JP5779553B2 - Security management apparatus, image forming apparatus, and security management program - Google Patents

Description

  The present invention relates to a security management apparatus, an image forming apparatus, and a security management program, and more particularly to a technique for managing security applied in an electronic apparatus such as an image forming apparatus.

  Conventionally, various types of security have been applied to electronic devices such as image forming apparatuses and image processing apparatuses in order to prevent leakage of handling data. For example, in Patent Document 1 below, a third client device makes an individual authentication request for an access request to a registered file whose access is restricted, and the second server device encrypts the registered file whose access is restricted. Accumulate and manage the access restriction contents for the registered file, and decrypt the encrypted file when a legitimate individual authentication result is obtained by individual authentication using information input by the user on the third client device. An access authentication system that ensures the security of an access-restricted file by transmitting to a second client device is shown.

JP 2010-199997 A

  In the prior art disclosed in Patent Document 1, access restriction contents such as access permission conditions and authentication methods can be registered in advance as a pattern for each user in the second server device that manages the access-restricted registration file. For example, access restriction contents can be easily set for each user. However, in the case of this prior art, while it is possible to easily set the access restriction contents for each user, in addition to the protection level for the information asset that is the data subject to protection, that is, the data to be protected. Therefore, it is not possible to make an authentication request at an appropriate level for each user.

  The present invention has been made in order to solve the above-mentioned problems, and considers both the user's status level and the protection level required for the data to be protected, and for each user seeking access to the data. The purpose is to enable authentication requests at an appropriate level.

The invention according to claim 1 of the present invention includes a protection level storage unit that stores a data type together with a value indicating a protection level associated with the data type,
A status level storage unit that stores a user type together with a value indicating a status level associated with the user type;
A type acquisition unit for acquiring a user type of a user who accesses data to be protected by security and a data type of data to be accessed;
Of the status levels stored in the status level storage unit, the status level value corresponding to the user type acquired by the type acquisition unit and the protection level stored in the protection level storage unit A security level calculation unit that calculates a security level for the combination of the acquired user type and data type based on the value of the protection level corresponding to the data type acquired by the type acquisition unit;
A security determination unit that determines the security whose protection level is raised according to the value of the value indicating the security level, corresponding to the security level calculated by the security level calculation unit;
An authentication unit for requesting authentication for the user indicated by the user type acquired by the type acquisition unit by the security determined by the security determination unit;
The security level calculation unit calculates the security level using the product of the status level value corresponding to the user type and the protection level value corresponding to the data type as the combination,
The security determination unit determines the security in which the number of authentication methods executed for the user is different according to the numerical value indicated by the security level calculated by the security level calculation unit, and When the acquired user type is a predetermined user type, or when the data type acquired by the type acquisition unit is a predetermined data type, the value indicated by the calculated security level Regardless of the security management device, the security determined in accordance with the security level is the security with the highest protection level .

The invention according to claim 2 is the security management device according to claim 1, wherein the protection level storage unit stores an employee name list, a report, and the data type which is attendance management. is there.

The invention according to claim 4 is a protection level storage unit that stores a data type together with a value indicating a protection level associated with the data type;
A status level storage unit that stores a user type together with a value indicating a status level associated with the user type;
A type acquisition unit for acquiring a user type of a user who accesses data to be protected by security and a data type of data to be accessed;
Of the status levels stored in the status level storage unit, the status level value corresponding to the user type acquired by the type acquisition unit and the protection level stored in the protection level storage unit A security level calculation unit that calculates a security level for the combination of the acquired user type and data type based on the value of the protection level corresponding to the data type acquired by the type acquisition unit;
A security determination unit that determines the security whose protection level is raised according to the value of the value indicating the security level, corresponding to the security level calculated by the security level calculation unit;
Due to the security determined by the security determination unit, the computer functions as an authentication unit that requests authentication for the user indicated by the user type acquired by the type acquisition unit, and
The security level calculation unit calculates the security level using the product of the status level value corresponding to the user type and the protection level value corresponding to the data type as the combination,
The security determination unit determines the security in which the number of authentication methods executed for the user is different according to the numerical value indicated by the security level calculated by the security level calculation unit, and When the acquired user type is a predetermined user type, or when the data type acquired by the type acquisition unit is a predetermined data type, the value indicated by the calculated security level Regardless of this, the security management program causes the computer to function so that the security determined in accordance with the security level is the security with the highest protection level .

  In these inventions, the security level calculation unit is stored in the protection level storage unit and the status level corresponding to the user type acquired by the type acquisition unit among the status levels stored in the status level storage unit. Of each data, the protection level corresponding to the data type acquired by the type acquisition unit is integrated, the security level for the combination of the input user type and data type is calculated, and the authentication unit calculates the calculated Because security requires authentication for the user, consider both the user's status level and the protection level required for the data to be protected, and at an appropriate level for each user seeking access to the data. Can be requested.

In these inventions, the security determination unit determines the security with the protection level raised according to the magnitude of the numerical value indicating the security level. Therefore, the value indicating the status level for each user type and the security level for each user type are determined. If the value indicating the protection level is set to a large value according to the strength of authentication required for the user or the security strength set for the data, the status level for each user type and the protection level for each user type can be accurately set. It is possible to calculate the security level corresponding to

In these inventions, when the input user type is a predetermined user type, the security determining unit determines the security level corresponding to the security level regardless of the value indicating the security level. Since the protection level is determined to be the highest level of security, the security array according to the magnitude of the value indicating the calculated security level is maintained, and the particular user type is out of the array. The protection phase allows the highest level of security to be determined.

