JP2021077057A - Signature system, image processing device and control method - Google Patents

Abstract

To provide a system which creates tentative signature data by a tentative key when the key of a user is not obtainable, and which creates signature data that enables the verification of the original validity of data.SOLUTION: A system includes a signature device that includes: an image processing device which includes a key generating unit 124 that generates a tentative key, and a signature generating unit 125 that generates tentative signature data on the basis of data using the tentative key; and a signature generating unit which obtains the key of a user, and which generates signature data using the key of the user.SELECTED DRAWING: Figure 3

Description

The present disclosure relates to a technique for digitally signing data.

In recent years, in order to ensure the security of information, electronic signatures and electronic authentication using public key infrastructure (PKI) technology have been widely used.

In electronic signature using public key infrastructure technology, a pair of private key and public key is generated, and the data is digitally signed using the private key to generate signature data. In addition, the signature data is verified using the public key (Patent Documents 1 and 2).

The private key is stored in, for example, an IC card. When generating the signature data for the data, the user must continue to attach the IC card to the signature device until the generation of the signature data is completed. However, when the user leaves the signature device, the IC card is removed from the signature device, so that the signature device cannot generate signature data during that time. Further, when the signature data is set to be generated at the set time, the IC card must be continuously attached to the signature device until the set time arrives, which is not realistic from the viewpoint of security. ..

According to Patent Documents 3 and 4, in order to avoid continuing to attach the IC card to the signing device, a pair of a private key and a public key is temporarily generated, and instead of the private key stored in the IC card, The data is temporarily digitally signed using a temporary private key.

Japanese Unexamined Patent Publication No. 2005-122567 JP-A-2007-13597 Japanese Unexamined Patent Publication No. 11-174956 Japanese Unexamined Patent Publication No. 2006-262408

As described above, in order to avoid continuing to attach the IC card to the signature device, temporary signature data is generated using the temporarily generated private key. However, there is a problem that the validity of the original data cannot be verified with the temporary signature data as it is.

Further, this problem occurs not only when the public key cryptosystem based on the public key infrastructure technology is used but also when the shared key cryptosystem is used.

This disclosure solves the above problems, and even if the user's key cannot be obtained, the temporary signature data is generated using the temporary key, and the original validity of the data is verified. It is an object of the present invention to provide a signature system, an image processing device, and a control method for generating possible signature data.

In order to achieve the above object, one aspect of the present disclosure is a signature system for generating a signature of data, using an acquisition means for acquiring data, a generation means for generating a temporary key, and the temporary key. The first signature means for generating the temporary signature data for the data, the key acquisition means for acquiring the user key assigned to the user, and the user key are used to generate the main signature data for the data. It is characterized in that it is provided with a second signing means.

Here, the signature system is composed of a security device and a data acquisition device, the data acquisition device includes the acquisition means, the generation means, and the first signature means, and the security device includes the key acquisition means. And the second signing means may be provided.

Here, the first signing means and the second signing means each perform a digital signature using a public key cryptosystem, the user key is a private key in the public key cryptosystem, and the generating means is , The temporary private key of the user is generated as the temporary key, the temporary public key corresponding to the temporary private key is generated, and the temporary public key certificate showing the validity of the temporary public key is generated. However, the first signing means may digitally sign using the temporary private key, and the second signing means may digitally sign using the user's private key.

Here, the data acquisition device further includes a signature-imparting means for attaching the generated temporary signature data to the data to generate the temporary-signed data, and the signature-imparting means is the generated book. The signature data may be attached to the data to generate the signature data.

Here, the security device further includes a key storage means for storing the user key, and the second signature means uses the user key stored in the key storage means to perform the above. The signature data may be generated.

Further, one aspect of the present disclosure is an image processing device that generates a signature of data, using the data acquisition means for acquiring data, the generation means for generating a temporary key, and the temporary key. It is characterized by including a first signature means for generating temporary signature data for the data, and a signature data acquisition means for acquiring the main signature data generated for the data by using the user key assigned to the user. And.

Here, further, a login means for accepting a login from the user with or without using the user key is provided, and the login means does not use the user key. When the login is accepted, the generation means generates the temporary key, the first signing means generates the temporary signature data, and the login means accepts the login using the user key. If so, the signature data acquisition means may acquire the present signature data.

Here, it may be further provided with a data storage means and a writing means for associating the generated temporary signature data with the user and writing the generated temporary signature data to the data storage means.

Here, when a login is accepted by the login means using the user key, the writing means transfers the temporary signature data stored in the data storage means to the acquired main signature data. It may be replaced.

Here, further, when the login is accepted by the login means without using the user key, the transmission means for transmitting the temporary signature data to the server device connected via the network is provided, and the transmission is provided. The means may transmit the signature data to the server device when the login is accepted by the login means using the user key.

Here, when the transmission means accepts a login without using the user key, the transmission means specifies a storage area for storing the temporary signature data in the server device and transmits the temporary signature data. You may.

Here, when the transmission means receives the login by using the user key, the transmission means gives an instruction to delete the temporary signature data stored in the storage area in the server device, and the acquired book. The signature data and the instruction to write the signature data in the storage area may be transmitted to the server device.

Here, further, when the login is accepted by the login means without using the user key, when the signature data is generated in the future, together with the storage location on the network where the signature data is saved. A transmission means for attaching the temporary signature data to an e-mail and transmitting the temporary signature data to an external terminal device is provided, and the transmission means receives the login by the login means using the user key. The acquired present signature data may be transmitted to a storage location on the network so that the signature data is stored in the storage location.

Here, if the temporary public key certificate includes the expiration date of the temporary public key and the private key of the user cannot be obtained before the expiration date, the generation means further uses the above-mentioned use. A second temporary public key that generates a second temporary private key of the person, generates a second temporary public key corresponding to the second temporary private key, and shows the validity of the second temporary public key. The certificate may be generated, and the first signing means may generate the second temporary signature data based on the data by using the second temporary private key.

Further, one aspect of the present disclosure is a control method used in a signature system for generating a signature of data, in which an acquisition step for acquiring data, a generation step for generating a temporary key, and the temporary key are used. The first signature step for generating the temporary signature data for the data, the key acquisition step for acquiring the user key assigned to the user, and the main signature data for the data are generated using the user key. It is characterized by including a second signing step.

According to the above configuration, even if the user key cannot be acquired, if the temporary signature data is generated using the temporary key and then the user key can be acquired, the data of the data It has an excellent effect of being able to generate signature data whose original validity can be verified.

The configuration of the communication system 1 is shown. It is a block diagram which shows the structure of the signature device 3. It is a block diagram which shows the structure of the control circuit 100. The data structure of the user information table 141 is shown. The data structure of the user public key certificate 151 is shown. The user data 181 stored in the storage circuit 110 and the data stored in the Box 131 are shown. The screen 191 displayed on the image forming apparatus 5 is shown. It is a block diagram which shows the structure of the server apparatus 4. It is a flowchart which shows the operation of the image forming apparatus 5. It is a flowchart which shows the operation of password login. It is a flowchart which shows the operation of a card login. It is a flowchart which shows the operation of scan to Box. It is a flowchart which shows the operation of a scan-to-server. It is a flowchart which shows the operation of the generation of a signature data. It is a flowchart (the 1) which shows the operation of the replacement process of a temporary signature data. Continued in FIG. It is a flowchart (the second) which shows the operation of the replacement process of the temporary signature data.

1 Embodiment The communication system 1 as one embodiment according to the present disclosure will be described with reference to the drawings.

1.1 Communication system 1
As shown in FIG. 1, the communication system 1 is configured by connecting an image forming device 5 and a server device 4 to each other via a network 2.

The user of the image forming apparatus 5 carries the signature device 3. The signature device 3 includes a second signature device (security device) that digitally signs data. When the image forming apparatus 5 is used, the signature device 3 is brought into contact with a predetermined reading position of the image forming apparatus 5. The image forming apparatus 5 authenticates the user by the signature device 3. The second signature device of the signature device 3 digitally signs the Hash value of the electronic document generated by scanning the original to generate signature data. The image forming apparatus 5 stores the electronic document with the signature data in the Box, or transmits the electronic document with the signature data to the server apparatus 4.

