JP5474593B2 - File distribution system - Google Patents

Description

  The present invention relates to a file distribution apparatus and system and a file distribution program, and more particularly to a file distribution apparatus and system and a file for distributing an image file received from an image forming apparatus via a network to an information terminal apparatus coupled to the network. Regarding distribution programs.

  According to a file sharing service using a file sharing service protocol, for example, an SMB (Server Message Block) protocol, a file distribution system between computers can be constructed (Patent Document 1 below). For example, a predetermined folder in a personal computer is set as a shared folder, the folder can be operated by the image forming apparatus, and an image file scanned by the image forming apparatus is input to the shared folder, whereby the file is stored in the personal computer. Can be sent into a shared folder. Since the file sharing service is provided in the OS (operating system), a file distribution system can be easily constructed without adding a dedicated application.

JP 2002-297467 A

  However, when an image file received from an image forming apparatus via a network is distributed to one or more information terminal apparatuses connected to the network, the user does not have an illegal image file in each received information terminal apparatus. You must judge whether or not.

  In view of such problems, an object of the present invention is to provide a file distribution apparatus and system, and a file distribution program that can reduce the burden on the user by stopping unauthorized file distribution with a simple configuration. .

In the first aspect of the present invention, an image forming apparatus coupled to a network, an information terminal apparatus coupled to the network, and an image file coupled to the network and received from the image forming apparatus to the information terminal apparatus In a file delivery system including a file delivery device for delivery, a transmission source device that receives related information associated with the image file from the image forming device and periodically changes the related information to random A transmission source reference information storage unit including a transmission source reference identifier including a transmission source device identifier and a transmission source user identifier, and presence / absence of the related information for each received image file, And determining whether the transmission source device identifier and the transmission source user identifier in the related information are included in the transmission source reference information, 'S and delivers the image file if an affirmative determination is made in the latter, having a security management means for deleting without delivering the image file If a negative determination in the former or the latter.

In a second aspect of the file distribution system according to the present invention, in the first aspect, a file distribution information storage means for storing file distribution information in which a file distribution condition and a file distribution destination address are associated with each other is received. File distribution destination determination means for determining a file distribution destination address based on the related information of the file and the file distribution information, and the file is transferred to the determined file distribution destination address. It is characterized by delivering.

In a third aspect of the file distribution system according to the present invention, in the first aspect, the transmission source user identifier includes a public key,
A digitally signed file containing the related information is received from the image forming apparatus;
The security management unit further verifies the digital signature of the file, and if the verification fails, deletes the image file without distributing it.

In a fourth aspect of the file delivery system according to the present invention, in the first aspect, an encrypted file containing the relevant information is received from the image forming apparatus,
Prior to the processing by the security management means, it further comprises decryption means for decrypting the file.

According to the configuration of the first aspect, the related information including the transmission source device identifier is received together with the image file from the image forming device, and the related information does not exist or the transmission source device identifier is included in the transmission source reference information. Since the image file is distributed only when it is displayed, security can be ensured with a simple configuration, and the burden on the user can be reduced.
In addition, as the related information, a transmission source user identifier is also included. If this is not included in the transmission source reference information, the image file is deleted without being distributed, so that the above effect is enhanced.

According to the configuration of the second aspect , since file-related information is also used as file distribution information, security can be ensured and a file can be sent to a desired distribution destination without specifying a distribution destination for each distribution target file. Can be delivered.

  Other objects, configurations and effects of the present invention will become apparent from the following description.

