JP4483996B2 - Job processing apparatus, control method for the apparatus, and control program - Google Patents

Description

  The present invention relates to a job processing apparatus that executes a predetermined job in response to a user request, such as a copying machine, a printer, a facsimile machine, and a multifunction machine, and more particularly to a technique for maintaining confidentiality of data stored in the job processing apparatus.

  In recent years, many digital copying machines and multifunction machines are equipped with a large-capacity storage device such as a hard disk. Such a large-capacity storage device temporarily stores a document image when copying a plurality of copies of a document or performing double-sided printing, or allows a user to read a document image read by a document reading unit in response to a scan request. It is used for applications such as saving until it is downloaded via.

  In recent years, against the backdrop of networking and the increase in information crimes associated therewith, there is a growing trend of strengthening information security management of companies, and authentication systems such as ISMS (Information Security Management System) have also begun. Considering the risk of information leakage due to the removal of hard disks, etc., in corporate comprehensive information security management, the data remaining in the mass storage devices of digital copiers and multi-function peripherals cannot be overlooked.

  To deal with this problem, the technique disclosed in Patent Document 1 provides a confidential document mode in the copying machine, and when this mode is set, the image data on the hard disk is erased when the processing of the image data is completed. I am going to do that.

  In the technique disclosed in Patent Document 2, image data stored on a hard disk is erased during idle time of a copying machine.

  In the technique disclosed in Patent Document 3, it is determined according to the data amount of the image data whether the image data of the interrupt job is to be deleted before returning from the interrupt or after the interrupted job is completed. . In this technique, the image data on the hard disk is deleted when the user has not used the copying machine for a predetermined time, or when the user instructs to stop copying, the image data related to the copying process is deleted from the hard disk. Or erased.

  It should be noted that erasure of image data on the hard disk is not sufficient simply by deleting the image data file on the file system because the actual data remains on the hard disk. Therefore, conventionally, when erasing even actual data on a hard disk, random data is overwritten a plurality of times in the actual data area.

  In addition, security is further improved by encrypting image data and then storing it in a hard disk.

Japanese Patent Laid-Open No. 9-223061 JP-A-9-284572 JP 2003-37719 A

  In any of the techniques disclosed in Patent Documents 1 to 3, the image data cannot be read from or written to the hard disk during the erasing period of the image data from the hard disk, and therefore the next printing process or image reading process cannot be started during that period. For example, after processing a document having a large amount of data such as a color document having a large number of pages, it takes a long time to erase the image data of the document, so that the processing wait time becomes long. The technique of Patent Document 3 tries to reduce the influence of the erasure process by controlling the timing of the erasure process according to interrupts and other conditions, but once the erasure is started, the next process is performed until the erasure is completed. The points that cannot be started are not improved. Further, the technique of Patent Document 3 has a problem that the actual data may remain in the hard disk until the timing for executing the erasure process comes.

  The present invention provides a first storage device, a second storage device capable of erasing data stored in the first storage device at a higher speed, the first storage device, and the second storage device. A storage control unit that sorts and stores job data for job execution;

  A job processing unit for executing the job; and an erasing unit for erasing job data distributed and stored in the second storage device by the storage control unit when execution of the job by the job processing unit is completed; A job processing apparatus is provided that includes a job control unit that permits the job processing unit to execute another job when data erasing processing by the erasing unit is completed.

FIG. 2 is a diagram illustrating a main part of a hardware configuration of the image forming apparatus according to the embodiment. FIG. 3 is a functional block diagram illustrating a mechanism for storing, reading, and erasing a job data file in the image forming apparatus according to the embodiment. 10 is a flowchart illustrating an example of a storage processing procedure of a job data file by a storage / deletion control unit. It is a figure which shows the example of the data structure of the storage file in HDD. It is a figure which shows the example of the data structure of the distribution management information in a storage file. 6 is a flowchart illustrating an example of a procedure for reading distributed job data files. 10 is a flowchart illustrating an example of a job data file deletion processing procedure. It is a flowchart which shows the example of the determination procedure of the data amount stored in RAM. It is a figure which shows the modification of the apparatus for storage / deletion of job data. 10 is a flowchart illustrating an example of a job data file erasing process procedure according to a modification.

