JP2007087026A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To limit the execution of processing which is not desired by the user of an information processor even when the information processor is remotely operated by a third person. <P>SOLUTION: In a compound machine 10 equipped with an information processor 11, a control part 1 reads security information(secret key) from an IC card 3a through a card read part 3. When receiving an encrypted remote operation request from an external controller, the control part 1 decodes the encrypted request by using the security information. When the request is decrypted, and it is determined that the content is valid, the control part 1 permits a remote operation from the controller. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a technique for safely performing remote operation, so-called remote console.

  There is a demand to operate an information processing apparatus such as a computer from a remote location. As a response to such a request, a technique for remotely operating an information processing apparatus via a network such as the Internet is known. In this case, since a third party may access the network, there is a risk that a malicious third party may illegally operate the information processing apparatus due to wiretapping of communication or the like. Therefore, in this kind of technology, it is necessary to ensure the safety of remote operation sufficiently. For example, Patent Document 1 discloses a method for controlling home appliances (information processing devices) by accessing a control device from the outside using an IC card capable of generating an electronic signature and a communication terminal, and verifying the electronic signature by the control device. A technique for determining whether or not it is possible is disclosed. If this technology is used, access with an illegal electronic signature is rejected, so that only authorized users can control home appliances such as personal computers and televisions.

By the way, when remotely operating the information processing apparatus, the operator who remotely operates the information processing apparatus and the user of the information processing apparatus remotely operated are not necessarily the same. For example, when managing and maintaining a plurality of information processing apparatuses from a remote location, the operator is usually an unknown third party for the user. The information processing apparatus may store personal data of the user, or there may be setting items that are set according to the user's preference and usability. If the operator is allowed to access and change the setting items, it must be said that it is extremely inconvenient for the user. Also, from the viewpoint of protecting the privacy of the user, the operator should not allow remote operation even for processing that is not desired by the user. However, if the technique described in Patent Document 1 described above is used, the user cannot know the contents of the process performed by the operator, and thus may suffer an unexpected disadvantage without being aware of it.
JP 2003-125468 A

  The present invention has been made in view of the above-described circumstances, and an object thereof is to limit execution of processing that is not desired by the user of the information processing device when a third party remotely operates the information processing device. .

In order to achieve the above-described object, an information processing apparatus according to the present invention includes a control unit that performs remote operation, communication means for transmitting and receiving data, and security information for permitting remote operation by the control unit. A determination to permit or prohibit remote operation based on the request and the security information acquired by the acquisition means when the acquisition means to acquire and a request for remote operation from the control device are received by the communication means And a executing unit that executes processing according to an instruction transmitted from the control device via the communication unit when the remote operation is permitted by the determining unit.
In such an information processing apparatus, whether or not the remote operation can be executed is determined by acquiring security information by the acquisition unit. In other words, in this information processing apparatus, the remote operation is not permitted unless the user performs an operation (IC card insertion or password input) for acquiring security information. In other words, since the above-described operation by the user can be approved for execution of the remote operation, it is possible to limit the execution of processing that the user does not want.

  In the information processing apparatus according to the present invention, the acquisition unit includes a reading unit that detachably mounts the storage medium storing the security information, and the storage unit is mounted on the reading unit. In addition, the security information may be acquired. When the security information is stored in the removable storage medium, when the user does not want to perform the remote operation, it is possible to reliably prevent the remote operation from being performed by removing the security information. As this storage medium, for example, an IC card is preferably used. However, of course, other storage media such as a flash memory and a dongle can be used.

  In the information processing apparatus according to the present invention, the determination unit may be configured to prohibit remote operation by the control device when the storage medium is removed from the reading unit. This makes it possible for the user of the information processing apparatus to forcibly interrupt or end the process even when the control apparatus is executing the process by remote operation.