Further, the image forming apparatus 5 also includes a first signature apparatus that temporarily digitally signs the data. When the user of the image forming apparatus 5 does not carry the signing device 3 and cannot use the user's key, the first signing device of the image forming apparatus 5 replaces the user's key with a temporary key. Is generated, and the generated temporary key is used to digitally sign the Hash value of the electronic document to generate the temporary signature data. The image forming apparatus 5 stores the electronic document with the temporary signature data in the Box, or transmits the electronic document with the temporary signature data to the server device 4. After that, when the image forming apparatus 5 brings the signature device 3 carried by the user into contact with a predetermined reading position of the image forming apparatus 5, that is, when the user's key can be used, the signature device 3 is the third. (Ii) The signature device digitally signs the Hash value of the electronic document using the user's key to generate signature data. The image forming apparatus 5 stores the electronic document with the signature data in the Box, or transmits the electronic document with the signature data to the server apparatus 4.

1.2 Signature device 3
The signature device 3 is a portable card-type information processing device that wirelessly communicates with another communication device, for example, an image forming device 5, by a short-range wireless system. The signature device 3 has a small secondary battery inside, charges the secondary battery with radio waves output from other communication devices, and operates with the electric power charged in the secondary battery. The signature device 3 stores information unique to the user carrying the signature device 3, such as a user's private key.

The signing device 3 proves the legitimacy of the user and signs the data.

The signature device 3 may have a contact terminal with the image forming apparatus 5 instead of wireless communication, and information may be transmitted / received to / from the image forming apparatus 5 through the contact terminal.

As shown in FIG. 2, the signature device 3 is composed of a CPU 301, a ROM 302, a RAM 303, a wireless communication circuit 305, an antenna 306, and the like.

The CPU 301, ROM 302, and RAM 303 form a main control unit 301a.

The RAM 303 is composed of a non-volatile semiconductor memory, and provides a work area when a program is executed by the CPU 301. Further, the RAM 303 constitutes a storage unit 304, which will be described later.

The ROM 302 stores a control program and the like for executing processing in the signature device 3.

The CPU 301 operates according to the control program stored in the ROM 302.

When the CPU 301 operates according to the control program, the main control unit 301a uniformly controls the storage unit 304, the wireless communication circuit 305, and the like.

(1) Storage unit 304
As shown in FIG. 2, the storage unit 304 (key storage means) stores the user ID 321, the user private key 322, and the user public key certificate 323 in advance.

The user ID 321 is an identifier for uniquely identifying the user.

The user private key 322 is a pair with the user public key 325 described later, and is a private key generated by a key generation algorithm of a public key cryptosystem.

As an example, an algorithm for generating a public key and a private key when RSA, which is a public key cryptosystem, is used will be described below.

(A) Select any two large prime numbers p and q that are different from each other, and calculate the product n.

n = pq
(B) Calculate the least common multiple L of (p-1) and (q-1), and select an arbitrary integer e that is relatively prime to L and smaller than L.

L = LCM ((p-1), (q-1))
GCD (e, L) = 1
1 <e <L
(C) Based on e and L obtained in (b), the following congruence formula is solved to obtain d.

ed≡1 (mod L)
d and n are private keys. Also, e and n are public keys. Keep p, q, and d secret without disclosing them.

The user public key certificate 323 is composed of an expiration date of 324, a user public key 325, an algorithm identifier 326, and the like, and signature data 327.

The expiration date 324 indicates the expiration date for which the user public key certificate 323 is valid, and includes the start date and time and the end date and time thereof. The expiration date of 324 is, for example, one year.

The user public key 325 is a public key that is paired with the user private key 322 and is generated by the key generation algorithm of the public key cryptosystem.

The signature data 327 is signature data generated by digitally signing a set such as an expiration date 324, a user public key 325, and an algorithm identifier 326 by a private key 331 of a certificate authority.

Signature data 327 = Sign (Certificate authority private key 331, (expiration date 324, user public key 325, algorithm identifier 326, etc.))
Here, S = Sign (A, B) represents the signature data S generated by digitally signing the data B with the public key cryptosystem using the private key A.

As an example, the algorithm for generating signature data by RSA will be described below.

The digital signature S is created for the document M by the following calculation using the private key.

S = M ^d mod n
The signature data S thus generated is added to the original document M.

Next, the verification of the signature data will be described.

Perform the following operations using the public key.

m = S ^e mod n
The m calculated here is compared with the original document M. If m and the original document M match, the validity of the signature data is proved. On the other hand, if m and the original document M do not match, the validity of the signature data cannot be proved.

(2) As shown in FIG. 2, the main control unit 301a is composed of a read / write unit 311, an encryption unit 312, a transmission / reception unit 313, a signature generation unit 314 (second signature means), and a general control unit 315. There is.

Here, the storage unit 304 and the signature generation unit 314 constitute a second signature device.

(Overall control unit 315)
The integrated control unit 315 uniformly controls the read / write unit 311, the encryption unit 312, the transmission / reception unit 313, and the signature generation unit 314.

(Read / Write Unit 311)
The read / write unit 311 (key acquisition means) reads the user ID 321 and the user private key 322 from the storage unit 304.

(Transmission / reception unit 313)
The transmission / reception unit 313 receives the random number R and the Hash value of the electronic document. Further, the transmission / reception unit 313 transmits the ciphertext E described later and the signature data S described later.

(Encryption unit 312)
The encryption unit 312 applies a public key type encryption algorithm to the received random number R using the read user's private key 322 to generate the ciphertext E.

Ciphertext E = Enc (user private key 322, random number R)
Here, E = Enc (A, B) represents that the ciphertext E is generated by applying the encryption algorithm Enc to the data B using the key A.

Note that D = Dec (C, E) means that C is used to apply the decryption algorithm Dec to the ciphertext E to generate the decryption sentence D.

(Signature generator 314)
The signature generation unit 314 applies the public key type signature generation algorithm Sign to the Hash value of the received electronic document by using the read user private key 322 to generate the signature data (this signature data) S.

(3) Wireless communication circuit 305 and antenna 306
The antenna 306 wirelessly transmits and receives radio signals to and from the antennas of other devices. The wireless communication circuit 305 performs frequency selection, frequency conversion, and the like of the wireless signal transmitted and received by the antenna 306.

1.3 Image forming apparatus 5
As shown in FIG. 1, the image forming apparatus 5 (image processing apparatus) is a tandem type color multifunction device (MFP: MultiFunction Peripheral) having the functions of a scanner, a printer, and a copier.

As shown in this figure, the image forming apparatus 5 is provided with a paper feeding unit 13 for accommodating and feeding a recording sheet at the bottom of the housing. A printer 12 that forms an image by an electrophotographic method is provided above the paper feed unit 13. Above the printer 12, an image reader 11 (acquisition means) that reads a document and generates image data, and an operation panel 19 that displays an operation screen and accepts an input operation from a user are provided.

The image reader 11 has an automatic document transfer device. The automatic document transfer device transfers the documents set in the document tray to the document glass plate one by one via the transfer path. The image reader 11 reads the document transported to a predetermined position on the document glass plate by the automatic document transport device or the image placed on the document glass plate by the user by moving the scanner, and red (R). Image data composed of multi-valued digital signals of green (G) and blue (B) is obtained.

The image data of each color component obtained by the image reader 11 undergoes various data processing in the control circuit 100, and further, the reproduced colors of yellow (Y), magenta (M), cyan (C), and black (K) are reproduced. Converted to image data.

The printer 12 faces the intermediate transfer belt 21, the secondary transfer roller 22, and the intermediate transfer belt 21 stretched by the drive roller, the driven roller, and the backup roller, and is at a predetermined interval along the traveling direction X of the intermediate transfer belt 21. It is composed of an image forming unit 20Y, 20M, 20C, 20K, a fixing unit 50, a control circuit 100, etc. arranged in.

The image-creating units 20Y, 20M, 20C, and 20K image toner images of Y, M, C, and K colors, respectively. Specifically, each image forming unit includes a photoconductor drum as an image carrier, an LED array for exposure-scanning the surface of the photoconductor drum, a charging charger, a developing device, a cleaner, a primary transfer roller, and the like.

The paper feed unit 13 is composed of paper cassettes 60, 61, 62 for accommodating recording sheets of different sizes, and pickup rollers 63, 64, 65 for feeding the recording sheets from each paper cassette to the transport path. ing.

