JP2018081456A - System, document managing method, information processing device, and control program for information processing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable a management of document data without decreasing a confidentiality.SOLUTION: A system includes: a first information processing device that transmits and receives to-be-stored data that is data to be stored; and a second information processing device that stores, in the other information processing device, data created on the basis of the to-be-stored data received from the first information processing device. The system creates encryption data by encrypting the to-be-stored data using a unique encryption key to each user of the first information processing device, creates an identifier that identifies the encryption data, stores specifying information that specifies the to-be-stored data which is the original data of the encryption data in association with the identifier, stores the encryption data in the other information processing device in association with the identifier created on the basis of the encryption data, decrypts the encryption data stored in the other information processing device using an encryption key, and transmits, to the first information processing device, the to-be-stored data that is the original data decrypted from the encryption data.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a system, a document management method, an information processing apparatus, and a control program for the information processing apparatus.

  Information processing devices such as PCs (Personal Computers) and MFPs (MFPs) installed in the office environment access cloud storage services via the network and manage documents by improving computer performance and network technology. And so on. As such a cloud storage service, an information processing terminal that is a client terminal operated by a user such as a PC, a service providing device that provides a cloud storage service, and a relay device that relays and connects the information processing terminal and the service providing device What is comprised by is known.

  Document data stored in a service providing apparatus such as a server in such a cloud storage service is transmitted to the information processing terminal via the relay apparatus. Japanese Patent Application Laid-Open No. 2004-151820 discloses a configuration that makes it easy for a user to grasp a search result when searching for document data intended by the user for document data stored in a service providing apparatus.

  In the technique disclosed in Patent Document 1, a relay device converts a file identifier indicating a search result of document data received from a service providing device according to a conversion routine, and transmits the converted file identifier to an information processing device. In this way, when the same document file is stored in each of the plurality of service providing apparatuses, the document file having the same file identifier can be presented to the user as one document file.

  By the way, in such a cloud storage service, document data is generally encrypted and stored in a service providing apparatus such as a cloud server. As a technique for encrypting and handling document data, the relay device encrypts the document data with a user-owned encryption key, and the service providing device provides a storage service using only the encrypted data. The technology called “technology” is drawing attention.

  Providers that provide storage services with “Zero Knowledge Technology” handle only encrypted document data, and therefore can appeal that they do not look at the contents of document data provided by users who are customers. Further, the document data provided when the provider is requested to provide information by public power is encrypted document data.

  Therefore, for the user, there is almost no possibility that the contents of the document data will be viewed by the provider and information provider that provide the storage service, and the storage service can be used in a state where the confidentiality of the document data is maintained. There are advantages.

  However, the technique disclosed in Patent Document 1 is not supposed to be encrypted document data in the first place, and in order to specify a file of document data encrypted by a file identifier in a service providing apparatus, an encryption method is used. The converted document data must be decrypted. Therefore, the confidentiality of the document data provided by the user may be impaired.

  In order to solve the above problems, an object of the present invention is to manage document data without impairing confidentiality.

  In order to solve the above problems, one embodiment of the present invention includes a first information processing device that transmits and receives storage target data that is data to be stored, and the storage target data received from the first information processing device. A second information processing device that stores data generated based on the second information processing device, the second information processing device for each user of the first information processing device. An encrypted data generation unit that generates encrypted data by encrypting the storage target data with a unique encryption key, an identifier for identifying the encrypted data, and the storage that is the original data of the encrypted data A specific information storage unit for storing the specific information for specifying the target data and the identifier in association with each other, and the other in association with the encrypted data and the identifier generated based on the encrypted data An encrypted data storage control unit to be stored in the information processing device, an encrypted data decryption unit for decrypting the encrypted data stored in the other information processing device with the encryption key, and decrypted from the encrypted data And a communication control unit that transmits the storage target data that is the original data to the first information processing apparatus.

  According to the present invention, document data can be managed without loss of confidentiality.

The figure which shows the operation | use form of the document management system which concerns on embodiment of this invention. The figure which shows the hardware constitutions of the information processing apparatus which concerns on embodiment of this invention. 1 is a diagram illustrating a hardware configuration of an image forming apparatus according to an embodiment of the present invention. The figure which shows the function structure of the relay apparatus which concerns on embodiment of this invention. The figure which shows the function structure of the service provision apparatus which concerns on embodiment of this invention. 1 is a diagram illustrating a functional configuration of an image forming apparatus according to an embodiment of the present invention. The figure which shows the function structure of PC which concerns on embodiment of this invention. The figure which shows the information structure of the user information management table which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which registers the user information which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which registers the user information which concerns on embodiment of this invention. The figure which shows the information structure of the document management table which concerns on embodiment of this invention. The figure which shows the information structure of the document management table which concerns on embodiment of this invention. The figure which shows the information structure of the storage data management table which shows the encrypted document data based on embodiment of this invention. The sequence diagram which shows the flow of the process which encrypts the document data which concerns on embodiment of this invention. The sequence diagram which shows the flow of a process which preserve | saves the encrypted document data which concerns on embodiment of this invention in a service provision apparatus. The sequence diagram which shows the flow of the process which reads the encrypted document data preserve | saved at the service provision apparatus which concerns on embodiment of this invention. The figure which shows the display mode of the document data management UI which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which reads the encrypted document data which concerns on embodiment of this invention from a service provision apparatus. The sequence diagram which shows the flow of the process which encrypts the document data which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which encrypts the document data which concerns on embodiment of this invention. The sequence diagram which shows the flow of the process which stores the document data which concerns on embodiment of this invention in a service provision apparatus. FIG. 6 is a sequence diagram showing a flow of processing for blocking access to stored document data according to the embodiment of the present invention. The sequence diagram which shows the flow of the process which deletes the encrypted document data stored in the service provision apparatus which concerns on embodiment of this invention. The figure which shows the display mode of the document data management UI which concerns on embodiment of this invention. The figure which shows the display mode of the document data management UI which concerns on embodiment of this invention.

  Embodiments of the present invention will be described below with reference to the drawings. In the present embodiment, an information processing apparatus such as a PC that is a client terminal operated by a user and an image forming apparatus such as an MFP, a service providing apparatus that provides a storage service, and between the client terminal and the service providing apparatus as described above As an example, a document management system including a relay device that mediates the above will be described. The image forming apparatus according to the present exemplary embodiment will be described using an MFP (Multi Function Peripheral) including an image reading apparatus as an example.

  FIG. 1 is a diagram illustrating an operation mode of the document management system 6 according to the present embodiment. As shown in FIG. 1, a document management system 6 according to this embodiment includes a PC 1, an image forming apparatus 2 including input / output functions such as a printer and a scanner, a service providing apparatus 3 serving as a storage destination of document data, the PC 1, and an image. The relay apparatus 5 includes a relay apparatus 5 that connects the forming apparatus 2 and the service providing apparatus 3 via the network 4 and mediates exchange of document data. Note that the PC 1 or the image forming apparatus 2 may be configured to include more than the number shown in FIG.