  In the information processing apparatus according to the present invention, the request is encrypted with a public key in a public key cryptosystem, the security information includes a secret key in the public key cryptosystem, and the determination unit includes: A configuration comprising decryption means for decrypting the request using a secret key included in the security information acquired by the acquisition means, and permitting remote operation by the control device when the decryption means can decrypt the request It may be. In this way, since the request transmitted by the control device can be decrypted only with the determined secret key, it is possible to improve the safety related to communication.

  The information processing apparatus according to the present invention may further include a display unit that displays the contents of the process executed by the execution unit in accordance with an instruction from the control device. In this way, the user of the information processing apparatus can visually check the contents of the process executed by the control apparatus, and thus can easily check whether an undesired process is being performed. .

  The information processing apparatus according to the present invention may be configured to permit or prohibit execution of a process when the remote control is permitted by the determination unit and execution of a predetermined process is instructed via the communication unit. And a selection unit that allows a user of the information processing apparatus to select the execution unit, and the execution unit is configured not to execute the process when prohibition of the process is selected by the user via the selection unit. There may be. This makes it possible for the user of the information processing apparatus to forcibly end the process even when the control apparatus is executing the process by remote control.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. Here, as one preferred embodiment, a multi-function machine including the information processing apparatus according to the present invention will be described as an example. In this case, the multifunction peripheral is a printer (image forming apparatus) having a scanner function.

[1. Configuration of Embodiment]
FIG. 1 is a diagram showing an overall configuration of a remote operation system 100 according to an embodiment of the present invention. As shown in the figure, the remote operation system 100 includes a plurality of multifunction devices 10, a computer 20, and a network 30.

  The computer 20 is a computer having a general well-known configuration, and is configured so that a plurality of multifunction devices 10 can be remotely operated via the network 30. The computer 20 is operated by an operator who is a system administrator. The network 30 is, for example, the Internet, and is connected to the multifunction machine 10 and the computer 20 to realize data communication. If this system is built in a company, the network 30 may be a LAN (Local Area Network) or a WAN (Wide Area Network).

  Next, the configuration of the multifunction machine 10 will be described with reference to FIG. The configuration of the multifunction machine 10 is broadly divided into an information processing apparatus 11, an image reading apparatus 12, and an image forming apparatus 13. The image reading device 12 is a so-called scanner, and includes an optical system member such as a lens and an image sensor. The image reading device 12 reads an original such as a document, generates image data corresponding to the read original, and outputs the image data to the information processing device 11. The image forming apparatus 13 is an electrophotographic printer, and has a configuration necessary for image formation, such as a photosensitive drum, a charger, an exposure device, and a developing device. The image forming apparatus 13 forms an image based on the image data supplied from the information processing apparatus 11 using toner, and transfers and fixes it on a sheet-like recording material (hereinafter referred to as “paper”).

  Next, the configuration of the data processing device 11 will be described. The data processing device 11 includes a control unit 1, a storage unit 2, a card read unit 3, an operation unit 4, a communication unit 5, an input unit 6, and an output unit 7. The storage unit 2 is a storage device such as a hard disk, and stores data and image data used by the control unit 1 for arithmetic processing. The image data is stored using a confidential box function described later. Further, the data stored in the storage unit 2 includes data (ID and password pair) for determining the legitimacy of the operator.

  The card lead unit 3 is a contact type IC card reader that reads information stored in the IC card 3a. The card lead portion 3 is configured to be detachable from the IC card 3a, and preferably includes a holder for holding the IC card 3a. The card read unit 3 reads security information from the mounted IC card 3 a and supplies it to the control unit 1. The IC card 3a is a card-shaped storage medium having a semiconductor integrated circuit (IC) therein, and stores unique security information given to each user of the multifunction machine 10.

  In the present embodiment, the security information is a secret key in the public key cryptosystem. There is a public key to be paired with this secret key, and the public key is generated in advance and stored in the computer 20. A pair of a private key and a public key (key pair) is different for each user, and data encrypted using a public key of a certain user cannot be decrypted without using the private key of the user. The secret key is stored in advance in the IC card 3a, and the public key is stored in advance in the storage unit of the computer 20. The public key cryptosystem includes various schemes (algorithms) such as RSA cryptography and elliptic curve cryptography, but the specific algorithm is not particularly limited in this embodiment.

