JP2007094541A - Peripheral equipment device, its control method, and program for making computer execute processing at the peripheral equipment device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable an authenticated user to use an electronic signature of a group if the user is a member of the group, based on user authentication in a peripheral equipment device connectable to a network and carrying out processing related to image formation. <P>SOLUTION: The peripheral equipment device has a group database for managing user identification information for identifying users belonging to the group correspondingly for every group identification information for identifying groups; a user authenticating means for authenticating the user based on authentication information acquired from the user; a group specifying means for specifying the group to which the authenticated user belongs by retrieving the user identification information indicated by the authentication information, from the group database when authentication is successful, and acquiring group identification information corresponding to the coincident user identification information; and a group signature imparting means for imparting the electronic signature using a private key of the specified group, to an electronic document. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention provides a peripheral device that can use a group signature of a group to which a user belongs based on user authentication, a control method thereof, and a program for causing a computer to perform processing in the peripheral device. Is.

  Conventionally, documents such as S / MIME (Secure MIME (Multipurpose Internet Mail Extension)) defined in FRC (Request For Comment) 2311 or PDF (Portable Document Format) proposed by Adobe, etc. In order to prevent falsification and impersonation of a document sender, a technique for attaching an electronic signature using a sender's private key has been used.

  In addition to being used as a single unit such as a digital multi-function printer (MFP) that enables various image formation, it can be connected to a network from a PC (personal computer) via the network. Peripheral device devices that enable processing relating to image formation are used by a plurality of users and a plurality of departments in an organization, and therefore, device use management for each department has been performed.

  For example, as in Patent Documents 1 and 2, a technique for specifying a user or a department by inputting a user code from an operation panel or using an ID card and restricting use for each user or department has been proposed. Yes. With these technologies, it is possible to restrict the use of copy color, fax transmission, printing, scanner, etc. for each user. In addition, it is possible to limit usage so as not to exceed the upper limit of usage by calculating the usage amount for each department.

  Also, instead of each user's digital multifunction peripheral connected to the network managing information on users and usage restrictions, as in Patent Document 3, each digital multifunction peripheral is used centrally by a directory server accessible via the network. It has been proposed to manage information about restrictions.

Further, in Patent Document 4, for example, when sending e-mails, all e-mails are once aggregated in a transmission server, and based on the sender's e-mail address, document content, etc., the title is sent to the sender's individual signature or sender. It is proposed that the group to which the group belongs is centrally performed by the transmission server. With this technology, a user can safely send an e-mail without managing signatures.
JP 2002-178567 A JP 2002-240398 A JP 2002-202945 A Japanese Patent No. 3563649

  However, in the configuration where the network device itself providing the function to the user performs the authentication process as described in Patent Documents 1 and 2, when a plurality of network devices are used in the user environment, a user is newly added. When deleting a user or deleting a user, it is necessary to register or delete a user ID, a password, or the like for each device individually, and there is a problem that such setting is troublesome for the user.

  On the other hand, as described in Patent Document 3, it has become possible to centrally manage user information and usage authority information, but has means for making digital documents created by each digital multifunction peripheral safe. Because of this, such digital documents could not be controlled.

  Further, in the method for adding a signature described in Patent Document 4, for example, at the time of transmission, there is no means for authenticating the user himself / herself in the transmission server, so it is determined whether or not a member belonging to the group is impersonated. There was a problem that I could not do it.

  Sender impersonation may not necessarily require a personal signature. Electronic signatures are being used as seals, but for example, seals used for billing are usually used for each department within the organization and do not use personal seals. .

  However, in the conventional digital signature technology, the private key registered in the device is associated with the individual user, and is not assumed to be used in a group managed by the device. Therefore, even a member of the authenticated group cannot use the electronic signature of the group.

  Accordingly, an object of the present invention is to provide a peripheral device that can use a group signature of a group to which a user belongs based on user authentication, a control method thereof, and a computer to perform processing in the peripheral device. Is to provide a program.

  In order to solve the above problems, the present invention is based on a group database for managing user identification information for identifying a user belonging to a group for each group identification information for identifying the group, and authentication information acquired from the user. A user authentication unit for authenticating the user, and, if the authentication is successful, retrieves the user identification information indicated by the authentication information from the group database and obtains the group identification information corresponding to the matching user identification information Accordingly, a group specifying means for specifying a group to which the authenticated user belongs and a group signature giving means for giving an electronic signature using the private key of the specified group to the electronic document are configured. The

  In such a peripheral device, if the electronic signature managed for each department is a member of the authenticated group, the electronic signature of the group can be given to the electronic document.

  In order to solve the above problem, the present invention provides a group identification information table for storing group identification information for identifying a group to which the user belongs, registered by the user, and authentication information acquired from the user via the network. Network authentication means for authenticating the user by transmitting to the external server that can be authenticated, and when receiving an authentication result indicating successful authentication from the external server, the group of the group to which the user authenticated by the external server belongs A group identification information acquisition means for acquiring identification information, the group identification information stored in the group identification information table, and a group to which the authenticated user belongs are identified by matching the acquired group identification information Using group identification means and the private key of the identified group Configured child signature to have a group signature applying means for applying to the electronic document.

  In such a peripheral device, a digital signature of a group corresponding to the user can be given to the electronic document. Therefore, an external server that performs authentication generally does not have a function for storing a secret key and a function for giving an electronic signature to each document. It is possible to perform detailed control such as assigning an electronic signature to an electronic document in a group corresponding to the user (a group to which the user belongs) instead of assigning the electronic signature.

  In addition, such a peripheral device includes a default signature unit that assigns an electronic book name using a preset default secret key to the electronic document when the group to which the user belongs cannot be specified by the group specifying unit. You may make it have further.

  In such a peripheral device, the peripheral device can be used by authentication. However, even an electronic document transmitted by a user who is not registered in any group can be prevented from being falsified and impersonated. .