  The PC 1 functions as a first information processing apparatus that is a client terminal operated by a user who transmits document data as storage target data to the service providing apparatus 3. In addition to the PC, it may be realized by an information terminal such as a smartphone or a tablet terminal. The PC 1 is installed with an application for generating document data including character information, images, and charts by a user operation. The PC 1 transmits the document data to be stored to the relay device 5.

  The image forming apparatus 2 functions as a first information processing apparatus such as an MFP that is a client terminal that can be used as a printer, a facsimile, a scanner, or a copier by providing an imaging function, an image forming function, a communication function, and the like. It is. Further, the image forming apparatus 2 generates CMYK or monochrome drawing information based on the image information included in the drawing instruction transmitted from the PC 1 and executes an image forming output based on the generated drawing information. And functions as a monochrome printer. Further, the image forming apparatus 2 is equipped with software for generating document data based on the image read by the scanner. The image forming apparatus 2 transmits the document data to be stored to the relay apparatus 5.

  The service providing apparatus 3 includes a storage device that stores data received via the network 4 and functions as a third information processing apparatus. The relay device 5 is an information processing device having a function of connecting a client device used by a user of the document management system 6 such as the PC 1 and the image forming device 2 to the service providing device 3, and the client device and the service providing device. 3 is an information processing device that encrypts or decrypts data transmitted to and received from 3 and mediates the exchange of data, and functions as a second information processing device.

  The document data encrypted by the relay device 5 is transmitted to the service providing device 3 via the network 4 and stored. In the present embodiment, when the user of the document management system 6 uses the data stored in the service providing apparatus 3, the document data encrypted by the service providing apparatus 3 is not decrypted but is encrypted in the relay apparatus 5. The converted document data is decoded into the original document data. As described above, the gist of the present invention is to manage document data without deteriorating the confidentiality of encrypted data such as document data encrypted by decryption in the relay device 5.

  Next, the hardware configuration of the PC 1 according to the present embodiment will be described. FIG. 2 is a block diagram illustrating a hardware configuration of the PC 1 according to the present embodiment. In the present embodiment, the service providing device 3 and the relay device 5 have the same hardware configuration as the PC 1. As shown in FIG. 2, the PC 1 according to the present embodiment includes a CPU (Central Processing Unit) 10, a RAM (Random Access Memory) 20, a ROM (Read Only Memory) 30, an HDD (Hard Disk Drive) 40, and an I / F 50. They are connected via a bus 90.

  Further, an LCD (Liquid Crystal Display) 60 and an operation unit 70 are connected to the I / F 50. The service providing device 3 and the relay device 5 may be configured not to include the LCD 60 and the operation unit 70.

  The CPU 10 is a calculation means and controls the operation of the entire PC 1. The RAM 20 is a volatile storage medium capable of reading and writing information at high speed, and is used as a work area when the CPU 10 processes information. The ROM 30 is a read-only nonvolatile storage medium and stores a program such as firmware. The HDD 40 is a non-volatile storage medium that can read and write information, and stores an OS (Operating System), various control programs, application programs, and the like.

  The I / F 50 connects and controls the bus 90 and various hardware and networks. The LCD 60 is a display unit for the user to check the state of the PC 1. The operation unit 70 is an input unit for a user to input information on the PC 1 and is configured with a touch panel, a hard key, and the like in the present embodiment.

  In such a hardware configuration, a program stored in a recording medium such as the ROM 30, the HDD 40, or an optical disk is read into the RAM 20, and the CPU 10 performs calculations according to those programs, whereby the PC 1, the service providing device 3, the relay Each of the software control units in the device 5 is configured. Functional blocks for realizing the functions of the PC 1, the service providing apparatus 3, and the relay apparatus 5 are configured by a combination of the software control unit configured as described above and hardware.

  Next, a hardware configuration of the image forming apparatus 2 according to the present embodiment will be described. FIG. 3 is a block diagram showing a hardware configuration of the image forming apparatus 2 according to the present embodiment. The image forming apparatus 2 has a configuration in which the controller 200 and the engine unit 33 are connected by a PCI (Peripheral Component Interface) bus.

  The controller 200 is a controller that controls the entire image forming apparatus 2 and controls drawing, communication, and input from the operation unit. The engine unit 33 is a printer engine that can be connected to a PCI bus, and is, for example, a monochrome plotter, a one-drum color plotter, a four-drum color plotter, a scanner, or a fax unit. The engine unit 33 includes an image processing unit such as error diffusion and gamma conversion in addition to a so-called engine unit such as a plotter.

  The controller 200 includes a CPU 21, a north bridge (NB) 23, a system memory (MEM-P) 22, a south bridge (SB) 24, a local memory (MEM-C) 27, an ASIC (Application Specific Integrated Circuit) 26, a hard disk drive ( HDD) 35. The north bridge (NB) 23 and the ASIC 26 are connected by an AGP (Accelerated Graphics Port) bus 25. Further, the MEM-P 22 includes a ROM (Read Only Memory) 22a and a RAM (Random Access Memory) 22b.

  The CPU 21 controls the image forming apparatus 2 and includes a chip set including the NB 23, the MEM-P 22, and the SB 24, and is connected to other devices via the chip set. The NB 23 is a bridge for connecting the CPU 21 to the MEM-P 22, SB 24, and AGP bus 25, and includes a memory controller that controls reading and writing to the MEM-P 22, a PCI master, and an AGP target. The MEM-P 22 is a system memory used as a memory for storing programs and data, a memory for developing programs and data, a drawing memory for printers, and the like, and includes a ROM 22a and a RAM 22b.

  The ROM 22a is a read-only memory used as a memory for storing programs and data, and the RAM 22b is a writable and readable memory used as a program / data development memory, a printer drawing memory, and the like. The SB 24 is a bridge for connecting the NB 23 to a PCI device and peripheral devices. The SB 24 may be connected to the NB 23 via a PCI bus, and a network interface (I / F) unit may be connected to the PCI bus.

  The ASIC 26 is an integrated circuit (IC) for image processing having hardware elements for image processing, and realizes a bridge function for connecting the AGP bus 25, the PCI bus, the HDD 35, and the MEM-C 27, respectively. The ASIC 26 includes a PCI target and an AGP master, an arbiter (ARB) that forms the core of the ASIC 26, a memory controller that controls the MEM-C 27, and a plurality of DMACs (Direct Memory Access) that perform image data rotation using hardware logic. Controller) and a PCI unit that performs data transfer between the engine unit 33 via the PCI bus.

The ASIC 26 is connected to the FCU (Facile Control Unit) 28, USB (Universal Serial Bus) 29, IEEE 1394 (the Institute of Electronics 32), and the IEEE 1394 (the Institute of Electronics 31), and the Electrical and Electronics Engine (N). Is done. The operation display unit 34 is directly connected to the ASIC 26. The MEM-C27 is a local memory used as a copy image buffer and a code buffer.

  The FCU 28 controls facsimile transmission / reception in the image forming apparatus 2. The USB 29 transmits and receives data between the image forming apparatus 2 and an external terminal connected to the image forming apparatus 2 via USB. The IEEE 1394 interface 31 transmits and receives data between the image forming apparatus 2 and an external terminal connected to the image forming apparatus 2 via an IEEE 1394 terminal. The NFC interface 32 performs non-contact near field communication.

