JP2017097703A - Information processing device, information processing method, information processing system and information processing program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent a maker side, too from handling unnecessary confidential information while protecting the confidential information of a user.SOLUTION: Masked parts of log information in which at least a portion of information is masked are associated in each attribute and managed, and when there is a request of masking release (decryption), a decryption determination part 46 determines whether to release masking by an attribute of text corresponding to confidential information. A display part 48 displays an attribute item which is unnecessary for failure analysis from the beginning as it is masked without releasing the masking on the basis of the determination result.SELECTED DRAWING: Figure 7

Description

  The present invention relates to an information processing apparatus, an information processing method, an information processing system, and an information processing program.

  Regarding the information processing apparatus, a defect is reported from the user, an engineer comes from the manufacturer, and logs information and reports are collected by the user's information processing apparatus for analysis of the defect. The log information is then taken back to the manufacturer. The log information and reports may contain confidential user information (including customer information for the user). May be desired not to be taken out of the user (outside the building or room). On the other hand, if the log information is not taken home, the manufacturer cannot analyze the defect.

  Therefore, a part of the log information, such as a user confidential part (for example, an e-mail address, IP address, network information, etc.), is taken out by masking with encryption or blacking. In this way, it is possible to analyze the malfunction to some extent while keeping the confidentiality of the user. In addition, the decryption key and original log information can be stored in the information processing apparatus so that the manufacturer can confirm the encrypted or masked portion later if it is presented to the user.

  By the way, while the manufacturer analyzes the defect from the log information, it is understood that the information related to the defect is included in the masked part. I want to show the log information that has been posted. Until now, all the masking parts were removed without considering past analysis results. However, masking of parts that are not related to defects is also released, and you do not want to show any information. Information was unnecessary for users. Also, the manufacturer has to deal with unnecessary confidential information, and the handling of information has to be taken care of.

  Regarding log information, conventionally, a secret key unique to the image reading apparatus is stored in a storage unit, and an operation log is encrypted with the stored secret key, and a chip having damper resistance is provided (for example, a patent). Reference 1). In addition, when the management server is notified of a large amount of log information from the monitored server, it detects the situation and suppresses the notification of specific log information that is the cause of the large amount of notifications, so that necessary information (See, for example, Patent Document 2).

JP 2007-220073 A JP 2010-271875 A

  The prior art described in Patent Document 1 is intended to prevent log information from being leaked between communications between a server and an apparatus, and does not consider any protection of confidential information included in the log information. In addition, the prior art described in Patent Document 2 has a problem of preventing omission of necessary information from too much log information, and is realized by suppressing too much log information, but it is determined simply by the number of cases. However, it is not judged by the contents. Therefore, even if there is a small amount of confidential information, it cannot be suppressed and leakage of confidential information cannot be prevented.

  The present invention provides an information processing apparatus, an information processing method, an information processing system, and an information processing program capable of protecting a user's confidential information and preventing the manufacturer from handling unnecessary confidential information. The purpose is to do.

In order to achieve the above object, an information processing apparatus of the present invention provides:
A management unit that links and manages a masking portion of log information in which at least a part of information is masked for each attribute;
When log information is input, an analysis unit that analyzes the log information and identifies a masking portion;
An identification unit for identifying the attribute of the masking portion identified by the analysis unit based on the management result of the management unit;
A table for managing attributes and masking part masking cancellation necessity information,
A determination unit that determines whether to cancel masking for each attribute based on a table when outputting log information;
When the determination result of the determination unit does not cancel masking, the log information is output without canceling masking, and when canceling masking, the output unit that cancels masking and outputs log information; and
It is characterized by providing.

Moreover, the information processing method of the present invention includes:
Manage the log information masked part where at least part of the information is masked by linking each attribute,
When log information is entered, the log information is analyzed to identify the attributes of the masking part based on the management results,
When outputting log information, determine whether to cancel masking for each attribute based on a table that manages the attribute and masking part masking necessity information in association with each other,
If the determination result indicates that masking is not released, log information is output without releasing masking, and if masking is released, masking is released and log information is output.

The information processing system of the present invention
An information processing system having at least one information processing apparatus and a management server that manages the at least one information processing apparatus,
The information processing apparatus includes each component of the information processing apparatus having the above-described configuration.

The information processing program of the present invention is
A computer is caused to execute the processing of the information processing method.

  In the information processing device that manages the log information masked at least part of the information by associating it for each attribute, the attribute of the text corresponding to the confidential information when a request for unmasking (decryption) is made Whether or not masking is to be canceled is determined, and on the basis of the determination result, attribute items that are unnecessary for failure analysis from the beginning are not canceled but are output as masked.

  According to the present invention, since it is determined whether or not masking is to be canceled based on the text attribute corresponding to the confidential information, the manufacturer's side can reduce unnecessary handling of confidential information while protecting the confidential information of the user. be able to.

