JP6000844B2 - Image forming apparatus and image forming method - Google Patents

Description

  The present invention relates to an image forming apparatus and an image forming method, and more particularly to an image forming apparatus and an image forming method for storing image data as a history.

  Conventionally, there are image forming apparatuses such as multifunction peripherals (MFPs) having a user authentication function for performing login and managing operation authority.

Here, with reference to Patent Document 1, an image forming apparatus that stores image data used for copying, scanning, printing, and FAX transmission and job contents including user identification information as a history in a management memory or an external storage device is disclosed. (Hereinafter referred to as prior art 1).
Prior art 1 can reliably perform a follow-up survey when information leakage occurs.

JP 2007-313763 A

  However, since the prior art 1 stores the image data of all jobs, there is a risk that the image data of the confidential document may be easily browsed, which is a security problem.

  This invention is made | formed in view of such a condition, and makes it a subject to eliminate the above-mentioned subject.

An image forming apparatus according to the present invention includes a reading unit that reads a document as image data, and an image forming unit that prints the image data read by the reading unit. Receiving means, account information storage means for storing account information including authority information for determining whether the person is an authorized person, referring to the account information based on the authentication instruction, and performing user authentication User authentication means to perform, transmission means for transmitting the image data read by the reading means based on the transmission instruction by the user authenticated by the user authentication means, and encryption for encrypting the image data And the image data transmitted by the transmission unit and the transmission instruction As a transmission history, and when the user authenticated by the user authentication means is the authorized person, the image data stored as the transmission history in the history storage means is the encryption means. The transmission history includes the image data, an operation history that is a job execution history including which security level the user has specified, and an output for each type of job. includes an output information indicating the state, the history sensitive control means, wherein when storing the transmission history in accordance with the secret level, the transmission history, if the secret specification was not usually documents, encryption of the transmission history without reduction, if the transmission history is usually confidential, the image data included in the transmission history is encrypted, if the transmission history of high confidentiality Erases the image data from the transmission history, encrypts and said operation history said output information, and to store in the history storage unit.
In the image forming apparatus according to the present invention, the history secret control unit performs OCR of the image data, and a dot pattern indicating that external transmission is not possible is described when the secret is described as secret or confidential outside the character column. If, and / or if the transmission to the outside is instructed, and to the normal sensitivity, further, the even common document, and characterized in that priority is given to the normal secret by the OCR.
In the image forming apparatus of the present invention, the history secret control unit is configured to store the history when the user authenticated by the user authentication unit is the authorized person and receives an encryption instruction by the input unit. Means for encrypting the image data stored as the transmission history by the encryption means, and the user authenticated by the user authentication means is not the authorized person and accepts an encryption instruction by the input means. In this case, the image data is encrypted by the encryption means when it is determined that the authority is authorized by the authority.
An image forming method of the present invention is a method for reading a document as image data and printing the read image data, for receiving a user's authentication and transmission instruction and determining a type of authority. Image information including authority information is stored, the account information is referred to based on the authentication instruction, user authentication is performed, and the image data read based on the transmission instruction by the authenticated user is stored. to send,
The transmitted image data and the transmission instruction are stored as a transmission history, and when the authenticated user is the authorized person, the image data stored as the transmission history is encrypted, and the transmission history Includes the image data, an operation history that is a history of job execution including which security level the user has specified, and output information that indicates the output status of each job, and the transmission history according to the security level in storing, the transmission history, if the secret specification was not usually document does not perform encryption of the transmission history, and if the transmission history is usually confidential is included in the transmission history the image data is encrypted, if the transmission history of the high confidential erases the image data from the transmission history, encrypts and said operation history said output information, said transmission And to store as a history.

  According to the present invention, it is possible to provide an image forming apparatus that enhances security by encrypting image data of an authorized person and storing it as history data.

1 is a schematic schematic cross-sectional view showing an internal configuration of an image forming apparatus 1 according to an embodiment of the present invention. 2 is a block diagram showing a control configuration of the image forming apparatus 1 according to the embodiment of the present invention. FIG. It is a flowchart of the historical secret preservation | save process which concerns on embodiment of this invention. It is an example of a screen of designation | designated of the confidential level in the confidential selection process which concerns on embodiment of this invention.

