JP2008269227A - Handwritten character input processing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a handwritten character input processing system for applying necessary processing to characters of a handwritten document while maintaining the secrecy of information. <P>SOLUTION: This handwritten character input processing system divides one sheet data of a sheet input from an image scanner of a client 2 into parts data, and encrypts them by using first to third keys. A data center 1 decrypts a portion of the data by using the second key for management, and decrypts the data by using the third key in an entry computer 3 for display. An operator visually recognizes characters, and generates a character data file by key input, and encrypts it by using the fourth key, and returns it to a client. The client perform decryption by using the first, second and fourth keys. Thus, it is possible to apply necessary processing while maintaining the secrecy of information by partially encrypting and decrypting data in a multi-stage manner according to the steps of processing. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a handwritten character input processing system, and more particularly, a data portion and a portion are encrypted / decrypted in multiple stages according to the processing, and necessary processing is performed while maintaining confidentiality of information. The present invention relates to a handwritten character input processing system.

  In particular, we handle personal information that is strictly regulated by the Personal Information Protection Law, for example, so-called data entry work such as handwritten contracts and application forms, etc., so that personal information can be used as personal information other than the client The present invention relates to a handwritten character input processing system capable of smoothly processing a data entry operation without performing a minimum disclosure.

  Conventionally, there is a method of automatically recognizing handwritten characters with an OCR (Optical Character Reader), and the recognition rate is also increasing. For this reason, it is widely used for automatic sorting of postal items by postal code and tabulation of questionnaires, which significantly reduces the human burden.

  However, for important documents such as contracts, the impact of an error is large and misrecognition is not allowed. Therefore, in the case of such an important document, work is finally performed by a handwritten character input processing system in which each human eye is finally checked one by one and manually input as data to a computer. Although this operation is simple but extremely complicated and does not allow errors, it requires a large human burden because recognition by the naked eye is essential.

  On the other hand, a contract or the like usually includes personal information of the corporation or individual. In Japan, the Personal Information Protection Law has been enforced since April 2005 for the purpose of protecting personal information. In such a situation, personal information cannot be disclosed to a third party, and data entry (handwritten character input processing) cannot be easily outsourced to a third party.

Therefore, the one shown in Patent Document 1 has been proposed. First, image data relating to exchange processing transmitted by facsimile is divided by a central control device to such an extent that it cannot be grasped as specific personal information, and is distributed to a corresponding correction device for character recognition. Then, confirmation / correction processing by different correction operators is performed. The corrected character recognition result is transmitted to the central control unit, and is integrated by the central control unit to generate form data corresponding to the original form. In the present invention, since the original form is divided and distributed to the corresponding correction devices and character recognition is performed, the original form can be processed in a state where it cannot be grasped as specific personal information.
JP 2002-74263 A

  However, in the facsimile character reading system, the division processing unit that divides the image data of the standard / single transfer request form into a plurality of areas, and the integration that generates the recognition result of the original transfer request form by integrating the correction results Although there is disclosure of the existence of the processing unit, the configuration of how to actually divide and integrate is not clarified. When a large number of people process a large number of forms, the image data obtained by dividing the original form cannot be integrated into the original form data after character recognition unless the form data is known. Eventually, it will be easily integrated where it is divided, and personal information will leak.

Of course, if the data is encrypted, the form itself cannot be read even if there is no information leakage.
In the present invention, when handwritten characters on a form relating to personal information requested by a client to be kept confidential are processed by a large number of humans, the data is encrypted in multiple stages in accordance with the respective processes. Provided is a handwritten character input processing system capable of performing processing while decrypting and maintaining the confidentiality of information.

  In particular, personal information that is strictly regulated by the Personal Information Protection Law, for example, character data entry work such as handwritten contracts / applications, etc., is disclosed in a form that can be used as personal information except for the client. There is nothing. In addition, companies that have been entrusted with a series of operations such as data entry and verification, as well as outside contractors that are difficult to manage, are guaranteed to be handled safely.

  It is another object of the present invention to provide a handwritten character input processing system capable of easily managing personal information within a client company in a physically reliable manner with the encryption key being visualized.

  In order to solve the above problems, in the handwritten character input processing system according to claim 1, image data is received from an image scanner including a plurality of input terminals, a management computer, and a plurality of processing terminals, and connected to an arbitrary input terminal. A part of the input paper is displayed on any of the processing terminals via the management computer, and the character data input by causing the operator of the processing terminal to visually recognize the characters is input via the management computer. A handwritten character input processing system that outputs character data from the arbitrary input terminal, the input terminal reading paper image data on which a character is written by the image scanner, and reading image data Image data is cut out from each of the character areas specified as the positions where characters are written in advance. At the same time, the extraction means for assigning a unique file name indicating the attribute of the image, and the file name of the extracted image file is divided into predetermined character strings, and each divided character string is encrypted using a different key. The present invention includes a file name encryption unit that performs image file transmission, and an image file transmission unit that transmits an image file with an encrypted file name to a management computer.

  According to the present invention, the image file cut out from one sheet is encrypted by dividing the file name indicating the attribute of the image into a predetermined character string. Processing can be performed while maintaining confidentiality of information by encryption / decryption.

  According to a second aspect of the present invention, in the handwritten character input processing system according to the first aspect, the ciphertext encrypted in the file name encrypting means is based on a character set including a character code not including a control code. This is the gist.

According to the present invention, since the control code is not included in the ciphertext, it is possible to avoid an unintentional trouble caused by the file name being the control code.
According to a third aspect of the present invention, in the handwritten character input processing system according to the first or second aspect of the present invention, in the cutout means, the unique file name indicating the image attribute includes a plurality of input sheets. A character string including a paper identification ID code, which is a character string indicating which of the papers is cut out, and the key used for encryption in the file name encryption unit is a character string including the paper identification ID code The gist of the present invention is to include a first key used for encrypting and a second key for encrypting other character strings.

  According to the present invention, the character string portion essential for restoring the paper encrypted with the first key is different from the portion identifying the input terminal encrypted with the second key, depending on the processing stage. Therefore, appropriate encryption / decryption can be performed.

  According to a fourth aspect of the present invention, in the handwritten character input processing system according to the third aspect, the character string including the paper identification ID code indicates a character region from which the image data is cut out. The gist is to further include an ID code.

According to this invention, since the character string based on the paper identification ID code and the part ID code is encrypted, the ciphertext is always different, so that security is improved.
In the invention described in claim 5, in the handwritten character input processing system according to claim 3 or 4, the first key is stored in a portable storage medium connected to the input terminal, and The gist is to erase the storage of the first key from the storage medium of the input terminal.

According to the present invention, since the first key is left only in the portable storage medium in a form separated from the original data, the key is visualized and only the key needs to be managed, so that the management becomes easy.
Here, the portable storage medium includes a portable storage medium that can be separated from the input terminal. For example, a storage medium using an EEPROM such as a USB memory, an SD card, a flash memory, or a smart memory, a storage medium using a hard disk drive, a CD- R, CD-RW, DVD, flexible disk, etc. are also included.

According to a sixth aspect of the present invention, in the handwritten character input processing system according to the fifth aspect, the portable storage medium is a USB memory.
According to the present invention, if it is a USB memory, the storage medium is compact, security can be further enhanced by a password, and a program for automatically performing processing can be stored.

  According to a seventh aspect of the present invention, in the handwritten character input processing system according to any one of the first to sixth aspects, the input terminal uses a third portion of the extracted image data in the image file. The gist of the present invention is that image data encryption means for encrypting with the key is further provided.

According to the present invention, since the image data is encrypted, the contents of data unnecessary for processing are not disclosed to the management computer.
In the invention according to claim 8, in the handwritten character input processing system according to any one of claims 1 to 7, the input terminal sequentially receives a plurality of image files in which the file names are encrypted. Storage means for storing in a folder of the storage means of the input terminal, re-sort means for rearranging the order after sharing the time stamps of a plurality of image files stored in the folder, and managing the re-sorted image files The gist of the invention is that it includes image file transmitting means for transmitting to a computer.

