JP2003281100A - Security network system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a means that is free from information leakage by covering the weak points of the system such as the unauthorized use of a key device, password leakage and ID information leakage. <P>SOLUTION: This key device that can be attached and detached to/from a reader of a PC and a terminal device is provided collectively with personal information such as an ID encrypted in a network system to which terminal devices such as a PC and a printer are connected, an authenticating means for a password, and a key for encrypting/decrypting image/document data. This eliminates password leakage from a system side and prevents a card from being illegally used due to its loss. Further, encrypted image/document data, the ID of a person outputting the data, the data and hour for outputting the data, the number of pieces of outputted data or the like are recorded in the terminal, and by making it possible to trace these data, the level of preventing secret leakage is improved. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention, in a network system including a PC, a printer, a facsimile, etc., sends image / document data encrypted by the PC to a terminal such as a printer via a network for maintaining confidentiality. , Technology for ID authentication when outputting, password authentication, encryption / decryption.

[0002]

2. Description of the Related Art In a network environment in which PCs, printers, etc. are connected, leakage of confidential information is currently a problem. Image / document data existing on the network, such as information created on a PC connected to the network and file information, is illegally output from output devices such as multiple printers connected to this, or is accumulated in files. Information leaked in various forms, such as the extraction of information, the hard disk of a personal computer, or theft of a personal computer. As a method of handling confidential information in order to avoid these, a method of handling image / document data on a PC or a network by encryption and decrypting it when necessary is introduced. Various methods have been proposed for handling the key information required for this encryption / decryption. Also known is a method of maintaining confidentiality by authenticating an individual with an ID, a password, and the like, and making information accessible only to this individual.

A method in which the above key information and a personal authentication method are combined is also introduced. As an example, JP-A-6-12
Quote 4178. FIG. 1 shows a system configuration of the present invention, and FIG. 2 shows a processing flow.
The print data generation device 1 includes an encrypted data generation unit A12 that encrypts print data and adds a user ID, a key code, and an encryption ID to the encrypted data and transfers the encrypted data to the printer. The printer has an encrypted data decryption unit A23 that decrypts the encrypted data based on the ID and the like. The encrypted data transferred to the printer is temporarily stored in the spool queue A22, and when printing, the encrypted data is decrypted and output by the encrypted data decryption unit A23 only when the passwords match. Since only the encrypted data is stored in the spool queue A22, even if the contents of the encrypted data are peeped, it is meaningless to see, so that the contents of the print data need not be known. That is.

In Japanese Patent Laid-Open No. 2001-186358, the key in the card owned by the intended recipient, the key held in the intended image output device chip, and the encryption method are combined so that the intended recipient outputs the intended image output device. A system that more securely transmits and generates images has been introduced. This is the first private key / public key that controls the encryption of data for image generation. This private key is owned by the intended recipient, and the private key / public key's private key is used by the intended image output device. Possessed, these two keys,
It has been encrypted twice. Therefore, in the case of decryption as well, it is necessary to decrypt the first key with these two secret keys.

However, in Japanese Unexamined Patent Publication No. 2001-186358, when personal information is put in a device such as a card, it cannot be prevented from being illegally used when it is lost or stolen. In order to prevent this, there is a method of identifying an individual by matching personal information with a password, as in Japanese Patent Laid-Open No. 6-124178. In this case, the password may be easily leaked from the password input device and the network. There is a possibility that the data will be analyzed and leaked from the collating means stored inside the device for collation. Network systems must not have the security weaknesses mentioned above.

[0006]

When encryption / decryption is performed in order to prevent confidentiality leakage in a network system that handles image / document data, encryption / decryption key information,
In consideration of the relationship between the ID and the password, there is a demand for means for preventing information leakage that covers weak points of the system such as unauthorized use of key devices, password leakage, and ID information leakage.

[0007]

According to the present invention, in a network environment composed of a management server, a network management device, a client PC, a printer, a fax machine, etc. connected to a network, after being authenticated by an ID / password calculation / authentication means. , An image / document data encryption / decryption key is generated. These have a CPU and a memory, and are put in a key device having a computer function in an encrypted form, and a terminal device operated by a person is provided with a reading device of this key device. To work on this network, first insert the key device into the reader of the terminal equipment. Input the password of the key device from the client PC from the keypad. Then authenticate the password in the key device. The key device automatically locks if the password is entered incorrectly a predetermined number of times in succession. The authentication information in the key device is sent to the management server in encrypted form. The authentication information is encrypted in advance by the basic key of the network management device.
The network server authenticates in the server with the basic key of the network management device and the authentication information registered in advance. Once authenticated, you can log in to the network.

