JP2007043413A - Image processing apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve conveniences by enabling a creation system using an external device where encryption, or the like is performed by a secret key using an IC card, and a system using a built-in device to be used in combination for an electronic signature to an input document, for example, by a scanner. <P>SOLUTION: An IC card (external device) system is used together with a secure device (built-in device) system, and a user sets conditions required by each system through an operation panel functioning as a user I/F when one of the systems is selected. When a user ID, or the like is input by key entry on an illustrated screen P1, the IC card performs processing, such as encryption by the secret key, by the built-in device, or by setting the IC card to a read section, and the electronic signature is created. The built-in device copes with a signature by a key peculiar to equipment, and the IC card (external device) capable of preventing the spill of the secret key copes with the personal signature of the user, thus improving conveniences. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an image processing apparatus (for example, a printer that can be connected to a network) having document input means and means for processing input document data into image output data (data for print output or output for distribution to an external device). More specifically, it is possible to create an electronic signature for input document data by means of built-in and external devices. The present invention also relates to the image processing apparatus comprising means for managing the obtained electronic signature in association with the corresponding input document data.

As an apparatus for performing image processing based on a function of printing out input document data, an MFP (composite) machine having a combination of functions such as copying, FAX, printer, scanner, and document box is widely used. The MFP is connected to a network such as the Internet or an intranet, and in addition to digitized data of a paper document input through a scanner included in the MFP, various documents are input from an external device such as a host PC via the network. The input document is stored and managed in a storage device such as an HDD, as seen in the function of a document box or the like.
Considering that documents stored and managed in the storage device can be used jointly by multiple users and can be accessed via a network when connected to the network, tampering, unauthorized access, There is a risk of information leakage, and there is a strong need to protect data from such danger and ensure security. In particular, in the case of an MFP machine having a paper document input means, there is a high necessity because a case where an internal confidential document is digitized is assumed.

In response to the above security requirements, there have been proposed multi-function peripherals having a function of creating an electronic signature for an input document and managing the data of the input document. The following Patent Documents 1 and 2 show this example.
Japanese Patent Application Laid-Open No. 2004-228561 performs an electronic signature on a document input by a scanning unit of an image forming apparatus (multifunction machine) (encrypts a message digest of the document using a secret key). When digitally signing a document, it is saved in a message digest generated based on the document by an external data processing apparatus connected to the network and in an external storage means connected by a connector such as USB or IEEE1394. The user's private key is acquired and encrypted by an encryption means provided in the image forming apparatus.
Patent Document 2 (prior application filed by the present applicant) creates an electronic signature of a document input through a scanner or a network I / F (interface) in an image forming apparatus (multifunction machine) (document data using a secret key). The feature amount is encrypted), and the created electronic signature and document data are associated with each other and output to an external use device or stored in the own device. In this example, an electronic signature creation (encryption processing) part and a secret key are provided in the IC card, and the electronic signature is created in the IC card without outputting the secret key to the outside of the card. It is possible to make it more sophisticated.
Japanese Patent No. 3616601 Japanese Patent Application No. 2005-030400

According to the prior art disclosed in Patent Document 2 above, the encryption of document data (features) using a secret key is processed inside the IC card, so that the secret key is not output outside the card, and the data There is little risk of unauthorized operations, etc., and security can be further enhanced. That is, in Patent Document 1, when creating an electronic signature, a private key is transferred from an external storage device to the main body of the image forming apparatus via an I / F such as USB or IEEE1394, and an encryption process in the main body is performed. In this case, there is an I / F for exchanging a secret key, which may cause a security problem. The method of Patent Document 2 can prevent this problem. it can.
However, in the method of Patent Document 2, the security function for the input document cannot be used without an IC card having an electronic signature creation (encryption processing) part and a secret key, and the card cannot be used for some reason. Inconvenient. In addition, even when an electronic signature is performed by an existing method that does not use an IC card, there are cases where necessary security requirements are satisfied, and such requests cannot be met.
The present invention has been made in order to solve the above-described problems of the prior art, and the object of the present invention is to provide an electronic signature creation (encryption processing) part and an IC card having a secret key. An object to be solved is to improve the convenience by making it possible to use an electronic signature creation method using an attached device without using the only means and using it together with an existing method that does not use an external device.

The invention of claim 1 includes document input means, means for processing document data input by the document input means into image output data, electronic signature creation means for creating an electronic signature for the input document data, and the electronic An image processing apparatus having a document management unit that manages an electronic signature created by a signature creation unit in association with input document data, wherein the electronic signature creation unit is capable of independently creating an electronic signature. And a control means for controlling the creation of an electronic signature by either the built-in or external means of the electronic signature creation means. By solving this problem, the above-mentioned problems are solved.
According to a second aspect of the present invention, in the image processing apparatus according to the first aspect, the control unit performs a control operation in accordance with an input condition for selecting either the built-in or external unit in the electronic signature creation unit. In this way, the above-described problems are solved.

A third aspect of the present invention is the image processing apparatus according to the first or second aspect, further comprising a time stamp adding means for adding a time stamp to the input document data, wherein the time stamp is added by the document management means. The present invention is characterized by managing document data. By doing so, the above-described problems are solved.
According to a fourth aspect of the present invention, in the image processing apparatus according to the third aspect of the present invention, the image processing apparatus further comprises a time stamp control means for controlling the operation / inactivation of the time stamp adding means. The control operation is performed according to an input condition for selecting “no”, and thus the above-described problem is solved.

