JP4148920B2 - Image processing system - Google Patents

Description

The present invention relates to an image processing system which can add protection data to an existing image processing apparatus.

  2. Description of the Related Art Conventionally, a system for sharing an image forming apparatus from a plurality of information processing apparatuses by connecting an information processing apparatus such as a personal computer and an image forming apparatus such as a printer or a multifunction machine on a communication network has been proposed. Etc. have been introduced. In addition to speeding up the image forming apparatus itself, an auxiliary storage device such as an HDD (HDD: Hard Disk Drive) is installed in the image forming apparatus to accept a plurality of jobs without stagnation. This is also because the processing capability to form an image has been installed in the computer. In addition, since the image forming apparatus is shared by many users, security of data handled by the image forming apparatus is beginning to be regarded as important.

  Thus, a system for encrypting print data transmitted between an information processing apparatus and an image forming apparatus on a communication network has been proposed. Further, a so-called confidential printing function for temporarily stopping a print job received by the image forming apparatus and starting printing by password authentication from a user or the like is installed in the image forming apparatus (for example, , See Patent Document 1). Further, a function for erasing data stored in the HDD device is installed in the image forming apparatus (see, for example, Patent Document 2).

However, there are quite a few existing image forming apparatuses that are not equipped with a data protection function on the communication network, and when considering the entire system, it is impossible to propose a unified security environment. Has a problem. Therefore, conventionally, a system is constructed by a host computer that controls the printer device and a terminal device connected to the host computer, and when sending print data from the terminal device, the data is transmitted after being encrypted. A system is proposed in which the host computer requests the terminal device to transmit a decryption key at the stage of executing the print processing, the print data is decrypted with the decryption key transmitted in response to the request, and then the print processing is performed. (See Patent Document 3).
JP-A-7-276744 Japanese Patent Laid-Open No. 9-223061 Japanese Patent Laid-Open No. 4-178038

  However, in the system described in Patent Document 3, a request for a decryption key is made from the host computer to the terminal device at the stage of executing the printing process, and the terminal device transmits the decryption key in response to the request. Therefore, the traffic increases as compared with the existing system. In particular, when a large number of terminal devices exist on the communication network, there is a problem that the processing may be stagnated.

  In order to construct the system described in Patent Document 3, it is necessary to install a software program that executes encryption of print data and generation of a decryption key in each terminal device. Has the problem that it takes time and effort.

The present invention has been made in view of such circumstances, and includes a data processing device connected to the image forming apparatus . The data processing device detects a connection state with the image forming device, and based on the detection result. An image processing system capable of ensuring the confidentiality of image data handled by an existing image processing system without reducing processing efficiency by adopting a configuration in which reading of image data stored in a storage unit is stopped. The purpose is to provide.

An image processing system according to the present invention includes an image forming apparatus and a data processing apparatus that includes a storage unit that stores image data processed by the image forming apparatus and is externally connected to the image forming apparatus. In the image processing system, the data processing apparatus includes a communication interface that performs data communication with the image forming apparatus, a management unit that manages identification information for identifying a connection destination apparatus, and an apparatus connected via the communication interface. Is obtained at a timing when the power is turned on and at a periodic timing after the power is turned on, and by comparing the obtained identification information with the identification information managed by the management means , When it is determined that the connection is interrupted, or it is determined that a device different from the image forming apparatus is connected to the communication interface. If, characterized in that it comprises a limiting means for limiting the reading of image data stored in the reception and the storage means of the image data to the storage means are performed via the communication interface.

In the present invention, the image processing apparatus includes a data processing apparatus connected to the image forming apparatus . The data processing apparatus detects a connection state with the image forming apparatus, and an image stored in the storage unit based on the detection result. Since reading of data is stopped, it can be easily incorporated into an existing image processing system, and depending on the combination of connection between an image forming apparatus such as a printer or digital multifunction peripheral and a data processing apparatus. Reading of image data can be stopped, and leakage of image data is prevented. In addition, since only necessary data is transmitted and received between the devices constituting the system, an increase in traffic is prevented.

According to the present invention, since the connection state of the external device is periodically detected, illegal extraction of data due to replacement of the external device or the like is prevented .