In these inventions, the security determination unit, when the input data type is a predetermined data type, regardless of the security strength array corresponding to the magnitude of the value indicating the security level, Since the security level corresponding to the security level is determined as the highest level of security at the protection stage, a specific data type is maintained while maintaining the security strength according to the magnitude of the value indicating the calculated security level. On the other hand, it is possible to determine the highest level of security by deviating from the sequence.

According to a third aspect of the present invention, there is provided a data acquisition unit that acquires data to be printed;
An image forming unit that forms an image on a recording medium using the data acquired by the data acquiring unit;
The security management device according to claim 1 or 2 ,
An image forming apparatus comprising: an operation control unit that causes the data acquisition unit to acquire data that the user requests to access when the user who inputs the user type is authenticated by the authentication unit as a regular user It is.

  In the present invention, it is possible to use the security determined by the security management device for authentication for determining whether or not to allow the user to access the data to be printed by the image forming unit.

  According to the present invention, the user's status level, the user's status level, and the protection level required for the data to be protected are considered, and the appropriate level is set for each user who requests access to the data. Can be requested.

1 is a front sectional view showing a structure of an image forming apparatus according to an embodiment of the present invention. 2 is a functional block diagram schematically showing a main internal configuration of the image forming apparatus. FIG. (A) is a diagram showing the relationship between user types and status levels, (B) is a diagram showing the relationship between data types and protection levels, and (C) is a diagram showing the relationship between security levels and security. 3 is a flowchart illustrating a first embodiment of security management in the image forming apparatus. It is a figure which shows an example of the display screen of a display part. It is a figure which shows an example of the display screen of a display part. It is a figure which shows the relationship between a user classification, a data classification, a security level, and security. 6 is a flowchart illustrating a second embodiment of security management in the image forming apparatus. It is a figure which shows the relationship between a user classification, a data classification, a security level, and security. 12 is a flowchart illustrating a third embodiment of security management in the image forming apparatus. FIG. 5 is a flowchart showing authentication processing by the image forming apparatus.

  Hereinafter, a security management apparatus, an image forming apparatus, and a security management program according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a front sectional view showing the structure of an image forming apparatus according to an embodiment of the present invention.

  An image forming apparatus 1 according to an embodiment of the present invention is a multifunction machine having a plurality of functions such as a copy function, a printer function, a scanner function, and a facsimile function. The image forming apparatus 1 includes an apparatus main body 11 that includes an image forming unit 12, a fixing unit 13, a paper feeding unit 14, a document feeding unit 6, an image reading unit 5, and the like. The image forming apparatus 1 includes a security management apparatus according to an embodiment of the present invention.

  The apparatus main body 11 includes a lower main body 111, an upper main body 112 disposed so as to face the lower main body 111, and a connecting portion 113 provided between the upper main body 112 and the lower main body 111. The upper body 112 is provided with an image reading unit 5 and a document feeding unit 6.

  The image reading unit 5 includes a contact glass 161 mounted on the upper surface opening of the upper main body 112 for placing a document, an openable / closable document pressing cover 162 for pressing the document placed on the contact glass 161, And a reading mechanism 163 that reads an image of a document placed on the contact glass 161. The reading mechanism 163 includes a light irradiation unit (light source) as a light source having an LED (Light Emitting Diode) that emits light toward a document, and an image sensor such as a CCD (Charge Coupled Device) or a CMOS (Complementary Metal Oxide Semiconductor). (Conversion unit) and an optical system that has a plurality of mirrors and condenser lenses, which will be described later, and is movable between a position below the document reading slit 53 and a document reading position that is a position below the contact glass 161. These are used to optically read an image of a document and generate image data. The generated image data is used for image formation by the image forming unit 12 or storage in the HDD 92 described later.

  The document feeding unit 6 feeds the document placed on the document placing unit 61 one by one by driving the paper feed roller and the conveyance roller, and conveys the document to a position facing the document reading slit 53, and the document reading slit Then, the image is read by the reading mechanism 163 of the image reading unit 5 through 53 and then discharged to the document discharge unit 66. In the case of setting to read the document conveyed by the document feeding unit 6 as described above, the reading mechanism 163 is conveyed by the document feeding unit 6 at a feeding document reading position below the document reading slit 53. Scan incoming documents.

  The lower main body 111 includes an image forming unit 12, a fixing unit 13, and a paper feeding unit 14. The paper feed unit 14 has paper feed cassettes 142, 143, and 144 that can be inserted into and removed from the apparatus main body 11.

  The image forming unit 12 performs an image forming operation for forming a toner image on the recording paper fed from the paper feeding unit 14. The image forming unit 12 is arranged in order from the upstream side to the downstream side in the traveling direction of the intermediate transfer belt 125, the magenta image forming unit 12M using magenta toner, and the cyan toner using cyan toner. The image forming unit 12C of yellow, the image forming unit 12Y for yellow using yellow toner, and the image forming unit 12Bk for black using black toner (hereinafter, when each image forming unit is described without distinction, Each of which is referred to as an “image forming unit 120”, and an intermediate transfer belt 125 stretched between a plurality of rollers such as a driving roller 125a (secondary transfer opposing roller) so as to be capable of running endlessly in the sub-scanning direction in image formation, The intermediate transfer belt 125 is a portion where the intermediate transfer belt 125 is stretched around the driving roller 125a. And a contact with the secondary transfer roller 210 to the outer peripheral surface 125.