  The HDD 35 is a storage for storing image data, programs, font data, and forms, and stores application software program files executed in the image forming apparatus 2. The AGP bus 25 is a bus interface for a graphics accelerator card proposed for speeding up graphics processing. The AGP bus 25 speeds up the graphics accelerator card by directly accessing the MEM-P22 with high throughput. .

  Next, the functional configuration of the relay device 5 according to the present embodiment will be described with reference to FIG. FIG. 4 is a functional block diagram showing a functional configuration of the relay device 5 according to the present embodiment. As illustrated in FIG. 4, the relay device 5 according to the present embodiment includes a communication control unit 501, an encryption / decryption processing unit 502, a document information management unit 503, a user information management unit 504, and a web operation control unit 505.

  The communication control unit 501 makes an authentication processing request to the service providing apparatus 3 based on the certificate unique to the relay apparatus 5 owned by the relay apparatus 5, and a secure communication channel such as HTTPS with the service providing apparatus 3. Is established, and data such as encrypted document data and document data identifiers is transmitted and received. In addition, data is transmitted to and received from the PC 1 and the image forming apparatus 2.

  The encryption / decryption processing unit 502 stores the document data received from the PC 1 or the image forming apparatus 2 on the HDD 40 of the relay apparatus 5 based on the user key that is an encryption key unique to each user of the document management system 6. It functions as an encrypted data generation unit that encrypts data using an encryption algorithm stored in the unit.

  Further, the encryption / decryption processing unit 502 uses the encryption algorithm stored in the storage unit such as the HDD 40 of the relay device 5 based on the user key for the encrypted document data read from the service providing device 3. It functions as an encrypted data decryption unit for decryption.

  The document information management unit 503 generates a document data identifier for identifying document data, and manages information in which the document data name is associated with the generated document data identifier for each user of the document management system 6 using the document management table. Functions as a specific information storage unit. The document management table will be described later.

  The user information management unit 504 generates user information that is information for managing document data for each user of the document management system 6. Specifically, the user information management unit 504 is a user identifier, a pass phrase, and a user-specific encryption key for identifying a user when a user of the new document management system 6 is registered and user information is generated. Each user key is generated and stored in a user information management table to be described later. The user information management unit 504 encrypts and stores the user key.

  The user information management unit 504 decrypts the user key with the corresponding passphrase and develops the decrypted user key in the RAM 22b. In this way, the user key stored in the user information management table is decrypted based on the corresponding passphrase.

  Further, the user information management unit 504 executes user authentication processing in the document management system 6 based on the generated user identifier, passphrase, and user key. Processing for generating a user identifier, passphrase, and user key and user authentication processing will be described later.

  The web operation control unit 505 displays a user interface (UI) for storing, reading, and deleting document data using the document management system 6 in the web browser installed in the PC 1 and user registration. And processing for displaying an authentication UI for performing user authentication. The image forming apparatus 2 also provides a Web API (Application Programming Interface) for executing processing for storing document data using the document management system 6, user authentication, and user registration.

  As described above, the relay device 5 stores only the program for executing the encryption algorithm, and the user key used when encrypting the document data and decrypting the encrypted document data is: The user of the document management system 6 decrypts it by inputting a passphrase. Therefore, in order to make the user key necessary for performing encryption / decryption usable in the relay device 5, a passphrase input by the authenticated user is required, and thus the security is more robust. A document management system 6 can be provided.

  Next, the functional configuration of the service providing apparatus 3 according to the present embodiment will be described with reference to FIG. FIG. 5 is a functional block diagram showing a functional configuration of the service providing apparatus 3 according to the present embodiment. As illustrated in FIG. 5, the service providing apparatus 3 according to the present embodiment includes a communication control unit 301 and a data storage unit 302.

  The communication control unit 301 executes an authentication process based on a certificate unique to the relay device 5 held by the relay device 5, and a secure communication channel such as HTTPS (Hypertext Transfer Protocol Secure) with the relay device 5. Establish and send and receive data. The data storage unit 302 stores an identifier for identifying the document data in association with the encrypted document data.

  Thus, the service providing apparatus 3 according to the present embodiment cannot decrypt the stored encrypted document data. Therefore, in the document management system 6, the administrator who manages the service providing apparatus 3 does not know the contents of the encrypted document data.

  Next, the functional configuration of the image forming apparatus 2 according to the present embodiment will be described with reference to FIG. FIG. 6 is a functional block diagram showing a functional configuration of the image forming apparatus 2 according to the present embodiment. As illustrated in FIG. 6, the image forming apparatus 2 according to the present embodiment includes a communication control unit 201, a screen display control unit 202, an input / output control unit 203, and an image processing unit 204.

  The communication control unit 201 transmits / receives data to / from the relay device 5. The screen display control unit 202 controls the screen and UI displayed on the operation display unit 34 of the image forming apparatus 2. The input / output control unit 203 generates instruction information for storing, reading, and deleting document data based on a screen displayed on the operation display unit 34 and a UI operation signal. The communication control unit 201 transmits the generated instruction information to the relay device 5.

  The image processing unit 204 generates document data based on the original image read by the scanner unit of the image forming apparatus 2. In addition, a process of generating drawing information for printing out data input to the image forming apparatus 2 is executed.

  Next, the functional configuration of the PC 1 will be described with reference to FIG. FIG. 7 is a functional block diagram showing a functional configuration of the PC 1. As illustrated in FIG. 7, the PC 1 includes a communication control unit 101, a screen display control unit 102, and an input / output control unit 103.

  The communication control unit 101 transmits / receives data to / from the relay device 5. The screen display control unit 102 controls a screen or UI displayed on a display unit such as the LCD 60. The input / output control unit 103 generates instruction information for storing, reading, and deleting document data based on a screen displayed on a display unit such as the LCD 60 or a UI operation signal. The communication control unit 101 transmits the generated instruction information to the relay device 5.

  In the document management system 6 configured as described above, document data created by the PC 1 and document data generated using the scanner function of the image forming apparatus 2 are provided via the relay apparatus 5 and the network 4 as a service providing apparatus. In general, a so-called storage service to be stored in 3 is performed. In the present embodiment, the document data transmitted to the service providing device 3 is encrypted by the relay device 5.

  Then, the document data stored in the service providing apparatus 3 can be designated from the PC 1 without decrypting the encrypted document data in the service providing apparatus 3. Accordingly, since the network 4 and the service providing apparatus 3 can manage the encrypted document data without decrypting it, the confidentiality of the encrypted document data is maintained.

  Next, a flow of processing for managing document data in the document management system 6 according to the present embodiment will be described with reference to the drawings. First, the flow of processing for newly registering user information in the document management system 6 will be described with reference to FIGS.

  FIG. 8 is a data table showing the information configuration of the user information management table according to the present embodiment. As shown in FIG. 8, the user information according to the present embodiment includes a user identifier, a passphrase, and a user key.

  The user identifier is information for identifying the user, and is information that can be arbitrarily set by the user. The passphrase is information for authenticating the user identifier, and is information such as a character string that can be arbitrarily designated by the user. The passphrase is stored in the irreversible format such as a hash value in the user information management unit 504.