In each of the image forming portions 20Y to 20K, each photoconductor drum is uniformly charged by a charging charger and exposed by an LED array to form an electrostatic latent image on the surface of the photoconductor drum. Each electrostatic latent image is developed by a developing device of a corresponding color, a toner image of colors Y to K is formed on the surface of each photoconductor drum, and the toner image is arranged on the back surface side of the intermediate transfer belt 21. By the electrostatic action of each primary transfer roller, the intermediate transfer belt 21 is sequentially transferred onto the surface.

The image formation timing of each color is shifted so that the toner images of colors Y to K are multiple-transferred on the intermediate transfer belt 21.

On the other hand, a recording sheet is fed from any of the paper feed cassettes 13 in accordance with the image drawing operation by the image drawing units 20Y to 20K.

The recording sheet is conveyed on the transport path to the secondary transfer position where the secondary transfer roller 22 and the backup roller face each other across the intermediate transfer belt 21, and at the secondary transfer position, the secondary transfer roller 22 is electrostatically charged. By the action, the Y to K color toner images multiple-transferred on the intermediate transfer belt 21 are secondarily transferred to the recording sheet. The recording sheet on which the Y to K color toner images are secondarily transferred is further conveyed to the fixing portion 50.

When the toner image on the surface of the recording sheet passes through the fixing nip formed between the heating roller 51 of the fixing portion 50 and the pressure roller 52 pressed against the heating roller 51, the toner image of the recording sheet is heated and pressed. The recording sheet is fused and fixed to the surface, and after passing through the fixing portion 50, the recording sheet is sent to the discharge tray 15.

The operation panel 19 is provided with a display unit composed of a liquid crystal display board or the like, and displays contents set by the user and various messages. The operation panel 19 receives from the user an instruction to start copying, a setting of the number of copies, a setting of copying conditions, a setting of a data output destination, and the like, and notifies the control circuit 100 of the received contents.

1.4 Control circuit 100
As shown in FIG. 3, the control circuit 100 includes a CPU 101, a ROM 102, a RAM 103, an image memory 104, an image processing circuit 105, a network communication circuit 106, a scanner control circuit 107 (acquisition means), an input / output circuit 108, and a printer control circuit 109. , A storage circuit 110, a wireless communication circuit 111 (signature data acquisition means), an antenna 112, a Box storage circuit 113, and the like.

The CPU 101, ROM 102, and RAM 103 constitute the main control unit 101a.

The RAM 103 temporarily stores various control variables, the number of copies set by the operation panel 19, and provides a work area when the program is executed by the CPU 101.

The ROM 102 stores a control program for executing various jobs such as a copy operation.

The CPU 101 operates according to the control program stored in the ROM 102.

Further, the main control unit 101a receives the user's operation from the operation panel 19. When the user's operation is a copy instruction, the main control unit 101a causes the scanner control circuit 107 to read an image, and causes the printer control circuit 109 to form an image based on the image data generated by the reading. Let the process be executed. When the user's operation is a scan to Box instruction, the main control unit 101a causes the scanner control circuit 107 to read an image, generate an electronic document, and store it in the Box storage circuit 113. When the user's operation is a scan-to-server instruction, the main control unit 101a causes the scanner control circuit 107 to read an image, generates an electronic document, and causes the network communication circuit 106 to generate an electronic document. The electronic document is transmitted to the server device 4. When the user's operation is another instruction, the main control unit 101a causes the other processing to be executed. Here, the scanner control circuit 107 and the image reader 11 constitute the acquisition means.

Further, in the main control unit 101a, as shown in FIG. 3, the CPU 101 operates according to the control program, so that the integrated control unit 121 (first signature means), the login control unit 122, the encryption unit 123, and the key generation unit It functions as 124 (generation means), signature generation unit 125 (first signature means), Box control unit 126, transmission / reception unit 127, and read / write unit 128. The general control unit 121, the login control unit 122, the encryption unit 123, the key generation unit 124, the signature generation unit 125, the Box control unit 126, the transmission / reception unit 127, and the read / write unit 128 will be described later.

Here, the key generation unit 124 and the signature generation unit 125 constitute the first signature device. Further, the image reader 11, the scanner control circuit 107, the integrated control unit 121, the key generation unit 124, and the signature generation unit 125 constitute a data acquisition device. Further, the security device and the data acquisition device constitute a signature system.

The image memory 104 temporarily stores image data such as a print job.

The image processing circuit 105, for example, performs various data processing on the image data of each color component of R, G, and B obtained by the image reader 11, and performs various data processing on the reproduced colors of Y, M, C, and K. Convert to image data.

The network communication circuit 106 receives a print job from an external terminal device via the network 2. Further, the network communication circuit 106 transmits data to the server device 4 via the network 2.

The scanner control circuit 107 controls the image reader 11 to execute an operation of reading an image of a document.

The antenna 112 transmits and receives radio signals to and from the antennas of other devices by short-range radio. The wireless communication circuit 111 performs frequency selection, frequency conversion, and the like of the wireless signal transmitted and received by the antenna 112.

The storage circuit 110 and the Box storage circuit 113 will be described below.

1.5 Storage circuit 110 and Box storage circuit 113
(1) Memory circuit 110
The storage circuit 110 is composed of a non-volatile semiconductor memory. The storage circuit 110 may be composed of a hard disk.

The storage circuit 110 stores the user information table 141, the user public key certificate 151, and the user data 181.

(User information table 141)
As shown in FIG. 4, the user information table 141 is a data table including a plurality of user information 142. Each user information 142 corresponds to a user of the image forming apparatus 5.

Each user information 142 includes a user ID 143, a password 144, a data identifier 145, a provisional issuance presence / absence 146, and a storage destination 147.

The user ID 143 is an identifier for uniquely identifying the user of the image forming apparatus 5.

The password 144 is a password set corresponding to the user ID 143.

The data identifier 145 is an identifier for identifying the user public key certificate of the user identified by the user ID 143.

Temporary issuance presence / absence 146 indicates whether or not the temporary private key and the temporary public key have been issued to the user and the temporary signature data has been generated. When the temporary private key and the temporary public key are issued and the temporary signature data is generated, the temporary issuance presence / absence 146 is set to "Yes", and when the temporary private key and the temporary public key are not issued, the temporary issuance presence / absence 146 is set. , "None" is set. Therefore, in the initial state, the provisional issuance presence / absence 146 is set to “none”.

The storage destination 147 indicates a storage destination of the electronic document with the temporary signature data. The storage destination of the electronic document with the temporary signature data is either Box or the server device 4.

(User public key certificate 151)
The user public key certificate 151 is a public key certificate of the user's public key of the image forming apparatus 5.

As shown in FIG. 5, the user public key certificate 151 is identified by the data identifier 152, and is composed of an expiration date 153, a user public key 154, an algorithm identifier 155, and the like, and signature data 156. The signature data 156 is generated by applying a digital signature 158 of the public key cryptosystem to the expiration date 153, the user public key 154, the algorithm identifier 155, and the like using the private key 157 of the certificate authority. The user public key certificate 151 is the same as the user public key certificate 323 stored in the storage unit 304 of the signature device 3.

(User data 181)
The user data 181 is identified by the user data identifier 173, as shown in FIG. When the user data 181 is set for each user, the user data identifier 173 may be the same as the user ID that identifies the user.

The user data 181 includes an area for storing the temporary public key certificate 162, the temporary private key 169, and the electronic document 170.

The temporary public key certificate 162 is a public key certificate temporarily issued for the user of the image forming apparatus 5.

The temporary public key certificate 162 is composed of an expiration date 163, a temporary public key 164, an algorithm identifier 165, and the like, and signature data 166. The signature data 166 is generated by applying a digital signature 168 of a public key cryptosystem to an expiration date 163, a temporary public key 164, an algorithm identifier 165, etc., using a private key 167 of a certificate authority.

The temporary private key 169 corresponds to the temporary public key 164.

The temporary private key 169 and the temporary public key 164 are a private key and a public key that are temporarily issued to the user of the image forming apparatus 5. The method of generating the private key and the public key is as described above.

The expiration date 163 indicates the expiration date for the temporary public key certificate 162 to be valid, and includes the start date and time and the end date and time thereof. The expiration date 163 is shorter than the expiration date 324 included in the user public key certificate 323 stored in the storage unit 304 of the signature device 3, for example, one month.

The electronic document 170 is a document generated by reading from a document by the image forming apparatus 5.

Temporary signature data 171 (FIG. 6) is generated by applying the signature generation algorithm 172 of the public key cryptosystem to the Hash value of the electronic document 170 using the temporary private key 169.