  Further, such a peripheral device may further include a first group selection unit that allows the user to select one from a plurality of groups when the group identification unit identifies a plurality of groups to which the user belongs. It may be.

  In such a peripheral device, when a user is registered in a plurality of groups, it is possible to select which group to use.

  Alternatively, in such a peripheral device, a plurality of groups to which the user belongs are specified by the first priority table that associates the priority order for using the secret key for each group identification information and the group specifying unit. In this case, the first priority order table may be referred to so as to further include group determination means for determining a group having the highest priority among a plurality of groups as a group to which the user belongs.

  In such a peripheral device, when a user is registered in a plurality of groups, the group can be automatically determined according to the priority order without any user operation. For example, this is effective when there is no user operation such as automatic transfer of a received document.

  Alternatively, such a peripheral device includes a second priority table that associates the group identification information for identifying one or more groups with priorities for using secret keys for each transmission destination of the electronic document. If a plurality of groups to which the user belongs are specified by the group specifying means, the group having the highest priority among the plurality of groups based on the transmission destination by referring to the second priority order table And a group determining means for determining as a group to which the user belongs.

  In such a peripheral device, it is possible to use different electronic signatures depending on the transmission destination. The transmission destination is, for example, for each department within the organization or for each business partner outside the organization.

  Alternatively, such a peripheral device may further include second group selection means that allows the user to select one of the personal signature of the user and the group signature of the group specified by the group specifying means. It may be.

  In such a peripheral device, the user can select a personal signature or a group signature according to the application.

  In addition, such a peripheral device includes a first secret key determination unit that determines whether there is a secret key of a group specified by the group specification unit, and a group to which the user belongs by the group specification unit. When it is not specified, when it is determined that there is no secret key by the second secret key determination means for determining whether or not the user has a secret key and the first secret key determination means or the second secret key determination means May further include interruption means for interrupting the processing relating to the electronic document.

  In such a peripheral device, the process related to the electronic document (for example, the process of transmitting the electronic document) when the user authentication is successful but there is no secret key can be interrupted.

  As means for solving the above-described problems, the present invention may be a control method for causing a computer to perform processing in the peripheral device and a program for causing the computer to execute the processing.

  According to the present invention, in a peripheral device that can be connected to a network and performs processing related to image formation, if the authenticated user is a member of a group based on user authentication, the electronic signature of the group is used. can do.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[First example of network system configuration]
FIG. 1 is a block diagram showing a first configuration example of a network system according to an embodiment of the present invention. In a network system 1001 shown in FIG. 1, a multi function device (hereinafter, referred to as MFP (Multi Function Printer)) 101 capable of executing a plurality of image formations, a facsimile 121, a scanner 131, a printer 141, a copier 151, and the like. One or a plurality of PCs (personal computers) 3 and a mail server 200 are connected to the network 2.

  The MFP 101, the facsimile 121, the scanner 131, the printer 141, and the copier 151, which are peripheral device devices that perform processing relating to image formation, manage user accounts registered in the respective peripheral device devices. A user account DB (database) 5a and a group DB 5b for managing users belonging to each group.

  The user account DB 5a is referred to when a registered individual user is authenticated. The group DB 5b is referred to in order to acquire a certificate corresponding to the group for identifying the group to which the authenticated user belongs and attaching it to the digital document created in the peripheral device. The user account DB 5a and the group DB 5b may be constructed as one database.

  The mail server 200 performs distribution processing when transmitting image information and various reports created by each peripheral device in the apparatus to a predetermined e-mail address.

  In the network system 1001 shown in FIG. 1, each peripheral device performs user authentication using its own user account DB 5a, identifies a group corresponding to the user authenticated using the group DB 5b, and specifies a certificate corresponding to the group. It is the structure provided with the process part which acquires.

  Here, a hardware configuration of the MFP 101 will be described. FIG. 2 is a block diagram illustrating a hardware configuration of the MFP. 2, the MFP 101 includes a CPU (Central Processing Unit) 11, a ROM (Read Only Memory) 12, a RAM (Random Access Memory) 13, an image storage memory 14, a storage device 15, a LAN controller 16, A LAN interface (I / F) 17, a DCR (Data Compression and Reconstruction) 18, a scanner 19, a plotter 20, an operation port 21, and an operation panel 22 are included.

  The CPU 11 controls the entire MFP 101 and executes a control process (hereinafter referred to as a group signature process) for acquiring a certificate corresponding to the group to which the authenticated user belongs according to the present invention.

  The ROM 12 stores a program for the CPU 11 to perform each control process and data necessary for control. The RAM 13 is used as a partial work area by the CPU 11 for performing each control process, and is also used for developing image data when an image is formed.

  The image storage memory 14 is, for example, a memory that stores image data received by the facsimile function, image data read by the scanner function, and the like.

  The storage device 15 is a rewritable nonvolatile storage means configured by a nonvolatile RAM, HDD (Hard Disk Drive), etc., and stores data and parameters that need to be retained even when the MFP 101 is turned off. For example, the user account DB 5a and the group DB 5b used in the group signature processing according to the present invention are also stored.

  The LAN controller 16 and the LAN interface 17 connect the MFP 101 to the network 2 and perform communication control with the mail server 200, the PC 3, and other peripheral device apparatuses 121, 131, 141, and 151 via the network 2. For example, Ethernet (registered trademark) communication is performed. In addition to the Ethernet (registered trademark) system, various communication systems such as a wireless LAN and IEEE (Institute of Electrical and Electronic Engineers) 1349 can be used regardless of wired or wireless.

  The DCR 18 is connected to an analog public line PSTN (Public Switched Telephone Network), and transmits image data by a G3 facsimile transmission procedure using the public network as a transmission path.

