JP2010000663A - Image forming system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow an administrator of an organization to obtain enciphered personal information using a secret key held by the administrator to specify the user of a leakage source and allow the administrator to perform tracking without leaking personal information to the outside by allowing even an outsider to specify the organization of a transmission source of information leakage and notify the administrator of the organization of the transmission source of the tracking information. <P>SOLUTION: Depending on the policy of the organization, among the tracking information, only the portion in connection with desired organization information or personal information is enciphered; a digital watermark is produced from the other information in plaintext form; and both are composed. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an image forming system such as a printing apparatus or a digital multi-function peripheral using a printing method represented by an electrophotographic method.

  In recent years, public awareness of security has increased, and for example, the problem of information leakage typified by outflow of customer information in companies has been recognized as a social problem. In addition, the Personal Information Protection Law has been enforced since 2005, and measures against information leakage are being taken from the legal aspect.

  In view of the above-mentioned social situation, many products that have taken measures against information leakage have been realized in an OA (office automation) environment. As a more general product, there is a product that monitors the exchange of digital data such as e-mail inside and outside the company, and searches for a search for an NG keyword or transmission to an illegal destination on the route. In a so-called IT (Information Technology) environment, all digital data is transmitted via a network, so that the exchange of electrical information can be monitored by the above products.

  On the other hand, with respect to printing apparatuses such as laser beam printers and digital multifunction peripherals, paper media are used as information output destinations. Since information printed on paper is not performed via a network, it is necessary to take measures against information leakage using an approach different from that in the IT environment.

  As a conventional example, a method of storing internally generated image data in a server via a network when executing printing in the above-described printing apparatus or digital multi-function peripheral has been realized. At this time, since the image data is stored together with additional information such as the output user and output date and time, the user can be specified when an information leak is detected. In this case, since all the data printed on the paper medium is once converted into digital data, it is possible to monitor using the above-described products that take into account the information leakage countermeasures in the IT environment.

  However, since the information printed by the printing device or digital multifunction peripheral is the dot level information of the paper medium (200dpi to 600dpi: dpi indicates dot per inch), it becomes very large data. As a result, a problem arises in that the flow rate and disk capacity of the system are burdened, making it difficult to use only by customers who require a very high level of security.

  Therefore, a method has been proposed in which image data is not stored on the server, but additional information such as the user and output date / time output directly on the paper medium itself is directly written. As a method of writing additional information, there are a visible method and an invisible method. The visible method is a method of embedding a pattern that can be visually recognized by a user such as a two-dimensional barcode represented by a QR code. The invisible method is a digital watermark, a watermark, This is a method called steganography, which is recorded in a way that is not easily noticeable by humans. In general, since the pattern is embedded in a part of the image in the visible method, the influence on the entire image is slight. However, since the visible pattern is described in a part of the paper, the pattern is intentionally It has a feature that it is easy to carry out an attack that makes information disappear by deleting. On the other hand, since the invisible method is recorded on the entire paper medium, the influence on the entire image is relatively large. However, even if a part of the pattern is intentionally deleted, it is difficult to delete the information.

  Regardless of the visible method or the invisible method, the information recorded here is information for specifying the organization or the person who printed the document, and for example, the following information is applicable.

Aircraft number:
A unique number assigned to the printing device at the factory. It is theoretically possible for this manufacturer to specify information as to which customer the manufacturer of the device has delivered.

Company / organization name:
This is information for identifying an organization such as a company or a government office where the printing apparatus is installed, and this is set as information for identifying the own organization by the administrator of the printing apparatus. For example, a visible character string such as “XX trading” is recorded.

contact information:
Similarly to the organization name, this is information for identifying the organization, and is set as information for identifying the own organization by the administrator of the printing apparatus. Character strings such as e-mail addresses and telephone numbers are recorded.

Department name:
This is information for identifying the department name in the organization, and is set as information for identifying the own department by the administrator of the printing apparatus. Organization names such as "General Affairs Department General Affairs Division" and "HR Department" are recorded. The department name may be treated as external information.

User name:
This indicates the name of the user who actually performed printing. It uses system account names and real names, but is positioned as personal information.

