JP2006270415A - Image processing apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image processing apparatus capable of effectively preventing unauthorized utilization of an image processing apparatus due to "spoofing" to improve security, and further, improving security for confidential information stored in the image processing apparatus. <P>SOLUTION: When the image processing apparatus is accessed to acquire the confidential information stored therein, an operator (user) is photographed in addition to user authentication, and the photographed video image is transmitted at a mail address of the manager of the confidential information. The manager confirms the transmitted video image of the operator, and transmits a return mail if the utilization of the confidential information may be permitted. The operator can assess the apparatus on the basis of the return mail to acquire the confidential information. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an image processing apparatus such as a facsimile having a user authentication function, a copying machine, a printer, or a combination machine in which these are combined.

Conventionally, when a user makes a copy of a document or transmits a facsimile, user authentication is performed to limit the number of copies for each user or department to which the user belongs, or to limit facsimile transmission. An image processing apparatus that charges or charges is known. (See Patent Documents 1 and 2)
User authentication is generally performed using a user ID (account) and a password. However, in such an image processing apparatus that performs user authentication, if the user ID and password are stolen without the knowledge of the legitimate user, the unauthorized user impersonates the legitimate user who steals the user ID and password. Therefore, there is a possibility that the image processing apparatus may be used by illegally using the user ID and password. That is, there is a possibility that the image processing apparatus is illegally used by “spoofing”.
Japanese Patent Laid-Open No. 11-327861 JP 2002-359718 A

In cases where confidential information is stored in the image processing apparatus, and the confidential information is accessed and the confidential information is printed on paper, or the confidential information is to be transmitted to the personal computer, unauthorized use by impersonation as described above may occur. If done, confidential information will be leaked.
The present invention has been made based on such a background, and can effectively prevent unauthorized use of the image processing apparatus due to “spoofing” and can improve the security for confidential information stored in the image processing apparatus. The main purpose is to provide a processing apparatus.

  The invention described in claim 1 includes confidential information storage means storing confidential information, storage means storing an administrator's mail address associated with the confidential information, imaging means for photographing the operator, In response to an operation that the user wants to use the confidential information that is defined, the operator who photographed the operator by the photographing means, and the data associated with the confidential information requested to use the captured video and the confidential information requested to be used An image processing apparatus comprising: transmission means for transmitting to the e-mail address.

The invention described in claim 2 further includes means for obtaining the operator's mail address, wherein the transmission means performs transmission to the administrator's mail address using the operator's mail address as a transmission source. The image processing apparatus according to claim 1, wherein the image processing apparatus is characterized.
According to a third aspect of the present invention, the mail transmitted by the transmitting means to the administrator's mail address includes an approval ID for approving the use of the confidential information requested to be used. The image processing apparatus according to claim 2, wherein the approval ID is included in a reply mail that approves the use sent from the operator to the mail address of the operator.

The invention according to claim 4 is the image processing apparatus according to claim 3, wherein the approval ID includes time information for determining a validity period of the approval ID.
According to a fifth aspect of the present invention, the image processing apparatus includes a usage processing unit that accepts an operation for using confidential information, and the usage processing unit receives an approval ID, and the approval ID is a correct approval ID. The image processing apparatus according to claim 4, wherein the operation for using the confidential information is accepted only when input is made within a valid period.

  According to the first aspect of the present invention, when the confidential information stored in the image processing apparatus is accessed and there is an operation to use the confidential information, the operator is photographed in addition to the user authentication. The captured video is sent to the e-mail address of the manager of confidential information. The administrator confirms the operator's video (face image, etc.) that has been sent, and sends a reply mail if the use of confidential information may be permitted.

Thus, according to the present invention, whenever there is an operation for using confidential information, it is possible to confirm who the operator is based on the video. Therefore, it is possible to prevent confidential information from leaking to an unauthorized user through impersonation.
In the invention of claim 2, the reply mail from the confidential information manager is sent to the address of the operator. Therefore, the operator does not have to wait in front of the image processing apparatus, and may re-operate the image processing apparatus after a certain period of time after an operation to use confidential information.