  The scanner 19 reads a document image to be printed and converts it into data. The converted image data is encoded and stored in the image storage memory 14. In addition, the image data read by the scanner 19 can be transmitted to a specified destination using an electronic mail function. The plotter 20 forms and outputs a document image on a predetermined medium such as paper.

  The operation port 21 is an interface for connecting the operation panel 22 to the system bus B. The operation panel 22 includes an operation panel in which a touch panel is stacked on a liquid crystal display, various keys, and the like, and has a function of displaying a message and a GUI (Graphical User Interface) on the screen, and accepting an operation instruction, information input, and the like by a user. Have.

  The hardware configuration of the facsimile 121 is the same as the hardware configuration shown in FIG. The hardware configuration of the scanner 131 corresponds to a configuration in which the DCR 19 and the plotter 20 are not required from the hardware configuration shown in FIG. The hardware configuration of the printer 141 corresponds to a configuration in which the DCR 18 and the scanner 19 are not required from the hardware configuration shown in FIG. The hardware configuration of the copier 151 corresponds to a configuration in which the DCR 18 is not required from the hardware configuration shown in FIG. Therefore, detailed description thereof will be omitted.

  FIG. 3 is a block diagram showing a configuration example of software of the MFP in the network system shown in FIG. In FIG. 3, an MFP 101 includes an overall control unit 10a, a document control unit 10b, a network control unit 10c, an authentication control unit 10d, a user account control unit 10e, an accumulated document control unit 10f, and a fax control unit 10g. , A scanner control unit 10h, a printer control unit 10i, and a copy control unit 10j.

  The overall control unit 10 a corresponds to an operation system that controls the entire MFP 101. For example, the document control unit 10b converts an image read by the scanner 19 into an electronic document. The network control unit 10 c controls communication performed via the network 2.

  The authentication control unit 10d controls group signature processing according to the present invention. The user account control unit 10e uses the user account DB 5a to control registration, addition, and deletion of user accounts, and uses the group DB 5b to associate the registered user account with a group to which the user belongs. to manage. Non-volatile storage device 15 includes user account information for identifying a user individual, various attribute information such as an e-mail address assigned to each user account, group information about a group to which the user belongs, a user individual and a group private key. Saved in. These pieces of information are managed by the user account control unit 10e. The device that stores the secret key is preferably a removable secure device.

  The accumulated document control unit 10f controls accumulation of image data received by the facsimile function, image data read by the scanner function, and the like in the image accumulation memory 14.

  The fax control unit 10g controls the MFP 101 to function as a facsimile. The scanner control unit 10h controls the MFP 101 to function as a scanner. The printer control unit 10i controls the MFP 101 to function as a printer. The copy control unit 10j controls the MFP 101 to function as a copier.

  In the respective software configurations of the facsimile 121, the scanner 131, the printer 141, and the copier 151, the overall control unit 10a, the document control unit 10b, the network control unit 10c, the authentication control unit 10d, and the user account control unit 10e, In addition to the stored document control unit 10f, any one of a fax control unit 10g, a scanner control unit 10h, a printer control unit 10i, and a copy control unit 10j for realizing a corresponding function is provided.

  Next, a group registration screen for registering a group to which a user provided by each of the MFP 101, the facsimile 121, the scanner 131, the printer 141, and the copier 151 in the network system 1001 configured as described above will be described. FIG. 4 is a diagram showing an example of a group registration screen in the network system shown in FIG.

  In FIG. 4, a group registration screen 41 has an input area 41a for inputting a group name, a change button 41b for changing the registered group name, an e-mail address 41c for inputting an e-mail address, and changing the registered e-mail address. A change button 41d for input, an input area 41e for inputting a certificate (private key), a change button 41f for changing a registered certificate, a change button 41g for changing a user as a member, It has a cancel button 41h for canceling the input information and a setting button 41i for setting the input information.

  For example, “development group” is set as the group name, “Dev@xyz.co.jp” is set as the mail address, and a private key is set as the certificate. Furthermore, when a member is set and the setting button 41i is pressed, these pieces of information are registered in the group DB 5b.

  The group information set in this way using the group registration screen 41 is managed by the user account control unit 10 in the group DB 5b with a data configuration as shown in FIG. 5, for example. FIG. 5 is a diagram illustrating a data configuration example of the group DB. In FIG. 5, the group DB 5b has items such as a group name, a mail address, a certificate, and a member.

  For example, in the case of the group name “support group”, the email address of this group name is “support@xyz.co.jp”, and whether or not a certificate is attached when sending a document with this group name is “none” The members who can transmit a document with this group name are “User1”, “User2”, and “User3”.

  In addition, in the case of the group name “Development Group”, the email address of this group name is “Dev@xyz.co.jp”, and whether or not a certificate is attached when sending documents with this group name is “Yes” The members who can transmit a document with this group name are “User4”, “User5”, and “User6”. When the certificate indicates “Yes”, the certificate is extracted from a predetermined secure device, an electronic signature is created, and the document is attached.

  A group signature process executed by the authentication control unit 10d will be described. FIG. 6 is a flowchart for explaining group signature processing in the network system shown in FIG. In the network system 1001 illustrated in FIG. 1, the MFP 101, the facsimile 121, the scanner 131, the printer 141, and the copier 151 are processed in the same manner, and therefore the MFP 101 will be described as an example.

  In FIG. 6, when the user of the MFP 101 presses the scanner operation switching button, the group signature processing according to the present invention is started.

  First, the CPU 11 determines whether or not the authentication function is turned on (performs user authentication) in the device settings of the MFP 101 (step S11). If the authentication function is set to off (user authentication is not performed), the CPU 11 performs document transmission (step S11-4).

  On the other hand, when the authentication function is set to ON (perform user authentication), the CPU 11 displays a login screen (step S12) and performs user authentication based on the user name and password input by the user. The CPU 11 determines whether or not login has been successful through user authentication (step S13). If the login fails, the CPU 11 displays an error indicating that the document transmission has failed (step S13-4).

