JP2021114016A - Information processing system, information providing method, and program - Google Patents

Abstract

To make it possible, in an information processing system that provides image data, to grasp the state of use of the image data provided by the information processing system.SOLUTION: An information processing system is an information processing system that provides image data, and has: a data management unit that manages the image data; a reference information providing unit that provides reference information for using the image data; and a use monitoring unit that monitors the use of the image data using the reference information and stores the history of use of the image data in history information for management.SELECTED DRAWING: Figure 4

Description

The present invention relates to an information processing system, an information providing method, and a program.

In an information processing system that provides image data, by storing the image data provided by the information processing system and the bibliographic information of the image data as history information, when the image data is leaked, the source of the leak can be identified. Techniques for facilitating are known.

Further, in the information processing device mounted on the copying machine, when data is input / output, history information including input / output image data information and security information is saved, and the history information is output according to the security information. Techniques for limiting are known (see, for example, Patent Document 1).

However, in the conventional technology, when it is discovered that the image data provided by the information processing system has been leaked, the source of the leaked image data can only be identified, and the image data provided by the information processing system can be identified. There is a problem that the usage status cannot be grasped.

One embodiment of the present invention has been made in view of the above problems, and enables an information processing system that provides image data to grasp the usage status of the image data provided by the information processing system.

In order to solve the above problems, the information information system according to the embodiment of the present invention is an information information system that provides image data, and uses a data management unit that manages the image data and the image data. It has a reference information providing unit that provides reference information for the purpose, and a usage monitoring unit that monitors the use of the image data using the reference information and stores and manages the usage history of the image data in the history information. ..

According to one embodiment of the present invention, in an information processing system that provides image data, it becomes possible to grasp the usage status of the image data provided by the information processing system.

It is a figure which shows the example of the system structure of the information processing system which concerns on one Embodiment. It is a figure which shows the example of the hardware configuration of the computer which concerns on one Embodiment. It is a figure which shows the example of the hardware composition of the image forming apparatus which concerns on one Embodiment. It is a figure which shows the example of the functional structure of the distribution system which concerns on one Embodiment. It is a figure which shows the example of the functional structure of the use terminal which concerns on one Embodiment. It is a figure which shows the image of the information which the information processing system which concerns on one Embodiment manages. It is a sequence diagram which shows the example of the delivery process which concerns on one Embodiment. It is a sequence diagram (1) which shows the example of the utilization process which concerns on 1st Embodiment. It is a sequence diagram (2) which shows the example of the utilization process which concerns on 1st Embodiment. It is a sequence diagram (3) which shows the example of the utilization process which concerns on 1st Embodiment. It is a sequence diagram which shows the example of the processing of the data management part which concerns on 2nd Embodiment. It is a flowchart (1) which shows an example of image log reduction processing which concerns on 2nd Embodiment. It is a flowchart (2) which shows the example of the image log reduction processing which concerns on 2nd Embodiment. It is a figure which shows an example of the system structure of the conventional information processing system.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
<System configuration>
FIG. 1 is a diagram showing an example of a system configuration of an information processing system according to an embodiment. The information processing system 1 includes, for example, a distribution system 10, a distribution destination 20, an authentication server 30, and the like, as shown in FIG. The authentication server 30 may use an authentication server 30 outside the information processing system 1. Further, the delivery destination 20 may be a delivery destination outside the information processing system 1.

As an example, the distribution system 10 includes an information processing device 100, an information terminal 110, an image forming device 120, a data management server 130, and the like.

The information processing device 100 is an information processing device having a computer configuration, or a system including a plurality of information processing devices. The information processing device 100 converts electronic data such as image data and document data registered from terminal devices such as the information terminal 110 and the image forming device 120 into image data in a predetermined format, if necessary. Provide to the delivery destination.

The information terminal 110 is an information processing device used by a user, for example, a PC (Personal Computer), a tablet terminal, a smartphone, or the like. The information terminal 110 is an example of a registration terminal that registers, for example, an electronic file such as document data created by an application or image data taken by a camera in the information processing device 100.

The image forming apparatus 120 is, for example, an electronic device such as an MFP (Multifunction Peripheral) in which a scanning function, a copying function, a printing function, a facsimile function, and the like are mounted in one housing. The image forming apparatus 120 is another example of a registration terminal that registers an electronic file such as image data read by a scanning function in the information processing apparatus 100.

The registration terminal may be another electronic device having a communication function and capable of registering an electronic file such as image data in the information processing device 100, an information processing device, or the like. For example, registered terminals include IWBs (Interactive White Boards), industrial machines, imaging devices, medical devices, network home appliances, connected cars, mobile phones, and game machines. , PDA (Personal Digital Assistant), digital camera, wearable terminal, etc. may be used.

The data management server 130 is an information processing device having a computer configuration, or a system including a plurality of information processing devices. The data management server 130 functions as a storage unit that stores the image data provided by the information processing apparatus 100 to the delivery destination 20 and the image log 131 including the bibliographic information of the image data. The bibliographic information of the image data may include various information such as information on the user who registered the image data (hereinafter referred to as a registrant), registration date and time, information on the registered terminal, and operation information.

The delivery destination 20 is an example of an information processing device or system in which the delivery system 10 provides image data, and in the example of FIG. 1, the delivery destination 20 includes a cooperation server 21 and an information terminal 110.

The cooperation server 21 is an information processing device having a computer configuration, or a system including a plurality of information processing devices. The cooperation server 21 stores, for example, a link file 22 realized by a storage server or the like and distributed from the distribution system 10. Here, the link file 22 is an electronic file including information (reference information) such as a link destination for using the image data provided by the distribution system 10.

The information terminal 110 of the distribution destination 20 is an information processing device used by the user, for example, a PC, a tablet terminal, a smartphone, etc., and the link file 22 is used to use the image data provided by the distribution system 10. This is an example of a terminal used by. The information terminal 110 of the distribution destination 20 may be a terminal device different from the information terminal 110 of the distribution system 10, or may be the same terminal device.