  The user key is information necessary for encrypting and decrypting document data, and is encrypted and stored in the user information management unit 504. Also, when a new user of the document management system 6 is registered and user information is generated, the user key is generated by the user information management unit 504 so that it does not overlap with a user key that has already been generated. Generated. In addition, the user information management unit 504 executes an encryption algorithm using a passphrase in order to decrypt the encrypted user key.

  FIG. 9 is a sequence diagram showing a flow of processing for registering user information according to the present embodiment. In FIG. 9, the flow of processing for registering user information from the PC 1 will be described. In the document management system 6, a user who newly registers from the PC 1 first operates the UI displayed on the PC 1. When an operation for requesting user registration is performed on the UI displayed on the PC 1, the input / output control unit 103 requests the relay device 5 to read the authentication UI (S901).

  The web operation control unit 505 transmits instruction information for displaying the authentication UI on the PC 1 to the PC 1 (S902). The screen display control unit 102 displays the authentication UI on the display unit based on the instruction information received from the relay device 5 (S903).

  A user of the document management system 6 operates the operation unit 70 of the PC 1 and inputs a user identifier and a passphrase. The input / output control unit 103 generates input information that identifies a user identifier and a passphrase based on a user operation (S904), and the communication control unit 101 transmits the generated input information to the relay device 5 ( S905).

  Upon receiving the input information, the user information management unit 504 generates a user identifier and a passphrase, and further generates a random number to generate a user key (S906). The user information management unit 504 encrypts the generated user key, stores it together with the user identifier and passphrase corresponding to the generated user key, and updates the user information management table (S907).

  The user information management unit 504 stores the generated user key together with the corresponding user identifier and passphrase, and when the user information management table is updated, notification information indicating that the registration of the user information is completed is transmitted to the PC 1 (S908). ). Upon receiving the notification information, the screen display control unit 102 displays a screen for notifying that the registration of user information has been completed on the display unit (S909), and ends this processing.

  Thus, although the user identifier and the passphrase are generated in the PC 1, the user key is generated in the relay device 5 and managed as user information in the user information management unit 504.

  Next, a flow of processing for registering user information from the image forming apparatus 2 will be described with reference to FIG. FIG. 10 is a sequence diagram showing a flow of processing for registering user information according to the present embodiment. In the document management system 6, a user who newly registers from the image forming apparatus 2 first operates the UI displayed on the operation display unit 34. When an operation for requesting user registration is performed on the UI displayed on the operation display unit 34, the input / output control unit 203 requests the relay device 5 to read the authentication UI (S1001).

  The web operation control unit 505 transmits instruction information for displaying the authentication UI on the operation display unit 34 to the image forming apparatus 2 (S1002). The screen display control unit 202 displays an authentication UI on the operation display unit 34 based on the instruction information received from the relay device 5 (S1003).

  The user of the document management system 6 operates the operation display unit 34 and inputs a user identifier and a passphrase. The input / output control unit 203 generates input information for specifying a user identifier and a passphrase based on a user operation (S1004), and the communication control unit 201 transmits the generated input information to the relay device 5. (S1005).

  Note that the image forming apparatus 2 includes an NFC interface 32. Therefore, the process of S1004 may be executed when the user brings an IC card or the like storing the user identifier and passphrase close to the NFC interface 32.

  Upon receiving the input information, the user information management unit 504 generates a user identifier and a passphrase, and further generates a random number to generate a user key (S1006). The user information management unit 504 encrypts the generated user key, stores it together with the user identifier and passphrase corresponding to the generated user key, and updates the user information management table (S1007).

  The user information management unit 504 stores the generated user key together with the corresponding user identifier and passphrase, and when the user information management table is updated, notification information indicating that the registration of the user information is completed is transmitted to the image forming apparatus 2. (S1008). When receiving the notification information, the screen display control unit 202 displays a screen for notifying that the registration of the user information is completed on the operation display unit 34 (S1009), and ends this processing.

  Thus, although the user identifier and the passphrase are generated in the image forming apparatus 2, the user key is generated in the relay apparatus 5 and managed as user information in the user information management unit 504.

  A user who has performed user registration can store document data in the service providing apparatus 3 from the PC 1 or the image forming apparatus 2 via the relay apparatus 5. Next, how the document information management unit 503 manages document data identifiers and document data names will be described with reference to the drawings. FIG. 11 is a data table showing the information structure of the document management table for user A, and FIG. 12 is a data table showing the information structure of the document management table for user B.

  As shown in FIGS. 11 and 12, the document information management unit 503 generates a random number based on the document data to generate a document data identifier, associates the document data name with the document data identifier, and stores them in the document management table. Remember. The document information management unit 503 manages the document management table for each user. In this way, the document information management unit 503 can specify the document data based on the document data identifier for each user.

  11 is a document management table for user A, and FIG. As shown in FIGS. 11 and 12, in the document data management table, a unique document data identifier is stored in association with the document data name. The document information management unit 503 stores the generated document data identifier, does not generate a duplicate document data identifier, and specifies document data before the document data name and the document data identifier are encrypted. Manage as specific information.

  Further, when the user performs an operation to prevent access to the encrypted document data stored in the service providing apparatus 3, or the encrypted document data stored in the service providing apparatus 3 Is deleted, the document information management unit 503 may delete the document data identifier associated with the stored document data.

  Next, the storage mode of the document data identifier and the encrypted document data in the service providing apparatus 3 will be described with reference to FIG. FIG. 13 is a diagram illustrating an information configuration of a data table indicating encrypted document data stored in the data storage unit 302.

  As shown in FIG. 13, the data storage unit 302 stores the document data identifier and the encrypted document data in association with each other. The data storage unit 302 also creates a data table for each relay device 5 and stores the document data identifier and the encrypted document data.

  As described with reference to FIGS. 11 to 13, in the document management system 6 according to the present embodiment, the service providing apparatus 3 stores only the encrypted document data and the document data identifier. Next, the flow of processing for storing document data in the service providing apparatus 3 in the document management system 6 according to the present embodiment will be described with reference to the drawings. The processing flow described below corresponds to a part of the embodiment of the document management method according to the present invention.

  FIG. 14 is a sequence diagram showing a flow of processing for encrypting document data in the document management system 6 according to the present embodiment. The user of the document management system 6 operates the UI displayed on the PC 1 and performs an operation for reading out the authentication UI for performing user authentication from the relay device 5. Based on the operation performed by the user, the input / output control unit 103 generates instruction information for reading the authentication UI, and transmits the instruction information to the relay device 5 via the communication control unit 101 (S1401).

  When receiving the instruction information for reading the authentication UI, the web operation control unit 505 transmits the instruction information for displaying the authentication UI to the PC 1 (S1402). The screen display control unit 102 displays the authentication UI on the display unit based on the instruction information received from the relay device 5 (S1403).

  The user of the document management system 6 operates the authentication UI displayed in the process of S1403, and inputs a user identifier and a passphrase. The input / output control unit 103 generates input information for identifying the user identifier and the passphrase based on the user's operation (S1404), and the communication control unit 101 transmits the input information to the relay device 5 to request a user authentication. Is performed (S1405).

