JP6228438B2 - Information processing apparatus, information processing system, and information processing method - Google Patents

Description

  The present invention relates to an information processing apparatus, an information processing system, and an information processing method.

  As described in Patent Document 1, the conventional technique assigns a key to each folder on the file server, encrypts all files under the folder with the key, and sets marker files under all folders. An identifier that uniquely identifies the key used for encryption is created and written in the marker file. Then, the client computer determines a key to be used based on the identifier obtained from the marker file, and encrypts and decrypts the file.

JP 2008-85448 A

  However, in the conventional technique, when a plurality of users are allowed to decrypt an encrypted file, it is necessary to encrypt the file with a key for each user. For this reason, there is an inconvenience such as an increase in the capacity for storing the encrypted file.

  Accordingly, an object of the present invention is to reduce the capacity for storing an encrypted file and to easily manage the encrypted file.

An information processing apparatus according to an aspect of the present invention encrypts at least a part of encrypted first data and a first key capable of decrypting the first data, so that a plurality of users The third data having a portion that can be decrypted with the second key assigned to the corresponding one user and a portion that can be decrypted with the first key. A storage unit that stores second data including a number corresponding to the number, an input unit that receives an input of the second key or information that can generate the second key, and each of the plurality of users The second key is obtained from the input to the input unit in accordance with the decryption instruction, and a part of the third data is decrypted with the obtained second key, whereby the first key And the first data with the acquired first key. Decoding performs a, each time decoding of the first data is performed, the third data having a portion capable of performing a decoding by the second key assigned to the user who performed the decryption instruction A control unit that deletes the first data when the number of the third data having a portion that can be deleted and decrypted with the acquired first key reaches a predetermined number And.

An information processing system according to one embodiment of the present invention is an information processing system including a first information processing device and a second information processing device, and at least a part of the first information processing device is encrypted. The first data and the first key capable of decrypting the first data are encrypted, and the decryption is performed with the second key assigned to one corresponding user among the plurality of users. A first control unit that generates second data including a portion corresponding to the number of the plurality of users and third data having a portion that can be decrypted and a portion that can be decrypted with the first key And a first communication unit that transmits the first data and the second data to the second information processing apparatus, wherein the second information processing apparatus includes the first data and the second data A second communication unit for receiving second data; Each of a second storage unit for storing data and the second data, the input unit for accepting input of information capable of generating a second key or the second key, the plurality of users The second key is obtained from the input to the input unit in accordance with the decryption instruction, and a part of the third data is decrypted with the obtained second key, whereby the first key The first data is decrypted with the obtained first key, and each time the first data is decrypted , the first data assigned to the user who has given the decryption instruction is obtained. The third data having a portion that can be decrypted with the key of 2 is deleted, and the number of the third data having a portion that can be decrypted with the obtained first key is predetermined. The first data when the number reaches A second control unit to be deleted, characterized in that it comprises a.

In the information processing method according to one aspect of the present invention, the storage unit encrypts the first data at least partially encrypted and the first key capable of decrypting the first data, Of the plurality of users, the third data having a portion that can be decrypted with the second key assigned to the corresponding one user and a portion that can be decrypted with the first key, A storage process for storing second data including a number corresponding to the number of a plurality of users, and an input process for receiving an input of the second key or information capable of generating the second key by the input unit. And the control unit acquires the second key from the input received by the input unit in accordance with the decryption instruction of each of the plurality of users, and uses the acquired second key to obtain one of the third data. The first key is obtained by decrypting the Decoding performs a of the first data in the first key that is the acquisition, each time decoding of the first data is performed, in the second key assigned to the user who performed the decryption instruction The third data having a part that can be decrypted is deleted, and the number of the third data having a part that can be decrypted by the obtained first key is set to a predetermined number. And a control process for deleting the first data from the storage unit .

  According to one embodiment of the present invention, the capacity for storing an encrypted file can be reduced, and the encrypted file can be easily managed.

1 is a schematic diagram showing a data management system according to Embodiments 1 and 3. FIG. 4 is a block diagram schematically showing a configuration of a client PC in the first and third embodiments. FIG. FIG. 3 is a schematic diagram showing data stored in a storage unit of a client PC in the first embodiment. FIG. 3 is a block diagram schematically showing a configuration of a printer in the first and third embodiments. 3 is a schematic diagram illustrating data stored in a storage unit of the printer according to Embodiment 1. FIG. FIG. 10 is an activity diagram showing an operation of “generation of encrypted authentication print data” in the first embodiment. FIG. 10 is an activity diagram showing an operation of a first process of “generation of encrypted authentication print data” in the first embodiment. FIG. 11 is an activity diagram showing an operation of a second process of “generation of encrypted authentication print data” in the first embodiment. FIG. 11 is an activity diagram showing an operation of a third process “generation of encrypted authentication print data” in the first embodiment. 6 is an activity diagram illustrating an operation of “printing encrypted authentication print data” in the first exemplary embodiment. FIG. FIG. 10 is an activity diagram showing an operation of a fourth process of “printing encrypted authentication print data” in the first embodiment. FIG. 11 is an activity diagram showing an operation of a fifth process of “printing encrypted authentication print data” in the first embodiment. FIG. 16 is an activity diagram showing an operation of a sixth process of “printing encrypted authentication print data” in the first embodiment. FIG. 6 is a schematic diagram illustrating a usage mode of a multifunction peripheral according to Embodiments 2 and 4. 3 is a block diagram schematically showing a configuration of a multifunction machine according to Embodiments 2 and 4. FIG. FIG. 6 is a schematic diagram showing data stored in a storage unit in the second embodiment. FIG. 10 is an activity diagram showing an operation of “generation of encrypted authentication print data” in the second exemplary embodiment. FIG. 16 is an activity diagram showing an operation of a seventh process of “generation of encrypted authentication print data” in the second embodiment. FIG. 16 is an activity diagram showing an operation of an eighth process of “generation of encrypted authentication print data” in the second embodiment. FIG. 23 is an activity diagram showing an operation of a ninth process of “generation of encrypted authentication print data” in the second embodiment. FIG. 10 is an activity diagram illustrating an operation of “printing encrypted authentication print data” in the second exemplary embodiment. FIG. 16 is an activity diagram showing an operation of a tenth process of “printing encrypted authentication print data” in the second embodiment. FIG. 20 is an activity diagram showing an operation of an eleventh process of “printing encrypted authentication print data” in the second embodiment. FIG. 19 is an activity diagram showing an operation of a twelfth process of “printing encrypted authentication print data” in the second embodiment. FIG. 11 is a schematic diagram showing data stored in a storage unit of a client PC in Embodiment 3. FIG. 10 is a schematic diagram illustrating data stored in a storage unit of a printer according to a third embodiment. FIG. 16 is an activity diagram showing an operation of “generation of encrypted authentication print data” in the third embodiment. FIG. 23 is an activity diagram showing an operation of a thirteenth process of “generation of encrypted authentication print data” in the third embodiment. FIG. 24 is an activity diagram showing an operation of a fourteenth process of “generation of encrypted authentication print data” in the third embodiment. FIG. 19 is an activity diagram showing an operation of “printing encrypted authentication print data” in the third embodiment. FIG. 25 is an activity diagram showing an operation of a fifteenth process of “printing encrypted authentication print data” in the third embodiment. FIG. 24 is an activity diagram showing an operation of a sixteenth process of “printing encrypted authentication print data” in the third embodiment. FIG. 16 is an activity diagram showing an operation of “deletion of encrypted authentication print data” in the third embodiment. FIG. 10 is a schematic diagram showing data stored in a storage unit in a fourth embodiment. FIG. 20 is an activity diagram showing an operation of “generation of encrypted authentication print data” in the fourth embodiment. FIG. 24 is an activity diagram showing an operation of a seventeenth process of “generation of encrypted authentication print data” in the fourth embodiment. FIG. 24 is an activity diagram showing an operation of an eighteenth process of “generation of encrypted authentication print data” in the fourth embodiment. FIG. 20 is an activity diagram showing an operation of “printing encrypted authentication print data” in the fourth embodiment. FIG. 24 is an activity diagram showing an operation of a nineteenth process of “printing encrypted authentication print data” in the fourth embodiment. FIG. 23 is an activity diagram showing an operation of a twentieth process of “printing encrypted authentication print data” in the fourth embodiment. FIG. 19 is an activity diagram showing an operation of “deletion of encrypted authentication print data” in the fourth embodiment. (A)-(C) are schematic which shows the modification of Embodiment 1-4.

Embodiment 1 FIG.
(Description of configuration)
FIG. 1 is a schematic diagram showing a data management system 100 as an information processing system according to the first embodiment. The information processing method according to the first embodiment is realized by the processing performed by the data management system 100.
The data management system 100 includes a client PC 110 as a first information processing apparatus and a printer 130 as a second information processing apparatus. The client PC 110 and the printer 130 are connected to the network 140. The printer 130 is also referred to as an image forming apparatus. The reference numerals in parentheses in FIG. 1 indicate the configuration in the third embodiment.
In the following description, it is assumed that the user 150A and the user 150B are users of the printer 130, and the user 150C is a user of the client PC 110.
In response to the operation of the user 150C, the client PC 110 generates encrypted authentication print data (encrypted authentication image formation data) that can be decrypted by the decryption instruction of the user 150A and the user 150B in the printer 130. The printer 130 decrypts the encrypted authentication print data generated by the client PC 110 in accordance with the operation of the user 150A and the user 150B, and processes the decrypted data (here, printing).

FIG. 2 is a block diagram schematically showing the configuration of the client PC 110.
The client PC 110 includes a storage unit 111, an information display unit 112, an information input unit 113, a communication unit 114, and a control unit 115.
Reference numerals in parentheses shown in FIG. 2 indicate configurations in the third embodiment.

The storage unit 111 stores data necessary for processing in the client PC 110.
FIG. 3 is a schematic diagram showing data stored in the storage unit 111. In the first embodiment, the storage unit 111 stores document data D011, a public key list D021, and encrypted authentication data CD011 to CD051. Note that the encrypted authentication data CD011 to CD051 are dynamic elements that are generated and deleted in the client PC 110, and are therefore indicated by broken lines.

The document data D011 is data that is the basis of print data (image formation data) printed by the printer 130.
The public key list D021 is data including a public key for each user. Public key list D021 includes public key PK011 of user 150A and public key PK021 of user 150B. For example, the public key list D021 can be realized by data in which a user name, which is identification information for identifying a user, and a user's public key identified by the user name are associated with each other.

The encrypted authentication data CD011 to CD051 are data obtained by combining encrypted data obtained by encrypting data with a key as a main data part and encrypted data obtained by encrypting a hash value of the main data part with a key as a verification data part. . In the first embodiment, the encrypted authentication data CD011 to CD051 are generated by the control unit 115.
In the first embodiment, the encrypted authentication data CD011 to CD051 are composed of encrypted authentication print data CD011, common encrypted authentication data CD021, CD031, and individual encrypted authentication data CD041, CD051. . However, the client PC 110 does not identify each of these types of data, but merely identifies them as a plurality of encrypted authentication data CD011 to CD051. The encrypted authentication print data CD011 corresponds to the first data that is at least partially encrypted. Further, the common encryption authentication data CD021, CD031 and the individual encryption authentication data CD041, CD051 correspond to the number of data corresponding to the number of users allowed to decrypt the first data. In other words, the common encryption authentication data CD021, CD031 and the individual encryption authentication data CD041, CD051 as a whole correspond to the second data. Here, the common encrypted authentication data CD021 and CD031 correspond to third data having at least a portion obtained by encrypting the first key capable of decrypting the first data. The individual encrypted authentication data CD041 and CD051 correspond to fourth data having at least a portion obtained by encrypting the second key capable of decrypting the third data.

Returning to the description of FIG. 2, the information display unit 112 is a display unit that displays a screen.
The information input unit 113 is an input unit that receives an operation input from a user.
The communication unit 114 communicates with the network 140.

The control unit 115 controls the entire processing in the client PC 110. For example, the control unit 115 generates encrypted authentication data CD011 to CD051.
In the first embodiment, the control unit 115 includes an input processing unit 116, a print data generation unit 117 as an image formation data generation unit, a key generation unit 118, an encryption unit 119, and a hash value calculation unit 120. The encrypted data combining unit 121 and the transmitting unit 122 are provided.

The input processing unit 116 displays a predetermined screen on the information display unit 112, and receives an input of a necessary operation from the user via the displayed screen and the information input unit 113. For example, the input processing unit 116 receives input of an instruction to print (image formation) the document data stored in the storage unit 111 from the information input unit 113 via the screen displayed on the information display unit 112. .
The print data generation unit 117 converts the document data received by the input processing unit 116 into print data that can be printed by the printer 130.
The key generation unit 118 generates a key used for encryption. In the first embodiment, the key generation unit 118 executes a common key generation process for generating the first common key and the second common key.

The encryption unit 119 encrypts data using the key. In Embodiment 1, the encryption unit 119 performs a common key encryption process for performing encryption based on the common key encryption system and a public key encryption process for performing encryption based on the public key encryption system. Run.
Specifically, as illustrated in FIG. 3, the encryption unit 119 encrypts the print data PD011 generated by the print data generation unit 117 with the first common key CK011 generated by the key generation unit 118. As a result, encrypted print data C011 is generated.
In addition, the encryption unit 119 encrypts the first common key CK011 generated by the key generation unit 118 with the second common key CK021 generated by the key generation unit 118, so that the common key encrypted data C021, C031 is generated. Here, the common key encrypted data C021 and the common key encrypted data C031 are the same data. The common key encrypted data C021 and C031 are generated in the same number as the number of users permitted to print the print data PD011.
Further, the encryption unit 119 encrypts the second common key CK021 generated by the key generation unit 118 with the public keys PK011 and PK021 of the user who has received permission to print, thereby public key encrypted data C041, C051 is generated. Here, the public key encrypted data C041 is data encrypted using the public key PK011, and the public key encrypted data C051 is data encrypted using the public key PK021. The public key encrypted data C041 and C051 are generated in the same number as the number of users permitted to print the print data PD011.
Then, the encryption unit 119 generates the encrypted hash value data CH011 by encrypting the hash value H011 calculated by the hash value calculation unit 120 with the first common key CK011 generated by the key generation unit 118. To do. Also, the encryption unit 119 encrypts the hash values H021 and H031 calculated by the hash value calculation unit 120 with the second common key CK021 generated by the key generation unit 118, so that the encrypted hash value data CH021 , CH031 is generated. Here, the encrypted hash value data CH021 and the encrypted hash value data CH031 are the same data. Further, the encryption unit 119 encrypts the hash values H041 and H051 calculated by the hash value calculation unit 120 with the public keys PK011 and PK021 of the user who has received permission to print, so that the encrypted hash value data CH041 , CH051. Here, the encrypted hash value data CH041 is data encrypted with the public key PK011, and the encrypted hash value data CH051 is data encrypted with the public key PK021.

  The hash value calculation unit 120 calculates a hash value of data. Specifically, as illustrated in FIG. 3, the hash value calculation unit 120 includes the hash value H011 of the encrypted print data C011, the hash values H021 and H031 of the common key encrypted data C021, and C031, and the public key encryption. Hash values H041 and H051 of the digitized data C041 and C051 are calculated.

The encrypted data combining unit 121 combines two pieces of encrypted data and generates one piece of encrypted data.
Specifically, as illustrated in FIG. 3, the encrypted data combining unit 121 combines the encrypted print data C011 and the encrypted hash value data CH011 to generate the encrypted authentication print data CD011. Generate.
Further, the encrypted data combining unit 121 generates common encrypted authentication data CD021 and CD031 by combining the common key encrypted data C021 and C031 and the encrypted hash value data CH021 and CH031, respectively. Here, the common encryption authentication data CD021 and the common encryption authentication data CD031 are the same data. The common encryption authentication data CD021 and CD031 are generated in the same number as the number of users permitted to print the print data PD011.
Further, the encrypted data combining unit 121 generates the individual encrypted authentication data CD041 and CD051 by combining the public key encrypted data C041 and C051 and the encrypted hash value data CH041 and CH051, respectively. The individual encrypted authentication data CD041 and CD051 are generated in the same number as the number of users permitted to print the print data PD011.
The encrypted data combining unit 121 stores the encrypted authentication print data CD011, the common encrypted authentication data CD021, CD031, and the individual encrypted authentication data CD041, CD051 generated in the above manner in the storage unit 111. Remember.