The authentication server 30 is an information processing device having a computer configuration, or a system including a plurality of information processing devices. The authentication server 30 authenticates a terminal device such as a registered terminal (information terminal 110, image forming device 120, etc.) of the distribution system 10 and a user terminal (information terminal 110, etc.) of the distribution destination, or a user who uses the terminal device. ..

For example, the authentication server 30 executes an authentication process for authenticating the user of the information terminal 110 by an authentication method such as SAML (Security Assertion Markup Language) or Open ID. Further, when the authentication is successful, the authentication server 30 issues authentication information such as an assertion and a security token to the information terminal 110. As a result, the information terminal 110 can log in to the distribution system 10 and the cooperation server 21 of the distribution destination 20 by omitting the authentication operation by using the issued authentication information.

(Outline of processing)
Subsequently, the outline of the processing of the information processing system 1 will be described with reference to FIG. In the following description, the user who uses the registered terminal is referred to as a "registrant", and the user who uses the user terminal is referred to as a "user".

In FIG. 1, a registrant registers electronic data such as image data and document data in the information processing device 100 using a registration terminal (information terminal 110, image forming device 120, etc.) (step S1). As an example, the registrant registers the image data or the like obtained by scanning the document with the image forming apparatus 120 in the information processing apparatus 100. As another example, the registrant registers the document data or the like created by the information terminal 110 in the information processing device 100.

In response to this, the information processing apparatus 100 performs predetermined processing on the registered electronic data (step S2). As an example, when the distribution system 10 is a system that provides image data in PDF (Portable Document Format) format, the information processing device 100 converts the registered electronic data into image data in PDF format. As another example, when the distribution system 10 is a system that provides image data in JPEG (Joint Photographic Experts Group) format, the information processing apparatus 100 converts the registered electronic data into image data in JPEG format.

Further, the information processing apparatus 100 stores the image data that has been subjected to predetermined processing and the image log 131 including the bibliographic information of the image data in the data management server 130 (step S3).

Further, the information processing apparatus 100 distributes the link file 22 for using the image data stored in the data management server 130 to the distribution destination 20 (step S4). For example, the information processing device 100 stores the link file 22 in the cooperation server 21 of the distribution destination. The link file 22 includes, for example, path information for using the image data provided by the distribution system 10 and reference information such as a URL (Uniform Resource Locator).

On the other hand, the user who uses the user terminal (information terminal 110 or the like) of the distribution destination 20 uses the image data managed by the distribution system 10 by using the link file 22 (step S5). For example, the user uses the information terminal 110 to acquire the link file 22 stored in the cooperation server 21, and uses the reference information included in the link file 22 to obtain the image data managed by the data management server 130. It can be used (for example, reference, acquisition, etc.).

At this time, for example, the usage monitoring module 101 realized by a program executed by the information processing device 100 or the like monitors the usage of image data using the reference information included in the link file 22, and stores the usage history. Is executed (step S6). For example, the usage monitoring module 101 includes identification information (hereinafter referred to as data ID) for identifying image data accessed using reference information, identification information for identifying a user (hereinafter referred to as user ID), and usage date and time. , Information such as usage is stored in the usage history.

According to the present embodiment, the information processing system 1 that provides the image data can grasp the usage status of the image data provided by the information processing system by the above processing.

(Example of conventional information processing system)
Here, as a comparative example, an example of the system configuration of the conventional information processing system will be described. FIG. 14 is a diagram showing an example of the system configuration of the conventional information processing system 1400. Since the basic configuration of the information processing system 1400 is the same as the configuration of the information processing system 1 according to the present embodiment described with reference to FIG. 1, here, the differences from the information processing system 1 according to the present embodiment are described. I will explain mainly.

The information processing system 1400 includes, for example, a distribution system 1410, a distribution destination 1420, an authentication server 30, and the like. Further, the distribution system 1410 has an information processing device 1411 and a data management server 1412 instead of the information processing device 100 and the data management server 130 of FIG. Further, the delivery destination 1420 has a cooperation server 1421 instead of the cooperation server 21 of FIG.

Here, the information processing device 1411, the data management server 1412, and the cooperation server 1421 are, for example, an information processing device having a computer configuration or a system including a plurality of information processing devices.

(Outline of conventional processing)
Subsequently, the outline of the processing of the conventional information processing system 1400 will be described. Here, detailed description of the same processing as that of the information processing system 1 described with reference to FIG. 1 will be omitted.

In FIG. 14, a registrant registers electronic data such as image data and document data in the information processing device 1411 using a registration terminal (information terminal 110, image forming device 120, etc.) (step S11). This process may be the same as the process of step S1 of FIG.

In response to this, the information processing apparatus 1411 performs predetermined processing on the registered electronic data (step S2). This process may be the same as the process of step S2 of FIG.

Subsequently, the information processing device 1411 distributes the image data that has undergone predetermined processing to the cooperation server 1421 (step S13). For example, the information processing apparatus 1411 stores the image data 1401a that has undergone predetermined processing in the cooperation server 1421.

Further, the information processing apparatus 1411 stores the duplicate 1401b of the image data 1401a delivered to the cooperation server 1421 and the image log including the bibliographic information of the image data 1401a in the data management server 1412.

On the other hand, the user who uses the user terminal (information terminal 110 or the like) of the delivery destination 1420 uses the image data stored in the cooperation server 1421.

In this case, the distribution system 1410 cannot manage the usage status of the distributed image data 1401a (for example, who used it, when, how, etc.). Therefore, for example, when it is discovered that the image data provided by the distribution system 1410 has been leaked, the leak source of the leaked image data can only be identified as the cooperation server 1421, and the leak source information terminal 110, It is difficult to identify users.

On the other hand, according to the information processing system 1 according to the present embodiment shown in FIG. 1, the user ID, the date and time of use, the usage, etc. of the user who used the image data distributed by the distribution system 10 can be easily specified from the usage history. can do.