According to the present invention comprises a data processing device connected to the image forming apparatus to detect a connection state between the image forming apparatus by the data processing apparatus, the image data stored in the storage means based on the detection result Reading is stopped, so that it can be easily incorporated into an existing image processing system, and depending on the combination of connection between an image forming apparatus such as a printer and a digital multi-function peripheral and a data processing apparatus, Data reading can be stopped and leakage of image data can be prevented. In addition, since only necessary data is transmitted and received between devices constituting the system, an increase in traffic can be prevented, and processing efficiency is not reduced.

  In the case of the present invention, the printer device, the digital multi-function peripheral, and the scanner are provided with the means for connecting the external device, and the reading of the data stored in the storage means is stopped according to the connection state with the external device. Data reading can be stopped depending on the connection state with an external device such as a device, and data leakage can be prevented.

  According to the present invention, it is determined whether or not a predetermined external device is connected, and reading of data is stopped when an external device different from the predetermined external device is connected. In addition, it is possible to prevent data from being illegally taken out by a third party by replacing or duplicating an external device.

  In the case of the present invention, it is determined whether the external device is predetermined based on the identification information attached to the external device. Therefore, it is possible to determine whether or not the device is a predetermined external device based on device-specific information such as a manufacturing number, a manufacturer name, a model name, user information, and information regarding an installation location.

  According to the present invention, since the connection state of the external device is periodically detected, it is possible to prevent illegal extraction of data due to replacement of the external device or the like.

  In the case of the present invention, when the reading of data is stopped, the fact is notified. Therefore, when an unauthorized operation such as replacement of an external device is performed, notification to surrounding users, the administrator It is possible to notify the user by e-mail, and to prevent data leakage.

  According to the present invention, when user authentication is performed, the suspension of data reading can be canceled, so that only a specific person such as a device administrator can change the connection state, and the external device Data leakage associated with replacement or the like can be prevented.

Hereinafter, the present invention will be specifically described with reference to the drawings showing embodiments thereof.
FIG. 1 is a schematic diagram illustrating the configuration of an image processing system according to the present invention. In the figure, reference numeral 100 denotes an image forming apparatus having a print function, a copy function, and a scanner function. The image forming apparatus 100 is connected to a communication network N via a security box 200. Information processing apparatuses 300, 300,..., 300 installed with computer programs (driver programs) for using the image forming apparatus 100 are connected to the communication network N. The information processing apparatuses 300, 300,. A print job based on a document, graphics, or the like created in 300 can be transmitted to the image forming apparatus 100 to execute print processing.

  The image forming apparatus 100 is not equipped with a data protection function such as a hold print function, a confidential function, or an encryption function, but is configured so that these protection functions are added when combined with the security box 200. ing. That is, the security box 200 includes a data processing unit that encrypts received data, a data storage unit that holds the received data, and the like (see FIG. 2).

  In the present embodiment, in order to maintain the confidentiality of the data stored in the security box 200, the connection state is detected by periodically exchanging each other's unique information (identification information), and the connection is blocked. Alternatively, when it is determined that a different image forming apparatus is connected, the security box 200 is configured to block communication with the outside and stop reading data stored in the data storage unit.

  FIG. 2 is a block diagram illustrating the internal configuration of the image forming apparatus 100 and the security box 200. The image forming apparatus 100 includes a CPU 101. The CPU 101 reads and executes a control program stored in advance in the ROM 103, thereby controlling various hardware connected via the bus 102, and the present invention as a whole. It functions as an image transmission device or an image processing device constituting the image processing system.

  The management unit 104 is configured by a semiconductor memory, stores information related to the configuration of installed hardware, and information related to the internal state of the apparatus, and communicates with each hardware when the power is turned on. It is configured to acquire information and to periodically update the contents of information managed by periodically monitoring the status of operating hardware.

  The operation panel 105 includes an operation unit that receives a user's operation instruction and a display unit that displays information to be notified to the user. The operation unit is provided with various operation keys for receiving operation instructions from the user, setting values for each function such as the number of prints, copy density, image data transmission destination, switching operation of each function, output start instruction Accept user's instructions. The display unit includes a liquid crystal display, and displays the operation status of the image forming apparatus 100, various setting values input through the operation unit, information to be notified to the user, and the like.

  The image reading unit 106 includes a light source that irradiates light to a reading document, an image sensor such as a CCD (Charge Coupled Device), an AD converter, and the like (not shown), and is set at a predetermined reading position. An image of the original is imaged on the image sensor and converted into an analog electric signal, and the obtained analog electric signal is AD converted by an AD converter. Then, digital image data is generated by correcting the light distribution characteristics of the light source at the time of document reading, sensitivity variations of the image sensor, and the like on the digital signal obtained by AD conversion.