  Hereinafter, embodiments of the present invention (hereinafter referred to as embodiments) will be described with reference to the drawings. Hereinafter, an example in which the method of the present invention is applied to an image forming apparatus such as a digital multi-function peripheral will be described. That is, in the following, image formation such as an image data file generated by reading a document for copy processing or scanning processing, a print instruction requested from a remote host, a developed image data file, received facsimile data, etc. A mechanism for security protection of data received or generated to execute various jobs required by the apparatus will be described.

  First, the hardware configuration of the image forming apparatus according to the present embodiment will be described with reference to FIG. FIG. 1 illustrates components necessary for explaining the control of the present embodiment, and other components are not illustrated.

  This image forming apparatus is a type of apparatus that handles an image obtained by optically reading a document as digital data, such as a digital copying machine or a digital multifunction machine.

  In this apparatus, a ROM (Read Only Memory) 12 stores digital information such as a control program for controlling the operation of the image forming apparatus. A CPU (Central Processing Unit) 10 executes a control program in the ROM 12 to realize control of each part of the image forming apparatus. The ROM 12 also stores a program that describes file storage, reading, and erasing procedures that will be described later.

  A RAM (Random Access Memory) 14 is a main storage device of the image forming apparatus, and is also used as a work memory when the control program is executed. The RAM 14 can also be used as a page buffer that stores image data for one page to be supplied to the print engine 24, for example.

  An HDD (Hard Disk Drive) 16 is an auxiliary storage device for storing various data. For example, the HDD 16 stores job data received or generated by the image forming apparatus for various requested jobs. As such job data, for example, original image data read by the scan engine 22 for copying, or a print instruction for confidential print processing (processing for printing only after successful user authentication) requested from a remote host. Data, image data obtained by developing the data, image data read by the scan engine 22 in accordance with a scan instruction, and the like. Such a job data file is deleted from the file system upon completion of the job. However, it is a conventional problem that the actual data of a file remains on the HDD simply by deleting the file on the file system, and this embodiment provides a new solution to the problem.

  The operation panel 18 is a user interface means for displaying the user interface of the image forming apparatus and receiving input of various instructions from the user. The operation panel 18 typically includes mechanical operation buttons such as a copy start button and a liquid crystal touch panel. The liquid crystal touch panel displays a GUI (Graphical User Interface) screen generated by a control program executed by the CPU 10, detects a user's touch position on the display, and passes it to the control program. The control program interprets the input content of the user from the information on the touch position.

  The communication interface 20 is a device that performs control for data communication with a network such as a local area network. A print instruction or the like from the remote host is input into the image forming apparatus via the communication interface 20.

  The scan engine 22 is a device that provides a scanner function for optically reading a document and generating electronic image data. Documents set on an automatic document feeder (ADF) (not shown) are fed one by one to the scan engine by the ADF function and optically read.

  The print engine 24 is a device that provides a printer function for forming (printing) image data supplied on the paper under the control of the CPU 10.

  In such an image forming apparatus, in the present embodiment, as a measure for improving the security of the job data file to be stored, the job data file that has been stored in the HDD 16 in the past is distributed and stored in the HDD 16 and the RAM 14. Take. That is, one job data file is stored separately in a storage file 40 in the HDD 16 and a portion 42 of the storage file in the RAM 14. According to this configuration, when the job data file is deleted, a part 42 of the stored file on the RAM 14 may be deleted. Data in the RAM 14 can be erased at high speed. When the data 42 in the RAM 14 is erased, the original job data file cannot be restored only with the storage file 40 remaining in the HDD 16, so that the secret of the job data can be protected. In particular, if the job data file is encrypted and then distributedly stored in the HDD 16 and the RAM 14, the stored file 40 remaining in the HDD 16 is a part of the encrypted job data file that has been partially deleted. Can be very difficult, and high security can be realized.