  As described in claim 3, use of confidential information (access to confidential information) is sent to an email sent from the image processing apparatus to the administrator and a reply email sent from the administrator to the operator's email address. By including the approval ID that permits the user, the operator can access the confidential information that is permitted to use among the confidential information stored in the image processing apparatus using the approval ID. It becomes possible.

In the invention of claim 4, since the approval ID includes time information for determining the valid period, it is possible to improve security when accessing confidential information based on the approval ID.
According to the fifth aspect of the present invention, it is possible to use the confidential information by using the approval ID so that the operation is simple and the confidential information is not leaked.
As described above, according to the present invention, it is possible to provide an image processing apparatus that ensures the security of confidential information stored in the image processing apparatus and is easy to use.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 is an illustrative block diagram showing the configuration of the entire system including an image processing apparatus according to an embodiment of the present invention.
In the description of this embodiment, it is assumed that the image processing apparatus is the digital multifunction peripheral 1. The digital multi-function peripheral 1 is provided with a digital camera 2 so that an operator (it is necessary to be able to identify the operator and is usually an operator's figure including a face) can be photographed. The digital multifunction device 1 is connected to the network 3. The network 3 is also connected to a user's personal computer 4 and a mail server 5. Therefore, the digital multifunction peripheral 1 can transmit and receive data to and from the user personal computer 4 and the mail server 5 via the network 3. Furthermore, the mail server 5 can send and receive e-mails with the information terminal 6 owned by the confidential information manager.

The outline of the flow of the control operation in the embodiment of the present invention will be described with reference to FIG.
Confidential information is stored in, for example, a hard disk of the digital multi-function peripheral 1. A user who wants to use the confidential information operates the digital multi-function peripheral 1, authenticates with his / her account (user ID) and password, and selects confidential information to be used in the digital multi-function peripheral 1.

When access to confidential information occurs in the digital multi-function peripheral 1, the user's face (such as the user's face so that the user can be identified) is photographed with a camera attached to the digital multi-function peripheral 1 and stored in association with the confidential information. The captured image data is sent to the confidential information manager's e-mail address.
At this time, the transmission source mail address is not the address of the digital multi-function peripheral 1 but the user's mail address associated with the account that has performed user authentication, for example, the address of the user personal computer 4. The email includes information such as an approval ID, confidential information name, user account, date and time.

The administrator of the confidential information receives the mail by the information terminal 6 and confirms the attached photo (user image) and matters regarding the confidential information included in the mail.
Then, if the administrator of the confidential information approves the use of the confidential information by the user, the administrator of the confidential information creates a reply mail describing the approval ID described in the received mail and sends it to the transmission source. If not approved, an unapproved reply mail is sent without entering the approval ID.

  The reply mail from the confidential information manager is sent to the user personal computer 4 because the transmission source address is the mail address of the user personal computer 4 as described above. Therefore, the user who receives the reply mail by the personal computer 4 operates the operation unit of the digital multi-function peripheral 1 again using the approval ID described in the mail when the use of the confidential information is approved. Thus, confidential information is accessed.

The above-mentioned approval ID is automatically generated by the digital multi-function peripheral 1 and is valid for a certain period (for example, one day), and the digital multi-function apparatus 1 does not accept the approval ID after a certain period. From the viewpoint of security, the period for accessing confidential information can be limited.
In addition, it is desirable for security that the approval ID is an ID code randomly generated by the digital multi-function peripheral 1 each time so that the same ID code is not output a plurality of times.

In the above description, it has been described that the user receives a reply mail in the user personal computer 4, but the user personal computer 4 may be a user's mobile phone, PDA, or the like.
Similarly, the information terminal 6 of the manager of confidential information is not limited to a mobile phone but may be a personal computer, a PDA, or the like.
FIG. 2 is a block diagram of the configuration of the digital multifunction peripheral 1. The digital multi-function peripheral 1 includes a control unit 11 composed of a CPU and the like, a hard disk 12 as storage means connected to the control unit 11, and an image processing engine (scanner mechanism for reading an image, controlled by the control unit 11). Engine 13 for realizing an image forming mechanism for forming an image). The control unit 11 is connected to the digital camera 2, and the digital camera 2 is controlled by the control unit 11.

