JP2007207114A - Information recorder, image forming apparatus, information recording method, and information recording program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform encryption processing when writing information to a storage part writable in the bit unit. <P>SOLUTION: The information recorder is provided with: an encryption part for encrypting information of the same size as the number of bits of an encryption key including confidential information by using an NVRAM readable/writable by the bit unit and the encryption key; and a write part for writing information subjected to the encryption processing to an encryption area having a predetermined capacity of the integer-multiplied number of bits of the encryption key in the NVRAM. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information recording apparatus, an image forming apparatus, an information recording method, and an information recording program, and more particularly to a technique for performing encryption processing on information stored in a storage unit that performs writing in bit units. is there.

  In recent years, the use of image forming apparatuses has been diversified with the increase in the functions of image forming apparatuses. For this reason, the information used by the software provided in the image forming apparatus includes confidential information such as personal information of the user.

  Information used by software included in the image forming apparatus is stored in a bit-unit storage unit such as NVRAM (Nonvolatile Random-Access Memory) or FeRAM (ferroelectric memory). The NVRAM and FeRAM have a lower read / write speed and a smaller storage capacity than HDD (Hard Disk Drive) and flash memory, but have the following advantages.

  That is, NVRAM and FeRAM have the advantage that they are less likely to break than HDDs, and have fewer restrictions on the number of writes than flash memories. That is, NVRAM and FeRAM are more reliable than HDDs and flash memories.

  By the way, when data is encrypted, there is a feature that the longer the encryption key, the harder it is to decrypt. Therefore, even when an encryption process is considered to be performed using a long encryption key, it can be easily performed on a recording medium that can be read and written in units of blocks such as a flash memory and an HDD.

  For example, Patent Document 1 discloses a case where file data is encrypted using an encryption key and stored in a nonvolatile storage medium.

JP-T-2001-516913

  However, since the nonvolatile storage medium of Patent Document 1 does not mention reading and writing in bit units, it is considered that a flash memory or HDD is assumed.

  In contrast, NVRAM and FeRAM can read / write in bit units. That is, there is a problem that the information updated to NVRAM or FeRAM cannot be encrypted by the same process as the flash memory or HDD because it is shorter than the number of bits of the encryption key used for the encryption process.

  For example, in NVRAM and FeRAM used in an image forming apparatus or the like, an area is set in advance in units of bits for each application, but the length of the encryption key is not considered in the set area. For this reason, when one application wants to update information, there is a problem that it is difficult to perform encryption processing on the information.

  The present invention has been made in view of the above, and an information recording apparatus, an image forming apparatus, and an information recording apparatus capable of performing an encryption process when writing information to a storage unit that can be written in bit units. An object is to provide an information recording method and an information recording program.

  In order to solve the above-described problems and achieve the object, the invention according to claim 1 uses a storage unit that can be read and written in bit units and an encryption key, and has a size that is an integral multiple of the number of bits of the encryption key. Encryption means for performing encryption processing on the processing target information, and encryption processing by the encryption means for the target storage area having a capacity that is an integral multiple of the number of bits of the encryption key in the storage unit. And writing means for writing the processed information to be processed.

  The invention according to claim 2 is the invention according to claim 1, wherein the temporary storage unit capable of reading and writing at a higher speed than the reading / writing speed of the storage unit, and the processing stored in the target storage area of the storage unit Reading means for reading target information; decoding means for performing decoding processing on the processing target information read by the reading means; and processing target information subjected to decoding processing by the decoding means Temporary writing means for writing to the temporary storage unit; and update means for updating the update target information included in the processing target information written by the temporary writing means with input information input from an application, The encryption unit performs an encryption process on the processing target information including the update target information updated by the updating unit.

  The invention according to claim 3 is the invention according to claim 2, wherein the encryption means performs encryption processing on the processing target information stored in the temporary storage unit at predetermined time intervals. It is characterized by this.

  The invention according to claim 4 is the invention according to claim 2 or 3, wherein the writing means separates the processing target information subjected to the encryption process from the target storage area of the storage unit. After writing in the temporary save area secured in the area, the processing target information is written in the target storage area.

  According to a fifth aspect of the present invention, in the invention according to the fourth aspect, the writing unit is configured to store the processing target in the temporary save area of the storage unit when the information recording apparatus is restarted after abnormal termination. When information is written, the processing target information written in the temporary save area is written into the target storage area.

  The invention according to claim 6 is the invention according to claim 4 or 5, wherein the writing means writes error detection information for the processing target information written in the temporary save area in the storage unit. It is characterized by.

  The invention according to claim 7 is the invention according to any one of claims 2 to 6, wherein whether or not the input information input from the application is encrypted is determined for each application. Encryption determination means for determining, and the reading means reads the processing target information including information on the write destination of the input information determined to be subjected to the encryption processing by the encryption determination means, It is characterized by.

  The invention according to claim 8 is the invention according to claim 1, wherein the storage unit includes an information storage area having a capacity obtained by multiplying the number of bits of the encryption key by a first integer, and the information storage area. A management area storing an encryption flag indicating whether or not to perform encryption processing for each target storage area having a capacity obtained by multiplying the number of bits of the encryption key by a second integer smaller than the first integer. And when the encryption flag stored in the management area of the storage unit indicates that the encryption process is to be performed, the writing unit is configured to store the target storage area corresponding to the encryption flag. The processing target information that has been encrypted by the encryption unit is written.

  The invention according to claim 9 is the invention according to claim 8, wherein the storage unit does not indicate that the encryption flag for each block is subjected to encryption processing in an initial state. When the input information input from the application includes non-disclosure information that should be prevented from being referred to by a third party, the storing means sets the encryption flag associated with the target storage area where the input information is stored. It is characterized in that it is rewritten to indicate that encryption processing is performed.

  The invention according to claim 10 is the invention according to any one of claims 1 to 9, wherein the storage unit uses NVRAM (Nonvolatile Random-Access Memory) or FeRAM as a storage medium. It is characterized by.

  The invention according to claim 11 is the invention according to any one of claims 1 to 10, further comprising mounting means for mounting a portable recording medium, wherein the encryption means is mounted on the mounting means. Using the encryption key stored in the portable recording medium, encryption processing is performed on information that is an integral multiple of the size of the encryption key.