  On the other hand, if the login is successful, the group to which the user belongs is acquired (step S14). That is, the CPU 11 searches the group DB 5b with a user name input by the user and successfully logged in, thereby acquiring group information regarding the group corresponding to the user name. As the group information, for example, in the data configuration of the group DB 5b shown in FIG. 5, the group name, mail address, and certificate value are acquired.

  The CPU 11 determines whether there is a group to which the user belongs (step S15). The CPU 11 determines that there is a belonging group when the group information corresponding to the user name can be acquired from the group DB 5b.

  If there is no affiliation group, the CPU 11 determines whether or not there is a private key of the individual user (step S15-2). If there is no private key for the user, the process proceeds to step S11-4, where the document is transmitted and the group book name process is terminated. In this case, if the user is logged in, the group book title processing is terminated after logging out.

  On the other hand, if there is a private key of the individual user, the CPU 11 causes the scanner 19 to read the document, and the document control unit 10b performs electronic documenting (step S15-4). Then, the hash value of the electronic document is passed to the user account control unit 10a, and the CPU 11 generates signature data using the private key of the user by the user account control unit 10e, and the electronic signature is added to the electronic document by the document control unit 10b. (Step S15-6). Thereafter, the CPU 11 proceeds to step S19.

  On the other hand, if there is a belonging group, the CPU 11 determines whether or not there is a group secret key based on the group information acquired in step S14 (step S16). Here, when the value of the certificate of the group information indicates “none”, it is determined that there is no group private key, and the CPU 11 proceeds to step S11-4.

  On the other hand, if the certificate value of the group information indicates “Yes”, it is determined that there is a group private key, and the CPU 11 causes the scanner 19 to read the document, and the document control unit 10b performs electronic documentization. (Step S17). Then, the hash value of the electronic document is passed to the user account control unit 10a, and the CPU 11 generates signature data using the group private key by the user account control unit 10e, and the electronic signature is added to the electronic document by the document control unit 10b. (Step S18). Thereafter, the CPU 11 proceeds to step S19.

  The CPU 11 transmits the electronic document with the electronic signature (step S19), logs out (step S20), and the operation relating to the group signature processing is completed.

  In the flowchart shown in FIG. 6, in the case of printer operation, instead of steps S <b> 17 and S <b> 15-4, for example, a step of creating an error report indicating an error that has occurred during the processing, It can be replaced with the step of creating the report shown.

As described above, in the first configuration example of the network system, according to the present invention, the electronic book name to be managed can be used for each department, and the electronic signature of the group can be used if the authenticated user is a member of the group. . In addition, the user can transmit an electronic document using the signature of the group to which the user belongs only by inputting authentication information such as a user name and a password.
[Second configuration example of network system]
In the above description, in the network system 1001 shown in FIG. 1, the mechanism in which the MFP 101, the facsimile 121, the scanner 131, the printer 141, and the copier 151 as peripheral devices perform group signature processing has been described. A network system that performs the above in an integrated manner will be described.

  FIG. 7 is a block diagram showing a second configuration example of the network system according to the embodiment of the present invention. In the network system 1002 illustrated in FIG. 7, the MFP 102, the facsimile 122, the scanner 132, the printer 142, the copier 152, one or more PCs 3, and the mail server 200 that can execute a plurality of image formations. A server 300 having an authentication function is connected to the network 2.

  In FIG. 7, an MFP 102, a facsimile machine 122, a scanner 132, a printer 142, and a copier 152 are respectively associated with an image forming process, the MFP 101, the facsimile machine 121, the scanner 131, and the printer shown in FIG. 141 and the same function as the copier 151. The same applies to the PC 3 and the mail server 200.

  The difference from the network system 1001 shown in FIG. 1 is that the server 300 is provided with the user account DB 5 a and the group DB 5 b ′ because the entire information related to user accounts and groups is centrally managed by the server 300. However, the MFP 102, the facsimile machine 122, the scanner 132, the printer 142, and the copier 152 have the group information table 5c individually, and the group information that is necessary only for the user to be used is registered and held. Is done. The group information table 5c is stored, for example, in a predetermined storage area of the storage device 15.

  Since the server 300 generally does not hold a secret key or the like, the server 300 has a group DB 5 b ′ that manages identification information of users belonging to the group in association with the group name. For example, among the items in the group DB 5b of FIG. 5, the group name and members are managed by the group DB 5b '.

  Processing relating to the user account and group is executed by each of the MFP 102, the facsimile machine 122, the scanner 132, the printer 142, and the copier 152 communicating with the server 300 via the network 2. Since the user account DB 5a and the group DB 5b are the same as those described in the network system 1001, they are omitted.

  The server 300 is a server computer that includes the user account DB 5a and the group DB 5b as described above and has an authentication function. For example, a Windows (registered trademark) server, a Netware (registered trademark) server, a Unix (registered trademark) server, or the like can be used.

  In the network system 1002 illustrated in FIG. 7, each peripheral device performs user authentication in the server 300 by communicating with the server 300, identifies a group corresponding to the authenticated user, and a certificate corresponding to the group It is the structure provided with the process part which acquires.

  The hardware configuration of the MFP 102 is the same as the configuration shown in FIG. Further, the hardware configuration of the facsimile 122 is the same as the hardware configuration shown in FIG. 2 described above. The hardware configuration of the scanner 132 corresponds to a configuration in which the DCR 19 and the plotter 20 are not required from the hardware configuration shown in FIG. The hardware configuration of the printer 142 corresponds to a configuration in which the DCR 18 and the scanner 19 are not required from the hardware configuration shown in FIG. The hardware configuration of the copier 152 corresponds to a configuration in which the DCR 18 is not required from the hardware configuration shown in FIG. Therefore, detailed description thereof will be omitted.