The block diagram of FIG. 2 shows only what is necessary for explaining the following control operation. The digital multifunction peripheral 1 has other elements such as an operation panel, a display unit, and a modem for communication. Although included, these are omitted for convenience of explanation.
The hard disk 12 includes at least a user authentication information table 14 and a confidential information storage unit 15. The user authentication information table 14 is an authentication storage unit in which information necessary for user authentication is stored.

  Table 1 illustrates specific examples of information stored in the user authentication information table 14.

The confidential information storage unit 15 stores a plurality of pieces of confidential information. The confidential information (content) is associated with the confidential information (contents). (Name, administrator email address, etc.) are stored.
FIG. 3 is an operation flowchart of approval mail transmission performed by the control unit 11 shown in FIG. When the digital multifunction device 1 is operated by the user, the control unit 11 of the digital multifunction device 1 determines whether authentication is necessary (step S1). As a result, when it is determined that authentication is necessary, an authentication request is displayed on the operation unit, and the user is requested to input a user ID and a password. As a result, the user ID and password are input from the user (step S2).

In the digital multi-function peripheral 1, the input user ID and password are compared with the user ID and password stored in the user authentication information table 14 to determine whether or not the user ID and password are correct (step S3). ).
As a result, if the user ID and password are correct, it is further determined whether or not the user's mail address is registered in the user authentication information table 14 (step S4). If the user's e-mail address is not registered, an error message indicating that user authentication cannot be performed is displayed (step S5), and the process ends.

On the other hand, if the user's e-mail address is registered in the user authentication information table 14, next, it is determined whether or not the confidential information that the user desires to access (the user desires to use) needs to be approved. (Step S6). Whether or not approval is necessary for confidential information is stored in association with the confidential information (see FIG. 2).
If the determination in step S1 and the determination in step S6 are negative, authentication and approval are not required when using the confidential information, respectively, and confidential information output processing is performed (step S7).

On the other hand, when the determination in step S6 is affirmed, the control unit 11 controls the digital camera 2, captures the user's face, and captures the captured data (step S8).
Then, the process proceeds to step S9, and the digital multi-function peripheral 1 creates an approval ID. The approval ID is created as an arbitrary ID code based on a random number table or the like.
Then, the control unit 11 of the digital multi-function peripheral 1 acquires the user's mail address stored in the user authentication information table 14 (step S10), and the confidential document that is desired to be accessed using the mail address as a transmission source. An approval request mail is transmitted to the administrator (step S11).

The approval request mail includes a user account, an approval ID, a date and time, a document number for specifying confidential information, and a user image.
Table 2 shows an example of information included in the approval request mail transmitted from the digital multifunction device 1.

FIG. 4 is an operational flowchart of mail reception and transmission in the information terminal 6 (see FIG. 1).
In the information terminal 6, it is determined whether or not a mail has been received (step P1). If a mail has been received, the text (approval request information) is displayed (step P2).
Then, the administrator of the confidential information who confirmed the display contents creates a transmission mail and gives it to the information terminal 6 (step P3). This reply mail includes the approval ID sent from the digital multifunction device 1, the expiration date of the approval ID, and the document name that identifies the confidential document.

Then, the created reply mail is transmitted from the information terminal 6 to the transmission source of the approval mail, that is, the user personal computer 4 (step P4).
FIG. 5 is a flowchart showing an approval list expiration check operation performed by the digital multi-function peripheral 1 after transmitting an approval mail. This operation is performed periodically.
Referring to FIG. 5, the control unit 11 of the digital multi-function peripheral 1 determines whether or not there is an unprocessed record in the approval list (step S21).

