JP2010245781A - Image reader - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technique for preventing information leakage when transmitting a file of image data obtained from an original. <P>SOLUTION: In the image reader, the file of the image data is encrypted, and an encryption key in the encryption is transmitted not to the transmission destination of the file but to a manager. As a result, since a person who receives the file does not open the file unless the key is told from the manager, the information leakage is prevented. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an image reading apparatus that acquires image data from a document, creates an electronic file from the image data, and transmits the electronic file to an external apparatus.

  Conventionally, encryption of electronic data has been widely used to prevent information leakage.

  For example, Patent Document 1 describes a network system including a multifunction peripheral, a terminal device, and a mail server. Key data is set for each terminal device, and the multi-function device stores the key data in advance in association with the mail address of the terminal device (hereinafter sometimes simply referred to as “address”).

  This multifunction device includes a color scanner and an encryption / decryption processing unit. This multifunction device reads an image from a manuscript with a color scanner to obtain image data, and an encryption / decryption processing unit applies key data corresponding to a mail address of a delivery destination terminal designated by a document sender, Encrypt the image data. This multi-function device creates an e-mail attached with the encrypted image data in this way, designates the e-mail address of the distribution destination user as the destination e-mail address, and transmits this e-mail to the mail server.

  When the destination user starts a mail application on the terminal device, the above-described electronic mail is transmitted from the mail server to the terminal device. When the electronic mail is received, the terminal device applies its own key data and performs the decryption process of the attached file.

  As described above, the conventional network system attempts to prevent leakage of communication data by performing encryption and decryption using key data set in each terminal device.

JP 2006-324724 A

  Such a conventional technique cannot prevent leakage for each individual data. For example, when data that should not be viewed by the user of this terminal device is transmitted to the terminal device registered in the multifunction device, this data is viewed by an inappropriate user in the conventional multifunction device. Cannot be prevented.

  Therefore, the present invention can manage, for each individual data, a technology that can prevent information leakage even in such a case, specifically, whether browsing is prohibited or permitted. An object of the present invention is to provide an image reading apparatus.

  (1) The above-described problems are encrypted by a reading unit that obtains image data from a document, an encryption unit that encrypts the image data, a key determination unit that determines an encryption key used in the encryption, The image reading apparatus includes a data transmission unit that transmits the image data to an external device, and a key notification unit that notifies the encryption key to a person other than the owner of the external device.

  (2) In the image reading apparatus according to (1), the key notification unit may be a key transmission unit that transmits the key to a terminal device used by a person notified by the key notification unit. .

  (3) In the image reading apparatus according to (1), the key notification unit is authenticated by a notification target person authentication unit that authenticates a notification target person of the key notification unit and the notification target person authentication unit. Then, a key display unit that displays the key may be provided.

  (4) In addition, the above problem is that a reading unit that obtains image data from a document, an encryption unit that encrypts the image data, and an encryption key used in the encryption are in accordance with a predetermined pattern. This is solved by an image reading device including a key determination unit for determination, a data transmission unit for transmitting the encrypted image data to an external device, and the like.

  (5) The image reading apparatus according to (4) may further include a specific information notification unit that notifies information other than the owner of the external device of information specifying the key.

  (6) In the image reading apparatus according to (5), the specific information notification unit is configured to transmit information specifying the key to a terminal device used by a person notified by the key specific information notification unit. It may be an information transmission unit.

  (7) In the image reading apparatus according to (5), the specific information notification unit includes a notification target person authentication unit that authenticates a notification target person of the specific information notification unit and a notification target person authentication unit. If successful, a specific information display unit that displays the specific information may be provided.

  Whether the key notifying unit notifies the recipient of the image data other than the recipient of the image data of the encryption key of the image data, so that the recipient of the image data can view the image data. Can decide.

  In addition, the key determination unit sets the encryption key in accordance with a predetermined pattern, so that notification of the encryption key to a person who determines whether to prohibit or permit viewing of each image data can be omitted. .