The transmission unit 122 transmits the encrypted authentication data CD011 to CD051 stored in the storage unit 111 to the printer 130 via the communication unit 114.
Here, the control unit 115 and the storage unit 111 constitute a data generation device.

The client PC 110 described above includes, for example, a CPU (Central Processing Unit), a RAM (Random Access Memory), an external storage device such as an HDD (Hard Disk Drive), a CD (Compact Disk) and a DVD (Digital Versatile). ) And the like, a reading / writing device for reading and writing information from / to a portable storage medium, an input device such as a keyboard and a mouse, a display device such as a display, and a NIC (Network Interface) for connection to a communication network. It can be realized by a general computer equipped with a communication device such as Card).
For example, the storage unit 111 can be realized by using a RAM or an external storage device in which the CPU functions as a work memory, and the information display unit 112 can be realized by using the display device by the CPU. The input unit 113 can be realized by the CPU using the input device, the communication unit 114 can be realized by the CPU using the communication device, and the control unit 115 is stored in the external storage device. This can be realized by loading a predetermined program on the RAM and executing it by the CPU.
The document data D011 and the public key list D021 are preferably stored in an external storage device such as an HDD, and the encrypted authentication data CD011 to CD051 are preferably stored in the RAM.
The predetermined program is downloaded from the storage medium via the read / write device or from the network via the communication device to the external storage device, and then loaded onto the RAM and executed by the CPU. May be. Alternatively, the data may be loaded directly from the storage medium via the reading / writing device or from the network via the communication device onto the RAM and executed by the CPU.
However, the client PC 110 is not limited to the software implemented on the computer system. For example, it may be realized in hardware by an integrated logic IC such as ASIC (Application Specific Integrated Circuits), FPGA (Field Programmable Gate Array), or may be realized by DSP (Digital Signal Processor). It may be a thing. Alternatively, a component specialized for a specific application may be realized by hardware such as an expansion board mounted on the computer system, and other general-purpose components may be realized by software on the computer system. Good.

FIG. 4 is a block diagram schematically showing the configuration of the printer 130.
The printer 130 includes a storage unit 131, an information display unit 132, an information input unit 133, a communication unit 134, a printing unit 135 as an image forming unit, and a control unit 136.
The reference numerals in parentheses in FIG. 4 indicate the configuration in the third embodiment.

The storage unit 131 stores data necessary for processing in the printer 130.
FIG. 5 is a schematic diagram showing data stored in the storage unit 131. In the first embodiment, the storage unit 131 stores a secret key SK011, correspondence data TD011, encrypted authentication data CD011 to CD051, and print data PD011. Note that these data are dynamic elements that are received from the client PC 110 or generated by the printer 130 and deleted, and thus are indicated by broken lines.

The secret key SK011 is a secret key input via the information input unit 133. Here, it is assumed that secret key SK011 is the secret key of user 150A.
Corresponding data TD011 associates print data with encrypted authentication data that includes the print data, associates a first common key with encrypted authentication data that includes the first common key, This is data in which the encrypted authentication data including the second common key and the second common key is associated. The correspondence data TD011 is data that is generated and updated in the process of acquiring the print data PD011 from the encrypted authentication data CD011 to CD051.
The encrypted authentication data CD011 to CD051 are data transmitted from the client PC 110.
The print data PD011 is data decrypted from the encrypted authentication data CD011 to CD051.

Returning to the description of FIG. 4, the information display unit 132 is a display unit that displays a screen.
The information input unit 133 is an input unit that receives an operation input from a user.
The communication unit 134 communicates with the network 140.
The printing unit 135 performs printing (image formation) based on the print data.

The control unit 136 controls the entire processing in the printer 130. For example, the control unit 136 performs decoding of the first data in accordance with each of the decoding instructions of a plurality of users, and deletes the data included in the second data each time the first data is decoded. When the number of data included in the second data reaches a predetermined number, the first data is deleted. Specifically, the control unit 136 receives the encrypted authentication data CD011 to CD051 from the client PC 130, and decrypts the print data PD011 from the encrypted authentication data CD011 to CD051. Further, the control unit 136 determines whether all of a plurality of users permitted to print has issued a decryption instruction from the encrypted authentication data CD011 to CD051 to the print data PD011, and according to the determination result, The encrypted authentication data CD011 to CD051 are deleted.
The control unit 136 includes a reception unit 137, an input processing unit 138, an encrypted authentication data search unit 139, a decryption unit 140, a hash value calculation unit 141, and a print processing unit 142 as an image formation processing unit. .

The receiving unit 137 receives the encrypted authentication data CD011 to CD051 sent from the client PC 110 via the communication unit 134. Then, the reception unit 137 stores the received encrypted authentication data CD011 to CD051 in the storage unit 131.
The input processing unit 138 displays a predetermined screen on the information display unit 132 and receives an input of a necessary operation from the user via the displayed screen and the information input unit 133. For example, the input processing unit 138 receives an input of the user's secret key from the information input unit 133 via the screen displayed on the information display unit 132. Then, the input processing unit 138 stores the input secret key in the storage unit 131.
The encrypted authentication data search unit 139 searches the encrypted authentication data CD011 to CD051 stored in the storage unit 131. Also, the encrypted authentication data search unit 139 deletes the encrypted authentication data CD011 to CD051 according to the decryption status by the user who is permitted to print the print data PD011.

The decryption unit 140 decrypts the encrypted data using the key. In the first embodiment, the decryption unit 140 executes a common key decryption process that performs decryption based on the common key encryption system and a public key decryption process that performs decryption based on the public key decryption system.
Specifically, the decryption unit 140 obtains the second common key CK021 and the hash values H041 and H051 by decrypting the individual encrypted authentication data CD041 and CD051 with the secret key received from the user.
Further, the decryption unit 140 obtains the first common key CK011 and the hash values H021 and H031 by decrypting the common encrypted authentication data CD021 and CD031 with the second common key CK021 obtained as described above. .
Then, the decrypting unit 140 decrypts the encrypted authentication print data CD011 with the first common key CK011 obtained as described above, thereby obtaining the print data PD011 and the hash value H011.

The hash value calculation unit 141 calculates a hash value of the encrypted data. For example, the hash value calculation unit 141 includes the encrypted print data C011 of the encrypted authentication print data CD011, the common encryption authentication data CD021 and the common key encryption data C021 and C031 of the CD031, and the individual encryption authentication data CD041 and CD051. The hash values of the public key encrypted data C041 and C051 are calculated.
The print processing unit 142 sends the print data PD011 decrypted by the decryption unit 140 to the printing unit 135 to perform printing.

  Here, the storage unit 131 and the control unit 136 constitute a data storage device.

The storage unit 131 described above can be realized, for example, by using an external storage device such as a RAM or HDD in which the CPU functions as a work memory. The information display unit 132 can be realized by using a display device such as a display. The information input unit 133 can be realized by the CPU using an input device such as an operation button. The communication unit 134 can be realized when the CPU uses a communication device such as a NIC. The control unit 136 can be realized by loading a predetermined program stored in the external storage device into the RAM and executing it by the CPU.
The secret key SK011 and the corresponding data TD011 are preferably stored in the RAM, and the encrypted authentication data CD011 to CD051 are preferably stored in an external storage device such as an HDD.
However, these are not limited to those realized by software using a CPU. For example, it may be realized in hardware by an integrated logic IC such as ASIC or FPGA, or may be realized in software by a DSP or the like. Alternatively, a component specialized for a specific application may be realized by hardware such as an installed expansion board, and other general-purpose components may be realized by software using a CPU.

(Description of operation)
FIG. 6 is an activity diagram showing an operation of “generation of encrypted authentication print data” in the first exemplary embodiment.
When the information input unit 113 receives an operation input from the user 150C, the input processing unit 116 of the control unit 115 starts input processing (S10).
For example, when the user 150C selects the document data D011 stored in the storage unit 111 via the information input unit 113, the input processing unit 116 displays the document data D011 on the information display unit 112 (S11).
When the information input unit 113 receives an input of a print instruction for the document data D011 from the user 150C, the input processing unit 116 notifies the print data generation unit 117 of the start of printing (S12).

When the print data generation unit 117 receives a notification to start printing the document data D011, the print data generation unit 117 starts print data generation processing (S13), and generates print data PD011 from the document data D011 (S14).
Further, the input processing unit 116 acquires the public key list D021 stored in the storage unit 111 (S15). Then, the input processing unit 116 causes the information display unit 112 to display the user name associated with each of the public keys PK011 and PK021 included in the public key list D021 (S16).
The information input unit 113 receives selection of user names of one or more users who are permitted to print the print data PD011 from the user names displayed on the information display unit 112 (S17). Here, it is assumed that the user names of the users 150A and 150B are selected by the user 150C. Then, the information input unit 113 notifies the key generation unit 118 and the encryption unit 119 that the user name has been selected (S18).

Upon receiving the selection completion notification, the key generation unit 118 starts the common key generation process (S19), and generates the first common key CK011 and the second common key CK021 (S20). The generated first common key CK011 and second common key CK021 are given to the encryption unit 119.
In addition, the encryption unit 119 acquires the public key associated with the user name selected in step S17 from the public key list D021 stored in the storage unit 111 (S21). Here, the public key PK011 of the user 150A and the public key PK021 of the user 150B are acquired.

  Next, the encryption unit 119 that has acquired the first common key CK011, the second common key CK021, and the public keys PK011, PK021, together with the hash value calculation unit 120 and the encrypted data combination unit 121, the following first to third The processes are executed in parallel (S22 to S24), and encrypted authentication data CD011 to CD051 are generated. The first to third processes will be described with reference to FIGS.

When the first to third processes are completed, the transmission unit 122 transmits all the encrypted authentication data CD011 to CD051 to the printer 130 via the communication unit 114 (S25).
When receiving the encrypted authentication data CD011 to CD051 via the communication unit 134 (S26), the receiving unit 137 of the printer 130 stores them in the storage unit 131 (S27).

  FIG. 7 is an activity diagram showing the operation of the first process of “generation of encrypted authentication print data” in the first embodiment. In this first process, encrypted authentication print data CD011 is generated.

The encryption unit 119 starts a common key encryption process (S30), encrypts the print data PD011 with the first common key CK011 (S31), and generates encrypted print data C011 (S32).
Next, the hash value calculation unit 120 starts a hash value calculation process (S33), and calculates a hash value H011 of the encrypted print data C011 (S34).

Next, the encryption unit 119 starts a common key encryption process (S35), encrypts the hash value H011 with the first common key CK011 (S36), and generates encrypted hash value data CH011 (S37).
Next, the encrypted data combining unit 121 starts an encrypted data combining process (S38), combines the encrypted hash value data CH011 as the verification data unit, and the encrypted print data C011 as the main body data unit, and encrypts authentication. Print data CD011 is generated (S39).

  FIG. 8 is an activity diagram showing the operation of the second process of “generation of encrypted authentication print data” in the first embodiment. In this second process, common encrypted authentication data CD021, CD031 are generated.

The encryption unit 119 starts a common key encryption process (S40), encrypts the first common key CK011 with the second common key CK021 (S41), and generates common key encrypted data (S42).
Next, the hash value calculation unit 120 starts a hash value calculation process (S43), and calculates a hash value of the common key encrypted data generated in step S42 (S44).

  Next, the encryption unit 119 starts a common key encryption process (S45), encrypts the hash value calculated in step S44 with the second common key CK021 (S46), and generates encrypted hash value data. (S47).

Next, the encrypted data combining unit 121 starts the encrypted data combining process (S48), uses the encrypted hash value data generated in step S47 as the verification data unit, and the common key encrypted data generated in step S42. Are combined as a main body data part to generate common encrypted authentication data (S49).
The processing from step S40 to S49 is executed the same number of times as the number of public keys acquired in step S21 of FIG. 6 based on the determination of the encryption unit 119 (S50). In step S21 of FIG. 6, since two public keys PK011 and PK021 are acquired, in the first process, the common key encrypted data C021 (S41), the hash value H021 (S44), and the encrypted hash value data CH021 ( S47) and common encrypted authentication data CD021 (S49) are generated. In the second process, the common key encrypted data C031 (S41), the hash value H031 (S44), the encrypted hash value data CH031 (S47), and the common encrypted authentication data CD031 (S49) are generated.

  FIG. 9 is an activity diagram showing the operation of the third process of “generation of encrypted authentication print data” in the first embodiment. In this third process, individual encrypted authentication data CD041 and CD051 are generated.

  The encryption unit 119 starts public key encryption processing (S60), and identifies one public key that has not been used for encryption in step S62 among the public keys acquired in step S21 of FIG. (S61). Then, the encryption unit 119 encrypts the second common key CK021 with the specified public key (S62), and generates public key encrypted data (S63).

Next, the hash value calculation unit 120 starts a hash value calculation process (S64), and calculates a hash value of the public key encrypted data generated in step S63 (S65).
Next, the encryption unit 119 starts public key encryption processing (S66), encrypts the hash value calculated in step S65 with the public key identified in step S61 (S67), and encrypts the hash value Data is generated (S68).
Next, the encrypted data combining unit 121 starts the encrypted data combining process (S69), uses the encrypted hash value data generated in step S68 as the verification data unit, and the public key encrypted data generated in step S63 Are combined as a main body data part to generate individual encrypted authentication data (S70).
Then, the processes from step S60 to S70 are executed the same number of times as the number of public keys acquired in step S21 in FIG. In step S21 of FIG. 6, since two public keys PK011 and PK021 are acquired, the public key PK011 is specified by the first process (S61), the public key encrypted data C041 (S63), and the hash value H041 ( S65), encrypted hash value data CH041 (S68) and individual encrypted authentication data CD041 (S70) are generated. In the second process, the public key PK021 is specified (S61), the public key encrypted data C051 (S63), the hash value H051 (S65), the encrypted hash value data CH051 (S68), and the individual encrypted authentication data. CD051 (S70) is generated.

FIG. 10 is an activity diagram showing an operation of “printing encrypted authentication print data” in the first exemplary embodiment. Here, it is assumed that the user 150A prints the print data PD011 included in the encrypted authentication print data CD011.
When the information input unit 133 of the printer 130 receives an operation input from the user 150A, the input processing unit 138 starts input processing (S80), and notifies the encrypted authentication data search unit 139 of the start of printing (S81). ). Here, it is assumed that the user 150A inputs a decryption instruction (print start instruction).

Further, the input processing unit 138 displays a secret key input screen on the information display unit 132 (S82).
When receiving the input of the secret key SK011 from the user 150A (S83), the information input unit 133 notifies the input processing unit 138 of the input secret key SK011 and the input of the secret key (S84). The input processing unit 138 stores the notified secret key SK011 in the storage unit 131 and notifies the encryption authentication data search unit 139 that the input of the secret key has been completed.

  The encrypted authentication data search unit 139 that has received the notification of the completion of the input of the private key executes the fourth to sixth processes in order together with the decryption unit 140 and the hash value calculation unit 141 (S85 to S87), and print data get. The fourth to sixth processes will be described with reference to FIGS.

If the print data PD011 is stored in association with the corresponding data TD011 stored in the storage unit 131 after the sixth process is completed (S88), the print processing unit 142 starts the print process ( In step S89, the held print data PD011 is sent to the printing unit 135 to cause the printing unit 135 to perform printing (S90).
When printing is completed (S91), the encrypted authentication data search unit 139 deletes the encrypted authentication data CD011 to CD051.

  First, the encrypted authentication data search unit 139 starts an encrypted authentication data search process (S92), refers to the corresponding data TD011 stored in the storage unit 131, and is associated with the second common key CK021. The encrypted authentication data corresponding to the existing file name is specified from the storage unit 131, and the specified encrypted authentication data is deleted (S93). Here, the individual encrypted authentication data CD041 is deleted. Also, the encrypted authentication data search unit 139 deletes the file name of the deleted data and the second common key CK021 associated therewith in the corresponding data TD011.