  According to a fifth aspect of the present invention, in the image processing apparatus according to the second or fourth aspect, further comprising an operation unit capable of a user input operation, the input unit is instructed by the operation unit. By doing so, the above-described problems are solved.

  According to a sixth aspect of the present invention, in the image processing apparatus according to any one of the first to fifth aspects, provided with an interface for transmitting / receiving data to / from a network, an electronic signature for input document data via the interface with the network. The input document data to which at least one of the time stamps is added is transmitted, and the above-described problem is solved by doing so.

According to the present invention, the electronic signature creation means composed of the encryption processing unit and the private key is used in combination with an external means (for example, an IC card) connected to the built-in means via an interface, and either one of the selected means is used. By creating an electronic signature for the input document, it is possible to improve the security function and improve the convenience when using this function.
Further, by adding a time stamp to the electronic document, the security function can be further enhanced.
Also, security can be maintained for document data output to the network.

Embodiments relating to the image processing apparatus of the present invention will be described below. This embodiment shows an example in which the image processing apparatus of the present invention is applied to an MFP (composite) machine having a combination of functions such as copying, FAX, printer, scanner, and document box. The MFP shown below as an embodiment is a type of apparatus that can be connected to a network. However, the security function based on an electronic signature and time stamp, which will be described later, is not necessarily limited to an apparatus of a type that can be connected to a network. It may be applied to a type of device.
First, a schematic configuration of an image processing system including the MFP of this embodiment as one element will be described. This image processing system is a system that realizes a security function for an input document used in a network by applying an electronic signature or a time stamp to the document input to the MFP.
FIG. 1 exemplifies a schematic configuration of an image processing system according to this embodiment.
The image processing system shown in FIG. 1 includes an apparatus (A) 100a, an apparatus (B) 100b, a host PC (personal computer) 200, an authentication server 300, an authentication station 400, a time server 500, and another server 600 as MFPs. A system is configured by connecting them to a network as system elements. The host PC 200 makes a document print output request to the MFPs 100a and 100b. Authentication server 300 is used when MFPs 100a and 100b perform personal authentication externally. The time server 500 is used when the MFP devices 100a and 100b perform time stamps externally. The certificate authority 400 is used when the MFPs 100a and 100b create a secret key used for an electronic signature. However, it is not necessary if another creation method is used. In the embodiment shown in FIG. 1, since a document print output request can be issued from the MFP machine, the MFP machines 100a and 100b can perform output in response to the request.

FIG. 2 is a diagram showing an outline of the hardware configuration of the MFP in FIG.
As shown in the hardware configuration of FIG. 2, the MFP includes a controller 1, an operation panel 21, an FCU (Facsimile Control Unit) 22, and an engine unit 23.
The controller 1 includes a central processing unit (CPU) 2, a system memory 3, a north bridge (NB) 4, a south bridge (SB) 5, an application specific integrated circuit (ASIC) 6, a local memory 7, and a hard disk drive (HDD) 8. , Flash ROM (Read Only Memory) 9, NV (Nonvolatile) RAM (Random Access Memory) 10, SD (Synchronous Dynamic) RAM 11, Secure Device 12, Ethernet (registered trademark) I / F 13, USB I / F 14, IEEE 1394 I / F15, Centronics I / F16, wireless I / F17, and external storage medium I / F18.
The operation panel 21 is connected to the ASIC 6 of the controller 1. Further, the FCU 22 and the engine (plotter) unit 23 are connected to the ASIC 6 of the controller 1 by a bus 24.
The internal configuration of the controller 1 is such that the local memory 7, HDD 8, Flash ROM 9, NVRAM 10, SDRAM 11, secure device 12 and the like are connected to the ASIC 6, and the CPU 2 and ASIC 6 are connected via the NB 4 of the CPU chip set. The controller 1 corresponds to the case where the interface of the CPU 2 is not disclosed by connecting the CPU 2 and the ASIC 6 via the NB 4.
The ASIC 6 and the NB 4 are connected via an AGP (Accelerated Graphics Port) 19. In the software configuration to be described later, in order to execute and control one or more processes that form an application or a platform, the ASIC 6 and the NB 4 are connected via the AGP 17 instead of the low-speed bus, thereby preventing a decrease in performance. .

The CPU 2 performs overall control by driving software.
The NB 4 includes a CPU 2, a system memory 3, an SB (South Bridge) 5, an ASIC 6, an Ethernet (registered trademark) I / F 13, a USB (Universal Serial Bus) I / F 14, an IEEE 1394 I / F 15, a Centronics I / F 16, and a wireless I / F17 and a bridge for connecting the external storage medium I / F18.
SB5, Ethernet (registered trademark) I / F13, USB I / F14, IEEE 1394 I / F15, Centronics I / F16, wireless I / F17 and I / F18 for external storage medium are connected to NB4 via bus 20. ing. The SB 5 is a bridge for connecting the bus 20 to a ROM, peripheral device, etc. (not shown).
The system memory 3 is a memory used as a drawing memory for the MFP. The local memory 7 is a memory used as an image buffer and a code buffer.
The ASIC 6 is an IC adapted for image processing applications having hardware elements for image processing. The HDD 8 is an example of a storage device used as a storage (auxiliary storage device) for storing image data, document data, programs, font data, forms, and the like.
The Ethernet (registered trademark) I / F 13 is an interface device that connects an MFP as an image processing apparatus of the present invention to a network that forms an image processing system (see FIG. 1). The USB I / F 14, the IEEE 1394 I / F 15, the Centronics I / F 16 and the wireless I / F 17 are interfaces conforming to the respective standards and are usually used for connecting peripheral devices, but may be connected to a network.