1 is a system configuration diagram illustrating an entire information processing system according to an embodiment of the present invention. It is a figure which shows an example of an attribute table. It is a figure which shows an example of the operation log of information processing apparatus. It is a block diagram which shows an example of the hardware constitutions of information processing apparatus. It is a block diagram which shows an example of the hardware constitutions of a management server. It is a figure explaining the masking of the user confidential part of a log. FIG. 3 is a functional block diagram illustrating an example of a functional configuration of an information processing apparatus and a management server in the information processing system according to the first embodiment. It is a figure which shows an example of the management table of log information. It is a figure which shows an example of a confidential information table. It is a flowchart which shows an example of the flow of a process when outputting the encrypted log. It is a figure which shows an example of the edit screen of an attribute table using a browser. It is a figure explaining an example of the character string when embedding the encrypted information in a log. It is a flowchart which shows an example of the flow of a process when performing log analysis and decoding. It is a figure which shows an example of the job setting log (before decoding) contained in the log at the time of a scan. It is a figure which shows the communication sequence of information processing apparatus and a management server. FIG. 10 is a functional block diagram illustrating an example of a functional configuration of an information processing apparatus and a management server in an information processing system of Example 2. It is a figure which shows an example of the table of a log information storage part. It is a figure which shows an example of the log output by which the filling process was carried out. It is a figure which shows the example which applied the masking by the report.

  Hereinafter, modes for carrying out the present invention (hereinafter referred to as “embodiments”) will be described in detail with reference to the drawings. The present invention is not limited to the embodiment, and various numerical values in the embodiment are examples. In the following description and each drawing, the same reference numerals are used for the same elements or elements having the same functions, and duplicate descriptions are omitted.

<Information processing system>
FIG. 1 is a system configuration diagram showing an entire information processing system according to an embodiment of the present invention. The information processing system 100 is configured such that a user side image processing apparatus 10 and a manufacturer side management server 20 are connected via a communication line 30 such as the Internet. An example of the image processing apparatus 10 is a multifunction peripheral. However, the image processing apparatus 10 is not limited to a multifunction machine.

  In this embodiment, the system configuration of one image processing apparatus 10 is illustrated, but the image processing apparatus 10 managed by the management server 20 is not limited to one. That is, a system configuration in which the management server 20 collectively manages a plurality of image processing apparatuses may be employed.

  The management server 20 that communicates with the image processing apparatus 10 via the communication line 30 manages an attribute table relating to log information of the image processing apparatus 10 (hereinafter also referred to as “log”). Here, the “attribute table” is a table that manages attribute names for which log information is encrypted, for example, item names such as e-mail addresses, IP addresses, and user names, and each item name is encrypted. Whether or not the flag is managed. Further, the management server 20 may manage not only the attribute name to be encrypted of log information but also the log characteristics at the same time. Here, “log characteristics” are job type and job setting. For example, for a job type, the values are copy, scan, FAX (facsimile). As an example of setting a copy job, information such as whether printing is double-sided or single-sided and a color mode is color or monochrome can be exemplified.

[Attribute table]
An example of the attribute table is shown in FIG. In this attribute table, a mail address, a telephone number, an IP address, and a user name are attribute item names (log attributes) relating to logs. The value of each attribute item in the log has a value of “Yes” / “No” (logical “1” / “0”). Here, the value of Yes / No represents whether or not masking (including encryption) is performed. “Yes” means that the item is masked when displayed. In the attribute table, job type, COPY: double-sided, COPY: color,..., SCAN: resolution, SCAN: file are job attributes.

  Each line in FIG. 2 represents a combination of values of one log attribute item (hereinafter referred to as “record”), and there may be a plurality of these. Further, in the example of FIG. 2, in addition to the log attribute, the job attribute value is also associated and managed. In FIG. 2, “job type” represents the type of job, for example, COPY or SCAN. “COPY: Duplex”, “COPY: Color”, “SCAN: Resolution”, and “SCAN: File” are attributes relating to the job. Attributes with "COPY:" relate to COPY jobs, and attributes with "SCAN:" relate to SCAN jobs. If the value is “−”, there is no value for the attribute value. For example, when a COPY job is executed, “SCAN: Resolution” is irrelevant and thus becomes “−”. In the case of reports, it may not be associated with job attributes. In FIG. 2, “...” Is an ellipsis.

[log]
The “log” is text that describes information about how the information processing apparatus 10 has been operated and information necessary for analysis. Usually, there is often no way to acquire it only by developers such as manufacturers. Information used for analysis of a failure of the information processing apparatus 10 is described in the log. The output contents vary depending on the control, but the executed contents are often written for each important point of the control. In addition, environment information of the information processing apparatus 10 may be output. In addition to the above log, a report including a history that can be output and confirmed by the user may be included in the subject of the present invention. An example of the operation log of the information processing apparatus 10 is shown in FIG.

[Hardware configuration]
The hardware configuration of the information processing apparatus 10 and the management server 20 will be described. FIG. 4 is a block diagram illustrating an example of a hardware configuration of the information processing apparatus 10. Here, a case where the information processing apparatus 10 is a multifunction machine is illustrated.