  Each image forming unit 120 includes a photosensitive drum 121, a developing device 122 that supplies toner to the photosensitive drum 121, a toner cartridge (not shown) that contains toner, a charging device 123, an exposure device 124, a primary device. A transfer roller 126 and a drum cleaning device 127 are integrally provided.

  The photosensitive drum 121 forms an electrostatic latent image and a toner image along the electrostatic latent image on the peripheral surface thereof. The developing device 122 supplies toner to the photosensitive drum 121. Each developing device 122 is appropriately supplied with toner from the toner cartridge.

  The charging device 123 is provided immediately below the photosensitive drum 121. The charging device 123 uniformly charges the peripheral surface of each photosensitive drum 121.

  The exposure device 124 is provided below the photosensitive drum 121 and further below the charging device 123. The exposure device 124 irradiates the circumferential surface of the charged photosensitive drum 121 with laser light corresponding to each color based on image data input from a computer or the like or image data acquired by the image reading unit 5, and each photosensitive member. An electrostatic latent image is formed on the peripheral surface of the drum 121. The exposure device 124 is a so-called laser exposure device, which is a laser light source that outputs a laser beam, a polygon mirror that reflects the laser beam toward the surface of the photosensitive drum 121, and a laser beam reflected by the polygon mirror. Optical components such as a lens and a mirror for guiding the drum 121 are provided.

  The developing device 122 supplies toner to the electrostatic latent image on the peripheral surface of the photoconductive drum 121 rotating in the direction of the arrow and stacks the toner, and the toner corresponding to the image data is formed on the peripheral surface of the photoconductive drum 121. Form an image.

  The intermediate transfer belt 125 is disposed above the photosensitive drums 121. The intermediate transfer belt 125 is stretched between the driving roller 125a on the left side in FIG. 1 and the driven roller 125b on the right side in FIG. It is in contact. The driven roller 125b is provided at a position facing the driving roller 125a and rotates following the endless running of the intermediate transfer belt 125. The intermediate transfer belt 125 is driven by a driving roller 125 a in a state where an image carrying surface on which a toner image is transferred is set on the outer peripheral surface thereof and in contact with the peripheral surface of the photosensitive drum 121. The intermediate transfer belt 125 travels endlessly between the driving roller 125a and the driven roller 125b while being synchronized with each photosensitive drum 121.

  A primary transfer roller 126 is provided at a position facing each photosensitive drum 121 with the intermediate transfer belt 125 interposed therebetween. A transfer bias is applied to the primary transfer roller 126 by a transfer bias applying mechanism (not shown), and the primary transfer roller 126 transfers the toner image formed on the outer peripheral surface of each photosensitive drum 121 to the intermediate transfer belt 125. Transfer to the surface.

  The control unit 10 (FIG. 2) drives and controls the primary transfer roller 126 and the image forming unit 120 for each color, and the magenta toner formed on the surface of the intermediate transfer belt 125 by the magenta image forming unit 12M. The image transfer, the transfer of the cyan toner image formed by the cyan image forming unit 12C at the same position of the intermediate transfer belt 125, and the yellow image forming unit 12Y at the same position of the intermediate transfer belt 125 are then performed. The transfer of the formed yellow toner image and the transfer of the black toner image formed by the final black image forming unit 12Bk are performed so that the toner images of the respective colors overlap each other. Are formed on the surface of the intermediate transfer belt 125 (intermediate transfer (primary transfer)).

  A transfer bias is applied to the secondary transfer roller 210 by a transfer bias applying mechanism (not shown). The secondary transfer roller 210 transfers the color toner image formed on the surface of the intermediate transfer belt 125 onto the recording paper conveyed from the paper supply unit 14. The secondary transfer roller 210 forms a nip portion N where the toner image is secondarily transferred onto the recording paper, with the intermediate transfer belt 125 and the drive roller 125a. The recording sheet conveyed through the sheet conveying path 190 is pressed and sandwiched between the intermediate transfer belt 125 and the secondary transfer roller 210 at the nip portion N, where the toner image on the intermediate transfer belt 125 is secondarily transferred to the recording sheet. The

  The drum cleaning device 127 is provided on the left side of each photoconductive drum 121 in FIG. 1, and removes residual toner on the peripheral surface of the photoconductive drum 121 for cleaning.

  A sheet conveyance path 190 extending in the vertical direction is formed at the left position in FIG. 1 with respect to the image forming unit 12. A pair of conveying rollers 192 is provided at an appropriate position on the sheet conveying path 190. The conveyance roller pair 192 conveys the recording paper fed from the paper supply unit 14 toward the nip N and the fixing unit 13. That is, the recording paper is transported by the transport mechanism including the transport roller pair 192 disposed at the appropriate position.