Temporary signature data 171 = Sign (temporary private key 169, Hash value of electronic document 170)
The temporary signature data 171 is not stored in the user data 181 but is temporarily stored in the RAM 103.

(2) Box storage circuit 113
The Box storage circuit 113 is composed of a non-volatile semiconductor memory. The storage circuit 110 may be composed of a hard disk.

The Box storage circuit 113 has a Box 131 for storing data for each user. The Box storage circuit 113 may have a Box for storing data for each group of a plurality of users.

The Box 131 (data storage means) includes, for example, as shown in FIG. 6, an area for storing an electronic document 175 with a temporary signature data.

Here, the electronic document 175 with the temporary signature data is a document generated by integrating the temporary signature data 171 (FIG. 6) temporarily stored in the RAM 103 and the electronic document 170 (FIG. 6).

1.6 Screen example The screen 191 displayed on the operation panel 19 of the image forming apparatus 5 is shown in FIG.

The screen 191 includes operation areas 192, 193, ..., 196. When the user's finger touches the operation areas 192, 193, ..., 196, the image forming apparatus 5 is operated.

The operation areas 192, 193, and 194 are areas operated to execute copy, scan toBox, and scan to server, respectively. The operation areas 193 and 194 include signature designation areas 193a and 194a, respectively. The signature designation areas 193a and 194a are areas for designating whether or not to generate signature data when executing scan to Box and scan to server, respectively. When the user's finger touches the signature designated area 193a, the setting of not generating the signature data is switched to the setting of generating the signature data. In the case of the setting of generating the signature data, when the user's finger touches the signature designated area 193a, the setting of generating the signature data is switched to the setting of not generating the signature data. In this way, each time the user's finger touches, the setting of generating the signature data and the setting of not generating the signature data are switched alternately. The same applies to the signature designation area 194a, and the setting of not generating the signature data and the setting of generating the signature data are alternately switched by the contact of the user's finger.

Further, the operation areas 195 and 196 are areas to be operated in order to perform login by inputting a password and login using the signature device 3, respectively. When the contact operation is performed on the operation area 195, the user is subsequently required to input the user ID and password. On the other hand, when the operation area 196 is contacted, the user is required to subsequently bring the signature device 3 into contact with the reading position where the antenna 112 of the image forming apparatus 5 is installed.

1.7 Main control unit 101a
As described above, in the main control unit 101a, when the CPU 101 operates according to the control program, as shown in FIG. 3, the main control unit 101a includes the integrated control unit 121, the login control unit 122, the encryption unit 123, the key generation unit 124, and the signature. It functions as a generation unit 125, a Box control unit 126, a transmission / reception unit 127, and a read / write unit 128.

(Overall control unit 121)
When the CPU 101 operates according to the control program, the integrated control unit 121 has an image memory 104, an image processing circuit 105, a network communication circuit 106, a scanner control circuit 107, an input / output circuit 108, a printer control circuit 109, and a storage circuit 110. The wireless communication circuit 111, the Box storage circuit 113, and the like are controlled in a unified manner. Further, the integrated control unit 121 uniformly controls the login control unit 122, the encryption unit 123, the key generation unit 124, the signature generation unit 125, the Box control unit 126, the transmission / reception unit 127, and the read / write unit 128.

The overall control unit 121 has a login flag. After the operation of the image forming apparatus 5 is started, the overall control unit 121 sets the login flag to the initial value "0".

When the operation panel 19 receives the input, the overall control unit 121 receives the input from the operation panel 19 via the input / output circuit 108. When the user's input is a login, the operation panel 19 accepts the user's login input, and the overall control unit 121 receives the login input from the operation panel 19 via the input / output circuit 108. In this way, the operation panel 19, the input / output circuit 108, and the overall control unit 121 constitute a login means. Details of login will be described later.

The overall control unit 121 determines whether the received input is a password login, a card login, a scan to Box, a scan to server, or any other input. When the received input is password login, card login, scan to box, scan to server and others, the overall control unit 121 has password login process, card login process, scan to box process, scan to server process and others, respectively. Control to execute the process.

The general control unit 121 (signature giving means) integrates the electronic document and the signature data (or the temporary signature data) to generate the electronic document with the signature data (or the electronic document with the temporary signature data).

Further, when the temporary private key and the temporary public key certificate are generated, the general control unit 121 indicates whether or not the temporary issuance is performed in the user information table 141 in accordance with the user ID that identifies the user who has logged in with the password. Write in the user information as "Yes". Further, the integrated control unit 121 identifies the user who logged in to the card when the signature data is generated by the user's private key for the user who generated the temporary private key and the temporary public key certificate. Corresponding to, the presence / absence of provisional issuance is set to "None" and written in the user information.

(Login control unit 122)
The login control unit 122 executes the password login process and the card login process.

(A) Password login process The login control unit 122 executes the password login process under the control of the overall control unit 121, as shown below.

The login control unit 122 receives the user ID and password from the operation panel 19 via the input / output circuit 108.

Upon receiving the user ID and password, the login control unit 122 refers to the user information table 141 and determines whether or not the received set of the user ID and password exists in the user information table 141.

If the received user ID and password pair does not exist in the user information table 141, the login control unit 122 sends a message to the effect that both the user ID and password, or both the user ID and password are incorrect. , Output to the operation panel 19 via the input / output circuit 108. The operation panel 19 displays this message.

When the received user ID and password set exists in the user information table 141, the login control unit 122 sets the login flag to "1". Login flag = "1" indicates that password login has been performed. Next, the login control unit 122 stores the input user ID.

(B) Card login process The login control unit 122 executes the card login process under the control of the overall control unit 121, as shown below.

The login control unit 122 receives the user ID from the signature device 3 via the antenna 112 and the wireless communication circuit 111.

Upon receiving the user ID, the login control unit 122 causes the encryption unit 123 to generate a random number R, and causes the wireless communication circuit 111 and the antenna 112 to wirelessly transmit the generated random number R.

The login control unit 122 receives the ciphertext E = Enc (user private key, random number R) from the signature device 3 via the antenna 112 and the wireless communication circuit 111.

Upon receiving the ciphertext E, the login control unit 122 causes the encryption unit 123 to generate the decryption sentence R'= Dec (user public key, ciphertext E). Next, the login control unit 122 compares the random number R with the decoding sentence R'.

If the random number R and the decryption statement R'do not match, the login control unit 122 sends a message to the operation panel 19 via the input / output circuit 108 to the effect that the authentication of the signature device 3 has failed. Output. The operation panel 19 displays this message.

When the random number R and the decryption statement R'match, the login control unit 122 sets the login flag to "2". Login flag = "2" indicates that the card has been logged in. Next, the login control unit 122 stores the input user ID.

(Encryption unit 123)
The encryption unit 123 generates a decryption sentence R'= Dec (user public key, encryption sentence E) under the control of the login control unit 122.

(Key generation unit 124)
The key generation unit 124 generates a temporary private key and a temporary public key under the control of the integrated control unit 121. The temporary private key and the temporary public key are the private key and the public key of the public key cryptosystem. The method of generating the private key and the public key is as described above.

Further, the key generation unit 124 generates a temporary public key certificate under the control of the integrated control unit 121. The data structure of the temporary public key certificate is as shown in FIG. The method of generating the temporary public key certificate is also as described above.

(Signature generator 125)
The signature generation unit 125 applies a Hash function (one-way function) to the generated electronic document under the control of the integrated control unit 121 to generate a Hash value. Examples of the Hash function are SHA-1, SHA-2 (SHA-256, etc.) and the like. Next, the signature generation unit 125 digitally signs the generated Hash value using the temporary private key to generate signature data.

Signature data S = Sign (temporary private key, Hash value of electronic document)
(Box control unit 126)
The Box control unit 126 (writing means) writes an electronic document with signature data (or an electronic document with temporary signature data) generated by the integrated control unit 121 into the Box identified by the stored user ID. (Fig. 6).

(Transmission / reception unit 127)
The transmission / reception unit 127 transmits / receives data to / from the signature device 3 under the control of the overall control unit 121. Further, the transmission / reception unit 127 transmits / receives data to / from the server device 4 via the network communication circuit 106 and the network under the control of the overall control unit 121. Here, the transmission / reception unit 127 and the network communication circuit 106 constitute a transmission means.

