JP2017004494A - Information processing system, information processing apparatus, program, and information protection method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing system configured to enhance security of information stored in a data storage area of a browser.SOLUTION: An information processing system includes a shared device, and an information processing apparatus which provides the shared device with a content of a browser which runs on the shared device. The information processing apparatus includes: authentication means of authenticating a user who operates the shared device, and providing an encryption key managed in association with the authenticated user to the shared device; and providing means of providing the shared device with a function addition program for adding a function to the browser. The shared device includes: area management means of managing a data storage area of the browser to be shared with a plurality of users; and execution means which executes the function addition program in storing information on the data storage area of the browser or acquiring the information from the data storage area of the browser, and encrypts the information to be stored with the encryption key provided from the information processing apparatus and decrypts the acquired information.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an information processing system, an information processing apparatus, a program, and an information protection method.

  In recent years, a local storage for permanently storing data on the web browser side is implemented in the web browser. In recent years, web services in which users use services through web browsers have also become widespread. In web services, user data is protected by user authentication.

  For example, in a communication device that uses a Web application, the data stored in the browser is encrypted, and when trying to use the encrypted data, if the user authentication is successful, the encrypted data is decrypted and provided to the browser The technique to do is known conventionally (for example, refer patent document 1).

  However, when the user's data (personal information) acquired by the web browser from the web service is stored in the local storage (permanent area) of the web browser, there are the following problems.

  For example, as shown in FIG. 1, the permanent area of the web browser is shared for each origin of the web service. FIG. 1 is a diagram showing an example of a data storage method in a permanent area of a web browser. The origin is a combination of a protocol, a domain name, and a port number, for example, “https://www.example.com:443”.

  When a plurality of users sharing one web browser access the same web service, for example, as shown in FIG. 2, another user B can view the personal information of one user A. was there. FIG. 2 is a diagram illustrating a case where another user can view the personal information of a certain user.

  In a web browser operating on a PC, a user data storage area is divided for each logged-in user in the operating system (OS), and therefore, a permanent area of the web browser is often divided for each user. Therefore, the problem as shown in FIG. 2 is unlikely to occur.

  On the other hand, in a web browser that operates on an electronic device shared by a plurality of users such as a multifunction peripheral or a projector, the user data storage area is often not divided for each login user. Therefore, the problem as shown in FIG. 2 may occur. As described above, in a web browser operating on an electronic device (shared device) shared by a plurality of users, there is a security problem if the personal information of the user is stored in the permanent area.

  An object of an embodiment of the present invention is to provide an information processing system that improves the security of information stored in a data storage area of a browser.

  In order to achieve the above object, claim 1 of the present application provides a shared device that is shared and used by a plurality of users, and information that provides the shared device with content for displaying information on a browser operating on the shared device. An information processing system comprising: a processing device, wherein the information processing device authenticates the user who operates the shared device, and manages an encryption key managed in association with the authenticated user. And providing means for providing the shared device with a function addition program for adding a function to the browser, wherein the shared device is shared and used by a plurality of users. An area management means for managing the data storage area, and when the predetermined information is stored in the data storage area of the browser, the function addition program is executed, and the information is When the predetermined information encrypted by the encryption key provided from the information processing device and encrypted and stored in the data storage area is acquired, the function addition program is executed, and the predetermined predetermined encrypted Execution means for decrypting information with the encryption key provided from the information processing apparatus.

  According to the embodiment of the present invention, the security of the information stored in the data storage area of the browser can be improved.

It is a figure which shows an example of the data storage method in the permanent area | region of a web browser. It is a figure which shows the case where another user can browse the personal information of a certain user. It is a lineblock diagram of an example of an information processing system concerning this embodiment. It is a hardware block diagram of an example of the computer which concerns on this embodiment. 1 is a hardware configuration diagram of an example of an image forming apparatus according to an embodiment. It is a process block diagram of an example of the web service server apparatus which concerns on this embodiment. 1 is a processing block diagram of an example of an image forming apparatus according to an embodiment. It is a figure for demonstrating the personal information displayed on a browser screen. It is a block diagram of an example of the user authentication information table which an authentication part hold | maintains. It is a block diagram of an example of the user confidential information table which a user confidential information management part hold | maintains. It is a block diagram of an example of the user confidential information table which a perpetuation part hold | maintains. It is a sequence diagram showing an example of processing until logging in to a web service and displaying a user page other than user confidential information. It is a sequence diagram showing an example of the process which performs the display of the user page containing user confidential information, and the preservation | save of the user confidential information to the permanent area | region of a web browser. It is a sequence diagram showing an example of the process which decrypts and uses the encryption user confidential information preserve | saved at the permanent area | region of the web browser. It is a flowchart of an example of the process in which a script execution part acquires user confidential information. It is a process block diagram of the other example of the image forming apparatus which concerns on this embodiment. It is a sequence diagram showing an example of the process which preserve | saves a user private key in the volatile area | region of a web browser. It is a block diagram of the other example of the information processing system which concerns on this embodiment. It is the flowchart showing an example of the process of the web application which received the acquisition request of the user page. It is a figure for demonstrating the specific example of the personal information displayed on a browser screen.

Next, embodiments of the present invention will be described in detail. In this embodiment, an image forming apparatus will be described as an example of an electronic apparatus (shared apparatus) shared by a plurality of users, but the present invention is not limited to the image forming apparatus. For example, the shared device may be a projector, a conference system, a television, a recorder, a camera, an electronic blackboard (IWB), or the like.
[First Embodiment]
<System configuration>
FIG. 3 is a configuration diagram of an example of an information processing system according to the present embodiment. The information processing system 1 in FIG. 3 includes a web service server device 10 and an image forming device 12 connected via a network N1 such as a LAN or the Internet. The web service server apparatus 10 and the image forming apparatus 12 have wireless or wired communication means. Although FIG. 3 shows an example in which the web service server apparatus 10 and the image forming apparatus 12 are one, there may be a plurality of them.