It is a functional block diagram regarding the file delivery of the file delivery apparatus and personal computer based on Example 1 of this invention. It is a schematic flowchart which shows the process in the security management part in FIG. It is explanatory drawing of the transmission source reference information in FIG. It is a schematic block diagram which shows the structure of the analysis module in FIG. It is explanatory drawing of the allocation condition / allocation destination correspondence information in FIG. 1 as file allocation information which concerns on Example 1 of this invention. A sequence diagram of processing in which a user operates an image forming apparatus to scan a document image to generate a scanned image and automatically distribute the file to a folder in the apparatus or an external personal computer via the file distribution apparatus. is there. It is a hardware schematic block diagram of the system of the file delivery apparatus and personal computer which concern on Example 1 of this invention. It is a schematic explanatory drawing of the file delivery system which concerns on Example 1 of this invention. It is explanatory drawing of the allocation condition / allocation destination correspondence information in FIG. 1 as file allocation information which concerns on Example 2 of this invention. It is a functional block diagram regarding the file delivery of the file delivery apparatus and personal computer based on Example 3 of this invention. 1 is a schematic hardware block diagram of an image forming apparatus according to an embodiment of the present invention. It is a sequence diagram which shows a part of process of the scanned image file delivery system which concerns on Example 4 of this invention. It is explanatory drawing of the transmission source reference information which concerns on Example 5 of this invention. It is a sequence diagram which shows a part of process by the scanned image file delivery system which concerns on Example 5 of this invention.

  FIG. 8 is a schematic explanatory diagram of the file distribution system according to the first embodiment of the present invention.

  A file distribution apparatus 10 that mediates file transmission is coupled to a network 40 together with image forming apparatuses 20 to 2M that are transmission sources and personal computers (PCs) 30 to 3N that are information processing terminals that are distribution destinations. File transmissions from any of the image forming apparatuses 20 to 2M to the file delivery apparatus 10 and file transmissions from the file delivery apparatus 10 to one or more of the PCs 30 to 3N are provided in these OSs. Use a shared service. That is, a file is transmitted by creating a shared folder in the auxiliary storage device of the transmission destination, making it operable at the transmission source, and putting the file into this shared folder.

  FIG. 7 is a hardware schematic block diagram relating to file transmission between the file delivery apparatus 10 and the PC 3i. The PC 3i is one of the PCs 30 to 3N in FIG.

  In the file distribution apparatus 10, a CPU 11 is coupled to a PROM 13, a DRAM 14, a hard disk drive 15, a network interface 16, and an interactive input / output device 17 via an interface 12. In FIG. 7, a plurality of types of interfaces are represented by one block 12 for simplification.

  The PROM 13 is a flash memory, for example, and stores a BIOS. The DRAM 14 is used as a main storage device. The hard disk drive 15 stores data including a virtual storage system OS, various drivers, a file distribution application, transmission source reference information, and distribution condition / distribution destination correspondence information. Network interface 16 is coupled to network 40. The interactive input / output device 17 includes, for example, a keyboard, a pointing device, and a display device.

  The components 21 to 2A of the image forming apparatus 20 correspond to the components 11 to 17 of the file distribution apparatus 10, respectively. The hard disk drive 25 stores an application for generating print data and a printer driver.

  FIG. 1 is a functional block diagram relating to file distribution between the file distribution apparatus 10 and the PC 3i.

  Each functional block operates in cooperation with computer hardware and software.

  FIG. 6 is a sequence diagram of a process in which a user U operates the image forming apparatus 20 to scan a document image, thereby generating a scanned image and automatically transmitting the file to the PC 3 i via the file distribution apparatus 10. . Hereinafter, the reference numerals with “S” in parentheses are step identification codes of the sequence in FIG. 6.

  (S1) The user operates the operation panel of the image forming apparatus 20 or logs in by inputting the user ID (the group ID is also included in the user ID) and the password to the image forming apparatus 20 using an IC card. Select the scan function on the panel, select conditions such as color / monochrome mode, resolution, and image file format for image reading, and press the scan start button.

  (S2) In response to this, the image forming apparatus 20 scans the document image under the selected condition, and generates the scanned image file on the memory of the image forming apparatus 20 or in the auxiliary storage device.

  (S3) Next, the image forming apparatus 20 reads out the e-mail address of the user ID from the table in which the user ID and the e-mail address are associated with each other, and stores the e-mail address in the table. The ID and IP address of the own device are read out, and the related information file 102 having the contents as shown in FIG. The device ID (MID) and the device IP address (MIP) in the related information file 102 are transmission source device information, and the user ID (UID) and the user's e-mail address (EMAIL) are transmission source user information. . The device ID includes a model name and a serial number.

  (S4) Next, the image forming apparatus 20 distributes (injects) the scanned image file 101 and the related information file 102 into the shared folder 100 in the file distribution apparatus 10 using the OS sharing service. As a result, the scan image file 101 and the related information file 102 are stored in the shared folder 100.