  The user information management unit 504 compares the received input information with the user information management table. When the user information management table includes information indicating the user identifier and the passphrase specified by the received input information, the user authentication management unit 504 performs user authentication. (S1406). When user authentication is performed, a secure communication channel is established between the communication control unit 501 and the communication control unit 101. The user information management unit 504 decrypts the user key corresponding to the user identifier using the passphrase (S1407).

  When the user key is decrypted, the web operation control unit 505 transmits instruction information for displaying a document data management UI for managing document data to the PC 1 (S1408). Upon receiving the instruction information for displaying the document data management UI, the screen display control unit 102 displays the document data management UI on the display unit (S1409).

  A user of the document management system 6 operates the document data management UI to determine document data to be stored in the service providing apparatus 3. Based on the user's operation, the input / output control unit 103 determines the document data to be stored in the service providing apparatus 3, and relays the document data determined via the communication control unit 101 and the storage request for the document data. 5 (S1410).

  The encryption / decryption processing unit 502 encrypts the document data received from the PC 1 in S1410 based on the user key decrypted in S1407 (S1411), and the document information management unit 503 identifies the encrypted document data. A document data identifier is generated (S1412). Through such processing steps, the document data transmitted from the PC 1 is encrypted in the relay device 5.

  Next, the flow of processing for storing the encrypted document data in the service providing apparatus 3 will be described with reference to FIG. FIG. 15 is a sequence diagram showing a flow of processing for storing the encrypted document data in the service providing apparatus 3 according to the present embodiment.

  When the document data identifier of the encrypted document data is generated in the relay device 5 (S1412), the communication control unit 501 transmits the certificate information unique to the relay device 5 to the service providing device 3, and device authentication. A request is made (S1501). The communication control unit 301 executes authentication processing based on the received certificate information, and establishes a secure communication channel with the relay device 5 (S1502).

  When the authentication process is completed, the communication control unit 301 notifies the relay apparatus 5 of the completion of the authentication process (S1503). The document information management unit 503 transmits the document data encrypted in S1411 and the document data identifier corresponding to the document data, generated in S1412 to the service providing apparatus 3, and makes a storage request for storing the document data. (S1504). Therefore, the document information management unit 503 functions as an encrypted data storage control unit.

  The data storage unit 302 stores the encrypted document data and the corresponding document data identifier (S1505), and a data table indicating the encrypted document data stored in the service providing apparatus 3 illustrated in FIG. When the storage data management table is updated, the relay device 5 is notified that the processing for storing the document data has been completed (S1506).

  Upon receiving the notification in S1506, the document information management unit 503 newly adds the document data transmitted in S1504 and its document data identifier to the document management table of the user authenticated in S1406, and updates it (S1507). When the document management table is updated, the document information management unit 503 notifies the PC 1 that the storage of the document data has been completed (S1508).

  When the screen display control unit 102 receives the notification that the document data storage is completed, the screen display control unit 102 displays on the display unit that the document data storage is completed (S1509). When the user performs an operation for canceling the user authentication from the document data management UI (S1510), the user information management unit 504 deletes the user key decrypted in S1407 and cancels the user authentication (S1511). Note that the authentication UI is displayed on the display unit of the PC 1 after the user authentication is canceled.

  As described above, in the document management system 6 according to the present embodiment, the document data stored in the service providing apparatus 3 from the client terminal PC 1 is encrypted in advance in the relay apparatus 5 and then transmitted to the service providing apparatus 3. To do. Next, the process of reading the encrypted document data in the service providing apparatus 3 will be described with reference to the drawings.

  FIG. 16 is a sequence diagram showing a flow of processing for reading encrypted document data stored in the service providing apparatus 3 in the document management system 6 according to the present embodiment. The user of the document management system 6 operates the UI displayed on the PC 1 and performs an operation for reading out the authentication UI for performing user authentication from the relay device 5. Based on the operation performed by the user, the input / output control unit 103 generates instruction information for reading the authentication UI, and transmits the instruction information to the relay device 5 via the communication control unit 101 (S1601).

  When receiving the instruction information for reading the authentication UI, the web operation control unit 505 transmits the instruction information for displaying the authentication UI to the PC 1 (S1602). The screen display control unit 102 displays the authentication UI on the display unit based on the instruction information received from the relay device 5 (S1603).

  The user of the document management system 6 operates the authentication UI displayed in the processing of S1603, and inputs a user identifier and a passphrase. The input / output control unit 103 generates input information for identifying the user identifier and passphrase based on the user's operation (S1604), and the communication control unit 101 transmits the input information to the relay device 5 to request a user authentication. Is performed (S1605).

  The user information management unit 504 compares the received input information with the user information management table. When the user information management table includes information indicating the user identifier and the passphrase specified by the received input information, the user authentication management unit 504 performs user authentication. Is performed (S1606). When user authentication is performed, secure communication is established between the communication control unit 501 and the communication control unit 101. The user information management unit 504 decrypts the user key corresponding to the user identifier using the passphrase (S1607).

  When the user key is decrypted, the web operation control unit 505 transmits instruction information for displaying a document data management UI for managing document data to the PC 1 (S1608). In S1608, the information for displaying the document data management UI includes information on the document management table corresponding to the user authenticated in S1606. Upon receiving the instruction information for displaying the document data management UI, the screen display control unit 102 displays the document data management UI on the display unit (S1609).

  A user of the document management system 6 operates the document data management UI to determine document data to be read from the service providing apparatus 3. FIG. 17 is a diagram exemplifying a document data management UI displayed on the display unit in S1609. As shown in FIG. 17, the document data management UI displays the contents for specifying the document data included in the document management table corresponding to the user authenticated in S1606.

  In the document data management UI as shown in FIG. 17, for example, the user operates a UI button for reading “A department report material.doc”. Based on the user's operation, the input / output control unit 103 determines the document data to be read from the service providing apparatus 3, and transmits a request for reading the document data to the relay apparatus 5 via the communication control unit 101 (S1610). At this time, when the UI button for reading the document data: “A department report material.doc” is operated, the input / output control unit 103 relays a read request for the document data: “A department report material.doc”. Send to 5.

  The document information management unit 503 reads the document data identifier based on the read request received from the PC 1 in S1610 (S1611). Specifically, the document information management unit 503 reads the document data identifier based on the document data name received from the PC 1 in S1610. Therefore, the document information management unit 503 reads “8ab93kd893jgsloq...” That is the document data identifier corresponding to the document data: “A department report material.doc” in the process of S1611.

  Next, the flow of processing for reading encrypted document data from the service providing apparatus 3 will be described with reference to FIG. FIG. 18 is a sequence diagram showing a flow of processing for reading out encrypted document data from the service providing apparatus 3 according to the present embodiment.

  In the relay device 5, when the document data identifier of the document data read from the service providing device 3 is read (S1611), the communication control unit 501 transmits the certificate information unique to the relay device 5 to the service providing device 3, and the device An authentication request is made (S1801). The communication control unit 301 executes authentication processing based on the received certificate information, and establishes a secure communication channel with the communication control unit 501 (S1802).