  According to the present invention, there is no possibility that the time series relationship of file generation is known from the time information based on the time stamp, and the paper before cutting is estimated, and higher security can be ensured.

  According to a ninth aspect of the present invention, in the handwritten character input processing system according to the seventh aspect, the processing terminal receives only the image data of the received image file from the receiving means for receiving the image file from the management computer. Decoding means for decoding with the key of the key and storing only in the volatile storage medium, display means for displaying the decoded image data, and receiving character input from the operator corresponding to the displayed image as character data A character input means for storing; an erasing means for erasing image data corresponding to the character data input from the character input means; the input character data is encrypted with a fourth key; and the received image file Character file generation means for generating a character file with the same file name as The gist of the door.

  According to the present invention, an image related to an image file is decoded to the minimum necessary and does not remain as a record. Further, since the character data is immediately encrypted, security is maintained not only at the processing terminal but also at the processing terminal itself.

  According to a tenth aspect of the present invention, in the handwritten character input processing system according to any one of the third to sixth aspects, the management computer receives an image file transmitted from the input terminal, and A processing terminal code or an operator for identifying a processing terminal having a job request that is a request for a reading process from the processing terminal, comprising an image file database for decrypting and storing a part of the file name with the second key. An operator code to be identified is stored together with the file name of the image file requested to be processed, and a processing request history file is stored for storing which image file is requested to be processed to which processing terminal or operator. Unprocessed data receiving means for receiving a processing terminal code from either of the processing terminals. Alternatively, a deduplication unit that refers to the processing request history file and excludes an image file that has already been transmitted to the processing terminal or the operator by a job request transmitted together with the operator code, and an image file from the image file database. A gist is provided with unprocessed data processing request means for selecting and requesting an image file to be processed by a selecting means for selecting according to a predetermined standard with reference to a character string indicating an attribute included in the name. .

According to this invention, objective data with higher reliability can be obtained by appropriately requesting different operators for processing.
In the invention described in claim 11, in the handwritten character input processing system according to claim 10, in the unprocessed data processing request means, a predetermined criterion for requesting processing of an image file is a character input included in the job request. The gist is to make the type of restriction one of the criteria.

  According to this invention, restrictions on character input, for example, characters such as age and 〒 numbers are restricted to Arabic numerals only, alphabets only, or difficulty of characters such as katakana and kanji are divided into operators. It is possible to make this process appropriate for the skill / knowledge level.

  According to a twelfth aspect of the present invention, in the handwritten character input processing system according to any one of the first to eleventh aspects, the management computer receives a character file transmitted from the processing terminal. When the file name is the first file received by the management computer by referring to the database and the file name of the character file received from each processing terminal when the character file is transmitted from the processing terminal, the character data is Generate a verification list to be stored together with the processing terminal code or operator code, compare the character data related to the same character file, and if the number of matching character data matches the specified number or more, the input character data Is stored in the transmission file as valid data and the processing terminal related to the character data is stored. It is summarized as further comprising a verification means for recording the operator to an operator database.

According to the present invention, by providing the verifying means, it is possible to automatically determine the reliability of the data and increase the reliability of the data.
According to a thirteenth aspect of the present invention, in the handwritten character input processing system according to the twelfth aspect, the management computer decrypts the comparison of the character data even when the character data is encrypted in the verifying means. The gist is to compare the encrypted character data without any problem.

  According to the present invention, the management computer can perform verification processing without disclosing any contents at the image data stage or the character data stage, so that extremely high security can be ensured.

  In a fourteenth aspect of the present invention, in the handwritten character input processing system according to the twelfth or thirteenth aspect, the predetermined number of the verification means is 3, the verification list includes a pair flag, and any of the processing When a character file is transmitted from the terminal or the operator, if there is no verify list with the corresponding file name, a verify list is generated, the verify list with the corresponding file name exists, and the same character data is In some cases, if the pair flag is not set, a pair flag is set for the character data and the matching character data, respectively, and if the verify list of the corresponding file name exists and the same character data exists, the pair flag is set. Is set, the input character data and the pair flag are set. And summarized in that the character data valid.

  According to a fifteenth aspect of the present invention, in the handwritten character input processing system according to any one of the twelfth to fourteenth aspects, the verification means processes an image file having the same file name as the input character file. The gist is to stop the verifying process of the verifying means when the number of requests reaches a predetermined limit.

  According to the present invention, in the case of hard-to-read, it is possible to improve the reliability of data by not making it forcefully effective data.

  According to the handwritten character input processing system of the present invention, when a large number of persons process the handwritten characters of a document related to personal information that should be kept confidential, the data is processed in parts and parts respectively. In addition, it is possible to proceed with processing while maintaining the confidentiality of information by performing encryption and decryption in multiple stages.

(First embodiment)
Hereinafter, an embodiment of a handwritten character input processing system embodying the present invention will be described with reference to FIGS.

(Outline of the Invention)
First, prior to detailed description, an outline of a handwritten character input processing system according to the present invention (hereinafter sometimes abbreviated as “the present system”) will be described. FIG. 1 shows the overall configuration of the present system. This system is a system for converting a large number of handwritten character sheets S into digital data that can be processed by a computer.

  As hardware constituting this system, first, handwritten paper image data (for example, JPEG data, in the case of “image data” in this application, “file name” of the “image file”) at the company that wants to request processing. A plurality of clients 2 which are input terminals for inputting data via the image scanner are connected to the Internet 4. In addition, character data (for example, text data or “character data” in the present application is referred to as “character file”) which is digital data that can be actually processed by a computer when an operator (operator) visually observes the input image data. Among them, a plurality of entry computers 3 as processing terminals for key-in are also connected to the Internet 4 as data constituting content itself excluding “file name”.

A data center 1 that is a management computer that manages the client 2 and the entry computer 3 via the Internet 4 is also connected to the Internet 4.
In such a hardware configuration, processing is performed in the following procedure. First, the image data (one sheet data) of the paper S is input from the image scanner 26 (see FIG. 2) of any client 2. As a result, the character area CA (part data) is immediately extracted, and a paper identification ID that identifies the original paper S that has been cut out (here, when simply referred to as “ID” in this application, it is the only unique identification that identifies the attached paper S). An attribute including an “ID code (identification code)” composed of a character string (the same applies to other IDs) is recorded as a file name. For each image file (part data), the first key is a character string of the file name including the paper identification ID, the second key is the character string of the other file name, and the third key is the image data (content). Are encrypted respectively. A part of the encrypted image file is decrypted with the second key in the data center 1, and the most appropriate entry computer 3 is selected from the decrypted attribute information. Then, the file name is encrypted again with the second key to the selected entry computer 3 and the process is requested. The character area CA is displayed by the third key on the display device 33 of the entry computer 3. Characters are visually recognized by the operator of the entry computer 3 and input from the keyboard which is the input device 34. When this character data is immediately encrypted with the fourth key, it is delivered via the data center 1 to the client 2 to which the image data has been input. The client 2 restores the paper S input from the first key and the second key, and outputs it as character data using the fourth key.

  The first key is encrypted, stored in the USB memory 28 (see FIG. 2), and deleted from the client 2 terminal. The USB memory 28 is physically separated from the terminal and stored in a place such as a safe. The restoration of the sheet S is impossible without the sheet identification ID stored only in the USB memory 28. That is, by managing the first key, which is digital data, as a tangible object such as the USB memory 28, the first key can be visualized and managed easily and reliably. As a result, for the first time, the administrator of the client 2 can safely perform processing outside the company.

  As described above, according to the present invention, when a large number of humans process a handwritten character on a sheet of personal information that should be kept confidential, requested by a client, the data is divided into multiple stages according to each process. It is possible to proceed with processing while maintaining the confidentiality of information by encrypting and decrypting.

