JP5145814B2 - Data transmission / reception system, data reception device, data transmission / reception method, data reception method, and data reception program - Google Patents

Description

This invention relates to a data transmission and reception system, the data receiving apparatus, data transmitting and receiving method, a data receiving method and data reception program, transmitted capable data communication system to confirm receipt of data, the data received apparatus, data transmitting and receiving method, a data receiving method and data reception program.

  In recent years, a plurality of computers are used connected to a network, and data is transmitted and received between the plurality of computers. When sending and receiving data, it is necessary to ensure the security of the data to be sent. Japanese Patent Laid-Open No. 11-25196 (Patent Document 1) discloses a technique for attaching an electronic signature to data so that it can be determined whether or not the data has been tampered with. In the technique described in Japanese Patent Application Laid-Open No. 11-25196, since an electronic signature is attached to the data to be transmitted, it can be determined whether or not the data has been tampered with during the data transmission.

However, it cannot be confirmed that the transmission destination user has correctly received the data. Even if a user other than the transmission destination user receives the data illegally, there is a problem that the transmission source user cannot know that the data is received illegally.
Japanese Patent Laid-Open No. 11-25196

  The present invention has been made to solve the above-described problems, and one of the objects of the present invention is to confirm that transmitted data is output by a transmission destination user without being falsified. Is to provide a simple data transmission / reception system.

Another object of the present invention is to provide a data receiving apparatus capable of transmitting information for confirming that data has been output by a destination user.

A further object of the present invention is to provide a method of transmitting and receiving data and data received method capable of confirming that output by the destination user without transmitted data are falsified.

A further object of the present invention is to provide a data receiving program capable of confirming that output by the destination user without transmitted data are falsified.

  In order to achieve the above object, according to one aspect of the present invention, a data transmission / reception system is a data transmission / reception system including a data transmission device for transmitting data and a data reception device for receiving data, the data transmission system The apparatus includes a data receiving unit that receives data, a transmission destination receiving unit that receives transmission destination information for specifying a user who is a transmission destination of the received data, and a transmission that transmits the received data and the transmission destination information. Means for receiving the data and destination information, data storage means for storing the received data in association with the destination information, and authentication means for authenticating the user Output means for outputting the data stored in association with the destination information for identifying the authenticated user, and the data is output And an electronic signature obtaining unit that obtains electronic signature data for the data output by the authenticated user, and a reply unit that returns the obtained electronic signature data to the data transmission source. The transmitting device further includes a receiving unit that receives the electronic signature data, and a verification unit that verifies whether the transmitted data is output by the user specified by the destination information based on the received electronic signature data. And comprising.

  According to this aspect, the data transmission device transmits the received data and transmission destination information for specifying a user who is a transmission destination of the data. In the data receiving device, the received data is stored in association with the destination information, and when the user is authenticated, the data stored in association with the destination information for specifying the authenticated user is output and output. The electronic signature data of the user who has been authenticated for the authenticated data is returned to the data transmission source. In the data transmission device that has received the electronic signature data, it is further verified based on the electronic signature data whether the transmitted data has been output by the user specified by the destination information. For this reason, the data transmission / reception system which can confirm that the transmitted data was output by the user of the transmission destination without falsification can be provided.

  Preferably, the verification unit includes a comparison unit that compares the hash value obtained by decrypting the received electronic signature data with the public key assigned to the user specified by the destination information, and the hash value of the transmitted data. .

  According to this aspect, since the hash value of the output data is compared with the transmitted data hash value, it can be easily confirmed that the output data and the transmitted data are the same.

  Preferably, the data transmission device further includes verification information recording means for forming electronic signature data, a hash value of the transmitted data, and transmission destination information as a computer-readable image.

According to another aspect of the present invention, the data receiving device includes a receiving unit that receives data and destination information from the data transmitting device, a data storage unit that stores the received data in association with the destination information, Authentication means for authenticating a user, output means for outputting data stored in association with transmission destination information for identifying the authenticated user, and an authenticated user in response to the output of the data Electronic signature acquisition means for acquiring electronic signature data for the output data, and reply means for returning the acquired electronic signature data to the data transmission apparatus that is the data transmission source.

  According to this aspect, when data and destination information are received, the data is stored in association with the destination information. When the user is authenticated, the data stored in association with the transmission destination information for specifying the authenticated user is output, and in response to the output of the data, the electronic data for the authenticated user data is output. Signature data is acquired and returned to the data sender. For this reason, if the data transmission source compares the hash value of the transmitted data with the hash value obtained by decrypting the electronic signature data, it can be confirmed that the output data matches the transmitted data. As a result, it is possible to provide a data receiving apparatus capable of transmitting information for confirming that data has been output by a transmission destination user.

According to still another aspect of the present invention, a data transmission / reception method is a data transmission / reception method executed by a data transmission device and a data reception device, the data transmission device receiving data and receiving data Receiving the destination information for identifying the user who is the destination of the transmission, and transmitting the received data and the destination information, and the data receiving device performs the data and destination information A step of receiving, a step of storing the received data in association with the destination information, a step of authenticating the user, and outputting the data stored in association with the destination information for specifying the authenticated user In response to the output of the step and the data, the electronic signature data for the output data of the authenticated user is obtained. And step, the acquired electronic signature data, performs the steps of replying to the sender of the data, a data transmit unit further includes the steps of receiving electronic signature data, the received electronic signature data And verifying whether the transmitted data is output by the user specified by the destination information.

  If this aspect is followed, the data transmission / reception method which can confirm that the transmitted data was output by the user of the transmission destination without falsification can be provided.