  The information processing apparatus 10 that is a multifunction peripheral includes a control unit 11, a nonvolatile memory 12, an operation display unit 13, a scanner unit 14, a facsimile communication unit 15, an image processing unit 16, a printer unit 17, and a USB. An interface (I / F) 18 and a network communication unit 19 are provided.

  The control unit 11 includes, for example, a CPU (Central Processing Unit) 111, a ROM (Read Only Memory) 112 for storing a program executed by the CPU 111, and a RAM (Random Access Memory) used as a work area of the CPU 111. 113. As the ROM 112, for example, an electrically erasable programmable ROM can be used.

  The control unit 11 connects the system bus SB1 to each of the nonvolatile memory 12, the operation display unit 13, the scanner unit 14, the facsimile communication unit 15, the image processing unit 16, the printer unit 17, the USB interface 18, and the network communication unit 19. Connected through.

  The operation display unit 13 is a touch panel including a flat display such as a liquid crystal display (LCD) or an organic EL (Electro Luminescence) display. The operation display unit 13 displays an instruction menu for the user, various acquired information, and the like. Further, the operation display unit 13 includes a plurality of keys, accepts input of various instructions, data such as characters and numbers by user key operations, and outputs an input signal to the control unit 11.

  The nonvolatile memory 12 stores image data of an original image obtained by reading with the scanner unit 14, or stores output image data and the like. The scanner unit 14 scans and reads a document image. The facsimile communication unit 15 transmits image data read by the scanner unit 14 to the outside, or receives image data input from the outside.

  The image processing unit 16 performs predetermined analog processing, A / D conversion, shading correction, image compression, and the like on the image data read by the scanner unit 14. The printer unit 17 prints and outputs image data obtained by reading by the scanner unit 14, image data received by the facsimile communication unit 15, and the like. A USB memory can be inserted into the USB interface 18. The network communication unit 19 connects the information processing apparatus 10 and the management server 20 via a communication line 30 such as the Internet.

  FIG. 5 is a block diagram illustrating an example of a hardware configuration of the management server 20. The management server 20 includes a control unit 21, a storage device 22, an operation display unit 23, and a network communication unit 24.

  The control unit 21 includes, for example, a CPU 211, a ROM 212 for storing a program executed by the CPU 211, and a RAM 213 used as a work area for the CPU 211. As the ROM 212, for example, an electrically erasable programmable ROM can be used.

  The control unit 21 is connected to each of the storage device 22, the operation display unit 23, and the network communication unit 24 via the system bus SB2. The storage device 22 stores various information handled by the management server 20. The operation display unit 23 is a touch panel including a flat display such as a liquid crystal display device or an organic EL display device. The operation display unit 23 basically has the same function as the operation display unit 13 of the information processing apparatus 10. The network communication unit 24 connects the management server 20 and the information processing apparatus 10 via the communication line 30.

Mask the user sensitive part of the log
In the information processing system 100 configured as described above, when a user reports a problem with the information processing apparatus 10, an engineer comes from the manufacturer to analyze the problem with the information processing apparatus 10. I will take a report. At this time, for example, as shown in FIG. 6A, it is assumed that a certain information processing apparatus 10 outputs a log in which at least a part of information, for example, a part corresponding to confidential information is filled. They can be unmasked by the information processing apparatus 10, and if there is no particular restriction on masking cancellation, all confidential information is displayed as shown in FIG. 6B. In the process of analyzing the malfunction of the information processing apparatus 10 from the log, if it is found that the mail address part is unnecessary for log analysis, the mail address part becomes confidential information that does not need to be displayed.

[Functions of this information processing system]
Therefore, in the information processing system 100 according to the present embodiment, information indicating that the mail address portion is not unmasked is registered in the information processing apparatus 10, and only the mail address portion is displayed without being unmasked as shown in FIG. 6C. To be. That is, in the information processing system 100, when a request for masking cancellation (decryption) is made, it is determined whether or not masking is canceled based on the attribute of the text corresponding to the confidential information. Necessary attribute items are not masked and output (for example, displayed) while being masked. As a result, it is possible to protect the user's confidential information and prevent the manufacturer from handling unnecessary confidential information.

(Example of masking)
As a masking process for masking the confidential information of the log, an encryption process and a filling process can be exemplified. However, the masking process is not limited to the encryption process or the painting process, and any method may be used as long as the masked portion can be determined and the original information can be restored. Hereinafter, a specific example of the information processing system 100 according to the present embodiment will be described with a case where the masking process is an encryption process as Example 1 and a case where the masking process is a paint process as Example 2.

[Example 1]
The first embodiment is an example in which the masking process is an encryption process. FIG. 7 is a functional block diagram illustrating an example of functional configurations of the information processing apparatus 10 and the management server 20 in the information processing system 100 according to the first embodiment. The functional configurations of the information processing apparatus 10 and the management server 20 in the case of the first embodiment will be specifically described below.