  According to a twelfth aspect of the present invention, in an image forming apparatus having a plurality of applications, an encryption key is used by using a storage unit capable of reading and writing in bit units in which information used in the application is stored, and an encryption key. Encryption means for performing encryption processing on the processing target information having a size that is an integer multiple of the number of bits of the target storage area having a capacity that is an integral multiple of the number of bits of the encryption key in the storage unit, And writing means for writing the information that has been encrypted by the encryption means.

  Further, the invention according to claim 13 is the invention according to claim 12, wherein the temporary storage unit capable of reading and writing at a higher speed than the reading / writing speed of the storage unit, and the processing stored in the target storage area of the storage unit Reading means for reading target information; decoding means for performing decoding processing on the processing target information read by the reading means; and processing target information subjected to decoding processing by the decoding means Temporary writing means for writing to the temporary storage unit; and updating means for updating the update target information included in the processing target information written by the temporary writing means with input information input from the application. The encryption unit performs an encryption process on the processing target information including the update target information updated by the updating unit. .

  According to the fourteenth aspect of the present invention, there is provided an encryption step of performing encryption processing on processing target information having a size that is an integral multiple of the number of bits of the encryption key by using the encryption key; A writing step of writing the processing target information encrypted by the encryption unit into a target storage area having a capacity that is an integral multiple of the number of bits of the encryption key in the storage unit. It is characterized by.

  The invention according to claim 15 is the invention according to claim 14, wherein the reading target processing information stored in the target storage area of the storage unit is read, and the processing target read by the reading step A decoding step for performing a decoding process on the information, and writing the processing target information subjected to the decoding process in the decoding step in a temporary storage unit that can be read and written at a higher speed than a read / write speed of the storage unit A temporary writing step; and an update step of updating the update target information included in the processing target information written by the temporary write step with input information input from an application, and the encryption step Performs encryption processing on the processing target information including the update target information updated in the updating step And, characterized by.

  The invention according to claim 16 is the invention according to claim 15, wherein in the encryption step, the processing target information stored in the temporary storage unit is encrypted at predetermined time intervals. It is characterized by this.

  The invention according to claim 17 is the invention according to claim 15 or 16, wherein the writing step separates the processing target information subjected to the encryption processing from the target storage area of the storage unit. After writing in the temporary save area secured in the area, the processing target information is written in the target storage area.

  The invention according to claim 18 is the invention according to claim 17, wherein in the writing step, the temporary save area of the storage unit is restarted after the information recording apparatus having the storage unit is abnormally terminated. In the case where the processing target information is written, the processing target information written in the temporary save area is written in the target storage area.

  The invention according to claim 19 is the invention according to any one of claims 15 to 18, wherein whether or not the input information input from the application is encrypted is determined for each application. An encryption determination means for determining, and the reading step reads the processing target information including information on a write destination of the input information determined to be subjected to the encryption processing by the encryption determination step. It is characterized by.

  The invention according to claim 20 is characterized by causing a computer to execute the information recording method according to any one of claims 15 to 19.

  According to the first aspect of the present invention, since the encrypted information can be written to the storage unit that can be written in bit units, the safety of the information to be retained is improved.

  According to the second aspect of the present invention, since the temporary storage unit that can be read / written at a higher speed than the reading / writing speed of the storage unit is updated, the processing speed is improved.

  According to the invention of claim 3, since the encryption process is performed every predetermined time and written in the storage unit, the load due to the write process on the storage unit can be reduced.

  According to the invention of claim 4, since the processing target information is written in advance in the temporary save area, there is an effect that data can be recovered.

  According to the fifth aspect of the present invention, the data can be recovered by writing the processing target information in the target storage area in the case of an abnormal end, so that the reliability is improved.

  According to the sixth aspect of the present invention, it is possible to detect whether or not the processing target information written in the temporary save area is erroneous based on the error detection information, so that the reliability is improved.

  According to the invention of claim 7, since only the processing target information including the input information from the application requiring the encryption process can be encrypted, the input information from each application is in an appropriate state. This produces an effect that it can be stored in the storage unit.

  Further, according to the invention of claim 8, since it is possible to change whether or not the encryption process is performed on the processing target area at the storage destination by the encryption flag, it is appropriate for the information to be prevented from being referred to by a third party. Since the encryption process can be performed on this, there is an effect that the safety is improved.

  According to the ninth aspect of the invention, since the initial storage state is changed to the target storage area to be encrypted as necessary, the encryption process is performed on the target storage area suitable for the use situation. There is an effect of being applied.

  According to the tenth aspect of the present invention, there is an effect that reliability is improved by using NVRAM or FeRAM as the storage unit.

  Further, according to the invention of claim 11, when a portable storage medium holding an encryption key is attached, the confidential information stored in the encryption area can be used, so that the reliability is improved. Play.

  According to the twelfth aspect of the present invention, since the encrypted information can be written to the storage unit that can be written in bit units, the safety of the information to be retained is improved. Play.

  According to the invention of claim 13, since the temporary storage unit that can be read / written at a higher speed than the reading / writing speed of the storage unit is updated, the processing speed is improved.

  According to the fourteenth aspect of the present invention, since the encrypted information can be written to the storage unit that can be written in bit units, the safety of the information to be retained is improved. Play.

  According to the fifteenth aspect of the present invention, since the temporary storage unit that can be read / written at a higher speed than the reading / writing speed of the storage unit is updated, the processing speed is improved.

  According to the sixteenth aspect of the present invention, since the encryption process is performed every predetermined time and written to the storage unit, the load of the write process on the storage unit can be reduced.

  According to the seventeenth aspect of the present invention, since the processing target information is written in advance in the temporary save area, the data can be recovered.

  According to the eighteenth aspect of the present invention, the data can be recovered by writing the processing target information in the target storage area in the case of abnormal termination, so that the reliability is improved.

  According to the nineteenth aspect of the present invention, only input information from an application that requires encryption processing can be encrypted. Therefore, input information from each application can be stored in an appropriate state in the storage unit. There is an effect.

  According to the twentieth aspect of the present invention, an information recording program capable of causing a computer to execute the information recording method according to any one of the fifteenth to nineteenth aspects can be provided.

  Exemplary embodiments of an information recording apparatus, an image forming apparatus, an information recording method, and an information recording program according to the present invention are explained in detail below with reference to the accompanying drawings.

(First embodiment)
In the first embodiment of the present invention, as an information recording apparatus, a copy function, a facsimile (FAX) function, a print function, a scanner function, and an input image (an original image read by the scanner function or an image input by a printer or a FAX function) ) Is applied to a multifunction device 100 called a so-called MFP (Multi Function Peripheral) that combines functions and the like.