  FIG. 2 is a functional block diagram showing a mechanism for storing / reading / erasing a job data file in the image forming apparatus.

  In this configuration, the job control unit 100 receives job requests input from the operation panel 18 or the communication interface 20, and controls the execution of job processing corresponding to these requests. Examples of job execution include image formation processing, various image processing, character recognition processing, transmission processing to another device, and the like. The job control unit 100 also performs control of accepting an interrupt job for a job that is being executed, and saving and restoring a job associated with the interrupt. When the job to be executed needs to temporarily store job data, the job control unit 100 requests the storage / deletion processing unit 110 to store the job data. Examples of jobs that require temporary storage of job data include a job for copying a plurality of originals, a confidential print job, and a job for temporarily storing a scanned image in a confidential box. In the case of multiple copies, the job is completed when the print output for that number of copies is completed. In the case of confidential printing, the job is completed when the user authentication in the image forming apparatus is successful and the print output is completed. To do. In addition, the process of storing the scanned image in the confidential box is completed when the remote host downloads the data in the confidential box.

  Further, when it is time to use job data once saved for job execution, the job control unit 100 requests the storage / deletion control unit 110 to read the job data.

  The storage / deletion control unit 110 is a module that performs job data file storage and read processing. When there is a job data file storage request from the job control unit 100, the storage / deletion control unit 110 stores them in the RAM 14 and HDD 16 in a distributed manner according to a predetermined distribution rule (or procedure). When a job data file read request is received from the job control unit 100, the storage / deletion control unit 110 reads the data distributedly stored in the RAM 14 and the HDD 16 and integrates them based on the distribution rule, thereby integrating the original job data. The file is restored and provided to the job control unit 100.

  The encryption processing unit 112 encrypts data stored in the RAM 14 or HDD 16 by the storage / deletion control unit 110 according to a predetermined encryption algorithm, or decrypts data read from the RAM 14 or HDD 16.

  The random number generation unit 114 is a module that generates random numbers for distributed storage processing in the RAM 14 and the HDD 16 by the storage / deletion control unit 110.

  The memory monitoring unit 116 is a module that monitors the free space in the RAM 14. The information on the free space obtained by monitoring is used by the storage / deletion control unit 110 to obtain the amount of job data distributed to the RAM 14 and HDD 16.

  Next, with reference to FIG. 3, a process when the job data file is stored by the storage / deletion control unit 110 will be described.

  When a job data file storage request is received from the job control unit 100, the storage / deletion control unit 110 first causes the encryption processing unit 112 to encrypt the file (S10).

  Next, the storage / deletion control unit 110 calculates the size of data stored in the RAM 14 among the encrypted job data (S12). In this calculation, the storage size is calculated using the free space of the RAM 14 obtained by the memory monitoring unit 116 and the random number generated by the random number generation unit 114. The basic idea is that the storage size is increased as the free space of the RAM 14 increases, and adjustments are made using random numbers so that the relationship between the free space and the storage size does not become constant. For example, a predetermined ratio of the free space in the RAM 14 is determined as a reference value for the storage size, and the storage size is obtained by adjusting the reference value with a normal distribution random number generated by the random number generation unit 114. Become. Considering the free capacity of the RAM 14 when determining the storage size, it is possible to avoid a shortage of work memory during the storage process. In addition, by changing the storage size with a random number, it is possible to obscure the rules for distributed storage, which can improve security.

  When the calculation of the storage size in the RAM 14 is completed, the storage / deletion control unit 110 stores the storage size from the beginning of the encrypted job data (hereinafter simply referred to as “job data” if there is no risk of confusion). Minutes of data is stored in the RAM 14 (S14). The data storage position (start address) in the RAM 14 at this time may be determined randomly or may be determined in accordance with a predetermined rule (such as storing at the head of the free capacity).