  (S5) The in-folder monitoring module 103 monitors whether or not a file has been input into the shared folder 100 via the event notification function included in the service software operating in the background of the OS. If it is detected, control is transferred to the security management unit 104.

  The intra-folder monitoring module 103 may be configured to determine whether or not a file has been input into the shared folder 100 in response to a time-up event of the interval timer.

  (S6) The security management unit 104 performs the following security ensuring process on the files in the shared folder 100.

  FIG. 2 is a schematic flowchart showing processing of the security management unit 104. Hereinafter, the reference numerals with “ST” in parentheses are step identification codes in FIG.

  (ST0) It is determined whether or not the related information file 102 corresponding to the scanned image file 101 exists in the shared folder 100. If it exists, the process proceeds to step ST1, and if not, the process proceeds to step ST6.

  As for the correspondence relationship between the scanned image file 101 and the related information file 102, for example, the file name body portions of both are the same and the extensions are different. By describing the file name of the scanned image file 101 in the related information file 102, they may be associated with each other.

  (ST1) A set of a device ID and an IP address is read from the related information file 102 as transmission source device information.

  (ST2) It is determined whether or not the combination of the device ID and the IP address is included in the transmission source reference information 105. If the determination is affirmative, the process proceeds to step ST3, and if not, the process proceeds to step ST6.

  The source reference information 105 is expressed as an XML file as shown in FIG. 3B, for example. As the transmission source reference information 105, a pair of the device ID and its IP address of each of the image forming apparatuses 20 to 2M coupled to the network 40 and each of the PCs 30 to 3N coupled to the network 40 are used. A set of a user ID and an e-mail address of the user who is doing is described.

  (ST3) The user ID and the e-mail address are read from the related information file 102 as the transmission source user information.

  (ST4) It is determined whether or not the combination of the user ID and the e-mail address is included in the transmission source reference information 105. If the determination is affirmative, the process proceeds to step ST5, otherwise, the process proceeds to step ST6. move on.

  (ST5) Control is transferred to the file analysis module 106, and the process in the security management unit 104 is terminated.

  (ST6) The scan image file 101 in which the related information file 102 does not exist is deleted from the shared folder 100, or the related information file 102 is deleted from the shared folder 100 together with the corresponding scan image file 101, and the security management unit The process of 104 is finished. At this time, a log (not shown) indicating the contents of the scanned image file 101 and the related information file 102 and the date and time of deletion is created and can be viewed later by the administrator.

  As shown in FIG. 4, the file analysis module 106 includes a scanned image file analysis unit 1061, an information file analysis unit 1062, and a distribution destination analysis unit 1063.

  (S7) The scan image file analysis unit 1061 detects the file name and the image format (file name extension) from the scan image file 101.

  (S8) The information file analysis unit 1062 detects the user identifier and the transmission source identifier from the contents of the related information file 102.

  (S9) The distribution destination analysis unit 1063 performs file-related information including these file name, image format, user identifier, transmission source identifier, and file creation date and time (each of which is a file-related element), for example, as shown in FIG. The allocation destination URI is determined from the allocation condition / allocation destination correspondence information Info 1, and control is transferred to the file distribution module 107.

  In FIG. 5, the distribution condition includes a logical expression of one or more file-related elements, and the distribution destination analysis unit 1063 indicates that the file-related information satisfies this logical expression, that is, the value of the logical expression is “true”. If it is, the file distribution destination address corresponding to the logical expression is determined as the distribution destination address of this file. The meanings of the logical expressions in FIG. 5 are as follows.

  (1) The logical expression [KW = approval] AND [KW = 1000 to 15000] includes “contest” as the keyword KW in the file name, and a serial number as the keyword KW in the file name. Is included in the range of 1000 to 15000 (if the number satisfies the logical sum of 1000 to 15000), it is “true”.

  (2) The logical expression [UID = Shizue] AND [KW = Purchase Order Deduction] AND [KW = General Affairs Division] has the user identifier UID “Shizue” and the keyword “KW” in the file name as “Purchase Order Deduction”. ”And“ General Affairs Division ”are“ true ”.