  The fixing unit 13 includes a heating roller 132 provided with an energization heating element as a heating source therein, and a pressure roller 134 disposed to face the heating roller 132. The fixing unit 13 generates heat from the heating roller 132 while the recording paper passes through the fixing nip between the heating roller 132 and the pressure roller 134 with respect to the toner image on the recording paper transferred by the image forming unit 12. To give a fixing process. The recording paper on which the color image has been formed after the fixing process is completed is discharged toward a discharge tray 151 provided on the top of the lower main body 111 through a discharge conveyance path 194 extending from the upper part of the fixing unit 13. The

  The paper feed unit 14 includes a manual feed tray 141 provided on the right side wall in FIG. 1 of the apparatus main body 11 so as to be openable and closable, and paper feed cassettes 142, 143, and 144. A pickup roller 145 provided above the paper feed cassettes 142, 143, and 144 feeds the uppermost recording paper in the paper bundle stored in the paper feed cassettes 142, 143, and 144 toward the paper transport path 190.

  The paper discharge unit 15 is formed between the lower main body 111 and the upper main body 112. The paper discharge unit 15 includes a discharge tray 151 formed on the upper surface of the lower main body 111. The discharge tray 151 is a tray in which the recording paper on which the toner image is formed by the image forming unit 12 is discharged after the fixing unit 13 performs the fixing process.

  Next, the configuration of the image forming apparatus 1 will be described. FIG. 2 is a functional block diagram schematically showing the main internal configuration of the image forming apparatus 1. 3A is a diagram showing the relationship between the user type and the status level, FIG. 3B is a diagram showing the relationship between the data type and the protection level, and FIG. 3C is a diagram showing the relationship between the security level and the security.

  The image forming apparatus 1 includes a control unit 10. The control unit 10 includes a CPU (Central Processing Unit), a RAM, a ROM, a dedicated hardware circuit, and the like, and controls the overall operation of the image forming apparatus 1.

  The image reading unit 5 includes the reading mechanism 163 having a light irradiation unit and a CCD sensor under the control of the control unit 10. The image reading unit 5 irradiates the document with the light irradiating unit and receives the reflected light with the CCD sensor, thereby reading the image from the document.

  The image processing unit 31 performs image processing on the image data of the image read by the image reading unit 5 as necessary. For example, the image processing unit 31 performs predetermined image processing such as shading correction in order to improve the quality after the image read by the image reading unit 5 is formed by the image forming unit 12.

  The image memory 32 is an area for temporarily storing document image data obtained by reading by the image reading unit 5 and temporarily storing data to be printed by the image forming unit 12.

  The image forming mechanism 40 includes a paper transport mechanism that includes the image forming unit 12, the fixing unit 13, the transport roller pair 192, and the like described above. The image forming mechanism 40 forms an image of the image data read by the image reading unit 5.

  The operation unit 47 includes a touch panel unit and operation key units that receive instructions from a user as an operator regarding various operations and processes that can be executed by the image forming apparatus 1. The touch panel unit includes a display unit (notification unit) 473 such as an LCD (Liquid Crystal Display) provided with a touch panel.

  The facsimile communication unit 71 includes an unillustrated encoding / decoding unit, modulation / demodulation unit, and NCU (Network Control Unit), and performs facsimile transmission using a public telephone network.

  The network interface unit 91 includes a communication module such as a LAN board, and transmits / receives various data to / from a device (such as a personal computer) in the local area via the LAN connected to the network interface unit 91.

  The HDD 92 is a large-capacity storage device that stores document images and the like read by the image reading unit 5.

  The HDD 92 stores (installs) a security management program according to an embodiment of the present invention. The control unit 10 functions as a protection level storage unit 102, a status level storage unit 101, a type acquisition unit 103, a security level calculation unit 104, a security determination unit 105, and an authentication unit 106, which will be described later, by operating according to the security management program. To do.

  However, the status level storage unit 101, the protection level storage unit 102, the type acquisition unit 103, the security level calculation unit 104, the security determination unit 105, and the authentication unit 106 are each implemented by hardware circuits regardless of operations based on the security management program. It is also possible to configure. The same applies to each embodiment unless otherwise specified.

  The operation control unit 100 includes an image reading unit 5, a document feeding unit 6, an image processing unit 31, an image memory 32, an image forming mechanism 40, an operation unit 47, a facsimile communication unit 71, a network interface unit 91, and an HDD (hard disk drive). 92 and the like. The control unit 10 controls the operation of each connected mechanism and transmits / receives a signal or data to / from each mechanism.

  The operation control unit 100 operates for each function of the scanner function, the printer function, the copy function, and the printer function according to a job execution instruction input from the user as an operator through the operation unit 47 or a personal computer connected to the network. It controls the driving and processing of each mechanism necessary for executing the control. The operation control unit 100 (data acquisition unit) acquires data to be printed (image formation) by the image forming mechanism 40 from the HDD 92 or by receiving it from a personal computer via the network interface unit 91. Further, the operation control unit 100 reads from the HDD 92 data to be transmitted to the personal computer via the network interface unit 91 or data targeted for facsimile communication by the facsimile communication unit 71.

The status level storage unit 101 stores the user type together with a value indicating the status level associated with the user type. The user type is, for example, (1) information indicating the identity of the user such as an administrator, full-time employee, temporary worker, contract employee, visitor (visitor), (3) Information indicating a name, etc. Status, the user indicated by the user type is indicative of the position with respect to the data to Works. In the present embodiment, the degree of authentication is tightened as the status is low. The value indicating the status level is, for example, a numerical value indicating the severity of authentication required at the time of data access. In the present embodiment, the status level storage unit 101 stores a plurality of user types, and stores values indicating the respective status levels for each user type. The value indicating the status level indicates that the larger the numerical value, the more severe the authentication. For example, as shown in FIG. 3A, the status level storage unit 101 includes a data table f1 that stores a relationship between a data type and a value indicating a status level associated with the data type. Yes.