  The encrypted authentication data search unit 139 starts the encrypted authentication data search process (S94), refers to the corresponding data TD011 stored in the storage unit 131, and is associated with the first common key CK011. The encrypted authentication data corresponding to one of the existing file names is specified from the storage unit 131, and the specified encrypted authentication data is deleted (S95). Here, the common encryption authentication data CD021 is deleted. Further, the encrypted authentication data search unit 139 deletes the file name of the deleted data and the first common key CK011 associated with the file name in the corresponding data TD011.

  Next, the encrypted authentication data search unit 139 refers to the correspondence data TD011 stored in the storage unit 131 and confirms the number of file names associated with the first common key CK011 (S96). If the number is greater than 0, in other words, encrypted authentication data (common encrypted authentication data) that can be decrypted with the second common key CK021 acquired in the fourth process (S85) is stored in the storage unit 131. If it remains, the process ends. On the other hand, when the number is 0, in other words, when encrypted authentication data that can be decrypted with the second common key CK021 acquired in the fourth process (S85) does not remain in the storage unit 131, The process proceeds to step S97.

  In step S97, the encrypted authentication data search unit 139 starts an encrypted authentication data search process. Then, the encrypted authentication data search unit 139 refers to the corresponding data TD011 stored in the storage unit 131, and stores the encrypted authentication data corresponding to the file name associated with the print data PD011 from the storage unit 131. The specified encrypted authentication data is deleted (S98). Here, the encrypted authentication print data CD011 is deleted. In addition, the encrypted authentication data search unit 139 also deletes the correspondence data TD011.

  When the common encrypted authentication data C021 is deleted in accordance with the print instruction of the user 150A, the common encrypted authentication data CD031 remains in the storage unit 131, and therefore the encrypted authentication print data CD011 is not deleted. When the user 150B issues a print instruction for the print data PD011 included in the encrypted authentication print data CD011, the individual encryption authentication data CD051 and the common encryption authentication data CD041 are deleted. As a result, the number of file names associated with the first common key CK011 becomes 0 in the correspondence data TD011, and the encrypted authentication print data CD011 is deleted.

  FIG. 11 is an activity diagram showing the operation of the fourth process of “printing encrypted authentication print data” in the first embodiment. In the fourth process, search and decryption of the individual encrypted authentication data are performed.

The encrypted authentication data search unit 139 starts the encrypted authentication data search process (S100), and acquires one piece of data from the encrypted authentication data stored in the storage unit 131 (S101).
Next, the encrypted authentication data search unit 139 separates the acquired encrypted authentication data into a verification data unit and a main body data unit (S102).

Next, the hash value calculation unit 141 starts a hash value calculation process (S103), and calculates a hash value of the main body data part separated in step S102 (S104). The hash value calculation unit 141 gives the calculated hash value to the encrypted authentication data search unit 139.
Also, the decryption unit 140 starts public key decryption processing (S105), and attempts to decrypt the verification data unit separated in step S102 with the private key SK011 input in step S83 of FIG. 6 (S106). If decryption of the verification data portion fails, the encrypted authentication data search portion 139 interrupts the processing, and the processing proceeds to step S114 (S107). On the other hand, if the verification data part has been successfully decoded, the process proceeds to step S108 (S107). Here, in step S83 in FIG. 6, since the private key SK011 is received from the user 150A, the encrypted authentication data acquired in step S101 is encrypted with the public key PK011 of the user 150A. In the case of the authentication authentication data CD041, the decryption is successful.
In step S108, since the decryption is successful and the hash value H041 is obtained, the decryption unit 140 provides the obtained hash value H041 to the encrypted authentication data search unit 139.

  Next, the encrypted authentication data search unit 139 compares the hash value calculated in step S104 with the hash value H041 obtained in step S108 (S109). If these hash values do not match, the encrypted authentication data search unit 139 stops the process, and the process proceeds to step S114 (S110). On the other hand, if the hash values match, the process proceeds to step S111 (S110).

  In step S111, the decryption unit 140 attempts to decrypt the main data part separated in step S102 using the secret key SK011 input in step S83 of FIG. If the decryption of the main body data part fails, the encrypted authentication data search part 139 interrupts the process, and the process proceeds to step S114 (S112). On the other hand, if the decoding of the main body data part is successful, the process proceeds to step S113 (S112).

  In step S113, since the second common key CK021 is obtained by decryption, the decryption unit 140 obtains the obtained second common key CK021 and the encrypted authentication data (here, the second common key CK021). The individual encrypted authentication data CD041) is held (S113). For example, the decryption unit 140 generates correspondence data TD011 in the storage unit 131, and associates the acquired second common key CK021 with the file name that is identification information of the individual encrypted authentication data CD041 in the correspondence data TD011. Store with attachments.

In step S <b> 114, the encrypted authentication data search unit 139 determines whether or not the above processing has been performed on all the encrypted authentication data stored in the storage unit 131. If the above processing has been performed for all encrypted authentication data, the process proceeds to step S115, and if encrypted authentication data that has not been subjected to the above processing still remains, processing is performed. Returns to step S101, and the unprocessed encrypted authentication data is processed.
In step S115, the encrypted authentication data search unit 139 determines whether or not the second common key CK021 and the encrypted authentication data that includes the second common key CK021 are held. If these are held, the process proceeds to the fifth process. If they are not held, the encrypted authentication data search unit 139 ends the process.

  FIG. 12 is an activity diagram showing the operation of the fifth process of “printing encrypted authentication print data” in the first embodiment. In the fifth process, the common encrypted authentication data is searched and decrypted.

The encrypted authentication data search unit 139 starts the encrypted authentication data search process (S120), and acquires one data from the encrypted authentication data stored in the storage unit 131 (S121).
Next, the encrypted authentication data search unit 139 separates the acquired encrypted authentication data into a verification data part and a main body data part (S122).

Next, the hash value calculation unit 141 starts a hash value calculation process (S123), and calculates a hash value of the main body data part separated in step S122 (S124). The hash value calculation unit 141 gives the calculated hash value to the encrypted authentication data search unit 139.
Further, the decryption unit 140 starts the common key decryption process (S125), and attempts to decrypt the verification data unit separated in step S122 with the second common key CK021 acquired in the fourth process (S126). If decryption of the verification data portion fails, the encrypted authentication data search portion 139 interrupts the processing, and the processing proceeds to step S134 (S127). On the other hand, if the verification data portion has been successfully decoded, the process proceeds to step S128 (S127). Here, since the decryption is performed with the second common key CK021, the encrypted authentication data acquired in step S121 is the common encryption authentication data CD021, CD031 encrypted with the second common key CK021. In that case, the decoding is successful.
In step S128, since the decryption is successful and the hash value is obtained, the decryption unit 140 provides the obtained hash value to the encrypted authentication data search unit 139. Here, the hash value H021 or the hash value H031 is obtained.

  Next, the encrypted authentication data search unit 139 compares the hash value calculated in step S124 with the hash value obtained in step S128 (S129). If these hash values do not match, the encrypted authentication data search unit 139 stops the process, and the process proceeds to step S124 (S130). On the other hand, if the hash values match, the process proceeds to step S131 (S130).

  In step S131, the decryption unit 140 attempts to decrypt the main data part separated in step S122 with the second common key CK021 acquired in the fourth process. If the decryption of the main body data part fails, the encrypted authentication data search part 139 interrupts the process, and the process proceeds to step S114 (S132). On the other hand, if the decoding of the main body data portion is successful, the process proceeds to step S133 (S132).

  In step S133, since the first common key CK011 is obtained due to the successful decryption, the decryption unit 140 obtains the obtained first common key CK011 and the encrypted authentication data (here, the first common key CK011). The common encryption authentication data CD021 or the common encryption authentication data CD031) is held (S133). For example, the decryption unit 140 includes the acquired first common key CK011 in the corresponding data TD011 stored in the storage unit 131 and the identification information of the encrypted authentication data that includes the first common key CK011. Store a file name in association with it.

In step S134, the encrypted authentication data search unit 139 determines whether or not the above processing has been performed on all the encrypted authentication data stored in the storage unit 131. If the above processing has been performed on all the encrypted authentication data, the process proceeds to step S135, and if encrypted authentication data that has not been subjected to the above processing still remains, the processing is performed. Returns to step S121, and the unprocessed encrypted authentication data is processed.
In step S135, the encrypted authentication data search unit 139 determines whether or not the first common key CK011 and the encrypted authentication data including the same are held. If these are held, the process proceeds to the sixth process. If they are not held, the encrypted authentication data search unit 139 ends the process.

  FIG. 13 is an activity diagram showing the operation of the sixth process of “printing encrypted authentication print data” in the first embodiment. In the sixth process, retrieval and decryption of the encrypted authentication print data CD011 are performed.

The encrypted authentication data search unit 139 starts an encrypted authentication data search process (S140), and acquires one piece of data from the encrypted authentication data stored in the storage unit 131 (S141).
Next, the encrypted authentication data search unit 139 separates the acquired encrypted authentication data into a verification data unit and a main body data unit (S142).

Next, the hash value calculation unit 141 starts a hash value calculation process (S143), and calculates a hash value of the main body data part separated in step S142 (S144).
Further, the decryption unit 140 starts the common key decryption process (S145), and attempts to decrypt the verification data unit separated in step S142 with the first common key CK011 acquired in the fifth process (S146). If decryption of the verification data portion fails, the encrypted authentication data search portion 139 interrupts the processing, and the processing proceeds to step S154 (S147). On the other hand, if the verification data portion has been successfully decoded, the process proceeds to step S148 (S147). Here, since decryption is performed using the first common key CK011, when the encrypted authentication data acquired in step S141 is the encrypted authentication print data CD011 encrypted using the first common key CK011. Decryption succeeds.
In step S148, since the decryption is successful and the hash value H011 is obtained, the decryption unit 140 provides the obtained hash value H011 to the encrypted authentication data search unit 139.

  Next, the encrypted authentication data search unit 139 compares the hash value calculated in step S144 with the hash value obtained in step S148 (S149). If these hash values do not match, the encrypted authentication data search unit 139 stops the process, and the process proceeds to step S154 (S150). On the other hand, if the hash values match, the process proceeds to step S151 (S150).

  In step S151, the decryption unit 140 attempts to decrypt the main body data part separated in step S142 with the first common key CK011 acquired in the fifth process. If the decryption of the main body data part fails, the encrypted authentication data search part 139 interrupts the process, and the process proceeds to step S154 (S152). On the other hand, if the decoding of the main data portion is successful, the process proceeds to step S153 (S152).

  In step S153, since the print data PD011 is obtained due to the success of the decryption, the decryption unit 140 obtains the obtained print data PD011 and the encrypted authentication data (here, the encrypted authentication print) including the print data PD011. Data CD011) is held. For example, the decoding unit 140 stores the obtained print data PD011 in the storage unit 131, and in the corresponding data TD011 stored in the storage unit 131, a file name that is identification information of the acquired print data PD011 and The file name which is the identification information of the encrypted authentication data including the print data PD011 is stored in association with each other.

  In step S154, the encrypted authentication data search unit 139 determines whether or not the above processing has been performed on all the encrypted authentication data stored in the storage unit 131. If the above processing has been performed for all the encrypted authentication data, the processing proceeds to step S88 in FIG. 10, and if the encrypted authentication data that has not been subjected to the above processing still remains. The process returns to step S141 to process the unprocessed encrypted authentication data.

  As described above, according to the first embodiment, an external server is not necessary unlike the prior art. Moreover, since there is only one encrypted authentication print data having a large size, the storage capacity can be reduced. Furthermore, after all users who have been permitted to print print (decrypt), the encrypted authentication print data including the print data is deleted, so that the management of printing (decryption) can be easily performed. . Specifically, since the data included in the second data corresponds to the number of users who have not performed printing (decoding), the number of data included in the second data is managed. The number of users who are not printing (decoding) can be managed.

Embodiment 2. FIG.
FIG. 14 is a schematic diagram showing a multifunction machine 200 as an information processing apparatus according to the second embodiment. The multi-function device 200 is also an image forming apparatus that reads a document and performs printing. In addition, the information processing method according to the second embodiment is realized by the processing performed by the multifunction device 200.
Users 250 </ b> A to 250 </ b> C are users of the multifunction device 200. The multi-function device 200 generates encrypted authentication print data in accordance with the operation of the user 250C, performs decryption in accordance with the operations of the user 250A and the user 250B, and processes the decrypted data.
The document DOC12 is a manuscript that is read by the multi-function peripheral 200 and serves as a source of the document data D012.
Note that the reference numerals in parentheses shown in FIG. 14 indicate the configuration in the fourth embodiment.

FIG. 15 is a block diagram schematically showing the configuration of the multifunction machine 200 according to the second embodiment.
The multifunction device 200 includes a storage unit 211, a document reading unit 212, an information display unit 213, an information input unit 214, a printing unit 215, and a control unit 216.
In addition, the code | symbol in the parenthesis of FIG. 15 has shown the structure in Embodiment 4. FIG.

The storage unit 211 stores data necessary for processing in the multifunction device 200.
FIG. 16 is a schematic diagram showing data stored in the storage unit 211. In the second embodiment, the storage unit 211 stores an authentication list D032, document data D012, user name UN012, correspondence data TD012, encrypted authentication data CD012 to CD052, and print data PD012. Note that the document data D012, the user name UN012, and the encrypted authentication data CD012 to CD052 are dynamic elements that are generated and deleted in the multi-function device 200, and thus are indicated by broken lines.

The authentication list D032 is data including authentication information for each user. In the second embodiment, authentication information AD012 of user 250A and authentication information AD022 of user 250B are recorded. For example, the authentication information AD012 is the user name and password of the user 250A, and the authentication information AD022 is the user name and password of the user 250B.
The document data D012 is data read from the document DOC12 by the document reading unit 212. The document data D012 is data that is the basis of print data to be printed by the multifunction device 200.
The user name UN012 is identification information for identifying the user 250A input by the user 250A via the information input unit 214.

  Corresponding data TD012 associates the print data with the encrypted authentication data that includes the print data, associates the first common key with the encrypted authentication data that includes the first common key, and This is data in which the encrypted authentication data including the second common key and the second common key is associated. The correspondence data TD012 is data that is generated and updated in the process of acquiring print data from the encrypted authentication data CD012 to CD052.

The encrypted authentication data CD012 to CD052 are data obtained by combining encrypted data obtained by encrypting data with a key as a main data portion and encrypted data obtained by encrypting a hash value of the main data portion with a key as a verification data portion. . In the second embodiment, the encrypted authentication data CD012 to CD052 are generated by the control unit 216.
Also in the second embodiment, the encrypted authentication data CD012 to CD052 are composed of encrypted authentication print data CD012, common encrypted authentication data CD022, CD032, and individual encrypted authentication data CD042, CD052. . However, the multifunction device 200 does not identify the type of each of these data, but merely identifies them as a plurality of encrypted authentication data CD012 to CD052. Note that the encrypted authentication print data CD012 corresponds to first data that is at least partially encrypted. Further, the common encryption authentication data CD022, CD032 and the individual encryption authentication data CD042, CD052 correspond to the number of data corresponding to the number of a plurality of users permitted to decrypt the first data. In other words, the common encryption authentication data CD022, CD032 and the individual encryption authentication data CD042, CD052 as a whole correspond to the second data. Here, the common encryption authentication data CD022, CD032 corresponds to third data having at least a portion obtained by encrypting the first key that can decrypt the first data. The individual encrypted authentication data CD042 and CD052 correspond to fourth data having at least a portion obtained by encrypting the second key capable of decrypting the third data.

  The print data PD012 is data decrypted from the encrypted authentication data CD012 to CD052.

Returning to the description of FIG. 15, the document reading unit 212 is a reading unit that reads the document data D012 from the document DOC1.
The information display unit 213 is a display unit that displays a screen.
The information input unit 214 is an input unit that receives an operation input from a user.
The printing unit 215 performs printing based on the print data.