  (3) In the logical expression [KW = ???-???-????], “?” Is an arbitrary single-digit numerical value, and the logical expression [KW = ???-???-? “???” becomes “true” if arbitrary three-digit, three-digit, and four-digit numbers are combined with “−” as the keyword KW in the file name.

  (4) The logical expression [UID = Hanako] AND [MID = KM6235] AND ([KW = Accounting] OR [KW = Accounting]) has the user identifier UID “Hanako” and the transmission source device identifier MID “KM6235. And “true” if “accounting” or “accounting” is included as the keyword KW in the file name.

  (5) If the logical expression [UID = Taro] AND [Time <12:00] has the user identifier UID “Taro” and the file creation date and time that is the file attribute is before “12:00” “True”.

  (6) The logical expression [UID = Taro] AND [Time ≧ 12: 00] is that the user identifier UID is “Taro” and the file creation date and time that is the file attribute is after “12:00” “True”.

  (7) The logical expression [GID = design] AND [Format = PDF] is “true” if the group identifier UID is “design” and the file format is “PDF” (file extension is .pdf). Become.

  Each of the file distribution destination address related information files A to K in FIG. 5 is a URI of the folder 108A, 108B or 108C shown in FIG. 1 in the file distribution apparatus 10 or a shared folder URI outside the file distribution apparatus 10. For example, A = “SMB: //192.168.126.162/SCAN/approval/”, J = “Design /”.

  Since the character string in the file name is included as a variable of the logical expression as in the logical expressions (1) to (4), the file distribution destination can be automatically determined according to the type of the file contents.

  In addition, since the group ID such as the user ID or the section is included as a variable of the logical expression as in the logical expressions (2) and (4) to (7), even if the types of the file contents are the same, The file distribution destination can be varied according to the user ID or group ID.

  The above logical expressions (5) and (6) are particularly suitable when the file recipient exists in a different place depending on the time zone.

  Since the logical expression (7) includes a file format as a variable of the logical expression, the file distribution destination can be varied depending on the file format even if the content type of the file is the same.

  The file name change column in FIG. 5 means that the file is changed and the file is distributed. However, the blank column means no file name change. For example, “Purchase Order [Count]” changes the file name to the character string “Purchase Order” with a character string of the value of the software counter [Count] incremented by 1 for each file distribution. means. FAX [Now] means that the file name is changed to the character string “FAX” appended with the character string of the current date and time [Now].

  The distribution column in FIG. 5 means that the file is distributed at a predetermined time. However, a blank means immediate delivery. For example, “every day at 10:00” means that a file is accumulated until 10:00 of the day, and the file is distributed when the time reaches 10:00.

  When the file-related information of one file satisfies the allocation condition of multiple rows in the allocation condition / allocation destination correspondence information Info1 in FIG. 5, the priority is higher in the upper row, and the allocation conditions in order from the upper row. And the first “true” line is applied. This rule has a higher priority in the lower row, collating the sorting conditions in order from the upper row, and even if the row that becomes “true” is applied last, all the rows that become “true” May be applied, or one or more of these rules may be selectable.

  (S10, S11) The file distribution module 107 distributes (moves) the scanned image file 101 into the determined distribution destination folder URI via the OS file system, or distributes (transmits) it using the SMB protocol. The related information file 102 is deleted.

  (S12) Next, when the distribution is performed, the file distribution module 107 distributes the scanned image file 101 into the shared folder 301 to the status monitor 303 provided in the printer driver 302 of the distribution destination PC 3i. Send information to indicate. This information transmission is performed by a protocol used by the existing status monitor 303, for example, SOAP, SNMP, or a unique protocol.

  For example, when SNMP is used, the image forming apparatus 20 includes an SNMP agent that transmits the status information to a selected one of the PCs 30 to 34, and the status monitor 303 of the PC 30 to 34 displays the status of the image forming apparatus 20. And an SNMP manager for displaying the message on the screen of its own device. The file distribution module 107 also includes an SNMP manager that generates an InformRequest message and transmits it to the status monitor 303 using the SNMP protocol.

  (S13) In response to receiving this notification, the status monitor 303 pops up the content of the message on the screen of the PC 3i in the same manner as the status display of the image forming apparatus file delivery apparatus 10.