According to still another aspect of the present invention, a data receiving method includes receiving data and destination information from a data transmitting device, and storing the received data in a memory of the data receiving device in association with the destination information. A step of authenticating the user, a step of outputting the data stored in the memory in association with the destination information for specifying the authenticated user, and the authentication in response to the output of the data The data receiving apparatus executes a step of acquiring electronic signature data for the data output by the user and a step of returning the acquired electronic signature data to the data transmitting apparatus that is a data transmission source.
According to this aspect, it is possible to provide a data reception method capable of confirming that transmitted data is output by a transmission destination user without being falsified.
According to still another aspect of the present invention, a data receiving program receives data and destination information from a data transmitting device, and stores the received data in a memory of the data receiving device in association with the destination information. A step of authenticating the user, a step of outputting the data stored in the memory in association with the destination information for specifying the authenticated user, and the authentication in response to the output of the data A step of acquiring electronic signature data for the data output by the user, and a step of returning the acquired electronic signature data to the data transmission device that is the data transmission source , to a computer that controls the data reception device Let

According to this aspect, it is possible to provide a data receiving program capable of confirming that output by the destination user without transmitted data are falsified.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description, the same parts are denoted by the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated.

  FIG. 1 is a diagram showing an overall outline of a data transmission / reception system according to one embodiment of the present invention. Referring to FIG. 1, a data processing system 1 includes multifunction peripherals (hereinafter referred to as “MFPs”) 100, 100A, 100B, and 100C connected to a network 2, respectively. MFPs 100, 100A, 100B, and 100C have a plurality of functions such as a scanner function, a printer function, a copy function, and a data transmission / reception function. Examples of the data transmission / reception function include a facsimile transmission / reception function, an electronic mail transmission / reception function, and a file transfer function.

  The network 2 is a local area network (LAN), and the connection form may be wired or wireless. The network 2 is not limited to a LAN, and may be a wide area network (WAN), a public switched telephone network (PSTN), or the like.

  Hereinafter, unless otherwise specified for explanation, MFP 100 will be described as a data transmitting device that transmits data, and MFP 100A will be described as a data receiving device that receives data.

  In the present embodiment, MFP 100 will be described as an example of a data transmission device, and MFP 100A will be described as an example of a data reception device. However, instead of MFPs 100 and 100A, for example, processing for transmitting and receiving data can be executed. As long as it is a simple device, it may be a personal computer, a scanner, a printer, a facsimile, or the like.

  FIG. 2 is a block diagram illustrating an example of a circuit configuration of the MFP. The circuit configurations of MFPs 100, 100A, 100B, and 100C are the same. Accordingly, here, the MFP 100 will be described as an example. Referring to FIG. 2, MFP 100 includes a main circuit 101, which includes facsimile unit 5, ADF 10, image reading unit 20, image forming unit 30, paper feeding unit 40, card interface ( I / F) 50.

  The main circuit 101 includes a central processing unit (CPU) 111, a RAM (Random Access Memory) 112 used as a work area of the CPU 111, and an EEPROM (Electronically Erasable Programmable Read Only Memory) for storing programs executed by the CPU 111. ) 113, a display unit 114, an operation unit 115, a hard disk drive (HDD) 116 as a mass storage device, and a data communication control unit 117. The CPU 111 is connected to the display unit 114, the operation unit 115, the HDD 116, and the data communication control unit 117, and controls the entire main circuit 101. CPU 111 is connected to facsimile unit 5, ADF 10, image reading unit 20, image forming unit 30, paper feed unit 40 and card I / F 50, and controls the entire MFP 100.

  The display unit 114 is a display such as a liquid crystal display (LCD) or an organic ELD (Electro Luminescence Display), and displays an instruction menu for the user, information about acquired image data, and the like. The operation unit 115 includes a plurality of keys, and accepts input of various instructions, data such as characters and numbers by user operations corresponding to the keys. The operation unit 115 includes a touch panel provided on the display unit 114. The display unit 114 and the operation unit 115 constitute the operation panel 9.

  The data communication control unit 117 includes a LAN terminal 118 that is an interface for communicating with a communication protocol such as TCP (Transmission Control Protocol) or UDP (User Datagram Protocol), and a serial interface terminal 119 for serial communication. The data communication control unit 117 transmits / receives data to / from an external device connected to the LAN terminal 118 or the serial interface terminal 119 in accordance with an instruction from the CPU 111.

  When a LAN cable for connecting to the network 2 is connected to the LAN terminal 118, the data communication control unit 117 can communicate with other computers via the LAN terminal 118.

  Further, the CPU 111 controls the data communication control unit 117 to read a program to be executed by the CPU 111 from the memory card 119A, and stores the read program in the RAM 112 and executes it. A recording medium for storing a program to be executed by the CPU 111 is not limited to the memory card 119A, but a flexible disk, a cassette tape, an optical disk (CD-ROM (Compact Disc-Read Only Memory) / MO (Magnetic Optical Disc)). / MD (Mini Disc) / DVD (Digital Versatile Disc)), IC card, optical card, mask ROM, EPROM (Erasable Programmable ROM), EEPROM (Electronically EPROM), or other media such as an EEPROM. Further, the CPU 111 downloads a program from a computer connected to the Internet and stores it in the HDD 116, or loads the program stored in the HDD 116 into the RAM 112 so that the computer connected to the Internet writes the program in the HDD 116. Then, it may be executed by the CPU 111. The program here includes not only a program directly executable by the CPU 111 but also a source program, a compressed program, an encrypted program, and the like.

  The ADF 10 automatically conveys a plurality of documents set on the document feed tray 11 one by one to a predetermined document reading position set on the platen glass of the image reading unit 20, and the image reading unit 20 The document on which the document image is read is discharged onto a document discharge tray. The image reading unit 20 includes a light source that irradiates light to a document conveyed to a document reading position and a photoelectric conversion element that receives light reflected by the document, and scans a document image corresponding to the size of the document. The photoelectric conversion element converts the received light into image data that is an electrical signal and outputs the image data to the image forming unit 30. The paper feed unit 40 conveys the paper stored in the paper feed tray to the image forming unit 30.