  FIG. 1 is a block diagram illustrating a hardware configuration of the multifunction peripheral 100 according to the first embodiment of the present invention. As shown in FIG. 1, the multi-function device 100 has a configuration in which a controller 101 and an engine unit 102 are connected by a PCI (Peripheral Component Interconnect) bus.

  The controller 101 is a controller that controls the entire MFP 100 and controls drawing, communication, and input from the operation unit 120. The operation unit 120 accepts an input operation from the apparatus user and performs display for the apparatus user. The engine unit 102 is a printer engine that can be connected to a PCI bus, and is, for example, a monochrome plotter, a 1-drum color plotter, a 4-drum color plotter, a scanner, or a fax unit. The engine unit 102 includes an image processing part such as error diffusion and gamma conversion in addition to a so-called engine part such as a plotter.

  The controller 101 includes a CPU (Central Processing Unit) 111, a system memory (MEM-P) 112, a North Bridge (NB) 113, a South Bridge (SB) 114, an ASIC (Application Specific Integrated Circuit) 116, a local A configuration including a memory (MEM-C) 117, a hard disk drive (HDD) 118, a media interface (I / F) 119, and an NVRAM 124, and the NB 113 and the ASIC 116 are connected by an AGP (Accelerated Graphics Port) bus 115 It becomes. The MEM-P 112 further includes a ROM (Read Only Memory) 112a and a RAM (Random Access Memory) 112b.

  The CPU 111 performs overall control of the multifunction peripheral 100, has a chip set including the NB 113, the MEM-P 112, and the SB 114, and is connected to other devices via the chip set.

  The NB 113 is a bridge for connecting the CPU 111 to the MEM-P 112, SB 114, AGP bus 115, and media I / F 119, and includes a memory controller that controls read / write to the MEM-P 112, a PCI master, and an AGP target. .

  The MEM-P 112 is a system memory used as a memory for storing programs and data, a memory for developing programs and data, a printer drawing memory, and the like, and includes a ROM 112a and a RAM 112b. The ROM 112a is a read-only memory used as a memory for storing programs and data for controlling the operation of the CPU 111, and the RAM 112b is a writable and readable memory used as a program and data development memory, a printer drawing memory, and the like. It is.

  The SB 114 is a bridge for connecting the NB 113 to a PCI device and peripheral devices. The SB 114 is connected to the NB 113 via a PCI bus, and a network interface (I / F) unit and the like are also connected to the PCI bus.

  The ASIC 116 is an integrated circuit (IC) for image processing having hardware elements for image processing, and has a role of a bridge for connecting the AGP bus 115, the PCI bus, the HDD 118, and the MEM-C 117.

  The ASIC 116 includes a memory card controller 116a, an NVRAM controller 116b, a PCI target and an AGP master (not shown), an arbiter (ARB) that forms the core of the ASIC 116, a memory controller that controls the MEM-C 117, and hardware logic. And a plurality of direct memory access controllers (DMACs) that rotate image data and the like, and a PCI unit that transfers data to and from the engine unit 102 via the PCI bus.

  The ASIC 116 is connected to an NVRAM 124 and a media I / F 119, and further via a PCI bus, an FCU (Fax Control Unit) 121, a USB (Universal Serial Bus) 122, and an IEEE 1394 (the Institute of Electrical and Electronics Engineers 1394). An interface 123 is connected.

  The memory card controller 116 a controls reading and writing of information with respect to the medium M connected via the medium I / F 119. The NVRAM controller 116b controls the reading / writing of information for each bit of the NVRAM 124.

  The NVRAM 124 is a memory that can be read and written for each bit, and holds settings for each application installed in the multifunction peripheral 100. Details of the NVRAM 124 will be described later.

  The MEM-C 117 is a local memory used as an image buffer for copying and a code buffer, and the HDD 118 is a storage for storing image data and forms.

  The AGP bus 115 is a bus interface for a graphics accelerator card proposed for speeding up graphics processing. The AGP bus 115 speeds up the graphics accelerator card by directly accessing the MEM-P 112 with high throughput. .

  The media I / F 119 indicates an interface or an insertion slot for an external recording medium M (for example, an SD (Secure Digital) card) that is a detachable nonvolatile storage medium. When the external recording medium M is inserted into this slot, it is possible to recognize whether or not the external recording medium M is inserted due to a change in voltage or the like (hot-line insertion / extraction). The external recording medium M stores an encryption key that is used when data is encrypted.

  FIG. 2 is a block diagram illustrating a configuration of the multifunction peripheral 100 according to the present embodiment. As shown in FIG. 2, the multifunction peripheral 100 includes an NVRAM 124, a cache memory (RAM) 112b, a media I / F 119, and hardware resources 201 such as a printer, a scanner, a facsimile, a hard disk, and a network interface, and a platform. 220 and a software group 210 including an application (hereinafter also referred to as an application) 230.

  The NVRAM 124 has a non-encrypted area, an encrypted area, and a management area, so that it can hold the data subjected to the encryption process and the data subjected to the encryption process.

  FIG. 3 is an explanatory diagram showing an area for storing data in the NVRAM 124. In this figure, for the sake of easy explanation, a break for each size of the encryption key is shown. The sizes of the non-encrypted area, the encrypted area, and the management area of the NVRAM 124 are secured as integer multiples of the encryption key size. Thereby, the partition of the encryption key size of the NVRAM 124 matches the boundary of each area.

  As shown in FIG. 3, an area for each application is secured in each of the non-encrypted area and the encrypted area in the NVRAM 124. Then, when data is input from the application, if an area used by the application is secured in the encryption area, the data is subjected to encryption processing. That is, it is determined in advance for each application whether the area is to be secured in the encrypted area or the non-encrypted area. Therefore, if there is a possibility that confidential information is included in data used in a certain application, an area used by the application is reserved in the encryption area in advance.

  An area divided for each encryption key size shown in FIG. 3 is a block. In the encryption area, reading and writing processes are performed for each block. In the encryption area, reading and writing are performed in units of blocks of the size of the encryption key, so that encryption processing and decryption processing can be performed on data stored in the NVRAM 124 that can be read and written in 1-bit units. .