The block diagram which shows the outline | summary of the communication system of 1st Embodiment. 1 is a block diagram showing an outline of an MFP. 6 is a flowchart showing the operation of the MFP when editing user information. 6 is a flowchart showing the operation of the MFP when reading data is transmitted. The figure which shows an example of the text of a file attachment mail. The figure which shows an example of the text of the mail for key notifications. 9 is a flowchart showing the operation of the MFP at the time of reading data transmission in the second embodiment. 10 is a flowchart showing the operation of the MFP when a key is displayed in the second embodiment. 10 is a flowchart illustrating the operation of the MFP when transmitting read data according to the third embodiment.

[1] First Embodiment Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

(1-1) Communication System FIG. 1 shows an overview of the communication system 100. As shown in FIG. 1, the communication system 100 includes a plurality of client PCs (Personal Computers) 11 to 13, a mail server 2, an MFP (Multifunction Peripheral) 3, and a network 101 that connects these devices so as to communicate with each other.

  The client PCs 11 to 13 have a mail transmission function. Each of the client PCs 11 to 13 has a unique mail address (hereinafter simply referred to as “address”). The client PCs 11 to 13 have a mail transmission / reception function.

  The mail server 2 is a server computer including a storage unit that stores mail, a delivery unit that delivers mail, and the like. Specifically, the mail server 2 temporarily stores the mail sent from the terminal devices such as the client PCs 11 to 13 and the MFP 3 in the tray corresponding to the address of the mail address, and then corresponds to the mail address. Deliver mail to the terminal device.

  The MFP 3 is a device that has functions as a printer, a copier, a scanner, and a facsimile machine, and also has a mail transmission / reception function. An email address is assigned to the MFP 3. A specific configuration of the MFP 3 will be described later.

(1-2) MFP3
FIG. 2 shows an outline of the MFP 3. 2, the MFP 3 includes an operation panel 300, a mail communication unit (an example of a data transmission unit, a key notification unit and a key transmission unit) 301, a printing unit 302, a user information storage unit 303, and a scanner (reading unit). 304 and a control device (an example of an encryption unit, a key determination unit, and a notification target person authentication unit) 310. The MFP 3 further includes a facsimile communication unit and a data communication unit (not shown) that receives print data from an external device such as a PC and transmits the operation status of the MFP 3. Each unit in the MFP 3 is connected by a bus.

  The operation panel 300 receives instructions and information from the user. Specifically, the operation panel 300 includes a touch panel including a liquid crystal display panel and a touch sensor, and hard keys (buttons). Various screens can be displayed on the liquid crystal display panel, and the screen may include soft keys (buttons).

  The mail communication unit 301 transmits and receives mail.

  The printing unit 302 prints images (including characters, symbols, pictures, photographs, drawings, etc.) on paper (an example of a recording medium). Specifically, as the printing unit 302, an apparatus that visualizes an image by a conventionally known printing method such as an electrophotographic method or an inkjet method is employed.

  The user information storage unit 303 is realized by a rewritable recording medium such as an HDD (Hard Disk Drive). The contents of the information stored in these storage units will be described later.

  The scanner 304 is a document conveying device, a platen glass, a light source, a reading element such as a CCD (Charge Coupled Device Image Sensor) that converts light into an electrical signal, light from the light source is guided to the document, and reflected light from the document is used as the reading element. A lens and a mirror for guiding, an A / D conversion circuit for converting an analog electric signal from the reading element into a digital signal, an image processing unit for performing image processing on the digital signal and generating image data, and the like are provided. Image data obtained by the scanner 304 is stored in the RAM 312 in the control device 310, the memory 313, or a memory (not shown).

  The control device 310 performs various processes such as control of the operation of each unit in the MFP 3. Specifically, the control device 310 includes a CPU 311, a RAM 312, a memory 313, and the like. In the memory 313, programs such as a user information management program 313a and a read data transmission program 313b are stored. The CPU 311 can read and execute these programs, and the RAM 312 can function as a work area for the CPU 311.

(1-3) MFP Operation When Saving User Information When the user inputs an instruction to start a user information saving operation via the operation panel 300, the MFP 3 starts the operation of FIG. The operation of FIG. 3 is realized by the CPU 311 executing the user information management program 313a.

  As shown in FIG. 3, the control device 310 causes the liquid crystal display panel of the operation panel 300 to display a screen requesting the user to input an ID and password (step S301). The control device 310 compares the input ID and password with the administrator ID and password, and if they match (Yes in step S302), displays a user information input screen (step S303).