Next, a detailed configuration of the handwritten character input processing system will be described.
(overall structure)
As shown in FIG. 1, the client 2 is connected to the data center 1 via the Internet 4. The data center 1 is connected to the entry computer 3 installed in the entry center 37 via the Internet 4 via a hub (HUB). Moreover, not only the entry center 37 but the single entry computer 3 installed in SOHO (Small Office Home Office) 1, SOHO2 ..., etc. may be sufficient. Here, the entry center 37 will be mainly described.

The basic configuration of this system is constructed as a server client system in which the data center 1 is a server computer and the client 2 and the entry computer 3 are clients. Each of them is configured to be able to transmit / receive by HTTP (Hyper Text Transfer Protocol) or FTP (File Transfer Protocol) by a TCP / IP protocol. However, the client 2 has a client application program (hereinafter abbreviated as “CAP”), and the data center 1 has a server application program (hereinafter abbreviated as “SAP”) and an entry. The computer 3 is installed with a dedicated program called an entry application program (hereinafter sometimes abbreviated as “EAP”), which will be described in detail later.
(client)
The client 2 is a computer terminal of a company that needs to process a large amount of paper S as paper information. Examples of this form S include those that require a self-filled entry in order to support the person's intention confirmation, such as non-life insurance and life insurance application forms, loan application forms, and various contracts.

  As shown in FIG. 2, the client 2 includes a CPU (Central Processing Unit) 21, a gateway 22 connected to the Internet 4, a display device 23 including a liquid crystal display, and an input device 24 including a keyboard. In addition, a storage device 25 that is a storage means including an HDD (Hard Disk Drive), an image scanner 26 that optically reads paper, a USB (Universal Serial Bus) 27 that is an interface with an external device, and the like are connected thereto. A USB memory 28 which is a portable storage medium.

The storage device 25 stores the following various programs and data.
The program file 25d stores a program constituting a client application program (CAP) as shown in FIG. Specifically, one includes a sheet reading control program that causes the CPU 21 to function as a sheet scanning unit to generate one sheet data. In addition, a coordinate cutout program for causing the CPU 21 to function as cutout means and generating part data is included. Furthermore, a part data encryption / decryption program that causes the CPU 21 to function as a file name encryption unit and an image data encryption unit is included. Further, it includes a compression / decompression program (archiver such as ZIP (registered trademark of PKWare)). An FTP file transfer program that causes the CPU 21 to function as an image file transmission unit is included. Then, a program such as an OS (Operation System) of a system that comprehensively manages the program as CAD is stored.

  The plain folder (Plain Folder) 25a stores the image file of the entire sheet S (hereinafter referred to as “one sheet data” as appropriate) in plain text without encryption. The one sheet data is obtained by controlling the image scanner 26 according to a predetermined procedure according to, for example, TWAIN (Tool Without An Interesting Name) of the sheet reading control program, and the scan data obtained by scanning the sheet S is the plain folder 25a as a JPEG format flat image. I remembered it. In addition to the paper scan input by the paper reading control program, the attributes of the paper S to be scanned are input with a keyboard or a mouse, and the file name consisting of “client ID, branch ID, department ID, paper ID, paper specific ID” is input. Is granted.

  The scan data (one sheet data) stored in the plain folder 25a can be used as a paperless system satisfying legal requirements as original data of a “legal document storage record file” having a resolution of 300 dpi, for example. Further, it can be used as original data for collation when there is a doubt after digitization of handwritten characters. However, this step is optional and may be omitted.

  In the cipher folder 25b, the character area CA is extracted as part data from the one-sheet data read by the CPU 21 by the coordinate cutout program and renamed, and the cipher folder 25b is stored by the part data encryption program.

In the setting folder 25c, initial setting data such as the type and size of input paper and the coordinates of characters to be cut out as part data are stored in advance.
In the character file reception folder 25e, the character file received from the data center 1 is stored after the character data is decrypted.
(Data center 1)
As shown in FIG. 4, the data center 1 includes a CPU 11, a gateway 12 connected to the Internet 4, a display device 13 including a liquid crystal display, an input device 14 including a keyboard, and a storage device which is a storage unit including an HDD. 15 is provided.

The storage device 15 stores the following various programs and data.
As shown in FIG. 5, the program file 15a stores a program constituting a server application program (SAP). First, it includes a compression / decompression program. Also included is a database management program for registering input data in the database by causing the CPU 11 to function as unprocessed data receiving means. Further, an unprocessed data processing request program for requesting processing of unprocessed data by causing the CPU 11 to function as a deduplication unit, a selection unit, and an unprocessed data processing request unit is also included. Further, a verify program for causing the CPU 11 to function as verify means is also included. It also includes an encryption / decryption program for decrypting / encrypting the file name of part data. Furthermore, a file transfer program by FTP is included. Then, a program such as an OS (Operation System) of a server system that manages the program as an SAP in an integrated manner is stored.

A client DB (database) 15b shown in FIG. 6 is a relational database in which company information and authentication information of each client, the number of processes, the charge amount, and the like are stored in an integrated manner.
The operator DB 15c is a relational database in which personal information, authentication information, the number of processing, evaluation, payment amount, etc. for managing the operator are integratedly stored for each operator (operator) who operates each entry computer 3. .

The image file DB 15d stores and manages an image file of unprocessed part data transmitted from each client 2 for each folder.
The number-of-requests file 15e stores information indicating how many operators of the entry computers 3 can process unprocessed image files.

The processing request history file 15f (FIG. 22) records the history of requesting an unprocessed image fill of which file name to the operator of which entry computer 3.
The verify list 15g stores a file name, an operator ID, character data, a pair flag, and a valid flag in order to determine which character data processed by the entry computer 3 is valid.

The obfuscation list 15h is a folder for storing image files that could not be verified.
In the character file DB (database) 15i, the character file before verification transmitted from the entry computer 3 is stored for each folder.

In the transmission folder 15j, a character file that has been validated after being verified is stored and stored in a folder for transmission to a predetermined client 2.
(Entry Center)
A large number of entry computers 3 are connected to the entry center 37 via a hub 36 via a LAN. However, actual processing is performed by any one of them. Each entry computer 3 performs processing by the CPU 31. The gateway 32 includes a router and a firewall (not shown), and is an interface through which any entry computer 3 is identified and communicated with the data center 1 via the Internet 4.

  In addition, a display device 33 including a liquid crystal display for displaying an image of part data, an input device 34 including a keyboard for inputting character data, and a storage device 35 serving as storage means including an HDD are provided.

  As shown in FIG. 7, the program file 35a of the storage device 35 stores an entry application program (EAP) for functioning as the entry computer 3. The EAP includes a compression / decompression program that performs compression and decompression. Further, the CPU 31 functions as a receiving unit, a display unit, a character input unit, a character file generation unit, and an erasing unit to request a job from the data center to acquire / display image data and input character data. Includes character input program. In addition, an encryption / decryption program for decrypting the image file and encrypting the character data by causing the CPU 31 to function as the image file decryption unit and the character data encryption unit is included. Furthermore, a file transfer program by FTP is included. Then, an OS (Operation System) program as a client computer that manages the above program as EAP is stored.

Further, the storage device 35 shown in FIG. 9 includes a program and a storage area for processing and storing data (not shown).
(Processing procedure of this handwritten character input system)
Next, processing of the handwritten character input processing system configured as described above will be described.

FIG. 8 is a flowchart showing a typical processing procedure of this system, and the main routine of this system will be described along this flowchart.
(Client registration S1)
First, client registration is first performed in the data center 1 (S1). FIG. 9 is a flowchart showing in detail the client registration (S1) procedure. In the client registration (S1), first, any one of the clients 2 (in this stage, it is exactly “a terminal to be the client 2”, but here “client 2” for convenience) is the data center 1 on the web. The data center 1 registers predetermined information (S101). Specifically, the client 2 accesses the data center 1 having a predetermined URL (or IP address) through a web browser. The data center 1 uses CGI to receive information from new clients using the https protocol (name, branch name, department name, postal code, address, telephone number, e-mail address, client terminal IP address, MAC address, person in charge) Etc. ID, password). These data are registered in the client DB 15b of the data center 1.