  The image forming unit 30 forms an image by a well-known electrophotographic method. The image forming unit 30 performs various data processing such as shading correction on the image data input from the image reading unit 20, and the image data after the data processing is processed. Based on this, an image is formed on the sheet conveyed by the sheet feeding unit 40.

  The facsimile unit 50 is connected to the PSTN 7 and transmits facsimile data to the PSTN 7 or receives facsimile data from the PSTN 7. The facsimile unit 50 stores the received facsimile data in the HDD 116, or the image forming unit 30 prints the facsimile data on paper. Further, the facsimile unit 50 converts the data stored in the HDD 116 into facsimile data, and outputs the facsimile data to a facsimile machine connected to the PSTN 7 or another MFP. As a result, the data stored in HDD 116 can be output to a facsimile machine or another MFP.

  The card I / F 50 communicates wirelessly with the IC card 50A. IC card 50A is owned by the user who uses MFP 100, and stores user identification information for identifying the user and a secret key assigned to the user. Instead of storing the user identification information in the IC card 50A, the card identification information may be stored. Further, the IC card 50A has an electronic signature function. When data is input, the IC card 50A generates electronic signature data for the data and outputs the electronic signature data. Since the electronic signature data is well-known, detailed description thereof will not be repeated here, but is data obtained by calculating a hash value of the data and encrypting the hash value with a secret key.

  The card I / F 50 wirelessly communicates with the IC card 50A when the IC card 50A is located within the communicable range. Specifically, MFP 100 includes a card mount, and when IC card 50A is placed on the card mount, card I / F 50 communicates wirelessly with IC card 50A. Therefore, the CPU 111 can communicate with the IC card 50A via the card I / F 50.

  FIG. 3 is a functional block diagram showing an example of the functions of the CPU provided in the MFP functioning as the data transmission apparatus. Referring to FIG. 3, CPU 111 provided in MFP 100 functioning as a data transmission device includes a data reception unit 51 for receiving data to be transmitted, a transmission destination reception unit 53 for receiving a data transmission destination, and data. A data transmission unit 55 for transmission, a hash value generation unit 57 for generating a hash value of data to be transmitted, a reception confirmation reception unit 59 for receiving reception confirmation data of the transmitted data, An electronic signature extraction unit 61 for extracting electronic signature data from the reception confirmation data, a decryption unit 63 for decrypting the electronic signature data, and a verification unit 65 for verifying the received data are included.

  The data receiving unit 51 receives data and outputs the received data to the data transmission unit 55 and the hash value generation unit 57. When the user inputs an operation for executing a document reading process for reading a document to the operation unit 115, the data reception unit 51 receives a document image output by the image reading unit 20 reading the document. . When the user inputs an operation for designating data stored in the HDD 116 to the operation unit 115, the data accepting unit 51 reads the designated data from the HDD 116 and accepts the read data.

  The transmission destination receiving unit 53 receives user identification information for identifying a user who is a data transmission destination and a transmission method as transmission destination information. When the user inputs an operation for designating a destination user and a transmission method to the operation unit 115, user identification information and a transmission method are received from the operation unit 115. The transmission method is any one of facsimile transmission, electronic mail transmission, and file transfer. The facsimile transmission includes a method of transmitting via PSTN and an Internet facsimile (hereinafter referred to as “I-FAX”) transmitting via the Internet. If MFP 100 can transmit data using another transmission method, the transmission method is included. The transmission destination reception unit 53 outputs the user identification information and the transmission method to the data transmission unit 55, and outputs the user identification information to the hash value generation unit 57.

  The data transmission unit 55 receives the data input from the data reception unit 51 and the user identification information input from the transmission destination reception unit 53 as the destination determined by the user identification information input from the transmission destination reception unit 53 and the transmission method. Send to. Specifically, the flash memory 113 stores an address book in which a destination for each transmission method is associated for each user identification information. In the address book, a facsimile number is set as the destination for facsimile transmission with the PSTN transmission method, and a telephone number assigned for I-FAX transmission is set as the destination for I-FAX transmission as the transmission method. If the method is e-mail transmission, an e-mail address is set as the destination. If the transmission method is file transfer, a URL is set as the destination. The data transmission unit 55 refers to the address book and extracts user identification information input from the transmission destination reception unit 53 and a destination associated with the transmission method. Then, the data transmission unit 55 uses the transmission method in which the data input from the data reception unit 51 and the user identification information input from the transmission destination reception unit 53 are input to the extracted destination from the transmission destination reception unit 53. Transmit according to a fixed communication protocol. The communication protocol is a SHIP-FAX communication protocol for facsimile transmission with a PSTN transmission method, TCP / IP when the transmission method is I-FAX transmission, and SMTP (when the transmission method is e-mail transmission). Simple Mail Transfer Protocol), and FTP (File Transfer Protocol) if the transmission method is file transfer.

  The hash value generation unit 57 receives data to be transmitted from the data reception unit 51, and receives user identification information of the user to be the transmission destination from the transmission destination reception unit 53. The hash value generation unit 57 calculates a hash value from the data input from the data reception unit 51. Then, transmission information is generated by associating the calculated hash value, data identification information for identifying the data, and user identification information input from the transmission destination receiving unit 53, and the transmission information is stored in the flash memory 113. Remember. Since the hash value calculation method is well known, the description thereof will not be repeated here. As a result, the transmission information 113A is stored in the flash memory 113.