(Read / write unit 128)
The read / write unit 128 reads data from the storage circuit 110 and writes the data to the storage circuit 110 under the control of the integrated control unit 121.

1.8 Server device 4
As shown in FIG. 8, the server device 4 is composed of a CPU 401, a ROM 402, a RAM 403, a hard disk 404, a network communication circuit 405, and the like.

The RAM 403 provides a work area for program execution by the CPU 401.

The ROM 402 stores a control program and the like for executing the functions of the server device 4.

The CPU 401 operates according to the control program stored in the ROM 402.

The CPU 401, ROM 402 and RAM 403 constitute the main control unit 401a.

When the CPU 401 operates according to the control program, the main control unit 401a uniformly controls the hard disk 404, the network communication circuit 405, and the like. Further, when the CPU 401 operates according to the control program, the main control unit 401a constitutes the overall control unit 411, the read / write unit 412, and the transmission / reception unit 413.

(1) Hard disk 404
As shown in FIG. 8, the hard disk 404 includes an area for storing a set 421 composed of a temporary public key certificate 422 and an electronic document 423 with temporary signature data. Further, the hard disk 404 includes an area for storing an electronic document 426 with signature data. Also,
The set 421 corresponds to, for example, a first user who has logged in to the image forming apparatus 5 with a password. The temporary public key certificate 422 is a public key certificate generated by the image forming apparatus 5 corresponding to the first user. Further, the electronic document 423 with the temporary signature data is an electronic document generated by integrating the electronic document generated based on the operation of the first user and the temporary signature data generated corresponding to the electronic document. Is.

Further, the electronic document 426 with signature data corresponds to, for example, a second user who has logged in to the image forming apparatus 5 by the signature device 3. The electronic document 426 with the signature data is an electronic document generated by integrating the electronic document generated based on the operation of the second user and the signature data generated corresponding to the electronic document.

(2) Integrated control unit 411, read / write unit 412, and transmission / reception unit 413
(Overall control unit 411)
The integrated control unit 411 uniformly controls the read / write unit 412 and the transmission / reception unit 413.

(Transmission / reception unit 413)
The transmission / reception unit 413 is (a) an electronic document, (b) an electronic document with a temporary public key certificate and a temporary signature data, and (c) with a signature data from the image forming apparatus 5 via the network 2 and the network communication circuit 405. Receive electronic documents.

Further, the transmission / reception unit 413 receives (d) an electronic document transmission request from the image forming apparatus 5 via the network 2 and the network communication circuit 405.

Further, the transmission / reception unit 413 is instructed to delete (e) the temporary public key certificate and the electronic document with the temporary signature data from the image forming apparatus 5 via the network 2 and the network communication circuit 405, and (f) with the signature data. Receive instructions for writing electronic documents.

(Read / write unit 412)
Upon receiving (a) an electronic document, (b) an electronic document with a temporary public key certificate and temporary signature data, and (c) an electronic document with signature data, the read / write unit 412 receives (a) an electronic document, (a) an electronic document, respectively. b) Temporary public key certificate and electronic document with temporary signature data (c) The electronic document with signature data is written to the hard disk 404.

(D) When the read / write unit 412 receives the electronic document transmission request, the read / write unit 412 reads the electronic document from the hard disk 404, and reads the read electronic document via the transmission / reception unit 413, the network communication circuit 405, and the network 2. Send to 5.

When the read / write unit 412 receives (e) an instruction to delete the temporary public key certificate and the electronic document with the temporary signature data and (f) an instruction to write the electronic document with the signature data, (e) the hard disk, respectively. The temporary public key certificate and the electronic document with the temporary signature data stored in the 404 are deleted, and (f) the electronic document with the signature data is written to the hard disk 404.

1.9 Operation in communication system 1 The operation in communication system 1 will be described with reference to the flowcharts shown in FIGS. 9 to 15.

(1) Operation of the image forming apparatus 5 The operation of the image forming apparatus 5 will be described with reference to the flowchart shown in FIG.

After the operation of the image forming apparatus 5 is started, the overall control unit 121 sets the login flag to "0" (step S101).

Next, the operation panel 19 accepts the input. The overall control unit 121 receives an input from the operation panel 19 via the input / output circuit 108 (step S102).

The overall control unit 121 determines whether the received input is password login, card login, scan to Box, scan to server, or any other (step S103).

When the received input is password login, card login, scan to box, scan to server and others, the overall control unit 121 has password login process, card login process, scan to box process, scan to server process and others, respectively. Control to execute the process.

Specifically, when the received input is a password login (“password login” in step S103), the overall control unit 121 controls to execute the password login process (step S104). Next, the overall control unit 121 shifts control to step S102 and repeats the process.

When the received input is a card login (“card login” in step S103), the overall control unit 121 controls to execute the card login process (step S105). Next, the overall control unit 121 shifts control to step S102 and repeats the process. In parallel with this, the overall control unit 121 controls to execute the temporary signature data replacement process (step S108).

When the received input is scan to Box (“scan to Box” in step S103), the overall control unit 121 controls to execute the scan to Box process (step S106). Next, the overall control unit 121 shifts control to step S102 and repeats the process.

When the received input is a scan-to-server (“scan-to-server” in step S103), the overall control unit 121 controls to execute the scan-to-server process (step S107). Next, the overall control unit 121 shifts control to step S102 and repeats the process.

When the received input is other (“Other” in step S103), the overall control unit 121 controls to execute the other processing (step S109). Next, the overall control unit 121 shifts control to step S102 and repeats the process.

This completes the description of the overall operation of the image forming apparatus 5.

(2) Password Login Operation The password login operation will be described with reference to the flowchart shown in FIG. The password login operation described here is the details of step S104 of FIG.

The operation panel 19 accepts the input of the user ID from the user. The login control unit 122 receives the user ID from the operation panel 19 via the input / output circuit 108 (step S131).

Next, the operation panel 19 accepts the input of the password from the user. The login control unit 122 receives the password from the operation panel 19 via the input / output circuit 108 (step S132).

Next, the login control unit 122 refers to the user information table 141 (step S133), and determines whether or not the received user ID and password set exists in the user information table 141 (step S134). ).

When the received user ID and password set does not exist in the user information table 141 (“NO” in step S134), the login control unit 122 has the user ID and password, or both the user ID and password. Is output to the operation panel 19 via the input / output circuit 108. The operation panel 19 displays this message (step S137). This ends the password login process. In this case, password login is not performed normally.

When the received user ID and password set exists in the user information table 141 (“YES” in step S134), the login control unit 122 sets the login flag to “1” (step S135). Next, the login control unit 122 stores the input user ID (step S136). This ends the password login process. In this case, the password login is successful.

(3) Card Login Operation The card login operation will be described with reference to the flowchart shown in FIG. The card login operation described here is the details of step S105 in FIG.

The wireless communication circuit 111 and the antenna 112 of the image forming apparatus 5 transmit radio waves (step S150). The antenna 306 and the wireless communication circuit 305 of the signature device 3 receive the radio waves, and the secondary batteries included in the signature device 3 are charged by the radio waves (step S150).

When the secondary battery is charged, the read / write unit 311 reads the user ID 321 from the storage unit 304 (step S151), and the wireless communication circuit 305 wirelessly transmits the read user ID by the antenna 112. (Step S152). The login control unit 122 receives the user ID from the signature device 3 via the antenna 112 and the wireless communication circuit 111 (step S152).

Upon receiving the user ID, the login control unit 122 causes the encryption unit 123 to generate a random number R (step S153), and causes the generated random number R to be wirelessly transmitted by the wireless communication circuit 111 and the antenna 112 (step S154). ). The encryption unit 312 receives the random number R via the antenna 306 and the wireless communication circuit 305 (step S154).

The read / write unit 311 reads the user private key 322 from the storage unit 304 (step S155). The encryption unit 312 applies the encryption algorithm Enc to the received random number R using the read user private key 322 to generate the ciphertext E = Enc (user private key, random number R) (step S156). ), The generated ciphertext E is wirelessly transmitted by the wireless communication circuit 305 and the antenna 306 (step S157).

The login control unit 122 receives the ciphertext E = Enc (user private key, random number R) from the signature device 3 via the antenna 112 and the wireless communication circuit 111 (step S157).

Upon receiving the ciphertext E, the login control unit 122 causes the encryption unit 123 to generate the decryption sentence R'= Dec (user public key, ciphertext E) (step S158). Next, the login control unit 122 compares the random number R with the decoding sentence R'(step S159).