  FIG. 8 is a block diagram showing a configuration example of the software of the MFP in the network system shown in FIG. In FIG. 8, an MFP 102 includes an overall control unit 10a, a document control unit 10b, a network control unit 10c, an authentication control unit 10d, an accumulated document control unit 10f, a fax control unit 10g, and a scanner control unit 10h. A printer control unit 10i and a copy control unit 10j are included. In the network system 1001 shown in FIG. 1, processing units that are the same as the processing units of the MFP 101 are assigned the same reference numerals, and descriptions thereof are omitted.

  A difference from the MFP 101 in the network system 1001 shown in FIG. 1 is that the MFP 102 does not need to include the user account DB 5a and the group DB 5b, and therefore does not include the databases 5a and 5b and the user account control unit 10e.

  In the software configurations of the facsimile 122, the scanner 132, the printer 142, and the copier 152, the overall control unit 10a, the document control unit 10b, the network control unit 10c, the authentication control unit 10d, and the stored document control unit 10f. In addition to the above, any one of a fax control unit 10g, a scanner control unit 10h, a printer control unit 10i, and a copy control unit 10j for realizing a corresponding function is provided.

  Next, a group registration screen for registering a group to which a user belongs provided by each of the MFP 102, the facsimile machine 122, the scanner 132, the printer 142, and the copier 152 in the network system 1002 configured as described above will be described. FIG. 9 is a diagram showing an example of a group registration screen in the network system shown in FIG.

  In FIG. 9, the group registration screen 42 has an input area 42a for inputting a group name, a change button 42b for changing the registered group name, an e-mail address 42c for inputting an e-mail address, and changing the registered e-mail address. A change button 42d for inputting, an input area 42e for inputting a certificate (private key), a change button 42f for changing the registered certificate, and a cancel button 41h for canceling the input information. A setting button 41i for setting information.

  For example, “development group” is set as the group name, “Dev@xyz.co.jp” is set as the mail address, and a private key is set as the certificate. The set information is stored in the group information table 5c.

  On the other hand, the registration of the group members is formally registered by operating the server 300 by the administrator, for example. In this case, group information including member registration is stored in the group DB 5 ′ of the server 300.

  A group signature process executed by the authentication control unit 10d will be described. FIG. 10 is a flowchart for explaining group signature processing in the network system shown in FIG. In the network system 1002 shown in FIG. 7, the MFP 102, the facsimile 122, the scanner 132, the printer 142, and the copier 152 perform the same processing, so the MFP 102 will be described as an example.

  In FIG. 10, when the user of the MFP 102 presses the scanner operation switching button, the group signature processing according to the present invention is started.

  First, the CPU 11 determines whether or not the network authentication function is turned on in the device setting of the MFP 102 (user authentication is performed by the server 300 via the network 2) (step S211). When the network authentication function is set to off (user authentication is not performed by the server 300 via the network 2), the CPU 11 transmits the document and ends the operation related to the group signature process (step S211-4). . In this case, if the user is logged in, the user logs out and ends.

  On the other hand, when the network authentication function is set to ON (user authentication is performed by the server 300 via the network 2), the CPU 11 displays a login screen (step S212), and the user name and password input by the user Is sent to the server 300. The server 300 performs user authentication by using the user account DB 5 a to search for a user account that matches the received authentication information, and transmits the authentication result to the MFP 102.

  The MFP 102 determines whether the authentication result received from the server 300 indicates a successful server login. When the server login fails, the CPU 11 displays an error indicating that the document transmission has failed (step S213-4).

  On the other hand, if the server login is successful, the group to which the user belongs is acquired from the server 300 (step S214). Then, the CPU 11 stores the group name registered using the group registration screen 42 shown in FIG. 9 and acquires it from the server 300 in step S214 by referring to the group information table 5c stored in the predetermined storage area. A comparison is made with the group name indicated in the group information (step S215). That is, it is determined whether or not a group name that matches the group name indicated in the group information acquired from the server 300 is stored in the group information table 5c.

  The CPU 11 determines whether or not there is a group to which the user belongs (step S216). When there is a matching group name from the group information table 5c, the CPU 11 determines that there is a belonging group. If there is no affiliation group, the CPU 11 proceeds to step S211-4, converts the image read by the scanner 19 into an electronic document, transmits the document, and ends the operation related to the group signature processing.

  On the other hand, if there is an affiliated group, the CPU 11 determines whether or not there is a group private key based on the presence or absence of a certificate corresponding to the matching group name from the group information table 5c (step S217). If the value of the group information certificate indicates “none”, the CPU 11 determines that there is no private key for the group, and the CPU 11 proceeds to step S211-4.

  On the other hand, if the certificate value of the group information indicates “Yes”, it is determined that there is a group private key, and the CPU 11 causes the scanner 19 to read the document, and the document control unit 10b performs electronic documentization. (Step S218). Then, the CPU 11 generates signature data by using the hash value of the electronic document and the group secret key, and gives the electronic signature to the electronic document by the document control unit 10b (step S219).

  After that, the CPU 11 transmits the electronic document with the electronic signature (step S220), logs out (step S221), and the operation related to the group signature processing ends.

  A communication sequence with the server 300 executed in steps S212 to S214 described above will be described. FIG. 11 is a diagram illustrating a communication sequence performed between the MFP and the server 300.

  In FIG. 11, the MFP 102 transmits a login request to the server 300 (step S212). When the authentication result indicating successful login is received from the server 300, a group list acquisition request is transmitted to the server 300, and a group list indicating the group name to which the authenticated user belongs is acquired (step S214).

  Further, the MFP 102 may acquire a group ID corresponding to the acquired group name from the server 300. As the group ID, for example, in Windows (registered trademark), a GUID (Global Unique Identifier) or the like can be used. For example, when registering a group to which a user belongs using the group registration screen 42 shown in FIG. 9, the MFP 102 has a mechanism for making an inquiry to the server 300 to obtain a group ID, so that the group name in the group signature process Can be determined based on the group ID.