The control unit 216 controls the entire processing in the multifunction device 200. For example, the control unit 216 performs the decoding of the first data in accordance with the decoding instructions of each of the plurality of users, and deletes the data included in the second data each time the first data is decoded. Then, when the number of data included in the second data reaches a predetermined number, the first data is deleted. Specifically, the control unit 216 generates encrypted authentication data CD012 to CD052. Further, the control unit 216 decrypts the print data PD012 from the encrypted authentication data CD012 to CD052. Further, the control unit 216 determines whether or not all of the plurality of users who are permitted to print have issued a decryption instruction from the encrypted authentication data CD012 to CD052 to the print data PD012, and according to the determination result. Then, the encrypted authentication data CD012 to CD052 are deleted.
In the second embodiment, the control unit 216 includes an input processing unit 217, an authentication unit 218, a print data generation unit 219, a key generation unit 220, an encryption unit 221, a hash value calculation unit 222, and an encryption unit. An encrypted data combination unit 223, an encrypted authentication data search unit 224, a decryption unit 225, and a print processing unit 226.

  The input processing unit 217 displays a predetermined screen on the information display unit 213, and receives an input of a necessary operation from the user via the displayed screen and the information input unit 214. For example, the input processing unit 217 receives an input of a print instruction from the document data D012 stored in the storage unit 211 from the information input unit 214 via the screen displayed on the information display unit 213. Further, the input processing unit 217 receives input of the user name of the user who is permitted to print the print data from the information input unit 214 via the screen displayed on the information display unit 213. Further, the input processing unit 217 receives input of a user name and a password necessary for authentication from the user from the information input unit 214 via the screen displayed on the information display unit 213.

  The authentication unit 218 authenticates a user who uses the multifunction device 200. For example, the authentication unit 218 receives an input of at least one of a user name and a password from a user who uses the multifunction device 200 via the information input unit 214, and the input information is stored in the storage unit 211. Authentication is performed depending on whether or not it is stored in the authentication list D032 as authentication information.

The print data generation unit 219 converts the document data received by the input processing unit 217 into print data that can be printed by the printing unit 215.
The key generation unit 220 generates a key used for encryption. In the second embodiment, the key generation unit 220 executes a common key generation process for generating a first common key and a second common key.

The encryption unit 221 encrypts data using the key. In the second embodiment, the encryption unit 221 performs a common key encryption process for performing encryption based on a common key encryption method.
Specifically, as illustrated in FIG. 16, the encryption unit 221 encrypts the print data PD012 generated by the print data generation unit 219 with the first common key CK012 generated by the key generation unit 220. As a result, encrypted print data C012 is generated.
Further, the encryption unit 221 encrypts the first common key CK012 generated by the key generation unit 220 with the second common key CK022 generated by the key generation unit 220, so that the common key encrypted data C022, C032 is generated. Here, the common key encrypted data C022 and the common key encrypted data C032 are the same data. Note that the same number of common key encrypted data C022 and C032 is generated as the number of users who are permitted to print the print data PD012.
Further, the encryption unit 221 encrypts the second common key CK022 generated by the key generation unit 220 with the third common keys CK0312 and CK0322 generated based on the user identification information (here, the user name). Thus, the common key encrypted data C042 and C052 are generated. The third common key CK0312 is a common key generated from the user name of the user 250A, and the third common key CK0322 is a common key generated from the user name of the user 250B. For example, the third common keys CK0312 and CK0322 are generated by adding predetermined data to the user name so as to have a predetermined number of bits. Here, the common key encrypted data C042 is data encrypted using the third common key CK0312, and the common key encrypted data C052 is data encrypted using the third common key CK0322. . In other words, in the second embodiment, the user name is handled as information that can generate the third common keys CK0312 and CK0322. The public key encrypted data C041 and C051 are generated in the same number as the number of users who are permitted to print the print data PD011.
Then, the encryption unit 221 generates the encrypted hash value data CH012 by encrypting the hash value H012 calculated by the hash value calculation unit 222 with the first common key CK012 generated by the key generation unit 220. To do. Further, the encryption unit 221 encrypts the hash values H022 and H032 calculated by the hash value calculation unit 220 with the second common key CK022 generated by the key generation unit 220, so that the encrypted hash value data CH022 is obtained. , CH032. Here, the encrypted hash value data CH022 and the encrypted hash value data CH032 are the same data. Further, the encryption unit 221 encrypts the hash values H042 and H052 calculated by the hash value calculation unit 222 with the third common keys CK0312 and CK0322, thereby generating encrypted hash value data CH042 and CH052. Here, the encrypted hash value data CH042 is data encrypted with the third common key CK0312, and the encrypted hash value data CH052 is data encrypted with the third common key CK0322.

  The hash value calculation unit 222 calculates a hash value of data. Specifically, as illustrated in FIG. 16, the hash value calculation unit 222 includes the hash value H012 of the encrypted print data C012, the hash values H022 and H032 of the common key encrypted data C022 and C032, and the common key encryption. Hash values H042 and H052 of the digitized data C042 and C052 are calculated.

The encrypted data combining unit 223 combines two pieces of encrypted data and generates one piece of encrypted data.
Specifically, as illustrated in FIG. 16, the encrypted data combining unit 223 combines the encrypted print data C012 and the encrypted hash value data CH012 to generate the encrypted authentication print data CD012. Generate.
Further, the encrypted data combining unit 223 generates common encrypted authentication data CD022 and CD032 by combining the common key encrypted data C022 and C032 and the encrypted hash value data CH022 and CH032, respectively. Here, the common encryption authentication data CD022 and the common encryption authentication data CD032 are the same data. The common encrypted authentication data CD022 and CD032 are generated in the same number as the number of users permitted to print the print data PD012.
Further, the encrypted data combining unit 223 generates the individual encrypted authentication data CD042 and CD052 by combining the common key encrypted data C042 and C052 with the encrypted hash value data CH042 and CH052. The individual encrypted authentication data CD042 and CD052 are generated in the same number as the number of users permitted to print the print data PD012.
The encrypted data combining unit 223 stores the encrypted authentication print data CD012, the common encrypted authentication data CD022, CD032, and the individual encrypted authentication data CD042, CD052 generated in the above manner in the storage unit 211. Remember.

  The encrypted authentication data search unit 224 searches the encrypted authentication data CD012 to CD052 stored in the storage unit 211. Also, the encrypted authentication data search unit 224 deletes the encrypted authentication data CD012 to CD052 according to the decryption status by the user who is permitted to print the print data PD012.

The decryption unit 225 decrypts the encrypted data using the key. In Embodiment 2, the decryption unit 225 executes a common key decryption process for performing decryption based on the common key encryption method.
Specifically, the decryption unit 225 decrypts the individual encrypted authentication data CD042 and CD052 with the third common keys CK0312 and CK0322 generated based on the user name that has received the input from the user, so that the second common Key CK022 and hash values H042, H052 are acquired.
The decryption unit 225 obtains the first common key CK012 and the hash values H022 and H032 by decrypting the common encrypted authentication data CD022 and CD032 with the second common key CK022 obtained as described above. .
Then, the decryption unit 225 obtains the print data PD012 and the hash value H012 by decrypting the encrypted authentication print data CD012 with the first common key CK012 obtained as described above.

The print processing unit 226 sends the print data PD012 decrypted by the decryption unit 225 to the printing unit 215 to perform printing.
Here, the control unit 216 and the storage unit 211 configure the data generation apparatus and the data storage apparatus in the second embodiment.

The storage unit 211 described above can be realized, for example, by using an external storage device such as a RAM or HDD in which the CPU functions as a work memory. The information display unit 213 can be realized by using a display device such as a display. The information input unit 214 can be realized by the CPU using an input device such as an operation button. The control unit 216 can be realized by loading a predetermined program stored in the external storage device into the RAM and executing it by the CPU.
The document data D012, the user name UD012, and the corresponding data TD012 are preferably stored in the RAM, and the authentication list D032 and the encrypted authentication data CD011 to CD051 are stored in an external storage device such as an HDD. Is desirable.
However, these are not limited to those realized by software using a CPU. For example, it may be realized in hardware by an integrated logic IC such as ASIC or FPGA, or may be realized in software by a DSP or the like. Alternatively, a component specialized for a specific application may be realized by hardware such as an installed expansion board, and other general-purpose components may be realized by software using a CPU.

(Description of operation)
FIG. 17 is an activity diagram showing an operation of “generation of encrypted authentication print data” in the second embodiment.
When the information input unit 214 receives an operation input from the user 250C, the input processing unit 217 of the control unit 216 starts input processing (S160).
The print data generation unit 219 notifies the document reading unit 212 of the start of document reading (S161), and the document reading unit 212 starts the document reading process (S162).
The document reading unit 212 reads the document DOC12, generates document data D012 (S163), and stores it in the storage unit 211 (S164).

The print data generation unit 219 starts print data generation processing based on the read document data D012 (S165), and generates print data PD012 from the document data D012 (S166).
Also, the input processing unit 217 acquires the authentication list D032 stored in the storage unit 211 (S167). Then, the input processing unit 217 causes the information display unit 213 to display the user names included in the respective authentication information AD012 and AD022 included in the authentication list D032 (S168).
The information input unit 214 receives selection of user names of one or more users who are permitted to print the print data PD012 from the user names displayed on the information display unit 213 (S169). Here, it is assumed that the user names of the users 250A and 250B are selected by the user 250C. Then, the information input unit 214 notifies the key generation unit 220 and the encryption unit 221 that the user name has been selected (S170). Here, the information input unit 214 also notifies the encryption unit 221 of the user name selected in step S169.

  Upon receiving the selection completion notification, the key generation unit 220 starts a common key generation process (S171), and generates a first common key CK012 and a second common key CK022 (S172). The generated first common key CK012 and second common key CK022 are given to the encryption unit 221.

  The encryption unit 221 that has acquired the first common key CK012, the second common key CK022, and the user name of the user who is permitted to print, together with the hash value calculation unit 222 and the encrypted data combination unit 223, Nine processes are executed in parallel (S173 to S175), and encrypted authentication data CD012 to CD052 are generated. The seventh to ninth processes will be described with reference to FIGS.

  When the seventh to ninth processes are completed, the encrypted data combining unit 223 stores all the encrypted authentication data CD012 to CD052 in the storage unit 211 (S176).

  FIG. 18 is an activity diagram showing the operation of the seventh process of “generation of encrypted authentication print data” in the second embodiment. In this seventh process, encrypted authentication print data CD012 is generated.

The encryption unit 221 starts a common key encryption process (S180), encrypts the print data PD012 with the first common key CK012 (S181), and generates encrypted print data C012 (S182).
Next, the hash value calculation unit 222 starts a hash value calculation process (S183), and calculates a hash value H012 of the encrypted print data C012 (S184).

Next, the encryption unit 221 starts a common key encryption process (S185), encrypts the hash value H012 with the first common key CK012 (S186), and generates encrypted hash value data CH012 (S187).
Next, the encrypted data combining unit 223 starts the encrypted data combining process (S188), combines the encrypted hash value data CH012 as the verification data unit and the encrypted print data C012 as the main body data unit, and encrypts authentication. Print data CD012 is generated (S189).

  FIG. 19 is an activity diagram showing the operation of the eighth process of “generation of encrypted authentication print data” in the second embodiment. In this eighth process, common encryption authentication data CD022, CD032 are generated.

The encryption unit 221 starts a common key encryption process (S190), encrypts the first common key CK012 with the second common key CK022 (S191), and generates common key encrypted data (S192).
Next, the hash value calculation unit 222 starts a hash value calculation process (S193), and calculates a hash value of the common key encrypted data generated in step S192 (S194).

  Next, the encryption unit 221 starts a common key encryption process (S195), encrypts the hash value calculated in step S194 with the second common key CK022 (S196), and generates encrypted hash value data. (S197).

Next, the encrypted data combining unit 223 starts the encrypted data combining process (S198), uses the encrypted hash value data generated in step S197 as the verification data unit, and the common key encrypted data generated in step S192. Are combined as a main body data part to generate common encrypted authentication data (S199).
Then, the processes from step S190 to S199 are executed as many times as the number of user names selected in step S169 in FIG. 17 based on the determination of the encryption unit 221 (S200). Since two user names of the user 250A and the user 250B are selected in step S169 in FIG. 17, the common key encrypted data C022 (S191), the hash value H022 (S194), and the encrypted hash value are obtained in the first process. Data CH022 (S197) and common encryption authentication data CD022 (S199) are generated. In the second process, the common key encrypted data C032 (S191), the hash value H032 (S194), the encrypted hash value data CH032 (S197), and the common encrypted authentication data CD032 (S199) are generated.

  FIG. 20 is an activity diagram showing the operation of the ninth process of “generation of encrypted authentication print data” in the second embodiment. In this ninth process, individual encrypted authentication data CD042, CD052 are generated.

  The encryption unit 221 starts the common key encryption process (S210), and identifies one user name that has not been used for encryption in step S212 among the user names selected in step S169 in FIG. (S211). Then, the encryption unit 221 generates a third common key using the identified user name, encrypts the second common key CK021 with the generated third common key (S212), and stores the common key encrypted data Is generated (S213).

Next, the hash value calculation unit 222 starts a hash value calculation process (S214), and calculates a hash value of the common key encrypted data generated in step S213 (S215).
Next, the encryption unit 221 starts a common key encryption process (S216), and uses the third common key generated using the user name specified in step S211 and the hash value calculated in step S215. Encryption is performed (S217), and encrypted hash value data is generated (S218).
Next, the encrypted data combining unit 223 starts the encrypted data combining process (S219), uses the encrypted hash value data generated in step S218 as the verification data unit, and the common key encrypted data generated in step S213. Are combined as a main body data part to generate individual encrypted authentication data (S220).
The processing from step S210 to step S220 is executed as many times as the number of user names selected in step S169 in FIG. 17 based on the determination of the encryption unit 221 (S221). Since two user names of the user 250A and the user 250B are selected in step S169 in FIG. 17, the user name of the user 250A is specified in the first process (S211), and the common key encrypted data C042 ( S213), hash value H042 (S215), encrypted hash value data CH042 (S218), and individual encrypted authentication data CD042 (S220) are generated. In the second processing, the user name of the user 250B is specified (S211), the common key encrypted data C052 (S213), the hash value H052 (S215), the encrypted hash value data CH052 (S218), and the individual encryption Authentication data CD052 (S220) is generated.

FIG. 21 is an activity diagram showing an operation of “printing encrypted authentication print data” in the second exemplary embodiment. Here, it is assumed that the user 250A prints the print data PD012 included in the encrypted authentication print data CD012.
When the information input unit 214 receives an operation (decryption instruction) input from the user 250A, the input processing unit 217 starts the input process (S230), and notifies the encrypted authentication data search unit 224 of the start of printing (S230). S231).

Further, the input processing unit 217 displays a user name and password input screen on the information display unit 213 (S232).
When the information input unit 214 receives a user name and password input from the user 250A (S233), the information input unit 214 notifies the authentication unit 218 of the input user name and password and completion of the input (S234).

  The authentication unit 218 acquires the authentication list D032 stored in the storage unit 211 (S235), and authenticates the user name and password notified in step S234 (S236). If the authentication is successful, the process proceeds to step S238 (S237), and if the authentication fails, the process ends (S237). If the authentication is successful, the authentication unit 218 stores the authenticated user name (here, the user name UN012 of the user 250A) in the storage unit 211, and the authentication completion is stored in the encrypted authentication data search unit 224. Notice.

  Next, the encrypted authentication data search unit 224 that has received the notification of the completion of authentication executes the tenth to twelfth processes in order together with the decryption unit 225 and the hash value calculation unit 222 (S238 to S240), and print data get. The tenth to twelfth processes will be described with reference to FIGS.

When the print data PD012 is stored in association with the corresponding data TD012 stored in the storage unit 211 after the end of the twelfth process (S241), the print processing unit 226 starts print processing ( In step S242, the held print data PD012 is sent to the printing unit 215, and the printing unit 215 performs printing (S243).
When printing is completed (S244), the encrypted authentication data search unit 224 deletes the encrypted authentication data CD012 to CD052.