  Paper media printed by embedding these information in visible or invisible methods can be analyzed by using an analysis tool if the paper media is available when an information leak is actually detected. It is possible to accumulate information, and it is possible to identify which department of which company and which user actually, so that it is possible to obtain clues of the person who has leaked information.

As a conventional invention, Patent Document 1 describes the importance of ensuring security against description of personal information while being able to trace information leakage due to unauthorized copying.
JP 2004-017538 A

As a conventional problem,
Originally, there is a possibility that tracking information added by a visible method or an invisible method for preventing information leakage may be used for collecting organization information or personal information. On the other hand, since the Personal Information Protection Law has been enforced since 2005, it is necessary to strictly manage such personal information, and adding personal information to paper media to improve tracking accuracy as in the past. Is becoming impossible.

  It is conceivable to use encryption in order to maintain confidentiality while embedding such personal information in a paper medium. That is, the tracking information data is not directly converted into a digital watermark and embedded, but is encrypted and the result is embedded in the digital watermark. In this case, it is conceivable to use a key held by the administrator of the organization that performs printing as the encryption key for performing encryption. However, since an encryption key cannot be obtained by an outsider, the tracking information is encrypted even if the information is actually leaked, even if the digital watermark is decrypted, and the organization where the information leak has occurred is also identified. Since tracking information cannot be decoded, tracking may not be possible as a result.

In order to solve the above problems, an image forming system according to the present invention provides:
User authentication means for authenticating the user;
Tracking information storage means for storing tracking information;
A tracking information encryption means for encrypting a part of the tracking information;
Tracking information encryption selection means for selecting tracking information to be encrypted,
A digital watermark generation unit that generates a digital watermark pattern from the tracking information;
An image data synthesis unit for synthesizing the digital watermark pattern and the image data;
It is characterized by having.

By the image forming system of the present invention,
Depending on your organization ’s policy,
Of the tracking information, only the part related to the desired organization information or personal information is encrypted,
By generating and synthesizing digital watermarks in plain text for other information,
Even outsiders identify the source of information leaks,
By notifying the administrator of the originating organization of the tracking information,
The administrator of the organization can identify the leaking user by obtaining personal information encrypted using the private key that is held,
It becomes possible to carry out tracking without leaking personal information outside the company.

  Next, details of the present invention will be described in accordance with the description of the embodiments.

  FIG. 1 is a block diagram showing the configuration of the first embodiment of the present invention.

In FIG.
Reference numeral 110 denotes a printing apparatus, and 102 denotes a host computer that generates a print job.

The printing device 110 further includes
An interface 111 for receiving a print job from the host computer 102;
Job receiving unit 112 that receives a print job and passes it to the subsequent stage, analyzes the received print job, extracts to PDL (Page Description Language = page description language) data and attribute part, and passes to the subsequent stage job analysis unit 113,
Spooler 114 consisting of a secondary storage device such as a hard disk drive that temporarily stores PDL data until analysis is completed, “Job name”, “Send time”, “Job owner”, “Image quality level” of the print job The attribute storage unit 115 that temporarily stores attribute information such as the print job output, PDL data from the spooler 114, and attribute information from the attribute storage unit 115 is acquired and analyzed to obtain image data necessary for printing. An image generation unit 116 to be generated, an image storage unit 117 including a secondary storage device that temporarily stores image data generated from the image generation unit 116 until printing is completed, and a tissue to store information on a tissue registered in advance Information storage unit 122, user interface unit 123 that changes the setting of organization information storage unit 122, digital watermark generation unit 121 that generates a digital watermark from attribute information, and images acquired from image storage unit 117 The digital watermark synthesizing unit 118 generates the embedded image data by synthesizing the data and the digital watermark generated by the digital watermark generating unit 121, and the image data generated in the previous stage is subjected to a known printing technique such as an electrophotographic technique or an inkjet technique. Printing unit 119 for printing on paper media
Consists of

  The printing apparatus 110 and the host computer 102 are connected via a defined communication medium such as a token ring or a wireless LAN such as IEEE802.11.