  FIG. 4 is a diagram illustrating an example of a format of transmission information. Referring to FIG. 4, the transmission information includes items of user identification information, data identification information, and a hash value. In the item of user identification information, user identification information for identifying the user of the data transmission destination is set. In the item of data identification information, data identification information for identifying the data to be transmitted is set. In the hash value item, a hash value calculated from data is set.

  Returning to FIG. 3, the reception confirmation receiving unit 59 receives reception confirmation data indicating that data has been received. The data transmitted by data transmitting unit 55 is received by MFP 100A as a data receiving device described later. Although details will be described later, when a user who is a data transmission destination logs in to MFP 100A, MFP 100A outputs the received data and transmits reception confirmation data indicating reception to MFP 100. At this time, MFP 100A as the data receiving device generates electronic signature data of the logged-in user based on the received data, and stores the user identification information of the logged-in user, the data identification information of the data, and the generated electronic signature data. The reception confirmation data including it is transmitted. The electronic signature data is data obtained by encrypting a hash value calculated from received data with a secret key assigned to the login user. Reception confirmation receiving unit 59 controls data communication control unit 117 to receive the reception confirmation data transmitted by MFP 100 </ b> A and outputs the reception confirmation data to electronic signature extraction unit 61. The reception confirmation data may include a code attached to the received data instead of including the data identification information. In short, any information may be used as long as the MFP 100 as the data transmission apparatus can identify the transmitted data from the received reception confirmation data.

  The electronic signature extraction unit 61 extracts user identification information, data identification information, and electronic signature data from the reception confirmation data input from the reception confirmation reception unit 59. When reception confirmation data is received using the SHIP-FAX communication protocol, user identification information, data identification information, and electronic signature data may be included in the header portion of the data. Further, the user identification information, the data identification information, and the electronic signature data may be combined with the data as a barcode image, for example. In this case, the electronic signature extraction unit 61 extracts a user's identification information, data identification information, and electronic signature data by extracting a virgin image from the data and analyzing the image. The electronic signature extraction unit 61 outputs the extracted user identification information, data identification information, and electronic signature data to the decryption unit 63.

  The decryption unit 63 decrypts the electronic signature data input from the electronic signature extraction unit 61 with the public key assigned to the user of the data identification information input from the electronic signature extraction unit 61. The public key is stored in advance in the flash memory 113 in association with each user identification information. Note that the public key may be acquired from a computer of a certificate authority known as PKI (Public Key Infrastructure). The decryption unit 63 outputs the hash value obtained by decrypting the electronic signature data and the data identification information to the verification unit 65.

  The verification unit 65 extracts transmission information 113 </ b> A including data identification information input from the electronic signature extraction unit 61 from the transmission information 113 </ b> A stored in the flash memory 113. Then, the hash value included in the transmission information 113A is compared with the hash value extracted from the electronic signature extraction unit 61. If the two match, the verification unit 65 notifies the user who has instructed transmission that the transmitted data has been output. Conversely, if the two do not match, the user who has instructed transmission is warned. The notification or warning is, for example, display of a notification message or warning message on the display unit 114, transmission of an e-mail including the notification message or warning message to the user who has transmitted data. The notification message or warning message preferably includes data identification information and user identification information of the destination user.

  If the hash value of the transmitted data is different from the hash value of the received data, the transmitted data has been tampered with. For this reason, it is possible to notify the user who has instructed data transmission that the data has been tampered with. In addition, since the electronic signature data included in the reception confirmation data is data signed by the transmission destination user, it can be confirmed that the data is surely received by the destination user.

  FIG. 5 is a functional block diagram illustrating an example of functions of the CPU provided in the MFP functioning as the data receiving apparatus. Referring to FIG. 5, CPU 111 provided in MFP 100 </ b> A as a data receiving device includes a data receiving unit 71 for receiving data, a data storage unit 73 for storing received data, and a user for authenticating a user. An authentication unit 75, a data output unit 77 for outputting data, an electronic signature acquisition unit 79 for acquiring electronic signature data by a logged-in user, and a reception confirmation transmission unit 81 for transmitting a reception confirmation. Including.

  Data receiving unit 71 receives data and user identification information for identifying a transmission destination user from MFP 100 serving as a data transmission device. Data receiving unit 71 controls data communication control unit 117 to receive data and user identification information from MFP 100, and receives device identification information of MFP 100 that has transmitted the data, received data, and user identification information as data The data is output to the storage unit 73.

  The data receiving unit 71 is configured to receive the device identification information. However, the data receiving unit 71 may not be the device identification information as long as the information can identify the destination for returning the received data. For example, when receiving an e-mail, the header includes the e-mail address of the transmission destination and the transmission source. In this case, the data reception unit 71 sets the e-mail address of the transmission destination as the transmission destination. It receives as user identification information for identifying a user, and receives an e-mail address of a transmission source as transmission source information for specifying a transmission source user. When receiving the transmission source information for specifying the data transmission source user, the data reception unit 71 outputs the transmission source information to the data storage unit 73 instead of the device identification information.

  The data storage unit 73 stores data input from the data receiving unit 71 in the flash memory 113, data identification information for identifying the data, and user identification information input together with the data from the data receiving unit 71 , Management data in association with the device identification information is generated, and the management data is stored in the flash memory 113. As a result, the data 113B and the management data 113C are stored in the flash memory 113.

  FIG. 6 is a diagram illustrating an example of a format of management data. Referring to FIG. 6, management data 113C includes an item of user identification information, an item of data identification information, and an item of transmission source identification information. In the item of user identification information, user identification information received together with data is set. In the item of data identification information, data identification information for identifying received data is set. As the user identification information set in the item of user identification information, user identification information of a user who is a destination of data identified by the data identification information is set. In the item of transmission source identification information, transmission source information for identifying the transmission source of data, here, device identification information is set.