  According to the first embodiment, the related information file 102 including the transmission source apparatus ID and the transmission source user ID is received from the image forming apparatus together with the scanned image file 101, and the related information file 102 does not exist or is the transmission source. When the device ID and the transmission source user ID are not included in the transmission source reference information 105, the image file 101 is deleted without being distributed, so that security can be secured with a simple configuration and the burden on the user can be reduced. Play.

  Further, since the file-related information file 102 is also used as file distribution information, security can be ensured and the file can be distributed to a desired distribution destination without specifying the distribution destination for each distribution target file. There is an effect.

  Furthermore, when the file distribution condition includes a logical expression of one or more file-related elements and the file-related information satisfies this logical expression, the file distribution destination address corresponding to the logical expression is set as the file distribution destination address. Therefore, the file distribution condition can be easily set.

  FIG. 9 is an explanatory diagram of the distribution condition / distribution destination correspondence information in FIG. 1 as file distribution information according to the second embodiment of the present invention.

  Although the distribution condition of FIG. 5 explicitly includes a logical expression of one or more file-related elements, the logical expression of one or more file-related elements may be substantially included as shown in FIG. May be included implicitly. The blank column in FIG. 9 indicates that it is optional.

  In FIG. 9, the logical product of the user identifier (user ID), the transmission source identifier, the character string included in the file, and the file format name (file extension) is the distribution condition, and this logical product is implicitly include.

  For example, the user ID is “Design1” (in the first embodiment, the user ID and the group ID are separated, but in the second embodiment, both are handled in the same way regarding the distribution condition / allocation destination correspondence information Info2). If the source identifier is "KM6235" or "KM6325", the distribution destination is different. If the source identifier is "KM6235", the character string contained in the file is "Deliberate", "Report" , “Design”, or other, the distribution destination is different. In other cases, the distribution destination is different depending on whether the file format is “PDF” or other.

  The distribution condition / distribution destination correspondence information Info2 in FIG. 9 has a hierarchical structure, and can be expressed, for example, in an XML file. The order of priority when the conditions for a plurality of rows are satisfied is the same as in the first embodiment.

  The other points are the same as those in the first embodiment.

  FIG. 10 is a functional block diagram relating to file distribution between the file distribution apparatus and the personal computer according to the third embodiment of the present invention.

  In the third embodiment, in the file delivery apparatus 10A, a transmission source reference information update unit 109 is further added to the configuration of the file delivery apparatus 10 in FIG.

  In each of the image forming apparatuses 20 to 2M in FIG. 8, a random code is added to the original apparatus ID periodically and before S3 in FIG. 6, and the transmission source reference information updating unit 109 of the file distribution apparatus 10A is added. Notice. For example, when the original device ID is “KM6235”, “_AW3Q8” is added, the device ID is changed to “KM6235_AW3Q8”, and the source reference information update unit 109 is notified. In response to this, the transmission source reference information update unit 109 updates the corresponding device ID in the transmission source reference information 105.

  Other points are the same as those of the first embodiment.

  According to the third embodiment, since the apparatus ID of the image forming apparatus is periodically updated at random, the related information file 102 is illegally generated in other than the image forming apparatuses 20 to 2M, and the scan image file corresponding thereto Even if 101 is transmitted to the file delivery apparatus 10A, the probability that the security management unit 104 determines that this is illegal is increased, and security can be ensured more reliably and the burden on the user can be reduced. .

  The other points are the same as in the first or second embodiment.

  In the above, preferred embodiments of the present invention have been described. However, the present invention includes various modifications, and other combinations of the components described in the above-described embodiments, and functions of the components. Those using other configurations for realizing the above, and other configurations that would be conceived by those skilled in the art from these configurations or functions are also included in the present invention.

  For example, information other than the above may be added as the transmission source information, or the entire transmission source device ID may be a random code. That is, since the transmission source information of the present invention is used for the purpose of ensuring security, even if the user cannot be identified, the transmission source and the transmission source information need only correspond one-to-one. A device certificate received by the file distribution apparatus 10 from the transmission source apparatus using a self-issued or third party authority (certificate authority) issued device certificate (electronic certificate including model name and serial number) as the transmission source apparatus ID The validity of the certificate may be checked with a device certificate acquired from the management server or the certificate authority.