  The web service server device 10 is realized by one or more information processing devices. The web service server device 10 provides a web service to be described later. The image forming apparatus 12 is an example of an electronic device (shared device) such as a multifunction machine or a projector shared by a plurality of users. The image forming apparatus 12 may be a shared device such as a printer, a copier, a laser printer, an electronic blackboard, or a television. Note that the information processing system 1 in FIG. 3 is an example, and a configuration in which the functions of the web service server apparatus 10 are realized by a plurality of information processing apparatuses may be employed.

<Hardware configuration>
The web service server device 10 in FIG. 3 is realized by a computer having a hardware configuration as shown in FIG. 4, for example. FIG. 4 is a hardware configuration diagram of an example of a computer according to the present embodiment.

  A computer 500 illustrated in FIG. 4 includes an input device 501, a display device 502, an external I / F 503, a RAM 504, a ROM 505, a CPU 506, a communication I / F 507, an HDD 508, and the like. . Note that the input device 501 and the display device 502 may be connected and used when necessary.

  The input device 501 includes a keyboard and a mouse, and is used by a user to input each operation signal. The display device 502 includes a display and the like, and displays a processing result by the computer 500.

  A communication I / F 507 is an interface for connecting the computer 500 to the network N1. Thereby, the computer 500 can perform data communication via the communication I / F 507.

  The HDD 508 is a non-volatile storage device that stores programs and data. The stored programs and data include an OS that is basic software for controlling the entire computer 500, application software that provides various functions on the OS, and the like.

  The external I / F 503 is an interface with an external device. The external device includes a recording medium 503a. Accordingly, the computer 500 can read and / or write the recording medium 503a via the external I / F 503. Examples of the recording medium 503a include a flexible disk, a CD, a DVD, an SD memory card, and a USB memory.

  The ROM 505 is a nonvolatile semiconductor memory (storage device) that can retain programs and data even when the power is turned off. The ROM 505 stores programs and data such as BIOS (Basic Input / Output System), OS settings, and network settings that are executed when the computer 500 is started. The RAM 504 is a volatile semiconductor memory (storage device) that temporarily stores programs and data.

  The CPU 506 is an arithmetic device that realizes control and functions of the entire computer 500 by reading a program and data from a storage device such as the ROM 505 and the HDD 508 onto the RAM 504 and executing processing.

  The web service server apparatus 10 according to the present embodiment can realize various processes as described later by the hardware configuration of the computer 500 described above.

  The image forming apparatus 12 in FIG. 3 is realized by, for example, the hardware configuration shown in FIG. FIG. 5 is a hardware configuration diagram of an example of the image forming apparatus according to the present embodiment. The image forming apparatus 12 illustrated in FIG. 5 includes a controller 601, an operation panel 602, an external I / F 603, a communication I / F 604, a printer 605, a scanner 606, and the like.

  The controller 601 includes a CPU 611, a RAM 612, a ROM 613, an NVRAM 614, an HDD 615, and the like. The ROM 613 stores various programs and data. The RAM 612 temporarily stores programs and data. The NVRAM 614 stores setting information, for example. The HDD 615 stores various programs and data.

  The CPU 611 implements control and functions of the entire image forming apparatus 12 by reading programs, data, setting information, and the like from the ROM 613, the NVRAM 614, the HDD 615, and the like onto the RAM 612 and executing the processing.

  The operation panel 602 includes an input unit that receives input from the user and a display unit that performs display. An external I / F 603 is an interface with an external device. The external device includes a recording medium 603a. Accordingly, the image forming apparatus 12 can read and / or write the recording medium 603a via the external I / F 603. Examples of the recording medium 603a include an IC card, a flexible disk, a CD, a DVD, an SD memory card, and a USB memory.

  The communication I / F 604 is an interface that connects the image forming apparatus 12 to the network N1. Thereby, the image forming apparatus 12 can perform data communication via the communication I / F 604. A printer 605 is a printing device for printing print data on paper. A scanner 606 is a reading device for reading image data (electronic data) from a document.

<Software configuration>
<Web service server device>
The web service server apparatus 10 according to the present embodiment is realized by a processing block as shown in FIG. 6, for example. FIG. 6 is a processing block diagram of an example of the web service server apparatus according to the present embodiment.

  The web service server device 10 includes a communication unit 20 and a web application 28. The web service server device 10 implements an authentication unit 22, a static file management unit 24, and a user confidential information management unit 26 by executing the web application 28.

  The communication unit 20 of the web service server apparatus 10 realizes communication with the image forming apparatus 12 via the network N1. The web application 28 of the web service server apparatus 10 communicates with the image forming apparatus 12 via the communication unit 20.

  The authentication unit 22 of the web application 28 authenticates a user who uses the web service. User authentication can be performed by a combination of user identification information such as a user ID and secret information such as a password. User authentication includes those using IC card information owned by the user and those using the user's biometric information. Hereinafter, a general user authentication performed by a combination of a user ID and a password will be described as an example.

  When the user authentication is completed (normal end), the authentication unit 22 returns an authentication ticket to the image forming apparatus 12 as proof thereof. The authentication ticket is assumed to be a cookie managed by a web browser to be described later. The static file management unit 24 manages files (web contents) for displaying web pages such as HTML, CSS (cascading style sheets), and JavaScript (registered trademark). Note that JavaScript is an example of a script language (simple programming language).