  Thereafter, when user information is input via the operation panel 300 (Yes in step S304) and an instruction to further save the user information is input (Yes in step S305), the control device 310 receives the user information. The input user information is stored in the storage unit 303 (step S306). In this way, new user information is registered or user information is changed (edited). The user information includes a user name, ID, password, address, and the like.

  If the authentication is not successful (No in step S302), the user information is not input (No in step S304), or there is no instruction to save the user information (No in step S305), the new user information No registration or user information changes are made.

  As described above, the MFP 3 allows only the administrator to edit user information.

  Note that information such as an ID, password, and address for the administrator is also stored in the user information storage unit 303, as is the case with other user information. The control device 310 is also required to input an ID and a password for editing administrator information.

(1-4) Operation of MFP at Reading Data Transmission MFP 3 performs reading data transmission in which image data obtained from a document is transmitted to an external device. Specifically, when the MFP 3 receives an instruction to transmit image data via the operation panel 300, the MFP 3 performs the operation shown in FIG. Hereinafter, a user who requests transmission is referred to as a “sender”. The operation of FIG. 4 is realized by the CPU 311 executing the read data transmission program 313b.

  As shown in FIG. 4, the control device 310 requests the sender to input an ID and an address, and compares the input content with information in the user information storage unit 303 to authenticate the sender (step S401). If the authentication fails, that is, if the input ID or address does not match the information in the user information storage unit 303, the following operation is not performed and the transmission ends (No in step S402).

  When the authentication of the sender is successful (Yes in step S402), the control device 310 receives an input of the destination address from the sender via the operation panel 300 (step S403). Specifically, under the control of the control device 310, a screen requesting the sender to input a destination address is displayed on the liquid crystal display panel of the operation panel 300. On this screen, the sender can directly input an address or can select a destination from the address book.

  When the destination address is input, the scanner 304 acquires image data from the document under the control of the control device 310 (step S404). The image data acquired in this way is stored in a storage device in the MFP 3.

  In addition, the control device 310 determines a key to be attached to a mail attachment file described later (step S405).

  The “key” is a character string, and may be referred to as “password” or “encryption key”. “Characters” include numbers, alphabets, symbols (such as underbars, slashes, and hyphens). The length of the character string is not particularly limited, but may be set within a range of several to several tens, for example, 4 to 150 characters.

  The method for determining the key is not particularly limited. For example, the control device 310 may store a plurality of keys in the memory 313 of the control device 310, and randomly select one from the plurality of keys. The control device 310 may be configured to create a key by randomly combining characters.

  Based on the determined key, control device 310 creates an electronic file for transmission (hereinafter simply referred to as “file”) from the image data acquired in step S404 (step S406). The file for transmission may be a file in a format that can be transmitted to an external device, and the format is not specifically limited. For example, a pdf format, a gif format, a tif format, or the like is adopted. . The file format may be selected by the sender via the operation panel 300. The created file is stored in the memory 313, for example.

  Note that the control device 310 may receive an input of a file name from a sender via the operation panel 300 and attach the file name to the file created in step S406. Further, the control device 310 can set the file name, such as the date and time or the job number when the sender requests the MFP 3 for mail transmission, alone or in combination. The job number may be, for example, a serial number that the control device 310 assigns to each mail transmission job in the order in which the job is requested. The job number may be reset every period from power-on to power-off, such as one day, one week, or one month.

  The control device 310 further encrypts the data of the transmission file using the key determined in step S405 (step S407).

  The control device 310 creates an email (file attachment email) with the file attached (step S408). The file attachment mail may be attached with an encrypted file and the destination may be the destination accepted in step S403, or may include other information.

  The control device 310 creates a key notification mail in addition to the file attachment mail (step S409). The key notification e-mail may be anything that the key and the outline of the e-mail (including the attached file) transmitted in step S410 below can be understood by the administrator (notification target person) who received the key notification e-mail.

  Under the control of the control device 310, the mail communication unit 301 transmits the file attachment mail to the destination specified in step S403 (step S410), and the key notification mail is transmitted to the administrator (step S411).

  A specific example of reading data transmission will be given below. In this example, the administrator of the MFP 3 is X. Assume that the sender A instructs the MFP 3 to obtain image data from the original and send it to the recipient B by e-mail. Description of the sender A authentication and the like will be omitted. Further, it is assumed that an instruction is input from the sender A to the MFP 3 so that the file name “test result” is attached to the attached file.