(Functional configuration of information processing device)
The information processing apparatus 10 has an attribute table management unit 41, can search the attribute table for a record that matches the designated job attribute, and can acquire a log attribute item and a flag of the record. In this example, the attribute table management unit 41 requests an attribute table from the attribute table request unit 42 to the management server 20, and matches the corresponding job attribute in the record received from the management server 20 through the attribute table reception unit 43. It has a function to update records.

  The information processing apparatus 10 further includes a log input unit 44 and a log analysis unit 45. The log input unit 44 receives an input of a log subjected to masking processing. Regardless of the means for accepting the log input of the log input unit 44, for example, the text log may be input as it is from the USB memory via the USB interface 18 (see FIG. 4), or the scanner unit 14 (see FIG. 4). You may scan and capture.

  The log analysis unit 45 analyzes the log data received by the log input unit 44. Even when scanned by the scanner unit 14 as an image, the log analysis unit 45 can convert it into text by using reading software such as OCR (Optical Character Recognition). The log analysis unit 45 identifies the job information given to the log and recognizes the masking unit. Here, “recognizing the masking portion” means recognizing (finding) a text portion that can no longer be read due to blacking or encryption. If it is masking by black paint, black paint of a certain area or more is detected, and if it is masking by encryption, the encrypted text is identified.

  The information processing apparatus 10 further includes a decoding determination unit 46, a decoding unit 47, and a display unit 48. The decryption determination unit 46 finds an item that matches the attribute of the masked portion of the log from the attribute table managed by the attribute table management unit 41, and determines whether to decrypt (unmask) it. That is, the decryption determination unit 46 is an example of an attribute identification unit that identifies the attribute of the masking portion based on the management of the attribute table management unit 41.

  The decoding unit 47 restores (decodes) the masking portion determined to be decoded by the decoding determination unit 46 to the original text. The display unit 48 corresponds to the display function of the operation display unit 13 in FIG. 4, and is log information determined not to be decoded by the decoding determination unit 46 or a log in which the masking part is decoded by the decoding unit 47. Display information. The display unit 48 is an example of an output unit that outputs log information in which the masking portion is decoded or not decoded.

  The information processing apparatus 10 further includes a log generation unit 49, an encryption determination unit 50, a confidential information table 51, an encryption unit 52, and a log output unit 53. The log generation unit 49 generates a report and a log for failure analysis. When generating the log information text, the encryption determination unit 50 determines whether the information needs to be masked based on the confidential information table 51. When the information is output to the log as text, the encryption determination unit 50 identifies the attribute of the information to be output and determines whether masking is necessary from the confidential information table 51.

  The log information exists on the RAM 113 (see FIG. 4) of the control unit 11, is associated with the attribute name, and is managed by the control program of the CPU 111. If the log information is managed by a table, for example, as shown in FIG. 8, the value of information used in the log and the attribute of the information are managed in association with each other. The confidential information table 51 is a table that describes whether or not the attribute is masked when a log is output from the log output unit 53. Unlike the attribute table managed by the attribute table management unit 41, the confidential information table 51 does not change whether or not to mask even if the analysis of the log progresses. In principle, if it is a confidential information attribute, a masking flag is set. The As an example, as shown in FIG. 9, a flag (Yes / No) indicating whether or not confidential information is masked for each attribute name is managed. Here, if the flag is “Yes”, the confidential information is masked at the time of output.

  When the encryption determination unit 50 determines that the confidential information is masked, the encryption unit 52 masks the determined confidential information by encryption. That is, the encryption unit 52 is an example of a masking processing unit that performs masking processing on at least part of information, for example, confidential information, selectively with respect to log information generated by the log generation unit 49. The log output unit 53 outputs a log that is determined not to be masked by the encryption determination unit 50 or a log in which confidential information is masked by encryption by the encryption unit 52.

  In the information processing apparatus 10 described above, with respect to specific function units (41, 46, 47, 49, 50, 52), a computer (for example, as shown in FIG. It may exist as a processing program module on the CPU 111). In addition, some or all of the functional units may be configured with dedicated hardware. The specific function unit is a function unit excluding the attribute table request unit 42, the attribute table reception unit 43, the log input unit 44, the display unit 48, and the log output unit 53 that require a hardware configuration.

(Encryption log output processing)
In the information processing apparatus 10 configured as described above, the flow of processing when outputting an encrypted log will be described with reference to the flowchart of FIG. The process of outputting the encrypted log is executed by the encryption determination unit 50, the encryption unit 52, and the log output unit 53.

  When the information is output to the log as text, the encryption determination unit 50 identifies the attribute of the information to be output (step S11), and determines whether the information is masked confidential information from the confidential information table 51 (confidential information). Flag) is acquired (step S12). Based on the acquired confidential information flag, the encryption determination unit 50 determines whether the information to be output is confidential information (step S13). If it is confidential information (Yes in S13), the encryption determination unit 50 encrypts the information. The section 52 is notified that it is confidential information (step S14).