  First, the encrypted authentication data search unit 224 starts an encrypted authentication data search process (S245), refers to the corresponding data TD012 stored in the storage unit 211, and is associated with the second common key CK022. The encrypted authentication data corresponding to the existing file name is specified from the storage unit 211, and the specified encrypted authentication data is deleted (S246). Here, the individual encrypted authentication data CD042 is deleted. Also, the encrypted authentication data search unit 224 deletes the file name of the deleted data and the second common key CK022 associated therewith in the corresponding data TD012.

  Also, the encrypted authentication data search unit 224 starts the encrypted authentication data search process (S247), refers to the corresponding data TD012 stored in the storage unit 211, and is associated with the first common key CK012. The encrypted authentication data corresponding to one of the existing file names is specified from the storage unit 211, and the specified encrypted authentication data is deleted (S248). Here, the common encryption authentication data CD022 is deleted. Also, the encrypted authentication data search unit 224 deletes the file name of the deleted data and the first common key CK011 associated with the file name in the correspondence data TD012.

  Next, the encrypted authentication data search unit 139 refers to the correspondence data TD012 stored in the storage unit 211 and confirms the number of file names associated with the first common key CK012 (S249). If the number is larger than 0, in other words, the encrypted authentication data (common encrypted authentication data) that can be decrypted with the second common key CK022 acquired in the tenth process (S238) is stored in the storage unit 211. If it remains, the process ends. On the other hand, when the number is 0, in other words, encrypted authentication data (common encrypted authentication data) that can be decrypted with the second common key CK022 acquired in the tenth process (S238) is stored in the storage unit 211. If not, the process proceeds to step S250.

  In step S250, the encrypted authentication data search unit 224 starts an encrypted authentication data search process. Then, the encrypted authentication data search unit 224 refers to the corresponding data TD012 stored in the storage unit 211, and stores the encrypted authentication data corresponding to the file name associated with the print data PD012 from the storage unit 211. The specified encrypted authentication data is deleted (S251). Here, the encrypted authentication print data CD012 is deleted. Further, the encrypted authentication data search unit 224 also deletes the correspondence data TD012.

  Note that when the user 250A issues a decryption instruction and the print data PD012 is decrypted and printed, the common encrypted authentication data CD032 remains in the storage unit 221, so the encrypted authentication print data CD012 is not deleted. . When the user 250B prints the print data PD012 included in the encrypted authentication print data CD012, the individual encryption authentication data CD052 and the common encryption authentication data CD042 are deleted. As a result, the number of file names associated with the first common key CK012 becomes 0 in the correspondence data TD012, and the encrypted authentication print data CD012 is deleted.

  FIG. 22 is an activity diagram showing the operation of the tenth process of “printing encrypted authentication print data” in the second embodiment. In the tenth process, search and decryption of the common encrypted authentication data encrypted with the third common key generated from the user name is performed.

The encrypted authentication data search unit 224 starts an encrypted authentication data search process (S260), and acquires one piece of data from the encrypted authentication data stored in the storage unit 211 (S261).
Next, the encrypted authentication data search unit 224 separates the acquired encrypted authentication data into a verification data part and a main body data part (S262).

Next, the hash value calculation unit 222 starts a hash value calculation process (S263), and calculates a hash value of the main body data part separated in step S262 (S264). Note that the hash value calculation unit 222 gives the calculated hash value to the encrypted authentication data search unit 224.
Also, the decryption unit 225 starts the common key decryption process (S265), generates a third common key based on the user name that has been successfully authenticated in step S237 of FIG. 21, and uses the generated third common key. The verification data part separated in step S262 is tried to be decoded (S266). If decryption of the verification data part fails, the encrypted authentication data search part 224 interrupts the process, and the process proceeds to step S274 (S267). On the other hand, if the verification data portion has been successfully decoded, the process proceeds to step S268 (S267). Here, in step S236 of FIG. 21, since the authentication is successful with the user name of the user 250A, the encrypted authentication data acquired in step S261 is generated by using the third common key CK0312 generated from the user name of the user 250A. In the case of the individual encrypted authentication data CD042 encrypted in (4), the decryption is successful.
In step S268, since the decryption is successful and the hash value H042 is obtained, the decryption unit 225 provides the obtained hash value H042 to the encrypted authentication data search unit 224.

  Next, the encrypted authentication data search unit 224 compares the hash value calculated in step S264 with the hash value H042 obtained in step S268 (S269). If these hash values do not match, the encrypted authentication data search unit 224 interrupts the process, and the process proceeds to step S274 (S270). On the other hand, if the hash values match, the process proceeds to step S271 (S270).

  In step S271, the decryption unit 225 attempts to decrypt the main body data part separated in step S262 with the third common key CK0312 generated from the user name of the user 250A. If the decryption of the main body data part fails, the encrypted authentication data search part 224 interrupts the process, and the process proceeds to step S274. On the other hand, if the decoding of the main body data portion is successful, the process proceeds to step S273.

  In step S273, since the second common key CK022 is obtained by decryption, the decryption unit 225 obtains the obtained second common key CK022 and the encrypted authentication data (here, the second common key CK022). The individual encrypted authentication data CD042) is held (S273). For example, the decryption unit 225 generates correspondence data TD012 in the storage unit 211, and associates the acquired second common key CK022 with the file name that is identification information of the individual encrypted authentication data CD042 in the correspondence data TD012. Store with attachments.

In step S274, the encrypted authentication data search unit 224 determines whether the above processing has been performed on all the encrypted authentication data stored in the storage unit 221. If the above processing has been performed for all encrypted authentication data, the process proceeds to step S275, and if encrypted authentication data that has not been subjected to the above processing still remains, the processing is performed. Returns to step S261 to process the unprocessed encrypted authentication data.
In step S275, the encrypted authentication data search unit 224 determines whether or not the second common key CK022 and the encrypted authentication data including the same are held. If they are held, the process proceeds to the eleventh process. If they are not held, the encrypted authentication data search unit 224 ends the process.

  FIG. 23 is an activity diagram showing the operation of the eleventh process of “printing encrypted authentication print data” in the second embodiment. In the eleventh process, the common encrypted authentication data encrypted with the second common key is searched and decrypted.

The encrypted authentication data search unit 224 starts the encrypted authentication data search process (S280), and acquires one piece of data from the encrypted authentication data stored in the storage unit 211 (S281).
Next, the encrypted authentication data search unit 224 separates the acquired encrypted authentication data into a verification data part and a main body data part (S282).

Next, the hash value calculation unit 222 starts a hash value calculation process (S283), and calculates a hash value of the main body data part separated in step S282 (S284). Note that the hash value calculation unit 222 gives the calculated hash value to the encrypted authentication data search unit 224.
Also, the decryption unit 225 starts the common key decryption process (S285), and attempts to decrypt the verification data part separated in step S282 with the second common key CK022 acquired in the tenth process (S286). If decryption of the verification data part fails, the encrypted authentication data search part 224 interrupts the process, and the process proceeds to step S294 (S287). On the other hand, if the verification data portion has been successfully decoded, the process proceeds to step S288 (S287). Here, since the decryption is performed with the second common key CK022, the encrypted authentication data acquired in step S281 is the common encrypted authentication data CD022, CD032 encrypted with the second common key CK022. In that case, the decoding is successful.
In step S288, since the decryption is successful and the hash value is obtained, the decryption unit 225 provides the obtained hash value to the encrypted authentication data search unit 224. Here, the hash value H022 or the hash value H032 is obtained.

  Next, the encrypted authentication data search unit 224 compares the hash value calculated in step S284 with the hash value obtained in step S288 (S289). If these hash values do not match, the encrypted authentication data search unit 224 stops the process, and the process proceeds to step S294 (S290). On the other hand, if the hash values match, the process proceeds to step S291 (S290).

  In step S291, the decryption unit 225 attempts to decrypt the main data part separated in step S282 with the second common key CK022 acquired in the tenth process. If the decryption of the main body data part fails, the encrypted authentication data search part 224 interrupts the process, and the process proceeds to step S294 (S292). On the other hand, if the decoding of the main body data portion is successful, the process proceeds to step S293 (S292).

  In step S293, since the first common key CK012 is obtained due to the successful decryption, the decryption unit 225 obtains the obtained first common key CK012 and the encrypted authentication data (here, the first common key CK012). The common encryption authentication data CD022 or common encryption authentication data CD032) is held (S293). For example, the decryption unit 225 uses the acquired first common key CK012 in the corresponding data TD012 stored in the storage unit 211 and the identification information of the encrypted authentication data that includes the first common key CK012. Store a file name in association with it.

In step S294, the encrypted authentication data search unit 224 determines whether or not the above processing has been performed on all the encrypted authentication data stored in the storage unit 211. If the above processing has been performed on all encrypted authentication data, the process proceeds to step S295. If encrypted authentication data that has not been subjected to the above processing still remains, processing is performed. Returns to step S281 to process the unprocessed encrypted authentication data.
In step S295, the encrypted authentication data search unit 224 determines whether or not the first common key CK012 and the encrypted authentication data that includes the first common key CK012 are held. If they are held, the process proceeds to the twelfth process. If they are not held, the encrypted authentication data search unit 224 ends the process.

  FIG. 24 is an activity diagram showing the operation of the twelfth process of “printing encrypted authentication print data” in the second embodiment. In the twelfth process, the encrypted authentication print data CD012 is searched and decrypted.

The encrypted authentication data search unit 224 starts the encrypted authentication data search process (S300), and acquires one piece of data from the encrypted authentication data stored in the storage unit 211 (S301).
Next, the encrypted authentication data search unit 224 separates the acquired encrypted authentication data into a verification data part and a main body data part (S302).

Next, the hash value calculation unit 222 starts a hash value calculation process (S303), and calculates the hash value of the main body data part separated in step S302 (S304).
Also, the decryption unit 225 starts the common key decryption process (S305), and attempts to decrypt the verification data part separated in step S302 with the first common key CK012 acquired in the eleventh process (S306). If decryption of the verification data part fails, the encrypted authentication data search part 224 interrupts the process, and the process proceeds to step S314 (S307). On the other hand, if the verification data portion has been successfully decoded, the process proceeds to step S308 (S307). Here, since the decryption is performed using the first common key CK012, when the encrypted authentication data acquired in step S301 is the encrypted authentication print data CD012 encrypted using the first common key CK012. Decryption succeeds.
In step S308, since the decryption is successful and the hash value H012 is obtained, the decryption unit 225 provides the obtained hash value H012 to the encrypted authentication data search unit 224.

  Next, the encrypted authentication data search unit 224 compares the hash value calculated in step S304 with the hash value obtained in step S308 (S309). If these hash values do not match, the encrypted authentication data search unit 224 stops the process, and the process proceeds to step S314 (S310). On the other hand, if the hash values match, the process proceeds to step S311 (S310).

  In step S311, the decryption unit 225 attempts to decrypt the main data portion separated in step S302 with the first common key CK012 acquired in the eleventh process. If the decryption of the main body data part fails, the encrypted authentication data search part 224 interrupts the process, and the process proceeds to step S314 (S312). On the other hand, if the decoding of the main body data portion has succeeded, the process proceeds to step S313.

  In step S313, since the print data PD012 is obtained due to the successful decryption, the decryption unit 225 includes the obtained print data PD012 and the encrypted authentication data (here, encrypted authentication print) including the print data PD012. Data CD012) is held. For example, the decryption unit 225 stores the acquired print data PD012 in the storage unit 211, and in the corresponding data TD012 stored in the storage unit 211, a file name that is identification information of the acquired print data PD012 and The file name which is the identification information of the encrypted authentication data including the print data PD012 is stored in association with each other.

  In step S <b> 314, the encrypted authentication data search unit 224 determines whether the above processing has been performed on all the encrypted authentication data stored in the storage unit 211. If the above processing has been performed on all the encrypted authentication data, the processing proceeds to step S241 in FIG. 21, and if the encrypted authentication data that has not been subjected to the above processing still remains. Returns to step S301 to process the unprocessed encrypted authentication data.

  According to the second embodiment, unlike the first embodiment, since no network is used, there is no risk of eavesdropping and tampering.

  In the first and second embodiments described above, the first common keys CK011 and CK012 and the second common keys CK021 and CK022 are used. However, the present invention is not limited to such an example. For example, the key generation units 118 and 220 generate a first key pair including a first encryption key and a first decryption key instead of the first common keys CK011 and CK012, and the second common keys CK021 and CK022 Alternatively, a second key pair composed of the second encryption key and the second decryption key can be generated. Then, the encryption units 119 and 221 encrypt the data using the first encryption key instead of the first common keys CK011 and CK012, and use the second encryption key instead of the second common keys CK021 and CK022. Data can be encrypted. In addition, the decryption units 140 and 225 decrypt the data using the first decryption key instead of the first common keys CK011 and CK012, and the data using the second decryption key instead of the second common keys CK021 and CK022. Can be decrypted.

Embodiment 3 FIG.
(Description of configuration)
As shown in FIG. 1, the data management system 300 according to the third embodiment includes a client PC 310 and a printer 330. The client PC 310 and the printer 330 are connected to the network 140. Note that the processing performed by the data management system 300 realizes the information processing method according to the third embodiment.
In the following description, it is assumed that the user 150A and the user 150B are users of the printer 330, and the user 150C is a user of the client PC 310.
The client PC 310 generates encrypted authentication print data that can be decrypted by the user 150A and the user 150B in the printer 330 in accordance with the operation of the user 150C. The printer 330 decrypts the encrypted authentication print data generated by the client PC 310 in accordance with the operation of the user 150A and the user 150B, and processes the decrypted data.

  As illustrated in FIG. 2, the client PC 310 in the third embodiment includes a storage unit 311, an information display unit 112, an information input unit 113, a communication unit 114, and a control unit 315. The client PC 310 according to the third embodiment is different from the client PC 110 according to the first embodiment in terms of information stored in the storage unit 311 and control in the control unit 315.

The storage unit 311 stores data necessary for processing in the client PC 310.
FIG. 25 is a schematic diagram showing data stored in the storage unit 311. In the third embodiment, the storage unit 311 stores document data D011, a public key list D021, and encrypted authentication data CD013 to CD033. The storage unit 311 in the third embodiment is different from the storage unit 111 in the first embodiment in that it stores encrypted authentication data CD013 to CD033 instead of the encrypted authentication data CD011 to CD051. Note that the encrypted authentication data CD013 to CD033 are dynamic elements that are generated and deleted in the client PC 310, and thus are indicated by broken lines.

The encrypted authentication data CD013 to CD033 are data obtained by combining encrypted data obtained by encrypting data with a key as a main body data portion and encrypted data obtained by encrypting a hash value of the main body data portion with a key as a verification data portion. . In the third embodiment, the encrypted authentication data CD013 to CD033 are generated by the control unit 315.
In the third embodiment, the encrypted authentication data CD013 to CD033 are composed of encrypted authentication print data CD013 and individual encrypted authentication data CD023 and CD033. However, the client PC 310 does not identify each of these types of data, but merely identifies them as a plurality of encrypted authentication data CD013 to CD033. The encrypted authentication print data CD013 corresponds to the first data that is at least partially encrypted. The individual encrypted authentication data CD023 and CD033 correspond to the number of data corresponding to the number of users who are permitted to decrypt the first data. In other words, the entire individual encrypted authentication data CD023 and CD033 correspond to the second data. Here, the individual encrypted authentication data CD023 and CD033 correspond to third data having at least a portion obtained by encrypting the first key capable of decrypting the first data.

Returning to the description of FIG. 2, the control unit 315 controls the entire processing in the client PC 310. For example, the control unit 315 generates encrypted authentication data CD013 to CD033.
In the third embodiment, the control unit 315 includes an input processing unit 116, a print data generation unit 117, a key generation unit 318, an encryption unit 319, a hash value calculation unit 320, and an encrypted data combination unit 321. And a transmission unit 122.
The control unit 315 in the third embodiment is different from the control unit 115 in the first embodiment in the processing in the key generation unit 318, the encryption unit 319, the hash value calculation unit 320, and the encrypted data combination unit 321.