  For example, when it is desired to update the data stored in the area 301, the block 302 is decrypted, the decrypted block 302 data is updated, and then the update process is performed. The block 302 including the received data is encrypted and stored in the original area of the NVRAM 124. The detailed procedure will be described later. In this embodiment, the block and the area allocated for each application do not match. In the present embodiment, there is no particular restriction as to whether or not these blocks match the area allocated for each application.

  As shown in FIG. 3, the management area has an address area, a CRC area, and a temporary save area. The temporary save area is an area for temporarily storing data for each block to be written to the encryption area. The address area stores an address indicating the encryption area where the data stored in the temporary save area is stored. The CRC area stores data for detecting errors in data stored in the address area and temporary save area of the management area. The situation where the management area is used will be described later.

  Returning to FIG. 2, the cache memory (RAM) 112 b is composed of a RAM that is faster in reading and writing than the NVRAM 124, and stores the decrypted data from the encryption area of the NVRAM 124. Then, in response to a request from the application, the setting data included in the data subjected to the decryption process is updated.

  The platform 220 includes an encryption determination unit 221, an encryption processing unit 222, a decryption processing unit 223, an NVRAM control unit 224, a cache control unit 225, a general-purpose OS 226, an NVRAM update determination unit 227, and a recovery process. Part 228. In addition, the platform 220 has an application program interface (API) that allows a processing request to be received from the application 230 by a predefined function.

  The encryption determination unit 221 determines whether to perform encryption processing on data input from the application. In the present embodiment, the encryption determination unit 221 determines whether to perform encryption processing according to the application. Data that does not need to be encrypted is written to the non-encrypted area of the NVRAM 124 by the NVRAM control unit 224 described later. Data that needs to be encrypted is first written to the cache memory 112b. The procedure for performing the encryption process will be described later.

  The decryption processing unit 223 performs decryption processing on the block unit data in the encryption area of the NVRAM 124 read by the NVRAM control unit 224 described later. It is assumed that the encryption key used for the decryption process is read from the external recording medium M connected via the media I / F 119. That is, only the user who has the external recording medium M can decrypt the encrypted information and use the information. Note that the decrypted data is stored in the cache memory 112b by the cache control unit 225.

  The encryption processing unit 222 performs encryption processing on the block unit data stored in the encryption area. The block unit data to be encrypted is data stored in the cache memory 112b in advance. It is assumed that the encryption key used for the encryption process is read from the external recording medium M connected via the media I / F 119.

  The NVRAM update determination unit 227 determines whether or not to update the block stored in the cache memory 112b with respect to the storage destination address of the block in the NVRAM 124. In the present embodiment, the NVRAM update determination unit 227 determines that the update is performed when a predetermined time has elapsed. When the NVRAM update determination unit 227 determines that the update is to be performed, a process is performed to update all the blocks stored in the cache memory 112b with respect to the address destination in which each block is originally stored in the NVRAM 124.

  The restoration processing unit 228 performs restoration processing of data written in the NVRAM 124 when the MFP 100 is restarted after abnormal termination. As a result, even if the MFP 100 is abnormally terminated and data is being written to the encryption area of the NVRAM 124, the data in the encryption area can be restored upon restart. As a result, the reliability of the multifunction peripheral 100 is improved.

  In the first place, there is a high possibility that the data recorded in the NVRAM 124 having higher reliability than the HDD or the flash memory is important data. Conventionally, since reading and writing are performed in 1-bit units, the range in which data is damaged even when abnormal termination occurs is very narrow. However, since the writing process is performed in units of the size of the encryption key in the present embodiment, there is a possibility that data will be damaged in a wider range than in the conventional case when it ends abnormally. Therefore, in this embodiment, a configuration is provided in which data can be recovered even when the process ends abnormally.

  The NVRAM control unit 224 includes a writing unit 231 and a reading unit 232, and controls writing and reading of data stored in the NVRAM 124.

  The writing unit 231 performs a writing process on the NVRAM 124. Then, in the case of application data that does not need to be encrypted, the writing unit 231 performs a writing process on the non-encrypted area. In the case of application data that needs to be encrypted, the writing unit 231 performs the writing process in the encryption area after the encryption processing unit 222 performs the encryption process.

  The reading unit 232 performs processing for reading data stored in the non-encrypted area and the encrypted area of the NVRAM 124.

  The cache control unit 225 includes a cache update unit 241, a cache write unit 242, and a cache read unit 243, and controls writing and reading of data stored in the cache memory 112b.

  The cache writing unit 242 performs a process of writing the block unit data that has been decrypted by the decryption processing unit 223 into the cache memory 112b.

  The cache update unit 241 is a block written by the cache writing unit 242 to the cache memory 112b when data to be updated is input from an application (applications B and C in FIG. 3) whose area is secured in the encryption area. The update process is performed on the data to be updated included in. As a result, the update process can be performed at a higher speed than when the NVRAM 124 is updated. As a result, the multi-function peripheral 100 improves the processing speed in the update process.

  The cache reading unit 243 performs reading processing of block unit data stored in the cache memory 112b. Then, the read data is subjected to encryption processing by the encryption processing unit 222.

  The general-purpose OS 226 is a general-purpose operating system such as UNIX (registered trademark), and executes the software of the platform 220 and the application 230 in parallel as processes.

  The application 230 includes an application A, an application B, an application C, an application D, and an application E. Each of these applications is an application specific to the multifunction peripheral (specific to the image forming apparatus), and setting data and the like used in the application are held in an area reserved for each application in the NVRAM 124.

  Each process of the application 230 and each process of the control service realize a user service related to image forming processing such as copying, printer, scanner, facsimile, etc. while performing inter-process communication by calling a function, sending its return value, and sending / receiving a message. is doing. Each application 230 can be added or deleted for each application.

  Next, processing from the setting data update request from the application to writing in the NVRAM in the MFP 100 according to the present embodiment configured as described above will be described. FIG. 4 is a flowchart showing a procedure of the above-described processing in the multifunction peripheral 100 according to the present embodiment.

  First, the platform 220 receives a setting data storage request from the application via the API (step S401).

  Then, the encryption determination unit 221 determines whether the input destination of the setting data is an encryption area or a non-encryption area (step S402). The determination of whether or not this is an encryption area is based on the application that has input the setting data. In the example illustrated in FIG. 3, when setting data is input from the applications B and C, the writing destination is determined to be an encryption area.

  If the encryption determining unit 221 determines that the area is a non-encrypted area (step S402: No), the writing unit 231 writes the setting data to the area where the setting data is written in the non-encrypted area. (Step S403). In this case, the writing is performed in units of 1 bit as in the normal writing to the NVRAM 124.