  The protection level storage unit 102 stores a data type indicating the type of data to be protected by setting access restrictions, together with a value indicating the protection level associated with the data type. The data type is, for example, (1) information indicating the disclosure range of data such as confidential documents, shared documents, and public documents, or (2) information indicating the type of data contents such as employee lists, reports, and attendance / exit management. , Etc. The value indicating the protection level associated with the data type represents the strength of security protection defined for the data, for example, by a numerical value. In the present embodiment, the protection level storage unit 102 stores a plurality of data types, and stores a numerical value indicating the protection level for each data type. Further, the protection level is higher as the numerical value is larger. For example, as shown in FIG. 3B, the protection level storage unit 102 includes a data table f2 that stores a relationship between a data type and a value indicating a protection level associated with the data type. Yes.

  The type acquisition unit 103 acquires a user type unique to the user and a data type for data to be accessed. For example, the type acquisition unit 103 stores a data table that stores user identification information (such as a user ID) and a user type associated with the user identification information, and the user is logged in when logging into the image forming apparatus 1. The user type associated with the user identification information input from is read from the data table, thereby acquiring the user type of the user who requests access to the data. Each user has a card in which the user ID of each user is stored in a built-in memory or the like. The user holds the card owned by the user over a card reader provided in the image forming apparatus 1, so that RFID (Radio) It is assumed that the user ID is read from the card by the card reader using the Frequency IDentification method, and the type acquisition unit 103 reads the user type associated with the user ID read by the card reader from the data table. You may make it acquire a user classification by.

  Further, each data stored in the HDD 92 is accompanied by accompanying information including a data type for the data. The type acquisition unit 103 acquires the data type of the data requested to be accessed by the user by reading it from the accompanying information attached to the data. For example, the user who created the data (the creator himself / herself) can set the data type and the like for the data in advance and include it in the accompanying information.

  The security level calculation unit 104 stores the status level value corresponding to the user type acquired by the type acquisition unit 103 among the status levels stored in the status level storage unit 101 and the protection level storage unit 102. Are integrated with the protection level value corresponding to the data type acquired by the type acquisition unit 103, and the value obtained by the integration is the security level for the combination of the input user type and data type. Calculate as However, the security level calculation method by the security level calculation unit 104 is not limited to this, and other calculation methods may be used. As an example, the security level calculation unit 104 includes a status level value corresponding to the user type acquired by the type acquisition unit 103 and a protection level value corresponding to the data type acquired by the type acquisition unit 103. May be calculated as a security level for the combination of the input user type and data type. In the embodiment described below, a case where the security level calculation unit 104 calculates a value obtained by the above integration as a security level will be described as an example.

  The security determination unit 105 determines security corresponding to the security level calculated by the security level calculation unit 104. This security indicates, for example, an authentication method required of the user, such as user authentication (authentication authentication), access authority, and password. For example, as shown in FIG. 3C, for example, the security determination unit 105 uses the calculated security level and an authentication method or a combination of authentication methods prepared in advance as security associated with the security level. Is stored, and the security corresponding to the calculated security level is read from the data table. In the present embodiment, the data table stores security in which the number of authentication methods to be executed for the user is varied according to the numerical value indicated by the calculated security level.

  The authentication unit 106 asks the user who has entered the user type for authentication based on the security determined by the security determination unit 105. That is, the authentication unit 106 executes each of the authentication methods that make the security determined by the security determination unit 105.

  A security management apparatus according to an embodiment of the present invention includes the above-described status level storage unit 101, protection level storage unit 102, type acquisition unit 103, security level calculation unit 104, security determination unit 105, and authentication unit 106. It becomes.

  Next, a first embodiment of security management in the image forming apparatus 1 will be described. FIG. 4 is a flowchart illustrating a first embodiment of security management in the image forming apparatus 1. 5 and 6 are diagrams showing an example of the display screen of the display unit 473. FIG.

  The operation control unit 100 displays a login screen D1 as shown in FIG. 5 on the display unit 473 during standby (S1). When the login screen is displayed, the operation control unit 100 waits for input of user identification information (such as a user ID) from the user (NO in S2 and S2). When the user inputs user identification information unique to the user and the operation control unit 100 accepts the user identification information (YES in S2), the operation control unit 100 displays an initial screen D2 as shown in FIG. It is displayed on the display unit 473 (S3).

  When the initial screen is displayed, for example, the user who requests access to the data stored in the HDD 92 of the image forming apparatus 1 operates the operation unit 47 or the display unit 473, and prints out of the data stored in the HDD 92. When the target data is designated and access to this data is requested (YES in S4), the type acquisition unit 103 reads from the data table indicating the correspondence between the user identification information of each user and the user type in S2. The user type associated with the received user identification information is read and acquired (S5).

  Furthermore, the type acquisition unit 103 reads and acquires the data type of the data requested to be accessed by the user from the additional information stored in the HDD 92 attached to the data (S6).