As an example, the password uses an 8-digit numerical value, and if the input is incorrect 6 times, it becomes invalid and the function of the key device is disabled. When the password is input to the terminal, the password is sent to the key device attached to the terminal, and authentication is performed therein. Inside the key device, this password is in the form of a function and requires a calculation for verification. For example, input password is x, regular password x ₁ is an 8-digit positive integer, n is a number indicating how many times the filter is matched, and the password function is y = f (x, _n ). : Formula 1 is used. If the password x and the number of times n are decided, the value of the password function at each time is decided. Filter F is to perform matching a and b times, and F
a = f (x, n) -1: Formula 1, Fb = f (x, n) +
1: When configured by Expression 2, the value of the filter is also determined. For example, if the filter F is configured such that Fa <y is satisfied at the second time and y <Fb is satisfied at the fifth time,
Only y, that is, f (x, n) satisfies these two expressions, and x is recognized as x ₁ . Since x ₁ is determined in advance, the numerical value of the filter for each time is determined by deciding how many times the matching is performed. For example, filters Fa, F
Set b to the second and fifth times. Otherwise, the dummy filter Fd may be set. Dummy filter F
d is 0 <Fd <f (x, n) -p: Formula 3 and f (x,
n) + p <Fd <100000000: Constructed by Expression 4. p is a positive integer of 1 or more. The password is verified by the above method, but a simple verification example is as follows. With y = 2nx, x ₁ = 12345678, and the filter Fa is set at the second time and Fb is set at the fifth time. Password function y is 2 × 2 × 123456 for the second time
78 = 49382712 and the second filter Fa
Is 2 × 2 × 12345678-1, which is 4938711, and the fifth password function y is 2 × 5 × 1234.
It becomes 5678 = 123456780. The filter Fb of the 5th time becomes 123456781. Fa = for the second time
49382711 <y and y <Fb = 12345 at the 5th time
There is no positive integer other than x ₁ that satisfies 6781, and the password x ₁ is certified by the second and fifth time filters Fa and Fb. F (x,
n) can be a complicated function, and the number of times of two collations can be arbitrarily set by mixing it with a dummy function. If x ₁ is certified, the next step is to generate an image / document data encryption / decryption key, and then delete x ₁ . If the randomly input x does not match in the middle due to illegal use, the subsequent calculation is stopped, so it is difficult to determine the password x ₁ with 6 attacks even if the analysis is performed by an electric signal. . Also, it is difficult to determine the password from the number of the filter including the dummy that remains in the memory of the key device. X in 6 attacks
_{If 1} is not certified, the card is invalidated. The above method of password verification is an example, and various methods other than the above method can be considered. If the analysis is difficult and it is difficult to determine the password, another method may be used.

If the password is authenticated, x ₁ is validated, and a password key based on this is issued. After issuing, extinguish x ₁ . The encryption / decryption key of the image / document data is generated by this password key and is passed to the PC to encrypt the image / document data. In the case of decryption by a terminal such as a client PC or printer, the image / document data is decrypted by the same procedure. Therefore, if the person who has the key device cannot input the password correctly, the encryption / decryption cannot be performed. An output device such as a printer is provided with a standard port such as USB or RS232C, a key device is inserted here, and a password is input to generate a decryption key in the same procedure as that of the client PC. / Document data can be decrypted and printed out. All communication data on the network is randomized by random numbers issued from the network management device. Since the present invention is a system in which confidentiality is not leaked in this way, confidentiality is maintained even if the network is a large-scale network including public lines and satellite communications.

For encryption, for example, Exclusive O
SXAL / MBAL, which consists of a combination of R, byte substitution and substitution, and the processing unit is a variable length byte
Use the algorithm introduced as. This makes it possible to create an encrypted image that is fast and difficult to decipher. Other algorithms can be used as long as they are fast and difficult to decipher.