<Embodiment>
[Configuration of Image Forming Apparatus 1]
First, the configuration of the image forming apparatus 1 according to the embodiment of the present invention will be described in detail with reference to FIGS.
As shown in FIG. 1, the image forming apparatus 1 according to the present embodiment includes a document reading unit 2, a document feeding unit 3, a main body unit 4, a stack tray 5, and an operation panel unit 6 (input means). ing.
The document reading unit 2 is disposed on the top of the main body unit 4, and the document feeding unit 3 is disposed on the top of the document reading unit 2. The stack tray 5 is disposed on the recording paper discharge port 41 side on which the main body unit 4 is formed, and the operation panel unit 6 is disposed on the front side of the image forming apparatus 1.

The document reading unit 2 includes a scanner 21, a platen glass 22, and a document reading slit 23. The scanner 21 includes an exposure lamp, a CCD (Charge Coupled Device), a CMOS (Complementary Metal Oxide Semiconductor) imaging sensor, and the like, and is configured to be movable in the document transport direction by the document feeder 3. The platen glass 22 is an original table made of a transparent member such as glass. The document reading slit 23 has a slit formed in a direction orthogonal to the document transport direction by the document feeder 3.
The document reading unit 2 automatically recognizes the size of the business card to A3, etc., one by one for the placed document, and reads (scans) an image in a predetermined range corresponding to the recognized size.

When reading a document placed on the platen glass 22, the scanner 21 is moved to a position facing the platen glass 22 and reads the document while scanning the document placed on the platen glass 22 to obtain image data. The acquired image data is output to the main unit 4.
When reading the document conveyed by the document feeding unit 3, the scanner 21 is moved to a position facing the document reading slit 23, and the document is conveyed by the document feeding unit 3 through the document reading slit 23. The document is read in synchronization with the operation to acquire image data, and the acquired image data is output to the main body unit 4.

The document feeding unit 3 includes a document placement unit 31, a document discharge unit 32, and a document transport mechanism 33. The originals placed on the original placement unit 31 are sequentially fed out one by one by the original conveyance mechanism 33, conveyed to a position facing the original reading slit 23, and then discharged to the original discharge unit 32. The document feeding unit 3 is configured to be retractable, and the upper surface of the platen glass 22 can be opened by lifting the document feeding unit 3 upward.
Even when a plurality of different size documents such as business cards to A3 sheets are fed, the document feeding unit 3 can feed out the document while correcting the inclination. The document feeder 3 can also be configured to read a business card while it is mounted on a predetermined business card reading sheet or the like.

The main body 4 includes an image forming unit 7 (image forming unit), and also includes a paper feeding unit 42, a paper transport path 43, a transport roller 44, and a discharge roller 45. The paper feed unit 42 includes a plurality of paper feed cassettes 421 that store recording papers of different sizes or orientations, and a paper feed roller 422 that feeds the recording papers one by one from the paper feed cassette 421 to the paper transport path 43. Yes.
The paper feed roller 422, the transport roller 44, and the discharge roller 45 function as a transport unit. The recording paper is conveyed by this conveyance unit. The recording paper fed to the paper conveyance path 43 by the paper supply roller 422 is conveyed to the image forming unit 7 by the conveyance roller 44.
The recording paper on which recording has been performed by the image forming unit 7 is discharged to the stack tray 5 by the discharge roller 45.

The operation panel unit 6 includes a display unit such as an LCD, a button for switching operation modes such as a start key, a numeric keypad, copying / fax transmission / scanner, and buttons for instructing printing, transmission, reception, storage, or recording. And an input unit including a touch panel and the like. That is, the operation panel unit 6 receives instruction inputs for these various jobs of the image forming apparatus 1 by the user.
Further, the operation panel unit 6 accepts an authentication input such as a password by the user.
Further, information of each user in the account setting 90 can be input or changed by the operation panel unit 6.

The image forming unit 7 includes a photosensitive drum 71, an exposure unit 72, a developing unit 73, a transfer unit 74, and a fixing unit 75. The exposure unit 72 is an optical unit including a laser device, an LED array, a mirror, a lens, and the like. The exposure unit 72 outputs light or the like based on image data to expose the photosensitive drum 71, and the surface of the photosensitive drum 71 is statically exposed. An electrostatic latent image is formed. The developing unit 73 is a developing unit that develops the electrostatic latent image formed on the photosensitive drum 71 using toner, and forms a toner image based on the electrostatic latent image on the photosensitive drum 71.
The transfer unit 74 transfers the toner image formed on the photosensitive drum 71 by the developing unit 73 onto a recording sheet. The fixing unit 75 heats the recording paper on which the toner image is transferred by the transfer unit 74 to fix the toner image on the recording paper.