  When the encryption determination unit 221 determines that the area is an encryption area (step S402: Yes), the encryption determination unit 221 determines whether a block including data to be updated is stored in the cache memory 112b. (Step S404). When it is determined that the data is stored in the cache memory 112b (step S404: Yes), processing such as reading from the NVRAM 124 is not particularly performed.

  When the encryption determination unit 221 determines that the data is not stored in the cache memory 112b (step S404: No), the reading unit 232 performs a process of reading the block of the encrypted area including the write destination data (step S404). S405).

  Next, the decryption processing unit 223 performs decryption processing on the block that has been read (step S406). Then, the cache writing unit 242 performs a process of writing the decrypted block into the cache memory 112b (step S407).

  Then, the cache update unit 241 takes out a write target block including data to be updated from the cache memory 112b (step S408). The reason why the write target block is taken out in this way is that the cache memory 112b is a recording medium that can be read and written in units of blocks, unlike the NVRAM 124.

  Next, the cache update unit 241 updates the update target data of the extracted write target block with the setting data input from the application (step S409).

  Then, the cache update unit 241 stores the updated block in the cache memory 112b again (step S410).

  Next, when a predetermined condition is satisfied, an encryption process is performed on a block stored in the cache memory 112b, and then an update process is performed on the area of the NVRAM 124 in which the block is stored (step S411). Details of this update process will be described later.

  With the above-described processing procedure, the MFP 100 can perform update processing with data included in the encrypted area and the non-encrypted area of the NVRAM 124.

  Next, detailed processing until the block stored in the cache memory 112b shown in step S411 of FIG. 4 is written to the NVRAM 124 will be described. FIG. 5 is a flowchart showing a procedure of the above-described processing in the multifunction peripheral 100 according to the present embodiment.

  First, the NVRAM update determination unit 227 determines whether or not a predetermined time has elapsed since the previous update (step S501). If the predetermined time has not elapsed (step S501: No), it is determined later whether the predetermined time has elapsed again. The predetermined time may be any time interval, and is set in consideration of convenience in the multifunction device 100 and the like.

  If the NVRAM update determining unit 227 determines that a predetermined time has elapsed since the previous update process (step S501: Yes), the cache reading unit 243 performs a process of reading a block stored in the cache memory 112b. (Step S502). Next, the encryption processing unit 222 performs encryption processing on the read block (step S503).

  Then, the writing unit 231 performs a process of writing the encrypted block to the temporary save address in the management area of the NVRAM 124 (Step S504). Next, the writing unit 231 performs a process of writing the address value of the write destination of the encryption area of the block to the address area of the management area (step S505).

  Then, the writing unit 231 performs a process of writing the CRC code generated from the entire management area including the temporary save area and the address area on which the write process has been performed (step S506). It should be noted that any method may be used for generating the CRC code regardless of a known method.

  Next, the writing unit 231 performs a process of writing the block to the write destination address in the encryption area (step S507).

  Then, the NVRAM update determining unit 227 performs a process of clearing the CRC area after the writing process of the writing unit 231 is completed (step S508). Thereby, by referring to the CRC area, it is possible to determine whether or not the block stored in the temporary save area has already been written in the encryption area.

  Next, the NVRAM update determination unit 227 determines whether another block is stored in the cache memory 112b after the updated block is deleted from the cache memory 112b (step S509). When the NVRAM update determining unit 227 determines that the data is stored (step S509: Yes), the cache reading unit 243 shown in step S502 performs the process of extracting the other blocks (step S502).

  When the NVRAM update determination unit 227 determines that there is no other block in the cache memory 112b (step S509: No), all the processes are terminated.

  After the encryption process is performed on the block stored in the cache memory 112b by the above-described process, the block can be stored in the encryption area of the NVRAM 124. As described above, since the MFP 100 performs the encryption process every predetermined time and then stores it in the encryption area of the NVRAM 124, there is no need to perform the write process to the NVRAM 124 every time there is a request from the application. , The burden of writing processing on the NVRAM 124 can be reduced.

  The reason why the data is stored in the encryption area after being stored in the temporary save area in the above-described processing procedure is to allow the data to be restored even when the power is suddenly turned off. In other words, the update performed on the conventional NVRAM 124 is performed in units of 1 bit. In contrast, in this embodiment, updating is performed in units of blocks. For this reason, when the power supply is suddenly cut off, there is a possibility that data is damaged in a block having a wider range. Therefore, in order to prevent such a situation, the encryption area is updated after being stored in the temporary save area. As a result, even when the MFP 100 is abnormally terminated while writing to the encryption area of the NVRAM 124, the data can be recovered. Thereby, the reliability of the multifunction peripheral 100 is improved.

  Next, a process until the MFP 100 according to the present embodiment configured as described above is restarted after being abnormally terminated and data in the NVRAM 124 is restored will be described. FIG. 6 is a flowchart showing a procedure of the above-described processing in the multifunction peripheral 100 according to the present embodiment.

  First, the multifunction peripheral 100 ends abnormally (step S601). As this abnormal end, for example, the power supply of the main body may be cut off. Next, the multifunction device 100 restarts (step S602).

  Then, the restoration processing unit 228 determines whether there is a CRC code in the CRC area of the NVRAM 124 (step S603). If the restoration processing unit 228 determines that there is no CRC code in the CRC area (step S603: No), the restoration processing unit 228 determines that it has not ended abnormally during the writing of the encrypted area of the NVRAM 124 and ends.

  Further, when the restoration processing unit 228 determines that there is a CRC code in the CRC area (step S603: Yes), it generates a CRC code from the entire management area of the NVRAM 124 (step S604).

  Then, the restoration processing unit 228 determines whether or not the generated CRC code matches the CRC code held in the CRC area of the NVRAM 124 (step S605). If it is determined that they do not match (step S605: No), it is determined that there is an error in the data held in the management area, and the process ends.

  Next, when the recovery processing unit 228 determines that the generated CRC code matches the CRC code held in the CRC area of the NVRAM 124 (step S605: Yes), the writing unit 231 stores the temporary save area of the NVRAM 124. A process of writing the data held in step 1 to the write destination held in the address area is performed (step S606).

  Then, after the writing process by the writing unit 231 is completed, the restoration processing unit 228 clears the CRC code held in the CRC area (step S607).