  The printing unit 119 includes technologies such as paper feeding, paper conveyance, and paper ejection in addition to the printing technology, but since there is no change from the conventional technology, description thereof is omitted.

  Next, the role of the organization information storage unit 122 will be described.

  FIG. 3 is a graphical user interface (GUI) diagram for setting a digital watermark set by the user interface unit 123.

  This setting may be the operation panel held by the printing device 110, or the printing device 110 serves as a Web server, and the host computer 102 receives the information provided as Web content and displays it on the Web browser. But it doesn't matter.

In FIG. 3, 301 indicates the entire screen,
Reference numeral 302 denotes a setting item relating to the machine number uniquely held by the printing apparatus 110, and reference numeral 308 denotes that the recording method of the machine number can be selected from a pull-down menu.

  303 indicates a setting item related to the company name (or organization name) that can be set by the administrator, 309 indicates that the recording method of the company name can be selected from a pull-down menu, and 314 indicates the actual character string of the company name. Indicates a text box for entering. In FIG. 3, the character “◯ × Trading” is input as an example.

  304 indicates that a contact can be set by the administrator, 310 indicates that the contact recording method can be selected from a pull-down menu, and 315 indicates a text / text for actually entering the contact string. Indicates a box. In FIG. 3, a telephone number “03-XXX-YYYY” is entered as an example.

  Reference numeral 305 denotes a setting item related to the printing date and time. Here, the printing date and time is derived from the time recorded by a timer (not shown) held by the printing apparatus 110, and 311 indicates that the printing date and time recording method can be selected from a pull-down menu.

  306 indicates a setting item related to the department name that can be set by the administrator, 312 indicates that the recording method of the department name can be selected from a pull-down menu, and 316 indicates a text / text for actually inputting a contact character string. Indicates a box. In FIG. 3, the department name “General Affairs Department General Affairs Section” is input as an example.

  Reference numeral 307 denotes a setting item relating to the printer name. Here, the printer name indicates user account information given when logging in to the host computer 102 or user account information when logging in using the user interface unit 123 when using the printing apparatus 110. . Reference numeral 313 indicates that the printing method of the printer name can be selected from the pull-down menu, and FIG. 3 indicates that the menu is being selected.

  As the above recording method, any one of “not record”, “record”, and “encrypted and record” can be selected as shown in FIG. “Do not record” indicates that the item (items 302 to 307 on the left side of the column) is not recorded as digital watermark information. This setting is determined according to the operation policy determined by the administrator. For example, by setting such as not recording the department name 306, it is possible to prevent the possibility of the department name leaking to the outside.

  Alternatively, by setting “record”, it is possible to put the information as digital watermark information. In this case, since the information is not encrypted at all, when the third party discovers an information leak due to the printing paper, the information set to “Record” can be acquired, and the organization information and personal information about this manuscript can be obtained. Can be obtained.

  Further, by setting “encrypted and recorded”, it is possible to put the information as digital watermark information after encrypting the information. In this case, since the information is encrypted, the information set to “encrypt and record” cannot be acquired even when a third party discovers information leakage by the printing paper. Is possible. All of these setting values are recorded by the organization information storage unit 122.

  The encryption key used for encryption is set by the administrator.

  FIG. 9 is a GUI screen for inputting a password for generating an encryption key.

  FIG. 9 shows a screen transition when the encryption password setting button 317 shown in FIG. 3 is pressed. In FIG. 9, 901 is the entire screen, 902 is the password input screen, and the display feedback is hidden by * (asterisk). Reference numeral 903 denotes an OK button for confirming the password setting, and reference numeral 904 denotes a cancel button for canceling the setting.

  The password input here is recorded in the organization information storage unit 122.

  The actual encryption key is generated from the input password by the PBE (password-based encryption) method, and this is used for concealing the attribute information.

  FIG. 4 is a table for explaining that information is stored in the organization information storage unit.

In FIG. 4, each row indicates an entry of information displayed on the GUI. The first column lists item names and the second column lists the storage methods in an enumerated form. Specifically, it is defined as follows.
0: Not recorded 1: Recorded 2: Recorded in encrypted form In the third column, a character string is entered when a character string can be registered for an entry. The setting value is a database, and the recording format may be a fixed length list or an XML format. If there is no entry, the system is automatically set and cannot be set by the administrator.