The Flash ROM 9 is a memory in which programs and data can be written from the outside. The NVRAM 10 and the SDRAM 11 are memories that hold information even in a power-off state, and are also used as locations for storing device information that represents the state of the device including functions and operating conditions used for managing the device.
The external storage medium I / F 18 is for transferring data to a removable external storage medium. For example, an SD card, a compact flash (registered trademark), a ROM-DIMM (Dual In-line Memory Module), etc. I / F conforming to the standard of external storage media.
The secure device 12 is a device that can no longer be used once physically removed. The secure device 12 stores a secret key used for encryption processing of an electronic signature in this example, and may store a public key.
The operation panel 21 receives an operation condition or command input operation from the operator, displays information necessary for the input operation or the like to the operator, and provides a function as a user I / F. The FCU 22 has a memory and is used to temporarily store received facsimile data when the power is off.
The IC card drive unit 31 and the IC card 32 are externally attached to the MFP, that is, physically exist outside, and are connected through the USB I / F 14 here. In this example, the IC card 32 includes a processing unit, a secret key, and the like necessary for the digital signature encryption process (for details, see the description of FIG. 17 showing an example of the configuration of the IC card 32). In addition, personal information, a key, and the like are loaded in advance as data necessary for encryption processing by the IC card 32. Therefore, as shown in FIG. 3, the IC card drive unit 31 and the IC card 32 can be connected to the PC 700, and personal information, keys, and other data created by the PC 700 through the IC card drive unit 31 are stored in the IC card 32. To load.

FIG. 4 is a schematic diagram showing the software configuration of the MFP shown in FIGS. 1 and 2 and the relationship between software components and peripheral devices and I / Fs.
The software configuration of the MFP shown in FIG. 4 is roughly composed of an application unit 50 and a platform unit 60.
The application unit 50 performs processing specific to the user service related to image forming processing such as a printer, copy, fax, and scanner. Therefore, the application unit 50 includes a printer application 55 that is a page description language and a printer application, a copy application 51 that is a copy application, a fax application 52 that is a facsimile application, and a scanner that is a scanner application. An application 53 and a network file application 54 which is a network file application are included.
The platform unit 60 includes various control units that interpret processing requests from the application unit 50 and generate acquisition requests for various resources such as hardware. The various control units include a system control unit 61, a memory control unit 62, an engine control unit 63, a fax control unit 64, an operation control unit 65, a document control unit 66, a network control unit 67, a security control unit 69, and an external device control. Part 70, key control part 68, signature control part 71, and time stamp control part 72.
The platform unit 60 also includes an application program interface (hereinafter referred to as API) 80 that can receive a processing request from the application 50 using a predefined function.

The system control unit 61 performs processing such as management of each application of the application unit 50, control of the operation unit (operation panel 21), display of a system screen, display of LEDs, management of hardware resources, control of an interrupt application, and the like.
The memory control unit 62 performs control associated with memory data access such as acquisition and release of a memory storage area, compression and decompression of image data, and the like.
The engine control unit 63 controls hardware resources (not shown) of the engine unit 23 such as a scanner or a plotter.
The fax control unit 64 is connected to a GSTN (analog telephone network) I / F, for facsimile transmission / reception and backup using a PSTN (Public Switched Telephone Network) or ISDN (Integrated Services Digital Network) network from each application layer of the system controller. APIs for registering / quoting various facsimile data managed in the memory, reading facsimile data, and performing facsimile reception printing and the like are provided.
The operation control unit 65 controls the operation panel 21 (FIG. 2) serving as information transmission means between the operator (user) and the controller 1.
As an operation of the document box function, the document control unit 66 performs data management, data processing, and the like in order to transmit / receive data to / from other devices (see FIG. 1) such as a networked PC and server.

The network control unit 67 is connected to a network such as Ethernet (registered trademark), provides a service that can be used in common for applications that require network I / O, and receives data received from the network side according to each protocol. Distributes to applications and mediates when sending data from each application to the network side.
The security control unit 69 provides a security service to the application unit 50.
The external device control unit 70 is connected to an external device (IC card 32 in the present embodiment) and exchanges data.
The key control unit 68 creates and manages (stores, modifies, deletes, etc.) a key used for creating an electronic signature, and exchanges data with the secure device 12.
The signature control unit 71 creates an electronic signature (detailed later) for an input document in the form of a personal signature and a device signature.
The time stamp control unit 72 creates a time stamp that proves the existence of document data.
The execution of each application of the application unit 50 and the operation of each control unit of the platform unit 60 used by each application are performed in accordance with an instruction of the CPU 2 that controls the entire MFP machine. At 60, the processing is performed centrally. The HDD 8 is used to store data necessary for the operation of each application and each control unit and image data in the operation process.

Next, a security function provided in the above-described MFP machine will be described. In the present embodiment, an electronic signature is created for a document input through a scanner, a communication I / F, and the like, and a time stamp is created, and data obtained in these processes is managed in association with the document. Realize the function.
Creation of an electronic signature for an input document involves a process for ensuring the originality of the document and preventing tampering. This process includes a process of encrypting document data (in this example, data obtained by hashing the document data) using a secret key.
In order to avoid the risk of the private key being leaked to the outside, this encryption process uses the electronic signature shown as the prior art (Patent Document 2) in the above [Background Art] and [Problems to be Solved by the Invention]. A method using an external device such as an IC card having a creation (encryption processing) part and a secret key is employed.
However, in the present invention, the configuration using an external device is not the only means, and it is possible to improve the convenience by using in combination with an existing method that does not use an external device. In this embodiment, this configuration is implemented by using the IC card 32 as an external device and a device that uses the secure device 12 built in the MFP.
Also, the time stamp, which is a part of the security function, is performed to prove the existence of document data for an input document for which an electronic signature has been created. In this embodiment, when creating an electronic signature, the time stamp control unit 72 is operated as a series of processes to execute the time stamp.