  Then, the security level calculation unit 104 reads the status level associated with the acquired user type from the status level storage unit 101 (S7). For example, the security level calculation unit 104 reads the status level associated with the acquired user type from the data table f1 shown in FIG.

  Further, the security level calculation unit 104 reads the protection level corresponding to the acquired data type from the protection level storage unit 102 (S8). For example, the security level calculation unit 104 reads the protection level associated with the acquired data type from the data table f2 illustrated in FIG.

  Subsequently, the security level calculation unit 104 obtains the product of the read user type and the protection level, calculates the security level (S9), and the security determination unit 105 performs security corresponding to the calculated security level. Determine (S10). For example, the security determination unit 105 reads an authentication method corresponding to a numerical value indicating security from the data table illustrated in FIG.

  Here, the determination of security corresponding to the security level by the security determination unit 105 will be described with reference to FIGS. 3A, 3B, and 3C and FIG. FIG. 7 is a diagram illustrating a relationship between a user type, a data type, a security level, and security.

  An example will be described in which the user type is an administrator, a regular employee, a dispatched / contracted employee, and a visitor, and the data type is a confidential document, a shared document, and a public document.

  When the user type acquired by the type acquisition unit 103 is “administrator”, the security level calculation unit 104 reads “administrator” from the data table f1 (FIG. 3A) of the status level storage unit 101. "2" which is a numerical value indicating the status level corresponding to "" is read. When the data type acquired by the type acquisition unit 103 is “confidential document”, the security level calculation unit 104 reads “confidential document” from the data table f2 of the status level storage unit 101 (FIG. 3B). “10” which is a numerical value indicating the protection level corresponding to is read. In this case, the security level calculation unit 104 calculates “20”, which is the product of the numerical value “2” indicating the status level and “10” indicating the protection level, as the numerical value indicating the security level.

  At this time, the security determination unit 105 determines from the data table f3 shown in FIG. 3C that the authentication method “user authentication” associated with the security level band “0 to 39” to which the security level “20” belongs. Are read as security to be executed for the user.

When the user type of the user acquired by the type acquisition unit 103 is “temporary / contract employee and visitor”, the security level calculation unit 104 stores the data table f1 in the status level storage unit 101 (FIG. 3A). ), “10”, which is a numerical value indicating the status level corresponding to “temporary / contract employees and visitors”, is read out. When the data type of the data acquired by the type acquisition unit 103 is “shared document”, the security level calculation unit 104 reads “shared” from the data table f2 of the status level storage unit 101 (FIG. 3B). “6” which is a numerical value indicating the protection level corresponding to “document” is read. In this case, the security level calculation unit 104 calculates “60”, which is the product of the numerical value “10” indicating the status level and the numerical value “6” indicating the protection level, as the numerical value indicating the security level.

  At this time, the security determination unit 105 determines the authentication method “user authentication” associated with the security level band “40 to 69” to which the security level “60” belongs from the data table f3 shown in FIG. And “access authority” are read as security to be executed for the user.

  Similarly, the security determined by the security determination unit 105 for other combinations of user type and data type is the authentication strength corresponding to the user type as shown in Table f4 in FIG. And the security strength associated with the data type.

  After S10, the authentication unit 106 authenticates the data requested to be accessed for the user by the authentication method indicated by the determined security (S11).

  For example, when “user authentication” is determined by the security determination unit 105 as the authentication method indicated by the security, the authentication unit 106 performs the user authentication for the user. When the user identification information of the user is input from the user and the user who accesses the data can be specified based on the input user identification information, the authentication unit 106 is assumed to have completed user authentication.

  In addition, for example, when “user authentication” and “access authority” are determined as the authentication methods indicated by the security by the security determination unit 105, the authentication unit 106, in addition to the user authentication, allows the user to It is determined whether or not the user has access authority, and the access authority for permitting access to the data is authenticated only when the user has access authority. In this case, when the authentication unit 106 determines that the user has access authority for the data based on the user identification information input by the user, the access authority authentication is completed. . Note that information indicating which user has access authority for the data that is requested to be accessed is included in the additional information attached to the file that is the data, and the authentication unit 106 includes the data that is requested to be accessed. From the incidental information, information on users who are permitted to access (for example, user identification information of each user) is read out, and the presence or absence of the access authority is determined.

  Further, for example, when “user authentication”, “access authority”, and “password” are determined by the security determination unit 105 as authentication methods indicated by the security, the authentication unit 106 performs the user authentication and access authority authentication. In addition, the user is requested to input a password, and only when the input password is a password permitted to access, authentication of an access right permitting access to the data is performed. In this case, when the authentication unit 106 determines that the password input by the user is a password permitted to access, it is assumed that the password authentication is completed. Note that the password for the data that is required to be accessed is included in the additional information attached to the file that is the data, and the authentication unit 106 reads the password from the additional information of the data that is required to be accessed. Then, it is determined whether or not the passwords match.

  According to the first embodiment, after considering both the user status level and the protection level required for the data to be protected, authentication is performed at an appropriate level for each user who requests access to the data. It becomes possible to request.

  In addition, according to the first embodiment, the security determination unit 105 determines the security with the protection level raised according to the value of the numerical value indicating the security level, and thus the value indicating the status level for each user type If the value indicating the protection level for each user type is set to a large value according to the authentication strength required for the user or the security strength for the data, both the status level for each user type and the protection level for each user type It is possible to calculate a security level that accurately corresponds to the security level.