If the random number R and the decryption statement R'do not match (“NO” in step S159), the login control unit 122 sends a message indicating that the authentication of the signature device 3 has failed via the input / output circuit 108. , Output to the operation panel 19. The operation panel 19 displays this message (step S162). This ends the card login process. In this case, the card login is not performed normally.

On the other hand, when the random number R and the decryption statement R'match (“YES” in step S159), the login control unit 122 sets the login flag to “2” (step S160). Next, the login control unit 122 stores the input user ID (step S161). This ends the card login process. In this case, the card login is successful.

(4) Operation of Scan to Box The operation of scan to Box will be described with reference to the flowchart shown in FIG. The scan-to-Box operation described here is the details of step S106 of FIG.

The overall control unit 121 determines whether or not the login flag is “0” (step S181). When the login flag is "0" ("YES" in step S181), since the user has not logged in, the overall control unit 121 inputs a message indicating that the user has not logged in and the scan to Box operation cannot be performed. Output is output to the operation panel 19 via the output circuit 108. The operation panel 19 displays this message (step S199). This ends the scan to Box process.

On the other hand, when the login flag is not "0" ("NO" in step S182), the overall control unit 121 determines whether or not the signature data generation is set (step S182). When the setting to generate the signature data is not set (“NO” in step S182), the overall control unit 121 causes the scanner control circuit 107 to scan the document by the image reader 11 and generate the image data (“NO”). Step S183). Next, the integrated control unit 121 controls the scanner control circuit 107 so as to generate an electronic document from the generated image data (step S184). Next, the overall control unit 121 controls the Box control unit 126 to write the generated electronic document in the Box identified by the user ID (step S185). Next, the overall control unit 121 sets the login flag to "0" (step S186). As described above, the scan to Box operation when the signature data is not generated is set to end.

On the other hand, when the signature data is set to be generated (“YES” in step S182), the overall control unit 121 determines whether the login flag is “1” or “2” (step S187). ).

When the login flag is "1" ("= 1" in step S187), the password login has been performed, so that the general control unit 121 generates a temporary private key and a temporary public key for the key generation unit 124. The key generation unit 124 generates a temporary private key and a temporary public key (step S188). Next, the overall control unit 121 causes the key generation unit 124 to generate a temporary public key certificate, and the key generation unit 124 generates the temporary public key certificate. Further, the integrated control unit 121 writes in the user information in the user information table 141, assuming that the provisional issuance is present or not, in correspondence with the user ID that identifies the logged-in user (step S189). Next, the overall control unit 121 causes the scanner control circuit 107 to scan the document with the image reader 11 and generate image data (step S190). Next, the integrated control unit 121 controls the scanner control circuit 107 so as to generate an electronic document from the generated image data (step S191). Next, the read / write unit 128 writes the temporary private key, the temporary public key certificate, and the electronic document into the storage circuit 110 (step S192). Next, the integrated control unit 121 generates the temporary signature data S = Sign (temporary private key, Hash value of the electronic document) from the Hash value of the electronic document by using the temporary private key for the signature generation unit 125. (Step S193). Next, the overall control unit 121 generates an electronic document with temporary signature data (step S194). Next, the Box control unit 126 writes the electronic document with the temporary signature data in the Box identified by the user ID (step S195). Next, the overall control unit 121 sets the login flag to "0" (step S196). As described above, the setting to generate the signature data is set, and the operation of scan to Box when the password is logged in is terminated.

Next, when the login flag is "2" ("= 2" in step S187), since the card has been logged in, the signature data generation process (details will be described later) is executed (step S197). ). Next, the overall control unit 121 sets the login flag to "0" (step S198). With the above, the setting to generate the signature data is set, and the operation of scan to Box when the card is logged in is terminated.

(5) Operation of Scan to Server The operation of the scan to server will be described with reference to the flowchart shown in FIG. The scan-to-server operation described here is the details of step S107 in FIG. Further, in FIG. 13, the content of the step with the same step number as that of FIG. 12 is the same as the content of the step of FIG.

The overall control unit 121 determines whether or not the login flag is “0” (step S181). When the login flag is "0" ("YES" in step S181), since the user has not logged in, the overall control unit 121 sends a message to the effect that the scan to server cannot be operated because the user has not logged in. Output is output to the operation panel 19 via the input / output circuit 108. The operation panel 19 displays this message (step S199a). This ends the scan-to-server process.

On the other hand, when the login flag is not "0" ("NO" in step S181), the overall control unit 121 determines whether or not the signature data generation is set (step S182). When the setting to generate the signature data is not set (“NO” in step S182), the overall control unit 121 causes the scanner control circuit 107 to scan the document by the image reader 11 and generate the image data (“NO”). Step S183). Next, the integrated control unit 121 controls the scanner control circuit 107 so as to generate an electronic document from the generated image data (step S184). Next, the overall control unit 121 controls the transmission / reception unit 127 so as to transmit the generated electronic document to the server device 4 via the network communication circuit 106 and the network 2 (step S211). The transmission / reception unit 413 receives an electronic document from the image forming apparatus 5 via the network 2 and the network communication circuit 405 (step S211). The read / write unit 412 writes the received electronic document to the hard disk 404 (step S212). Next, the overall control unit 121 sets the login flag to "0" (step S186). As described above, the operation of the scan to server when the setting not to generate the signature data is terminated.

On the other hand, when the signature data is set to be generated (“YES” in step S182), the overall control unit 121 determines whether the login flag is “1” or “2” (step S187). ).

When the login flag is "1" ("= 1" in step S187), the password login has been performed, so that the general control unit 121 generates a temporary private key and a temporary public key for the key generation unit 124. The key generation unit 124 generates a temporary private key and a temporary public key (step S188). Next, the overall control unit 121 causes the key generation unit 124 to generate a temporary public key certificate, and the key generation unit 124 generates the temporary public key certificate. Further, the integrated control unit 121 writes in the user information in the user information table 141, assuming that the provisional issuance is present or not, in correspondence with the user ID that identifies the logged-in user (step S189). Next, the overall control unit 121 causes the scanner control circuit 107 to scan the document with the image reader 11 and generate image data (step S190). Next, the overall control unit 121 controls the scanner control circuit 107 so as to generate an electronic document from the generated image data (step S191). Next, the integrated control unit 121 generates the temporary signature data S = Sign (temporary private key, Hash value of the electronic document) from the Hash value of the electronic document by using the temporary private key for the signature generation unit 125. (Step S193). Next, the overall control unit 121 generates an electronic document with the temporary signature data (step S194). Next, the integrated control unit 121 transmits the generated electronic document with the temporary public key certificate and the temporary signature data to the server device 4 via the network communication circuit 106 and the network 2 to the transmission / reception unit 127. (Step S216). The transmission / reception unit 413 receives the electronic document with the temporary public key certificate and the temporary signature data from the image forming apparatus 5 via the network 2 and the network communication circuit 405 (step S216). The read / write unit 412 writes the received temporary public key certificate and the electronic document with the temporary signature data to the hard disk 404 (step S217). Next, the overall control unit 121 sets the login flag to "0" (step S196). With the above, the setting to generate the signature data is set, and the operation of the scan to server when the password is logged in is terminated.

Next, when the login flag is "2" ("= 2" in step S187), since the card has been logged in, the signature data generation process (details will be described later) is executed (step S197). ). Next, the overall control unit 121 sets the login flag to "0" (step S198). With the above, the setting to generate the signature data is set, and the operation of the scan to server when the card is logged in is terminated.

(6) Generation of signature data The operation of generating signature data will be described with reference to the flowchart shown in FIG. The scan-to-Box operation described here is the details of step S197 of FIGS. 12 and 13.

The overall control unit 121 causes the scanner control circuit 107 to scan the document with the image reader 11 and generate image data (step S231). Next, the overall control unit 121 controls the scanner control circuit 107 to generate an electronic document from the generated image data (step S232) and to generate a Hash value from the generated electronic document (step S233). ). The integrated control unit 121 wirelessly transmits the Hash value of the generated electronic document via the wireless communication circuit 111 and the antenna 112 (step S234). The transmission / reception unit 313 receives the Hash value of the electronic document from the image forming apparatus 5 via the antenna 306 and the wireless communication circuit 305 (step S234).