  The text of the file attached mail M1 in this example is shown in FIG. As shown in FIG. 5, the control device 310 can include information specific to each transmission job, such as “test result” that is the file name of the attached file, and the above-described job number, in the subject of the mail M1.

  Then, as shown in FIG. 5, in the body of the mail M1, information specifying the sender authenticated in step S402 (sender's name, mail address, etc.) and a file attached to the mail M1 are opened. Includes information about the necessity of the key and the inquiry destination (that is, the administrator) of this key. The information about the inquiry destination includes an administrator name, an administrator email address, an administrator telephone number, and the like. These pieces of information are used alone or in combination.

  The recipient B can open and refer to the file attachment mail M1 of FIG. 5 on his / her terminal, and inquire the administrator for a key for opening the file “test result.pdf” attached to the mail. .

  Next, the text of the key notification mail M2 in this example will be described with reference to FIG.

  As shown in FIG. 6, the body of the key notification mail M2 includes a key for opening the file attached to the mail M1 in FIG. 5 (the key determined in step S405), and the administrator X , Information for determining whether it is appropriate to inform the recipient B of the mail M1 of this key is included. As such information, the job number of the read data transmission, information for identifying the sender (sender name, e-mail address, etc.), information for identifying the destination (recipient) (recipient name, e-mail address, etc.), transmission date and time And attached file names.

  Furthermore, in this example, as shown in FIG. 6, the file “test result.pdf” is also attached to the key notification mail M2 as in the case of the mail M1. Note that the file attached to the key notification mail M2 may be encrypted in the same manner as the attached file of the mail M1 in FIG. 5 or may not be encrypted. In this way, the administrator X can view the same attachment file as the mail M1, so that the administrator X makes an appropriate determination as to whether or not the file “test result.pdf” may be shown to the recipient B. Can do.

  The administrator X can open and refer to the key notification mail M2 shown in FIG. 6 with his terminal device (client PC). If the manager X determines that there is no inconvenience for the receiver B to browse the attached file, the manager X gives the receiver B a key in response to the query from the receiver B or without waiting for the query. be able to.

  Recipient B who knows the key inputs the key to his / her terminal device (client PC) using a keyboard or mouse, and the terminal device decrypts and displays the attached file when the key is input. Can do.

  In addition, if the manager X determines that the content of the attached file is confidential information in the company and it is inappropriate for the receiver B to view it, the manager X does not have to tell the receiver B the key. In this way, the attachment file is maintained in a state in which the sender A cannot send it, although the sender A has been sent to the receiver B.

  As described above, the MFP 3 encrypts each file and transmits a key for decrypting the file to an administrator who is different from the recipient of the file. And since an administrator can determine whether an individual file is shown to a recipient, information leakage is effectively prevented.

[2] Second Embodiment The MFP 3 may display the key in response to a request from the administrator instead of sending the key to the administrator by e-mail.

  That is, as shown in FIG. 7, the control device 310 stores the key in the memory of the control device 310 instead of steps S409 and S411 in FIG. 4 when transmitting read data (step S710). ). Other steps S701 to S709 are the same as steps S401 to S408 and S410 in FIG.

  When the administrator requests key display via the operation panel 300, as shown in FIG. 8, the control device 310 determines whether the operator is an administrator based on the ID and password, and the administrator If it is determined that there is (Yes in steps S801 and S802), step S is displayed on the liquid crystal display panel of the operation panel 300 (step S803). In this way, high security can be realized by having only the administrator view the key.

  The display form in step S803 is not particularly limited. As a display form, for example, a table in which a key is associated with a job number of a transmission job of a file encrypted by the key can be cited.

  The reception of the key display instruction from the administrator and the display of the key are not necessarily performed via the operation panel 300. For example, when an instruction to display a key is issued via a network 101 from a terminal device (one of client PCs) used by an administrator, a data communication unit (not shown) of the MFP 3 receives this instruction. Thus, the control device 310 may provide a key to the administrator terminal device via the network 101. In this case, the administrator can refer to the key on his / her terminal device. The key display form is as described for step S803.

  The configuration, operation, etc. of the MFP 3 not mentioned above are the same as those in the first embodiment.