  Next, a second embodiment of security management in the image forming apparatus 1 will be described. FIG. 8 is a flowchart illustrating a second embodiment of security management in the image forming apparatus 1. Note that the description of the same processing as in the first embodiment is omitted. FIG. 9 is a diagram illustrating a relationship between a user type, a data type, a security level, and security.

  In the first embodiment, the security content, that is, the authentication method is determined according to the level of the security level. In the second embodiment, a numerical value indicating the security level is a predetermined value (for example, , “36” in the table f5 shown in FIG. 9), the security determination unit 105 determines a predetermined value associated with the predetermined value regardless of the level of the security level. Security is determined (YES in S30, S33).

Note that security deviating from the array of security strengths shown in the first embodiment determined by the size of the security level is set as the predetermined security. For example, the predetermined security is the security composed of the authentication method or the combination of the authentication methods with the highest strength (the security associated with the predetermined security level “36” in the table f5 in FIG. User authentication '', `` Access authority '' and `` Password '' are examples), and other security methods such as fingerprint authentication, further password input, access permission period setting, etc. .

  On the other hand, when the numerical value indicating the security level is not a predetermined value, the security determination unit 105 sets the numerical value indicating the security level according to the size of the security level, as in the first embodiment. The corresponding security is read and determined (NO in S30, S31).

  According to the second embodiment, the value indicating the status level for each user type and the value indicating the protection level for each data type are set so that the product of these two values becomes the predetermined value. Thus, while maintaining an array of security strengths in which the protection level is raised according to the magnitude of the value indicating the calculated security level, for a combination of the status level of a specific user type and the protection level of the user type Thus, it is possible to determine specific security that falls outside the sequence.

  Next, a third embodiment of security management in the image forming apparatus 1 will be described. FIG. 10 is a flowchart illustrating a third embodiment of security management in the image forming apparatus 1. Note that the description of the same processing as in the first or second embodiment will be omitted.

  In the third embodiment, the user who requests access to data is a predetermined user type (for example, “temporary / contract employee and visitor” in the data table f1 in FIG. 3A) (YES in S47) If the data requested to be accessed is data of a predetermined type (for example, “shared document” in the data table f2 in FIG. 3B) (YES in S48), the security determination unit 105 Determines the security for the user type or data type as the highest security level in the protection stage (S55). That is, in this case, the security determination unit 105 calculates the security level by the security level calculation unit 104 (S49 to S51), determines the security for a predetermined security level (YES in S52, S56), and increases the security level. The security for the user type or data type determined in advance is determined to be the security with the highest protection level (S55) without determining security according to the situation (NO in S52, S53). In S55, the security determination unit 105 may determine the security for a predetermined user type or data type as a predetermined security, as in the case of the second embodiment.

  According to the third embodiment, for a specific user type or data type, while maintaining an array of security strength determined according to the value of the value indicating the calculated security level, the array It is possible to determine the highest level of security etc. from the protection stage.

  In the third embodiment, when the calculated security level is a predetermined security level, the security determination unit 105 performs a process of setting a predetermined security (YES in S52, S56). ), It is possible not to perform this process.

  Next, authentication processing by the image forming apparatus 1 will be described. FIG. 11 is a flowchart showing authentication processing by the image forming apparatus 1.

  If the authentication method indicated by the determined security is user authentication, access authority, and password input (“user authentication, access authority, and password” in S61), the authentication unit 106 Authentication processing is performed (S62). For example, it is assumed that the user authentication is completed when the user identification information of the user who accesses the data is input and the authentication unit 106 acquires information for specifying the user who accesses the data (S62). YES). Further, when the user identification information of the user who accesses the data is not input, the authentication unit 106 does not establish user authentication (NO in S62). In this case, the user is not allowed to access this data (S69). That is, the operation control unit 100 does not acquire data to be printed (image formation) by the image forming mechanism 40 in the image forming apparatus 1 or data to be transmitted to a personal computer connected to the network. Image formation by the forming mechanism 40 or data transmission to a personal computer is not performed. In this embodiment, since user identification information is input by the user when logging in to the image forming apparatus 1, YES is obtained in S62.

  Subsequently, the authentication unit 106 determines whether or not the user has an access authority for the data for which access is requested (S63). If the authentication unit 106 determines that the acquired user identification information is not the user identification information of the user permitted to access the data (NO in S63), the authentication unit 106 Access to the data is not permitted (S69).

  On the other hand, when the authentication unit 106 determines that the acquired user identification information is user identification information of a user who has access authority for the data (YES in S63), the authentication unit 106 displays a password for the user on the display unit 473. A message prompting input is displayed (S64).

  If no password is input by the user after this display (NO in S65), the user is not allowed to access this data (S69).

  On the other hand, when a password is input by the user operating the operation unit 47 or the like (YES in S65), the authentication unit 106 determines whether the input password is a regular password (S66). If the input password is not a regular password (NO in S66), the authentication unit 106 does not permit the user to access this data (S69).

  If the authentication unit 106 determines that the input password is a regular password (YES in S66), the authentication unit 106 permits the user to access this data (S67).