  The user confidential information management unit 26 manages data (personal information) held by the user on the web service. The personal information managed by the user confidential information management unit 26 can be used for updating, reading, and the like only by the user holding the personal information. For example, user A cannot access user B's personal information.

  The user needs an authentication ticket when using his / her personal information. The user confidential information management unit 26 determines the validity of the user based on the authentication ticket. The validity of the authentication ticket is verified by the authentication unit 22.

  As personal information managed by the user confidential information management unit 26, various information can be assumed by a web service. For example, in the case of a purchase service web service, the personal information managed by the user confidential information management unit 26 is credit card information (for example, card number, expiration date, etc.) and history information (for example, purchase history, browsing history, etc.). In the case of a web mail web service, the personal information managed by the user confidential information management unit 26 is mail information (for example, transmission history, reception history, etc.). In the case of a translation service web service, personal information managed by the user confidential information management unit 26 is translation information (for example, a history of translated sentences).

<Image forming apparatus>
The image forming apparatus 12 according to the present embodiment is realized by a processing block as shown in FIG. FIG. 7 is a processing block diagram of an example of the image forming apparatus according to the present embodiment. In FIG. 7, processing blocks for functions such as a printer and a scanner that are unique to the image forming apparatus 12 are omitted.

  The image forming apparatus 12 includes a communication unit 30 and a web browser 40. The image forming apparatus 12 implements a browser engine unit 32, a drawing unit 34, a script execution unit 36, and a persistence unit 38 by executing the web browser 40.

  The communication unit 30 of the image forming apparatus 12 realizes communication with the web service server apparatus 10 via the network N1. The web browser 40 of the image forming apparatus 12 communicates with the web service server apparatus 10 via the communication unit 30. That is, the web application 28 of the web service server apparatus 10 and the web browser 40 of the image forming apparatus 12 communicate via the network N1.

  The browser engine unit 32 of the web browser 40 acquires web contents such as HTML, CSS, and JavaScript via an HTTP request. The browser engine unit 32 analyzes the acquired web content and provides the drawing unit 34 with drawing information to be displayed on the browser screen. The browser engine unit 32 also manages the operation of the entire web browser 40. The drawing unit 34 displays drawing information such as a web page on the browser screen.

  The script execution unit 36 executes a script such as JavaScript that has been added to the web content acquired from the web service server device 10. The contents of the script vary depending on the web service, but there are ones that affect drawing information and ones that acquire user data (personal information) from the web service server device 10.

  The script also instructs to save the personal information acquired from the web service server device 10 in the local storage (permanent area) of the web browser 40 and to acquire the personal information from the permanent area. The persistence unit 38 stores the personal information instructed to be stored by the script execution unit 36 in the persistence area of the web browser 40.

  For example, a permanent area of the web browser 40 can use a function called web storage for saving data on the web browser side. The personal information stored in the permanent area is deleted when there is an explicit deletion instruction, and is not deleted even when the image forming apparatus 12 is turned off or the web browser 40 is terminated.

  Since the persistence area is shared for each origin of the web service that acquired the script, there is a security problem that another user can view the personal information of one user as shown in FIG. there were. Therefore, the script execution unit 36 encrypts the user's personal information in the permanent area of the web browser 40 using the user secret key acquired from the web service server device 10. The script execution unit 36 decrypts the user's personal information from the permanent area of the web browser 40 using the user secret key acquired from the web service server device 10.

  The personal information (user confidential information) of other users stored in the persistent area is encrypted with the other user's user private key and cannot be decrypted without obtaining the other user's user private key. . The user secret key of another user cannot be acquired unless another user ID and password are obtained and user authentication is successful. Therefore, in the information processing system 1 of the present embodiment, even if the persistence area is shared for each origin of the web service that acquired the script, the user confidential information encrypted with the user secret key for each user is stored in the persistence area. Saving can improve security.

  The personal information stored in the permanent area is displayed on the browser screen as shown in FIG. 8, for example. FIG. 8 is a diagram for explaining personal information displayed on the browser screen. The browser screen 1000 is an example of a web service login screen. The user inputs a user ID and password on the browser screen 1000 displayed on the image forming apparatus 12 and requests login.

  When the user authentication is completed (normal end), the image forming apparatus 12 acquires an authentication ticket from the web service server apparatus 10. The image forming apparatus 12 uses the authentication ticket and displays a browser screen 1001 including user confidential information as an example of personal information. Information such as “web service” and “welcome user 1” on the browser screen 1001 is provided from the web application 28 of the web service server device 10 as an HTML or CSS file.

  Note that personal information such as “user confidential information: user1_secret” on the browser screen 1001 is acquired from the web application 28 of the web service server device 10 by a script.

  FIG. 20 is a diagram for explaining a specific example of personal information displayed on the browser screen. For example, the browser screen 1001 in FIG. 20A is an example of a screen in which personal information is credit card information. In the browser screen 1001 in FIG. 20A, the card number and the expiration date included in the credit card information are displayed. For example, the browser screen 1001 in FIG. 20B is an example of a screen in which personal information is an example of history information. In the browser screen 1001 in FIG. 20B, a purchase history included in the history information is displayed.

  The script acquires personal information from the permanent area when the personal information is stored in the permanent area of the web browser 40. Further, the script acquires the personal information from the web service server device 10 when the personal information is not stored in the permanent area of the web browser 40.

《Authentication information table》
FIG. 9 is a configuration diagram of an example of a user authentication information table held by the authentication unit. The user authentication information table shown in FIG. 9 has a user ID, password, authentication ticket, and user secret key. The user ID is an example of user identification information for identifying a user. The password is an example of user secret information. In FIG. 9, the password is described in plain text for explanation, but the encrypted password is described.