The system configuration of the information processing system 1 shown in FIG. 1 is an example. For example, the distribution destination 20 to which the distribution system 10 distributes the link file 22 is not limited to the cooperation server 21, and may be a terminal device such as an information terminal 110.

Further, the function of the data management server 130 of the distribution system 10 may be included in the information processing device 100. Further, the usage monitoring module 101 of the distribution system 10 may be executed by a computer other than the information processing device 100.

<Hardware configuration>
(Hardware configuration of information processing device, information terminal, data management server, cooperation server, and authentication server)
The information processing device 100, the information terminal 110, the data management server 130, the cooperation server 21, the authentication server 30, and the like have, for example, the hardware configuration of the computer 200 as shown in FIG. Alternatively, the information processing device 100, the data management server 130, the cooperation server 21, the authentication server 30, and the like are composed of a plurality of computers 200.

FIG. 2 is a diagram showing an example of a computer hardware configuration according to an embodiment. As shown in FIG. 2, for example, the computer 200 includes a CPU (Central Processing Unit) 201, a ROM (Read Only Memory) 202, a RAM (Random Access Memory) 203, an HD (Hard Disk) 204, and an HDD (Hard Disk Drive). ) Controller 205, display 206, external device connection I / F (Interface) 207, communication I / F 208, keyboard 209, pointing device 210, DVD-RW (Digital Versatile Disk Rewritable) drive 212, media I / F 214, and bus line. It is equipped with 215 and the like.

Of these, the CPU 201 controls the operation of the entire computer 200. The ROM 202 stores, for example, a program used for starting the computer 200 such as an IPL (Initial Program Loader). The RAM 203 is used, for example, as a work area of the CPU 201. The HD204 stores, for example, programs such as an OS (Operating System), an application, and a device driver, and various data. The HDD controller 205 controls, for example, reading or writing of various data to the HD 204 according to the control of the CPU 201.

The display 206 displays various information such as a cursor, a menu, a window, a character, or an image. External device connection The I / F 207 connects various external devices.

The communication I / F 208 is an interface for connecting the computer 200 to the communication network. The keyboard 209 is a kind of input means including a plurality of keys for inputting characters, numerical values, various instructions, and the like. The pointing device 210 is a kind of input means for selecting and executing various instructions, selecting a processing target, moving a cursor, and the like.

The DVD-RW drive 212 controls reading or writing of various data to the DVD-RW211 as an example of the removable recording medium. The DVD-RW211 is not limited to the DVD-RW, and may be another recording medium. The media I / F 214 controls reading or writing (storage) of data to the media 213 such as a flash memory. The bus line 215 includes an address bus, a data bus, various control signals, and the like for electrically connecting each of the above components.

(Hardware configuration of image forming apparatus)
FIG. 3 is a diagram showing an example of the hardware configuration of the image forming apparatus according to the embodiment. The image forming apparatus 120 includes, for example, a controller 310, a short-range communication circuit 320, an engine control unit 330, an operation panel 340, a network I / F 350, and the like, as shown in FIG.

Of these, the controller 310 includes a CPU 301, a system memory (MEM-P) 302, a north bridge (NB) 303, a south bridge (SB) 304, an ASIC (Application Specific Integrated Circuit) 305, and a local memory, which are the main parts of a computer. It has (MEM-C) 306, HDD controller 307, HD308 and the like, and has a configuration in which NB 303 and ASIC 305 are connected by an AGP (Accelerated Graphics Port) bus 311.

Of these, the CPU 301 is a control unit that controls the entire image forming apparatus 120. The NB 303 is a bridge for connecting the CPU 301, the MEM-P302, the SB 304, and the AGP bus 311. A memory controller that controls reading and writing to the MEM-P302, a PCI (Peripheral Component Interconnect) master, and an AGP target. Has.

The MEM-P302 includes a ROM 302a which is a memory for storing programs and data that realizes each function of the controller 310, and a RAM 302b which is used as a memory for developing programs and data and a memory for drawing at the time of memory printing. The program stored in the RAM 302b is configured to be recorded and provided on a computer-readable recording medium such as a CD-ROM, CD-R, or DVD in an installable format or an executable format file. You may.

The SB 304 is a bridge for connecting the NB 303 to a PCI device and peripheral devices. The ASIC 305 is an IC (Integrated Circuit) for image processing applications that has hardware elements for image processing, and has a role of a bridge that connects the AGP bus 311 and the PCI bus 312, the HDD controller 307, and the MEM-C306, respectively. .. The ASIC 305 is a PCI target and an AGP master, an arbiter (ARB) which is the core of the ASIC 305, a memory controller that controls the MEM-C306, and a plurality of DMACs (Direct Memory Access Controllers) that rotate image data by hardware logic and the like. , And a PCI unit that transfers data between the scanner unit 331 and the printer unit 332 via the PCI bus 312. A USB interface or an IEEE 1394 (Institute of Electrical and Electronics Engineers 1394) interface may be connected to the ASIC 305.

The MEM-C306 is a local memory used as a copy image buffer and a code buffer. The HD308 is a storage for accumulating image data, accumulating font data used at the time of printing, and accumulating forms. The HDD controller 307 controls reading or writing of data to the HD 308 according to the control of the CPU 301. The AGP bus 311 is a bus interface for a graphics accelerator card proposed to speed up graphics processing, and the graphics accelerator card can be speeded up by directly accessing the MEM-P302 with high throughput. ..

The short-range communication circuit 320 performs various short-range wireless communications using an antenna 320a or the like for the short-range communication circuit.

The engine control unit 330 is composed of, for example, a scanner unit 331, a printer unit 332, and the like. The scanner unit 331 is a reading device that reads a document or the like. The printer unit 332 is a printing device that prints print data on a print medium. The scanner unit 331 or the printer unit 332 includes, for example, an image processing portion such as error diffusion and gamma conversion.