  An actual operation example will be described. For example, the company name 303 and the contact information 304 are set to “record”, and the department name 306 and the printer name 307 are set to “encrypt and record”. If a third party discovers information leakage due to printing paper, the company name 303 and contact information 304 are not encrypted by the third party. It is possible to specify the output source (organization) of the original document to some extent.

  When the third party specifies the output source from the above information and the manuscript is delivered to the administrator of the output source, the administrator can obtain the encryption key by inputting the encryption password, and the encrypted key is recorded. The department name 306 and the printer name 307 can be decrypted and acquired. By this work, the user can be specified in the organization without disclosing personal information or organization information to the third party, and thus it is possible to perform reliable tracking.

  Next, a process for actually embedding a digital watermark in a sheet will be described.

  FIG. 5 is a flowchart for explaining the operation of the digital watermark encryption unit 120. In the digital watermark encryption unit 120, the job reception unit 112 receives a print job from the host computer 102, the job analysis unit 113 analyzes the print job, and the attribute storage unit 115 stores the attribute information of the print job. The process is called.

  5, the entry (each row corresponds) stored in FIG. 4 is acquired from the organization information storage unit 122 in 501. For example, “airframe information” “1” corresponds.

  Check 502 if there are more entries. If there is no entry, go to 507. If there is an entry, in 503, it is checked whether the second column of the entry is “encrypted and stored”, that is, whether the enumeration type is 2. If it is 2, an entry is added to the ciphertext list held in the digital watermark encryption unit 120 in 504.

  If not 2, in 505 a check is made to see if the second column of the entry is “store”, ie whether the enumeration type is 1. If it is 1, it is added to the plaintext list at 506. The addition of entries in the above 504 to 506 is made for all entries acquired from the organization information storage unit 122.

  When it is recognized in 502 that all entries have been read, the encryption list is encrypted in 508 using the encryption key. At this time, the encryption key is generated from the password stored in the organization information storage unit 122. Further, the encrypted result is merged (concatenated) with the plaintext list added at 506 and sent to the digital watermark generating unit 121 at 510.

  Next, the operation of the digital watermark generation unit 121 will be described.

  Many specific techniques have been proposed for embedding a digital watermark in a paper medium. In this embodiment, an LVBC (Low Visibility BarCode) method will be described. Note that the LVBC method is an example for explaining digital watermarking, and any technology that embeds information on paper as a digital watermark may be used, and is not essential to the present invention.

  LVBC is easy to analyze by placing a grid of dot sequences (grid) separately from the image desired by the user on the paper and embedding information by placing dots at positions shifted from the center of the grid. Provide a simple information embedding means. By placing dots at intervals of the grid, the visibility is relatively low, and it is possible to embed an electronic watermark while preventing consumption of consumables such as ink and toner.

  FIG. 6 is an enlarged schematic diagram when a digital watermark is embedded in a paper by the LVBC method. Dots with a light density of 601 indicate base dots, and it can be seen that all the dots are arranged in a grid pattern. No dot is actually printed at the base dot position. Reference numeral 602 denotes a digital watermark dot in which information is actually embedded as a digital watermark and dots are printed. The digital watermark dot is slightly shifted in any of eight directions (dx, dy) from the position of the base dot, and it is possible to embed information of 8 = 2 ^ 3, that is, 3 bits depending on the direction of the shift.

  FIG. 7 is a schematic diagram showing how the dot placement positions are reflected in information embedding. The dot on each grid can take a value of 0 to 7 depending on the position to be shot, and this is 3 bit information. In FIG. 7, it is possible to embed information of 3 bits × 12 = 36 bits = 4.5 bytes by inputting 12 digital watermark dots.

  Next, recognition of data embedded by the LVBC method will be described.