  Returning to FIG. 5, the user authentication unit 75 authenticates the login user, and outputs user identification information for identifying the authenticated user to the data output unit 77 and the reception confirmation transmission unit 81. Specifically, the user authentication unit 75 communicates with the IC card 50A via the card I / F 50 when the user of the MFP 100A places the IC card 50A owned by the user on the card mount provided in the MFP 100A. When user identification information is received from the IC card 50A, authentication is performed if the user identification information is registered in the EEPROM 113 in advance. Here, the user authenticated by the user authentication unit 75 is referred to as a login user. When the IC card 50 stores the card identification information, the user authentication unit 75 refers to the correspondence table in which the user identification information stored in advance and the card identification information are associated with each other, from the IC card identification information to the user identification information. To get.

  When the user identification information is input from the user authentication unit 75, the data output unit 77 refers to the management data 113C stored in the flash memory 113, and extracts the management data 113C including the input user identification information. Then, data identification information included in the extracted management data 113C is acquired. When a plurality of management data 113C are extracted, a plurality of pieces of data identification information are acquired.

  The data output unit 77 reads out the data identified by the acquired data identification information from the data 113B stored in the flash memory 113 and outputs the data. Output includes printing, data storage, and data transmission. When printing, the data is output to the image forming unit 30, and the image forming unit 30 is caused to form an image of the data on a sheet. When storing data, the data is stored in a predetermined area of the HDD 116. When transmitting data, the data is transmitted to a specified destination by a specified transmission method. When acquiring a plurality of pieces of data identification information, the data output unit 77 outputs a plurality of pieces of data specified by the plurality of pieces of data identification information. When the data output unit 77 outputs the data, the data output unit 77 outputs the data and the data identification information to the electronic signature acquisition unit 79.

  The electronic signature acquisition unit 79 acquires electronic signature data for the data input from the data output unit 77. Specifically, data is transmitted to the IC card 50A via the card I / F 50, and electronic signature data received by the card I / F 50 from the IC card 50A is accepted. Then, the acquired electronic book title data and data identification information are output to the reception confirmation transmitting unit 81.

  The reception confirmation transmitting unit 81 transmits the reception confirmation data including the electronic book name, the data identification information, and the user identification information input from the electronic signature acquisition unit 79, as reply data of the data received by the data reception unit 71. . The user identification information is user identification information of the login user. When the data received by the data receiving unit 71 includes information for identifying transmitted data such as a job ID, the reception confirmation data may be included. In this case, the reception confirmation data only needs to include at least electronic signature data.

  As described above, when receiving the reception confirmation data, the MFP 100 as the data transmission device compares the hash value of the transmitted data with the hash value obtained by decrypting the electronic signature data, so that the transmitted data is the destination user. Thus, it is possible to notify the user who transmitted the data whether or not the data has been output with certainty.

  FIG. 7 is a flowchart illustrating an example of the flow of data transmission processing. The data transmission process is a process executed by CPU 111 when CPU 111 provided in MFP 100 as a data transmission apparatus executes a data transmission program. The data transmission program is a part of the data transmission / reception program.

  Referring to FIG. 7, CPU 111 determines whether designation of data to be transmitted has been received (step S01). If the designation of data is accepted, the process proceeds to step S02. If the designation of data is not accepted, the process proceeds to step S07. When the image reading unit 20 reads a document and transmits a document image to be output, the operation unit 115 accepts an operation for executing a document reading process for reading the document. When transmitting data stored in HDD 116, the user accepts an operation for designating any of the data stored in HDD 116 in operation unit 115.

  In step S02, it is determined whether a transmission destination and a transmission method are accepted. If the destination and the transmission method are accepted, the process proceeds to step S03; otherwise, the process proceeds to step S07. In step S02, user identification information for identifying a user who is a data transmission destination is accepted as a transmission destination, and any one of facsimile transmission, electronic mail transmission, and file transfer is accepted as a transmission method.

  Either step S01 or step S02 may be executed first. In other words, if the designation of data and the designation of the transmission destination and transmission method are accepted, the process may be advanced to step S03. In addition, an address book in which a destination for each transmission method is associated with each user identification information is stored in the flash memory 113, and a list of combinations of the user identification information and the transmission method is displayed on the display unit 114 and displayed. You may make it receive designation | designated of the set of user identification information and a transmission method from among the list.

  In step S03, it is determined whether a transmission instruction has been accepted. If a transmission instruction is accepted, the process proceeds to step S04; otherwise, the process proceeds to step S07. It is determined whether or not a transmission button provided in advance on operation unit 115 is instructed.

  In step S04, the data specified by the instruction accepted in step S01 is transmitted to the transmission destination by the transmission method accepted in step S02. Here, the data is transmitted to MFP 100A as a data receiving apparatus, which is a data transmission destination, and received by MFP 100A.

  In step S05, a hash value of the transmitted data is generated. Then, the hash value is associated with the data (step S06). Specifically, the transmitted data is stored in the flash memory 113, and transmission information including the user identification information of the transmission destination received in step S02, the data identification information of the data, and the hash value is generated, and the transmission information Is stored in the flash memory 113.

  In step S07, it is determined whether reception confirmation data has been received. The reception confirmation data is data indicating that the data transmitted in step S04 has been output, and here is transmitted by MFP 100A as a data receiving apparatus which is a data transmission destination. If reception confirmation data is received, the process proceeds to step S08; otherwise, the process ends. That is, the data transmission process is a process executed when data designation or a transmission destination and transmission method are accepted in step S02 or step S03, or when reception confirmation data is received in step S07.