  In response to the notification from the encryption determination unit 50, the encryption unit 52 encrypts (masks) the confidential information (step S15), and passes the log including the encrypted confidential information to the log output unit 53 (step S15). S16). If the information to be output is not confidential information (No in S13), the encryption determination unit 50 proceeds to step S16 and directly passes the log not subjected to the encryption process to the log output unit 53.

(Functional configuration of the management server)
As shown in FIG. 7, the management server 20 includes an attribute request receiving unit 61 and an attribute table transmitting unit 62, manages the attribute table, and sends the latest attribute from the information processing apparatus 10 via the attribute request receiving unit 61. When the table is requested, the attribute table is transmitted to the information processing apparatus 10 via the attribute table transmission unit 62.

  The management server 20 further includes an attribute search unit 63, an attribute table management unit 64, and an attribute table input unit 65. The attribute table management unit 64 holds an attribute table as shown in FIG. The attribute search unit 63 searches the attribute table management unit 64 for a record that matches the job information based on the job information.

  The attribute table input unit 65 is an input unit for updating the contents of records managed by the attribute table management unit 64 using, for example, a personal computer. For example, an engineer at a manufacturer can update a record using a personal computer. Specifically, as an example, an engineer can edit a record in the attribute table by starting up a Web server on the management server 20 and outputting a screen as shown in FIG. For example, clicking a table in the attribute table can edit a flag indicating whether or not to leave masking.

  In the management server 20 described above, the attribute search unit 63, the attribute table management unit 64, and the attribute table input unit 65 may exist as processing program modules on a computer (for example, the CPU 211 in FIG. 5). In addition, some or all of the functional units may be configured with dedicated hardware.

(Specific examples of masking)
Here, a specific example in which masking is performed by encryption will be described. If you encrypt it, it becomes an unknown character string, and anyone can't read it. When encrypting, a unique character string possessed only by the information processing apparatus 10 may be encrypted as a key, or a character string set by the user may be encrypted as a key. The key can be used for decryption.

Here, as an example, a case where encryption is performed using an Advanced Encryption Standard (AES) format will be described as an example. The key used for encryption is “machine-key12345” as information managed only by the information processing apparatus 10. Then, if the character string to be encrypted is an email address “abc123@abc3.co.jp”, if it is encrypted in AES format and encoded in Base64,
「Qsxc3rSfqh5M012K + frj + UJSRb2uIT0 / ukiDPbfEEdmyRwb96ioCBnIdT7i40BT3」
It becomes a character string. When decrypting, decode with Base64 and decrypt using the key. Then you can see the original email address "abc123@abc3.co.jp".

  Next, consider a case where such encrypted information is embedded in a log. As an example, assume that the previous mail address is included in a log line as shown in FIG. 12A. If the previous encryption is applied to this, it is converted as shown in FIG. 12B.

  By the way, "<MADRS>" and "</ MADRS>" are inserted just before and at the end of the previous encrypted text "qsxc ~", which means the beginning and end of the encrypted part In addition, it is a special character indicating that it is a mail address as an attribute (so-called “tag”). A special character string is attached as a mark because it is unknown just by reading the log where it is encrypted. In this example, five characters are added, but any number of characters may be added as long as the encrypted part can be identified. In addition, if it is a phone number, a character string such as “TLPNN” is added. These are only examples, and any character string may be used as long as the attribute can be identified.

(Log analysis & decryption processing)
The flow of processing when performing log analysis and decoding will be described with reference to the flowchart of FIG. A process for log analysis and decryption is executed by the log analysis unit 45, the decryption determination unit 46, and the decryption unit 47.

  The log analysis unit 45 determines whether or not there is a line that has not been checked when the log data received by the log input unit 44 is checked against the attribute table of FIG. 2 (step S21). If so (Yes in S21), the row value is read (step S22). Then, the log analysis unit 45 determines whether or not there is a tag in the log data (step S23). If there is a tag (Yes in S23), the log analysis unit 45 identifies the attribute from the tag (step S24). The sandwiched text is extracted (step S25).

  Next, the decryption determination unit 46 determines whether or not the encrypted text extracted by the log analysis unit 45 is an attribute for which the flag for decryption is set (step S26), and the flag for decryption is set. If it is an attribute (Yes in S26), the decryption unit 47 is notified of the decryption (step S27). In response to the notification from the decryption determination unit 46, the decryption unit 47 decrypts the encrypted text extracted by the log analysis unit 45 (step S28), and transmits the decrypted log to the display unit 48 ( Step S29).