  The determination of the distribution destination folder URI by the file delivery apparatus 10 may be configured to use other information or use only a part of the above information.

  Furthermore, the present invention can also be applied to the case where the function of the file distribution apparatus 10 is provided in the image forming apparatus 20 and the file is directly transmitted from the image forming apparatus 20 to the PC 3i.

  Further, the file to be distributed is not limited to the image file read by the scanner, and may be a FAX reception file or another general file. The distribution form includes distribution by an arbitrary protocol, and may be distribution by an FTP protocol, distribution of an e-mail attached with a file, distribution by FAX, or the like.

  FIG. 11 is a schematic block diagram illustrating a hardware configuration of the image forming apparatus 20.

  In the image forming apparatus 20, a CPU 21 is coupled to a PROM 23, a DRAM 24, a hard disk drive 25, a network interface 26, an operation panel 27, a scanner 28, a printer 29, and a fax modem 2A via an interface 22.

  The PROM 23 is, for example, a flash memory, and stores a basic input / output system (BIOS), an operating system (OS), various drivers, and various applications for causing the image forming apparatus to function. The DRAM 24 is used as a main storage device. The hard disk drive 25 stores printing data, image data read by the scanner 2A, and facsimile reception data. Network interface 26 is coupled to network 40. The operation panel 27 is provided with keys and a display panel. The scanner 28 is used as an input device for printing and facsimile transmission, and is used for generating an image file. The printer 29 includes a print engine, a paper feeding unit, a conveyance unit, and a paper discharge unit. The bitmap data generated in the DRAM 24 is supplied, and an electrostatic latent image is formed on the photosensitive drum based on the data. This image is developed with toner, and the toner image is transferred and fixed on a sheet, and discharged.

  FIG. 12 is a sequence diagram illustrating a part of the processing by the scanned image file distribution system according to the fourth embodiment of the present invention. The hardware configuration of the apparatus 20B in the figure is the same as that of the image forming apparatus 20.

  The processes in S1 to S3 are the same as those in FIG. However, in S3, the IP address of the device 20B is not included in the related information file 102 in FIG.

  (S30) The image forming apparatus 20B requests the public key from the file distribution apparatus 10B via the network interface 26 and the network 40.

  (S31) The file distribution apparatus 10B generates a private key / public key pair using, for example, the IP address of the image forming apparatus 20B and the current time as seeds.

  (S32) The file delivery apparatus 10B returns this public key to the image forming apparatus 20B.

  (S33) After receiving this, the image forming apparatus 20B merges the scan image G generated in S2 with the related information AT generated in S3. For example, these are compressed into one ZIP file. Further, the merged file is encrypted with the public key.

  The processes in S4 and S5 are the same as those in FIG. However, in S4, the encrypted file is the transmission target.

    (S50) In the security management unit 104, the file delivery apparatus 10B decrypts the received file with the secret key before separating the merged file before the step ST0 in FIG. The related information AT is obtained, and the process proceeds to step ST0 in FIG.

  The subsequent processing is the same as in FIG. However, in S6, the IP address included in the header of the packet received in S4 is compared with the IP address included in the source reference information 105 to confirm the source.

  According to the fourth embodiment, eavesdropping on the network 40 can be prevented by encryption, and encrypted with the public key paired with this secret key by decryption with the secret key in the file distribution apparatus 10B. That the scanned image G and the related information AT have not been falsified, and these key pairs are generated only once by the file delivery apparatus 10B. Therefore, it is possible to prevent unauthorized use due to key eavesdropping.

  FIG. 13 is an explanatory diagram of what is used instead of the transmission source reference information of FIG.

  In the transmission source reference information 105A, a public key corresponding to a secret key used in each image forming apparatus is described as the contents of the pkey tag for transmission source confirmation. The other points are the same as the transmission source reference information in FIG.

  FIG. 14 is a sequence diagram illustrating a part of processing by the scanned image file distribution system according to the fifth embodiment of the present invention. The hardware configuration of the apparatus 20C in the figure is the same as that of the image forming apparatus 20.