The image forming unit 107 is, for example, a charger that charges the photosensitive drum to a predetermined potential, or laser writing that generates an electrostatic latent image on the photosensitive drum by emitting laser light in accordance with image data received from the outside. Device, developer that supplies toner to the electrostatic latent image formed on the surface of the photoconductive drum to visualize it, and transfer that transfers the toner image formed on the surface of the photoconductive drum onto a sheet such as paper or an OHP film A device or the like (not shown) is provided, and an image desired by a user can be formed on a sheet by electrophotography.
In this embodiment, the image forming unit 107 is configured to perform image formation by an electrophotographic method using a laser writing device, but is configured to perform image formation by an inkjet method, a thermal transfer method, and a sublimation method. Of course, it may be.

  The image memory 108 is constituted by a semiconductor memory, and temporarily stores image data generated by reading an image of a document by the image reading unit 106, image data acquired by developing a received print job, and the like. The image data temporarily stored in the image memory 108 is transferred to a transfer destination corresponding to the purpose of use. That is, when image formation is performed on paper, the image data is transferred to the image forming unit 107, when image data is transmitted to the information processing apparatus 300, and when stored as image data, the image data is transferred to the USB interface 109.

  The USB interface 109 is an interface for connecting to a host via a USB bus, and includes an SIE (Serial Interface Engine) that executes transmission / reception of data via the USB bus. In the present embodiment, the security box 200 is connected via the USB interface 109.

Hereinafter, the internal configuration of the security box 200 will be described.
The security box 200 includes a control unit 201, a ROM 202 connected to the control unit 201, a USB interface 203, a communication interface 204, a management unit 205, a data processing unit 206, a data storage unit 207, an operation unit 208, and a notification unit 209. I have. The control unit 201 reads and executes the control program stored in the ROM 202, thereby causing the security box 200 to function as the data processing apparatus according to the present invention.

  The USB interface 203 is an interface for connecting an external device via a USB bus, and includes a host controller that controls communication with the connected external device, an SIE that executes transmission / reception of data via the USB bus, and the like. In the present embodiment, the image forming apparatus 100 as an external device is connected, and the security box 200 is configured as a host to control communication between the two.

  The communication interface 204 includes an interface compliant with the communication standard of the communication network N, and receives print jobs from the information processing apparatuses 300, 300,... Information to be notified to the processing device 300 is transmitted. When the image forming apparatus 100 is used as a so-called network scanner, the image data from the image forming apparatus 100 is transmitted to a desired information processing apparatus 300 through the communication interface 204. The communication interface 204 transmits and receives such various data.

The management unit 205 includes a rewritable nonvolatile memory, and a part of the storage area includes an identification number for identifying itself, an identification number for identifying a connection destination device, a password for an administrator, And a management table for storing e-mail addresses of notification destinations. FIG. 3 is a conceptual diagram showing an example of the management table. In the management table shown in FIG. 3, “SB-ΔΔΔΔ”, “AR-xxx” are used as the identification number of the device itself, the identification number of the connection destination device, the password for the administrator, and the e-mail address of the notification destination. “XX”, “1234”, and “XX@ΔΔ.ne.jp” are registered. As the identification number of itself, a manufacturing number, a manufacturer name, a model name, user information, information on an installation location, and the like can be adopted, and are input in advance when the apparatus is manufactured or installed. Similarly to the identification number of the security box 200, the identification number of the installation destination apparatus is a manufacturing number, a manufacturer name, a model name, user information, information on an installation location, and the like, and is connected to the image forming apparatus 100 for the first time. Sometimes set using the operation unit 208 or the like. . The administrator password and the e-mail address of the notification destination are registered by an administrator or a service person using the information processing apparatus 300 connected via the operation unit 208 or the communication interface 204.
Note that it is desirable that these pieces of information registered in the management table be encrypted and held, and decrypted and used as necessary.

  The data processing unit 206 has a function of performing predetermined processing on data transmitted and received through the USB interface 203 or the communication interface 204. Processing executed by the data processing unit 206 includes processing for developing image data from a print job received via the communication interface 204, processing for encrypting image data to be stored in the data storage unit 207, and processing for encrypting data from the data storage unit 207. For example, a process of decoding data when it is read out. Therefore, the data processing unit 206 interprets a PDL (Page Description Language) that is a description language of a print job, an encryption circuit that encrypts data using a predetermined algorithm, and decrypts data using a predetermined algorithm. A decoding circuit.