  In step S08, data identification information, user identification information, and electronic signature data are extracted from the reception confirmation data. In step S09, the hash value associated with the data identification information extracted from the reception confirmation data is read from the transmission information 113A stored in the flash memory 113.

  Then, the public key of the destination user is acquired (step S10). The transmission destination user is a user of user identification information included in the reception confirmation data. A key correspondence table in which user identification information and a public key are associated with each other is stored in advance in the flash memory 113, and the public key is obtained by referring to the key correspondence table.

  Then, the digital signature data extracted in step S08 is decrypted with the public key (step S11). The electronic signature data is data obtained by encrypting a hash value calculated from data by the IC card 50A with a secret key based on data received by the MFP 100A as a data receiving apparatus. Therefore, if the electronic signature data is decrypted with the public key, a hash value calculated from the received data can be obtained.

  Then, the read hash value is compared with the hash value obtained by decrypting the electronic signature data (step S12). If the two hash values match, the process proceeds to step S14 (YES in step S13), and if not, the process proceeds to step S15 (NO in step S13). The hash value associated with the data identification information included in the reception confirmation data is a hash value calculated from the transmitted data, and the hash value obtained by decrypting the electronic signature data is received and output by the MFP 100A as the data receiving apparatus. Is the hash value of the processed data. Therefore, if the two match, the transmitted data matches the data output from MFP 100A. If the two do not match, the data has been tampered between the time the data is sent and the time it is output. Yes.

  Therefore, in step S14, it is notified that the data has been normally output by the transmission destination user. For example, an e-mail addressed to the user who instructed the data transmission is generated and transmitted, including a message indicating that the data has been normally output by the transmission destination user. On the other hand, in step S15, a warning is given that the data has not been normally output by the transmission destination user. For example, an e-mail addressed to the user who instructed the data transmission is generated and transmitted, including an error message indicating that the data is not normally output by the transmission destination user.

  FIG. 8 is a flowchart illustrating an example of the flow of data reception processing. The data reception process is a process executed by CPU 111 when CPU 111 provided in MFP 100A as a data reception apparatus executes a data reception program. The data reception program is a part of the data transmission / reception program.

  Referring to FIG. 8, CPU 111 determines whether data has been received. If data has been received, the process proceeds to step S22; otherwise, the process proceeds to step S25. In step S25, it is determined whether a user login instruction has been accepted. If a login instruction has been accepted, the process proceeds to step S26; otherwise, the process ends. In other words, the data reception process is a process executed on condition that data is received or on condition that a login instruction is accepted.

  In step S22, the data received in step S21 is stored in the flash memory 113. Then, management data is generated (step S23). Management data that associates the data identification information for identifying the data received in step S21, the user identification information received together with the data, and the device identification information is generated. Then, the generated management data is stored in the flash memory 113 (step S24).

  In step S25, it is determined whether a login instruction has been accepted. When the card I / F 50 communicates with the IC card 50A and receives user identification information from the IC card 50A, a login instruction is accepted. Then, user authentication is performed (step S26). In step S01, it is determined whether the user identification information received from the IC card 50A is registered in advance. Authentication is performed if the received user identification information is registered in advance, and authentication is not performed if it is not registered. If the user is authenticated, the process proceeds to step S27. If not authenticated, the process proceeds to step S32.

  In step S27, data addressed to the login user is extracted. Data transmitted to the login user is extracted from the data 113B stored in the flash memory 113. More specifically, the management data 113C including the user identification information received in step S26 is extracted with reference to the management data 113C stored in the flash memory 113. Then, the data identified by the data identification information included in the extracted management data 113C is read from the flash memory 113.

  In step S28, the read data is output. The output method is to output the login user in a predetermined method. If printing is set as the output method, the data is output to the image forming unit 30, and the image forming unit 30 is caused to form an image of the data on a sheet. If processing for storing data is set in the output method, the data is stored in a predetermined area of the HDD 116. If the process for transmitting data is set as the output method, the data is transmitted to the specified destination by the specified transmission method.

  In the next step S29, the data read in step S27 is transmitted to the IC card 50A via the card I / F 50. Then, the electronic signature data is received from the IC card 50A (step S30). In the next step S31, the reception confirmation data including the electronic signature data is returned to MFP 100 that is the data transmission apparatus that has transmitted the data. The data transmission device that has transmitted the data is specified from the device identification information set in the transmission source information item of the management data 113C extracted in step S27.

  On the other hand, in step S32, error processing is executed. In the error process, for example, a message not permitting login is displayed on the display unit 114.

<Modification>
MFP 100 as a data transmission device in the modification is configured to verify reception confirmation data externally when reception confirmation data is received. Hereinafter, differences from the data transmission / reception system according to the first embodiment will be mainly described.

  FIG. 9 is a functional block diagram showing an overview of the functions of the CPU provided in the MFP functioning as the data transmission device in the modification. Referring to FIG. 9, the difference from FIG. 4 is that a verification information recording unit 91 is provided instead of the decoding unit 63 and the verification unit 65. Since other configurations are the same, the description will not be repeated here.

  The verification information recording unit 91 receives user identification information, data identification information, and electronic signature data from the electronic signature extraction unit 61. The verification information recording unit 91 extracts transmission information 113 </ b> A including data identification information input from the electronic signature extraction unit 61 from the transmission information 113 </ b> A stored in the flash memory 113. Then, the hash value included in the extracted transmission information 113A is acquired, and the data specified by the data identification information included in the transmission information 113A is read from the flash memory 113. Further, the verification information recording unit 91 converts the user identification information, the hash value extracted from the transmission information 113A, and the electronic signature data input from the electronic signature extraction unit 61 into a barcode image. As the barcode, for example, a QR (Quick Response) code is used. Then, the barcode image is combined with the data image read from the flash memory 113 to generate a combined image. The composite image is output to the image forming unit 30, and the image forming unit 30 forms the composite image on a sheet. Hereinafter, the sheet on which the composite image is formed is referred to as a reception confirmation sheet. At this time, a character image representing information for clearly indicating reception confirmation of data may be combined with a composite image. The information for clearly indicating the reception confirmation for the data includes, for example, data identification information, user identification information of the transmission source user, user identification information of the transmission destination user, transmission date and time, output date and time, and the like.