The operation panel 340 displays a current setting value, a selection screen, etc., and receives a panel display unit 340a such as a touch panel that receives input from an operator, and a numeric keypad that receives setting values of conditions related to image formation such as density setting conditions. It is provided with an operation button 340b including a start key or the like for receiving a copy start instruction. The controller 310 controls the entire image forming apparatus 120, for example, drawing, communication, input from the operation panel 340, and the like.

The image forming apparatus 120 can sequentially switch and select the document box function, the copy function, the printer function, and the facsimile function by using, for example, the application switching key on the operation panel 340. For example, when the document box function is selected, the document box mode is set, when the copy function is selected, the copy mode is set, when the printer function is selected, the printer mode is set, and when the facsimile mode is selected, the facsimile mode is set.

Further, the network I / F350 is an interface for data communication using the network. The short-range communication circuit 320 and the network I / F 350 are electrically connected to the ASIC 305 via, for example, the PCI bus 312.

<Functional configuration>
Subsequently, the functional configuration of the information processing system 1 according to the embodiment will be described.

FIG. 4 is a diagram showing an example of the functional configuration of the distribution system according to the embodiment. In the following description, terminal devices such as the information terminal 110 and the image forming device 120 for registering electronic data such as document data and image data in the information processing device 100 are referred to as registration terminals 480.

(Functional configuration of information processing device)
The information processing device 100, for example, by executing a predetermined program on the CPU 201 of FIG. 2 or a plurality of computers 200, the reception unit 410, the processing unit 420, the data management unit 430, the reference information providing unit 440, and the usage monitoring unit. It realizes 450, a processing execution unit 460, a storage unit 470, and the like. It should be noted that at least a part of each of the above functional configurations may be realized by hardware.

The reception unit 410 accepts registration of electronic data such as document data and image data from a registration terminal 480 such as an information terminal 110 and an image forming device 120.

The processing unit 420 performs predetermined processing on the electronic data received by the reception unit 410 as necessary. For example, when the distribution system 10 is a system that provides image data in PDF format, the processing unit 420 converts the electronic file received by the reception unit 410 into image data in PDF format. When the distribution system 10 is a system that provides image data in JPEG format, the processing unit 420 converts the electronic data received by the reception unit 410 into image data in JPEG format.

However, the present invention is not limited to this, and the processing unit 420 has various processes such as a process of converting an electronic file into image data of a predetermined size, a process of converting color image data into monochrome image data, a tint block process, and addition of a time stamp. It may be the one that performs various processing.

The data management unit 430 stores and manages the image data provided by the distribution system 10 and the bibliographic information of the image data in the data management server 130. For example, the data management unit 430 stores the image data provided by the distribution system 10 and the bibliographic information of the image data in the data management server 130, and the saved image data and the bibliographic information information are displayed in FIG. 6 (A). ) Is stored in the management information 471.

FIG. 6A shows an image of an example of management information 471 according to one embodiment. In the example of FIG. 6A, the management information 471 includes information such as "data ID", "data file path", and "bibliographic information file path" as items.

The "data ID" is identification information that identifies the image data stored in the data management server 130. The "data file path" is information indicating a save destination in which the image data is saved. The "bibliographic information file path" is information indicating a save destination in which the bibliographic information of the image data is saved.

Here, returning to FIG. 4, the description of the functional configuration of the information processing apparatus 100 will be continued.

The reference information providing unit 440 generates a link file 22 for using the image data managed by the data management unit 430, and provides the generated link file 22 to the delivery destination 20. For example, the reference information providing unit 440 generates a link file 22 including a data ID, a data file path, and the like included in the management information 471 of FIG. 6A, and provides the generated link file 22 to the delivery destination 20. The data ID, data file path, and the like included in the link file 22 are examples of reference information for using the image data.

The usage monitoring unit 450 is realized by, for example, a program (utilization monitoring module 101 or the like) executed by the CPU 201 of FIG. 2, and monitors the use of image data using the reference information included in the link file 22.

Preferably, the usage monitoring unit 450 permits the user who has succeeded in the authentication by the authentication server 30 and the user terminal used by the user to use the image data. On the other hand, the usage monitoring unit 450 refuses to use the image data by the user who has failed in the authentication by the authentication server 30 and the user terminal used by the user.

Further, the usage monitoring unit 450 stores and manages the usage history of the image data using the reference information included in the link file 22 in the history information 472 as shown in FIG. 6B, for example.

FIG. 6B shows an image of an example of history information 472 according to one embodiment. In the example of FIG. 6B, the history information 472 includes information such as "access ID", "data ID", "user ID", "date and time of use", and "use" as items. The "access ID" is identification information that identifies access to the image data, and is added by the usage monitoring unit 450. The "data ID" is identification information for identifying the accessed image data, and corresponds to the "data ID" in FIG. 6 (A). The "user ID" is identification information that identifies a user who has used the image data. The "use date and time" is information indicating the date and time when the user terminal or the user used the image data.

"Use" is information indicating the use of image data. In the example of FIG. 6B, "Read" indicates that the use of the image data is viewing (or display), and "Download" indicates that the use of the image data is download (or storage). Shown.

The processing execution unit 460 is realized by, for example, a program (utilization monitoring module 101 or the like) executed by the CPU 201 of FIG. 2, and is predetermined to image data used by using the reference information included in the link file 22. Execute the process.

As an example, the process execution unit 460 executes a process of restricting the use of the image data on the image data used by using the reference information. Here, the processes for restricting the use of image data include, for example, a process for prohibiting printing of image data, a process for prohibiting storage of image data, a process for prohibiting screen capture of image data, and an expiration date for image data. Processing to be set may be included.

As another example, the process execution unit 460 executes a process of adding predetermined information to the image data used by using the reference information. For example, the processing execution unit 460 adds information (such as a tint block, a digital watermark, etc.) that identifies the user, the date and time of use, the terminal used, etc., to the image data used by using the link file 22. It may be the one that executes. Alternatively, the processing execution unit 460 may add information (such as a tint block) indicating that the image data is not the original data to the image data used by using the link file 22.