  Recognition consists of two processes. First, when image data embedded with a digital watermark by LVBC is input through a device such as an optical scanner, a grid is detected from the image data. The typed image is not a base dot but a digital watermark dot, but how the digital dot change changes in the direction of each of dx and dy is probabilistically 50% for each axis. If the average value is calculated, the position of the grid can be calculated. Actually, the paper does not become horizontal or vertical in the paper conveyance direction due to rotation, scanning, or skewing at the time of the printer, but it can be corrected by putting prediction in the rotation direction in the detection of the grid. If the grid can be calculated, the position of the base dot to be hit on the grid can be predicted.

  Second, when the position of the base dot can be detected, the transition can be measured by measuring the position where the digital watermark dot is actually placed. It is possible to convert the transition into 3-bit data of 0 to 7 by correcting the transition in the rotation direction.

  Actually, there is a possibility that an error may occur in the measurement of the transition from the base dot to the digital watermark dot due to factors such as the performance of the printer engine, a decrease in density due to a decrease in the remaining amount of toner, and deterioration in durability. In order to avoid erroneous recognition of embedding information due to an error, the restoration rate of the digital watermark data is improved by adding an error correction code to the original data to be embedded and writing the same pattern multiple times.

Furthermore, if the dot of the digital watermark dot is small,
There is also a possibility that the dots disappear due to thinning of the isolated points. Therefore, in practice, it is possible to enlarge the dot of the digital watermark dot in response to a request for copy resistance. However, when the dot for reducing visibility becomes large, it becomes visible and the quality of the entire original document is lowered, so there is a certain limit in size.

  In general office manuscripts, there are many manuscripts with relatively low density such as text, but in the case of DTP images etc. where many image images are pasted, the density of the manuscript is high, so digital watermark dots are simply applied. It is highly possible that a dot is mistakenly recognized as a pixel of another image, and the error correction code cannot be completely restored. Therefore, the density of the original to be embedded with the digital watermark is detected, and the digital watermark dot to be inserted is changed. The method will be described below.

  FIG. 8 is a schematic diagram showing a state where a digital watermark is actually placed on a sheet. Reference numeral 801 denotes the entire sheet. One piece of digital watermark information is composed of tiles indicated by 802, and the same tile is repeatedly arranged on the entire surface of the paper. For example, even if a part of the paper is cut out or soiled, information can be read as long as there is a complete tile somewhere. Reference numeral 803 denotes an image pattern drawn on the original document. Since the image pattern 803 is an image having a very high density, information cannot be acquired by being surrounded by the image pattern even if a digital watermark dot is inserted. When such a pattern is drawn on the entire surface of the paper, the digital watermark dot disappears and the embedded information cannot be acquired. Therefore, in the case of an image having a high density, such as 804, digital watermark dots are shot with white dots. This makes it possible to embed digital watermark dots regardless of the density of the original image and to embed digital watermark information.

  FIG. 2 is a schematic diagram illustrating a process in which information to be embedded by the printing apparatus according to the present embodiment is converted into digital watermark information. In FIG. 2, 201 is an entry described in the plaintext list. Reference numeral 202 denotes an entry described in the ciphertext list. These digital watermark encryption units encrypt and merge them into 203, and the digital watermark generation unit converts them into tiles 205 composed of digital watermark dots.

  In the first embodiment, the information to be embedded is classified into information that is not encrypted and information that is not encrypted. An organization such as a general company has a hierarchical structure of offices, departments, sections, etc., and it may be desirable to conceal the organization and personal information in a hierarchical structure, such as extracurricular secrets and confidential departments.

  In the present embodiment, a method for improving the first embodiment and hiding organizations and personal information in a plurality of hierarchical structures will be described.

  FIG. 13 is a GUI (graphic user interface) diagram for setting a digital watermark set by the user interface unit 123 in this embodiment. What is added in comparison with FIG. 5 is the encryption level setting drawn in 1320-1325. Since 1320-1322 is not encrypted, it is recorded as an invalid setting. 1323 and 1324 are set to Level1. This is classified as confidential, and Level 1 passwords can be operated so that they can be decrypted if they are in-house. For example, the department name 1306 is secret outside the company, but if it is in-house, the character string “General Affairs Department General Affairs Section” can be acquired. 1307 is set to Level2. This is classified as confidential, and if it is outside the company, the user name cannot be acquired even within the company.

