted using the face information (S2209), and the encrypted data is transmitted (S2210). At this time, the decoding key (decryption key) for releasing the encryption of the encrypted data is stored in the BOX in the MFP 101 (S2211). Note that the decode key may be the face information used to encrypt the transmission data.

  Then, the receiving apparatus stores the received encrypted data and the destination information designated as the transmission destination of the encrypted data in association with each other. For example, when the MFP 101 designates the group A as the transmission destination and the encrypted data is transmitted, the receiving apparatus stores the encrypted data and the information of the group A in association with each other. deep.

  Next, the data recipient is authenticated in accordance with the flowchart of FIG. Each step shown in the flowchart of FIG. 22 is performed by the CPU of the MFP 105 reading and executing a program stored in the ROM. 16, 17, 19, and 20 are screen diagrams illustrating an example of the operation display unit of the MFP 105.

  A screen 1701 displays received data on a mail BOX screen. Reception data 1702 is reception data with a face information acquisition request. The MFP 105 authenticates the user with the user ID and password input by the user, and if the authentication is successful, the MFP 105 logs in the MFP 105 (S2301). If the selection icon of the received data 1702 is clicked (S2302), it is determined whether or not the face information acquisition request is recognized (S2303). When there is no face information acquisition request, the MFP 105 displays the received data 1702 on the operation display unit of the MFP 105. When there is a face information acquisition request, a face information acquisition request screen 1802 is displayed on the screen 1801. When the user's face information is input from a camera (not shown) provided in the face authentication device 210 (S2304), the MFP 105 transmits the destination information of the transmission data and the user's face information of the MFP 105 to the MFP 101 (S2305). The MFP 101 determines the destination group from the destination information of the transmission data (S2306), and acquires the face information of the destination group registered in the BOX in the MFP 101 (S2307).

  FIG. 18 shows face information of users included in group A recorded in a BOX in the MFP 101. The MFP 101 collates the user face information received from the MFP 105 with the face information 1901 recorded in the BOX in the MFP 101 (S2308), and determines whether there is matching face information (S2309). If it is determined that there is matching face information and authentication is permitted, a decode key for decrypting the transmission data is acquired from the BOX in the MFP 101, and transmitted to the MFP 105 (S2310). If authentication is not permitted, an authentication NG message is transmitted to the MFP 105 (S2311). The MFP 105 receives the authentication result (S2312), and determines whether the authentication is permitted (S2313). When the authentication is permitted, the encrypted received data is decrypted using the received decoding key for decrypting (S2314), and the access permission display screen 2002 is displayed (S2315). A screen 2101 displays that the reception data 1702 with a face information acquisition request on the screen 1701 is available. If the authentication is not permitted, the face information acquisition request screen 1802 is displayed again on the MFP. The user can refer to, edit, and transmit the data that has become available.

(Other embodiments)
In the above embodiment, fingerprint authentication processing and face authentication processing have been described as examples of high security authentication means. However, the present invention is not limited to these, and other living bodies such as vein shape, retinal shape, etc. It can also be configured using information.

  In the above embodiment, the second information processing apparatus authenticates the biometric information of the user of the second information processing apparatus as the destination after receiving the encrypted data. However, the present invention is limited to this. It is not a thing. Before the first information processing apparatus transmits the encrypted data, the storage means inquires whether or not the storage means stores biometric information relating to the second information processing apparatus as the destination of the encrypted data. If biometric information about the device is not stored, this fact may be notified.

The present invention may be applied to a system composed of a plurality of devices, or may be applied to an apparatus composed of a single device.
(Other embodiments)
In the embodiment described above, a fingerprint information acquisition request is added to the data to be transmitted, and the fingerprint information acquisition request is transmitted once to the receiving device. An example of receiving has been described.

  However, before the data is transmitted, the data may be individually encrypted and transmitted using the biometric information for each user.

  Specifically, as illustrated in FIG. 5, the MFP 101 stores an individual user and a group including a plurality of users as data transmission destinations.

  Then, when transmitting data, the MFP 101 displays a screen as shown in FIG. 5 and allows the user to select an individual or a group as a transmission destination. Here, when a group is selected, the MFP 101 acquires biometric information of a plurality of users included in the selected group. Then, the MFP 101 encrypts the data with the biometric information corresponding to each destination user and transmits the encrypted data. Specifically, when the MFP 101 is instructed to transmit to the group A, the MFP 101 performs the following control. The MFP 101 transmits the data to be transmitted to the IDA by encrypting the data with the fingerprint information of the IDA, and the data to be transmitted to the INOUE is transmitted by encrypting the data with the fingerprint information of the INOUE. Further, the MFP 101 encrypts data to be transmitted to UCHIDA with the fingerprint information of UCHIDA, and transmits the data to be transmitted to ONO after encrypting the data with the fingerprint information of ONO. Thereby, the user of the transmission destination can decrypt the data by inputting his / her fingerprint information. The MFP 101 stores in advance information indicating a transmission destination (e-mail address or the like), information indicating a user, and biometric information of the user in association with each user, so that a biometric to be used for each transmission destination. Information can be specified.