  When it is determined in step S21 that there is no remaining line that has not been collated (No in S21), the log analysis unit 45 ends the series of processes. If it is determined in step S23 that there is no tag in the log data (No in S23), the log analysis unit 45 proceeds to step S29 and directly transmits the encrypted log without decryption to the display unit 48. . If the attribute to be decrypted is not set in step S26 (No in S26), the decryption determination unit 46 proceeds to step S29 and directly displays the encrypted log without decryption. Send to. As an example, assume that a SCAN job is executed. Assume that the settings at this time are SCAN resolution 200 [dpi] and file type pdf (see FIG. 2). After executing this job, if it seems that there is some problem, an encryption log for failure analysis is output. In addition to the operating log, the job setting at that time is also output to the encryption log. For example, in the present example, as shown in FIG. 14, log information is output mixed with the operation log. The log analysis unit 45 reads this part and analyzes it to determine the job setting.

   Next, it is assumed that the log analysis unit 45 reads a log and finds an encrypted part. For example, assume that a portion surrounded by <MADRS> </ MADRS> as shown in FIG. 14 is found. The character string “MADRS” means an attribute of the mail address, and it is understood that the mail address is encrypted here. Before attempting to display this log on the display unit 48, the decryption determination unit 46 obtains a flag indicating whether or not to decrypt an attribute called a mail address from the attribute table management unit 41. At this time, the previously read job information is searched.

  For example, taking the attribute table of FIG. 2 as an example, the search is for jobs of job type: SCAN, SCAN resolution: 200 [dpi], and SCAN file type: pdf. From the attribute table of FIG. It turns out that the record of 2 corresponds. And if the flag of whether to mask the mail address of this record is acquired, it is “No”. In other words, at this time, the portion surrounded by <MADRS> </ MADRS> is decoded and displayed on the display unit 48 through the decoding unit 47. Conversely, if the flag to be masked is “Yes”, the encrypted character string is displayed without being decrypted.

  If there is no record that matches the job condition, the default value of the masking flag is used. For example, when “No” is set as the default value of the flag indicating whether or not to mask, all attribute items are decrypted and displayed if they do not match the job conditions. Regarding the display, the information is displayed on the operation display unit 13 (see FIG. 4) such as a touch panel of the information processing apparatus 10. In addition to the display, output to electronic data or paper is also conceivable, but it is not preferable to output to paper from the viewpoint of not leaking confidential information.

(Communication sequence between information processing device and management server)
Communication between the information processing apparatus 10 and the management server 20 will be described with reference to FIG. FIG. 15 is a diagram illustrating a communication sequence between the information processing apparatus 10 and the management server 20.

  The information processing apparatus 10 communicates with the management server 20 through a communication line 30 such as the Internet. The management server 20 has an attribute table regarding various job settings. The attribute table may be shared with other users.

  When the encryption log is input from the log input unit 44 (see FIG. 7) (step S31), the information processing apparatus 10 reads the input encryption log (step S32) and stores the latest attribute table in the management server 20. (Step S33). In response to this request, the management server 20 searches the attribute table from the job settings (step S34), and if there is a record in the attribute table that matches a predetermined condition (here, job setting matches), the attribute The table is transmitted to the information processing apparatus 10 (step S35).

  The information processing apparatus 10 receives the attribute table transmitted from the management server 20 (step S36), and then updates the record of the held attribute table (step S37). Note that the management server 20 does not transmit the attribute table when there is no attribute table that matches the predetermined condition. Therefore, the information processing apparatus 10 does not update the attribute table record.

  After updating the attribute table record, the information processing apparatus 10 uses the record to determine whether or not to decrypt each confidential information in the log, and when it is necessary to decrypt each confidential information in the log Is decrypted (step S38). The process of step S38 is the process of FIG. And the information processing apparatus 10 displays the log which performed the decoding process on the display part 48 (step S39).

  The engineer confirms the log displayed on the display unit 48 (step S40). The management server 20 has an interface for inputting attributes that the engineer has determined to be unnecessary for failure analysis. Through this interface, the engineer sets, for example, a flag for masking for each job setting and attribute from a Web-based page (step S41). In response to this, the management server 20 updates the attribute table (step S42).

  If the failure of the information processing apparatus 10 has been clarified based on the log displayed on the display unit 48 (Yes in S43), a series of failure clarification processing based on the log is terminated. If the problem of the information processing apparatus 10 has not been clarified (No in S43), the process returns to step S31 and the above-described series of processing is repeated.

  As described above, by using the management server 20 and sharing it with other users, masking information on past problems that have occurred in other users can be used. Therefore, attribute items that are unnecessary for failure analysis can be displayed with masking. As a result, confidential information is more easily protected.

[Example 2]
The second embodiment is an example in which the masking process is a filling process. FIG. 16 is a functional block diagram illustrating an example of functional configurations of the information processing apparatus 10 and the management server 20 in the information processing system 100 according to the second embodiment. The functional configurations of the information processing apparatus 10 and the management server 20 in the case of the second embodiment will be specifically described below.

(Functional configuration of information processing device)
When described in comparison with the first embodiment (FIG. 7), the information processing apparatus 10 replaces the decoding determination unit 46 and the decoding unit 47 with a paint cancellation determination unit 71, a log information acquisition unit 72, and a log information storage unit. 73 is provided. The information processing apparatus 10 further includes a fill determination unit 74 and a fill processing unit 75 instead of the encryption determination unit 50 and the encryption unit 52.