As described above, in the second configuration example of the network system, according to the present invention, even when authentication is performed using the external server 300, an electronic signature for each group can be assigned. Even when there are a plurality of MFPs 102 on the network 2, it is only necessary to change the group member managed by the server 300 when the group member is changed. In addition, the user can transmit an electronic document using the signature of the group to which the user belongs only by inputting authentication information such as a user name and a password.
[Example of processing using the default private key]
An example of processing in which a default private key is used when a group to which a user belongs is specified in accordance with the flowcharts shown in FIGS. 6 and 10 but the group does not exist will be described.

  FIG. 12 is a diagram showing a screen for registering default information as a mail sender. The mail transmission default registration screen 43 shown in FIG. 12 inputs an input area 43a for inputting a mail address that can be used as a default, a change button 43d for changing the registered mail address, and a certificate (private key). It has an input area 43c, a change button 43d for changing the registered certificate, a cancel button 43h for canceling the input information, and a setting button 43i for setting the input information.

  For example, “default@xyz.co.jp” is set as an e-mail address, and a private key is set as a certificate. The default information is stored in a predetermined storage area of the storage device 15.

  FIG. 13 is a flowchart for explaining a processing example in which a default secret key is used when there is no group to which the user belongs. The flowchart shown in FIG. 13 shows only the part executed after step S14 of the flowchart of FIG. 6 in the network system 1001 and after step S215 of the flowchart of FIG. 10 in the network system 1002. The same process is denoted by the same reference numeral, and the description thereof is omitted.

  When the CPU 11 determines that there is no group to which the user belongs, the CPU 11 refers to a predetermined storage area for default information and determines whether default information is set (step S216-2). When the default information is not set, the CPU 11 proceeds to step S211-4, transmits the document without giving an electronic signature, and ends the operation related to the group signature processing.

  On the other hand, when the default information is set, the CPU 11 causes the scanner 19 to read the document, and the document control unit 10b performs electronic documenting (step S216-4). Then, the CPU 11 generates signature data by using the hash value of the electronic document and the group secret key, and gives the electronic signature to the electronic document by the document control unit 10b (step S216-6).

  After that, the CPU 11 transmits the electronic document with the electronic signature (step S220), logs out (step S221), and the operation related to the group signature processing ends.

As described above, in the processing example using the default secret key, according to the present invention, even a document transmitted from a user who does not belong to any group can be prevented from being falsified and impersonated.
[Example of letting the user select a group]
In the determination processing in step S15 of FIG. 6 and step S216 of FIG. 10, when it is determined that there are a plurality of groups to which the user belongs, a screen for allowing the user to select a group may be displayed.

  FIG. 14 is a diagram showing an example of a screen for selecting a group to which a user used for signature belongs. In FIG. 14, a signature group selection screen 51 has a display area 51a for displaying the group name and account of the group to which the user belongs, a selection button 51b for instructing selection arranged in association with the group, and setting. And a setting button 51e for enabling. This example shows a case where there are two groups to which the user belongs. However, if the group information belongs to three or more groups and the group information is registered, the group name of the group to which the user belongs. And an account are displayed in the display area 51a, and a selection button 51b is displayed correspondingly.

As described above, in the example in which the user selects a group, according to the present invention, even when the user is registered in a plurality of groups, the user can select one group.
[Processing example for determining groups based on priority]
When a user belongs to a plurality of groups, when the group to which the user belongs is registered, the priority can be set for the user. In the network system 1001, the priority is stored in the group DB 5b together with the group information. In the network system 1002, the information is stored in the group information table 5c. An example of processing for determining a group based on priority when the user belongs to a plurality of groups when the group to which the user belongs is specified according to the flowcharts shown in FIGS. 6 and 10 will be described.

  FIG. 15 is a flowchart for explaining a processing example for determining a group based on the priority order. The flowchart shown in FIG. 15 shows only a part executed after step S14 of the flowchart of FIG. 6 in the network system 1001 and after step S215 of the flowchart of FIG. 10 in the network system 1002. The same process is denoted by the same reference numeral, and the description thereof is omitted.

  Further, in step S14 of FIG. 6 in the network system 1001, the plurality of acquired groups are output to the working storage area and referred to as necessary in the following steps. Similarly, in step S215 of FIG. 10 in the network system 1002, a plurality of matched groups are output to the working storage area and referred to as necessary in the following steps.

  The CPU 11 determines whether or not there is a group to which the user belongs (step S216). If there is no group to which the user belongs, the process proceeds to step S218.

  On the other hand, when a plurality of group names to which the user belongs are stored in the working storage area, the CPU 11 sequentially reads out the group names from the working storage area, and manages preset priority groups to be used. The priority order of the read group name is checked with reference to the priority order table (step S217-2).

  When reading the priority of the group name read from the priority table, the CPU 11 determines whether or not the priority is highest (step S217-4). For this, the highest priority is set as the highest value compared with the priority read previously. If the current priority is the highest, the current group name is set as a group temporary decision (step S217-6). On the other hand, if the current group name is not the highest priority, the CPU 11 proceeds to step S217-8.

  It is determined whether or not a group name that has not been checked for priority is stored in the working storage area (step S217-8). If there are other group names that should be checked for priority, the process returns to step S216 and the same processing is repeated. On the other hand, if priority order surveys have been performed for all group names, the process proceeds to step S218.

  After checking the priority order for all the group names, the CPU 11 causes the scanner 19 to read the document, and the document control unit 10b performs electronic documenting (step S218). Then, the CPU 11 generates signature data by using the hash value of the electronic document and the group secret key, and gives the electronic signature to the electronic document by the document control unit 10b (step S219-2).