  The authentication ticket is issued by the authentication unit 22 of the web service server device 10 after the user authentication is completed (normal end). The authentication ticket is returned to the web browser 40 of the image forming apparatus 12 from the web service server apparatus 10 by being added to the HTTP response to the web browser 40 that has logged in.

  The user secret key is a secret key used when encrypting / decrypting user confidential information. The user secret key is generated by the authentication unit 22 when the user logs in. 9 is discarded from the user authentication information table in FIG. 9 when the user logs out from the web service.

  In the user authentication information table shown in FIG. 9, the user IDs “user1” and “user2” are logged in, and the user ID “user3” is not logged in.

  Since the user with the user ID “user3” is not logged in, the user authentication information table of FIG. 9 is “null” indicating that the authentication ticket and user private key of the user ID “user3” are not described. .

<< User confidential information table >>
FIG. 10 is a configuration diagram of an example of a user confidential information table held by the user confidential information management unit. The user confidential information table of FIG. 10 is configured to have a user ID and user confidential information. As shown in FIG. 10, the user confidential information is stored in the user confidential information table in association with the user ID. The user confidential information can be used by a user having a user ID associated with the user confidential information table.

  For example, when the user with the user ID “user1” accesses his / her confidential user information, an authentication ticket acquired by user authentication is required. Therefore, the user with the user ID “user1” cannot access the user confidential information of the user with the user ID “user2” unless obtaining the user ID and password with the user ID “user2”.

  FIG. 11 is a configuration diagram of an example of the user confidential information table held by the persistence unit. The user confidential information table in FIG. 11 has a user ID and encrypted user confidential information. The encrypted user confidential information is user confidential information encrypted with the user secret key acquired from the web application 28 of the web service server device 10.

  As shown in FIG. 11, the encrypted user confidential information is stored in the user confidential information table in association with the user ID. The user secret key acquired from the web application 28 of the web service server device 10 is also used for decrypting the encrypted user confidential information. Here, an example of a common key encryption method using the same key for encryption and decryption has been described, but a target key encryption method may be used.

<Details of processing>
Below, the detail of the process of the information processing system 1 which concerns on this embodiment is demonstrated.

《Process to save user confidential information in permanent area》
For example, in the information processing system 1 of the present embodiment, the user confidential information stored in the web service server device 10 is stored in the permanent area of the web browser 40 by the procedure shown in FIGS.

  FIG. 12 is a sequence diagram illustrating an example of processing from when the user logs in to the web service from the web browser 40 of the image forming apparatus 12 until a user page other than the user confidential information is displayed.

  FIG. 13 is a sequence diagram showing an example of processing for displaying a user page including user confidential information (for example, the browser screen 1001 in FIG. 8) and storing the user confidential information in the permanent area of the web browser 40. is there.

  The web browser 40 of the image forming apparatus 12 starts the process of the sequence diagram of FIG. 12 by an operation from the user. In step S <b> 10, the browser engine unit 32 of the web browser 40 makes a login page acquisition request to the web application 28 of the web service server device 10.

  In step S <b> 11, the web application 28 acquires the web content of the login page from the static file management unit 24 and returns the web content of the login page to the browser engine unit 32 of the image forming apparatus 12. The method for acquiring the web content of the login page can be performed by a general HTTP request.

  In step S12, the browser engine unit 32 analyzes web contents such as HTML and CSS returned from the web service server apparatus 10, and creates drawing information. The browser engine unit 32 provides the created drawing information to the drawing unit 34 and requests drawing of the login page. The drawing unit 34 draws a login page based on the provided drawing information and displays it on a browser screen (for example, the browser screen 1000 in FIG. 8).

  The user inputs the user ID and password on the login page and presses the login button. In step S <b> 13, the browser engine unit 32 of the image forming apparatus 12 makes a login request with the user ID and password added to the web application 28 of the web service server apparatus 10.

  In step S14, the web application 28 requests the authentication unit 22 to authenticate the user ID and password. In step S15, the authentication unit 22 refers to the user authentication information table shown in FIG. 9 and verifies the validity of the user ID and password. If the validity of the user ID and password can be verified, the authentication unit 22 determines that the user authentication is successful. If the user authentication is successful, the authentication unit 22 generates an authentication ticket.

  If the user authentication is successful, the authentication unit 22 generates a user secret key in step S16. The authentication unit 22 stores the authentication ticket and the user secret key in the user authentication information table of FIG. 9 in association with the user ID and password that have been successfully authenticated.

  The web application 28 adds the generated authentication ticket to the HTTP response header to the web browser 40 of the image forming apparatus 12 and returns it. Further, the web application 28 instructs the web browser 40 of the image forming apparatus 12 to redirect to the user page URL as an HTTP response.

  In step S <b> 17, the browser engine unit 32 stores the authentication ticket returned from the web application 28 of the web service server device 10 in the cookie storage location of the web browser 40. The process of storing the authentication ticket in the cookie storage location of the web browser 40 is a general behavior of the web browser 40.

  In step S18, the browser engine unit 32 executes a redirect process to the user page URL instructed from the web application 28. Specifically, the browser engine unit 32 sends a user page acquisition request with the authentication ticket added to the web application 28 of the web service server device 10.

  In step S19, the web application 28 requests the authentication unit 22 to confirm the authentication ticket. The authentication unit 22 refers to the user authentication information table shown in FIG. 9 and determines that the user is a valid user if the authentication ticket requested to be confirmed exists in the user authentication information table. FIG. 12 shows an example in which the user is determined to be a valid user. The authentication unit 22 returns the determination result to the web application 28.

  Based on the result of determination as a valid user, the web application 28 acquires the web content of the user page from the static file management unit 24 and returns the web content of the user page to the browser engine unit 32 of the image forming apparatus 12. If it is not determined that the user is valid, the web content of the user page is not returned to the browser engine unit 32 of the image forming apparatus 12.