The read / write unit 311 reads the user private key 322 from the storage unit 304 (step S235). Next, the signature generation unit 314 digitally signs the Hash value of the received electronic document using the read user private key 322, and the signature data = Sign (user private key, Hash value of the electronic document). ) Is generated (step S236). The transmission / reception unit 313 wirelessly transmits the generated signature data via the wireless communication circuit 305 and the antenna 306 (step S237). The transmission / reception unit 127 receives the signature data by the antenna 112 and the wireless communication circuit 111 (step S237).

The integrated control unit 121 generates an electronic document with signature data (step S238).

In the case of scan to Box, the Box control unit 126 writes the generated electronic document with signature data in the Box identified by the user ID (step S239).

Alternatively, in the case of a scan-to-server, the transmission / reception unit 127 transmits the generated electronic document with signature data to the server device 4 via the network communication circuit 106 and the network 2 (step S241). The transmission / reception unit 413 receives the electronic document with the signature data via the network 2 and the network communication circuit 405 via the network 2 and the network communication circuit 405 (step S241). The read / write unit 412 writes the received electronic document with signature data to the hard disk 404 as an electronic document 426 with signature data (step S242).

This completes the process of generating signature data.

(7) Temporary signature data replacement process The operation of the temporary signature data replacement process will be described with reference to the flowchart shown in FIG. The operation of the temporary signature data replacement process described here is the details of step S108 of FIG.

The integrated control unit 121 refers to the user information table 141 and determines whether or not there is a provisional issuance corresponding to the user ID stored at the time of card login. That is, it is determined whether the temporary private key and the temporary public key certificate have already been issued and the temporary signature data has been generated for the user ID that identifies the user who has logged in to the card (step S250). When the presence / absence of temporary issuance is "none" ("none" in step S250), the temporary private key and the temporary public key certificate have not been issued to the user ID, and the temporary signature data has not been generated. Therefore, the temporary signature data replacement process is not executed.

On the other hand, when the presence / absence of provisional issuance is "Yes" ("Yes" in step S250), the overall control unit 121 then corresponds to the user ID that identifies the user who has logged in to the card from the user information table 141. Read the save destination to be saved (step S251).

When the save destination is Box, the Box control unit 126 reads an electronic document from the Box 131 identified by the user ID, generates a Hash value from the read electronic document (step S252), and the transmission / reception unit 127 reads the electronic document. The Hash value of the electronic document is transmitted by the wireless communication circuit 111 and the antenna 112 (step S256). The transmission / reception unit 313 receives the Hash value of the electronic document by the antenna 306 and the wireless communication circuit 305 (step S256).

Alternatively, when the storage destination is a server, the transmission / reception unit 127 transmits the transmission request of the electronic document to the server device 4 via the network communication circuit 106 and the network 2 (step S253). The transmission / reception unit 413 receives an electronic document transmission request from the image forming apparatus 5 via the network 2 and the network communication circuit 405 (step S253). The read / write unit 412 reads the electronic document from the hard disk 404 (step S254). The transmission / reception unit 413 transmits the read electronic document via the network communication circuit 405 and the network 2 (step S255). The transmission / reception unit 127 receives an electronic document via the network 2 and the network communication circuit 106, and generates a Hash value from the received electronic document (step S255). Next, the transmission / reception unit 127 wirelessly transmits the Hash value of the received electronic document via the wireless communication circuit 111 and the antenna 112 (step S257). Next, the transmission / reception unit 313 receives the Hash value of the electronic document by the antenna 306 and the wireless communication circuit 305 (step S257).

The read / write unit 311 reads the user private key 322 from the storage unit 304 (step S258). Next, the signature generation unit 314 digitally signs the Hash value of the received electronic document using the read user private key 322, and the signature data = Sign (user private key, Hash value of the electronic document). ) Is generated (step S259).

The transmission / reception unit 313 wirelessly transmits the generated signature data via the wireless communication circuit 305 and the antenna 306 (step S260). The transmission / reception unit 127 receives the signature data via the antenna 112 and the wireless communication circuit 111 (step S260).

The integrated control unit 121 generates an electronic document with signature data (step S261).

Next, when the storage destination is Box, the Box control unit 126 deletes the electronic document with the temporary signature data in the Box 131 identified by the user ID, and the read / write unit 128 temporarily deletes the electronic document in the storage circuit 110. The private key and the temporary public key certificate are deleted (step S262).

Alternatively, when the storage destination is a server, the transmission / reception unit 127 transmits an instruction to delete the temporary public key certificate and the electronic document with the temporary signature data to the server device 4 via the network communication circuit 106 and the network 2. (Step S263). The transmission / reception unit 413 receives an instruction to delete the temporary public key certificate and the electronic document with the temporary signature data via the network 2 and the network communication circuit 405 (step S263). The read / write unit 412 deletes the temporary public key certificate 422 and the electronic document 423 with the temporary signature data stored in the hard disk 404 (step S264).

Next, when the storage destination is Box, the Box control unit 126 writes an electronic document with signature data in Box 131 identified by the user ID (step S265).

Alternatively, when the storage destination is a server, the transmission / reception unit 127 transmits an instruction to write an electronic document with signature data to the server device 4 via the network communication circuit 106 and the network 2 (step S266). The transmission / reception unit 413 receives a writing instruction of an electronic document with signature data via the network 2 and the network communication circuit 405 (step S266). The read / write unit 412 writes an electronic document with signature data to the hard disk 404 (step S267).

This completes the description of the operation of the temporary signature data replacement process.

1.10 Summary According to the above embodiment, when the user's key cannot be used, a temporary key and a temporary certificate are issued, and a temporary signature document is generated using the issued temporary key. If the user's key is available, the user's key is used to generate a formal signature document.

According to the above configuration, even if the user's key cannot be used, if the temporary key is used to generate a temporary signature document and then the user's key can be used, the original validity of the document is obtained. It has the excellent effect of being able to generate a signature document that can be verified by.

Here, one aspect of the present disclosure is to acquire data, generate a temporary key, and use the generated temporary key to temporarily obtain data regardless of whether or not the user's key can be acquired. It may be a signature system that generates signature data, acquires a user key assigned to a user, and uses the acquired user key to generate main signature data for the acquired data.

2 Other Modifications Although the present disclosure has been described based on the above-described embodiment, the present disclosure is not limited to the above-described embodiment. It may be as shown below.

(1) The image processing device provided with the above-mentioned signature device may include a login unit that accepts a login from the user with or without using the user's key.

When the login unit accepts the login without using the user's key, the image processing device generates the temporary key and generates the temporary signature data. After that, when the login unit accepts the login using the user's key, the image processing device generates signature data using the user's key.

When the login unit accepts the login without using the user's key, the image processing device may transmit the temporary signature data to the server device connected via the network. After that, when the login unit accepts the login using the user's key, the image processing device may transmit the signature data to the server device.

(2) When the created temporary signature document is transmitted to the external server device in the above image processing device, the signature document is retransmitted to the external server device when the formal signature document is created. There is.

Here, when the external server device is a file server (for example, NAS: network attached storage) and the temporary signature document is sent to the file server to instruct the temporary signature document to be written to the file server. The image processing device stores the writing position of the temporary signature document on the file server. When a formal signature document is generated, it is instructed to delete the temporary signature document stored in the writing position of the file server, and after the deletion, it is instructed to write the formal signature document in the writing position. To do.

In this way, when the login is accepted without using the user's key, the image processing device specifies the storage area in which the temporary signature data should be stored in the server device, and transmits the temporary signature data.

Next, when the login is accepted using the user's key, the server device gives an instruction to delete the temporary signature data stored in the storage area in the server device and an instruction to write the signature data to the storage area. Send to.

(3) When the image processing device accepts the login without using the user's key, the image processing device transmits an e-mail with the temporary signature data or the temporary signature document attached to the information processing device of the transmission partner via the network. You may. After that, when the login is accepted using the user's key, the image processing device may send an e-mail with the signature data or the signature document attached to the information processing device of the transmission partner via the network. ..

Further, when the image processing device accepts the login without using the user's key, the temporary signature data or the temporary signature document is stored in the designated storage position in the information processing device (server device) connected to the network. You may. At this time, the image processing device may send an e-mail stating that the temporary signature data or the temporary signature document is stored at the designated position to the information processing device of the transmission partner via the network. At that time, when the login is accepted by using the user's key in the future, the storage location where the generated signature data or the signature document should be stored may be described in the e-mail. When the image processing device accepts the login by using the user's key, the image processing device stores the generated signature data or signature document in the above storage location.