  As described above, the electronic signature data included in the reception confirmation data, the hash value of the transmission data, and the user identification information are formed on the reception confirmation sheet as a barcode image. In the modification, the barcode formed on the reception confirmation sheet is read and verified by a mobile phone equipped with a barcode reader, a personal computer (PC), or the like. Here, a case will be described as an example where a PC is used as the verification device and reception confirmation is verified by the PC.

  FIG. 10 is a block diagram illustrating an example of a hardware configuration of a PC. Referring to FIG. 10, a PC 200 includes a CPU 201 connected to a bus 220, a ROM 203 for storing programs executed by the CPU 201, a RAM 205 used as a work area of the CPU 201, an HDD 207, and the PC 200. A communication I / F 211 for connecting to the network 2, an operation unit 213 serving as an interface with the user, a card I / F 209 to which the flash memory 208 is attached, and a barcode reader 219 are included.

  The operation unit 213 includes an input unit 215 including a keyboard and a pointing device such as a mouse, and a display unit 217 including a liquid crystal display device that displays data.

  Although an example in which the CPU 201 executes the verification program stored in the ROM 203 will be described here, the verification program stored in the flash memory 208 may be loaded into the RAM 205 and executed. Further, the recording medium for storing the verification program is not limited to the flash memory 208, and the other recording medium described above may be used. Further, the CPU 201 may download a verification program from a computer connected to the Internet 2 and store it in the HDD 206, load the verification program stored in the HDD 206 into the RAM 212, and execute it by the CPU 201.

  FIG. 11 is a flowchart illustrating an exemplary flow of a data transmission process according to the modification. This data transmission process is a process executed by CPU 111 when CPU 111 provided in MFP 100 as a data transmission apparatus executes a data transmission program. The data transmission program is a part of the data transmission / reception program.

  Referring to FIG. 11, the difference from the data transmission process shown in FIG. 7 is that the processes of steps S51 to S54 are executed instead of steps S10 to S15. Hereinafter, differences from the data transmission process shown in FIG. 7 will be described.

  In step S51, the digital signature data and user identification information extracted from the reception confirmation data in step S08 and the hash value read in step S09 are converted into a barcode. Thereby, a barcode image of the electronic signature data, the user identification information, and the hash value is formed.

  Then, the barcode image is synthesized with the data image included in the reception confirmation data to generate a synthesized image (step S52). Then, the composite image is output to the image forming unit 30, and the composite image is formed on the paper by the image forming unit 30 (step S53). As a result, a reception confirmation sheet is output from MFP 100.

  FIG. 12 is a flowchart illustrating an example of the flow of verification processing. The verification process is a process executed by the CPU 201 when the CPU 201 included in the PC 200 executes the verification program. The verification program is a part of the data transmission / reception program.

  Referring to FIG. 12, CPU 201 reads the barcode formed on the reception confirmation sheet (step S61). The bar code reader 219 acquires the electronic signature data, user identification information, and hash value by reading the bar code formed on the reception confirmation sheet.

  Then, the public key assigned to the user of the user identification information is acquired (step S62). A key correspondence table in which the user identification information and the public key are associated with each other is stored in advance in the flash memory 208, and the public key associated with the user identification information obtained in step S61 is obtained by referring to the key correspondence table. To do. The key correspondence table may be an address book. Alternatively, the public key may be obtained from a computer of a PKI certificate authority.

  Then, the digital signature data acquired in step S61 is decrypted with the public key (step S63). The electronic signature data is data obtained by encrypting a hash value calculated by the IC card 50A with a secret key based on data output from the MFP 100A as a data receiving apparatus. Therefore, if the electronic signature data is decrypted with the public key, a hash value calculated from the data output by MFP 100A can be obtained.

  Then, the hash value read with the barcode in step S61 is compared with the hash value obtained by decrypting the electronic signature data in step S63 (step S64). If the two hash values match, the process proceeds to step S66 (YES in step S65), and if not, the process proceeds to step S67 (NO in step S66). The hash value obtained by reading the barcode in step S61 is a hash value calculated from the transmitted data, and the hash value obtained by decrypting the electronic signature data is received and output by MFP 100A as the data receiving device. Is the hash value of the data. Therefore, if the two match, the transmitted data matches the data received and output by MFP 100A. If the two do not match, the data is transmitted and output until it is output. Data has been tampered with.

  Therefore, in step S66, it is notified that the data has been normally output by the transmission destination user. For example, the display unit 217 displays a message indicating that the data is normally output by the transmission destination user. On the other hand, in step S67, a warning is given that data has not been normally output by the transmission destination user. For example, the display unit 217 displays an error message indicating that data has not been normally output by the transmission destination user.

  As described above, in data transmission / reception system 1 according to the present embodiment, MFP 100 functioning as a data transmission apparatus has user identification information for specifying data to be transmitted and a user to whom the data is transmitted. Are received and received by MFP 100B as the data receiving apparatus. MFP 100A as a data receiving device stores the received data in association with user identification information, and authenticates the user when MFP 100A causes IC 100A to read IC card 50A. Then, MFP 100A outputs the data stored in association with the user identification information of the authenticated user, and returns the authenticated user's electronic signature data to MFP 100 for the output data. The MFP 100 that has received the electronic signature data compares the hash value obtained by decrypting the electronic signature data with the hash value of the previously transmitted data to determine whether or not the transmitted data has been output by the user designated as the transmission destination. To verify. For this reason, it can be confirmed that the transmitted data is output by the transmission destination user without being falsified.