  The operation unit 4 includes a touch panel, buttons, and the like, and receives instructions input by a user who is an operator. The communication unit 5 is an interface unit for connecting the multifunction machine 10 to the computer 20 via the network 30. The input unit 6 is an interface unit with the image reading device 12 that is a data input device, and the output unit 7 is an interface unit with the image forming device 13 that is a data output device.

  The control unit 1 is an arithmetic device including a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like. The control unit 1 executes various kinds of arithmetic processing by executing programs stored in the ROM, and controls the operation of each unit described above according to an instruction from a user or an operator. The control unit 1 of the present embodiment stores a control program CP and an authentication program AP.

  The control program CP is a basic program for controlling the operation of the entire multifunction device 10 and is executed by the control unit 1 when the multifunction device 10 is activated. The authentication program AP is a program for determining the validity of a remote operation request transmitted from the computer 20, and is called and executed from the control program CP when performing an authentication process described later.

[2. Operation of the embodiment]
With the above configuration, the multifunction machine 10 reads the original with the image reading device 12 to generate image data, and forms an image based on the image data on a sheet, or uses the confidential box function to convert the image data. Remember. Here, the confidential box function is a function of storing image data of a document read by each user for each user. The user can acquire his / her own image data via the network 30, but is restricted so that the image data read by other users cannot be acquired.

  Further, the multifunction machine 10 accepts a remote operation from the computer 20 as necessary. Specifically, the remote operation is performed when a problem that cannot be solved by the user of the multifunction device 10 occurs, or when an operator who is an administrator performs maintenance of the multifunction device 10. When accepting a remote operation, the user attaches his / her IC card 3 a to the card lead unit 3 in advance.

  Further, when starting the remote operation, the operator of the computer 20 transmits a command indicating the request (hereinafter referred to as “request”) to the multifunction device 10. This request includes an ID and a password used for authentication of the computer 20, and is encrypted using the public key described above.

  When accepting a remote operation from the computer 20, the multifunction machine 10 executes the following process. In the following, an example of a basic operation performed by the multifunction machine 10 will be described first, and then an application example of the basic operation will be described.

[2.1. basic action]
FIG. 3 is a flowchart showing a process when the multifunction machine 10 accepts a remote operation from the computer 20. Explaining along the figure, first, the control unit 1 of the multifunction machine 10 determines whether or not a request for performing a remote operation is transmitted from the computer 20 via the communication unit 5 (S1). The control unit 1 repeats this process until a request from the computer 20 is detected.

  If it is determined that a request is transmitted from the computer 20 (S1; YES), the control unit 1 receives this request (S2). Subsequently, the control unit 1 determines whether or not the IC card 3a is attached to the card lead unit 3 (S3). When the IC card 3a is not attached to the card lead unit 3 (S3; NO), it means that the user of the multifunction device 10 does not permit remote operation. Through the computer 20 is notified to the computer 20 that remote operation is not permitted (S9).

  On the other hand, when the IC card 3a is attached to the card lead unit 3 (S3; YES), the control unit 1 acquires security information from the IC card 3a (S4). At this time, the control unit 1 may temporarily store the security information in the RAM. When the request is received from the computer 20 and the security information is acquired from the IC card 3a, the control unit 1 executes the authentication program AP and performs an authentication process based on these data (S5).

  The specific contents of the authentication process are as follows. That is, the control unit 1 attempts to decrypt a request encrypted using the public key, using the secret key (security information) acquired from the IC card 3a. As described above, if the remote operation request is transmitted from the legitimate computer 20, the encrypted request can be decrypted using the secret key. After decrypting the encrypted request, the control unit 1 compares the ID and password included in the request with the data stored in the storage unit 2 to determine whether the request is encrypted by a legitimate operator. To do. The control unit 1 permits the remote operation when the ID / password pair included in the request matches the ID / password pair stored in the storage unit 2, otherwise the remote operation is performed. Is prohibited.