Hereinafter, electronic signature and time stamp processing when inputting document data, in which electronic signatures are performed by the IC card 32 (external device) and the secure device 12 (built-in device) used together, will be described according to the control flow.
The control flow illustrated here is an example in which processing is performed on a document input by a scanner, and the input document data is processed in a process until it is transmitted / saved as data for print output or distribution output to an external device. It is a thing. In addition to this example, the following electronic signature and time stamp processing is performed in the same manner even when a document is input from the network or a new output request is made for a document stored in the machine. Is possible.

"Process by IC card (personal signature)"
First, a processing example in the case of creating an electronic signature using the IC card 32 as an external device will be described. If it is assumed that the IC card 32 is owned and managed by an individual, personal information and private key data are stored in the card in advance. Therefore, in the electronic signature using the IC card 32, a signature of the individual user who inputs the document is created (in the case of writing “personal signature” in this document, this electronic signature is indicated).
In the example shown here, when an initial setting is performed through the operation panel 21, a user or the like performs an input operation for setting whether or not to perform an electronic signature and a time stamp. FIG. 5 shows an example of an initial setting screen regarding addition of an electronic signature and a time stamp. As shown in the figure, a screen for setting whether or not to add an electronic signature and a time stamp is prepared. An operation that eliminates the need for an electronic signature and a time stamp is also possible by an input operation on this screen. Note that when the user makes a processing request for a specific function (for example, copying, scanner distribution, etc.) that requires scanner input through the operation panel 21, the above setting input operation may be performed (FIG. 15 described later). , P4,5).

FIG. 6 shows a control flow of this example related to the electronic signature and time stamp processing when inputting document data. FIG. 7 is a diagram showing an internal operation of software corresponding to the control flow of FIG. 6 (software configuration is the same as that of FIG. 4) by a data flow.
As shown in the control flow of FIG. 6, the IC card 32 is authenticated at the beginning of the process (step S101). In this process, the following procedure is performed. That is, an instruction to input the IC card 32 is given through the operation panel 21 to a user who makes a processing request for a function that requires scanner input (for example, copying). In response to this instruction, the user sets the IC card 32 in the card reader of the IC card drive unit 31 connected to the USB I / F 14 and stores the user information (user ID and other personal information stored in the card). Information) is read (refer to FIG. 17 described later for the internal configuration of the IC card 32). At this time, the software accesses the IC card 32 from the scanner application 53 through the operation control unit 65 and the external device (IC card) control unit 70, compares the obtained user ID with the user registration, and authenticates the identity. To do.

After authenticating the person, the document is read by a scanner which is an input device (step S102). Reading of the document is performed by the scanner application 53.
Next, whether or not an electronic signature is to be created is confirmed by checking the user's previous input operation. If not (step S103-NO), the electronic signature and time stamp processing are skipped. Then, in order to use the read document data, an action for performing processing such as transmission / save is caused (step S109), and this control flow is ended.
On the other hand, when creating an electronic signature (step S103-YES), the read electronic document data is hashed (a hash function is applied to the electronic document data to obtain a hash value), and the hashed data is accompanied. Then, the IC card 32 is requested to create an electronic signature (step S104). At this time, the software accesses the IC card 32 from the document control unit 66 through the signature control unit 71 and the external device control unit 70 and requests creation of an electronic signature.
The IC card 32 requested to create an electronic signature encrypts the electronic document data using a secret key (stored in the card as data belonging to personal information) (about the internal configuration of the IC card 32). (See FIG. 17 below). Thereafter, the created electronic signature (personal signature) is sent from the IC card 32 to the document control unit 66 (step S105). In this example, the hash value is obtained by software built in the main body (signature control unit 71 or the like), the hashed document data is transferred to the IC card 32, and the data is encrypted by the IC card 32. However, a method of performing hashing processing on the IC card 32 side (IC card drive unit 31 or the like) may be used.

Next, whether or not to perform time stamping on the document data is confirmed by checking the user's previous input operation. If not (step S106-NO), the time stamp processing is skipped.
On the other hand, when the user has instructed to perform a time stamp (step S106-YES), a process of acquiring a time stamp is executed (step S107). The time stamp is obtained by accessing an external time server 500 (see FIG. 1) connected to the MFP machine from the network and acquiring the time stamp, or by using a clock (clock) built in the MFP machine. The time stamp may be acquired by any method. The example of FIG. 7 shows an operation flow when requesting an external time server 500 connected to the network to acquire a time stamp. At this time, the software obtains a time stamp by accessing the external time server 500 from the document control unit 66 through the time stamp control unit 72 and the network I / F 74.
Next, in order to manage the electronic signature and time stamp acquired above in association with the input document data, the acquired data is added to the input document data to form one electronic document data (step S108). . At this time, in the software, the document control unit 66 accesses the electronic signature created by the IC card 32 and acquired through the signature control unit 71 to the document input from the scanner, and the external time server 500 to control the time stamp. Processing for adding a time stamp acquired through the unit 72 is performed.
After that, by adding an electronic signature and a time stamp to the input document data, the data configured as one electronic document is sent to the outside of the device, or takes action such as being stored in the HDD 8 built in the MFP. (Step S109), the control flow is terminated. The example in FIG. 7 shows an operation flow when transmitting to an external device (for example, the PC 200 in FIG. 1, another server 600 or between the devices (A) and (B)) connected to the network. At this time, the software transmits electronic document data from the document control unit 66 to the external device through the network control unit 67 and the network I / F 74.