  When the authentication process is completed, the communication control unit 301 notifies the relay apparatus 5 of the completion of the authentication process (S1803). The document information management unit 503 responds to the document data specified in S1610, transmits the document data identifier read in S1611 to the service providing apparatus 3, and makes a document data read request (S1804). That is, information transmitted from the relay device 5 to the service providing device 3 is information indicating the document data identifier: “8ab93kd893jgsloq.

  The data storage unit 302 reads the encrypted document data identified by the document data identifier received from the relay device 5 in S1804 from the document data identifier and the corresponding encrypted document data (S1805). The data storage unit 302 transmits the read encrypted document data to the relay device 5 via the communication control unit 301 (S1806).

  Upon receiving the encrypted document data (S1807), the encryption / decryption processing unit 502 uses the user key decrypted in S1607 to decrypt the received encrypted document data (S1808). Then, the communication control unit 501 transmits the decrypted document data: “A department report material.doc” to the PC 1 (S1809).

  When the communication control unit 101 receives the document data: “A department report material.doc” (S1810) and the user performs an operation to cancel the user authentication from the document data management UI (S1811), the user information management unit 504 , The user key decrypted in S1607 is deleted to cancel the user authentication (S1812). Note that the authentication UI is displayed on the display unit of the PC 1 after the user authentication is canceled.

  As described above, the document management system 6 according to the present embodiment stores the encrypted document data in the service providing apparatus 3 and also uses the document data identifier when reading the document data from the service providing apparatus 3. To do. For this reason, the content of encrypted document data such as the document data name and decrypted document data is less likely to be leaked to the service providing apparatus 3, and the confidentiality of the document data stored in the service providing apparatus 3 is impaired. Document data can be managed.

  In the present embodiment, in addition to the PC 1, the image forming apparatus 2 can be used as a client terminal used by the user of the document management system 6. Next, a flow of processing for storing document data transmitted from the image forming apparatus 2 in the service providing apparatus 3 will be described with reference to the drawings. FIG. 19 is a sequence diagram showing a flow of processing for encrypting document data in the document management system 6 according to the present embodiment.

  When an operation for starting a scanner application is performed on the operation display unit 34 of the image forming apparatus 2 (S1901), the screen display control unit 202 causes the operation display unit 34 to display an authentication UI for performing user authentication (S1902). ).

  The user of the document management system 6 operates the authentication UI displayed in the process of S1902, and inputs a user identifier and a passphrase. The input / output control unit 203 generates input information for specifying a user identifier and a passphrase based on a user operation (S1903).

  Note that the image forming apparatus 2 includes an NFC interface 32. Therefore, the process of S1903 may be executed when the user brings an IC card or the like storing the user identifier and passphrase close to the NFC interface 32.

  When the input information is generated, the screen display control unit 202 displays a scan UI for executing the scanner application on the operation display unit 34 (S1904). The user of the document management system 6 causes the image forming apparatus 2 to scan a document to be read (S1905), and the image processing unit 204 generates document data based on the read image (S1906).

  Then, the user of the document management system 6 performs an operation of designating the document data name for the document data generated in S1906 from the operation display unit 34 (S1907). Next, the communication control unit 201 transmits the input information including the user identifier and the passphrase generated in S1093, the document data generated in S1906, and the document data name information specified in S1907 to the relay apparatus 5. Then, a document data storage request is made (S1908).

  The user information management unit 504 compares the received input information with the user information management table. When the user information management table includes information indicating the user identifier and the passphrase specified by the received input information, the user authentication management unit 504 performs user authentication. Is performed (S1909). When user authentication is performed, secure communication is established between the communication control unit 501 and the communication control unit 201. The user information management unit 504 decrypts the user key corresponding to the user identifier using the passphrase (S1910).

  When the user key is decrypted, the encryption / decryption processing unit 502 encrypts the document data received from the image forming apparatus 2 in S1908 (S1911). Then, the document information management unit 503 generates a document data identifier for identifying the encrypted document data (S1912).

  Note that in the image forming apparatus 2 according to the present embodiment, a document to be read can be scanned after a user authentication request is once made to the relay apparatus 5. FIG. 20 is a sequence diagram showing a flow of processing for encrypting document data according to the present embodiment.

  When an operation for starting a scanner application is performed on the operation display unit 34 of the image forming apparatus 2 (S2001), the input / output control unit 203 generates instruction information for reading the authentication UI, and the communication control unit 201 performs the operation. To the relay device 5 (S2002).

  Upon receiving the instruction information for reading the authentication UI, the web operation control unit 505 transmits instruction information for displaying the authentication UI to the image forming apparatus 2 (S2003). The screen display control unit 202 displays an authentication UI on the operation display unit 34 based on the instruction information received from the relay device 5 (S2004).

  The user of the document management system 6 operates the authentication UI displayed in the process of S2004, and inputs a user identifier and a passphrase. The input / output control unit 203 generates input information for identifying the user identifier and the passphrase based on the user's operation (S2005), and the communication control unit 201 transmits the input information to the relay device 5 to request the user authentication. (S2006).

  Note that the image forming apparatus 2 includes an NFC interface 32. Therefore, the process of S2005 may be executed when the user brings an IC card or the like storing the user identifier and passphrase close to the NFC interface 32.

  The user information management unit 504 compares the received input information with the user information management table. When the user information management table includes information indicating the user identifier and the passphrase specified by the received input information, the user authentication management unit 504 performs user authentication. (S2007). When user authentication is performed, secure communication is established between the communication control unit 501 and the communication control unit 201, and the communication control unit 501 notifies the image forming apparatus 2 of completion of user authentication (S2008). The user information management unit 504 decrypts the user key corresponding to the user identifier using the passphrase (S2010).

  Upon receiving the user authentication completion notification (S2009), the screen display control unit 202 causes the operation display unit 34 to display a scan UI for executing the scanner application (S2011). The user of the document management system 6 causes the image forming apparatus 2 to scan a document to be read (S2012), and the image processing unit 204 generates document data based on the read image (S2013).

  Then, the user of the document management system 6 performs an operation for designating the document data name for the document data generated in S2013 from the operation display unit 34 (S2014). Next, the communication control unit 201 transmits the document data generated in S2013 and the information of the document data name specified in S2014 to the relay device 5, and makes a document data storage request (S2015).

  Upon receiving the document data storage request, the encryption / decryption processing unit 502 encrypts the document data received from the image forming apparatus 2 in S2015 using the user key decrypted in S2010 (S2016). Then, the document information management unit 503 generates a document data identifier for identifying the encrypted document data (S2017).

  Next, the processing after the document data identifier of the encrypted document data is generated in the relay device 5 will be described with reference to FIG. FIG. 21 is a sequence diagram showing a flow of processing for storing encrypted document data in the service providing apparatus 3 according to the present embodiment.

  When the document data identifier of the encrypted document data is generated in the relay device 5 (S1912 or S2017), the communication control unit 501 transmits the certificate information unique to the relay device 5 to the service providing device 3, A device authentication request is made (S2101). The communication control unit 301 executes authentication processing based on the received certificate information, and establishes a secure communication channel with the relay device 5 (S2102).

  When the authentication process is completed, the communication control unit 301 notifies the relay apparatus 5 of the completion of the authentication process (S2103). The document information management unit 503 sends the document data encrypted in S1911 or S2016 and the document data identifier corresponding to the document data and generated in S1912 or S2017 to the service providing apparatus 3, and stores the document data. Is performed (S2104).