  In step S21, the browser engine unit 32 analyzes web contents such as HTML and CSS returned from the web service server apparatus 10, and creates drawing information. The browser engine unit 32 provides the created drawing information to the drawing unit 34 to request drawing of the user page. The drawing unit 34 draws the user page based on the provided drawing information and displays it on the browser screen.

  In parallel with the process of step S21, the browser engine unit 32 instructs the script execution unit 36 to execute JavaScript included in the web content returned from the web service server device 10 in step S31 of FIG. A user ID and an authentication ticket are added to the instruction in step S31. In addition, it is assumed that JavaScript that is instructed to be executed in step S31 is a script that draws user confidential information on the user page.

  In step S <b> 32, the script execution unit 36 requests the web application 28 of the web service server device 10 to obtain a user secret key corresponding to the authentication ticket. In step S33, the web application 28 requests the authentication unit 22 to obtain a user secret key corresponding to the authentication ticket. The authentication unit 22 refers to the user authentication information table shown in FIG. 9 and returns a user secret key corresponding to the authentication ticket to the web application 28.

  The web application 28 returns a user secret key corresponding to the authentication ticket to the script execution unit 36 of the image forming apparatus 12. In step S34, the script execution unit 36 attempts to acquire the user confidential information from the permanent area as follows. In step S35, the script execution unit 36 specifies the user ID and requests the permanent unit 38 to obtain the encrypted user confidential information in FIG. Here, an example is shown in which the encrypted user confidential information is not stored in the permanent area.

  When the response with no encrypted user confidential information is returned from the persistence unit 38, the script execution unit 36 proceeds to step S36. The script execution unit 36 requests the web application 28 of the web service server device 10 to acquire user confidential information corresponding to the authentication ticket.

  In step S <b> 37, the web application 28 requests the authentication unit 22 to confirm the authentication ticket. The authentication unit 22 refers to the user authentication information table shown in FIG. 9 and determines that the user is a valid user if the authentication ticket requested to be confirmed exists in the user authentication information table. FIG. 13 shows an example in which it is determined that the user is a valid user. The authentication unit 22 returns the determination result to the web application 28.

  Based on the result of the determination as a legitimate user, the web application 28 acquires user confidential information from the user confidential information management unit 26 and returns it to the script execution unit 36 of the image forming apparatus 12. If it is not determined that the user is valid, the user confidential information is not returned to the script execution unit 36 of the image forming apparatus 12.

  In step S39, the script execution unit 36 encrypts the user confidential information with the user secret key. As the encryption method, DES (Data Encryption Standard) and AES (Advanced Encryption Standard), which are common key encryption methods, are assumed.

  In step S40, the script execution unit 36 requests the persistence unit 38 to store the encrypted user confidential information as the encrypted user confidential information in the permanent area. As shown in the user confidential information table in FIG. 11, the permanent unit 38 stores the key in the permanent area in the key value format with the user ID and the value as encrypted user confidential information.

  In step S <b> 41, the script execution unit 36 requests the drawing unit 34 to draw user confidential information returned from the web service server device 10. The drawing unit 34 draws the requested user confidential information on the user page.

《Process using user confidential information stored in persistent area》
For example, in the information processing system 1 of this embodiment, the encrypted user confidential information stored in the permanent area of the web browser 40 is decrypted and used by the procedure shown in FIG. FIG. 14 is a sequence diagram showing an example of processing for decrypting and using encrypted user confidential information stored in the permanent area of the web browser.

  Here, it is assumed that a user who uses the web service according to the procedure shown in FIGS. 12 and 13 uses the web service again. Note that a user page other than user confidential information is displayed by the procedure shown in FIG. 12 before the processing shown in the sequence diagram of FIG.

  In step S51, the browser engine unit 32 instructs the script execution unit 36 to execute the JavaScript included in the web content returned from the web service server device 10. A user ID and an authentication ticket are added to the instruction in step S51. In addition, it is assumed that JavaScript that is instructed to be executed in step S51 is a script that draws user confidential information on the user page.

  In step S <b> 52, the script execution unit 36 requests the web application 28 of the web service server device 10 to obtain a user secret key corresponding to the authentication ticket. In step S53, the web application 28 requests the authentication unit 22 to obtain a user secret key corresponding to the authentication ticket. The authentication unit 22 refers to the user authentication information table shown in FIG. 9 and returns a user secret key corresponding to the authentication ticket to the web application 28.

  The web application 28 returns a user secret key corresponding to the authentication ticket to the script execution unit 36 of the image forming apparatus 12. In step S54, the script execution unit 36 attempts to acquire the user confidential information from the permanent area as follows. In step S55, the script execution unit 36 specifies the user ID and requests the permanent unit 38 to obtain the encrypted user confidential information in FIG.

  Here, an example is shown in which encrypted user confidential information is stored in the permanent area. The persistence unit 38 acquires encrypted user confidential information of value from the user confidential information table of FIG. 11 using the user ID as a key.

  In step S56, the script execution unit 36 decrypts the encrypted user confidential information with the user secret key. In step S57, the script execution unit 36 requests the drawing unit 34 to draw the decrypted user confidential information. The drawing unit 34 draws the requested user confidential information on the user page.

<< Process for obtaining confidential user information by script execution unit >>
FIG. 15 is a flowchart of an example of processing in which the script execution unit acquires user confidential information. In step S <b> 61, the script execution unit 36 acquires the user secret key from the web application 28 of the web service server device 10.

  In step S62, the script execution unit 36 specifies the user ID and requests the permanent unit 38 to obtain the encrypted user confidential information in FIG. If the encrypted user confidential information can be acquired (Yes in S63), the script execution unit 36 decrypts the encrypted user confidential information with the user secret key in Step S64.