The storage unit 470 is realized by, for example, a program executed by the CPU 201 of FIG. 2, HDD controllers 205, HD204, and the like, and stores various information and data such as management information 471 and history information 472, for example.

The functional configuration of the information processing device 100 shown in FIG. 4 is an example. For example, the usage monitoring unit 450, the processing execution unit 460, the storage unit 470, and the like may be realized by a computer 200 different from the information processing device 100.

(Functional configuration of registered terminal)
The registration terminal 480 realizes the authentication unit 481 and the registration unit 482 by executing a predetermined program on the CPU 201 (or the CPU 301 in FIG. 3) of FIG. 2, for example. It should be noted that at least a part of each of the above functional configurations may be realized by hardware.

The authentication unit 481 uses the authentication server 30 to authenticate the registrant who uses the registration terminal 480. For example, the authentication unit 481 requests the authentication server 30 to authenticate the registrant by an authentication method such as SAML or Open ID. Further, the authentication unit 481 acquires the authentication information (assertion, security token, etc.) issued by the authentication server 30 when the authentication of the registrant is successful.

The registration unit 482 registers electronic data such as document data and image data created by the registration terminal 480 in the information processing device 100. For example, the registration unit 482 requests the information processing device 100 to register the electronic data by transmitting a distribution request including the electronic data to be registered and the authentication information acquired by the authentication unit 481 to the information processing device 100. ..

(Functional configuration of data management server)
The data management server 130 realizes the data storage unit 402 by, for example, the program executed by the CPU 201 of FIG. 2, the HDD controller 205, the HD204, and the like. The data storage unit 402 functions as a storage unit for storing image data managed by the data management unit 430 of the information processing device 100, bibliographic information of the image data, and the like.

(Functional configuration of the terminal used)
FIG. 5 is a diagram showing an example of the functional configuration of the user terminal according to the embodiment. In the following description, a terminal device such as an information terminal 110 that uses image data provided by the distribution system 10 is referred to as a user terminal 500. The user terminal 500 is an example of a terminal device included in the information processing system 1.

The user terminal (terminal device) 500 realizes, for example, the authentication unit 501, the reference information acquisition unit 502, the data utilization unit 503, the storage unit 504, and the like by executing a predetermined program on the CPU 201 of FIG. .. It should be noted that at least a part of each of the above functional configurations may be realized by hardware.

The authentication unit 501 uses the authentication server 30 to authenticate the user who uses the user terminal 500. For example, the authentication unit 501 requests the authentication server 30 to authenticate the user by an authentication method such as SAML or Open ID. Further, the authentication unit 501 acquires the authentication information (assertion, security token, etc.) issued by the authentication server 30 when the user's authentication is successful.

The reference information acquisition unit 502 acquires the link file 22 (an example of reference information) provided by the distribution system 10. For example, the reference information acquisition unit 502 acquires the link file 22 stored in the cooperation server 21 or the like by the distribution system 10. Alternatively, the reference information acquisition unit 502 may acquire the link file 22 provided by the distribution system 10 without going through the cooperation server 21.

The data utilization unit 503 uses the image data managed by the data management unit 430 of the distribution system 10 by using the reference information included in the link file 22 acquired by the reference information acquisition unit 502. For example, the data utilization unit 503 requests the use of image data including reference information such as a data ID and a data file path included in the link file 22 acquired by the reference information acquisition unit 502 and the authentication information acquired by the authentication unit 501. Is transmitted to the information processing apparatus 100. Further, the data utilization unit 503 uses the image data provided by the information processing apparatus 100 in response to the request for using the image data. For example, the data utilization unit 503 browses (displays) or downloads (saves) the image data provided by the information processing device 100.

The storage unit 504 is realized by, for example, a program executed by the CPU 201 of FIG. 2 and an HDD controller 205, HD204, etc., and stores various information and data such as a link file 22, image data, and the like.

<Processing flow>
Subsequently, the processing flow of the information providing method according to each embodiment will be described.

[First Embodiment]
(Delivery process)
FIG. 7 is a sequence diagram showing an example of the distribution process according to the first embodiment. This process shows an example of a distribution process executed by the information processing system 1 when the registrant registers electronic data in the information processing apparatus 100 using the registration terminal 480.

When the registrant logs in to the registration terminal 480 in step S701, for example, the authentication process shown in steps S702 to S705 is executed.

In step S702, the authentication unit 481 of the registration terminal 480 transmits an authentication request requesting authentication of the registrant to the authentication server 30. This authentication request includes, for example, authentication information such as a user ID that identifies a registrant, a password, biometric information, and an electronic certificate.

In steps S703 and S704, the authentication server 30 executes the authentication process of the registrant (or the registration terminal 480) and transmits the authentication result to the registration terminal 480. Here, the following description will be given assuming that the authentication of the registrant (or the registered terminal 480) is successful and the authentication information for using the information processing system 1 such as the assertion and the security token is transmitted to the registered terminal 480. ..

In step S705, the authentication unit 481 of the registration terminal 480 displays the authentication result indicating that the authentication was successful on the display unit such as the display 206.

When the registrant performs a distribution operation on the registration terminal 480 in step S706, for example, the distribution process as shown in steps S707 to S715 is executed.

In step S707, the registration unit 482 of the registration terminal 480 transmits a distribution request including the electronic data to be registered and the authentication information acquired by the authentication unit 481 to the information processing device 100.

In step S708, the reception unit 410 of the information processing device 100 confirms the authentication information included in the distribution request. For example, the reception unit 410 inquires the authentication server 30 whether or not the authentication information included in the distribution request is valid authentication information.

When the authentication information included in the distribution request is valid authentication information, the information processing system 1 executes the processes after step S709. On the other hand, if the authentication information included in the distribution request is not valid authentication information, the information processing system 1 cancels the processing after step S709.