  After storage in the RAM 14, the storage / erasure control unit 110 calculates the storage size in the HDD 16 (S16). The calculation of the storage size may be performed in the same manner as the calculation of the storage size in the RAM 14.

  When the storage size in the HDD can be calculated, the storage / deletion control unit 110 creates the distribution management information and writes it in the HDD 16 (S18), and stores the data corresponding to the storage size from the head of the unstored portion of the job data to the HDD 16. Write (S20). In the HDD 16, a file area for storing the job data is secured by the operating system of the image forming apparatus, and the distribution management information and job data are written in this area.

  The above steps S12 to S20 are repeated until there is no unstored portion of the job data (S22). As a result, the job data is distributedly stored in the RAM 14 and the HDD 16. In this way, in the process of FIG. 3, the job data is alternately stored in the RAM 14 and the HDD 16 little by little.

  FIG. 4 shows an example of the data structure of the storage file 40 generated in the HDD 16 by the processing of FIG. As shown in this figure, the storage file 40 is constituted by repetition of the distributed management information 410 and the partial data 450 of the storage file. The distributed management information 410 is information for accessing data stored in the RAM 14, and the partial data 450 is a part of job data. This partial data 450 is, for example, ASN. 1 is described in a data structure according to the BER encoding rule. In this case, the partial data 450 is information in which an object type 452 indicating the type of the data, a size 454 of the data, and a value 456 of the data are arranged in this order. Each time the processes of steps S12 to S20 in FIG. 3 are performed once, the distribution management information 410 and the subsequent partial data 450 are generated.

  An example of the data structure of the distributed management information 410 is shown in FIG. In this example, the distributed management information 410 starts with an identifier 412 of the management information itself, followed by the size 414 of the management information itself, and then the device to which job data is distributed (this embodiment) In the embodiment, information 420 for accessing data stored in the RAM 14) is described. The information 420 includes an identifier 422 of the distribution destination device, a storage location 424 of the data distributed and stored in the distribution destination device, and a data size 426 of the data. When the distribution destination device is the RAM 14, for example, the start address of the storage area of the data in the RAM 14 can be used as the storage location 424.

  In the example of FIG. 1, job data is distributed to the HDD 16 and the RAM 14. However, the image forming apparatus may include a storage device in addition to the HDD 16 and the RAM 14. For example, the image forming apparatus may include a plurality of HDDs, or may include an EEPROM or a nonvolatile RAM. In such a case, the job data can be distributed and stored in the plurality of storage devices. The identifier 422 of the distribution destination device is for identifying the plurality of storage devices. When job data is distributed and stored in a plurality of storage devices other than the HDD 16, information 420 is described in the distributed management information 410 for each storage device. In this case, the order of the information 420 in the distributed management information 410 corresponds to the order of job data stored in a distributed manner.

  Next, processing of the storage / deletion control unit 110 when reading job data stored in a distributed manner will be described with reference to FIG.

  When the job control unit 100 is requested to read out the job data file, the storage / deletion control unit 110 first accesses the head of the file in the HDD 16 (S30), reads out the distribution management information 410, and distributes the distribution management information. The data distributedly stored in the RAM 14 is read according to the information of the storage device identifier 422, the storage location 424, and the data size 426 indicated by 410 (S32). If there are a plurality of storage devices as distributed storage destinations, data is read from the respective storage devices and merged in the order of information 420 in the distributed management information 410. When data reading from all the storage devices at the distributed storage destination is completed in this way, the partial data 450 stored immediately after the distributed management information 410 is read and merged with the data read from the distribution destination. (S34). By repeating such processing until the end of the storage file 40 is reached (S36), the job data reading is completed. Since the read job data is encrypted, the storage / deletion control unit 110 causes the encryption processing unit 112 to decrypt the data and provides it to the job control unit 100.