  If the encrypted user confidential information cannot be acquired (No in S63), the script execution unit 36 proceeds to Step S65 and acquires the user confidential information from the web service server device 10. In step S66, the script execution unit 36 encrypts the user confidential information with the user secret key.

  In step S67, the script execution unit 36 requests the persistence unit 38 to store the encrypted user confidential information as the encrypted user confidential information in the permanent area, and stores the encrypted user confidential information in the permanent area. .

<Summary>
In the information processing system 1 of the present embodiment, when the user confidential information is stored in the permanent area of the web browser 40, the information is encrypted with the user secret key acquired from the web service server device 10. In the information processing system 1 according to the present embodiment, when the user confidential information is acquired from the permanent area of the web browser 40, the information is decrypted with the user secret key acquired from the web service server device 10.

  Therefore, even if the user uses the same web service as the other user from the web browser 40 of the image forming apparatus 12, the other user's encrypted user confidential information stored in the permanent area is decrypted. Can not be viewed. For example, in the information processing system 1 of this embodiment, when a web browser 40 that operates on a shared device such as the image forming apparatus 12 is used, information stored in a web service that requires user authentication is encrypted. Can be stored in the permanent area of the web browser 40.

  For example, in a web browser that operates on an electronic device (shared device) shared by a plurality of users, such as the image forming apparatus 12, the user data storage area is often not divided for each login user. This is because it is difficult to divide the data storage area for each logged-in user at the OS level because the login performed on the shared device is a login performed to use the shared device and not an OS login.

  For this reason, in the information processing system 1 of the present embodiment, security is improved by encrypting information stored in the data storage area of the web browser, instead of dividing the user data storage area for each login user.

In the information processing system 1 according to the present embodiment, the security of information stored in the permanent area of the web browser 40 operating on the image forming apparatus 12 can be improved.
[Second Embodiment]
In the first embodiment, the user secret key is acquired from the web service server device 10 before attempting to acquire the user confidential information from the permanent area. In the second embodiment, the number of communications is reduced by storing the user secret key acquired from the web service server device 10 in the volatile area of the web browser 40. Note that the second embodiment is the same as the first embodiment except for a part thereof, and thus description thereof will be omitted as appropriate.

  For example, the volatile area of the web browser 40 can use session storage called web storage that stores data on the web browser 40 side. The session storage is storage that is effective in a session for each window of the web browser 40. Session storage saves data while a window or tab is open, and deletes data when the window or tab is closed.

  The permanent area of the web browser 40 can use a local storage that stores data on the web browser side called web storage. The local storage is a storage that permanently stores data of users who use the web browser 40.

<Software configuration>
<Image forming apparatus>
The image forming apparatus 12 according to the present embodiment is realized by a processing block as shown in FIG. FIG. 16 is a processing block diagram of another example of the image forming apparatus according to the present embodiment. In FIG. 16, processing blocks for functions such as a printer and a scanner unique to the image forming apparatus 12 are omitted.

  The image forming apparatus 12 illustrated in FIG. 16 has a configuration in which a volatile data storage unit 42 is added to the web browser 40 of the image forming apparatus 12 in FIG. The volatile data storage unit 42 stores data in a volatile area.

<Details of processing>
In the information processing system 1 of the second embodiment, the user secret key is stored in the volatile area of the web browser 40 in the procedure shown in FIG. FIG. 17 is a sequence diagram showing an example of processing for storing the user secret key in the volatile area of the web browser. Before the processing shown in the sequence diagram of FIG. 17, a user page other than the user confidential information is displayed by the procedure of FIG.

  In step S81, the browser engine unit 32 instructs the script execution unit 36 to execute the JavaScript included in the web content returned from the web service server device 10.

  A user ID and an authentication ticket are added to the instruction in step S81. In addition, it is assumed that JavaScript that is instructed to be executed in step S81 is a script that draws user confidential information on the user page.

  In step S82, the script execution unit 36 designates the user ID and requests the volatile data storage unit 42 to acquire the user secret key. Here, an example in which the user secret key is not stored in the volatile area is shown.

  When the response without the user secret key is returned from the volatile data storage unit 42, the script execution unit 36 requests the web application 28 of the web service server device 10 to acquire the user secret key corresponding to the authentication ticket in step S83. . In step S84, the web application 28 requests the authentication unit 22 to obtain a user secret key corresponding to the authentication ticket. The authentication unit 22 refers to the user authentication information table in FIG. 9 and returns a user secret key corresponding to the authentication ticket to the web application 28.

  The web application 28 returns a user secret key corresponding to the authentication ticket to the script execution unit 36 of the image forming apparatus 12. In step S85, the script execution unit 36 encrypts the user secret key by the common encryption key method using the authentication ticket as an encryption key. In step S86, the script execution unit 36 requests the volatile data storage unit 42 to store the encrypted user secret key in the volatile area. The volatile data storage unit 42 stores the key in a volatile area in a key value format in which the key is a user ID and the value is an encrypted user secret key.

  After step S86, steps S34 to S41 in FIG. 13 or steps S54 to S57 in FIG. 14 are performed, but the description is omitted. An example in which the user secret key is stored in the volatile area is after step S87.

  In step S87, the browser engine unit 32 instructs the script execution unit 36 to execute the JavaScript included in the web content returned from the web service server device 10. It is assumed that JavaScript that is instructed to be executed in step S87 is a script that draws user confidential information on the user page.

  In step S88, the script execution unit 36 specifies the user ID and requests the volatile data storage unit 42 to acquire the user secret key. Then, the volatile data storage unit 42 acquires the user secret key encrypted with the value using the user ID as a key. In step S89, the script execution unit 36 decrypts the encrypted user secret key with the authentication ticket.