  Prior to this processing, the image forming apparatus 20C previously generates a private key / public key pair using, for example, the IP address of the image forming apparatus 20C and the current time as a seed, and transmits the public key to the file distribution apparatus 10C. Registered in the original reference information 105A.

  The processes in S1 to S3 are the same as those in FIG.

  (S34) The image forming apparatus 20C merges the scanned image G generated in S2 with the related information AT generated in S3, and digitally signs it with the secret key. In other words, a hash of the merged file is generated by a hash function, and a digital signature DS is obtained by encrypting this hash with the secret key.

  The processes in S4 and S5 are the same as those in FIG. However, in S4, the merged file (merged file), the digital signature DS, and the public key (PKEY) are targeted for transmission.

  (S51) The file distribution apparatus 10C verifies the digital signature of the received merged file in the security management unit 104 before step ST0 in FIG. That is, a hash of the merged file is generated with the same hash function, and this is compared with the one obtained by decrypting the digital signature DS with the received public key. If they match, the verification is passed. Next, the merged file is separated to obtain a scanned image G and related information AT, and the process proceeds to step ST0 in FIG. If the verification is not passed, the process proceeds to step ST6 in FIG.

  The subsequent processing is the same as in FIG. However, in S6, the IP address included in the header of the packet received in S4 is compared with the IP address included in the source reference information 105 to confirm the source. Further, the received public key is compared with the corresponding one registered in the transmission source reference information 105A to confirm the transmission source.

  According to the fifth embodiment, the digital signature can confirm the image forming apparatus that is the transmission source, and can confirm that the merged file has not been tampered with.

  In the above, preferred embodiments of the present invention have been described. However, the present invention includes various modifications, and other combinations of the components described in the above-described embodiments, and functions of the components. Those using other configurations for realizing the above, and other configurations that would be conceived by those skilled in the art from these configurations or functions are also included in the present invention. For example, a configuration in which the encryption in the fourth embodiment and the digital signature in the fifth embodiment are performed together may be employed.

10, 10A-10C File distribution device 11, 21 CPU
12, 22 Interface 13, 23 PROM
14, 24 DRAM
15, 25 Hard disk drive 16, 26 Network interface 17 Interactive input / output device 20-2M, 20B, 20C Image forming device 30-3N PC
40 Network 100, 301 Shared folder 101, G Scan image file 102, AT related information file 103 In-folder monitoring module 104 Security management unit 105 Transmission source reference information 106 File analysis module 1061 Scan image file analysis unit 1062 Information file analysis unit 1063 Minute analysis unit 107 File distribution module 108A to 108C Folder 109 Source reference information update unit 302 Printer driver 303 Status monitor Info1, Info2 Distribution condition / allocation destination correspondence information U user

Claims (4)

Comprising an image forming apparatus coupled to the network, and the information terminal device coupled to said network, and a file distribution device that distributes the image file being coupled to the network receives from the image forming apparatus to the information terminal device In the file distribution system
Relevant information associated with the image file is received from the image forming apparatus, and the related information includes a transmission source device identifier and a transmission source user identifier that are periodically and randomly changed .
Transmission source reference information storage means storing transmission source reference information including a transmission source device identifier and a transmission source user identifier;
For each received image file, it is determined whether or not the related information exists, and whether or not the transmission source device identifier and the transmission source user identifier in the related information are included in the transmission source reference information,
A security management means for delivering the image file when an affirmative determination is made in the former and the latter, and deleting the image file without a delivery when a negative determination is made in the former or the latter;
A file delivery system comprising: File distribution information storage means for storing file distribution information in which file distribution conditions and file distribution destination addresses are associated;
File distribution destination determination means for determining the distribution destination address of the received file based on the related information of the file and the file distribution information;
The file distribution system according to claim 1, further comprising: a file distribution unit that distributes the file to the determined file distribution destination address. The source user identifier includes a public key;
A digitally signed file containing the related information is received from the image forming apparatus;
The security management means further verifies the digital signature of the file, and if the verification does not pass, deletes the image file without distributing it.
The file delivery system according to claim 1. An encrypted file containing the related information is received from the image forming apparatus,
Further comprising decryption means for decrypting the file before processing by the security management means;
The file delivery system according to claim 1.

Images