"Process by secure device (personal signature)"
A processing example in the case of creating an electronic signature using the secure device 12 as a device (MFP machine) built-in device will be described. Here, the user's personal electronic signature is given to the document. In addition, an example is shown in which identity verification of a user who performs a personal signature is performed according to a method different from the method using the IC card 32 described above, that is, a method of inputting personal information such as a user ID and a password through the operation panel 21.
Before executing the control flow of this process, the user performs an input operation for setting whether or not to perform an electronic signature and a time stamp through the operation panel 21. Similar to the above, this setting is performed by the method illustrated in the initial setting screen of FIG. 5 or the user setting when a processing request is made by a specific function that requires scanner input (see FIG. 15, P4, 5 below). You can go there.
FIG. 8 shows a control flow of this example related to the electronic signature and time stamp processing when inputting document data. Further, FIG. 9 is a diagram showing an internal operation of software corresponding to the control flow of FIG. 8 (software configuration is the same as that of FIG. 4) by a data flow.
According to the control flow of FIG. 8, personal authentication is performed by the device at the beginning of the process (step S201). In this process, the following procedure is performed. That is, an instruction to input a user ID and password is given through the operation panel 21 to a user who makes a processing request for a function that requires scanner input (for example, copying). In response to this instruction, the user performs an input operation using the keys on the operation panel 21. The personal authentication is performed by a method of authenticating using an external authentication server 300 (see FIG. 1) connected to the MFP machine over a network, or an address book (in this example, the HDD 8 in this example) built in advance in the MFP machine. Or the like, or any one of the methods. The example of FIG. 9 shows an operation flow when authentication is performed using an address book built in advance in the device. At this time, the software accesses the address book of the HDD 8 from the scanner application 53 through the operation control unit 65, acquires the registered password and user ID, and collates these with the input made by the user from the operation panel 21. And authenticate the identity.

After authenticating the person, the document is read by a scanner which is an input device (step S202). Reading of the document is performed by the scanner application 53.
Next, whether or not an electronic signature is to be created is confirmed by checking the user's previous input operation. If not created (NO in step S203), the electronic signature and time stamp processing are skipped. Then, in order to use the read document data, an action for performing processing such as transmission / save is caused (step S208), and this control flow is ended.
On the other hand, when creating an electronic signature (YES in step S203), an electronic signature accompanied by an encryption process is created in the device (step S204). That is, the electronic document data is encrypted by using a secret key stored as data belonging to personal information in the secure device 12 built in the device, and an electronic signature is created. At this time, the software uses the personal private key obtained from the secure device 12 through the signature control unit 71, the security control unit 69, and the key control unit 68 for the electronic document from the document control unit 66. Is created. The creation of the electronic signature in this example is performed by the security control unit 69 and the signature control unit 71, and a hash function is applied to the electronic document data, and the obtained hash value is encrypted using a secret key. Is done. The electronic signature created in this way is sent to the document control unit 66.

Next, whether or not to perform time stamping on the document data is confirmed by checking the user's input operation previously performed. If not (step S205-NO), the time stamp processing is skipped.
On the other hand, when the user has instructed to perform a time stamp (step S205-YES), a process of acquiring a time stamp is executed (step S206). The time stamp is acquired by accessing an external time server 500 (see FIG. 1) connected to the network and acquiring the time stamp, or by performing a time stamp using a clock (clock) built in the device. The time stamp may be acquired by any method. The example of FIG. 9 shows an operation flow when a time stamp is acquired by requesting from an external time server 500 connected to the network. At this time, the software obtains a time stamp by accessing the external time server 500 from the document control unit 66 through the time stamp control unit 72 and the network I / F 74.
Next, in order to manage the electronic signature and time stamp acquired above in association with the input document data, the acquired data is added to the input document data to form one electronic document data (step S207). . At this time, in the software, the document control unit 66 accesses the electronic signature created by the security control unit 69 and the signature control unit 71 and the external time server 500 to the document input from the scanner, and the time stamp control unit 72. The process of adding the time stamp acquired through the process is performed.
After that, by adding an electronic signature and a time stamp to the input document data, data configured as one electronic document is sent to the outside of the device, or stored in the HDD 8 built in the device. (Step S208), this control flow ends. The example of FIG. 9 shows an operation flow when transmitting to an external device (for example, the PC 200 of FIG. 1, another server 600 or between the devices (A) and (B)) connected to the network. At this time, the software transmits electronic document data from the document control unit 66 to the external device through the network control unit 67 and the network I / F 74.

“Process by Secure Device (Device Signature)”
A processing example in the case of creating an electronic signature using the secure device 12 as a device (MFP machine) built-in device will be described. Here, an electronic signature with a device-specific private key is given to the document (in this document, when “device signature” is described, this electronic signature is indicated).
Before executing the control flow of this process, the user performs an input operation through the operation panel 21 to set whether or not to perform device signature and time stamp. Similar to the above, this setting is performed by the method illustrated in the initial setting screen of FIG. 5 or the user setting when a processing request is made by a specific function that requires scanner input (see FIG. 15, P4, 5 below). You can go there.
FIG. 10 shows a control flow of the present example relating to device signature and time stamp processing when document data is input. Further, FIG. 11 is a diagram showing an internal operation of software corresponding to the control flow of FIG. 10 (software configuration is the same as that of FIG. 4) by a data flow.
According to the control flow of FIG. 10, at the beginning of the flow, a document is read by a scanner which is an input device (step S301). Reading of the document is performed by the scanner application 53.
Next, whether or not a device signature is to be created is confirmed by checking the user's previous input operation. If not (step S302-NO), the device signature and time stamp processing are skipped. Then, in order to use the read document data, an action for performing processing such as transmission / save is caused (step S307), and this control flow is ended.