  Further, after the process of step S89, the processes of steps S34 to S41 in FIG. 13 or steps S54 to S57 in FIG.

  In the second embodiment, the user secret key is encrypted with the authentication ticket and then stored in the volatile area of the web browser 40. By encrypting the user secret key with the authentication ticket, the encrypted user secret key cannot be decrypted when the expiration date of the authentication ticket used by the user in the web browser 40 expires in the second embodiment. .

For this reason, in the second embodiment, the period during which the user private key is stored in the volatile area of the web browser 40 is equal to the period during which the web browser 40 is logged in to the web service (the period during which the authentication ticket is held). It becomes. The second embodiment prohibits the use of the user secret key when the validity period of the authentication ticket has expired, and can improve the security of the shared device.
[Third Embodiment]
In the first and second embodiments, the information processing system 1 having the web service server device 10 and the image forming device 12 as illustrated in FIG. 3 has been described as an example. In the third embodiment, as shown in FIG. 18, a PC 14 is added to the configuration of the information processing system 1 in FIG.

  As described above, the web browser 40 operating on the PC 14 often has a user data storage area for each logged-in user in the OS, and the persistence area of the web browser 40 is also divided for each user. Many. Therefore, when storing the user confidential information stored in the web service server device 10 in the permanent area of the web browser 40 operating on the PC 14, JavaScript for rendering the user confidential information described above on the user page is stored in the PC 14. You do not have to send it.

  Therefore, in the third embodiment, it is determined whether the request source requesting acquisition of the user page is a shared device such as the image forming apparatus 12 or the PC 14. Sends JavaScript for rendering user confidential information on the user page. For example, it can be determined whether the device is a shared device or the PC 14 by confirming a header of a request (request) from the web browser 40, for example. In general, when the web browser 40 transmits a request, it adds a “User-Agent” header indicating who it is. Therefore, the web browser 40 is a shared device or the PC 14 by this “User-Agent” header. Can be determined.

  FIG. 19 is a flowchart illustrating an example of processing of a web application that has received a user page acquisition request. In step S91, the web application 28 receives a user page acquisition request.

  In step S92, the web application 28 requests the authentication unit 22 to confirm the authentication ticket, and determines whether the user is a valid user. If the user is a valid user (Yes in step S92), the web application 28 confirms the request source requesting acquisition of the user page in step S93.

  If the request source requesting acquisition of the user page is a shared device (Yes in step S94), the web application 28 proceeds to step S95. In step S95, the web application 28 adds JavaScript for rendering the above-mentioned user confidential information on the user page to the web content of the user page. In step S <b> 96, the web application 28 returns the web content of the user page to which the JavaScript for rendering the above-described user confidential information on the user page is added to the image forming apparatus 12.

  If it is determined in step S92 that the user is not a valid user (No in step S92), the web application 28 ends the process of FIG. If the request source requesting acquisition of the user page is not a shared device in step S94 (No in step S94), the web application 28 skips step S95 and proceeds to step S96.

  When the process of step S95 is skipped, the web application 28 returns the web content of the user page to which the above-described user confidential information is not added Java Script for rendering the user page to the image forming apparatus 12.

  As described above, in the third embodiment, when the request source requesting acquisition of the user page is a shared device, the web content of the user page to which the above-described user secret information is added to the user page is rendered as an image. The forming apparatus 12 can be provided.

  The present invention is not limited to the specifically disclosed embodiments, and various modifications and changes can be made without departing from the scope of the claims.

  The authentication unit 22 is an example of an authentication unit described in the claims. The static file management unit 24 is an example of a providing unit. The persistence unit 38 is an example of an area management unit. The script execution unit 36 is an example of an execution unit. JavaScript managed by the static file management unit 24 is an example of a function addition program.

  The permanent area is an example of a permanent data storage area. The volatile area is an example of a volatile data storage area of a browser that stores information in a volatile manner. The authentication ticket is an example of certification information indicating that the user has been authenticated.

DESCRIPTION OF SYMBOLS 1 Information processing system 10 Web service server apparatus 12 Image forming apparatus 14 PC
DESCRIPTION OF SYMBOLS 20, 30 Communication part 22 Authentication part 24 Static file management part 26 User confidential information management part 28 Web application 32 Browser engine part 34 Drawing part 36 Script execution part 38 Persistence part 40 Web browser 42 Volatile data storage part 500 Computer 501 Input device 502 Display device 503 External I / F
503a Recording medium 504 RAM
505 ROM
506 CPU
507 Communication I / F
508 HDD
601 Controller 602 Operation panel 603 External I / F
603a Recording medium 604 Communication I / F
605 Printer 606 Scanner 611 CPU
612 RAM
613 ROM
614 NVRAM
615 HDD
1000, 1001 Browser screen B Bus N1 Network

JP 2010-257289 A

Claims (12)