FIG. 2 is a block diagram illustrating a schematic configuration of the image forming apparatus 1. The document reading unit 2, document feeding unit 3, transport unit (feed roller 422, transport roller 44, discharge roller 45), operation panel unit 6, and image forming unit 7 are connected to the control unit 8 and controlled. The operation is controlled by the unit 8. The control unit 8 is connected to a storage unit 9 (storage unit), an image processing unit 10 (image processing unit), a FAX transmission / reception unit 11 (FAX transmission / reception unit), a network transmission / reception unit 12 (network transmission / reception unit), and the like. Yes.
The image forming apparatus 1 is connected to the terminal 200 (input unit) and the server 300 (input unit) via the network 100 from the network transmission / reception unit 12.
The terminal 200 is a user's PC (Personal Computer), a smartphone, or the like that instructs a job such as scanning, remote scanning, and facsimile transmission.
The server 300 is a PC / AT compatible machine server or a server on the cloud.
The terminal 200 and the server 300 acquire scanned image data of a document read by the document reading unit 2. Further, the terminal 200 and the server 300 acquire the history data 92-1 to 92-n according to the output destination setting of the account setting 90. The terminal 200 and the server 300 can also perform various controls of the image forming apparatus 1 according to instructions from the user.

The control unit 8 is an information processing unit such as a microcomputer including a ROM (Read Only Memory), a RAM (Random Access Memory), and the like. The ROM stores a control program for controlling the operation of the image forming apparatus 1.
The control unit 8 and the image processing unit 10 read out a control program stored in the ROM and develop the control program in the RAM, thereby controlling the entire apparatus according to predetermined instruction information input from the operation panel unit 6. I do. In addition, the control unit 8 and the image processing unit 10 can perform various controls in accordance with instructions from the other image forming apparatus 1, the terminal 200, and the server 300.
The control unit 8 includes a history secret control unit 81 (history secret control means, history storage means) as a function means. The control unit 8 also functions as an encryption unit / decryption unit that performs encryption / decryption. For this reason, the control unit 8 may include an accelerator that performs encryption / decryption at high speed.

The history secret control unit 81 stores job instructions such as scans, network scans, and facsimile transmissions from the operation panel unit 6, terminal 200, or server 300 and transmission results in the storage unit 9 as history data 92-1 to 92-n. Store it or send it to the terminal 200 or the server 300. At this time, the history secret control unit 81 sets the image data and logs stored in the history data 92-1 to 92-n as “normal document”, “normal secret”, and “high secret” according to the setting and user authority information. Encrypt according to several levels of confidentiality (document importance).
Details of the processing of the history secret control unit 81 will be described later.

The storage unit 9 is a storage unit using a storage medium such as a semiconductor memory or an HDD (Hard Disk Drive). As shown below, the storage unit 9 stores image data scanned by the document reading unit 2, image data processed by the image processing unit 10, print data transmitted from the terminal 200 and the server 300, and a recording medium. The stored various files, thumbnail image data, etc. are stored.
The storage unit 9 functions as an account information storage unit that stores account settings 90 (account information) and a history storage unit that stores history data 92-1 to 92-n (transmission history).
The storage unit 9 stores scanned image data 91, history data 92-1 to 92-n, various job data acquired and registered from the terminal 200, the server 300, and an external storage medium, and the like for each user ID. It is also possible to store it in a NAS (Network Attached Storage).

The account setting 90 is a database including attribute information such as a user ID (Identification, user name), a password, authority information, an IP address of the terminal 200, and a mail address for each user account.
The user ID and password of the account setting 90 are used when logging into the image forming apparatus 1. Further, an encryption key for encrypting the history data 92-1 to 92-n may be used separately.
As the authority information of the account setting 90, “general user”, “responsibility” which is the authority of whether to handle transmission or browsing of a confidentially designated manuscript (hereinafter referred to as “confidential document”) which is a highly important document. User type. The authority information indicating whether or not confidential documents can be handled is used for recording and encrypting history data 92-1 to 92-n. In the present embodiment, a user who has the authority to handle confidential documents will be described as a “responsible user (authorized person)”, and a user who has no authority will be described as a “general user”. In the case of the “responsible user”, the authority information includes information about the output destination of the history data 92-1 to 92-n. That is, when the IP address of the terminal 200 or the server 300 is set as the output destination address of the account setting 90, the history data 92-1 to 92-n is output to the terminal 200 or the server 300. Conversely, if the output destination address is not set, the history data 92-1 to 92-n is recorded in the storage unit 9 of the image forming apparatus 1. Note that the log output destination address may be changed for each user ID.
In addition to this, the account setting 90 may include necessary information such as the user's address, telephone number, FAX number, credit card number, transmission / reception destination information, and address book.
The account setting 90 is registered using various information input by the user from the operation panel unit 6 or the web browser of the terminal 200. In addition, a guest user can be registered in the account setting 90. Further, the information of each user in the account setting 90 may be input or changed in a batch by the operation panel unit 6 or the terminal 200.