  On the other hand, when creating a device signature (step S302-YES), an electronic signature accompanied by an encryption process using a device-specific secret key is created (step S303). In other words, the electronic document data is encrypted using a device-specific secret key stored as data belonging to the device information in the secure device 12 built in the device, and an electronic signature is created. At this time, the software creates an electronic signature for the electronic document from the document control unit 66 using the device-specific secret key acquired from the secure device 12 through the signature control unit 71, the security control unit 69, and the key control unit 68. Is done. The device signature in this example is created by the security control unit 69 and the signature control unit 71. A hash function is applied to the electronic document data, and the obtained hash value is encrypted using a device-specific secret key. Processing is performed. The device signature created in this way is sent to the document control unit 66.

Next, whether or not to perform time stamp on the document data is confirmed by checking the user's input operation previously performed. If not (step S304-NO), the time stamp processing is skipped.
On the other hand, when the user has instructed to perform time stamping (step S304-YES), processing for acquiring the time stamp is executed (step S305). The time stamp is acquired by accessing an external time server 500 (see FIG. 1) connected to the network and acquiring the time stamp, or by performing a time stamp using a clock (clock) built in the device. The time stamp may be acquired by any method. The example of FIG. 11 shows an operation flow when requesting an external time server 500 connected to the network to acquire a time stamp. At this time, the software obtains a time stamp by accessing the external time server 500 from the document control unit 66 through the time stamp control unit 72 and the network I / F 74.
Next, in order to manage the device signature and time stamp acquired above in association with the input document data, the acquired data is added to the input document data to form one electronic document data (step S306). . At this time, in the software, the document control unit 66 accesses the device signature created by the security control unit 69 and the signature control unit 71 and the external time server 500 to the document input from the scanner, and the time stamp control unit 72. The process of adding the time stamp acquired through the process is performed.
Thereafter, by adding a device signature and a time stamp to the input document data, data configured as one electronic document is sent to the outside of the device, or saved in the HDD 8 built in the device. (Step S307), the control flow ends. The example of FIG. 11 shows an operation flow when transmitting to a network-connected external device (for example, the PC 200 of FIG. 1, another server 600 or between the devices (A) and (B)). At this time, the software transmits electronic document data from the document control unit 66 to the external device through the network control unit 67 and the network I / F 74.

"Selecting and setting electronic signature creation method"
In the above, in the MFP having the configuration shown in FIG. 1 and FIG. 2, the method of creating an electronic signature for an input document using an IC card 32 as an external device (only a personal signature), an internal device, using scan input as an example The method using the secure device 12 (individual signature and device signature) and the respective methods are shown along the control flow.
In the present invention, the convenience of use is improved by using a production method using these external and built-in devices. In order to perform processing by each method that can be used in combination, it is necessary to set as a control condition which processing method is to be performed.
Therefore, a means for allowing the user to set which of the method using the IC card 32 (external device) and the method using the secure device 12 (built-in device) that does not use the IC card 32 is selected. Prepare. This means guides the user through the operation panel 21 functioning as a user I / F, and accepts an operation such as key input for setting processing conditions necessary for each method.

FIG. 12 is a diagram illustrating an example of a screen display of the operation panel 21 that is changed in accordance with a setting operation flow of the electronic signature and time stamp processing. Note that this setting operation is a personal signature, and exemplifies a case where the method using the IC card 32 and the method using only the key input on the operation panel 21 are combined.
The screen P1 in FIG. 12 is displayed when the screen is shifted from the initial screen to the setting screen for digital signature and time stamp processing. When using the IC card 32, the card is placed at the reading position of the IC card drive unit 31. Only the message “Please set the IC card” that guides the setting is displayed, and no key operation is required. On the other hand, when the IC card 32 is not used, it is necessary to input the user ID and password from the operation panel 21 (in order to use the secret key of the secure device 12). The message “Please enter your user ID and password” is displayed.
Such a display screen corresponds to both a method using the IC card 32 and a method using only key input. That is, when the IC card 32 is used, the card is set. When only the key input is used, one of the methods is selected by inputting the user ID and password into the input box by key operation. , Proceed with the setting operation.

When the IC card 32 is set on the screen P1, the screen shifts to the screen P2, and a password input box for confirming the identity of the user is displayed and a message for guiding the input is displayed.
On the other hand, when the user ID and password are input on the screen P1, user authentication is performed using the input data.
In either case, authentication is performed, and if the authentication is successful, the screen shifts to a screen P3 that displays a message “Please set the document” that guides the user to set the document.
By the way, when the user ID and the password are input on the previous screen P1, it is a case where it is selected to create a personal signature by a method using a secret key stored in the secure device 12. In this case, a secret key may not be created.
Even in the case where the secret key has not been created, if the key is created, the processing can be continued. For this purpose, a screen P11 that displays a message “Do you want to create a key” that guides the user to create a key is prepared, and the screen shifts to this screen.
When the “No” key is operated on the screen P11, the screen shifts to the screen P12. On the screen P12, a message “It is necessary to make a key to attach a signature” is displayed, and a “return” key is provided on the screen, and the operation returns to the screen P11.
When the “Yes” key is operated on the screen P11, a secret key is created. Therefore, the user is notified that the key has been created on the screen P13.
In addition, when the “return” key provided on the screen P13 is operated, the process returns to the main flow to inform the user of the message “Please set the document”, and it is not necessary to create a secret key. The above-mentioned screen P3 displayed in such a case is displayed.