  In the MFP 100 according to the present embodiment, the data in the NVRAM 124 can be recovered by the above-described processing procedure even when the write processing is performed on the NVRAM 124 when the process is abnormally terminated.

  In the present embodiment, the block size is not limited to the same size as the encryption key, as long as the number of bits of the encryption key that can be encrypted with the encryption key is multiplied by an integer. Good.

  In this embodiment, an example in which NVRAM is used as a storage medium has been described. However, the present invention is not limited to NVRAM, and any storage medium that can be read and written in 1-bit units, such as FeRAM, may be used. By using NVRAM or FeRAM as the storage medium in this way, reliability is improved as compared with HDD or flash memory.

  In addition, since the MFP 100 according to the present embodiment has the above-described configuration, the encrypted information can be written in the NVRAM 124 that can be written in bit units. Safety is improved.

  In the MFP 100 according to the present embodiment, an area in which information is stored in either the encryption area or the non-encryption area for each application in the NVRAM 124 is secured. Thereby, since the encryption process is performed on the information of the application having the information that the third party wants to prevent browsing, the safety is improved. In addition, since the application information that does not need to be prevented from being viewed by a third party is not encrypted, the reading / writing processing speed is improved.

  Further, in the MFP 100 according to the present embodiment, only when the external recording medium M is loaded in the lot, the confidential information stored in the encryption area is encrypted, and then the confidential information is stored. Can be used. As a result, the reliability and safety of the multifunction peripheral 100 are improved.

(Second Embodiment)
In the MFP 100 according to the first embodiment, it is determined in advance whether an area reserved for each application is assigned to an encryption area or a non-encryption area. However, in consideration of the speed of encryption / decryption processing, etc., it may be desired to change whether or not to perform encryption processing according to input data. Therefore, in the second embodiment, a case will be described in which the encryption area and the non-encryption area are switched as necessary. Note that the second embodiment will be described with respect to differences from the first embodiment, and description of the same points will be omitted.

  FIG. 7 is a block diagram showing the configuration of the multifunction machine according to the present embodiment. As illustrated in FIG. 7, the MFP 700 is changed to an NVRAM control unit 711 that is different from the NVRAM control unit 224 in the platform 710 in the MFP 710 according to the first embodiment described above. The update determination unit 227 is different from the update determination unit 227 in that the process is changed to the NVRAM change determination unit 712, and the encryption determination unit 221 is different in the process from the encryption determination unit 713. In addition, with such a change in configuration, the area secured in the NVRAM 124 is also changed.

  FIG. 8 is an explanatory diagram showing an area for storing data in the NVRAM 124 according to the second embodiment. As shown in the figure, the NVRAM 124 is divided into an information storage area and a management area. Further, in the figure, for the sake of easy explanation, a break for each encryption key size is shown.

  Each size of the information storage area and the management area of the NVRAM 124 is secured by an integral multiple of the encryption key size. Further, the information storage area is divided into blocks for each encryption key size. In the present embodiment, it can be set for each block whether it is an encryption area or a non-encryption area.

  As shown in FIG. 8, the management area has an encryption flag for each block, an address area, a CRC area, and a temporary save area. The encryption flag for each block indicates whether or not the data stored in the block has been subjected to encryption processing. Note that the address area, CRC area, and temporary save area are the same as those in the first embodiment, and a description thereof will be omitted.

  That is, when it is determined that the encryption process has been performed with reference to the encryption flag for each block, the block is treated as an encryption area. If it is determined that the encryption process has not been performed with reference to the encryption flag, the block is treated as a non-encrypted area. If confidential information is included in the data input from the application, change the encryption flag if the encryption flag corresponding to the block where the data is stored has not been encrypted. The data of the block is encrypted and stored in the block. The detailed processing procedure will be described later.

  Returning to FIG. 7, the NVRAM control unit 711, the NVRAM update determination unit 712, and the encryption determination unit 713 of the platform 710 will be described.

  The encryption determination unit 713 determines whether to perform encryption processing on data input from the application. As an example of determining that the encryption process is to be performed, the encryption determination unit 713 includes the case where the encryption process is already performed on the block where the data is stored, or the confidential data is included in the data input from the application. The case where it was included is considered. The procedure for performing the encryption process will be described later.

  The NVRAM update determination unit 712 determines whether or not to update the block stored in the cache memory 112b with respect to the storage destination address of the block in the NVRAM 124. Details of processing performed by the NVRAM update determination unit 712 will be described later.

  The NVRAM control unit 711 includes a writing unit 722 and a reading unit 721, and controls writing and reading of data stored in the NVRAM 124.

  The writing unit 722 performs a writing process on the NVRAM 124. The writing unit 722 is different from the writing unit 231 according to the first embodiment in that when performing the process of writing the encrypted block to the NVRAM 124, the encryption corresponding to the block is performed. The point is that a process of changing the flag to indicate that the encryption process has been performed is performed.

  The reading unit 721 reads a block stored in the information storage area of the NVRAM 124. Further, when the reading unit 721 reads a block, the reading unit 721 also reads an encryption flag associated with the block.

  Next, a process from an update request for setting data including confidential data from an application in the MFP 700 configured as described above to writing the data in the NVRAM will be described. FIG. 9 is a flowchart illustrating a procedure of the above-described processing in the multi-function device 700 according to the present embodiment.

  First, the platform 7120 receives a setting data update request including confidential data from the application via the API (step S901).

  Then, the encryption determination unit 713 determines whether the block to which the input setting data is written has already been stored in the cache memory 112b (step S902). When it is determined that the data is stored in the cache memory 112b (step S902: Yes), processing such as reading from the NVRAM 124 is not performed.

  Next, when the encryption determination unit 713 determines that the data is not stored in the cache memory 112b (step S902: No), the reading unit 721 performs a process of reading a block including the write destination data (step S903).

  Then, the reading unit 721 performs processing for reading the encryption flag corresponding to the block from the management area of the NVRAM 124 (step S904).

  Next, the encryption determination unit 713 determines whether encryption processing has been performed on the block based on the encryption flag (step S905). If it is determined that the encryption processing has not been performed (step S905: No), the decryption processing unit 223 does not perform any particular processing.

  When the encryption determination unit 713 determines that encryption processing has been performed (step S905: Yes), the decryption processing unit 223 performs decryption processing on the block read in step S903 ( Step S906).

  Then, the cache writing unit 242 performs processing for writing the block to the cache memory 112b (step S907).