In step S709, the processing unit 420 of the information processing apparatus 100 processes the electronic data included in the distribution request into image data in a predetermined format, if necessary.

In steps S710 to S712, the data management unit 430 of the information processing apparatus 100 transfers the image data processed by the processing unit 420 (or the image data included in the distribution request) and the bibliographic information of the image data to the data management server 130. Remember (save).

In step S713, the data management unit 430 of the information processing apparatus 100 updates the management information 471 as shown in FIG. 6A. For example, the data management unit 430 registers the data ID, data file path, bibliographic information file path, and the like of the image data stored in the data management server 130 in the management information 471.

In step S714, the reference information providing unit 440 of the information processing apparatus 100 generates a link file 22 for the data management unit 430 to use the image data stored in the data management server 130. The link file 22 includes, for example, reference information such as a data ID of image data stored in the data management server 130 by the data management unit 430 and a data file path.

In step S715, the reference information providing unit 440 of the information processing device 100 distributes the generated link file 22 to the cooperation server 21 of the distribution destination 20.

In step S716, the cooperation server 21 of the delivery destination 20 stores the link file 22 delivered from the information processing device 100.

By the above processing, for example, as shown in FIG. 1, the link file 22 is stored in the cooperation server 21 of the distribution destination, and the link file 22 can be used from the user terminal 500 such as the information terminal 110. ..

(Usage process 1)
FIG. 8 is a sequence diagram (1) showing an example of the utilization process according to the first embodiment. This process shows an example of the process executed by the information processing system 1 when the user uses the image data provided by the information processing device 100 by using the user terminal 500.

At the start of the process shown in FIG. 8, the authentication unit 501 of the user terminal 500 executes the authentication process as shown in steps S701 to S705 of FIG. 7, and authenticates to use the information processing system 1. It is assumed that the information has been acquired.

In step S801, when the user performs an operation of using image data on the user terminal 500, for example, the use process shown in steps S802 to S811 is executed.

In steps S802 and S803, the reference information acquisition unit 502 of the user terminal 500 acquires the link file 22 stored in the cooperation server 21.

In step S804, the data utilization unit 503 of the user terminal 500 uses the image data including the reference information such as the data ID and data file path of the image data included in the link file 22 and the authentication information acquired by the authentication unit 501. The request is transmitted to the information processing apparatus 100.

In step S805, the usage monitoring unit 450 of the information processing device 100 confirms the authentication information included in the usage request of the image data. For example, the usage monitoring unit 450 inquires the authentication server 30 whether or not the authentication information included in the image data usage request is valid authentication information.

When the authentication information included in the image data usage request is valid authentication information, the information processing system 1 executes the processes after step S806. On the other hand, if the authentication information included in the image data usage request is not valid authentication information, the information processing system 1 cancels the processing after step S806.

In step S806, the utilization monitoring unit 450 of the information processing apparatus 100 updates the history information 472 as shown in FIG. 6B, for example. For example, the usage monitoring unit 450 assigns a new access ID, associates it with the access ID, and provides information such as the data ID included in the image data usage request, the user ID of the user, the date and time of use, and the usage. Is registered in the history information 472.

In steps S807 to S809, the usage monitoring unit 450 of the information processing device 100 acquires the image data requested by the image data usage request from the data management server 130.

For example, in step S807, the usage monitoring unit 450 sends an image data acquisition request including reference information (for example, image data data ID, data file path, etc.) included in the image data usage request to the data management server 130. Send.

In steps S808 and S809, the data storage unit 402 of the data management server 130 transmits the requested image data to the information processing device 100.

In step S810, the usage monitoring unit 450 of the information processing device 100 provides (transmits) the image data acquired from the data management server 130 to the requesting terminal 500.

In step S811, the data utilization unit 503 of the user terminal 500 uses the image data provided by the information processing apparatus 100. For example, the data utilization unit 503 displays the image data provided by the information processing device 100 on a display unit such as a display 206.

By the above processing, according to the information processing system 1 according to the present embodiment, the usage status of the image data provided by the information processing system 1 is stored in the history information 472 as shown in FIG. 6B, for example. , Become able to manage.

(Usage processing 2)
FIG. 9 is a sequence diagram (2) showing an example of the utilization process according to the first embodiment. This process shows another example of the process executed by the information processing system 1 when the user uses the image data provided by the information processing device 100 by using the user terminal 500.

Of the processes shown in FIG. 9, the processes of steps S801 to S809 are the same as the processes of steps S801 to S809 described in FIG. 8, so here, the description will be focused on the differences from the processes shown in FIG. Do.

In step S901, the process execution unit 460 of the information processing device 100 executes a process of adding predetermined information to the image data acquired by the usage monitoring unit 450.

As an example, the processing execution unit 460 performs a tint block process of adding a tint block pattern in which characters such as "COPY" are embedded to the image data acquired by the usage monitoring unit 450. As a result, it is possible to prevent the original data of the image data from being leaked.

As another example, the processing execution unit 460 may add information such as a user, a date and time of use, a terminal used, etc. using the image data to the image data by a tint block pattern, a digital watermark, or the like. Thereby, when the original data of the image data is leaked, the user of the leak source can be easily identified.

In step S902, the usage monitoring unit 450 of the information processing device 100 provides (transmits) image data to which predetermined information is added to the requesting terminal 500.

In step S903, the data utilization unit 503 of the user terminal 500 uses the image data provided by the information processing device 100 (for example, display, storage, printing, etc.).

By the above processing, the information processing system 1 can add information for suppressing leakage of the original data, information for identifying the leakage source of the image data, and the like to the image data provided to the user terminal 500. become able to.

(Usage processing 3)
FIG. 10 is a sequence diagram (3) showing an example of the utilization process according to the first embodiment. This process shows another example of the process executed by the information processing system 1 when the user uses the image data provided by the information processing device 100 by using the user terminal 500.