  The key generation unit 318 generates a key used for encryption. In the third embodiment, the key generation unit 318 executes a common key generation process for generating a fourth common key.

The encryption unit 319 encrypts data using the key. In Embodiment 3, the encryption unit 319 performs a common key encryption process for performing encryption based on the common key encryption system and a public key encryption process for performing encryption based on the public key encryption system. Run.
Specifically, as illustrated in FIG. 25, the encryption unit 319 encrypts the print data PD011 generated by the print data generation unit 117 with the fourth common key CK04 generated by the key generation unit 318. As a result, encrypted print data C013 is generated.
In addition, the encryption unit 319 encrypts the fourth common key CK04 generated by the key generation unit 318 with the public keys PK011 and PK021 of the user who has received permission to print, so that the public key encrypted data C023, C033 is generated. Here, the public key encrypted data C023 is data encrypted using the public key PK011, and the public key encrypted data C033 is data encrypted using the public key PK021. The public key encrypted data C023 and C033 are generated in the same number as the number of users permitted to print the print data PD011.
The encryption unit 319 generates encrypted hash value data CH013 by encrypting the hash value H013 calculated by the hash value calculation unit 320 with the fourth common key CK04 generated by the key generation unit 318. To do. Also, the encryption unit 319 encrypts the hash values H023 and H033 calculated by the hash value calculation unit 120 with the fourth common key CK04 generated by the key generation unit 318, so that the encrypted hash value data CH023 , CH033 is generated.

  The hash value calculation unit 320 calculates a hash value of data. Specifically, as illustrated in FIG. 25, the hash value calculation unit 320 calculates the hash value H013 of the encrypted print data C013 and the hash values H023 and H033 of the public key encrypted data C023 and C033.

The encrypted data combination unit 321 combines two pieces of encrypted data and generates one piece of encrypted data.
Specifically, as illustrated in FIG. 25, the encrypted data combining unit 321 combines the encrypted print data C013 and the encrypted hash value data CH013 to obtain the encrypted authentication print data CD013. Generate.
The encrypted data combining unit 321 generates individual encrypted authentication data CD023 and CD033 by combining the public key encrypted data C023 and C033 with the encrypted hash value data CH023 and CH033, respectively. The individual encrypted authentication data CD023 and CD033 are generated in the same number as the number of users permitted to print the print data PD011.
Then, the encrypted data combining unit 321 stores the encrypted authentication print data CD013 generated as described above, and the individual encrypted authentication data CD023 and CD033 in the storage unit 311.

Here, the control unit 315 and the storage unit 311 constitute a data generation device.
Note that the client PC 310 in the third embodiment can also be realized by a general computer as in the first embodiment. Here, the document data D011 and the public key list D021 are preferably stored in an external storage device such as an HDD, and the encrypted authentication data CD013 to CD033 are preferably stored in the RAM.

As illustrated in FIG. 4, the printer 330 according to the third embodiment includes a storage unit 331, an information display unit 132, an information input unit 133, a communication unit 134, a printing unit 135, and a control unit 336. Is provided.
The printer 330 according to the third embodiment is different from the printer 130 according to the first embodiment in terms of information stored in the storage unit 331 and processing in the control unit 336.

The storage unit 331 stores data necessary for processing by the printer 330.
FIG. 26 is a schematic diagram showing data stored in the storage unit 331. In the third embodiment, the storage unit 331 stores a secret key SK011, correspondence data TD013, encrypted authentication data CD013 to CD033, and print data PD011. Here, the data stored in the storage unit 331 in the third embodiment is different from the data stored in the storage unit 131 in the third embodiment in the corresponding data TD013 and the encrypted authentication data CD013 to CD033. . Note that these data are dynamic elements that are received from the client PC 310 or generated by the printer 330 and deleted, and thus are indicated by broken lines.

Corresponding data TD013 associates the print data with the encrypted authentication data including the print data, and from the main data portion of the fourth common key and the encrypted authentication data including the fourth common key. This is data in which the calculated hash value is associated with the encrypted authentication data including the fourth common key. The correspondence data TD013 is data that is generated and updated in the process of acquiring the print data PD011 from the encrypted authentication data CD013 to CD033.
The encrypted authentication data CD013 to CD033 are data transmitted from the client PC 310.

The control unit 336 controls the entire processing in the printer 330. For example, the control unit 336 performs decoding of the first data in accordance with each of the decoding instructions of the plurality of users, and deletes the data included in the second data each time the first data is decoded. When the number of data included in the second data reaches a predetermined number, the first data is deleted. Specifically, the control unit 336 receives the encrypted authentication data CD013 to CD033 from the client PC 330, and decrypts the print data PD011 from the encrypted authentication data CD013 to CD033. Further, the control unit 336 determines whether or not all of the plurality of users permitted to print have decrypted the encrypted authentication data CD013 to CD033 into the print data PD011, and in accordance with the determination result, the encryption unit 336 The authentication authentication data CD013 to CD033 are deleted.
The control unit 336 includes a reception unit 137, an input processing unit 138, an encrypted authentication data search unit 339, a decryption unit 340, a hash value calculation unit 341, and a print processing unit 142.
The control unit 336 according to the third embodiment differs from the control unit 136 according to the first embodiment in the processes performed by the encrypted authentication data search unit 339, the decryption unit 340, and the hash value calculation unit 341.

  The encrypted authentication data search unit 339 searches the encrypted authentication data CD013 to CD033 stored in the storage unit 331. Also, the encrypted authentication data search unit 339 deletes the encrypted authentication data CD013 to CD033 according to the decryption status by the user who is permitted to print the print data PD011.

The decryption unit 340 decrypts the encrypted data using the key. In the third embodiment, the decryption unit 340 performs a common key decryption process that performs decryption based on the common key encryption system and a public key decryption process that performs decryption based on the public key decryption system.
Specifically, as shown in FIG. 26, the decrypting unit 340 receives the public key encrypted data C023 and C033 included in the individual encrypted authentication data CD023 and CD033 from the secret received from the user. The fourth common key CK04 is acquired by decrypting with the key.
Also, the decryption unit 340 obtains the print data PD011 by decrypting the encrypted authentication print data CD013 with the fourth common key CK04 obtained as described above.
Further, the decryption unit 340 obtains the encrypted hash value data CH013, CH023, and CH033 included in the encrypted authentication print data CD013 and the individual encryption authentication data CD023 and CD033 as described above, in the fourth common. By decrypting with the key CK04, the hash values H013, H023, and H033 are decrypted.

  The hash value calculation unit 341 calculates a hash value of data. For example, as shown in FIG. 26, the hash value calculation unit 341 includes encrypted print data C013 of encrypted authentication print data CD013, and public key encrypted data C023 of individual encrypted authentication data CD023 and CD033, The hash value of C033 is calculated.

  Here, the storage unit 331 and the control unit 335 constitute a data storage device.

The storage unit 331 described above can be realized, for example, by using an external storage device such as a RAM or HDD in which the CPU functions as a work memory. The control unit 336 can be realized by loading a predetermined program stored in the external storage device into the RAM and executing it by the CPU.
The secret key SK011 and the corresponding data TD013 are preferably stored in the RAM, and the encrypted authentication data CD013 to CD033 are preferably stored in an external storage device such as an HDD.

(Description of operation)
FIG. 27 is an activity diagram showing an operation of “generation of encrypted authentication print data” in the third embodiment.
When the information input unit 113 receives an operation input from the user 150C, the input processing unit 116 of the control unit 315 starts input processing (S320).
For example, when the user 150C selects the document data D011 stored in the storage unit 311 via the information input unit 113, the input processing unit 116 displays the document data D011 on the information display unit 112 (S321).
When the information input unit 113 receives an input of a print instruction for the document data D011 from the user 150C, the input processing unit 116 notifies the print data generation unit 117 of the start of printing (S322).

When the print data generation unit 117 receives the notification of the start of printing of the document data D011, the print data generation unit 117 starts print data generation processing (S323), and generates print data PD011 from the document data D011 (S324).
Also, the input processing unit 116 acquires the public key list D021 stored in the storage unit 311 (S325). Then, the input processing unit 116 causes the information display unit 112 to display the user name associated with each of the public keys PK011 and PK021 included in the public key list D021 (S326).
The information input unit 113 accepts selection of user names of one or more users who are permitted to print the print data PD011 from the user names displayed on the information display unit 112 (S327). Here, it is assumed that the user names of the users 150A and 150B are selected by the user 150C. Then, the information input unit 113 notifies the key generation unit 318 and the encryption unit 319 that the user name has been selected (S328). Note that the information input unit 113 also notifies the encryption unit 319 of the selected user name.

Upon receiving the selection completion notification, the key generation unit 318 starts the common key generation process (S329) and generates the fourth common key CK04 (S330). The generated fourth common key CK04 is given to the encryption unit 319.
In addition, the encryption unit 319 acquires the public key associated with the user name selected in step S327 from the public key list D021 stored in the storage unit 311 (S331). Here, the public key PK011 of the user 150A and the public key PK021 of the user 150B are acquired.

  The encryption unit 319 that has acquired the fourth common key CK04 and the public keys PK011 and PK021 executes the following thirteenth and fourteenth processes in parallel with the hash value calculation unit 320 and the encrypted data combination unit 321 (S332). , S333), and generates encrypted authentication data CD013 to CD033. The thirteenth and fourteenth processes will be described with reference to FIGS.

When the thirteenth and fourteenth processes are completed, the transmission unit 122 transmits all the encrypted authentication data CD013 to CD033 to the printer 330 via the communication unit 114 (S334).
When receiving the encrypted authentication data CD013 to CD033 via the communication unit 134 (S335), the receiving unit 137 of the printer 330 stores them in the storage unit 331 (S336).

  FIG. 28 is an activity diagram showing the operation of the thirteenth process of “generation of encrypted authentication print data” in the third embodiment. In this thirteenth process, encrypted authentication print data CD013 is generated.

The encryption unit 319 starts a common key encryption process (S340), encrypts the print data PD011 with the fourth common key CK04 (S341), and generates encrypted print data C013 (S342).
Next, the hash value calculation unit 320 starts hash value calculation processing (S343), and calculates the hash value H013 of the encrypted print data C013 (S344).

Next, the encryption unit 319 starts a common key encryption process (S345), encrypts the hash value H013 with the fourth common key CK04 (S346), and generates encrypted hash value data CH013 (S347).
Next, the encrypted data combining unit 321 starts the encrypted data combining process (S348), combines the encrypted hash value data CH013 as the verification data unit and the encrypted print data C013 as the main body data unit, and encrypts authentication. Print data CD013 is generated (S349).

  FIG. 29 is an activity diagram showing the operation of the fourteenth process of “generation of encrypted authentication print data” in the third embodiment. In the fourteenth process, individual encrypted authentication data CD023 and CD033 are generated.

  The encryption unit 319 starts public key encryption processing (S350), and identifies one public key that has not yet been used for encryption in step S352 among the public keys acquired in step S331 of FIG. (S351). Then, the encryption unit 319 encrypts the fourth common key CK04 with the specified public key (S352), and generates public key encrypted data (S353).

Next, the hash value calculation unit 320 starts hash value calculation processing (S354), and calculates a hash value of the public key encrypted data generated in step S353 (S355).
Next, the encryption unit 319 starts common key encryption processing (S356), encrypts the hash value calculated in step S355 with the fourth common key CK04 (S357), and generates encrypted hash value data. (S358).
Next, the encrypted data combining unit 321 starts the encrypted data combining process (S359), uses the encrypted hash value data generated in step S358 as the verification data unit, and the public key encrypted data generated in step S353. Are combined as a main body data part to generate individual encrypted authentication data (S360).
Then, the processes from step S350 to S360 are executed the same number of times as the number of public keys acquired in step S331 of FIG. 27, based on the determination of the encryption unit 319 (S361). In step S331 of FIG. 27, since two public keys PK011 and PK021 are acquired, the public key PK011 is specified by the first process (S351), the public key encrypted data C023 (S253), and the hash value H023 ( S355), encrypted hash value data CH023 (S358) and individual encrypted authentication data CD023 (S360) are generated. In the second process, the public key PK021 is specified (S351), the public key encrypted data C033 (S353), the hash value H033 (S355), the encrypted hash value data CH033 (S358), and the individual encrypted authentication data. CD033 (S360) is generated.

FIG. 30 is an activity diagram illustrating an operation of “printing encrypted authentication print data” according to the third embodiment. Here, it is assumed that the user 150A prints the print data PD011 included in the encrypted authentication print data CD013.
When the information input unit 133 of the printer 330 receives an operation (decryption instruction) input from the user 150A, the input processing unit 138 starts input processing (S370), and the print start is sent to the encrypted authentication data search unit 339. Notification is made (S371).

Further, the input processing unit 138 displays a secret key input screen on the information display unit 132 (S372).
When receiving the input of the secret key SK011 from the user 150A (S373), the information input unit 133 notifies the input processing unit 138 of the input secret key SK011 and the input of the secret key (S374). The input processing unit 138 stores the notified secret key SK011 in the storage unit 131 and notifies the encryption authentication data search unit 339 that the input of the secret key has been completed.

  The encrypted authentication data search unit 339 that has received the notification of the completion of the input of the private key executes the fifteenth and sixteenth processes in order together with the decryption unit 340 and the hash value calculation unit 341 (S375, S376), and print data get. The fifteenth and sixteenth processes will be described with reference to FIGS. 31 and 32.

  When the print data PD011 is stored in association with the corresponding data TD013 stored in the storage unit 331 after the end of the sixteenth process (S377), the print processing unit 142 starts print processing ( In step S378, the held print data PD011 is sent to the printing unit 135 to cause the printing unit 135 to perform printing (S379).

  FIG. 31 is an activity diagram showing the operation of the fifteenth process of “printing encrypted authentication print data” in the third embodiment. In the fifteenth process, search and decryption of individual encrypted authentication data are performed.

The encrypted authentication data search unit 339 starts the encrypted authentication data search process (S380), and acquires one piece of data from the encrypted authentication data stored in the storage unit 331 (S381).
Next, the encrypted authentication data search unit 339 separates the acquired encrypted authentication data into a verification data unit and a main body data unit (S382).

Next, the hash value calculation unit 341 starts a hash value calculation process (S383), and calculates the hash value of the main body data part separated in step S382 (S384). The hash value calculation unit 341 gives the calculated hash value to the encrypted authentication data search unit 339.
In addition, the decryption unit 340 starts public key decryption processing (S385), and attempts to decrypt the main body data portion separated in step S382 with the secret key SK011 input in step S373 of FIG. 30 (S386). If the decryption of the main body data part fails, the encrypted authentication data search part 339 interrupts the process, and the process proceeds to step S390 (S387). On the other hand, if the decoding of the main body data portion is successful, the process proceeds to step S388 (S387). Here, in step S37 in FIG. 30, since the private key SK011 is received from the user 150A, the encrypted authentication data acquired in step S381 is encrypted with the public key PK011 of the user 150A. In the case of the individual encrypted authentication data CD023 including the encrypted data C023, the decryption is successful.
In step S388, the decryption is successful and the fourth common key CK04 is obtained.

  Next, the decryption unit 140 holds the hash value calculated in step S384 and the fourth common key CK04 acquired in step S388 (S389). For example, the decryption unit 340 generates the corresponding data TD013 in the storage unit 331, and the encrypted authentication data in which the calculated hash value and the main body data unit in which the hash value is calculated are included in the corresponding data TD013. And the fourth common key CK04 are stored in association with each other.

In step S390, the encrypted authentication data search unit 339 determines whether or not the above processing has been performed on all the encrypted authentication data stored in the storage unit 331. If the above processing has been performed for all encrypted authentication data, the process proceeds to step S391. If encrypted authentication data that has not been subjected to the above processing still remains, processing is performed. Returns to step S381, and the unprocessed encrypted authentication data is processed.
In step S391, the encrypted authentication data search unit 339 determines whether the hash value and the fourth common key CK04 are held. If they are held, the process proceeds to the sixteenth process, and if they are not held, the encrypted authentication data search unit 339 ends the process.