  Subsequently, the control unit 1 determines whether or not to permit remote operation based on the result of the above-described authentication process (S6). When the remote operation is permitted (S6; YES), the control unit 1 notifies the computer 20 that the remote operation is permitted (S7), and thereafter, the process according to the instruction transmitted from the computer 20 is combined. The machine 10 is executed (S8). On the other hand, when the remote operation is prohibited (S6; NO), the control unit 1 notifies the computer 20 that the remote operation is not permitted (S9).

  By executing the above processing, the multifunction machine 10 of the present embodiment can allow only a legitimate request and execute a remote operation. Further, since the request from the computer 20 includes an ID and a password, which are further encrypted using a public key, the safety of communication can be sufficiently ensured. In addition, since the request transmitted at this time cannot be decrypted without a valid secret key, there is very little possibility that an ID or password is stolen in communication via the network 30.

  In addition, in order for the MFP 10 of the present embodiment to execute a remote operation, the user needs to explicitly agree to execute the remote operation by the action of mounting the IC card 3a. In other words, if the user removes the IC card 3a, the computer 20 cannot perform remote operation. Therefore, according to the multifunction machine 10 of the present embodiment, the remote operation is executed only when the user desires, and the remote operation can be prohibited when the user does not want, so that the processing unintended by the user is performed. Can be prevented.

[2.2. Application example of basic operation]
Subsequently, an operation example in which the basic operation described above is applied will be described. In the above-described example, once the user permits remote operation, any process can be executed from the computer 20, and the user cannot intervene when executing the process. Therefore, even if the operator tries to execute a process that the user does not want while the remote operation is being performed, the user cannot prevent this.

  Therefore, here, processing for allowing the user to intervene in such a case will be described with reference to the flowchart of FIG. In this process as well, the main operation is the same as the basic operation described above, and a description of steps having the same specific operation is omitted. In FIG. 4, steps that perform the same processing as in FIG. That is, in this process, the operations in steps S1 to S9 are the same as the basic operations.

  The control unit 1 receives a specific processing instruction from the computer 20 after notifying that the remote operation is permitted in step S7. Before executing this process, the control unit 1 displays the content of the instructed process on the touch panel of the operation unit 4 (S11). The content of the screen displayed on the touch panel is arbitrary, and the instructed process may be displayed in characters, or a screen similar to the screen displayed on the computer 20 may be displayed. At this time, the control unit 1 displays a screen for confirming the execution of the process together with the contents of the process, and prompts the user to select. The screen displayed on the touch panel at this time is, for example, as shown in FIG.

  Subsequently, the control unit 1 determines whether or not the process instructed by the computer 20 can be executed based on the user's operation (S12). Specifically, in the case of the example in FIG. 5, if the user selects a button displayed as “permitted”, the execution of the process is permitted, and the user selects a button displayed as “not permitted”. If so, execution of the process is prohibited. When the control unit 1 determines that the execution of the instructed process is permitted (S12; YES), the control unit 1 causes the multi-function device 10 to execute the process according to the instruction from the computer 20 (S8). When it is determined that the execution is prohibited (S12; NO), the computer 20 is notified that the remote operation is not permitted (S9).

By executing the above processing, the multifunction peripheral 10 of the present embodiment can prohibit execution of specific processing that is not desired to be executed even if the execution of the remote operation is agreed. Therefore, according to the multifunction machine 10, it is possible to improve user convenience and safety of remote operation. In addition, according to the multifunction machine 10, since the contents of the processing performed by the operator are clearly indicated on the touch panel of the operation unit 4, it is possible to make the user aware of what processing is being performed and to give a sense of security. It becomes.