Of the processes shown in FIG. 10, the processes of steps S801 to S809 are the same as the processes of steps S801 to S809 described in FIG. 8, so here, the description will be focused on the differences from the processes shown in FIG. Do.

In step S1001, the processing execution unit 460 of the information processing apparatus 100 executes a process of restricting the use of the image data on the image data acquired by the usage monitoring unit 450.

For example, the process execution unit 460 has a process of prohibiting printing, a process of prohibiting saving, a process of prohibiting screen capture, and a process of setting an expiration date of image data in the image data acquired by the usage monitoring unit 450. Perform one or more processes.

In step S1002, the usage monitoring unit 450 of the information processing device 100 provides (transmits) image data whose use is restricted to the requesting terminal 500.

In step S1003, the data utilization unit 503 of the user terminal 500 uses (for example, displays) the image data provided by the information processing device 100 within the range permitted for use.

By the above processing, the information processing system 1 can limit the use of the image data provided to the user terminal 500 and suppress the leakage of the image data.

[Second Embodiment]
In the second embodiment, the information processing apparatus 100 describes a process of reducing the image log (image data and bibliographic information of the image data) managed by the data management unit 430 based on the history information 472.

(Processing of data management department)
FIG. 11 is a sequence diagram showing an example of processing of the data management unit according to the second embodiment.

When the data management unit 430 of the information processing apparatus 100 detects in step S1101 that the predetermined execution condition is satisfied, the data management unit 430 of the information processing apparatus 100 executes the processes of step S1102 and subsequent steps. The predetermined execution conditions may be, for example, a predetermined time interval, a predetermined time, a predetermined date and time, the amount of data stored in the data management server 130, and the remaining capacity of the data management server 130. However, it may be a condition such as when a preset threshold value is reached. Further, the predetermined execution conditions may be various preset conditions.

In step S1102, the data management unit 430 of the information processing apparatus 100 aggregates the history information 472 as shown in FIG. 6B, for example. For example, the data management unit 430 aggregates the history information 472 and aggregates the number of accesses (number of uses) for each data ID.

In step S1103, the data management unit 430 of the information processing apparatus 100 determines the image log (or the data ID of the image log) to be reduced based on the aggregation result.

In step S1104, the data management unit 430 of the information processing apparatus 100 executes a reduction process of the image log to be reduced among the image logs stored in the data management server 130.

In step S1105, the data management unit 430 of the information processing apparatus 100 updates the management information 471 as shown in FIG. 6A, for example. For example, the data management unit 430 reflects the result of the image log reduction process in the management information 471.

(Reduction process 1)
FIG. 12 is a flowchart (1) showing an example of image log reduction processing according to the second embodiment. This process shows, for example, an example of the image log reduction process executed by the data management unit 430 of the information processing apparatus 100 in steps S1103 and S1004 of FIG. For example, the data management unit 430 executes the image log reduction process shown in FIG. 12 for each of the image logs (image data) stored in the data management server 130.

In step S1201, the data management unit 430 of the information processing apparatus 100 determines whether or not a predetermined period has elapsed after the target image log (image data) is stored in the data management server 130.

If a predetermined period has elapsed after the storage, the data management unit 430 executes the processes after step S1202. On the other hand, if a predetermined period has not elapsed after the storage, the data management unit 430 cancels the processing after step S1202 and ends the processing of FIG.

When the process proceeds to step S1202, the data management unit 430 determines whether or not the target image log (image data) has a usage record.

If there is no usage record in the image log (image data), the data management unit 430 shifts the process to step S1203. On the other hand, when the image log (image data) has a usage record, the data management unit 430 shifts the process to step S1204.

When the process proceeds to step S1203, the data management unit 430 deletes the target image log (image data and bibliographic information). As a result, it is possible to delete an image log (image data) that has not been used for a predetermined period or longer.

On the other hand, when shifting from step S1202 to step S1204, the data management unit 430 determines whether or not the number of times the target image log (image data) has been used has reached a predetermined threshold value.

When the number of uses reaches the threshold value, the data management unit 430 determines that the frequency of use of the image log (image data) is relatively high, and ends the process shown in FIG. On the other hand, when the number of times of use has not reached the threshold value, the data management unit 430 determines that the frequency of use of the image log (image data) is relatively low, and executes the process of step S1205.

In step S1205, the data management unit 430 compresses or archives the target image log (image data and bibliographic information). Here, archiving means moving the image log to another storage device, recording medium, or the like, which has a lower cost.

By the above processing, the information processing apparatus 100 can reduce the image log (image data and bibliographic information) stored in the data management server 130 according to the frequency of use of the image data by using the history information 472. Will be.

(Reduction process 2)
FIG. 13 is a flowchart (2) showing an example of image log reduction processing according to the second embodiment. This process shows, for example, another example of the image log reduction process executed by the data management unit 430 of the information processing apparatus 100 in steps S1103 and S1004 of FIG. The data management unit 430 executes, for example, the image log reduction process shown in FIG. 13 for each of the image logs (image data) stored in the data management server 130.

Of the processes shown in FIG. 13, the processes of steps S1201 to S1204 are the same as the processes of steps S1201 to S1204 described with reference to FIG. Do.

Further, here, it is assumed that the information processing system 1 manages the user information 601 as shown in FIG. 6C, for example.

FIG. 6C shows an image of an example of user information 601 managed by the information processing system 1 according to the embodiment. In the example of FIG. 6C, the user information 601 includes information such as "user ID", "name", and "role" as items.

The "user ID" is identification information for identifying a user registered in the information processing system 1, and corresponds to the "user ID" in FIG. 6B. The "name" is information indicating the user's name. The "role" is, for example, information indicating a user's job title, role, authority, and the like. As an example, the user information 601 is managed by the authentication server 30, and the information processing apparatus 100 can acquire the name, role, and the like corresponding to the user ID from the authentication server 30.