  FIG. 32 is an activity diagram showing the operation of the sixteenth process of “printing encrypted authentication print data” in the third embodiment. In the sixteenth process, the encrypted authentication print data CD013 is searched and decrypted.

The encrypted authentication data search unit 339 starts the encrypted authentication data search process (S400), and acquires one piece of data from the encrypted authentication data stored in the storage unit 331 (S401).
Next, the encrypted authentication data search unit 339 separates the acquired encrypted authentication data into a verification data unit and a main body data unit (S402).

The decryption unit 340 starts the common key decryption process (S403), and attempts to decrypt the main data part separated in step S402 with the fourth common key CK04 acquired in the fifteenth process (S404). If the decryption of the main body data part fails, the encrypted authentication data search part 339 interrupts the process, and the process proceeds to step S408 (S405). On the other hand, if the decoding of the main body data portion is successful, the process proceeds to step S406 (S405). Here, since the decryption is performed with the fourth common key CK04, the encrypted authentication print including the encrypted print data C013 encrypted with the fourth common key CK04 is included in the encrypted authentication data acquired in step S401. In the case of data CD013, decoding is successful.
In step S406, since the decryption is successful and the print data PD011 is obtained, the decryption unit 340 includes the obtained print data PD011 and the encrypted authentication data (here, the encrypted authentication data) that includes the print data PD011. The print data CD013) is held (S407). For example, the decoding unit 340 stores the acquired print data PD011 in the storage unit 331, and in the corresponding data TD013 stored in the storage unit 331, a file name that is identification information of the acquired print data PD011 and The file name which is the identification information of the encrypted authentication data including the print data PD011 is stored in association with each other.

  In step S <b> 408, the encrypted authentication data search unit 339 determines whether or not the above processing has been performed on all encrypted authentication data stored in the storage unit 331. If the above processing has been performed for all the encrypted authentication data, the processing proceeds to step S377 in FIG. 30, and if there is still encrypted authentication data for which the above processing has not been performed. The process returns to step S401, and unprocessed encrypted authentication data is processed.

  FIG. 33 is an activity diagram showing an operation of “deletion of encrypted authentication print data” in the third embodiment.

When printing is completed (S410), the control unit 336 deletes the encrypted authentication data.
First, the encrypted authentication data search unit 339 starts an encrypted authentication data search process (S411), and acquires one uninspected encrypted authentication data from the encrypted authentication data stored in the storage unit 331. (S412).

Next, the encrypted authentication data search unit 339 separates the acquired encrypted authentication data into a verification data unit and a main body data unit (S413).
Next, the decryption unit 340 starts the common key decryption process (S414), and attempts to decrypt the verification data unit with the fourth common key CK04 acquired in the fifteenth process (S415). If decryption of the verification data part fails, the encrypted authentication data search part 339 interrupts the process, and the process proceeds to step S421. On the other hand, if the verification data part has been successfully decoded, the process proceeds to step S417.

  In step S417, since the decryption is successful and the hash value is obtained, the encrypted authentication data search unit 339 uses the hash value acquired in step S417 and the fourth common key CK04 stored in the corresponding data TD013. The associated hash value is compared (S418). If the hash value that matches the hash value acquired in step S417 is not stored in the corresponding data TD013, the encrypted authentication data search unit 339 interrupts the process, and the process proceeds to step S421 ( S419). On the other hand, if the corresponding data TD013 holds a hash value that matches the hash value acquired in step S417, the process proceeds to step S420 (S419).

  In step S420, the encrypted authentication data search unit 339 specifies the file name associated with the hash value that matches the hash value acquired in step S417 in the corresponding data TD013, and is specified from the storage unit 331. Delete the encrypted authentication data identified by the specified file name. The encrypted authentication data search unit 339 further uses the corresponding data TD013 to obtain the hash value that matches the hash value acquired in step S417, the file name associated with the hash value, and the fourth common key CK04. delete.

  In step S421, the encrypted authentication data search unit 339 determines whether uninspected encrypted authentication data remains in the storage unit 331. If such encrypted authentication data remains, processing is performed. Returns to step S412, and if such encrypted authentication data does not remain, the process proceeds to step S422.

  In step S422, the encrypted authentication data search unit 339 deletes the encrypted authentication data in step S420 from the encrypted authentication data in which the verification data part can be decrypted with the fourth common key CK04 acquired in the fifteenth process. Even after the determination, it is determined whether there are still two or more. If there are still two or more such encrypted authentication data, the process ends. If there is only one such encrypted authentication data, the process proceeds to step S423.

  In step S423, the encrypted authentication data search unit 339 deletes the remaining encrypted authentication data (here, encrypted authentication print data CD013).

  According to the third embodiment, the same effect as the embodiment can be realized with a lighter processing load.

Embodiment 4 FIG.
(Description of configuration)
As illustrated in FIG. 14, the multi function peripheral 400 according to the fourth embodiment reads the document DOC 12 and performs printing. The information processing method according to the fourth embodiment is realized by the processing performed by the multifunction machine 400.
Users 250 </ b> A to 250 </ b> C are users of the multifunction machine 400. The multifunction device 400 generates encrypted authentication print data in accordance with the operation of the user 250C, performs decryption in accordance with the operations of the user 250A and the user 250B, and processes the decrypted data.
The document DOC12 is a manuscript that is read by the multi-function peripheral 200 and serves as a source of the document data D012.

  As shown in FIG. 15, the MFP 400 according to the fourth embodiment includes a storage unit 411, a document reading unit 212, an information display unit 213, an information input unit 214, a printing unit 215, and a control. Part 416. The multifunction device 400 according to the fourth embodiment is different from the multifunction device 200 according to the second embodiment in terms of data stored in the storage unit 411 and processing in the control unit 416.

The storage unit 411 stores data necessary for processing in the multifunction machine 400.
FIG. 34 is a schematic diagram showing data stored in the storage unit 411. In the fourth embodiment, the storage unit 411 stores an authentication list D032, document data D012, user name UN012, correspondence data TD014, encrypted authentication data CD014 to CD034, and print data PD012. The data stored in the storage unit 411 in the fourth embodiment is different from the data stored in the storage unit 211 in the second embodiment in the corresponding data TD014 and the encrypted authentication data CD014 to CD034. Note that the document data D012, the user name UN012, the encrypted authentication data CD014 to CD034, and the print data PD012 are dynamic elements that are generated and deleted in the multi-function peripheral 400, and thus are indicated by broken lines.

  Corresponding data TD014 associates the print data with the encrypted authentication data including the print data, and from the main data portion of the fourth common key and the encrypted authentication data including the fourth common key. This is data in which the calculated hash value is associated with the encrypted authentication data including the fourth common key. The correspondence data TD014 is data that is generated and updated in the process of acquiring print data from the encrypted authentication data CD014 to CD034.

The encrypted authentication data CD014 to CD034 are data obtained by combining encrypted data obtained by encrypting data with a key as a main body data portion and encrypted data obtained by encrypting a hash value of the main body data portion with a key as a verification data portion. . In the fourth embodiment, the encrypted authentication data CD014 to CD034 are generated by the control unit 416.
Also in the fourth embodiment, the encrypted authentication data CD014 to CD034 are composed of encrypted authentication print data CD014 and individual encrypted authentication data CD024 and CD034. However, the multi-function device 400 does not identify each of these types of data, but merely identifies them as a plurality of encrypted authentication data CD014 to CD034. The encrypted authentication print data CD014 corresponds to the first data that is at least partially encrypted. Also, the individual encrypted authentication data CD024 and CD034 correspond to the number of data corresponding to the number of the plurality of users permitted to decrypt the first data. In other words, the entire individual encrypted authentication data CD024 and CD034 correspond to the second data. Here, the individual encrypted authentication data CD024 and CD034 correspond to third data having at least a portion obtained by encrypting the first key capable of decrypting the first data.

The control unit 416 controls the entire processing in the multifunction machine 400. For example, the control unit 416 performs decoding of the first data in accordance with each of the decoding instructions of the plurality of users, and deletes the data included in the second data each time the first data is decoded. When the number of data included in the second data reaches a predetermined number, the first data is deleted. This predetermined number is the number of data remaining in the second data after the first data is decoded in accordance with the decoding instructions of all users. Specifically, the control unit 416 generates encrypted authentication data CD014 to CD034. Also, the control unit 416 decrypts the print data PD012 from the encrypted authentication data CD014 to CD034. Further, the control unit 416 determines whether all of the plurality of users permitted to print have issued a decryption instruction from the encrypted authentication data CD014 to CD034 to the print data PD012, and according to the determination result, The encrypted authentication data CD014 to CD034 are deleted.
In the fourth embodiment, the control unit 416 includes an input processing unit 217, an authentication unit 218, a print data generation unit 219, a key generation unit 420, an encryption unit 421, a hash value calculation unit 422, and an encryption unit. An encrypted data combination unit 423, an encrypted authentication data search unit 424, a decryption unit 425, and a print processing unit 226. The control unit 416 according to the fourth embodiment performs the processing in the key generation unit 420, the encryption unit 421, the hash value calculation unit 422, the encrypted data combination unit 423, the encrypted authentication data search unit 424, and the decryption unit 425. This is different from the control unit 216 in the second embodiment.

  The key generation unit 420 generates a key used for encryption. In the fourth embodiment, the key generation unit 420 executes a common key generation process for generating a fourth common key.

The encryption unit 421 encrypts data using the key. In the fourth embodiment, the encryption unit 421 executes a common key encryption process for performing encryption based on a common key encryption method.
Specifically, as illustrated in FIG. 34, the encryption unit 421 encrypts the print data PD012 generated by the print data generation unit 219 with the fourth common key CK04 generated by the key generation unit 420. As a result, encrypted print data C014 is generated.
Further, the encryption unit 421 encrypts the fourth common key CK04 generated by the key generation unit 420 with the third common keys CK0312 and CK0322 generated based on the user identification information (here, the user name). Thus, the common key encrypted data C024 and C034 are generated. The third common key CK0312 is a common key generated from the user name of the user 250A, and the third common key CK0322 is a common key generated from the user name of the user 250B. For example, the third common keys CK0312 and CK0322 are generated by adding predetermined data to the user name so as to have a predetermined number of bits. Here, the common key encrypted data C024 is data encrypted using the third common key CK0312, and the common key encrypted data C034 is data encrypted using the third common key CK0322. . The public key encrypted data C024 and C034 are generated in the same number as the number of users who are permitted to print the print data PD012.
Then, the encryption unit 421 encrypts the hash values H014, H024, and H034 calculated by the hash value calculation unit 422 with the fourth common key CK04 generated by the key generation unit 420, so that the encrypted hash value is obtained. Data CH014, CH024, and CH034 are generated.

  The hash value calculation unit 422 calculates a hash value of data. Specifically, as illustrated in FIG. 34, the hash value calculation unit 422 calculates the hash value H014 of the encrypted print data C014 and the hash values H024 and H034 of the common key encrypted data C024 and C034.

The encrypted data combination unit 423 combines two pieces of encrypted data and generates one piece of encrypted data.
Specifically, as shown in FIG. 34, the encrypted data combining unit 423 combines the encrypted print data C014 and the encrypted hash value data CH014 to obtain the encrypted authentication print data CD014. Generate.
Also, the encrypted data combining unit 423 generates the individual encrypted authentication data CD024 and CD034 by combining the common key encrypted data C024 and C034 with the encrypted hash value data CH024 and CH034. The individual encrypted authentication data CD024 and CD034 are generated in the same number as the number of users who are permitted to print the print data PD012.
The encrypted data combining unit 423 stores the encrypted authentication print data CD014 generated as described above and the individual encrypted authentication data CD024 and CD034 in the storage unit 411.

  The encrypted authentication data search unit 424 searches the encrypted authentication data CD014 to CD034 stored in the storage unit 411. Further, the encrypted authentication data search unit 424 deletes the encrypted authentication data CD014 to CD034 according to the decryption status by the user who is permitted to print the print data PD012.

The decryption unit 425 decrypts the encrypted data using the key. In Embodiment 4, the decryption unit 425 executes a common key decryption process for performing decryption based on a common key encryption method.
Specifically, the decryption unit 425 decrypts the individual encrypted authentication data CD024 and CD034 with the third common keys CK0312 and CK0322 that are generated based on the user name that has received the input from the user. Key CK04 and hash values H024 and H034 are acquired.
In addition, the decryption unit 425 obtains the print data PD012 and the hash value H014 by decrypting the encrypted authentication print data CD014 with the fourth common key CK04 obtained as described above.

  Here, the control unit 416 and the storage unit 411 configure the data storage device at the same time as the data generation device in the fourth embodiment.

The storage unit 411 described above can be realized, for example, by using an external storage device such as a RAM or HDD in which the CPU functions as a work memory. The control unit 416 can be realized by loading a predetermined program stored in the external storage device into the RAM and executing it by the CPU.
The document data D012, the user name UD012, the correspondence data TD014, and the print data PD012 are preferably stored in the RAM, and the authentication list D032 and the encrypted authentication data CD014 to CD034 are stored in an external storage device such as an HDD. It is desirable that

(Description of operation)
FIG. 35 is an activity diagram showing an operation of “generation of encrypted authentication print data” in the fourth embodiment.
When the information input unit 214 receives an operation input from the user 250C, the input processing unit 217 of the control unit 216 starts input processing (S430).
The print data generation unit 219 notifies the document reading unit 212 of the start of document reading (S431), and the document reading unit 212 starts the document reading process (S432).
The document reading unit 212 reads the document DOC12, generates document data D012 (S433), and stores it in the storage unit 411 (S434).

The print data generation unit 219 starts print data generation processing based on the read document data D012 (S435), and generates print data PD012 from the document data D012 (S436).
In addition, the input processing unit 217 acquires the authentication list D032 stored in the storage unit 411 (S437). Then, the input processing unit 217 causes the information display unit 213 to display the user names included in the authentication information AD012 and AD022 included in the authentication list D032 (S438).
The information input unit 214 receives selection of user names of one or more users who are permitted to print the print data PD012 from the user names displayed on the information display unit 213 (S439). Here, it is assumed that the user names of the users 250A and 250B are selected by the user 250C. Then, the information input unit 214 notifies the key generation unit 420 and the encryption unit 421 that the user name has been selected (S440). Here, the information input unit 214 also notifies the encryption unit 421 of the user name selected in step S439.

  Upon receiving the selection completion notification, the key generation unit 420 starts the common key generation process (S441), and generates the fourth common key CK04 (S442). The generated fourth common key CK04 is given to the encryption unit 421.

  The encryption unit 421 that has acquired the fourth common key CK04 and the user name of the user permitted to print, along with the hash value calculation unit 422 and the encrypted data combination unit 423, perform the following 17th and 18th processes in parallel. This is executed (S443, S444), and encrypted authentication data CD014 to CD034 are generated. The seventeenth and eighteenth processes will be described with reference to FIGS.

  When the 17th and 18th processes are completed, the encrypted data combining unit 423 stores all the encrypted authentication data CD014 to CD034 in the storage unit 411 (S445).

  FIG. 36 is an activity diagram showing the operation of the seventeenth process of “generation of encrypted authentication print data” in the fourth embodiment. In the seventeenth process, encrypted authentication print data CD014 is generated.

The encryption unit 421 starts common key encryption processing (S450), encrypts the print data PD012 with the fourth common key CK04 (S451), and generates encrypted print data C014 (S452).
Next, the hash value calculation unit 422 starts a hash value calculation process (S453), and calculates a hash value H014 of the encrypted print data C014 (S454).

Next, the encryption unit 421 starts a common key encryption process (S455), encrypts the hash value H014 with the fourth common key CK04 (S456), and generates encrypted hash value data CH014 (S457).
Next, the encrypted data combining unit 423 starts the encrypted data combining process (S458), combines the encrypted hash value data CH014 with the verification data unit, and the encrypted print data C014 with the main body data unit, and performs encryption authentication. Print data CD014 is generated (S459).

  FIG. 37 is an activity diagram showing the operation of the eighteenth process of “generation of encrypted authentication print data” in the fourth embodiment. In the eighteenth process, individual encrypted authentication data CD024 and CD034 are generated.