A “cancel” key is provided on the screen P3, and when this key is operated, the screen can be returned to the initial screen P0.
Further, a “next” key is provided on the screen of the screen P3, and when this key is operated, the screen shifts to a screen P4 instructing whether or not an electronic signature is necessary.
A message “Do you want to assign a title” is displayed on the screen P4, and a “Yes” key and a “No” key are provided on the screen. Here, when it is thought that it is not necessary to create an electronic signature, it is possible to return to the initial screen P0 by operating the “No” key.
On the other hand, the operation to the “Yes” key shifts to a screen P5 instructing whether or not to add a time stamp as the next screen.
The screen P5 is provided with a “Yes” key and a “No” key, and each key is operated depending on whether a time stamp is necessary. By performing this key operation, the setting of the electronic signature and time stamp processing is completed.
When the initial setting screen for adding an electronic signature and a time stamp shown in FIG. 5 is prepared and the “Yes” key for adding the electronic signature and the time stamp is selected on the initial setting screen. Does not display a message prompting the addition of the electronic signature and time stamp of the screens P4 and P5 in the setting flow of FIG. In the setting of FIG. 12, an electronic signature and a time stamp are added, but other attributes can be added to the read document.

"Creation of private keys"
Encryption processing is performed in the creation of the electronic signature described above. A method for creating a secret key or the like used for this processing will be described next.
A private key or the like needs to be created and stored in advance before creating an electronic signature. However, as described above, a method using a secure device 12 that is a built-in device (personal signature and device signature). In the method using the IC card 32 which is an external device (only the personal signature), the location for storing the private key and the method for generating the private key are also different. Below, the example of the production | generation method of each system is demonstrated.
“Secure device method (for personal signature)”
FIG. 13 shows a control flow of the present example related to a secret key generation process. FIG. 14 is a diagram showing an internal operation of software corresponding to the control flow of FIG. 13 (software configuration is the same as that of FIG. 4) by a data flow.
According to the control flow of FIG. 13, at the beginning of processing, generation of a secret key or the like is instructed by the operation panel 21 (step S401). For example, a function key for instructing generation of a private key for personal signature is provided on the initial menu screen or the like of the operation panel 21 that accepts a user's processing request, and generation is instructed by operating this key. In the operation example of the software in FIG. 14, when generation of a secret key or the like is instructed, the generation is requested from the scanner application 53 to the operation control unit 65.
In response to an instruction for generating a secret key or the like, a key is generated (step S402). Here, a private key and a public key for the target user are generated. The generated key is stored in the secure device 12 (step S403), and this control flow ends. In the operation example of the software in FIG. 14, the operation control unit 65 acquires data such as an ID that is personal information of the target user from an address book or the like generated in the HDD 8, and performs security control based on this personal data. A key is generated by the unit 69 and the key control unit 68 and stored in the secure device 12.

“Secure device method (for device signature)”
The control flow of this example relating to the generation process of the device signature private key and the like is the same as the procedure of FIG. 13 shown in the generation process for the personal signature. FIG. 15 is a diagram showing the internal operation of the software (the software configuration is the same as in FIG. 4) corresponding to the control flow (FIG. 13) by the data flow.
According to the control flow of FIG. 13, at the beginning of processing, generation of a secret key or the like is instructed by the operation panel 21 (step S401). For example, a function key for instructing generation of a device signature secret key or the like is provided on an initial menu screen or the like of the operation panel 21 that accepts a user's processing request, and generation is instructed by operating this key. In the operation example of the software in FIG. 15, when the generation of a secret key or the like is instructed, the scanner application 53 requests the operation control unit 65 to generate it.
In response to an instruction for generating a secret key or the like, a key is generated (step S402). Here, a secret key and a public key for the target device are generated. The generated key is stored in the secure device 12 (step S403), and this control flow ends. In the operation example of the software in FIG. 15, the operation control unit 65 acquires data such as a device ID, which is device information unique to the device stored in the secure device 12, and performs security based on the device-specific data. A key is generated by the control unit 69 and the key control unit 68 and stored in the secure device 12.

"IC card method (for personal signature)"
Since the generation process of the secret key or the like used for the IC card method is to prevent the data such as the secret key stored in the IC card 32 from flowing to the device (MFP machine) side, It is not performed through device processing, but is performed by a user-managed PC.
FIG. 16 shows an example of the software configuration of the PC 700 that generates a secret key or the like stored in the IC card. A PC 700 shown in FIG. 16 includes a key creation request unit 720, an external device (IC card) control unit 730, an input / output control unit 710, and the like as a configuration for generating a secret key or the like stored in the connected IC card 32. .
FIG. 17 shows a configuration example of the IC card 32. As shown in the figure, the IC card 32 includes a CPU 32c, a memory 32m, an input / output control unit 32i connected to the PC 700 (FIG. 16), a key control unit 32k for generating and managing keys, and creation and management of an electronic signature. And a data storage unit 32d for storing user information such as a user ID and password and key data.
FIG. 18 shows a control flow of the PC 700 when the IC card 32 (FIG. 17) is connected to the PC 700 (FIG. 16) and a secret key or the like is generated.
According to the control flow of FIG. 18, at the beginning of the process, a request is made to generate a secret key requested by the user through the input / output control unit 710 and the key creation request unit 720 (step S501).
The processing system in the PC generates the requested user ID, password, secret key, public key, and the like (step S502).
The generated data such as a key is written into the data storage unit 32d of the IC card 32 via the external device (IC card) control unit 730, the key and the like are stored (step S503), and the control flow ends.