  The data storage unit 207 is configured by a non-volatile memory or HDD (Hard Disk Drive), and a part of the storage area is a storage area for storing image data obtained by developing a received print job. It is used as. When a request from an external device is received via the USB interface 203 or the communication interface 204, the image data stored in the data storage unit 207 is read and sent to the requesting device (the image forming apparatus 100 or the information processing apparatus 300). Send.

  The operation unit 208 includes various operation keys for accepting operations by an administrator. The operation keys provided in the operation unit 208 include a numerical key for accepting an administrator password and the like, a reset key for releasing the communication of the security box 200, and the like.

  When the control unit 201 detects an abnormality such as the communication with the image forming apparatus 100 being interrupted, the notification unit 209 has a function of notifying surrounding users of that fact. Therefore, the notification unit 209 includes a warning output unit that outputs a warning sound or sound, a display panel such as an LCD (Liquid Crystal Display) that displays a warning message, a warning light output unit such as an LED (Light Emitting Diode) or a rotating lamp. Etc.

  Hereinafter, the operation of the security box 200 will be described. 4 and 5 are flowcharts for explaining the procedure of processing executed by the security box 200 when connected to the image forming apparatus 100. FIG. When the security box 200 is turned on (step S11), the control unit 201 monitors the USB interface 203 to determine whether or not the connection of the image forming apparatus 100 has been detected (step S12). When the connection of the image forming apparatus 100 is not detected (S12: NO), the process waits until the connection of the image forming apparatus 100 is detected.

  If it is determined that the connection of the image forming apparatus 100 has been detected (S12: YES), the image forming apparatus 100 is requested to transmit an identification number (step S13). Then, the control unit 201 sets a timer (not shown) (step S14), and determines whether or not an identification number from the image forming apparatus 100 has been received (step S15). If it is determined that the identification number from the image forming apparatus 100 has not been received (S15: NO), it is determined whether or not a timeout has occurred with reference to the output of the timer (step S16). If it is determined that the timeout has not occurred (S16: NO), the process returns to step S15. If a timeout occurs without receiving the identification number (S16: YES), an error process is executed (step S17), and the process according to this flowchart ends.

  If it is determined that the identification number has been received (S15: YES), it is determined whether there is a connection destination identification number already stored in the management table in the management unit 205 (step S18). If it is determined that there is no connection destination identification number already stored (S18: NO), that is, if it is determined that the security box 200 is connected to the image forming apparatus 100 for the first time, the setting of the identification number is accepted (step S19). ). The setting of the identification number is accepted by the operation of the administrator using the operation unit 208 or the operation panel 105 of the image forming apparatus 100, and the accepted identification number is registered in the management table. Then, the USB interface 203 and the communication interface 204 are shifted to a standby state for waiting for data (step S20).

  If it is determined in step S18 that there is a connection destination identification number already stored in the management table in the management unit 205 (S18: YES), the received identification number is stored in the management table in the management unit 205. It compares with the identification number currently made (step S21), and it is judged whether both identification numbers correspond (step S22). If it is determined that the two identification numbers match (S22: YES), the USB interface 203 and the communication interface 204 are shifted to a standby state for waiting for data (step S23).

  If it is determined that the received identification number and the identification number stored in the management table do not match (S22: NO), a warning is given to surrounding users through the notification unit 209, and an e-mail addressed to the administrator is sent. And sends the created e-mail through the communication interface 204 to notify the administrator (step S24).

  Next, the control unit 201 blocks communication via the USB interface 203 and the communication interface 204 (step S25) and restricts reading of data stored in the data storage unit 207.

  Next, the control unit 201 determines whether or not the interruption of communication is released by an operation by the administrator (step S26). When it is determined that the communication is not released (S26: NO), the control unit 201 waits until it is released. If it is determined that the interruption of communication has been released through the operation unit 208 or the like (S26: YES), the received identification number is registered in the management table and the identification number is updated (step S27). Then, the disconnection of the communication via the USB interface 203 and the communication interface 204 is released (step S28), and a transition is made to a standby state waiting for data reception (step S29).