  Next, with reference to FIG. 7, the erasing process of the job data file distributedly stored in the HDD 16 and the RAM 14 will be described.

  This erasure process is executed when a predetermined erasure condition is satisfied for the job data file. A typical erasure condition is that the execution of a job using the job data file has been completed. An example of an erasure condition is that a user inputs a job stop instruction using a job data file. Another example of the erasure condition is that the user designates a job data file and explicitly instructs the erasure of the file.

  The storage / deletion control unit 110 monitors a job execution completion notification from the job control unit 100 and a user input from the operation panel 12, and waits for any of these deletion conditions to be satisfied (S40, S42). , S44). If any of the erasure conditions is satisfied, the portion 42 stored in the RAM 14 in the job data file of the job that satisfies the condition is erased (S46). The erasure part can be specified by, for example, reading the distribution management information 410 in the stored file. Since the data is in the RAM 14, it can be erased at high speed. Next, the storage file 40 of the job data in the HDD 16 is deleted, and the storage file area is released (S48). This deletion process may be a process for deleting the management information of the file on the file system, such as deleting a file by the DEL command of MS-DOS (trademark) or the rm command of UNIX (registered trademark). In this case, the actual data of the storage file 40 remains in the HDD 16 even after being deleted (until overwritten), but the original job data file cannot be completely restored only by the remaining actual data. In the present embodiment, since the job data file is encrypted and then distributed and stored in the HDD and RAM, it is very difficult to decrypt only the actual data remaining in the HDD.

  When the deletion of the stored file (S48) is completed, the storage / deletion control unit 110 notifies the job control unit 100 that the requested data erasure process has been completed (S50). Upon receiving this notification, the job control unit 100 permits execution of the next job. Thus, for example, if there is a job waiting at the time of erasure (such as a new job or a job interrupted by another job), the execution of the job is started or resumed.

  As described above, according to the present embodiment, by erasing the data distributedly stored in the RAM 14, the job data stored in the HDD 16 can be brought into an almost invalid state, so that the entire job data stored in the HDD is randomly selected. Compared with the prior art in which data is overwritten many times, data can be erased at a much higher speed. For this reason, even when returning from an interrupt job or when a subsequent job is waiting, data can be erased with almost no waiting job waiting. Therefore, it is not necessary to delete the job data until the next job is completed.

  In this embodiment, since the RAM 14 which is a volatile memory is used as a distributed storage destination of job data, the stored data is also deleted when the image forming apparatus is turned off. The same effect as the processing can be obtained.

  As one example, after erasing data in the RAM 14 described above, it is also preferable to erase data by repeatedly overwriting random data on the actual data of the stored file remaining on the HDD 16 at an appropriate timing. This erasing process by overwriting random data is performed when there is little influence on the job, for example, when the image forming apparatus is not used for a predetermined time, immediately before entering the power saving mode, or when the power switch is turned off. Is preferred. In the present embodiment, job data can be kept safer than the prior art disclosed in each of the above patent documents from the end of the job until the data is erased by random data overwriting.

  In the embodiment described above, the size of the data to be distributedly stored in the RAM 14 is determined according to the RAM free space and the random number, but this is only an example. Instead, the storage size in the RAM 14 may be a fixed value, or may be determined completely at random without considering the free space.

  It is also preferable to determine the storage size in consideration of other situations of RAM free space. An example of this is shown in FIG. In this example, in addition to the RAM free space (S60), information such as the presence / absence of a waiting job (S62), the processing load of the entire image forming apparatus (S64), the sensitivity of job data (S66), and the like are acquired. The storage size in the RAM 14 is determined using these pieces of information as parameters (S68). The basic idea of this calculation is as follows.

  First, when there is a waiting job or when the processing load of the image processing apparatus is high, data erasure due to random data overwriting on the HDD 16 is delayed so much, and thus the safety of job data in the time until the erasure is increased. Therefore, the allocation amount to the RAM 14 is increased. As a result, erasing the data in the RAM after completion of the job causes more data to disappear, so that the possibility of restoring the job data can be further reduced.