  In the case of filling, unlike the case of encryption, it is not possible to perform processing such as restoring the original confidential information from the log information itself (decrypting the original confidential information). For this reason, the information processing apparatus 10 needs to manage the original confidential information to be filled. Further, the information processing apparatus 10 needs to associate the log information to be processed with the log information including the original confidential information held by the information processing apparatus 10.

  From such a viewpoint, a log information storage unit 73 is provided, and the log information storage unit 73 stores log information including original confidential information in association with log information to be processed, Information on the filled area is stored. These pieces of information can be acquired at the time of the painting process by the painting determination unit 74 and the painting processing unit 75.

  As the log information storage unit 73, the non-volatile memory 12 (see FIG. 4) provided in the normal information processing apparatus 10 can be used. The nonvolatile memory 12 includes an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like. An example of the table of the log information storage unit 73 is shown in FIG.

  When generating the text of the log information, the fill determining unit 74 determines whether or not the confidential information needs to be filled based on the confidential information table 51. If the fill information is necessary, the fill processing unit 75 To notify. The fill determination unit 74 passes the log information generated by the log generation unit 49 to the log output unit 53 as it is if no fill is necessary. Upon receiving notification from the paint determination unit 74 that painting is necessary, the painting processing unit 75 performs painting processing on confidential information that needs to be painted, and passes the processed log information to the log output unit 53.

  The fill cancellation determination unit 71 finds an item in the log input through the log analysis unit 45 that matches the attribute of the portion masked by the fill from the attribute table managed by the attribute table management unit 41, and cancels the fill. It is determined whether or not. Then, the painting cancellation determination unit 71 notifies the log information acquisition unit 72 of the cancellation of the painting.

  When the log information acquisition unit 72 receives the notification of the cancellation of the fill from the fill cancellation determination unit 71, the log information including the original confidential information stored in the log information storage unit 73 in association with the log information to be processed, Based on the information of the filled portion, the original confidential information before filling is acquired and reproduced.

  In the information processing apparatus 10 described above, the paint cancellation determination unit 71, the log information acquisition unit 72, the paint determination unit 74, and the paint processing unit 75 exist as processing program modules on a computer (for example, the CPU 111 in FIG. 4). Also good. In addition, some or all of the functional units may be configured with dedicated hardware.

(Functional configuration of the management server)
The functional configuration of the management server 20 in the information processing system 100 according to the second embodiment is the same as the functional configuration of the management server 20 (see FIG. 7) in the information processing system 100 according to the first embodiment.

(Specific example of painting process)
Here, a specific example of the filling process will be described. As an example, as shown in FIG. 18, it is assumed that there is a log that is output with the mail address portion being filled. In this example, consider the case where the log content is printed on paper or the like.

  The log is input as an image from the scanner unit 14 (see FIG. 4). In this example, the log input unit 44 is the scanner unit 14. The image input from the log input unit 44 is analyzed by the log analysis unit 45. In the log analysis unit 45, the portion subjected to the painting process is detected, for example, by detecting black painting of a certain area or more. In the example of FIG. 18, the number “(1)” is written before the black portion. This number represents the ID of the fill, and is associated with the original information of the filled portion stored in the log information storage unit 73.

  The log analysis unit 45 interprets the character string before the detected filled portion as a character string by OCR or the like, and extracts numbers. From the extracted ID in the table of the log information storage unit 73 that manages the original information, it can be seen what kind of information the black portion originally was. For example, when compared with the number (#) in the table in FIG. It should be noted that not only numerical values but also images and symbols may be used for associating the above-described painted portion with the original information.

(Communication sequence between information processing device and management server)
Regarding the communication sequence between the information processing apparatus 10 and the management server 20 in the second embodiment, the basic sequence is the difference between the information processing apparatus 10 and the management server 20 in the first embodiment shown in FIG. It is the same as the communication sequence.

[Information processing program]
In the information processing system 100 according to the first and second embodiments described above, for example, when each function unit of the information processing apparatus 10 exists as a processing program module on the CPU 111, for example, a program that causes the CPU 111 to execute each function is as follows. It becomes the information processing program of this invention. The information processing program may be installed in advance in a storage unit provided in the information processing apparatus 10, for example, the ROM 112 (see FIG. 4) of the control unit 11. However, the present invention is not limited to this, and can be provided by wired or wireless communication means, or can be provided by being stored in a storage medium such as a computer-readable IC card or USB memory. It is.

<Modification>
As mentioned above, although this invention was demonstrated using embodiment, this invention is not limited to the range as described in the said embodiment. That is, various changes or improvements can be added to the above-described embodiment without departing from the gist of the present invention, and embodiments to which such changes or improvements are added are also included in the technical scope of the present invention.