  FIG. 6 is a flowchart for explaining the operation of the security box 200 in the standby state. First, the control unit 201 resets a timer (not shown) (step S31), and determines whether a predetermined time has elapsed (step S32). If it is determined that the predetermined time has elapsed (S32: YES), the USB interface 203 is checked to check the connection state with the image forming apparatus 100 (step S33). Next, it is determined whether or not the connection state is maintained (step S34). If it is determined that the connection state is maintained (S34: YES), the process returns to step S31.

  When it is determined that the connection state is not held (S34: NO), a warning is given to surrounding users through the notification unit 209, an email addressed to the administrator is created, and the created email is sent via the communication interface 204. The notification is sent to the administrator by transmitting (step S35). Then, the control unit 201 blocks communication via the USB interface 203 and the communication interface 204 (step S36), and restricts reading of data stored in the data storage unit 207. After the communication is cut off, a release operation by the administrator is requested in the same manner as described above, and when the release operation is accepted, the re-connection between the image forming apparatus 100 and the security box 200 is performed in the same procedure as the flowchart shown in FIG. Do.

  If it is determined in step S32 that the predetermined time has not elapsed (S32: NO), it is determined whether or not there is a processing request from the image forming apparatus 100 (step S37). If it is determined that there is a processing request (S37: YES), the processing is executed based on the request (step S38). Next, the control unit 201 determines whether or not the process has been completed (step S39). If it is determined that the process has not been completed (S39: NO), the process returns to step S38.

  Further, when it is determined in step S39 that the processing is completed (S39: YES), or when it is determined in step S37 that there is no processing request from the image forming apparatus 100 (S37: NO), it is accompanied by an operation such as turning off the power. If it is determined whether there is an interrupt process (step S40) and it is determined that there is no interrupt process (S40: NO), the process returns to step S32, and if it is determined that there is an interrupt process (S40: YES), The processing according to this routine is terminated while the identification number registered in the management table in the management unit 205 is held (step S41).

  As described above, according to the present embodiment, when the combination of the image forming apparatus 100 and the security box 200 is different, the operation of the security box 200 can be stopped, so that confidential leakage due to device replacement, tampering, and the like is prevented. At the same time, the duplication of the security box 200 itself is prohibited.

  In this embodiment, the communication via the USB interface 203 and the communication interface 204 of the security box 200 is interrupted to stop the reading of data stored in the data storage unit 207. The configuration may be such that the data storage unit 207 is controlled to stop reading data while enabling communication via the interface.

  In this embodiment, the communication network N is connected via the security box 200. However, when the image forming apparatus 100 includes a communication interface, the communication interface is used to connect to the communication network. It may be configured to connect. In this case, the security box 200 does not need to include the communication interface 204, and the print job transmitted from the information processing apparatus 300 is transmitted to the security box 200 via the image forming apparatus 100 and stored in the security box 200. It becomes composition.

1 is a schematic diagram illustrating a configuration of an image processing system according to the present invention. 2 is a block diagram illustrating an internal configuration of an image forming apparatus and a security box. FIG. It is a conceptual diagram which shows an example of a management table. 6 is a flowchart illustrating a procedure of processing executed by a security box when connected to an image forming apparatus. 6 is a flowchart illustrating a procedure of processing executed by a security box when connected to an image forming apparatus. It is a flowchart explaining operation | movement of the security box in a standby state.

Explanation of symbols

100 Image forming apparatus 101 CPU
106 Image Reading Unit 107 Image Forming Unit 109 USB Interface 200 Security Box 201 Control Unit 202 ROM
203 USB interface 204 Communication interface 205 Management unit 206 Data processing unit 207 Data storage unit
208 Operation Unit 209 Notification Unit 300 Information Processing Device N Communication Network

Claims (1)

In an image processing system, comprising: an image forming apparatus; and a storage unit that stores image data processed by the image forming apparatus, and a data processing apparatus externally connected to the image forming apparatus.
The data processing apparatus, power supply and communication interface, a management means for managing the identification information for identifying a destination apparatus, identification information of the connected device via the communications interface for the image forming device and the data communication Is obtained at a timing when the power is turned on and at a periodic timing after the power is turned on, and the connection with the image forming apparatus is cut off by comparing the acquired identification information with the identification information managed by the management means. If it is determined that a device different from the image forming apparatus is connected to the communication interface, the image data is received via the communication interface and stored in the storage unit. An image processing system comprising: restriction means for restricting reading of stored image data.

Images