  On the other hand, when an individual is selected via the screen as shown in FIG. 5, the MFP 101 may perform the following control. When “Watanabe” transmits data to “Tanaka”, if MFP 101 encrypts the data with the biometric information of “Watanabe”, “Tanaka” cannot decrypt the data. In that case, Watanabe registers the decryption permission list with destination information corresponding to “Tanaka” in the HDD 204 of the MFP 101 in advance. When the decryption request is received, it is determined whether or not the transmission source of the decryption request is a transmission source registered in the decryption permission list. If the MFP 101 determines that the transmission source is registered in the decryption permission list, the MFP 101 may permit the decryption of data in response to the decryption request. As a method for permitting decryption, the biological information of “Watanabe” may be transmitted to the transmission source of the decryption request. Accordingly, the device that has transmitted the decryption request can decrypt the data based on the biological information of “Watanabe”.

  The data encryption referred to in the above-described embodiments may be a method of processing the data itself, or a method of restricting access to the data instead of processing the data itself. However, in the method of processing the data itself, biometric information such as fingerprints and face information varies depending on the angle at which the user inputs them. Therefore, it is better not to digitize the biological information input by the user as it is and use it for data processing. Instead, the MFP or PC identifies the user based on information input by the user, acquires the biometric information of the user registered in advance in association with the identified user, digitizes the acquired biometric information, What is necessary is just to use for a process.

  In the above-described embodiment, the screen shown in FIG. 8 or 16 is displayed after the user is authenticated by the receiving apparatus and logged in, but may be displayed without being authenticated. . Accordingly, a plurality of users can operate received data other than the encrypted data via the screens shown in FIGS. Since the encrypted data is allowed to be used only when biometric information is input, security is enhanced.

  In the above-described embodiment, the case where fingerprint information, voiceprint information, and vein information are used for authentication processing has been described. However, the present invention is not limited to this. For example, in the authentication process, biometric information such as face information, iris information, palm shape information, retina information, or iris information may be acquired from the user. In this case, the CPU may control to perform authentication processing by registering biometric information in the HDD in advance and comparing it with biometric information acquired from the user.

  All or a part of each step of the above embodiment is realized by executing software (program) acquired via a network or a computer-readable storage medium by a processing device (CPU, processor) such as a computer. it can.

Claims (8)

An encryption means for encrypting data based on the user's biometric information;
Transmission means for collectively transmitting the data encrypted by the encryption means to a plurality of destinations corresponding to a plurality of users;
Receiving means for receiving a decryption request for data transmitted by the transmitting means;
Determining means for determining whether or not the decryption request received by the receiving means is transmitted from any one of the plurality of destinations;
When the determination unit determines that the decryption request is transmitted from any one of the plurality of transmission destinations, the decryption of the data encrypted by the encryption unit is permitted. An information processing apparatus comprising control means.   The control means, when the determination means determines that the decryption request is transmitted from any one of the plurality of transmission destinations, the data encrypted by the encryption means The information processing apparatus according to claim 1, wherein information necessary for decrypting is transmitted to a transmission destination that has transmitted the decryption request. It further comprises a selection means for selecting any biological information from a plurality of types of biological information,
The information processing apparatus according to claim 1, wherein the encryption unit encrypts the data based on the biometric information selected by the selection unit.   4. The information processing according to claim 1, wherein the biological information is user face information, fingerprint information, vein information, iris information, voiceprint information, palm shape information, or retina information. apparatus. An encryption means for encrypting data based on biometric information;
Transmission means for transmitting data encrypted by the encryption means;
When instructed to transmit the data to a plurality of destinations corresponding to a plurality of users, the encryption means is controlled to encrypt the data with biometric information corresponding to each of the plurality of users. And an information processing apparatus. An encryption process for encrypting data based on the user's biometric information;
Transmitting the data encrypted in the encryption step to a plurality of destinations corresponding to a plurality of users in a batch; and
A reception step of receiving a decryption request for the data transmitted in the transmission step;
A determination step of determining whether or not the decryption request received in the reception step is transmitted from any one of the plurality of transmission destinations;
Permits decryption of the data encrypted in the encryption step when it is determined in the determination step that the decryption request is transmitted from any one of the plurality of destinations A control method for an information processing apparatus comprising a control step. An encryption process for encrypting data based on biometric information;
A transmission step of transmitting data encrypted in the encryption step;
A control step of controlling the data to be encrypted with biometric information corresponding to each of the plurality of users when instructed to transmit the data to a plurality of destinations corresponding to the plurality of users; A method of controlling an information processing apparatus comprising:   The program for making a computer perform the control method of the information processing apparatus of Claim 6 or 7.

Images