  Then, the client 2 downloads the client application program (CAP) shown in FIG. 3 and installs it in the program file 25d of the client 2 (S102). Next, the client 2 performs initial setting by the CAP OS and stores the contents in the setting folder 25c of the client 2 (S103). The settings stored in the setting folder 25c are automatically read when the client 2 is activated, and the initial setting of the CAP is made.

  The data center 1 authenticates the completion notification of the initial setting from the client 2, and after the authentication, the client ID, branch ID, department ID, and person in charge for the registered client company, branch, department, and person in charge. A person ID is given. This completes registration of the personal ID (S104).

(Client data input process S2)
When the client registration at the data center 1 is completed, the client data input process S2 of FIG. 8 becomes possible. When a sheet S to be processed by the client 2 is generated, a client data input process is performed (S2). FIG. 10 shows the procedure of the client data input process (S2) in detail.

    <Input Paper Setting> In the client data input process (S2), first, is performed. Here, the size of the sheet S input from the image scanner 26 shown in FIG. 2, for example, the A4 size is determined. Key input may be performed, or automatic detection from the image scanner 26 may be performed.

  Next, the input paper S is scanned and input as a sample, and the coordinate cutout program of the client application program (CAP) (FIG. 3) displays the image on the display device 23.

  Here, FIG. 11 shows an example of the paper S displayed on the display device 23. The sheet S includes a character area CA1 for handwriting a name, a character area CA2 for handwriting an address, a character area CA3 for handwriting a telephone number, and the like. To register the character area, click the position of the coordinates (x1, y1) displayed on the screen with the mouse and drag to the position of the coordinates (x2, y2) to release. Then, an item name, for example, “name” is key-input on a screen (not shown) in this character area. Similarly, the character areas CA2 and CA3 are respectively designated as ranges, and item names such as “address” and “telephone number” are key-inputted. The CAP stores the coordinates and names input in this way. At this time, a part ID code is assigned to each of the character areas CA1 to CA3 such as “0001”, “0002”, and “0003”. In addition, an input restriction can be added to the character area. For example, if a character other than numbers, hyphens, and parentheses is entered as a telephone number, an error is assumed. In addition to the examples illustrated above, in “Reading”, an input other than katakana and a specific symbol is regarded as an error. This input restriction is given a “restriction code” in order to perform input restriction at the time of character input performed later. The character type is also referred to when selecting an image file to be requested in the case of a job request to be described later.

  Also, register the paper with a name such as “Application Form”. This name is given a unique paper ID consisting of, for example, an 8-digit character string from CAP. When the same paper is input next time, the CAP enables the input paper setting (S201) simply by displaying and selecting it as a registered candidate in the input paper setting (S201). This completes the input paper setting (S201).

    <Paper Scan> Subsequently, the input paper S is set in the auto sheet feeder ASF (not shown) of the image scanner 26, and the paper is continuously scanned and read by the CAP paper reading control program (S202).

    <One Sheet Data Creation> One sheet data in JPEG format is created for each sheet S read in this way (S203). Each one sheet data is given a file name by a unique character string. As shown in FIG. 25, this file name has a file ID having a paper ID for specifying the type of paper S and a paper ID for specifying each paper S as attributes in addition to the client ID, branch ID, and department ID. It is reflected in the name. Each of these IDs is given a predetermined number of characters, for example, eight characters, and is used as a file name as a series of character strings. Since each ID is encoded, it is impossible to determine which client's document is based on a character string unless there is a table owned by a data center or the like. The one sheet data is stored in the plain folder 25a of the client 2.

    <Part Data Creation> Subsequently, the CAP activates a coordinate cutout program, cuts out image data in accordance with the coordinates of the character area CA set in advance in the input paper settings, and renames the file name. In this rename, a part ID, which is a code indicating an item name, is further added to the previously assigned file name. The part ID is a coded item name, but in this embodiment, the character input restriction information of this item is further coded and given as a restriction code. Therefore, by looking at the restriction code, it is possible to determine input restriction information that allows the input of only numbers, such as a telephone number, simply by looking at the file name. As shown in FIG. 25, the part ID and the restriction code are arranged in the order of the restriction code and the part ID between the paper ID and the paper identification ID (see FIG. 25). In this way, an image file of part data in JPEG format is created (S204).

    <Encryption of image data with third key> Subsequently, the CAP part data encryption / decryption program is activated, and the image data (JPEG image) is encrypted without changing the part data file name. (S205). Encryption includes, for example, DES (Data Encryption Standard). A method using a secret key (shared key) such as AES (Advanced Encryption Standard), 3-DES, MISTY1, IDEA (International Data Encryption Algorithm), or FEAL (Fast Data Encipherment ALgorithm) can be employed. The encryption key used here is hereinafter referred to as a “third key”.

    <Encryption of File Name with First Key> Next, encryption of the file name with the first key is performed (S206). As described above, the attribute of the part data, that is, the origin of the sheet S, the sheet ID that identifies the type of the sheet S, the sheet identification ID that identifies each sheet S, and the input are restricted. A part ID for specifying which item (character area CA) data is included (see FIG. 25). If the operator of the entry computer 3 is malicious and the image file used for input is collected and the paper identification ID and part ID are analyzed, the entire original paper S can be restored.

  On the other hand, if all the file names are encrypted, this paper identification ID is not known, so that the original paper S cannot be restored. However, in the case of character input processing of part data image files at the data center 1 or electronic delivery to the client 2, identification cannot be made without knowing the client. For example, when the data center 1 receives from the client 2 Management becomes extremely complicated, such as adding a character string to be separately identified.

  Therefore, in the present invention, the character string indicating the attribute in the file name is divided into a character string portion including the paper identification ID (in this example, only the paper identification ID and the part ID) and other character string portions. Encrypt with different keys. In this case, the key that encrypts the character string of the paper identification ID is called a “first key”, and the key that encrypts the other character string is called a “second key”.

  The file name before encryption is a predetermined number of character strings, each of which is a continuous character string in the order of client ID, branch ID, department ID, paper ID, restriction code, part ID, and paper specific ID. Yes. In the encryption, a portion having a predetermined number of characters in the character string is divided to specify a portion to be encrypted with the first key and a portion to be encrypted with the second key. When the character string encrypted with the first key is specified, the portion is once converted into binary data and encrypted with the first key by, for example, DES.

  Also, in this encryption, when the original character string is converted to binary data, and this binary data is encrypted and replaced with a character string again, control codes such as `` \ '' `` / '' ``: '' `` * '' ``? '' May include "" "" <""> "" "|" ". Since these control codes cannot be used for file names, when these control codes are obtained after encryption, processing is further performed to transfer them to character codes that are not control codes. This transfer avoids the disadvantage that the control code becomes the file name. That is, a file name encrypted by a character set consisting of character codes not including a control code is attached. Of course, also in the case of decoding, the character code once transferred is returned to the character code of the original control code and decoded as binary data.

    <Encryption of File Name with Second Key> When encryption with the first key is completed, encryption with the second key is performed (S207). The procedure is the same as S206 in which encryption is performed using the first key, except that the character string to be encrypted is different. Note that the character string encrypted with the second key may not be used for the same key, and may be further divided. That is, a plurality of second keys may exist.

  As described above, the data is divided into the file name and the image data in the client 2, and the file name is further divided and encrypted. Therefore, it is possible to proceed with the processing while maintaining the confidentiality of the information by encrypting and decrypting the data in multiple stages according to the processing for each part. In particular, personal information that is strictly regulated by the Personal Information Protection Law, such as this embodiment, for example, data entry work of characters such as handwritten contracts and applications, etc. I will not disclose it in any way possible. In addition, it is possible to safely process not only the inside of a company that has been entrusted with a series of operations such as data input and verification, but also outside contractors.