In step S1204 of FIG. 13, when the data management unit 430 determines that the number of times the target image log (image data) has been used has not reached the threshold value, the process of step S1301 is executed.

In step S1301, the data management unit 430 of the information processing apparatus 100 determines whether or not the target image data has been used by a user of a predetermined role. For example, in the user information 601 as shown in FIG. 6C, the image log (image data) used by the user whose role is "executive" is considered to be relatively important. In this case, the data management unit 430 determines whether or not the target image data has been used by a user whose role is "executive". However, the present invention is not limited to this, and the predetermined role may be, for example, various predetermined roles such as a department manager, a leader, a store manager, and system management.

If there is no usage record by the user of the predetermined role, the data management unit 430 shifts the process to step S1302. On the other hand, when there is a usage record by a user of a predetermined role, the data management unit 430 cancels the process of step S1302 and ends the process of FIG.

When the process proceeds to step S1302, the data management unit 430 compresses or archives the target image log (image data and bibliographic information).

By the above processing, for example, the data management unit 430 is not registered in the history information 472 of FIG. 6 (B) among the image data managed by the management information 471 shown in FIG. 6 (A) (usage record). The image data with the data ID "0x00000004" can be deleted. In addition, the data management unit 430 has the data IDs "0x00000002" and "0x00000002" that are accessed by the user whose role is "executive" among the image data of the data IDs "0x00000002" and "0x00000003" that are accessed relatively few times in the history information 472. Image data can be maintained. Further, the data management unit 430 can compress or archive the image data of the data ID "0x00000003" among the image data of the data IDs "0x00000002" and "0x00000003" whose access times are relatively small in the history information 472. ..

In the conventional information processing system 1400 as shown in FIG. 14, the data of the image log managed by the data management server 1412 is increasing with time. On the other hand, in the information processing system 1 according to the present embodiment, since the usage status of the image data provided by the information processing system 1 can be grasped, the image data that is relatively infrequently used is deleted, compressed, or used according to the usage status. You will be able to archive. Further, the information processing system 1 refers to, for example, the user information 601 as shown in FIG. 6C, and obtains image data having a relatively low importance according to the role of the user using the image data. It will be possible to compress or archive.

As described above, according to each embodiment of the present invention, the information processing system 1 that provides image data can grasp the usage status of the image data provided by the information processing system.

As a result, the information processing system 1 can effectively suppress the leakage of image data by the user. Further, the information processing system 1 can effectively suppress an increase in the amount of data in the image log according to the frequency of use of the image data and the like.

<Supplement>
Each function of each embodiment described above can be realized by one or more processing circuits. Here, the "processing circuit" in the present specification is a processor programmed to execute each function by software such as a processor implemented by an electronic circuit, or a processor designed to execute each function described above. It shall include devices such as ASIC (Application Specific Integrated Circuit), DSP (digital signal processor), FPGA (field programmable gate array) and conventional circuit modules.

Also, the group of devices described in the examples merely represents one of a plurality of computing environments for implementing the embodiments disclosed herein. In certain embodiments, the information processing apparatus 100 includes a plurality of computing devices such as a server cluster. The plurality of computing devices are configured to communicate with each other via any type of communication link, including networks, shared memory, and the like, and perform the processes disclosed herein. Similarly, the data management server 130 can include a plurality of computing devices configured to communicate with each other.

Further, the information processing apparatus 100 and the data management server 130 can be configured to share the disclosed processing steps, for example, the processing shown in FIGS. 7 to 13 in various combinations. For example, a process executed by a predetermined unit can be executed by the information processing apparatus 100. Similarly, the function of a given unit can be performed by the data management server 130. Further, each element of the information processing device 100 and the data management server 130 may be integrated into one server device, or may be divided into a plurality of devices.

1 Information processing system 10 Distribution system 100 Information processing device 110 Information terminal (example of user terminal and terminal device)
430 Data Management Department 440 Reference Information Providing Department 450 Usage Monitoring Department 460 Processing Execution Department 503 Data Usage Department

JP-A-2007-164632

Claims (10)

An information processing system that provides image data
The data management unit that manages the image data and
A reference information providing unit that provides reference information for using the image data,
A usage monitoring unit that monitors the use of the image data using the reference information and stores and manages the usage history of the image data in the history information.
Information processing system. The information processing system according to claim 1, wherein the usage monitoring unit permits a user who has succeeded in a predetermined authentication to use the image data using the reference information. The information according to claim 1 or 2, wherein the data management unit deletes, compresses, or archives at least a part of the image data managed by the data management unit based on the history information. Processing system. The information processing system according to any one of claims 1 to 3, further comprising a process execution unit that executes a predetermined process on the image data used by using the reference information. The information processing system according to claim 4, wherein the processing execution unit executes a process of restricting the use of the image data on the image data used by using the reference information. The processes for restricting the use of the image data include a process for prohibiting printing of the image data, a process for prohibiting the storage of the image data, a process for prohibiting screen capture of the image data, and an expiration date for the image data. The information processing system according to claim 5, which includes one or more processes among the processes to be set. In the processing execution unit, the information for specifying the user, the date and time of use, or the terminal to be used using the image data is added to the image data used by using the reference information, or the image data is the original data. The information processing system according to any one of claims 4 to 6, which executes a process of adding information indicating that there is no information. The information processing system includes a terminal device.
The terminal device is
It has a data utilization unit that uses the image data managed by the data management unit by using the reference information provided by the reference information providing unit.
The information processing system according to any one of claims 1 to 7. The computer that provides the image data
The process of managing the image data and
Processing that provides reference information for using the image data, and
A process of monitoring the use of the image data using the reference information and storing and managing the usage history of the image data in the history information.
How to provide information. To the computer that provides the image data
The process of managing the image data and
Processing that provides reference information for using the image data, and
A process of monitoring the use of the image data using the reference information and storing and managing the usage history of the image data in the history information.
A program that runs.

Images