  In this embodiment, only Level 1 and Level 2 can be selected, but levels may be added according to the hierarchical structure of the organization.

  FIG. 10 is a table for explaining that information is stored in the organization information storage unit in the present embodiment. In this table, a third column is added as compared to FIG. This indicates the level of encryption. 0 indicates that encryption is not performed, and 1 and 2 indicate Level 1 and Level 2, respectively. This setting is set from the GUI described in FIG.

  FIG. 11 shows a GUI screen for inputting a password for generating an encryption key in this embodiment. In this drawing, as compared with FIG. 9, a pull-down menu 1105 for setting the encryption key level is added. In FIG. 11, Level 1 is set, and the key (encryption key A) generated from the password input at 1102 is a password setting for Level 1. Similarly, by operating the pull-down menu 1105 to switch to Level 2 and inputting a password at 1102, it is possible to generate a key for level 2 (encryption key B).

  FIG. 12 is a flowchart for explaining the operation of the digital watermark encryption unit 120 in this embodiment. Compared with FIG. 5, this flowchart includes 1204 and 1206 that perform level determination, 1205 and 1207 that are added to the ciphertext list according to the level, and 1210 and 1211 that perform encryption by switching the encryption key according to the level. Have been added.

It is a block diagram which shows the structure of 1st Example of this invention. It is the schematic diagram which showed the process in which the information which should actually be embedded by the printing apparatus by a present Example is converted into electronic watermark information. FIG. 5 is a GUI (graphic user interface) diagram for setting a digital watermark set by a user interface unit 123; It is a table | surface for demonstrating that information is stored in the organization information storage part. 6 is a flowchart for explaining the operation of the digital watermark encryption unit 120. FIG. 4 is an enlarged schematic diagram when a digital watermark is embedded in a paper by the LVBC method. It is a schematic diagram showing how the dot placement position is reflected in information embedding. It is a schematic diagram showing a state where a digital watermark is actually placed on a sheet. It is a GUI screen for inputting a password for generating an encryption key. It is a table | surface for demonstrating that information is stored in the organization information storage part in 2nd Example. It is a GUI screen for inputting a password for generating an encryption key in the second embodiment. It is a flowchart explaining operation | movement of the digital watermark encryption part 120 in 2nd Example. It is a GUI (graphic user interface) figure which performs the setting of the digital watermark set by the user interface part 123 in 2nd Example.

Explanation of symbols

DESCRIPTION OF SYMBOLS 102 Host computer 110 Printing apparatus 111 Interface 112 Job receiving part 113 Job analysis part 114 Spooler 115 Attribute storage part 116 Image generation part 117 Image storage part 118 Digital watermark synthesis part 119 Printing part 120 Digital watermark encryption part 121 Digital watermark generation part 122 Organization information storage part 123 User interface part

Claims (2)

An image forming system including a printing apparatus that transmits a print job from a host computer and actually prints on a sheet by the printing apparatus,
On the host computer,
Personal information adding means for adding personal information that can identify an individual to a print job to be transmitted;
In the printing device,
Organization information storage means for storing organization information that can identify the organization;
Organization information input means for setting organization information to be stored in the organization information storage means;
Information recording policy setting means for setting the personal information and organization information transmitted from the host computer to any one of the three parties that do not record, record, and encrypt and record each item;
An encryption key setting means for setting an encryption key for encryption;
When printing a print job, the organization information and the personal information from the print job is obtained from the organization information storage means, and according to the setting of the information recording policy setting means, an encryption means for encrypting only necessary information;
A digital watermark generating means for converting a set of organization information and personal information composed of plain text and cipher text output from the encryption means into an image pattern using a predetermined digital watermark means;
An image forming system comprising: an electronic watermark synthesizing unit that synthesizes an image pattern created by the digital watermark generating unit with image data generated from a print job. Information recording policy setting means for setting an encryption level when recording with encryption,
An encryption key setting means for setting an encryption key for encryption according to the encryption level;
When printing a print job, the organization information and the personal information are acquired from the organization information storage means, and only necessary information is encrypted according to the encryption level according to the setting of the information recording policy setting means. Adding encryption means;
The image forming system according to claim 1, further comprising:

Images