    <Write> As described above, the encrypted image file is written and stored in the cipher folder 25b (S208). Until all reading processes are completed (S209; NO), the procedure of S202 to S208 is repeated. When all reading processes are completed (S209; YES), the client data input process (S2) is ended.

Subsequently, as shown in FIG. 8, the client 2 transmits data to the data center 1 (S3).
(Data Transmission from Client to Data Center S3) FIG. 12 is a flowchart showing details of the data transmission procedure. First, image files stored in the cipher folder are put into one folder in an arbitrary processing unit.

    <Time Stamp Reset> By the way, in the client OS of this system, when a file is created, data indicating its attribute is automatically given. Among them, there is a time stamp which is data recording the creation date of the file. This time stamp is usually useful, but in this system, it is effective to collect the image files in the folder in chronological order from the creation time and analyze the relationship between the part data to restore the document contents. In order to prevent this, the time for creating the image file is recorded. More specifically, the time is reset to zero without changing the date of the time stamp (S301).

    <Resort> Subsequently, the CPU 21 functions as a resort unit, and resorts the image files in order of names (S302). At this time, since the file name is encrypted, it is a random character string. By sorting in the order of the character strings, the order becomes random, and the original order is unknown. Therefore, it becomes impossible to link with other part data, and the original paper S cannot be restored.

This folder is compressed by a CAP compression / decompression program and a password is applied (S303).
Then, the CAP file transfer program accesses the data center 1 to request authentication (S304), and when mutual authentication is successful, data is transmitted (S305).

  (Data Processing in Data Center S4) Next, data processing (S4) in the data center 1 in FIG. 8 will be described. FIG. 13 is a flowchart showing in detail the procedure of data processing (S4) in the data center 1. Data is received according to the procedure shown in FIG. 8, S3 (S401). At this time, in the data center 1, the folder is decompressed and expanded by the compression / decompression program of the server application program (SAP) shown in FIG. 5, and the received image file is stored in the image file by the encryption decryption program using the second key. Decrypt part of the file name. And it memorize | stores in image file DB15d. Here, FIG. 19 is a diagram conceptually showing the stored contents of the image file DB 15d before decoding. The file name of the image file stored here is partially decrypted, and as shown in FIG. 25; S401, the client ID, branch D, department ID, paper ID, and restriction code are stored in plain text, and the part ID, paper The specific ID remains encrypted. Then, the restriction code is referred to according to the job request, and an image file that meets the conditions of the operator, for example, the input of only numbers, the input of kanji mixed text, the input of English text, etc. is extracted.

Subsequently, the data center 1 waits for a job request that is a request for handwritten character reading processing from any of the entry computers 3.
When there is a job request from any of the entry computers 3 (S402), the entry computer 3 is first authenticated by referring to the operator DB (S403). If the authentication is successful, data to be transmitted is selected (S404).

<Transmission Data Selection> FIG. 14 is a flowchart showing the transmission data selection procedure (S404) in more detail.
First, in response to a job request, a step of selecting an unprocessed image file from the image file DB 15d is executed. At this time, based on a predetermined standard, for example, first-in first-out principle, the data stored earliest is selected and extracted (S4041).

  The data center 1 includes a processing request history file 15f that stores which image file is requested to be processed by which operator. Here, FIG. 22 is a diagram conceptually showing the processing request history file 15f. The processing request history file 15f stores an operator ID indicating the operator who requested the image file having the same file name. In addition, a collection flag is set for those for which processing has ended. Since the job request is made together with the operator ID, it is determined whether or not the extracted image file is an image file for which processing has been requested to the operator who has already requested the job by referring to the processing request history file 15f. To do. If the image file has already been requested to be processed, the processing request is canceled and another image file is extracted. On the other hand, if the image file has not yet been requested for processing, the image file is requested for processing. The CPU, which is a deduplication unit, executes a deduplication step, which is a check for duplication by the operator (operator) by such a procedure (S4042).

  Subsequently, a process requestable person number check is performed (S4043). FIG. 21 is a diagram conceptually showing the contents of the requested number of people file 15e. Here, the requested number f indicates the upper limit of the number of persons who can newly request processing of the file name. If processing is requested to the number of persons exceeding this upper limit, there is a possibility that a wasteful request may be made to an operator that is not required for verification. The requested number of people file 15e requests a plurality of operators to process an image file having the same file name for the verification process, but an unnecessary process request after the verification is completed is wasted. Therefore, here, the number of coincidence valid in the verification is “3”. If an image file has not been requested for processing at all, processing is requested to three people at the same time. If the three match, verification is completed, but in this case, processing is not wasted. Therefore, the requested number f = 3 (person). On the other hand, if even one person is requested to process, the requested number f = 2 (person). Further, when the pair flag is set in the verify list 15g, there is a possibility that valid character data may be determined by one person, so the number of requested persons is f = 1 (person). Of course, since no new process is requested after valid character data is determined, the number of requests f that can be newly requested is f = 0 (person). In FIG. 21, the number of requested persons is indicated by f.

  That is, when there is a job request, if the requested number file is the requested number f = 0 (person), it means that a new process cannot be requested, so that image file is deleted and another image file is obtained. Select again.

  When the checks in S4042 and S4043 have been completed, the processing is requested to the entry computer 3 of the operator who has requested, and the processing request history is stored in the processing request history file 15f (S4044). This is the end of the transmission data selection procedure (S404).

  (Data transmission from the data center to the entry center S5) Returning to the flowchart of FIG. 8, when the transmission data selection procedure (S404) is completed, the data processing (S4) at the data center is completed, and the entry computer 3 of the corresponding operator is sent. The corresponding image file is transmitted (S5). At this time, the data center 1 encrypts the file name again with the second key (see S5 in FIG. 25). This is because the entry computer 3 transmits the already selected file name, and it is not necessary to know the attribute when the process proceeds.

Here, each image file is determined one by one, but needless to say, the processing unit may be determined in units of a plurality of image files collected in a folder.
(Processing at Entry Center S6) Subsequently, data processing is performed at the entry center 37 as shown in FIG. 8 (S6). Here, FIG. 15 is a flowchart showing in detail the procedure for data processing in the entry center 37. When the entry computer 3 of the operator who requested the job at the entry center 37 receives the data (S601), the file is decompressed by the compression / decompression program of the entry application program (EAP) shown in FIG. Subsequently, the image data of the image file is decrypted on a RAM (volatile storage medium) (not shown) in the entry computer 3 as shown in FIG. 25; S602 using the third key by the encryption / decryption program ( S602). The third key is a key that the data center 1 does not have, and the image of the image file cannot be viewed at the data center 1. The decoded image is displayed on the display device as an image of part data by the activated display / character input program (S603). Then, the entry computer 3 waits for the operator to visually observe the image, read the character, and input from the keyboard as the input device 34 (S604, S605; NO). If a character is input and the ENTER key is pressed, the input is completed (S605; YES), and the input text data is generated with the same name as the file name of the image file displayed on the screen at that time (S606). At this time, the file name of the image file is encrypted, but this text file is also used as the file name in the encrypted character string (FIG. 25; S606). Then, the image file displayed on the screen is completely erased from the memory (S607), and the image file does not remain in the entry computer 3 including the backup.

  Next, in the encryption / decryption program, the text portion of the text data is encrypted with the fourth key as shown in FIG. 25; S608 (S608). The encrypted text data is collected in a folder, compressed by a compression / decompression program, and sent to the data center 1 by FTP using a file transfer program. After the transmission, the text data on the memory is deleted (S610). That is, in the entry computer 3, data temporarily stored at the time of processing is completely erased including image data and text data including the backup and buffer memory when processing is completed, thereby improving security.