A further description will be given of the case of outputting by the printer according to the above procedure. The job information is added to the image and document data by the client PC, and the print data is encrypted. The encrypted ID is added to this and sent to the printer. The information sent to the printer is stored in the storage device. Client PC for printer
There is a key device reader similar to, and if the password entered from the keypad is authenticated in the same procedure as above, a password key will be generated in the key device,
This creates a decryption key and the password disappears. It becomes possible to decrypt the print data with the decryption key, extract the job information, and print out. At the same time as the printout, the ID, the output date and time, and the number of the output person are stored in the encrypted image / document data in the logging device of the printer. In the case of printout, the client PC issues a printout instruction, the key device is once removed, and the key device is inserted into the key device reader of the network printer.

The key device may be removed from the reading device at an abnormal timing. In this case, it is necessary to erase unnecessary information and normalize the key device at the moment of removal. The operation at this time will be described. This work is completed, for example, within 10 msec after being taken out, and this power is supplied from a capacitor such as a capacitor in the key device. As a result, the key device is initialized to the state before being inserted into the reading device. Next, even when the key device is inserted into the key device reading device of the printer, the key device operates according to the above-described insertion procedure. The key device is a small portable device that can be attached and detached, and can also be configured with an IC card.

As described above, by inserting the key device into the reader provided in the network terminal and inputting the password, the password authentication, the image / document data encryption / decryption, the ID authentication, etc. can be performed. You can do it. If the password is not entered correctly, the information on the network cannot be encrypted or decrypted. Also, if the authentication information in the key device is not authenticated by the server, you cannot enter the network. This can prevent leakage of confidential information. However, if the key device is lost or stolen, it may be illegally used by anyone other than the parties concerned. Since a PC can input a password with a keyboard, it is possible to prevent unauthorized use by combining the card and the input of the password, but some terminal devices such as printers do not have a password input device. Many. However, the printer is provided with a logging function so that the ID of the output person is added and stored again. As a result, log information indicating who output what information and when is stored inside the printer. ID that can decrypt and output this information,
The decryption key is set, and the upper level administrator who has this key device is determined. This system can increase the level of confidentiality. Will this administrator delete the information stored in the printer? It may be automatically deleted after a certain period of time, or old information may be deleted as much as new information is stored in a certain memory.

Consider also the case where the printer also has a password input device. For this purpose, a numeric keypad input key may be provided, but since it requires space, a button or touch sensor with one ON / OFF function is provided instead of the numeric keypad, and several digit numbers are separated by one digit. There is also a method of entering the password by placing and pressing. For example, in the case of inputting 3, the method is to press the button 3 times within 0.2 seconds and input the next numerical value at intervals of 0.5 seconds or more. According to this method, the password can be input with a simple device. In the case of fax, since there is a board for inputting numerical values, it is possible to input passwords by numerical values. The password consists of an 8-digit number, and the key device function will be disabled if it is not entered correctly 6 times.

On the other hand, since the image / document data output from the printer has been decrypted, it will be noticeable. For this reason, during printing, it is not possible to leave the printer for security reasons. This is inefficient for time-consuming output. As a means to solve this, a cover is provided on the paper output part of the printer, the cover has a physical key, and the cover cannot be opened without inserting the card into the card reader of the printer, and you can see the information on the paper. Try not to do anything. According to this method, when the key device is inserted into the printer and the printout is started, the key device can be removed and left at the printer, after which the key device can be reinserted, the cover can be opened, and the print can be taken out.

Information recorded in the memory of the logging function is compressed and recorded after being compressed. In this case, in order to reduce the amount of data, lossy and lossless image compression methods are used as needed. For example, when a color image such as a picture and characters are mixed, the color image generally has a large amount of information, and even if it is irreversible, the content can be sufficiently grasped. Therefore, it is necessary to use the irreversible method and restore the detailed information of the character information. Therefore, a reversible compression method is used. Also, not only the data to be stored but also all the data on the network can be encrypted by using only a specific color (for example, black) or characters, and other colors and images such as pictures and photos can be treated as normal images. This is necessary for reduction and high-speed processing.
This is because image information such as pictures and photographs has a large amount of information compared to character information, while confidential information has a large amount of character information. A method for separating a picture and a character has already been proposed.