  If the authentication corresponding to the determined security is only user authentication (“user authentication” in S61), the authentication unit 106 determines that the authentication unit 106 is the same user as that shown in S62 above. Only the authentication process is performed (S68). If the authentication unit 106 determines that the authentication is successful, the authentication unit 106 permits the access requesting user to access the data to be accessed. If the authentication unit 106 determines that the authentication is not successful, the authentication unit 106 provides the access requesting user. Therefore, access to the data to be accessed is not permitted. However, in this embodiment, since user identification information is input by the user at the time of login of the image forming apparatus 1, authentication is established here.

  Further, when the authentication corresponding to the determined security is user authentication and access authentication, the authentication unit 106 determines that the authentication unit 106 performs the user authentication process shown in S62 and the access authority shown in S63. The same processing as the presence / absence confirmation is performed (S70). Here, the authentication unit 106 permits access to the data when authentication is established both in the user authentication process and in the presence / absence confirmation of the access authority. If any one of the authentication units 106 is not authenticated, the authentication unit 106 does not permit the user who requests access to access the data to be accessed.

  Note that after the above-described authentication is established, the operation control unit 100 prints the access permitted data to the image forming mechanism 40 based on the operation execution instruction input by the operation of the operation unit 47 by the user. Control is performed to perform an image forming operation or the like as target data.

  According to this, in the image forming apparatus 1, it is possible to use the security determined by the security management apparatus for authentication for determining whether or not to permit access to data to be printed by the image forming mechanism 40. It is.

  The present invention is not limited to the configuration of the above embodiment, and various modifications can be made. For example, in each of the above-described embodiments, an image forming apparatus that is a multifunction peripheral is described as an electronic apparatus provided with the security management apparatus according to the present invention. Other image forming apparatuses such as an image forming apparatus, a scanner apparatus, and a facsimile apparatus may be used, and further, a portable terminal device other than the image forming apparatus, a medical device, an information processing apparatus, and the like may be used.

  The configurations and processes shown in the above embodiments using FIGS. 1 to 11 are only one embodiment of the present invention, and are not intended to limit the present invention to the configurations and processes.

DESCRIPTION OF SYMBOLS 1 Image forming apparatus 10 Control part 40 Image forming mechanism 100 Operation control part 101 Status level memory | storage part 102 Protection level memory | storage part 103 Type acquisition part 104 Security level calculation part 105 Security determination part 106 Authentication part

Claims (4)

A protection level storage unit that stores a data type together with a value indicating a protection level associated with the data type;
A status level storage unit that stores a user type together with a value indicating a status level associated with the user type;
A type acquisition unit for acquiring a user type of a user who accesses data to be protected by security and a data type of data to be accessed;
Of the status levels stored in the status level storage unit, the status level value corresponding to the user type acquired by the type acquisition unit and the protection level stored in the protection level storage unit A security level calculation unit that calculates a security level for the combination of the acquired user type and data type based on the value of the protection level corresponding to the data type acquired by the type acquisition unit;
A security determination unit that determines the security whose protection level is raised according to the value of the value indicating the security level, corresponding to the security level calculated by the security level calculation unit;
An authentication unit for requesting authentication for the user indicated by the user type acquired by the type acquisition unit by the security determined by the security determination unit;
The security level calculation unit calculates the security level using the product of the status level value corresponding to the user type and the protection level value corresponding to the data type as the combination,
The security determination unit determines the security in which the number of authentication methods executed for the user is different according to the numerical value indicated by the security level calculated by the security level calculation unit, and When the acquired user type is a predetermined user type, or when the data type acquired by the type acquisition unit is a predetermined data type, the value indicated by the calculated security level Regardless of the security management device , the security determined in accordance with the security level is the security with the highest protection level . The security management apparatus according to claim 1, wherein the protection level storage unit stores an employee list, a report, and the data type that is attendance / exit management . A data acquisition unit for acquiring data to be printed;
An image forming unit that forms an image on a recording medium using the data acquired by the data acquiring unit;
The security management device according to claim 1 or 2 ,
An image forming unit comprising: an operation control unit that causes the data acquisition unit to acquire data that the user requests access when the user who has input the user type is authenticated by the authentication unit; apparatus. A protection level storage unit that stores a data type together with a value indicating a protection level associated with the data type;
A status level storage unit that stores a user type together with a value indicating a status level associated with the user type;
A type acquisition unit for acquiring a user type of a user who accesses data to be protected by security and a data type of data to be accessed;
Of the status levels stored in the status level storage unit, the status level value corresponding to the user type acquired by the type acquisition unit and the protection level stored in the protection level storage unit A security level calculation unit that calculates a security level for the combination of the acquired user type and data type based on the value of the protection level corresponding to the data type acquired by the type acquisition unit;
A security determination unit that determines the security whose protection level is raised according to the value of the value indicating the security level, corresponding to the security level calculated by the security level calculation unit;
Due to the security determined by the security determination unit, the computer functions as an authentication unit that requests authentication for the user indicated by the user type acquired by the type acquisition unit, and
The security level calculation unit calculates the security level using the product of the status level value corresponding to the user type and the protection level value corresponding to the data type as the combination,
The security determination unit determines the security in which the number of authentication methods executed for the user is different according to the numerical value indicated by the security level calculated by the security level calculation unit, and When the acquired user type is a predetermined user type, or when the data type acquired by the type acquisition unit is a predetermined data type, the value indicated by the calculated security level A security management program that causes the computer to function so that the security determined in accordance with the security level is the security at the highest protection level .