  (Data transmission from entry center to data center S7) In the flowchart of FIG. 8, when data is transmitted from the entry center 37 to the data center 1 (S7), the data center 1 performs data such as verification, charging, and payment processing. Processing is performed (S8).

  (Data Center Processing S8) FIG. 16 is a flowchart showing in detail the data processing procedure (S8) in the data center 1. First, when a character file is received from the entry computer 3, it is stored for each folder in the character file DB 15i (FIG. 20) (S801). Subsequently, the collection flag of the processing request history file 15f is updated (S802). Next, a verify process is performed (S803).

    <Verify Processing> The verify processing is a method of estimating input data having a predetermined number of characters as correct characters based on the principle of majority decision. In the present embodiment, it is assumed that the data is valid when “three” are prepared first.

  FIG. 17 is a flowchart showing in detail the procedure of the verify process (S803). In the data center 1, when a character file is received, the SAP verification program is called to search for a verify list having the same file name as the received character file (S8031).

  As for the verify list 15g, as shown in FIG. 23, one verify list 15g is created for one file name. Then, the history received together with the operator ID is recorded, and the respective character data (encrypted text) is compared. When the character data of the newly input character file matches the character data of the character file recorded so far, a pair flag is set in the character file of the character data. Further, when the pair flag is already set in the character file of the matched character data, since the same three character data are prepared, the character data becomes valid character data.

  If there is no verify list having the same file name as the received character file (S8032; NO), a new verify list 15g is created (S8033), and since the maximum matching number S = 1, the requested number of persons f = Is set to 2 (S8035).

  On the other hand, when there is a verify list 15g having the same file name as the received character file (S8032; YES), it is further determined whether there is matching character data (encrypted text data) (S8034). If there is no matching character data (S8036; NO), the maximum number of matches S = 1, so the requested number of people f = 2 is set (S8035).

  When there is a verify list 15g having the same file name as the received character file (S8032; YES), it is further determined whether there is matching character data (encrypted text data) (S8034). When there is matching character data (S8036; YES), it is determined whether a pair flag is set in the character file of the corresponding verify list (S8037). If the pair flag is not set (S8038; NO), a pair flag is set for the character file having the same character data as the received character data (S8039). At that time, the maximum number of matches S = 2 and the requested number of people f = 1 is set (S8040).

  On the other hand, it is determined whether or not the pair flag is set (S8037). When the pair flag is set (S8038; YES), the same three character data are prepared, so that the pair flag is set with the received character file. A valid flag is set with valid character file as valid data (S8041). Then, the corresponding file name in the requested number of people file 15e is deleted (S8042).

  In the flowchart of FIG. 16, when the verify process (S803) ends and there is valid data (S804; YES), the corresponding image file is deleted from the image file DB 15d (S805). In addition, the operator who transmits valid character data to the operator DB 15c with reference to the verify list 15g is recorded, and the character data is stored in the transmission folder 15j (S806). Thereafter, the verify list 15g is deleted (S807). Further, the client 2 that sends the data by partially decrypting the file name of the character file with the second key is confirmed and stored, and thereafter, all are encrypted again (see FIG. 25; S807). When the above processing is completed, it is transmitted to the client in a folder of a predetermined processing unit (S808).

  If there is no valid data in the verification process (S803) (S804; NO), it is determined whether the processing request has been made a specified number of times (S809). The specified number of times is, for example, 10 times. If there is no valid character data exceeding this specified number of times, the interpretation results are scattered, so even if you select the valid character data by overworking the number of times, the data reliability is low It can be said. Therefore, when the specified number of times of processing has been requested (S809; YES), the image file in the image file DB 15d is erased as a character that is difficult to read, moved to the obfuscation list 15h (see FIG. 24), and re-read by a highly skilled operator. Or return it to the client as it is to make a decision (S810). In addition, the data of the corresponding file names in the request number file 15e, the processing request history file 15f, and the verify list 15g are deleted (S811).

  If there is no valid data (S804; NO), and the specified number of processing has not been requested (S809; NO), the operator can access the processing request for that number of people according to the value of the requested number of people f in the requested number file 15e. If there is, a processing request is sent to a non-overlapping operator (S812).

(Electronic Delivery S9) When the data processing in the data center 1 shown in FIG. 8 is completed (S8), electronic delivery is performed from the data center 1 to the client 2 (S9).
(Data Regeneration S10) In the client 2 to which electronic delivery has been performed, the data reproduction (S10) procedure is executed. FIG. 18 is a flowchart showing in detail the data reproduction procedure (S10). First, data is received (S1001). Since the compressed folder is transferred by FTP, it is first decompressed. However, the file names of the data in the decompressed folder are all encrypted (FIG. 25; S807).

  Therefore, the file name is decrypted using the first key and the second key (S1002). Thus, as shown in FIG. 25; S1002, all portions including the paper identification ID and the part ID of the paper S become plain text, and if this data is used, the original paper S can be reproduced.

Subsequently, the encrypted text data (character data) portion is decrypted by the fourth key to become plain text data as shown in FIG. 25; S1002 (S1003).
Then, the data is sorted and restored for each paper S by the decrypted paper identification ID and part ID (S1004). Then, it is converted into a predetermined data format, for example, CSV format and stored (S1005).

(Data flow in the entire system)
Next, processing is performed in the handwritten character input processing system according to the procedure described above. The data transition at this time will be described with reference to FIG.

  First, in the one-sheet data created in S203 of FIG. 10, the file name includes the client ID, branch ID, department ID, paper ID (ID that specifies the type of paper S), and paper specification ID (paper ID) that generated the paper S. IDs for specifying individual sheets S) are arranged with a predetermined number of characters, for example, 8 characters each to form one file name as a whole. The image data in JPEG format is a plain image (an unencrypted image) as it is.

Therefore, the one-sheet data that is an image file in the JPEG format is uniquely specified by the file name including the paper identification ID.
Next, in the part data created in S204, an image of the character area CA of items such as “name”, “address”, and “telephone number” is cut out from the one-sheet data. The file name is a file name in which, for example, eight characters of a character string of a part ID (an ID code for uniquely specifying the extracted item name) is added to the file name of the one-sheet data. Therefore, by combining the paper identification ID and the part ID, the cut image is uniquely specified. A restriction code in which input restrictions such as the character type and the number of characters of the item are coded is also added to the file name.

Subsequently, in S205, the image is encrypted with the third key.
In S206, only the character string of “paper identification ID, part ID” in the file name is encrypted with the first key.

  In step S207, the remaining character string of “client ID, branch ID, department ID, paper ID, restriction code” in the file name is encrypted with the second key. At this stage, all file names and image data are encrypted. In this state, a suitable number of image files are transmitted in a folder in accordance with one processing unit.

  In this embodiment, since it is encrypted as it is and security is maintained even when transmitted over the Internet, the whole may be compressed by, for example, a compression / decompression program for convenience of transmission. It is not necessary to protect the network from VPN (Virtual Private Network).

  Next, a part of the file name is decrypted with the second key in S401 of FIG. This is to allow an appropriate operator to process an appropriate image file with reference to the sheet ID and the part ID. On the other hand, the paper identification ID portion remains encrypted because it is not necessary for processing and is a clue for restoring the paper S.

Subsequently, when transmitting from the data center 1 to the entry computer 3 in FIG. 8, S5, the file name is encrypted again with the second key.
In the image file transmitted to the entry computer 3, only the image is decoded in FIG. 15, S602. The decoded image is stored only in the RAM of the entry computer, which is a volatile memory, and is not stored in a nonvolatile storage medium such as an HDD or an EEPROM including a buffer and a backup. Then, in S606, when the character data is keyed and a text file having plain text data (text data) having the same file name (namely, the cipher text file name) is generated, this image file is alternately deleted. The In the generated text file, the text data portion is encrypted with the fourth key in S608.