[0017]

DETAILED DESCRIPTION OF THE INVENTION The present invention will be described in detail with reference to the drawings. FIG. 3 shows an outline of a security network using a key device. In FIG. 3, 1 is a client PC, 2 is a printer, 3 is a logging device belonging to the printer, 4 is a server for managing a network, and 5 is a network. As shown in the figure, the devices connected to these networks have a key device reading means capable of attaching and detaching the key device 8. 6 is a logging means belonging to the server 4 that manages the network,
Reference numeral 7 is a network management device, and 8 is a key device, which is composed of a CPU such as an IC card and a memory and has a computer function, but can also be composed of a stick key or the like. Reference numeral 9 is a display for the server. The key device 8 has personal authentication information such as an ID encrypted by the basic key of the server, password calculation, an authentication function, and key generation means for encrypting / decrypting images and document data after password authentication. It is contained. The role of the key device is to log in to the client PC, the network, authenticate the person, encrypt / decrypt files and mails, manage the connection destination, manage the ID / password for each APL, save the encrypted log in the printer 2. , Print output management, printout extraction, management of availability of FD and the like. Without this key device, you cannot enter the network. By inserting the key device into the reading device which is connected to or built in the PC or the terminal device and inputs the password from the terminal device, it is possible to work in the encrypted network environment.

Further, mutual transmission / reception can be performed in a state in which all information on the network is randomized by random numbers issued from the network management device 7. The network management device 7 stores random number generation means, a basic key for encrypting personal information, and the like. This management device is physically protected, and the contents will be lost if it is forcibly opened.

FIG. 4 is a procedure for encrypting image / document data by a PC and sending it to the printer, and FIG. 5 is a PC on the printer side.
It shows a procedure of decrypting the encrypted image / document data received further, printing it out, and storing it in the logging function. The key device has a password calculation and authentication function, and generates an encryption key for image / document data after authentication. After creating the encryption key, delete the password. On the other hand, the authentication information in the key device is sent to the server while being encrypted and is authenticated there, so that the user can log in to the network. After this authentication, the client PC receives the encryption key of the image / document data from the key device, encrypts the image / document data, adds job information to this data, randomizes it with the encrypted ID, and sends it to the printer. Since the printer also has a PC function, the procedure is the same as in the case of the above-mentioned PC, but the image / document data and the sender ID are stored in encrypted form, and the PC function is used when the IC card is inserted. reading. The password is entered and verified in the key device in the same procedure as for the client PC. The authentication information in the key device is sent to the server for authentication. The key required for decryption is obtained from the key device, and this key decodes the image / document data and prints it out.
The printer has a logging function, and when it is output on paper, the encrypted ID of the output person is also added to the document / image data that remains encrypted, and is stored together with the output date and time and the number of sheets. . It is also possible to select a document or image data stored in the printer, decrypt it, and print it out. The stored data can be output by a key device having a special authority key by an administrator having special authority. Although FIG. 6 was explained at the means for solving the problem in the previous section,
A password input means by one button switch 10 is a cover which covers a printout portion with a key, and a key device is inserted so that the key is opened and the printout paper can be taken out. When you remove the key device, it closes and is locked by the key. Further, in the figure, the slit insertion opening 1 when the reading of the key device is built in 1
2 is shown, but the reading device is USB of the printer, RS2
It can also be used by connecting to a 32C terminal or the like.

[0020]

By providing a key device which is convenient and effective for certifying an individual with a password authentication means as a means for preventing it from being used by anyone other than the legitimate owner, the same key device is provided. Without inserting the key device and entering the password, the encrypted data cannot be decrypted. Since the password and the password authentication function do not remain on the system side after the card is removed, the password is never leaked from the system side as in the past. Even within the key device, the password disappears after use, and the password authentication function is a method of judging with a combination of multiple filters that limit the range of numerical values and a password function that changes depending on the number of times. Since the key device becomes inoperable by the attack, it is difficult to determine the password from the authentication means. In addition, the ID, date and time, the number of sheets of the person who printed out is stored in the logging function, who recorded when and what was output, and only the person who has a specific authority such as the administrator decrypts the logging information. Making it visible is also important for security. Further, some printers do not have a numeric keypad for inputting numerical values, and a method of using one button and one-touch sensor and inputting the number of times of ON and OFF is a space-saving and effective method. We also proposed a method in which a paper cover of the printer is provided, the key is applied, the decrypted output cannot be easily seen, and the key is released by inserting the key device. When recording encrypted image / document data in the logging function, only black is reversibly compressed, other colors are combined with lossy compression method, images and characters are separated, and only characters are reversibly compressed. , And others, I proposed a method of saving memory and speeding up the processing such as a lossy compression method.