In this way, if the login is accepted without using the user's key, when the signature data is generated in the future, the image processing device will perform a temporary signature together with the storage location on the network for storing the signature data. The data may be attached to an e-mail and provided with a transmission means for transmitting the data to an external terminal device. When the login is accepted by using the user's key, the transmission means transmits the signature data to a storage location on the network so that the signature data is stored in the storage location.

(4) As described above, the temporary public key certificate includes the expiration date of the temporary public key. If it is not possible to obtain the user's private key before the expiration date, the image processing device further generates the user's second temporary private key and uses the second temporary private key. A corresponding second temporary public key may be generated, and a second temporary public key certificate demonstrating the validity of the second temporary public key may be generated. The image processing device digitally signs the electronic document using the second temporary private key to generate the second temporary signature data.

(5) In the above-described embodiment and modification, a digital signature using a public key cryptosystem based on a public key infrastructure technology is adopted. However, this is not limited to this. A common key cryptosystem may be used.

For example, the image forming apparatus is provided with a signature device that digitally signs data by a common key cryptosystem, and is in a situation where it is not possible to acquire an acquisition means for acquiring data and a user's private key by the common key cryptosystem. In this case, instead of the user's private key, a common key cryptosystem is used for the acquired data by using a generation means for generating a temporary secret key by a common key cryptosystem and the generated temporary private key. The data is provided with a signing means for digitally signing and generating temporary signature data, and the signing means uses the user's private key when the user's private key can be obtained. On the other hand, a digital signature may be applied by a common key cryptosystem to generate signature data.

(6) In the above embodiment, the image forming apparatus generates an electronic document with temporary signature data or an electronic document with signature data. However, this is not limited to this.

The image forming apparatus may generate the temporary signature data and the electronic document separately. Further, the image forming apparatus may generate the signature data and the electronic document separately.

(7) The image forming apparatus may be an image reading apparatus that does not include the printer 12 and the paper feeding unit 13 shown in FIG. 1 but includes the image reader 11 shown in FIG.

(8) As described above, the image forming apparatus is a computer system including a microprocessor and a memory. The memory stores the computer program, and the microprocessor may operate according to the computer program.

The microprocessor is composed of a fetch unit, a decoding unit, an execution unit, a register file, an instruction counter, and the like. The fetch unit reads one instruction code included in the computer program from the computer program stored in the memory. The decoding unit decodes the read instruction code. The execution unit operates according to the decoding result. In this way, the microprocessor operates according to the computer program stored in the memory.

Here, a computer program is configured by combining a plurality of instruction codes indicating instructions to a computer in order to achieve a predetermined function.

Further, the computer program may be recorded on a computer-readable recording medium such as a flexible disk, a hard disk, an optical disk, or a semiconductor memory.

Further, the computer program may be transmitted via a wired or wireless telecommunication line, a network typified by the Internet, data broadcasting, or the like.

(9) The above-described embodiment and the above-mentioned modification may be combined.

Even if the signature system according to the present disclosure is in a situation where the user key cannot be obtained, the data can be obtained when the user key can be obtained after generating the temporary signature data using the temporary key. It has an excellent effect of being able to generate signature data that can verify the original validity of the data, and is useful as a technique for digitally signing data.

1 Communication system 2 Network 3 Signature device 4 Server device 5 Image forming device 11 Image reader 12 Printer 13 Paper feed section 15 Discharge tray 19 Operation panel 20Y to 20K Image drawing section 100 Control circuit 101 CPU
101a Main control unit 102 ROM
103 RAM
104 image memory 105 image processing circuit 106 network communication circuit 107 scanner control circuit 108 input / output circuit 109 printer control circuit 110 storage circuit 111 wireless communication circuit 112 antenna 113 Box storage circuit 121 general control unit 122 login control unit 123 encryption unit 124 keys Generation unit 125 Sign generation unit 126 Box control unit 127 Transmission / reception unit 128 Read / write unit 301 CPU
301a Main control unit 302 ROM
303 RAM
304 Storage unit 305 Wireless communication circuit 306 Antenna 311 Read / write unit 312 Encryption unit 313 Transmission / reception unit 314 Signature generation unit 315 Multiple-unit control unit 401 CPU
401a Main control unit 402 ROM
403 RAM
404 Hard disk 405 Network communication circuit 411 Overall control unit 412 Read / write unit 413 Transmission / reception unit

Claims (15)

A signature system that generates signatures for data
The acquisition method for acquiring data and
A generation means to generate a temporary key,
A first signing means for generating temporary signature data for the data using the temporary key,
A key acquisition method for acquiring the user key assigned to the user,
A signature system including a second signature means for generating the present signature data for the data by using the user key. The signature system is composed of a security device and a data acquisition device.
The data acquisition device includes the acquisition means, the generation means, and the first signature means.
The signature system according to claim 1, wherein the security device includes the key acquisition means and the second signature means. The first signing means and the second signing means are each digitally signed using a public key cryptosystem.
The user key is a private key in public key cryptography.
The generation means generates a temporary private key of the user as the temporary key, further generates a temporary public key corresponding to the temporary private key, and indicates the validity of the temporary public key. Generate a certificate and
The first signing means digitally signs using the temporary private key.
The signature system according to claim 2, wherein the second signature means digitally signs using the private key of the user. The data acquisition device further includes a signature giving means for attaching the generated temporary signature data to the data to generate the temporary signature data.
The signature system according to claim 3, wherein the signature-imparting means attaches the generated signature data to the data to generate the signed data. The security device further
A key storage means for storing the user key is provided.
The signature system according to claim 2, wherein the second signature means uses the user key stored in the key storage means to generate the signature data. An image processing device that generates signatures for data.
The acquisition method for acquiring data and
A generation means to generate a temporary key,
A first signing means for generating temporary signature data for the data using the temporary key,
An image processing apparatus including a signature data acquisition means for acquiring the present signature data generated for the data by using a user key assigned to the user. Further, a login means for accepting a login from the user with or without using the user key is provided.
When the login means accepts the login without using the user key, the generation means generates the temporary key, and the first signing means generates the temporary signature data.
The image processing device according to claim 6, wherein when the login means accepts a login using the user key, the signature data acquisition means acquires the signature data. further,
Data storage means and
A writing means that associates the generated temporary signature data with the user and writes it to the data storage means, and
7. The image processing apparatus according to claim 7. When a login is accepted by the login means using the user key, the writing means replaces the temporary signature data stored in the data storage means with the acquired present signature data. The image processing apparatus according to claim 8. Further, the login means includes a transmission means for transmitting the temporary signature data to the server device connected via the network when the login is accepted without using the user key.
The image processing according to claim 7, wherein the transmission means transmits the signature data to the server device when the login means receives the login by using the user key. apparatus. When the transmission means accepts a login without using the user key, the transmission means specifies a storage area for storing the temporary signature data in the server device and transmits the temporary signature data. The image processing apparatus according to claim 10. When the transmission means uses the user key to accept a login, the transmission means gives an instruction to delete the temporary signature data stored in the storage area in the server device, and the acquired main signature data and the signature data. The image processing device according to claim 11, wherein an instruction to write the signature data to the storage area is transmitted to the server device. Further, when the login is accepted by the login means without using the user key, when the signature data is generated in the future, the temporary storage location on the network for storing the signature data and the provisional Equipped with a transmission means to attach the signature data to an e-mail and send it to an external terminal device,
When the transmission means receives a login by the login means using the user key, the transmission means obtains the book to a storage location on the network so that the signature data is stored in the storage location. The image processing apparatus according to claim 7, wherein the signature data is transmitted. The temporary public key certificate includes the expiration date of the temporary public key.
If the user's private key cannot be obtained before the expiration date, the generation means further generates the user's second temporary private key and corresponds to the second temporary private key. A second temporary public key is generated, a second temporary public key certificate demonstrating the validity of the second temporary public key is generated, and the first signing means uses the second temporary private key. The signature system according to claim 3, wherein a second tentative signature data is generated based on the data. A control method used in signature systems that generate data signatures.
The acquisition step to acquire the data and
A generation step to generate a temporary key,
The first signing step of generating temporary signature data for the data using the temporary key,
A key acquisition step to acquire the user key assigned to the user,
A control method comprising a second signature step of generating the signature data for the data using the user key.

Images