  The CPU 11 determines whether or not there is a group (step S219-2). If there is a group, the CPU 11 generates signature data using the hash value of the electronic document and the group private key, and the electronic signature of the group finally set as a provisional decision on the electronic document by the document control unit 10b. (Step S219-4).

  After that, the CPU 11 transmits the electronic document with the electronic signature (step S220), logs out (step S221), and the operation related to the group signature processing ends.

  The priority order table referred to in the processing as described above is, for example, a table as shown in FIG. FIG. 16 is a diagram illustrating a priority order table. The priority order table 60 shown in FIG. 16 includes items such as a group name, a mail address corresponding to the group name, and a priority order. The priority is indicated by a numerical value, for example, and “1” is set as the highest priority, and the order is set to be lower thereafter.

As described above, in the processing example in which the group is determined based on the priority order, the present invention can be used even when the user is registered in a plurality of groups. Further, it can be used in a situation where no user operation is involved, such as automatic transfer of a received document.
[Example of determining a group based on priority for each destination]
Another example of the priority order will be described with reference to FIG. FIG. 17 is a diagram illustrating an example of a destination group correspondence table indicating the priority order of groups for each destination.

  A destination group correspondence table 61 shown in FIG. 17A is a table showing the priority in selecting a group when a department in the organization is a destination, and shows a destination indicating a department, an email address of the department, It has items such as a signature group indicated with a priority selected at the time of signature. For the signature group, for example, when the destination is a “development group”, an e-mail address set as a sender is specified, such as “1.dev@xyz.co.jp”. “1.” added to the head of the mail address indicates the priority, and for example, it indicates that the priority is lower in order from the first. Moreover, you may make it provide a priority as another item.

  The destination group correspondence table 62 shown in FIG. 17 (B) is a table showing the priority order when selecting a group when the destination is outside the organization, such as a business partner. Items such as a mail group, a signature group indicated with a priority order selected at the time of signing. For the signature group, with priority, for example, if the destination is "XX Trading", set it as the sender like "1.dev@xyz.co.jp 2.sales@xyz.co.jp" Specified email address. “1.” added to the head of the mail address indicates the priority, and for example, it indicates that the priority is lower in order from the first. Moreover, you may make it provide a priority as another item.

  Further, the destination group correspondence table 61 shown in FIG. 17A and the destination group correspondence table 62 shown in FIG. 17B may be a single table.

As described above, in the example in which the group is determined based on the priority order for each destination, according to the present invention, the electronic signature can be properly used depending on the transmission destination.
[Example of selecting a signing account]
For example, when a user who has logged in to the MFP 101 holds a secret key in the storage area of the MFP 101, a signature group selection screen as shown in FIG. 18 is displayed and the user is allowed to select an account. FIG. 18 is a diagram showing an example of a screen for selecting an account used for signature. In FIG. 18, a signature group selection screen 52 includes a display area 52a for displaying a user's personal account and a group account to which the user belongs, a selection button 52b for instructing selection to be arranged corresponding to the account, A setting button 52e for enabling the setting. In this example, the user's personal account and the account of the group to which the user belongs are shown one by one. However, when the user belongs to two or more groups and the group information is registered, The group name and account of the group to which the user belongs are displayed in the display area 52a, and a selection button 52b is displayed correspondingly.

  In the case of an individual, it is common to have a secret key using an IC card or the like. In this case, the user account control unit can pass the hash value of the electronic document to the IC card, and the signature can be created by the external authentication processing unit provided in the IC card or the like.

As described above, in the example of selecting a signature account, according to the present invention, a personal signature and a group signature can be used properly depending on a document.
[Example of processing prohibited to use]
FIG. 19 is a flowchart for explaining another example of the group signature processing in the network system shown in FIG. In the example shown in FIG. 19, instead of step S <b> 11-4 shown in FIG. 6, step S <b> 11-6 for prohibiting document creation or document transmission is provided when the user's personal signature or group book title cannot be given. Is a point. In step S11-6, an error is displayed and document transmission is not performed. The other steps are the same as the steps shown in FIG.

  As described above, in the processing example prohibiting use, according to the present invention, by prohibiting the use of a user who cannot give an electronic signature, it is possible to prevent transmission of an electronic document that the sender does not know. Become. Therefore, it is possible to prevent tampering and impersonation.

  The present invention is not limited to the specifically disclosed embodiments, and various modifications and changes can be made without departing from the scope of the claims.

It is a block diagram which shows the 1st structural example of the network system which concerns on one Example of this invention. 2 is a block diagram illustrating a hardware configuration of an MFP. FIG. FIG. 2 is a block diagram illustrating a configuration example of software of an MFP in the network system illustrated in FIG. 1. It is a figure which shows the example of the group registration screen in the network system shown in FIG. It is a figure which shows the data structural example of group DB. It is a flowchart for demonstrating the group signature process in the network system shown in FIG. It is a block diagram which shows the 2nd structural example of the network system which concerns on one Example of this invention. FIG. 8 is a block diagram illustrating a configuration example of software of an MFP in the network system illustrated in FIG. 7. It is a figure which shows the example of the group registration screen in the network system shown in FIG. FIG. 8 is a flowchart for explaining group signature processing in the network system shown in FIG. 7. 4 is a diagram showing a communication sequence performed between the MFP and the server 300. FIG. It is a figure which shows the screen which registers default information as a mail sender. It is a flowchart for demonstrating the process example which uses a default private key when there is no group to which a user belongs. It is a figure which shows the example of a screen which selects the group to which the user used for a signature belongs. It is a flowchart for demonstrating the process example which determines a group based on a priority. It is a figure which shows a priority table. It is a figure which shows the example of the destination group corresponding | compatible table which shows the priority of the group for every destination. It is a figure which shows the example of a screen which selects the account used for a signature. It is a flowchart for demonstrating the other example of the group signature process in the network system shown in FIG.