[Brief description of drawings]

FIG. 1 is a diagram showing a system configuration of JP-A-6-124178.

FIG. 2 is a flowchart showing the operating procedure of Japanese Patent Laid-Open No. 6-124178.

FIG. 3 is a diagram showing an outline of a security network.

FIG. 4 is a diagram showing a procedure for encrypting image / document data on a client PC.

FIG. 5 is a diagram showing a procedure for outputting an image sent from a client PC to a printer.

FIG. 6 is a printer having a cover for a key device insertion opening, a one-button password input unit and an output unit.

[Explanation of symbols]

A1 print data generation device A2 printer A11 data print application A12 encrypted data generation unit A13 encrypted information storage unit A14 magnetic disk A22 spool queue A23 encrypted data decryption unit A24 decryption information storage unit A25 key data processing unit A26 magnetic disk A27 print data Output unit 1 Client PC 2 Printer 3 Logging device 4 belonging to printer 4 Network management server 5 Network 6 Logging device belonging to network management server 7 Network management device 8 IC card 9 Server display 10 Input button 11 Cover with key 12 Slit for key device

Front page continuation (51) Int.Cl. ⁷ Identification code FI theme code (reference) G06F 12/14 320 G06K 17/00 T 5B085 G06K 17/00 H04L 9/00 601A 5J104 19/07 673E 19/10 G06K 19 / 00 RH04L 9/08 N 9/32 B41J 29/00 Z (72) Inventor Shoji Torikai 2 Laurel Intelligent Systems Co., Ltd., 2-5-35 Migaoka, Aoba-ku, Yokohama, Kanagawa Prefecture (72) Inventor Ono Takehide 2 F-term in Laurel Intelligent Systems Co., Ltd. 2-5-35 Utsukushigaoka, Aoba-ku, Yokohama-shi, Kanagawa (reference) 2C061 AP01 CL08 HK11 HN15 HQ12 2C187 AE07 BF26 GD02 5B017 AA03 BA08 CA05 CA14 5B035 AA13 AA14 BB09 BC00 BC01 CA01 CA01 BC01 CA01 CA02 CA24 KA01 KA04 KA05 KA12 KA24 KA31 KA33 KA35 KA37 5B085 AE12 AE15 5J104 AA07 AA16 AA46 EA04 EA22 KA01 KA21 NA02 NA05 NA37 NA41 NA42

Claims (11)

[Claims] 1. In a network system to which terminal devices such as a PC (personal computer) and a printer are connected, personal information (ID) and password collating means, and an image / document information encryption / decryption key. A means for holding a PC and a terminal device together with a removable key device. 2. A password input from a PC and a terminal device is authenticated in a key device that is removable from the terminal device,
A means for validating the encryption / decryption key of the image / document data in the key device when authenticated. 3. A means for restoring the normalization of the key device by the electric energy retained inside the key device within a fixed time after the key device is removed from the PC and the terminal device. 4. A password judging method for judging a password input by a numerical value by using a plurality of filters for limiting the range of numerical values calculated based on the password. 5. The password in the key device is erased after the password is recognized in the key device. 6. The information sent to the printer is stored in the logging function as it is encrypted, and when it is output, the ID of the output person,
A means to store the date and time and the number of sheets added. 7. A means for providing a keyed cover on a print output section of a terminal such as a printer, the key being opened only when the key device is mounted and the cover being opened to take out the output print. 8. A signal mounted on a terminal is turned on and off.
A means for inputting a password by inputting a numerical value of a password with a button capable of F and turning it on and off at certain intervals. 9. When outputting the encrypted image / document data stored in the logging function of the printer, a part or all of the image / document data such as the output date / time, the number of output sheets and the title can be obtained from the key device. Recorded in connection with
A means to read and output this by a specific key device. 10. A means for encrypting image / document data stored in a logging function of a printer or the like only for a specific color (for example, black) and not for other colors. 11. Image / document data that is encrypted after compression and stored in a logging function of a printer or the like is compressed with an irreversible compression method for an image or not compressed, and a reversible compression method is used for a character. means.