An information processing system comprising: a shared device that is shared and used by a plurality of users; and an information processing device that provides the shared device with content for displaying information on a browser that operates on the shared device,
The information processing apparatus includes:
An authentication unit that authenticates the user who operates the shared device and provides the shared device with an encryption key that is managed in association with the authenticated user;
Providing means for providing a function addition program for adding a function to the browser to the shared device;
Have
The shared device is
Area management means for managing the data storage area of the browser shared and used by a plurality of users;
When storing predetermined information in the data storage area of the browser, the function addition program is executed, the information is encrypted with the encryption key provided from the information processing apparatus, and is encrypted in the data storage area. An execution unit that executes the function addition program when decrypting the stored predetermined information and decrypts the encrypted predetermined information with the encryption key provided from the information processing apparatus;
An information processing system. If the information encrypted with the encryption key is stored in the persistent data storage area of the browser that permanently stores information, the execution means stores the information acquired from the persistent data storage area of the browser. Decrypting with the encryption key provided from the information processing apparatus to display on the browser,
If information encrypted with the encryption key is not stored in the persistent data storage area of the browser, information associated with the authenticated user is acquired from the information processing apparatus and displayed on the browser. 2. The information processing according to claim 1, wherein information associated with the authenticated user is encrypted with the encryption key provided from the information processing apparatus and stored in a permanent data storage area of the browser. system. When the authentication of the user is successful, the authentication unit generates an authentication key indicating the authenticated user and authentication information indicating that the user has been authenticated, and provides the authentication information to the shared device. Managing the encryption key and certification information in association with the authenticated user, and receiving the encryption key acquisition request with the certification information added from the shared device, the encryption key associated with the certification information The information processing system according to claim 2, wherein the information processing system is provided. If the encryption key encrypted with the certification information is stored in the volatile data storage area of the browser that stores information in a volatile manner, the execution means is encrypted from the volatile data storage area of the browser. The encrypted key is decrypted with the certification information provided from the information processing apparatus, and used.
If the encryption key encrypted with the certification information is not stored in the volatile data storage area of the browser that stores information in a volatile manner, the encryption key associated with the authenticated user is obtained from the information processing apparatus. Acquired and used, and encrypts the encryption key associated with the authenticated user with the certification information provided from the information processing apparatus, and stores it in a volatile data storage area of the browser The information processing system according to claim 3. The providing means discriminates between the shared device that shares the data storage area of the browser among a plurality of users and a device in which the data storage area of the browser is divided for each user, and provides the content to the shared device 5. The information processing system according to claim 1, wherein the function addition program is provided to the shared device. An information processing apparatus that provides the shared device with content for displaying information on a browser that operates on a shared device that is shared and used by a plurality of users,
An authentication unit that authenticates the user who operates the shared device and provides the shared device with an encryption key that is managed in association with the authenticated user;
Providing means for providing a function addition program for adding a function to the browser to the shared device;
Have
When the function addition program stores predetermined information in the data storage area of the browser, the information encryption program encrypts the information with the encryption key provided to the shared device, and stores the encrypted information in the data storage area. When obtaining predetermined information, the browser that operates on the shared device is controlled so that the encrypted predetermined information is decrypted with the encryption key provided to the shared device. apparatus. If the function-added program stores information encrypted with the encryption key in the persistent data storage area of the browser that permanently stores information, the information acquired from the persistent data storage area of the browser Is decrypted with the encryption key provided from the information processing device and displayed on the browser,
If information encrypted with the encryption key is not stored in the persistent data storage area of the browser, information associated with the authenticated user is acquired from the information processing apparatus and displayed on the browser. The browser operating on the shared device is configured to encrypt information associated with the authenticated user with the encryption key provided from the information processing apparatus and store the encrypted information in a persistent data storage area of the browser. The information processing apparatus according to claim 6, wherein the information processing apparatus is controlled. When the authentication of the user is successful, the authentication unit generates an authentication key indicating the authenticated user and authentication information indicating that the user has been authenticated, and provides the authentication information to the shared device. Managing the encryption key and certification information in association with the authenticated user, and receiving the encryption key acquisition request with the certification information added from the shared device, the encryption key associated with the certification information The information processing apparatus according to claim 7, wherein: If the encryption key encrypted with the certification information is stored in the volatile data storage area of the browser that stores information in a volatile manner, the function-added program is encrypted from the volatile data storage area of the browser. The decrypted encryption key is decrypted with the certification information provided from the information processing device, and used.
If the encryption key encrypted with the certification information is not stored in the volatile data storage area of the browser that stores information in a volatile manner, the encryption key associated with the authenticated user is obtained from the information processing apparatus. Obtaining and using the encrypted key associated with the authenticated user with the certification information provided from the information processing apparatus and storing it in the volatile data storage area of the browser, The information processing apparatus according to claim 8, wherein the browser that operates on a shared device is controlled. The providing means discriminates between the shared device that shares the data storage area of the browser among a plurality of users and a device in which the data storage area of the browser is divided for each user, and provides the content to the shared device The information processing apparatus according to claim 6, wherein the function addition program is provided to the shared device. An information processing apparatus for providing content to the shared device for displaying information on a browser operating on a shared device shared with a plurality of users;
Authenticating means for authenticating the user operating the shared device and providing the shared device with an encryption key to be managed in association with the authenticated user;
Providing means for providing a function addition program for adding a function to the browser to the shared device;
Function as
When the function addition program stores predetermined information in the data storage area of the browser, the information encryption program encrypts the information with the encryption key provided to the shared device, and stores the encrypted information in the data storage area. A program for controlling the browser operating on the shared device so as to decrypt the encrypted predetermined information with the encryption key provided to the shared device when acquiring the predetermined information. Executed in an information processing system having a shared device shared by a plurality of users and an information processing device that provides the shared device with content for displaying information on a browser operating on the shared device An information protection method,
The information processing apparatus includes:
Providing a function addition program for adding a function to the browser to the shared device;
An authentication step of authenticating the user operating the shared device and providing the shared device with an encryption key managed in association with the authenticated user;
Have
The shared device is
An area management step for managing a data storage area of the browser shared and used by a plurality of users;
An encryption step of executing the function addition program when storing predetermined information in the data storage area of the browser, and encrypting the information with the encryption key provided from the information processing apparatus;
When acquiring the predetermined information encrypted and stored in the data storage area, the function addition program is executed, and the encrypted predetermined information is stored with the encryption key provided from the information processing apparatus. A decoding step for decoding;
An information protection method comprising:

Images