In S609, the data is transmitted from the entry computer 3 to the data center 1 in this state, that is, in a completely encrypted state.
The text file is received in S801 of FIG. 16, and the verification process is performed in S803. At this time, the text data is collated as it is. When the processing in the data center 1 is completed, in S808, the file name is once decrypted with the second key, the client ID is confirmed, the transmission destination is confirmed, the accounting for the processing is recorded, and the second is again performed. Encrypt the file name with the key. Then, it is transmitted to the client 2 through the Internet 4 in a completely encrypted state.

The client 2 that has received the data from the data center 1 in S1001 in FIG. 18 completely decrypts the file name with the first key and the first key in S1002, and also decrypts the text data with the fourth key in S1003. To do. After that, the data of the original paper S is reproduced by the paper identification ID and the part ID.
(Effect of embodiment)
Since the handwritten character input processing system of the present embodiment has the configuration as described above, the following effects are obtained.

  (1) Even if an open communication line such as the Internet 4 is used or processing is requested from many operators, an image file cut out from one sheet S is a file indicating image attributes. Since the name is divided into predetermined character strings and encrypted, it is possible to proceed with processing while maintaining the confidentiality of information by performing multi-stage encryption / decryption according to the stage of processing.

(2) Since the ciphertext is not included in the control code, it is possible to avoid an unintentional trouble caused by the file name as the control code.
(3) Since the first key is deleted from the client and only the portable storage medium remains in the character string portion necessary for restoring the paper encrypted with the first key in the file name, the key is visualized. Therefore, management such as physical storage in a safe is facilitated.

  (4) In particular, since the portable storage medium is a USB memory, the storage medium is compact, security can be further enhanced by a password, and a program for automatically performing processing can be stored.

(5) By encrypting the image data, data contents unnecessary for processing are not disclosed to the data center 1.
(6) There is no possibility of guessing the time-series relationship of the generation of the file contained in the folder from the time information based on the time stamp, and higher security can be ensured.

  (7) The image related to the image file is decrypted to the minimum necessary for screen display for key input, and is not recorded. In addition, since the character data is immediately encrypted, security is maintained not only in the entry computer 3 but also in the entry computer 3 itself.

(8) By allowing the same data to be input to a plurality of different operators, objective data with higher reliability can be obtained.
(9) For example, it is possible to perform appropriate processing according to skill / knowledge level by matching characters according to the difficulty level of characters such as numbers, katakana, and kanji.

(10) By providing the verifying means, it is possible to autonomously increase the reliability of data without checking from outside the system.
(11) Since the data center 1 can perform the verification process without disclosing the contents at the image data stage or the character data stage, extremely high security can be ensured.

  (12) Since the verification means has a configuration in which the predetermined number is 3, and the verification list includes a pair flag, verification suitable for the present embodiment can be performed with a simple algorithm.

  (13) If it is impossible to read with a certain processing request, it is stored in an obfuscation list. In the case of obfuscation, the data is not forcibly effective, thereby improving the reliability of the data and reducing the human resources. Waste can be eliminated.

In addition, you may change the said embodiment as follows.
O The hardware and the procedure shown in the flowchart of the above embodiment show typical means and methods as examples, and the present invention is of course not limited to this flowchart. Therefore, even if there is a difference in specific means, order of procedures, etc., it can be implemented with modifications, additions, and omissions without departing from the scope of the claims.

  In the above embodiment, the paper identification ID and the part ID are encrypted with the first key, but only the paper identification ID may be encrypted. However, in this case, since the same ciphertext is obtained with the same paper identification ID, it is preferable to add a character string such as a random number or a pseudorandom number to the paper identification ID for encryption. In this way, even if the same paper identification ID is used, different ciphertext file names are used, and even if the same paper identification ID is used, it cannot be extracted from the folder even if sorted by the file name.

In the client 2, after encrypting in the same manner with the first key, the entire file name including the portion encrypted with the first key may be encrypted.
Further, in the data center 1, for the transmission data selection (S404), after decrypting with the second key, it is encrypted again before being transmitted to the entry center 37, but this encryption is omitted and the file is omitted. The name may be transmitted partially in plain text. Even in such a case, the document cannot be restored unless the portion encrypted with the first key is known. Further, even if it is not encrypted, it is encoded in the present embodiment, so that the client cannot be determined unless there is table data stored in the data center 1.

  Similarly, in the entry computer 3 that has performed character input processing on the file name of the image data partly decrypted, the character file may be sent to the data center 1 without encrypting the file name as it is.

  ○ The file name is not limited to the coded name, but may be the company name as it is. This is because processing can be performed without special table data. In this case, encryption is desirable.

  ○ In the present embodiment, there is a description that processes each image file, but the processing unit may be processed in units of a plurality of image files collected in a folder. Nor.

  ○ In the entry computer 3, the fourth key is not used, the character data is encrypted with the fifth key which is the public key, and the client 2 uses the sixth key which is the secret key corresponding to the fifth key. You may make it decode. In particular, the key management burden is reduced when the entry computer 3 is used by distributed operators such as SOHO.

  In the embodiment shown in FIG. 1, the data center 1 and the entry center 37 are separated from each other on the Internet, and a large number of entry computers 3 are LAN-connected to the entry center 37 by a hub 36. It may be arranged in the entry center 37 and connected to the LAN. By arranging in this way, the data center 1 and the entry center 37 are replaced with the Internet 4 and a closed LAN connection is provided, so that security during data transfer can be enhanced.

  In the embodiment shown in FIG. 1, a computer that further distributes the functions of the data center 1 may be added to the entry center 37. In this case, the computer at the location of the data center 1 may simply be transferred to a computer having a data center function in the entry center 37.

On the contrary, the entry computer 3 may be arranged in the data center 1 of FIG.
In addition, instead of the Internet 4, if a communication such as a public telephone line or a dedicated line is possible, they can be replaced.

  ○ The JPEG format is taken as an example of the image data format, but data such as TIF and GIF is not limited to the format. The character data format is not limited to the text format, and is not limited to various word processors, text editors, and the like.

  In the above embodiment, the entry computer 3 (processing terminal) is identified by an operator ID (operator code). However, if each operator uses a dedicated entry computer 3, the entry computer 3 is used instead of the operator ID. The ID (processing terminal code) 3 may be used for authentication or operator identification.

  In the above embodiment, the entry computer 3 displays the part data, which is visually input and newly inputs a character. However, when the client 2 cuts out the part data, this part is displayed as a well-known OCR (Optical Character). Reader) recognizes the character with the program, sends this data (referred to as “OCR data”) together with the part data to the entry computer, displays it in the character input window in advance, and corrects the character. Data may be input.

Of course, this OCR data can be encrypted and decrypted in the same manner as the part data. With this configuration, the input efficiency can be increased.
Next, technical ideas that can be grasped from the above-described embodiment and other examples will be described below together with their effects.

[Appendix 1]
A sheet of image data input from an image scanner connected to an arbitrary input terminal, including a plurality of input terminals, a management computer, and a plurality of processing terminals. In the handwritten character input processing system for outputting character data as character data from the arbitrary input terminal via the management computer, which is displayed by the operator of the processing terminal and recognizing the character visually. The terminal cuts image data from each of a plurality of character areas specified as positions where characters are previously written in the scanned image data and a paper scanning step of reading the image data of the paper on which characters are written by the image scanner. And a unique file name that indicates the attributes of the image And the file name encryption step of dividing the file name of the extracted image file into predetermined character strings and encrypting each of the divided character strings using different keys, and the file name is encrypted. And a step of transmitting an image file for transmitting the image file to a management computer.

[Appendix 2]
A sheet of image data input from an image scanner connected to an arbitrary input terminal, including a plurality of input terminals, a management computer, and a plurality of processing terminals. A handwritten character input processing system for outputting character data as input from the arbitrary input terminal via the management computer, and allowing the operator of the processing terminal to visually recognize and input the character data, The input terminal is configured to read image data from a paper scanning unit that reads image data of paper on which characters are written by the image scanner, and a plurality of character areas that are specified as positions where characters are written in advance in the read image data. Cutout means to give a unique file name indicating the attribute of the image as well as cutout The file name encryption means for dividing the file name of the extracted image file into predetermined character strings and encrypting each of the divided character strings using different keys, and the image file with the file name encrypted A handwritten character input processing program which functions as image file transmission means for transmission to a management computer.