  The encryption unit 421 starts the common key encryption process (S460), and identifies one user name that has not yet been used for encryption in step S462 among the user names selected in step S439 in FIG. (S461). Then, the encryption unit 421 generates a third common key using the identified user name, encrypts the fourth common key CK04 with the generated third common key (S462), and stores the common key encrypted data Is generated (S463).

Next, the hash value calculation unit 422 starts a hash value calculation process (S464), and calculates a hash value of the common key encrypted data generated in step S463 (S465).
Next, the encryption unit 421 starts a common key encryption process (S466), encrypts the hash value calculated in step S465 with the fourth common key CK04 (S467), and generates encrypted hash value data. (S468).
Next, the encrypted data combining unit 423 starts the encrypted data combining process (S469), uses the encrypted hash value data generated in step S468 as the verification data unit, and the common key encrypted data generated in step S463. Are combined as a main body data part to generate individual encrypted authentication data (S470).
Then, the processing from step S460 to S470 is executed as many times as the number of user names selected in step S439 in FIG. 35 based on the determination of the encryption unit 421 (S471). In step S439 in FIG. 35, since the two user names of the user 250A and the user 250B are selected, the user name of the user 250A is specified in the first process (S461), and the common key encrypted data C024 ( S463), hash value H024 (S465), encrypted hash value data CH024 (S468), and individual encrypted authentication data CD024 (S470) are generated. In the second processing, the user name of the user 250B is specified (S461), the common key encrypted data C034 (S463), the hash value H034 (S465), the encrypted hash value data CH034 (S468), and the individual encryption. Authentication data CD034 (S470) is generated.

FIG. 38 is an activity diagram showing an operation of “printing encrypted authentication print data” in the fourth embodiment. Here, it is assumed that the user 250A prints the print data PD012 included in the encrypted authentication print data CD014.
When the information input unit 214 receives an operation input from the user 250A, the input processing unit 217 starts input processing (S480), and notifies the encrypted authentication data search unit 424 of printing start (S481).

Further, the input processing unit 217 displays a user name and password input screen on the information display unit 213 (S482).
When the information input unit 214 receives an input of a user name and password from the user 250A (S483), the information input unit 214 notifies the authentication unit 218 of the input user name and password and completion of the input (S484).

  The authentication unit 218 acquires the authentication list D032 stored in the storage unit 411 (S485), and authenticates the user name and password notified in step S484 (S486). If the authentication is successful, the process proceeds to step S488 (S487), and if the authentication is unsuccessful, the encrypted authentication data search unit 424 ends the process. If the authentication is successful, the authentication unit 218 stores the authenticated user name (here, the user name UN012 of the user 250A) in the storage unit 411, and the encrypted authentication data search unit 424 indicates that the authentication is completed. Notice.

  The encrypted authentication data search unit 424 that has received the notification of the completion of authentication executes the 19th and 20th processes in order together with the decryption unit 425 and the hash value calculation unit 422 (S488, S489), and acquires print data. The nineteenth and twentieth processes will be described with reference to FIGS. 39 and 40.

  When the print data PD012 is stored in association with the corresponding data TD014 stored in the storage unit 411 after the twentieth process is completed (S490), the print processing unit 226 starts print processing ( In step S491), the held print data PD012 is sent to the printing unit 215 to cause the printing unit 215 to perform printing (S492).

  FIG. 39 is an activity diagram showing the operation of the nineteenth process of “printing encrypted authentication print data” in the fourth embodiment. In the nineteenth process, the individual encrypted authentication data is searched and decrypted.

The encrypted authentication data search unit 424 starts the encrypted authentication data search process (S450), and acquires one data from the encrypted authentication data stored in the storage unit 411 (S451).
Next, the encrypted authentication data search unit 424 separates the acquired encrypted authentication data into a verification data part and a main body data part (S452).

Next, the hash value calculation unit 422 starts a hash value calculation process (S453), and calculates the hash value of the main body data part separated in step S452 (S454). The hash value calculation unit 422 provides the calculated hash value to the encrypted authentication data search unit 424.
Also, the decryption unit 425 starts a common key decryption process (S455), generates a third common key based on the user name that has been successfully authenticated in step S487 in FIG. 38, and uses the generated third common key. In step S456, the main body data portion separated in step S452 is decrypted. If the decryption of the main body data part has failed, the encrypted authentication data search part 424 interrupts the process, and the process proceeds to step S460 (S457). On the other hand, if the decoding of the main body data part is successful, the process proceeds to step S458 (S457). Here, in step S487 of FIG. 38, since the user 250A has been successfully authenticated, the encrypted common authentication data acquired in step S451 is generated based on the user name UN012 of the user 250A. In the case of the individual encrypted authentication data CD024 including the common key encrypted data C024 encrypted by the decryption, the decryption is successful.
In step S458, the decryption is successful and the fourth common key CK04 is obtained.

  Next, the decryption unit 425 holds the hash value calculated in step S454 and the fourth common key CK04 acquired in step S458 (S459). For example, the decryption unit 425 generates the correspondence data TD014 in the storage unit 411, and uses the calculated hash value and the identification information of the encrypted authentication data that includes the calculated hash value in the correspondence data TD014. A file name and the fourth common key CK04 are stored in association with each other.

In step S460, the encrypted authentication data search unit 424 determines whether or not the above processing has been performed on all the encrypted authentication data stored in the storage unit 411. If the above processing has been performed for all encrypted authentication data, the process proceeds to step S461. If encrypted authentication data that has not been subjected to the above processing still remains, processing is performed. Returns to step S451, and the unprocessed encrypted authentication data is processed.
In step S461, the encrypted authentication data search unit 424 determines whether or not the hash value and the fourth common key CK04 are held. If they are held, the process proceeds to the twentieth process. If they are not held, the encrypted authentication data search unit 424 ends the process.

  FIG. 40 is an activity diagram showing the operation of the 20th process of “printing encrypted authentication print data” in the fourth embodiment. In the twentieth process, the encrypted authentication print data CD014 is searched and decrypted.

The encrypted authentication data search unit 424 starts the encrypted authentication data search process (S470), and acquires one piece of data from the encrypted authentication data stored in the storage unit 411 (S471).
Next, the encrypted authentication data search unit 424 separates the acquired encrypted authentication data into a verification data part and a main body data part (S472).

  The decryption unit 425 starts the common key decryption process (S473), and attempts to decrypt the main body data part separated in step S472 with the fourth common key CK04 acquired in the nineteenth process (S474). If the decryption of the main body data part fails, the encrypted authentication data search part 424 interrupts the process, and the process proceeds to step S477 (S475). On the other hand, when the decoding of the main body data portion is successful, the process proceeds to step S476 (S475). Here, since the decryption is performed with the fourth common key CK04, the encrypted authentication print including the encrypted print data C014 encrypted with the fourth common key CK04 is the encrypted authentication data acquired in step S471. In the case of data CD014, decoding is successful.

  In step S476, since the decryption is successful and the print data PD012 is obtained, the decryption unit 425 includes the obtained print data PD012 and the encrypted authentication data (in this case, the encrypted authentication data) including the print data PD012. The print data CD014) is held. For example, the decoding unit 425 stores the acquired print data PD012 in the storage unit 411, and in the corresponding data TD014 stored in the storage unit 411, a file name that is identification information of the acquired print data PD012 and The file name which is the identification information of the encrypted authentication data including the print data PD012 is stored in association with each other.

  In step S477, the encrypted authentication data search unit 424 determines whether or not the above processing has been performed on all the encrypted authentication data stored in the storage unit 411. If the above processing has been performed for all the encrypted authentication data, the processing proceeds to step S490 in FIG. 38, and if the encrypted authentication data that has not been subjected to the above processing still remains. The process returns to step S471, and the unprocessed encrypted authentication data is processed.

  FIG. 41 is an activity diagram showing an operation of “deletion of encrypted authentication print data” in the fourth embodiment.

When printing is completed (S480), the control unit 416 deletes the encrypted authentication data.
First, the encrypted authentication data search unit 424 starts an encrypted authentication data search process (S481), and acquires one uninspected encrypted authentication data from the encrypted authentication data stored in the storage unit 411. (S482).

Next, the encrypted authentication data search unit 424 separates the acquired encrypted authentication data into a verification data part and a main body data part (S483).
Next, the decryption unit 425 starts a common key decryption process (S484), and attempts to decrypt the verification data part with the fourth common key CK04 acquired in the 19th process (S485). If decryption of the verification data part fails, the encrypted authentication data search part 424 interrupts the process, and the process proceeds to step S491 (S486). On the other hand, if the verification data portion has been successfully decoded, the process proceeds to step S487 (S486).

  In step S487, since the decryption is successful and the hash value is obtained, the encrypted authentication data search unit 424 uses the hash value acquired in step S487 and the fourth common key CK04 stored in the corresponding data TD014. The associated hash value is compared (S488). If the hash value that matches the hash value acquired in step S487 is not stored in the corresponding data TD014, the encrypted authentication data search unit 424 interrupts the process, and the process proceeds to step S491 ( S489). On the other hand, when the hash value matching the hash value acquired in step S487 is held in the correspondence data TD014, the process proceeds to step S490 (S489).

  In step S490, the encrypted authentication data search unit 424 specifies the file name associated with the hash value that matches the hash value acquired in step S487 in the corresponding data TD014, and is specified from the storage unit 411. Delete the encrypted authentication data identified by the specified file name. Further, the encrypted authentication data search unit 424 deletes the hash value that matches the hash value acquired in step S487, the file name associated with the hash value, and the fourth common key CK04 in the correspondence data TD014. .

  In step S491, the encrypted authentication data search unit 424 determines whether uninspected encrypted authentication data remains in the storage unit 411. If such encrypted authentication data remains, processing is performed. Returns to step S482, and if such encrypted authentication data does not remain, the process proceeds to step S492.

  In step S492, the encrypted authentication data search unit 424 deletes the encrypted authentication data in step S490 from the encrypted authentication data in which the verification data part can be decrypted with the fourth common key CK04 acquired in the nineteenth process. Even after the determination, it is determined whether there are still two or more. If there are still two or more such encrypted authentication data, the process ends. If there is only one such encrypted authentication data, the process proceeds to step S493.

  In step S493, the encrypted authentication data search unit 424 deletes the remaining encrypted authentication data (here, encrypted authentication print data CD014).

  According to the fourth embodiment, since the encryption and decryption of print data can be performed in one apparatus, there is no risk of eavesdropping and tampering. As a result, since it is possible to use a simpler common key encryption method for generating the individual encrypted authentication data, the print data can be encrypted and decrypted at a higher speed than in the third embodiment. .

  In Embodiments 3 and 4 described above, the fourth common key CK04 is used, but the present invention is not limited to such an example. For example, the key generation units 318 and 420 can generate a key pair including an encryption key and a decryption key instead of the fourth common key CK04. Then, the encryption units 319 and 421 can encrypt the data using the encryption key instead of the fourth common key CK04. Also, the decryption units 340 and 425 can decrypt the data using the decryption key instead of the fourth common key CK04.

  In the first to fourth embodiments described above, one piece of encrypted authentication print data CD011, CD021, CD031, and CD041 is provided as the first data, but a plurality of pieces may be provided. There may be a plurality of encrypted print data PD011 and PD012 in the encrypted authentication print data CD011, CD021, CD031, and CD041.

  In the first to fourth embodiments described above, the encrypted authentication print data CD011, CD021, CD031, and CD041 obtained by encrypting the print data PD011 and PD012 are provided as the first data. It is not limited to examples. For example, it may be encrypted authentication data obtained by encrypting video data, image data, or other data.

  In the first and third embodiments, the client PCs 110 and 310 and the printer 330 are described. In the second and fourth embodiments, the MFPs 200 and 400 describe the embodiment of the present invention. However, the present invention is not limited to such an example. It is not something. For example, as shown in FIG. 42A, the scanner 500 may include a data generation device, and the printer 501 may include a data storage device. As shown in FIG. 42B, the client PC 600 may include a data generation device, and the file server 601 may include a data storage device. Further, as shown in FIG. 42C, the mail server 700 may be configured to include a data generation device and a data storage device.

  100, 300 data management system, 110, 310 client PC, 111, 311 storage unit, 112 information display unit, 113 information input unit, 114 communication unit, 115, 315 control unit, 116 input processing unit, 117 print data generation unit, 118, 318 Key generation unit, 119, 319 Encryption unit, 120, 220 Hash value calculation unit, 121 Encrypted data combination unit, 122 Transmission unit, 130, 330 Printer, 131, 331 Storage unit, 132 Information display unit, 133 Information input unit, 134 communication unit, 135 printing unit, 136, 336 control unit, 137 receiving unit, 138 input processing unit, 139 encrypted authentication data search unit, 140 decryption unit, 141 hash value calculation unit, 142 print processing unit, 200,400 MFP 211,411 storage unit, 212 document reading unit, 213 information display unit, 214 information input unit, 215 printing unit, 216,416 control unit, 217 input processing unit, 218 authentication unit, 219 print data generation unit, 220, 420 key Generation unit, 221, 421 encryption unit, 222, 422 hash value calculation unit, 223, 423 encrypted data combination unit, 224, 424 encryption authentication data search unit, 225, 425 decryption unit, 226 print processing unit

Claims (3)

The first data at least partially encrypted and the first key capable of decrypting the first data are encrypted, and the first data assigned to one corresponding user among the plurality of users is encrypted. Second data including a portion that can be decrypted with a key of 2 and a third data that has a portion that can be decrypted with the first key according to the number of the plurality of users. A storage unit for storing;
An input unit for receiving an input of the second key or information capable of generating the second key;
By acquiring the second key from the input to the input unit in accordance with the decryption instruction of each of the plurality of users, and decrypting a part of the third data with the acquired second key. The user who obtains the first key, decrypts the first data with the obtained first key, and gives the decryption instruction each time the first data is decrypted The third data having a portion that can be decrypted with the second key assigned to the third data is deleted, and the third data having a portion that can be decrypted with the acquired first key An information processing apparatus comprising: a control unit that deletes the first data when the number of data reaches a predetermined number . An information processing system having a first information processing apparatus and a second information processing apparatus,
The first information processing apparatus includes:
The first data at least partially encrypted and the first key capable of decrypting the first data are encrypted, and the first data assigned to one corresponding user among the plurality of users is encrypted. Second data including a portion that can be decrypted with a key of 2 and a third data that has a portion that can be decrypted with the first key according to the number of the plurality of users. A first control unit to generate;
A first communication unit that transmits the first data and the second data to the second information processing apparatus,
The second information processing apparatus
A second communication unit that receives the first data and the second data;
A second storage unit for storing the first data and the second data;
An input unit for receiving an input of the second key or information capable of generating the second key;
By acquiring the second key from the input to the input unit in accordance with the decryption instruction of each of the plurality of users, and decrypting a part of the third data with the acquired second key. The user who obtains the first key, decrypts the first data with the obtained first key, and gives the decryption instruction each time the first data is decrypted The third data having a portion that can be decrypted with the second key assigned to the third data is deleted, and the third data having a portion that can be decrypted with the acquired first key And a second control unit that deletes the first data when the number of data reaches a predetermined number . The storage unit encrypts at least a part of the encrypted first data and a first key capable of decrypting the first data, and sends the first data to a corresponding one of the plurality of users. A second data including a number of third data having a portion that can be decrypted with the assigned second key and a portion that can be decrypted with the first key according to the number of the plurality of users; A memory process for storing the data of
An input process in which the input unit accepts input of the second key or information capable of generating the second key;
The control unit acquires the second key from the input received by the input unit in accordance with the decryption instruction of each of the plurality of users, and uses the acquired second key to obtain a part of the third data. By performing the decryption, the first key is obtained, the first data is decrypted with the obtained first key, and the decryption is performed each time the first data is decrypted. The third data having a portion that can be decrypted with the second key assigned to the user who issued the instruction is deleted, and a portion that can be decrypted with the acquired first key is deleted. And a control step of deleting the first data from the storage unit when the number of the third data has a predetermined number .

Images