[3] Third Embodiment The MFP 3 may determine a key according to a preset pattern. The administrator knows this pattern, so that the administrator can know what key each attached file is encrypted without the MFP 3 notifying the administrator of the key.

  The key setting pattern is not limited to a specific configuration. For example, the control device 310 receives the request for the read data transmission job, the job number, and information about the sender (sender (Name, address, ID), information about the recipient (recipient name, address, ID), etc. can be used alone or in combination as a key.

  Further, as one of the key setting patterns, the control device 310 may have a plurality of keys and select them with a certain regularity.

  The control device 310 may be configured to create a mail including information that allows the administrator to specify the key, and transmit the mail to the administrator's terminal device by the mail communication unit 301. The information that can specify the key differs depending on the above-mentioned pattern. For example, the date and time when the request for the read data transmission job is received, the job number, the sender (sender name, address, ID), and the reception Information (recipient name, address, ID), etc.

  That is, as shown in FIG. 9, the control device 310 sends a mail (specific information notification mail) for notifying information (specific information) for specifying a key, instead of steps S409 and S411 in FIG. It is created and transmitted to the administrator (steps S909 and S911).

  The other steps S901 to S908 and S910 in reading data transmission are the same as steps S401 to S408 and S410. Other configurations, operations, and the like of the MFP 3 are the same as those in the first embodiment.

  Further, the specific information may be displayed in response to an instruction from the administrator, instead of being transmitted by e-mail, as in the key display of the second embodiment. Processing (such as administrator authentication) by the control device 310 at this time is as described in the second embodiment.

[4] Other Embodiments (4-1) In the first to third embodiments, the person who can edit user information and the key destination are the same, but they are different from each other. Also good. That is, a pre-stored ID and password used for administrator authentication when editing user information are different from a pre-stored ID and password used for administrator authentication when displaying a key (or specific information). It may be.

  (4-2) File transmission method is not limited to email. The MFP 3 may include a communication unit that performs file transfer using a communication protocol such as TCP (Transmission Control Protocol). Similarly, the notification of the key and the specific information may be notified by communication other than mail.

  (4-3) Although the MFP is described in the first to third embodiments, the technology of each embodiment can be applied to an image reading apparatus that does not have a printing function.

  (4-4) Technologies listed as different embodiments can be combined with each other, and publicly-known technologies can be combined with the configurations described in the embodiments.

100 Communication System 11-13 Client PC
2 Mail server 3 MFP
300 Operation panel (key notification unit, key display unit, specific information notification unit, specific information display unit)
301 Mail communication unit (data transmission unit, key notification unit, key transmission unit, specific information notification unit, specific information transmission unit)
304 Scanner (reading unit)
310 Control device (encryption unit, key determination unit, notification target person authentication unit)

Claims (7)

A reading unit for obtaining image data from a document;
An encryption unit for encrypting the image data;
A key determination unit for determining an encryption key used in the encryption;
A data transmission unit for transmitting the encrypted image data to an external device;
A key notification unit for notifying the encryption key to a person other than the owner of the external device;
An image reading apparatus comprising: The image reading apparatus according to claim 1, wherein the key notification unit is a key transmission unit that transmits the key to a terminal device used by a person to be notified by the key notification unit. The key notification part
A notification target person authentication unit for authenticating a notification target person of the key notification unit;
When the notification target person authentication unit succeeds in authentication, a key display unit that displays the key;
An image reading apparatus according to claim 1. A reading unit for obtaining image data from a document;
An encryption unit for encrypting the image data;
A key determination unit for determining an encryption key used in the encryption according to a predetermined pattern;
A data transmission unit for transmitting the encrypted image data to an external device;
An image reading apparatus comprising: The image reading apparatus according to claim 4, further comprising a specific information notifying unit that notifies information other than an owner of the external device of information specifying the key. The image reading apparatus according to claim 5, wherein the specific information notifying unit is a specific information transmitting unit that transmits information for specifying the key to a terminal device used by a person to be notified by the key specific information notifying unit. The specific information notification unit
A notification target person authentication unit that authenticates a target person of notification of the specific information notification unit;
When the notification subject authentication unit succeeds in authentication, a specific information display unit that displays the specific information;
An image reading apparatus according to claim 5.

Images