  In the present embodiment, the data transmission / reception system 1 has been described. However, in order to cause a computer to execute the data transmission / reception method or the data transmission / reception method for executing the processes shown in FIGS. 7, 8, 11 and 12. It goes without saying that the invention can be understood as a data transmission / reception program.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

It is a figure which shows the whole data transmission / reception system outline | summary in one of embodiment of this invention. 2 is a block diagram illustrating an example of a circuit configuration of an MFP. FIG. It is a functional block diagram showing an example of a function of a CPU provided in an MFP functioning as a data transmission device. It is a figure which shows an example of the format of transmission information. 3 is a functional block diagram illustrating an example of functions of a CPU provided in an MFP functioning as a data reception device. FIG. It is a figure which shows an example of the format of management data. It is a flowchart which shows an example of the flow of a data transmission process. It is a flowchart which shows an example of the flow of a data reception process. FIG. 10 is a functional block diagram illustrating an overview of functions of a CPU provided in an MFP functioning as a data transmission device in a modified example. It is a block diagram which shows an example of the hardware constitutions of PC. It is a flowchart which shows an example of the flow of the data transmission process in a modification. It is a flowchart which shows an example of the flow of a verification process.

Explanation of symbols

  1 data processing system, 5 facsimile unit, 10 ADF, 20 image reading unit, 30 image forming unit, 40 paper feeding unit, 50 facsimile unit, 50A IC card, 60 card I / F, 51 data receiving unit, 53 destination receiving Unit, 55 data transmission unit, 57 hash value generation unit, 59 reception confirmation reception unit, 61 electronic signature extraction unit, 63 decryption unit, 65 verification unit, 71 data reception unit, 73 data storage unit, 75 user authentication unit, 77 data Output unit, 79 Electronic signature acquisition unit, 81 Verification information recording unit, 91 Reception confirmation transmission unit, 100, 100A, 100B, 100C MFP, 101 main circuit, 111 CPU, 112 ROM, 113 flash memory, 114 display unit, 115 operation , 116 HDD, 117 data communication control unit, 119A memory card De, 200 PC, 201 CPU, 219 bar code reader.

Claims (7)

A data transmission / reception system including a data transmission device for transmitting data and a data reception device for receiving data,
The data transmitting device includes data receiving means for receiving data;
Transmission destination reception means for receiving transmission destination information for identifying a user who is a transmission destination of the received data;
Transmission means for transmitting the received data and the destination information,
The data receiving device includes receiving means for receiving data and destination information;
Data storage means for storing the received data in association with the destination information;
An authentication means for authenticating the user;
Output means for outputting the data stored in association with the destination information for identifying the authenticated user;
Electronic signature acquisition means for acquiring electronic signature data for the output data of the authenticated user in response to the output of the data;
Reply means for returning the acquired electronic signature data to the transmission source of the data,
The data transmitting device further includes receiving means for receiving the electronic signature data;
A data transmission / reception system comprising: verification means for verifying whether or not the transmitted data is output by a user specified by the transmission destination information based on the received electronic signature data.   The verification means includes comparison means for comparing the hash value obtained by decrypting the received electronic signature data with the public key assigned to the user specified by the destination information and the hash value of the transmitted data. The data transmission / reception system according to claim 1, comprising:   The data transmission device further includes verification information recording means for forming the electronic signature data, a hash value of the transmitted data, and the transmission destination information as a computer-readable image. The data transmission / reception system described. Receiving means for receiving data and destination information from the data transmitting device ;
Data storage means for storing the received data in association with the destination information;
An authentication means for authenticating the user;
Output means for outputting the data stored in association with the destination information for identifying the authenticated user;
Electronic signature acquisition means for acquiring electronic signature data for the output data of the authenticated user in response to the output of the data;
A data receiving apparatus comprising: reply means for returning the acquired electronic signature data to the data transmitting apparatus that is a transmission source of the data . A data transmission / reception method executed by a data transmission device and a data reception device,
The data transmission device
Accepting data; and
Receiving transmission destination information for identifying a user who is the transmission destination of the received data;
Transmitting the accepted data and the destination information, and
The data receiving device
Receiving data and destination information;
Storing the received data in association with the destination information;
Authenticating the user;
Outputting the stored data in association with the destination information for identifying the authenticated user;
Obtaining electronic signature data for the output data of the authenticated user in response to the output of the data;
Returning the acquired electronic signature data to the transmission source of the data, and
The data transmission device further includes:
Receiving the electronic signature data;
A step of verifying whether or not the transmitted data is output by a user specified by the transmission destination information based on the received electronic signature data. Receiving data and destination information from the data transmitting device ;
Storing the received data in association with the destination information in a memory of a data receiving device ;
Authenticating the user;
Outputting the data stored in the memory in association with the destination information for identifying the authenticated user;
Obtaining electronic signature data for the output data of the authenticated user in response to the output of the data;
The acquired the electronic signature data, to execute the steps of: replying to the data transmission apparatus which is the source of the data, to the data receiving apparatus, the data receiving method. Receiving data and destination information from the data transmitting device ;
Storing the received data in association with the destination information in a memory of a data receiving device ;
Authenticating the user;
Outputting the data stored in the memory in association with the destination information for identifying the authenticated user;
Obtaining electronic signature data for the output data of the authenticated user in response to the output of the data;
A data reception program that causes a computer that controls the data receiving apparatus to execute a step of returning the acquired electronic signature data to the data transmitting apparatus that is a transmission source of the data .

Images