Explanation of symbols

2 network 3 PC
5a User account DB
5b Group DB
5c Group information table 10a Overall control unit 10b Document control unit 10c Network control unit 10d Authentication control unit 10e User account control unit 10f Accumulated document control unit 10g Fax control unit 10h Scanner control unit 10i Printer control unit 10j Copy control unit 11 CPU
12 ROM
13 RAM
14 Image storage memory 15 Storage device 16 LAN controller 17 LAN I / F
18 DCR
19 Scanner 20 Plotter 21 Operation Port 22 Operation Panel 101, 102 MFP
121, 122 Facsimile 131, 132 Printer 141, 142 Copier 1001, 1002 Network system

Claims (12)

A group database for managing user identification information for identifying users belonging to the group for each group identification information for identifying the group;
User authentication means for authenticating the user based on authentication information acquired from the user;
When the authentication is successful, the user identification information indicated by the authentication information is searched from the group database, and the group identification information corresponding to the matching user identification information is obtained, whereby the group to which the authenticated user belongs A group identification means for identifying
A peripheral device apparatus comprising: a group signature attaching unit that attaches an electronic signature using the identified group private key to an electronic document. A group identification information table for storing group identification information for identifying a group to which the user belongs registered by the user;
Network authentication means for authenticating the user by transmitting authentication information acquired from the user to an external server capable of authentication via the network;
When receiving an authentication result indicating successful authentication from the external server, group identification information acquisition means for acquiring group identification information of the group to which the authenticated user belongs from the external server;
Group identification means for identifying the group to which the authenticated user belongs by matching the group identification information stored in the group identification information table with the acquired group identification information;
A peripheral device apparatus comprising: a group signature attaching unit that attaches an electronic signature using the identified group private key to an electronic document.   2. The digital signature according to claim 1, further comprising: a default signature unit that assigns an electronic book name using a preset default secret key to the electronic document when the group to which the user belongs cannot be specified by the group specifying unit. Or the peripheral apparatus of 2 description.   4. The apparatus according to claim 1, further comprising a first group selection unit that allows the user to select one of a plurality of groups when the group identification unit identifies a plurality of groups to which the user belongs. The peripheral device as described in any one of Claims. A first priority table that associates priorities for using secret keys for each group identification information;
When a plurality of groups to which the user belongs is specified by the group specifying means, the group having the highest priority among the plurality of groups is referred to as the group to which the user belongs by referring to the first priority table. The peripheral device according to claim 1, further comprising a group determining unit for determining. A second priority table that associates the group identification information for identifying one or more groups with priorities for using secret keys for each transmission destination of the electronic document;
When a plurality of groups to which the user belongs is specified by the group specifying means, the group having the highest priority among the plurality of groups is determined based on the transmission destination by referring to the second priority order table. The peripheral device according to claim 1, further comprising group determining means for determining a group to which the user belongs.   4. The apparatus according to claim 1, further comprising second group selection means for enabling the user to select one of the personal signature of the user and the group signature of the group specified by the group specification means. The peripheral device as described in any one of Claims. First secret key determining means for determining whether or not there is a secret key of the group specified by the group specifying means;
A second secret key determining means for determining whether or not there is a secret key of the user when the group to which the user belongs cannot be specified by the group specifying means;
2. The apparatus according to claim 1, further comprising: interrupting means for interrupting the processing relating to the electronic document when the first secret key determining means or the second secret key determining means determines that there is no secret key. 2. Peripheral device according to 2. In a control method for controlling processing in a peripheral device,
A first management procedure for managing user identification information for identifying a user belonging to the group for each group identification information for identifying the group and managing the group database by the group database;
A user authentication procedure for authenticating the user based on authentication information acquired from the user;
When the authentication is successful, the user identification information indicated by the authentication information is searched from the group database, and the group identification information corresponding to the matching user identification information is obtained, whereby the group to which the authenticated user belongs A group identification procedure to identify
And a group signature assigning procedure for assigning an electronic signature to the electronic document using the specified group private key. In a control method for controlling processing in a peripheral device,
A second management procedure for managing group identification information for identifying a group to which the user belongs registered by the user, using a group identification information table;
A network authentication procedure for authenticating the user by transmitting the authentication information acquired from the user to an external server capable of authentication via the network;
When receiving an authentication result indicating successful authentication from the external server, a group identification information acquisition procedure for acquiring group identification information of a group to which the authenticated user belongs from the external server;
A group identification procedure for identifying a group to which the authenticated user belongs by matching the group identification information stored in the group identification information table with the acquired group identification information;
And a group signature assigning procedure for assigning an electronic signature to the electronic document using the specified group private key. In a program for causing a computer to perform processing in a peripheral device, the computer
A first management procedure for managing user identification information for identifying a user belonging to the group for each group identification information for identifying the group and managing the group database by the group database;
A user authentication procedure for authenticating the user based on authentication information acquired from the user;
When the authentication is successful, the user identification information indicated by the authentication information is searched from the group database, and the group identification information corresponding to the matching user identification information is obtained, whereby the group to which the authenticated user belongs A group identification procedure to identify
A computer-executable program for executing a group signature assigning procedure for assigning an electronic signature using an identified group private key to an electronic document. In a program for causing a computer to perform processing in a peripheral device, the computer
A second management procedure for managing group identification information for identifying a group to which the user belongs registered by the user, using a group identification information table;
A network authentication procedure for authenticating the user by transmitting the authentication information acquired from the user to an external server capable of authentication via the network;
When receiving an authentication result indicating successful authentication from the external server, a group identification information acquisition procedure for acquiring group identification information of a group to which the authenticated user belongs from the external server;
A group identification procedure for identifying a group to which the authenticated user belongs by matching the group identification information stored in the group identification information table with the acquired group identification information;
A computer-executable program for executing a group signature assigning procedure for assigning an electronic signature using an identified group private key to an electronic document.

Images