  Then, the cache update unit 241 updates the block setting data stored in the cache memory 112b, similarly to steps S408 to S410 in FIG. 4 (steps S908 to S910). Next, when a predetermined condition is satisfied, an encryption process is performed on a block stored in the cache memory 112b, and then an update process is performed on an area of the NVRAM 124 in which the block is stored ( Step S911). Details of this update process will be described later.

  According to the above-described processing procedure, the MFP 700 can update the NVRAM 124 after encrypting the confidential data.

  In addition, when setting data that does not include confidential data is input from the application, and the encryption process is not performed on the writing destination block, the writing unit 722 performs the bit-by-bit operation as in the first embodiment. Perform the writing process. In addition, when setting data that does not include confidential data is input from an application and encryption processing is performed on a write destination block, the update processing is performed after the data is stored in the cache memory 112b in the same manner as described above. Become.

  Next, a process until the block stored in the cache memory 112b shown in step S911 in FIG. 9 is written to the NVRAM 124 will be described. FIG. 10 is a flowchart illustrating a procedure of the above-described processing in the multifunction peripheral 100 according to the present embodiment. The processing procedure shown in FIG. 10 is the same as the processing procedure shown in FIG. 5 of the first embodiment except that an encryption flag is set.

  That is, in the same manner as steps S501 to S505 in FIG. 5, after the block read from the cache memory 112b is encrypted, it is written to the temporary save area of the NVRAM 124, and further the address of the NVRAM 124 to which the block is written A process of writing a value in the address area is performed (steps S1001 to S1005).

  Next, the writing unit 722 performs processing for writing a parameter indicating that encryption processing has been performed on the encryption flag corresponding to the block in the management area (step S1006).

  Then, in the same manner as steps S506 to S509 in FIG. 5, after the process of writing the block to the CRC code and the encrypted area is completed, the process of clearing the CRC area is performed, and there is another block in the cache memory. The processing is restarted from step S1002 (step S1010).

  After the block stored in the cache memory 112b by the above-described processing is encrypted, it can be stored in the information storage area of the NVRAM 124. Further, even when the information storage area of the NVRAM 124 is a non-encrypted area, it can be changed to an encrypted area.

  The MFP 700 according to the present embodiment changes whether or not the encryption process is performed on the storage destination area according to the encryption flag stored in the NVRAM 124, so that information to be prevented from being referred to by a third party is changed. Therefore, the security can be improved because the encryption process can be appropriately performed.

  Also, in the initial state of the encryption flag of the MFP 700, the encryption area is not indicated, but is changed to the encryption area according to the input information, so that an encryption area suitable for the use situation is set. It will be. This improves convenience.

(Modification)
Moreover, it is not limited to each embodiment mentioned above, The various deformation | transformation which is illustrated below is possible.

  In the embodiment described above, the encryption key is held in the external recording medium M, but the storage destination of the encryption key is not limited to the external recording medium M. Therefore, in the first modification, the encryption key is stored in the ROM 112a.

  Thus, the encryption key was stored in the RAM 112b. Then, the ROM 112b is referred to when the encryption processing unit and the decryption processing unit perform processing. Thereby, the encryption processing unit can perform the encryption process and the decryption process of the decryption processing unit. Therefore, since it is possible to prevent the reference of the confidential information stored in the NVRAM 124, the same effect as that of the above-described embodiment can be obtained.

  In addition, an information recording program executed as a platform in the multifunction machine of the above-described embodiment is provided by being incorporated in advance in a ROM or the like.

  The information recording program executed by the multi-function device of the above-described embodiment is an installable or executable file, such as a CD-ROM, a flexible disk (FD), a CD-R, a DVD (Digital Versatile Disk), or the like. It may be configured to be recorded on a computer-readable recording medium.

  Furthermore, the information recording program executed by the multifunction peripheral according to the above-described embodiment may be provided by being stored on a computer connected to a network such as the Internet and downloaded via the network. Further, the information recording program executed by the multifunction machine of the above-described embodiment may be provided or distributed via a network such as the Internet.

  The information recording program executed by the MFP according to the present embodiment includes the above-described units (encryption determination unit, encryption processing unit, decryption processing unit, NVRAM control unit, cache control unit, NVRAM update determination unit, recovery process). In the actual hardware, the CPU (processor) reads the information recording program from the ROM and executes the information recording program, so that each unit is loaded on the main storage device, and the encryption determination unit The encryption processing unit, the decryption processing unit, the NVRAM control unit, the cache control unit, the NVRAM update determination unit, and the recovery processing unit are generated on the main storage device.

  As described above, the information recording apparatus, the image forming apparatus, the information recording method, and the information recording program according to the present invention are useful when performing encryption processing on information stored in a storage unit that can be written in bit units. In particular, it is suitable for a technique for performing an encryption process when information is stored in NVRAM or FeRAM mounted in an image forming apparatus.

1 is a block diagram illustrating a hardware configuration of a multifunction machine according to a first embodiment. 1 is a block diagram illustrating a configuration of a multifunction machine according to a first embodiment. 3 is an explanatory diagram illustrating an area for storing data in the NVRAM of the multifunction peripheral according to the first embodiment; FIG. 4 is a flowchart illustrating a processing procedure from an update request for setting data from an application to writing data in NVRAM in the multifunction peripheral according to the first embodiment. 4 is a flowchart illustrating a detailed processing procedure until a block stored in a cache memory in the multifunction peripheral according to the first embodiment is written into NVRAM; 6 is a flowchart illustrating a procedure of processing until the NVRAM is restored by restarting after abnormal termination in the MFP according to the first embodiment. 6 is a block diagram illustrating a configuration of a multifunction machine according to a second embodiment. It is explanatory drawing which showed the area | region which stores the data in NVRAM of 2nd Embodiment. 12 is a flowchart illustrating a processing procedure from an update request for setting data including confidential data from an application to writing of the data in NVRAM in the multifunction peripheral according to the second embodiment. 12 is a flowchart illustrating a detailed processing procedure until a block stored in a cache memory in an MFP according to the second embodiment is written into NVRAM.