The figure which shows the whole handwritten character input processing system of this embodiment. The figure which shows the structure of a client. The figure which shows the structure of a client application program (CAP). The figure which shows the structure of a data center. The figure which shows the structure of a server application program (SAP). The figure which shows the structure of an entry center. The figure which shows the structure of an entry application program (EAP). The flowchart which shows the procedure of the handwritten character input processing method of this embodiment. The flowchart which shows the procedure of client registration. The flowchart which shows the procedure of a client data input process. The schematic diagram which shows the character area of a paper. The flowchart which shows the procedure of data communication from a client to a data center. The flowchart which shows the procedure of data processing in a data center. The flowchart which shows the procedure of transmission data selection. The flowchart which shows the procedure of a data process in an entry center. The flowchart which shows the procedure of data processing in a data center. The flowchart which shows the procedure of a verification process. The flowchart which shows the procedure of data reproduction. The figure which shows notionally the memory content of image file DB. The figure which shows notionally the memory content of character file DB. The figure which shows notionally the memory content of a request number file. The figure which shows notionally the memory content of a process request history file. The figure which shows notionally the memory content of a verification list. The figure which shows notionally the memory content of an obfuscation list. The table | surface which shows the transition of the data in the procedure of the handwritten character input processing method of this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Data center (management computer), 2 ... Client (input terminal), 3 ... Entry computer (processing terminal), 4 ... Internet, 11 ... CPU (unprocessed data receiving means, deduplication means, selection means, unprocessed data) (Processing request means, verify means), 15 ... storage device, 15a ... program file, 15b ... client DB (database), 15c ... operator DB (database), 15d ... image file DB (database), 15e ... requested number of people file, 15f ... processing request history file, 15g ... verify list, 15h ... obfuscation list, 15i ... character file DB (database), 15j ... transmission folder (transmission file), 21 ... CPU (paper scanning means, extraction means, file name encryption means) , Image file Transmission means, image data encryption means, storage means, re-sort means), 25 ... storage device, 25a ... plain folder, 25b ... cipher folder, 25c ... setting folder, 25d ... program folder, 25e ... reception folder, 26 ... Image scanner, 28 ... USB memory (portable storage medium), 31 ... CPU (receiving means, decoding means, display means, character input means, erasing means, character file generating means), 33 ... display device, 35 ... storage device 35a ... program file, CA (CA1 to CA3) ... character area, CAP ... client application program, SAP ... server application program, EAP ... entry application program, S ... paper.

Claims (15)

A sheet of image data input from an image scanner connected to an arbitrary input terminal, including a plurality of input terminals, a management computer, and a plurality of processing terminals. A handwritten character input processing system for outputting character data as input from the arbitrary input terminal via the management computer, and allowing the operator of the processing terminal to visually recognize and input the character data,
The input terminal is
Paper scanning means for reading image data of paper on which characters are written by the image scanner;
Cutout means for cutting out image data from each of a plurality of character areas specified as positions where characters are written in advance in the read image data, and giving a unique file name indicating the attribute of the image;
A file name encryption unit that divides the file name of the extracted image file into predetermined character strings, and encrypts the divided character strings using different keys;
A handwritten character input processing system, comprising: an image file transmission unit configured to transmit an image file whose file name is encrypted to a management computer.   2. The handwritten character input processing system according to claim 1, wherein in the file name encryption means, the encrypted ciphertext is a character set made up of character codes not including a control code. In the cutting means, the unique file name indicating the attribute of the image includes a character string including a paper identification ID code which is a character string indicating from which of the plurality of input papers the paper is cut out. ,
The key used for encryption in the file name encryption means includes a first key used for encrypting a character string including the paper specific ID code and a second key for encrypting other character strings. The handwritten character input processing system according to claim 1 or 2.   The handwritten character input processing system according to claim 3, wherein the character string including the paper identification ID code further includes a part ID code indicating from which character area the image data is cut out.   5. The first key is stored in a portable storage medium connected to the input terminal, and the first key storage is erased from the storage medium of the input terminal. The handwritten character input processing system described in 1.   6. The handwritten character input processing system according to claim 5, wherein the portable storage medium is a USB memory. The input terminal is
The handwriting according to any one of claims 1 to 6, further comprising image data encryption means for encrypting a portion of the image data cut out of the image file with a third key. Character input processing system. The handwritten character input processing system according to any one of claims 1 to 7,
The input terminal is
A storage unit that sequentially stores a plurality of image files in which the file names are encrypted in a folder of a storage unit of the input terminal;
Re-sorting means for rearranging the order after sharing the time stamps of a plurality of image files stored in the folder;
A handwritten character input processing system comprising: an image file transmission means for transmitting the resorted image file to the management computer. The handwritten character input processing system according to claim 7,
The processing terminal is
Receiving means for receiving an image file from a management computer;
Decryption means for decrypting only the image data of the received image file with the third key and storing it only in the volatile storage medium;
Display means for displaying the decrypted image data;
A character input means for receiving character input from an operator corresponding to the displayed image and storing it as character data;
Erasing means for erasing image data corresponding to the character data input from the character input means;
Handwriting comprising: character file generation means for encrypting input character data with a fourth key and generating a character file having the same file name as the received image file. Character input processing system. The handwritten character input processing system according to any one of claims 3 to 6,
The management computer is
An image file database that receives the image file transmitted from the input terminal and that stores a part of the file name by decrypting the file with the second key;
The processing terminal code that identifies the processing terminal that requested the job that is the request for the reading process from the processing terminal or the operator code that identifies the operator is stored together with the file name of the image file requested for processing, and any image A processing request history file that stores which processing terminal or operator has requested the file is provided,
Raw data receiving means for receiving the image file;
With a job request sent with a processing terminal code or operator code from any of the processing terminals,
Deduplication means for referring to the processing request history file and excluding image files that have already been transmitted to the processing terminal or operator;
An unprocessed data processing request for selecting and requesting an image file to be processed by a selection means that selects an image file from the image file database with reference to a character string indicating an attribute included in the file name according to a predetermined criterion A handwritten character input processing system characterized by comprising means.   11. The handwritten character according to claim 10, wherein, in the unprocessed data processing requesting means, a predetermined criterion for requesting processing of an image file is one of a character input restriction type included in the job request. Input processing system. The management computer is
A character file database for receiving a character file transmitted from the processing terminal;
When a character file is transmitted from the processing terminal, the file name of the character file received from each processing terminal is referred to. Or generate a verification list to be stored with the operator code,
When comparing character data related to the same character file and the number of matching character data matches a predetermined number or more, the input character data is stored as valid data in the transmission file, and
The handwritten character input processing system according to any one of claims 1 to 11, further comprising verifying means for recording a processing terminal or an operator related to the character data in an operator database. The handwritten character input processing system according to claim 12,
The management computer compares the encrypted character data without decrypting the character data even if the character data is encrypted in the verifying means. . The handwritten character input processing system according to claim 12 or claim 13, wherein the predetermined number of verifying means is three,
The verify list includes a pair flag,
When character data is sent from any processing terminal or operator,
If there is no verify list with the corresponding file name, generate a verify list,
If there is a verify list of the corresponding file name and there is the same character data, if the pair flag is not set, a pair flag is set for the character data and the matching character data,
If there is a verify list with the corresponding file name and there is the same character data, if the pair flag is set, the input character data and the character data with the pair flag set are valid. Handwritten character input processing system. The handwritten character input processing system according to any one of claims 12 to 14,
In the verification means, when the number of processing requests for an image file having the same file name as the input character file reaches a predetermined limit, the verification processing of the verification means is stopped. .

Images