  Information about the presence or absence of a waiting job can be acquired from the job control unit 100, and the processing load of the entire image processing apparatus can be acquired from the job control apparatus 100 or the operating system.

  If the confidentiality of job data is high, it is effective in terms of security to delete as much of the data as possible when the data is no longer needed. Therefore, the higher the confidentiality is, the more data is distributed to the RAM 14.

  The sensitivity of the job data may be specified by the user as one of the job attributes, or may be determined from the contents of the job. As an example of the latter, for example, in the case of a job based on a secret such as confidential printing, the confidentiality of job data is increased. The sensitivity for each job type may be registered in the image forming apparatus in advance.

  In addition to the HDD 16, when there are a plurality of storage devices that distribute job data, it is also preferable to determine the distribution amount to the plurality of storage devices according to the writing / reading speed to these storage devices. Since the writing / reading speed to each storage device affects the storage / reading speed of the entire job data, it is preferable to relatively reduce the amount of data distributed to the storage device that is slow to write / read. For example, when data is allocated to the EEPROM in addition to the RAM 14, the writing / reading speed of the EEPROM is naturally slower than that of the HDD 16, and therefore the allocation amount to the EEPROM is smaller than the allocation amount to the RAM. Shall.

  Further, distribution control according to the contents of job data is also conceivable. For example, when the job data has a format composed of a header part and a data part (body part), and the header part includes many data features, the header part data is distributed to the RAM 14 in a large amount. For example, control such as distributing a large amount of data to the HDD 16 can be considered.

  In the above description, job data is encrypted and stored in the encryption processing unit 112. However, even when such encryption is not performed, the distributed storage method of the present invention has a certain degree of effectiveness. Even if the data is not encrypted, part of the job data is erased by erasing the data in the RAM 14, so that even if the HDD 16 is removed, complete job data does not leak.

  In the case where the job data is not encrypted in the image forming apparatus, the job data itself is encrypted (for example, the print data from the host is encrypted), and the case is not. It is also preferable to change the data distribution ratio between the RAM 14 and the HDD 16. That is, when job data is encrypted, the data distribution ratio to the RAM is increased so that as much information of the job data as possible can be erased by erasing the data in the RAM.

  In addition, as a method of distributing data between RAM and HDD when job data is stored in a distributed manner without encryption, in the case of a structured document tagged with job data, tag information (among start tags and end tags) A method of preferentially allocating to the RAM is possible. In this method, document structure information can be erased by erasing data in the RAM. If the job data is a business document, the numerical information in the document is preferentially assigned to the RAM, and if it is name list data, the character corresponding to the personal name kanji is preferentially assigned to the RAM. A method of distributing the corresponding characteristic portion to the RAM is also suitable. The document type can be obtained from the attribute information of the job data file.

  In the above example, the job data is alternately distributed to the RAM 14 and the HDD 16, but instead, the distribution order between them can be changed at random. In this case, the distributed management information 410 includes information on the order of data stored in each distributed storage destination.

  In the above example, the distributed management information 410 is stored in the HDD 16, but this is not essential. Management information describing the distribution status of job data to each storage device, such as the distribution management information 410, may be stored in the RAM 14 or other storage device in the image forming apparatus.

  As a modification of the present embodiment, an apparatus configuration that does not use the RAM 14 is also conceivable. An example of this is shown in FIG. In FIG. 9, the same or similar components as those shown in FIG.

  In this example, the storage / deletion control unit 110a encrypts the job data with the encryption processing unit 112, and then stores only in the HDD 16 as in the conventional case.