Explanation of symbols

100, 700 MFP 101 Controller 102 Engine unit 111 CPU
112 System memory 112a ROM
112b Cache memory (RAM)
112c NVRAM
113 NV
114 SB
115 AGP bus 116 ASIC
117 Local memory 118 HDD
119 Media I / F
120 Operation unit 121 FCU
122 USB
123 IEEE 1394 interface 201 Hardware resource 210 Software group 220, 710 Platform 221, 713 Encryption judgment unit 222 Encryption processing unit 223 Decryption processing unit 224, 714 NVRAM control unit 225 Cache control unit 226 General-purpose OS
227, 712 NVRAM update determination unit 228 recovery processing unit 230 application 231, 722 writing unit 232, 721 reading unit 241 cache updating unit 242 cache writing unit 243 cache reading unit 301 area 302 block

Claims (20)

A storage unit that can be read and written in bit units;
Using an encryption key, encryption means for performing encryption processing on processing target information having a size that is an integral multiple of the number of bits of the encryption key;
A writing unit for writing the processing target information encrypted by the encryption unit to a target storage area having an integer multiple of the number of bits of the encryption key in the storage unit;
An information recording apparatus comprising: A temporary storage unit capable of reading and writing at a higher speed than the reading / writing speed of the storage unit;
Reading means for reading processing target information stored in the target storage area of the storage unit;
Decoding means for performing a decoding process on the processing target information read by the reading means;
Temporary writing means for writing the processing target information subjected to decryption processing by the decryption means to the temporary storage unit;
Update means for updating update target information included in the processing target information written by the temporary writing means with input information input from an application, and
The encryption unit performs an encryption process on the processing target information including the update target information updated by the updating unit;
The information recording apparatus according to claim 1. The encryption means performs encryption processing at predetermined time intervals on the processing target information stored in the temporary storage unit;
The information recording apparatus according to claim 2. The writing means writes the processing target information subjected to the encryption processing in a temporary save area secured in a separate area from the target storage area of the storage unit, and then writes the processing target information to the target Writing to the storage area,
The information recording apparatus according to claim 2 or 3, When the information to be processed is written in the temporary save area of the storage unit at the time of restart after the information recording apparatus is abnormally terminated, the writing means is written in the temporary save area Writing processing target information in the target storage area;
The information recording apparatus according to claim 4. The writing means writes error detection information for the processing target information written in the temporary save area into the storage unit;
The information recording apparatus according to claim 4, wherein: Encryption determination means for determining, for each application, whether or not to perform encryption processing on the input information input from the application,
The reading unit reads the processing target information including information on a writing destination of the input information determined to be subjected to the encryption processing by the encryption determination unit;
The information recording apparatus according to claim 2, wherein the information recording apparatus is an information recording apparatus. The storage unit has an information storage area having a capacity obtained by multiplying the number of bits of the encryption key by a first integer, and a second integer smaller than the first integer in the number of bits of the encryption key in the information storage area A management area storing an encryption flag indicating whether or not to perform encryption processing for each target storage area having a capacity multiplied by
When the encryption flag stored in the management area of the storage unit indicates that the encryption process is to be performed, the writing unit performs the encryption on the target storage area corresponding to the encryption flag. Writing the processing target information that has been encrypted by the encryption means;
The information recording apparatus according to claim 1. The storage unit does not indicate that the encryption flag for each block is subjected to encryption processing in an initial state,
In the case where the input information input from the application includes non-disclosure information that should be prevented from being referred to by a third party, the writing means stores the encryption associated with the target storage area where the input information is stored Rewrite it to indicate that the flag will be encrypted,
The information recording apparatus according to claim 8.   10. The information recording apparatus according to claim 1, wherein the storage unit uses NVRAM (Nonvolatile Random-Access Memory) or FeRAM as a storage medium. A mounting means for mounting a portable recording medium;
The encryption means performs encryption processing on information that is an integral multiple of the size of the encryption key, using the encryption key stored in the portable recording medium attached to the attachment means;
The information recording apparatus according to claim 1, wherein the information recording apparatus is an information recording apparatus. In an image forming apparatus having a plurality of applications,
A storage unit capable of reading and writing in bit units in which information used in the application is stored;
Using an encryption key, encryption means for performing encryption processing on processing target information having a size that is an integral multiple of the number of bits of the encryption key;
Writing means for writing the information encrypted by the encryption means to a target storage area having an integer multiple of the number of bits of the encryption key in the storage unit;
An image forming apparatus comprising: A temporary storage unit capable of reading and writing at a higher speed than the reading / writing speed of the storage unit;
Reading means for reading processing target information stored in the target storage area of the storage unit;
Decoding means for performing a decoding process on the processing target information read by the reading means;
Temporary writing means for writing the processing target information subjected to decryption processing by the decryption means to the temporary storage unit;
Updating means for updating the update target information included in the processing target information written by the temporary writing means with the input information input from the application,
The encryption unit performs encryption processing on the processing target information including the update target information updated by the updating unit;
The image forming apparatus according to claim 12. An encryption step of performing encryption processing on processing target information having a size that is an integral multiple of the number of bits of the encryption key using the encryption key;
Writing that writes the processing target information encrypted by the encryption means to a target storage area having a capacity that is an integral multiple of the number of bits of the encryption key in a storage unit that can be read and written in bit units Steps,
An information recording method characterized by comprising: A reading step of reading processing target information stored in the target storage area of the storage unit;
A decoding step of performing a decoding process on the processing target information read by the reading step;
A temporary writing step of writing the processing target information subjected to the decryption process in the decryption step into a temporary storage unit that can be read and written at a higher speed than a read / write speed with respect to the storage unit;
An update step of updating the update target information included in the processing target information written by the temporary writing step with input information input from an application, and
The encryption step performs an encryption process on the processing target information including the update target information updated by the updating step;
The information recording method according to claim 14. The encryption step performs encryption processing at predetermined time intervals on the processing target information stored in the temporary storage unit;
The information recording method according to claim 15. The writing step writes the processing target information subjected to the encryption processing in a temporary save area secured in a separate area from the target storage area of the storage unit, and then writes the processing target information to the target Writing to the storage area,
The information recording method according to claim 15 or 16, wherein: In the writing step, when the information to be processed is written in the temporary save area of the storage unit at the time of restart after the information recording apparatus having the storage unit is abnormally terminated, the write step is written in the temporary save area Writing the processing target information that has been stored in the target storage area;
The information recording method according to claim 17. Encryption determination means for determining, for each application, whether or not to perform encryption processing on the input information input from an application,
The reading step reads the processing target information including information on a write destination of the input information determined to be subjected to the encryption processing in the encryption determination step;
The information recording method according to any one of claims 15 to 18.   An information recording program for causing a computer to execute the information recording method according to any one of claims 15 to 19.

Images