  The data storage unit 302 stores the encrypted document data and the corresponding document data identifier (S2105). When the storage data management table is updated, the data storage unit 302 notifies the relay device 5 that the processing for storing the document data is completed. Notification is made (S2106).

  Upon receiving the notification in S2106, the document information management unit 503 newly adds the document data transmitted in S2104 and its document data identifier to the document management table of the user authenticated in S1907 or S2007, and updates it (S2107). When the document management table is updated, the user information management unit 504 cancels the user authentication (S2108).

  As described above, in the document management system 6 according to the present embodiment, document data stored in the service providing apparatus 3 from the image forming apparatus 2 that is a client terminal is encrypted in advance in the relay apparatus 5 and then the service providing apparatus. 3 to send. Further, in the service providing apparatus 3, only the encrypted document data is stored, and the encrypted document data is identified by the document data identifier. Therefore, it is not necessary to decrypt the encrypted document data.

  Accordingly, since the decrypted document data is not handled in the service providing apparatus 3, the document management system 6 can be operated without impairing the confidentiality of the encrypted document data.

  Furthermore, in the document management system 6 according to the present embodiment, it is possible to prevent access to stored document data and reduce leakage of document data that does not need to be stored. The flow of processing for blocking access to stored document data in the document management system 6 according to this embodiment will be described below with reference to the drawings.

  FIG. 22 is a sequence diagram showing a flow of processing for blocking access to stored document data in the document management system 6 according to the present embodiment. The user of the document management system 6 operates the UI displayed on the PC 1 and performs an operation for reading out the authentication UI for performing user authentication from the relay device 5. Based on the operation performed by the user, the input / output control unit 103 generates instruction information for reading the authentication UI, and transmits the instruction information to the relay device 5 via the communication control unit 101 (S2201).

  When receiving the instruction information for reading the authentication UI, the web operation control unit 505 transmits the instruction information for displaying the authentication UI to the PC 1 (S2202). The screen display control unit 102 displays the authentication UI on the display unit based on the instruction information received from the relay device 5 (S2203).

  The user of the document management system 6 operates the authentication UI displayed in the process of S2203, and inputs a user identifier and a passphrase. The input / output control unit 103 generates input information for identifying the user identifier and passphrase based on the user's operation (S2204), and the communication control unit 101 transmits the input information to the relay device 5 to request a user authentication. Is performed (S2205).

  The user information management unit 504 compares the received input information with the user information management table. When the user information management table includes information indicating the user identifier and the passphrase specified by the received input information, the user authentication management unit 504 performs user authentication. (S2206). When user authentication is performed, a secure communication channel is established between the communication control unit 501 and the communication control unit 101. The user information management unit 504 decrypts the user key corresponding to the user identifier using the passphrase (S2207).

  When the user key is decrypted, the web operation control unit 505 transmits instruction information for displaying a document data management UI for managing document data to the PC 1 (S2208). Upon receiving the instruction information for displaying the document data management UI, the screen display control unit 102 displays the document data management UI on the display unit (S2209).

  The user of the document management system 6 operates the document data management UI to determine the document data to be deleted from the document data stored in the service providing apparatus 3. For example, assume that at this time, the user decides document data: “A department report material.doc” as document data to be deleted, as shown in FIG. Based on the user's operation, the input / output control unit 103 determines the document data to be deleted, and transmits a request to delete the document data to the relay device 5 via the communication control unit 101 (S2210). That is, in the process of S 2210, a deletion request for document data: “A department report material.doc” is transmitted to the relay device 5.

  The document information management unit 503 reads out the document data identifier of the document data received in S2210 from the document management table (S2211), and deletes the read document data identifier from the document management table (S2212). At this time, the document information management unit 503 reads “8ab93kd893jgsloq...” That is the document data identifier corresponding to the document data: “A department report material.doc” in the process of S2211. Further, the document information management unit 503 deletes the document data identifier: “8ab93kd893jgsloq...” From the document management table in the process of S2212.

  When the document management table is updated by the document information management unit 503 (S2213), the communication control unit 501 notifies the PC 1 that the document management table has been updated (S2214). The screen display control unit 102 displays on the display unit that the deletion of the document data has been completed as shown in FIG. 25 (S2215). When the user performs an operation for canceling user authentication, the communication control unit 101 transmits a user authentication cancel request to the relay device 5 (S2216).

  Upon receiving the user authentication cancellation request, the user information management unit 504 cancels the user authentication by deleting the user key decrypted in S2207 (S2217). Note that the authentication UI is displayed on the display unit of the PC 1 after the user authentication is canceled.

  As described above, the document management system 6 according to the present embodiment deletes the document data identifier in the document management table so that the stored document data cannot be accessed. As described above, the process of deleting the document data identifier for specifying the encrypted document data stored in the service providing apparatus 3 from the relay apparatus 5 makes it impossible to access the stored document data. There is no need to establish communication with the service providing apparatus 3. Therefore, the processing efficiency in the document management system 6 can be increased.

  Further, by deleting the encrypted document data stored in the service providing device 3, the confidentiality of the document data can be further increased. Hereinafter, processing for deleting encrypted document data stored in the service providing apparatus 3 will be described with reference to the drawings.

  FIG. 23 is a sequence diagram showing a flow of processing for deleting encrypted document data stored in the service providing apparatus 3 in the document management system 6 according to the present embodiment. In the processing shown in FIG. 23, the same processing as S2201 to S2211 in FIG. 22 is executed. Therefore, the description of S2201 to S2211 is omitted, and the description will be made from the processing of S2301.

  When the document data management unit 503 reads the document data identifier from the document management table (S2211), the communication control unit 501 transmits the certificate information unique to the relay device 5 to the service providing device 3, and makes a device authentication request. This is performed (S2301). The communication control unit 301 executes authentication processing based on the received certificate information, and establishes a secure communication channel with the communication control unit 501 (S2302).

  When the authentication process is completed, the communication control unit 301 notifies the relay apparatus 5 of the completion of the authentication process (S2303). The document information management unit 503 transmits the document data identifier read in S2211 to the service providing apparatus 3, and requests deletion of the encrypted document data (S2304). That is, information transmitted from the relay device 5 to the service providing device 3 is information indicating the document data identifier: “8ab93kd893jgsloq.

  The data storage unit 302 deletes the encrypted document data corresponding to the received document data identifier (S2305), and notifies the relay device 5 that the deletion of the encrypted document data is completed (S2306). Upon receiving the notification in S2306, the document information management unit 503 deletes the document data identifier transmitted in S2304 and the document data name corresponding to the document data identifier from the document management table (S2307), and updates the document management table ( S2213).

  Subsequent processing is the same as S2213 to S2217 in FIG. As described above, the document management system 6 according to the present embodiment specifies the document data to be deleted based on the document data identifier when deleting the encrypted document data stored in the service providing apparatus 3, Can be deleted.