“Creation of personal signature in IC card system”
In this example, it is a necessary condition to prevent the data such as keys stored in the IC card 32 from being leaked to the outside. For this reason, as shown in the configuration of the IC card 32 (FIG. 17), the keys, etc. The personal signature created by using the above data is also internally processed, and has a signature control unit 32s and a key control unit 32k as processing means.
Accordingly, when creation of a personal signature is set on the device (MFP machine) side, a process for creating a personal signature in accordance with the setting is executed on the IC card 32 side in response to a request from the device (MFP machine). Then, the created personal signature is provided to the device (MFP machine) side (see steps S104 and S105 in FIG. 6).
FIG. 19 shows a control flow when creating a personal signature with the IC card 32.
According to the control flow of FIG. 19, when a request for creating an electronic signature is received from the device (MFP machine) side to which the IC card 32 is connected at the beginning of the process (step S601), the IC card 32 side that receives the request sends it. The hashed electronic document data is encrypted by the signature control unit 32s and the key control unit 32k using the user's private key stored in the data storage unit 32d in the IC card. A personal signature is created (step S602). Thereafter, the created personal signature is returned to the device (MFP machine) side via the input / output control unit 32i, and this control flow ends.

1 illustrates an outline of a configuration of an image processing system according to an embodiment of the present invention. 2 shows an outline of a hardware configuration of an MFP machine (devices (A) and (B)) constituting the image processing system of FIG. A connection configuration between a PC that generates data such as a key stored in an IC card and the IC card is shown. FIG. 3 is a schematic diagram illustrating a software configuration of an MFP (FIGS. 1 and 2) and a relationship between a software configuration unit and peripheral devices and I / F. An example of an initial setting screen regarding addition of an electronic signature and a time stamp is shown. A control flow related to electronic signature (using an IC card) and time stamp processing when inputting document data is shown. The internal operation of the software corresponding to the control flow of FIG. 6 is shown by the data flow. A control flow related to personal signature (using a secure device) and time stamp processing when inputting document data is shown. The internal operation of the software corresponding to the control flow of FIG. 8 is shown by the data flow. A control flow related to device signature (using a secure device) and time stamp processing when inputting document data is shown. The internal operation of the software corresponding to the control flow of FIG. 10 is shown by the data flow. An example of a screen display of an operation panel that is changed in accordance with a setting operation flow of electronic signature and time stamp processing is shown. A control flow related to a secret key generation process is shown. The internal operation of the software corresponding to the control flow (generation of personal keys, etc.) in FIG. 13 is shown by the data flow. The internal operation of the software corresponding to the control flow (generation of device keys, etc.) in FIG. 13 is shown by the data flow. An example of a software configuration of a PC that generates a secret key or the like to be stored in an IC card is shown. The structural example of an IC card is shown. A control flow when an IC card (FIG. 17) is connected to a PC (FIG. 16) and a secret key or the like is generated is shown. A control flow when creating a personal signature with an IC card is shown.

Explanation of symbols

1 .... Controller, 2 .... CPU (Central Processing Unit),
6. ASIC (Application Specific Integrated Circuit),
8. HDD (Hard Disk Drive) 12. Secure device
14. ・ USB (Universal Serial Bus) I / F,
21..Operation panel, 31..IC card drive part,
32..IC card, 32d..Data storage unit,
32k ... Key control unit, 32s ... Signature control unit,
53 ··· Scanner application, 61 ·· System control unit,
65 .. Operation control unit, 66 .. Document control unit,
67 .. Network control part, 69. Security control part,
68 .. Key control unit, 70 .. External device control unit,
71..Signature control unit, 72..Time stamp control unit.

Claims (6)

  Document input means, means for processing document data input by the document input means into image output data, electronic signature creation means for creating an electronic signature for the input document data, and created by the electronic signature creation means An image processing apparatus having a document management means for managing an electronic signature in association with input document data, wherein the electronic signature creation means is connected via a built-in means and an interface capable of independently creating an electronic signature. An image processing apparatus comprising control means for controlling the internal signature or external means in the electronic signature creation means to create an electronic signature.   The image processing apparatus according to claim 1, wherein the control unit performs a control operation in accordance with an input condition for selecting either the built-in or external unit in the digital signature creation unit. apparatus.   3. The image processing apparatus according to claim 1, further comprising time stamp adding means for adding a time stamp to the input document data, wherein the input document data to which the time stamp is added is managed by the document management means. A featured image processing apparatus.   4. The image processing apparatus according to claim 3, further comprising time stamp control means for controlling operation / non-operation of the time stamp adding means, wherein the time stamp control means is in accordance with an input condition for selecting whether or not a time stamp is required. An image processing apparatus performing a control operation.   The image processing apparatus according to claim 2, further comprising an operation unit capable of a user input operation, wherein the input unit is instructed by the operation unit.   6. The image processing apparatus according to claim 1, further comprising an interface for transmitting / receiving data to / from a network, wherein at least one of an electronic signature and a time stamp for input document data is transmitted via the interface with the network. An image processing apparatus for transmitting the added input document data.

Images