  The feature of this modification is the job data erasing process. That is, as shown in FIG. 10, when the job data deletion condition is satisfied (S40 to S44), the storage / deletion control unit 110a uses the random number generated by the random number generation unit 114 to store the job data in the HDD 16 The erasure location is determined (S52). Here, using one or a plurality of generated random numbers, the positions and data sizes to be erased are determined for a plurality of erase locations. Then, the storage / deletion control unit 110a repeatedly overwrites the determined erasure location with random data a predetermined number of times (S54). When this overwriting is completed, the storage / deletion control unit 110a deletes the job data file from the file system and notifies the job control unit 100 of the completion of the data deletion (S50). As a result, the next job can be executed, and if there is a waiting job or a job suspended due to an interrupt, it can be executed. Further, after this erasure, if the job data remaining in the HDD 16 is erased by repeatedly overwriting random data during the idle time of the image forming apparatus, the security can be further improved.

  According to the present embodiment, the job data remaining in the HDD 16 is not complete when a plurality of deletion portions of the job data stored in the HDD 16 are deleted, and even if the remaining data is extracted, it is secret. The risk of leakage is reduced.

  In this example, since a plurality of portions of the encrypted job data are deleted, it is very difficult to decrypt the remaining data.

  Further, if the ratio of the size of these erased portions to the entire job data is reduced, the time required for this erase processing can be shortened, so that the erase processing can be executed without waiting for the waiting job so much.

  The embodiment in which the present invention is applied to an image forming apparatus such as a digital multifunction machine has been described above. However, as is apparent from the above description, the stored data confidentiality protection method according to the present embodiment does not depend on the type of processing or the type of data to be stored, and thus can be applied to various job processing apparatuses other than the image forming apparatus. Is possible.

  In the reference example, the job processing device further includes a rule management unit that distributes and stores job data in the first storage device and the second storage device according to a predetermined rule, and changes the rule. It may be.

  For example, the rule can be changed according to the state of the job processing apparatus. Here, the “state” of the job processing device includes, for example, the free capacity of the second storage device, the writing / reading speed, the processing load of the job processing device, and the presence / absence of a waiting job.

  In another reference example, the job processing apparatus may further include a rule management unit that changes the rule according to an attribute of the job. Here, the “attribute” of the job includes the confidentiality given to the job, the type of document to be processed by the job, and the like.

  10 CPU, 12 ROM, 14 RAM, 16 HDD (hard disk drive), 18 operation panel, 20 communication interface, 22 scan engine, 24 print engine, 40 storage file, 42 part of storage file.

Claims (5)

A first storage device;
A second storage device capable of erasing the stored data faster than the first storage device;
A storage control unit that distributes and stores job data for job execution in the first storage device and the second storage device;
A job processing unit for executing the job;
An erasure unit for erasing job data distributed and stored in the second storage device by the storage control unit when execution of a job by the job processing unit is completed;
A job control unit that allows the job processing unit to execute another job when the data erasing process by the erasing unit is completed;
A job processing apparatus comprising: The job processing apparatus according to claim 1 ,
A job comprising: a remaining erasure unit for erasing job data distributed and stored in the first storage device after erasing the job data distributed and stored in the second storage device by the erasure unit Processing equipment. A storage control unit for storing job data for job execution in a storage device;
A job processing unit for executing the job;
An erasing unit for erasing a part of the job data stored in the storage device by the storage control unit when the job processing unit completes the job;
A job control unit that permits the job processing unit to execute another job when the erasing unit completes erasing a part of the job data;
A job processing apparatus comprising: Job data provided for job execution is distributed and stored in a first storage device and a second storage device that is faster to erase data than this,
The stored data portion of the job data stored in the second storage device is erased when the execution of the job is completed,
Permitting execution of another job when erasure of the data portion stored in the second storage device of the job data is completed;
A control method for a job processing apparatus. On the computer,
A procedure for sorting and storing job data to be used for job execution into a first storage device and a second storage device with faster data erasure;
A procedure of erasing a stored data portion stored in the second storage device when the job has been executed;
A procedure for permitting execution of another job when erasure of a data portion stored in the second storage device of the job data is completed;
A control program to execute.

Images