  As described above, in the document management system 6 according to this embodiment, the document providing information for specifying the encrypted document data in the service providing apparatus 3 and the encrypted / unencrypted document data are encrypted. The decryption program is operated by the relay device 5. In the relay device 5, a user key that is an encryption key for performing encryption / decryption is managed by the user of the document management system 6, and therefore cannot be recognized by the service providing device 3.

  Therefore, in the service providing apparatus 3, the document data is not decrypted, and the confidentiality of the document data is not impaired. Further, the user of the document management system 6 can confirm that the privacy of the encrypted document data is ensured, and can use the cloud storage service with peace of mind.

1 PC
2 image forming apparatus 3 service providing apparatus 4 network 5 relay apparatus 6 document management system 10 CPU
20 RAM
21 CPU
22 MEM-P
23 NB
24 SB
25 Bus 26 ASIC
27 MEM-C
28 FCU
29 USB
30 ROM
31 IEEE 1394
32 NFC
33 Engine 34 Operation display section 35 HDD
40 HDD
50 interface 60 LCD
70 Operation unit 90 Bus 101 Communication control unit 102 Screen display control unit 103 Input / output control unit 201 Communication control unit 202 Screen display control unit 203 Input / output control unit 204 Image processing unit 301 Communication control unit 302 Data storage unit 501 Communication control unit 502 Encryption / decryption processing unit 503 Document information management unit 504 User information management unit 505 Web operation control unit

Japanese Patent Laying-Open No. 2015-102995

Claims (14)

A first information processing apparatus that transmits and receives storage target data that is storage target data; and
A second information processing apparatus for storing data generated based on the storage target data received from the first information processing apparatus in another information processing apparatus;
A system including:
The second information processing apparatus
An encrypted data generation unit that generates encrypted data by encrypting the storage target data with a unique encryption key for each user of the first information processing apparatus;
A specific information storage unit that generates an identifier for identifying the encrypted data and stores the specific information for specifying the storage target data that is the original data of the encrypted data and the identifier in association with each other;
An encrypted data storage control unit that associates the encrypted data with an identifier generated based on the encrypted data and stores the associated data in the other information processing apparatus;
An encrypted data decrypting unit for decrypting the encrypted data stored in the other information processing apparatus with the encryption key;
A communication control unit that transmits the storage target data that is the original data decrypted from the encrypted data to the first information processing apparatus;
A system characterized by including. The second information processing apparatus
A user information management unit that associates and stores the encryption key, information on a character string unique to each user, and a user identifier that identifies the user;
The encrypted data generation unit
2. The encryption data is decrypted from the character string information, and the encrypted data is generated from the storage target data received from the first information processing apparatus by the decrypted encryption key. The system described in. The user information management unit
When a combination of the character string information and the user identifier is newly input, the encryption key is generated, and the encryption key, the character string information, and the user identifier are stored in association with each other and stored. 3. The system according to claim 2, wherein when the user identifier is deleted, the encryption key associated with the user identifier is deleted. The user information management unit
The system according to claim 2 or 3, wherein the character string information is converted into a hash value and stored. The encrypted data storage control unit
When receiving a deletion request for deleting the storage target data from the first information processing apparatus, the identifier associated with the encrypted data based on the storage target data is deleted. The system as described in any one of Claims 1-4. The other information processing apparatus is a third information processing apparatus that is connected to the second information processing apparatus via a network and stores the data.
The third information processing apparatus includes:
Storing the encrypted data and the identifier in association with each second information processing apparatus;
The specific information storage unit in the second information processing apparatus is
Storing the specific information and the identifier in association with each other;
The encrypted data storage control unit in the second information processing apparatus is
Identifying the encrypted data based on an identifier associated with the identifying information;
The encrypted data decryption unit in the second information processing apparatus is
6. The specified encrypted data is received from the third information processing apparatus, and the received encrypted data is decrypted with the encryption key. The described system. The first information processing apparatus includes:
An image processing unit that generates the data based on the read image;
Information input to the first information processing apparatus, wherein a user identifier for identifying the user, information on the unique character string, the generated data, and the specific information are included in the second information processing apparatus. The system according to any one of claims 1 to 6, wherein the system is transmitted to the system. A first information processing apparatus that transmits and receives storage target data that is storage target data; and
A second information processing apparatus for storing data generated based on the storage target data received from the first information processing apparatus in another information processing apparatus;
A document management method in a system including:
Encrypting the storage target data with a unique encryption key for each user of the first information processing device to generate encrypted data,
Generating an identifier for identifying the encrypted data, storing the identifier and the specific information for specifying the storage target data that is the original data of the encrypted data in association with each other;
Storing the encrypted data and an identifier generated based on the encrypted data in association with the other information processing apparatus;
Decrypting the encrypted data stored in the other information processing apparatus with the encryption key;
A document management method, comprising: transmitting the storage target data that is the original data decrypted from the encrypted data to the first information processing apparatus. An information processing apparatus that stores data generated based on storage target data that is data to be stored received from a first information processing apparatus connected via a network in another information processing apparatus,
An encrypted data generation unit that generates encrypted data by encrypting the storage target data received from the first information processing apparatus with a unique encryption key for each user of the first information processing apparatus;
A specific information storage unit that generates an identifier for identifying the encrypted data and stores the specific information for specifying the storage target data that is the original data of the encrypted data and the identifier in association with each other;
An encrypted data storage control unit that associates the encrypted data with an identifier generated based on the encrypted data and stores the associated data in the other information processing apparatus;
An encrypted data decrypting unit for decrypting the encrypted data stored in the other information processing apparatus with the encryption key;
A communication control unit that transmits the storage target, which is the original data decrypted from the encrypted data, to the first information processing apparatus;
An information processing apparatus comprising: A user information management unit that associates and stores the encryption key, information on a character string unique to each user, and a user identifier that identifies the user;
The encrypted data generation unit
The encryption data is generated from the data received from the other information processing apparatus using the decrypted encryption key by decrypting the encryption key with the information of the character string. Information processing device. The user information management unit
When a combination of the character string information and the user identifier is newly input, the encryption key is generated, and the encryption key, the character string information, and the user identifier are stored in association with each other and stored. The information processing apparatus according to claim 10, wherein when the user identifier is deleted, the encryption key associated with the user identifier is deleted. The user information management unit
The information processing apparatus according to claim 10 or 11, wherein the character string information is converted into a hash value and stored. The encrypted data storage control unit
11. When receiving a deletion request for deleting the data from the other information processing apparatus, the identifier associated with the encrypted data generated by encrypting the data is deleted. The information processing apparatus according to any one of claims 12 to 12. A control program for an information processing apparatus that stores data generated based on storage target data that is data to be stored received from a first information processing apparatus connected via a network in another information processing apparatus. ,
Encrypting the storage target data received from the first information processing apparatus with a unique encryption key for each user of the first information processing apparatus to generate encrypted data;
Generating an identifier for identifying the encrypted data, and storing the specific information for specifying the storage target data that is the original data of the encrypted data and the identifier in association with each other;
Storing the encrypted data and an identifier generated based on the encrypted data in association with each other in the information processing apparatus;
Decrypting the encrypted data stored in the other information processing apparatus with the encryption key;
Transmitting the storage target data that is the original data decrypted from the encrypted data to the first information processing apparatus;
A control program for an information processing apparatus, characterized in that