An example of the approval list is shown in Table 3. The digital multi-function peripheral 1 creates an approval list as shown in Table 3 every time an approval mail is transmitted, and it is determined whether or not there is an unprocessed list in this list.
If there is an unprocessed record, it is acquired (step S22), and it is determined whether or not the retention period of the approval ID has been exceeded for that record (step S23). If the approval ID retention period is exceeded, a discarding process for deleting the record from the list is performed (step S24).

FIG. 6 shows an input processing operation of an approval ID of the digital multi-function peripheral 1 when a user who has been approved for access to confidential information by receiving a reply mail performs an operation on the digital multi-function peripheral 1. FIG.
The digital multi-function peripheral 1 accepts input of an approval ID performed by the user (step S31), and determines whether or not the input approval ID exists in the approval list (step S32). If the input approval ID does not exist, an error is displayed (step S33).

Although omitted in the flowchart of the approval ID input process, the user receives the user authentication described in steps S1 to S3 in FIG. 3 before inputting the approval ID. That is, prior to inputting the approval ID, the user inputs the user ID and password, and authentication is performed as to whether or not the user is an authorized user.
In step S34, it is determined whether or not the user ID input in the user authentication this time matches the user ID at the time of previous authentication (step S34). If they do not match, an error is displayed. (Step S36).

If the user is an authorized user, the user ID (account) matches and the determination in step S34 is affirmed, and the process proceeds to step S35.
In step S35, based on the approval ID input in step S31, it is determined whether or not the document number in the approval list matches the document number of the output request. Confidential information is output (step S37).

Once the confidential information is output, the approval ID is deleted from the list and discarded (step S38).
As a result, access to the confidential information is prevented a plurality of times, and if access to the confidential information is desired, a user must be received each time, and security for the confidential information is improved.

  The present invention is not limited to the embodiment described above, and various modifications can be made within the scope of the claims.

1 is an illustrative block diagram showing a configuration of an entire system including an image processing apparatus according to an embodiment of the present invention. 1 is a block diagram illustrating a configuration of a digital multi-function peripheral. It is an operation | movement flowchart of the approval mail transmission performed by the control part 11 shown in FIG. It is an operation | movement flowchart of reception and transmission of the mail in the information terminal 6. FIG. FIG. 10 is a flowchart showing an approval list expiration check operation performed by the digital multi-function peripheral 1 after transmitting an approval mail. FIG. 6 is a flowchart illustrating an input processing operation of an approval ID of the digital multi-function peripheral 1 when a user who has been authorized to access confidential information performs an operation on the digital multi-function peripheral 1 by receiving a reply mail. .

Explanation of symbols

1 Digital MFP 2 Camera 3 Network 4 User PC 5 Mail Server 6 Information Terminal 11 Control Unit 12 Hard Disk

Claims (5)

Confidential information storage means for storing confidential information;
Storage means for storing an administrator's email address associated with the confidential information;
Photographing means for photographing the operator;
In response to an operation that the user wants to use the predetermined confidential information, the operator captures the image by the photographing means, and manages the captured video and the data specifying the confidential information requested to be used in association with the confidential information. Sending means for sending to the email address of the person,
An image processing apparatus comprising: It further has means for acquiring the operator's email address,
The image processing apparatus according to claim 1, wherein the transmission unit performs transmission to the administrator's mail address using an operator's mail address as a transmission source. The email sent by the sending means to the manager's email address includes an approval ID for approving the use of the confidential information requested to be used,
The image processing apparatus according to claim 2, wherein the approval ID is included in a reply mail that approves the use sent from the administrator to the mail address of the operator.   The image processing apparatus according to claim 3, wherein the approval ID includes time information for determining a validity period of the approval ID. The image processing apparatus includes a usage processing unit that accepts an operation for using confidential information. The usage processing unit receives an approval ID, and the approval ID is a correct approval ID and is input within a valid period. The image processing apparatus according to claim 4, wherein an operation for using the confidential information is accepted only in a case where it is performed.

Images