[3. Modified example]
In addition, this invention is not implemented only by embodiment mentioned above, It is also possible to implement various deformation | transformation to the above-mentioned embodiment. Therefore, in the following, modifications applicable to the above-described embodiment will be exemplified.

  First, in the above-described embodiment, the multifunction device 10 is described as an example of the information processing device according to the present invention, but the information processing device is not limited to the multifunction device 10. For example, the information processing apparatus according to the present invention may include a configuration of a facsimile machine in addition to the configuration of the multifunction machine 10 or may be a personal computer.

  In the above-described embodiment, the card lead unit 3 has been described as a contact type IC card reader. However, of course, a non-contact type IC card may be read. Further, the storage medium that holds the security information is not limited to the IC card, and may be a flash memory or a dongle, for example. In such a case, the card reading unit may be a reading device corresponding to the type of storage medium.

  In the above-described embodiment, an example in which a request from the computer 20 is encrypted using a private key and decrypted using a public key has been described. However, the request can be transmitted without being encrypted. is there. In this case, the security information stored in the IC card 3a may be the user ID or password of the multifunction machine 10.

  Further, in the above-described embodiment, it has been described that the acquired security information may be temporarily stored in the RAM. However, when safety is more important, it is preferable not to store the security information inside. In such a case, when the IC card is removed from the card lead portion, remote operation may not be performed at that time. In this way, it becomes possible for the user of the multifunction machine to forcibly interrupt or end the remote operation.

It is the figure which showed the whole structure of the remote control system which is one Embodiment of this invention. FIG. 2 is a block diagram illustrating a multifunction machine according to the embodiment. 6 is a flowchart showing processing when the multi-function peripheral accepts remote operation from a computer. 6 is a flowchart showing processing when the multi-function peripheral accepts remote operation from a computer. It is the figure which illustrated the screen displayed on the touch panel of the same compound machine.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Remote operation system, 10 ... Multifunction machine, 11 ... Information processing apparatus, 1 ... Control part, 2 ... Memory | storage part, 3 ... Card read part, 4 ... Operation part, 5 ... Communication part, 6 ... Input part, 7 ... Output unit, 12 ... image reading device, 13 ... image forming device, 20 ... computer, 30 ... network

Claims (7)

A communication means for transmitting and receiving data to and from a control device that performs remote operation;
Obtaining means for obtaining security information for permitting remote operation by the control device;
When a request for remote operation from the control device is received by the communication unit, a determination unit that determines whether to permit or prohibit remote operation based on the request and the security information acquired by the acquisition unit;
An information processing apparatus comprising: execution means for executing processing in accordance with an instruction transmitted from the control apparatus via the communication means when the remote operation is permitted by the determination means. The acquisition means has a reading unit for detachably mounting a storage medium storing the security information,
The information processing apparatus according to claim 1, wherein the security information is acquired when the storage medium is attached to the reading unit. The information processing apparatus according to claim 2, wherein the determination unit prohibits remote operation by the control device when the storage medium is removed from the reading unit. The request is encrypted with a public key in a public key cryptosystem,
The security information includes a secret key in the public key cryptosystem,
The determination unit includes a decryption unit that decrypts the request using a secret key included in the security information acquired by the acquisition unit, and when the decryption unit can decrypt the request, a remote control by the control device The information processing apparatus according to claim 1, wherein operation is permitted. The information processing apparatus according to claim 1, further comprising storage means for storing security information acquired by the acquisition means. The information processing apparatus according to claim 1, further comprising a display unit configured to display a content of processing executed by the execution unit in accordance with an instruction from the control device. Selection that allows the user of the information processing apparatus to select whether to permit or prohibit execution of the process when the remote control is permitted by the determination unit and execution of a predetermined process is instructed via the communication unit With means,
The information processing apparatus according to claim 1, wherein the execution unit does not execute the process when the user selects to prohibit the execution of the process via the selection unit.

Images