  For example, in the above-described embodiment, the information processing system 100 including the information processing apparatus 10 and the management server 20 has been described as an example. However, the present invention is not limited to application to the information processing system 100. Application to the device 10 alone is also possible. That is, the information processing apparatus 10 alone (the information processing apparatus of the present invention) can manage and update the attribute table only by the information processing apparatus 10 without using the management server 20. In this case, the information processing apparatus 10 may have the function units of the attribute search unit 63, the attribute table management unit 64, and the attribute table input unit 65 of the management server 20 in FIG.

  In the above-described embodiment, the multifunction device is exemplified as the information processing device 10. However, the multifunction device is not limited to the multifunction device, and is not limited to an image forming device such as a printer device, a facsimile device, a printing machine, or an image forming device. The present invention can be applied to all information processing apparatuses that can analyze failure from log information.

  In the above embodiment, the case where the present invention is applied to a defect log used for defect analysis has been described as an example, but the present invention can also be applied to a report such as a transmission report. For example, as shown in FIG. 19, when a transmission history report is output on paper, when there is an attribute of a destination name and a telephone number, and further when a masking cancellation request is met, the masking is kept. Check whether the flag is unmasked or remain masked.

  In the report, numbers (055) to (059) in which numbers are described are attributes of destination names, and (060) to (064) are attributes of telephone numbers. When displaying each with masking removed, obtain a flag indicating whether or not to leave the destination name and telephone number attributes masked from the attribute table. If the flag is “Yes”, the masking is not canceled and black painting is performed. If the flag is “No”, the masking is canceled and the original information is displayed. FIG. 19 shows an example in which both the transmission destination name and the telephone number are masked by black painting (filling).

  DESCRIPTION OF SYMBOLS 10 ... Information processing apparatus 20 ... Management server 30 ... Communication line 41 ... Attribute table management part 44 ... Log input part 45 ... Log analysis part 46 ... Decryption judgment part 47 ... Decryption part 49 ... Log generation unit 50 ... Encryption determination unit 51 ... Confidential information table 52 ... Encryption unit 53 ... Log output unit 63 ... Attribute search unit 64 ... Attribute table management unit 65 ... Attribute table input unit 71 DESCRIPTION OF SYMBOLS ... Fill cancellation | release determination part, 72 ... Log information acquisition part, 73 ... Log information preservation | save part, 74 ... Fill determination part, 75 ... Fill processing part, 100 ... Information processing system

Claims (8)

A management unit that links and manages a masking portion of log information in which at least a part of information is masked for each attribute;
When the log information is input, the log information is analyzed, and an analysis unit that identifies the masking portion;
An identification unit for identifying the attribute of the masking portion identified by the analysis unit based on a management result of the management unit;
A table for managing the attribute and the necessity information of the masking part masking cancellation, in association with each other;
A determination unit that determines whether to cancel masking for each attribute based on the table when outputting the log information;
When the determination result of the determination unit does not cancel masking, the log information is output without canceling masking, and when canceling masking, the output unit outputs the log information by canceling masking, and
An information processing apparatus comprising: A generating unit for generating the log information;
A masking processor that selectively masks at least a portion of the information with respect to the log information generated by the generator;
The information processing apparatus according to claim 1, further comprising: The information processing apparatus according to claim 1, wherein the masking process for the log information is an encryption process. The information processing apparatus according to claim 1, wherein the masking process for the log information is a filling process. The information processing apparatus according to claim 1, wherein the output unit is a display unit that displays log information that has not been unmasked or log information that has been unmasked. Manage the log information masked part where at least part of the information is masked by linking each attribute,
When the log information is input, the log information is analyzed to identify the attribute of the masking portion based on the management result;
When outputting the log information, based on a table that manages the attribute and the masking portion necessity information of the masking portion in association with each other, determine whether to cancel the masking for each attribute,
An information processing method comprising: outputting the log information without canceling masking if the determination result indicates that masking is not canceled; and outputting the log information after canceling masking when canceling masking. An information processing system having at least one information processing apparatus and a management server that manages the at least one information processing apparatus,
The information processing apparatus includes:
A management unit that links and manages a masking portion of log information in which at least a part of information is masked for each attribute;
When the log information is input, the log information is analyzed, and an analysis unit that identifies the masking portion;
An identification unit for identifying the attribute of the masking portion identified by the analysis unit based on a management result of the management unit;
A table for managing the attribute and the necessity information of the masking part masking cancellation, in association with each other;
A determination unit that determines whether to cancel masking for each attribute based on the table when outputting the log information;
When the determination result of the determination unit does not cancel masking, the log information is output without canceling masking, and when canceling masking, the output unit outputs the log information by canceling masking, and
An information processing system comprising: Manage the log information masked part where at least part of the information is masked by linking each attribute,
When the log information is input, the log information is analyzed to identify the attribute of the masking portion based on the management result;
When outputting the log information, based on a table that manages the attribute and the masking portion necessity information of the masking portion in association with each other, determine whether to cancel the masking for each attribute,
If the determination result is that masking is not released, the log information is output without releasing masking, and if masking is released, the masking is released and the log information is output. Information processing program.