The history data 92-1 to 92-n is data of various job histories (logs).
The history data 92-1 to 92-n includes job type, job ID (Identification), job registration time (time stamp), various data including image data / print data, operation history, user ID, output information, and the like. Consists of data.
Examples of job types include a scan job by the document reading unit 2, a remote scan job between the document reading unit 2 and the terminal 200 or the server 300, a FAX job related to facsimile transmission / reception, the document reading unit 2 and the image forming unit 7. A copy job by the image forming unit 7 and a print job by the image forming unit 7 are used.
The job ID (Identification) is an ID such as a unique number or a character string set by the history secret control unit 81 every time the history data 92-1 to 92-n is acquired. In addition to the job ID, in the case of the same or similar document, information of the “parent” job ID may be stored in a list or tree format using a derivation number.
The registration time (time stamp) of the job is time information indicating the time when the scan image data 91 is stored in the storage unit 9.
Various data are image data based on the scanned image data 91 read by the document reading unit 2 and image-processed by the image processing unit 10, character data recognized by the OCR from this image data, and network transmission / reception transmitted from the terminal 200. This includes print data such as a document received by the unit 12, confidential image data, signature data, electronic seal data, image data read from a storage medium, print data, and the like. Here, for print data such as a document, the document name (file name) added by the device driver of the terminal 200, the name of the application software used, document identification information such as the time stamp and size of the document itself, The document data itself may be included. In addition, the image data in various data may be encrypted when “normally confidential” and deleted when “highly confidential”. The image data in the various data may be data obtained by reducing the color of the scan image data 91, reducing the resolution, compressing the image data, thumbnail images, or the like.
The user ID is information related to the user's account such as the user ID of the account setting 90.
The operation history is a job execution history including which security level the user with the user ID has selected. As the operation history, information such as a log of pressing a button or a touch panel of the operation panel unit 6 by the user, a connection and operation history from the terminal 200 or the server 300, or the like is used. This operation history may be encrypted in the case of “high confidentiality”.
The output information is information indicating the output state for each job. The output information includes information on whether the output has been completed or canceled, what is the cause of the cancellation, and the like. In addition, for a print job, the output information includes the output paper size, orientation, multiple simultaneous printing, consolidated printing, duplex printing, closing orientation, tray number, number of output pages completed, number of copies printed Etc. are included. In the case of a scan job, the output information includes information such as the number of scanned pages and a destination. Further, in the case of a remote scan job, the output information includes information such as the status of transmission to the terminal 200 and the server 300, the destination, and the communication speed. In the case of a copy job, the output information includes information related to the number of copies, copy authority, and billing in addition to the same information as the print job. In the case of a FAX job, the output information includes information such as a transmission or reception telephone number, the number of retries, and transmission or reception success or failure. This output information may be encrypted in the case of “high confidentiality”.
In addition, when the free space in the storage area of the storage unit 9 falls below a predetermined value or reaches a predetermined capacity, history data 92-1 to 92-n whose registration times are old are automatically stored from the storage unit 9. May be deleted.

The image processing unit 10 is a control arithmetic unit of a DSP (Digital Signal Processor) or a GPU (Graphics Processing Unit). The image processing unit 10 is means for performing predetermined image processing on the image data, and performs various image processing such as image improvement processing by enlargement / reduction, density adjustment, and gradation adjustment, for example.
Further, the image processing unit 10 converts the image read by the document reading unit 2 into a file unit of a format such as PDF or TIFF, and stores it as scan image data 91 in the storage unit 9. At this time, the image processing unit 10 can function as an encryption unit / decryption unit that performs encryption / decryption of an image at high speed.

The FAX transmission / reception unit 11 is a means for performing facsimile transmission / reception, and is connected to a normal telephone line, ISDN line, or the like.
The FAX transmission / reception unit 11 stores the image data received by facsimile in the storage unit 9 as a direct output from the image forming unit 7 or as a FAX reception job.
The FAX transmission / reception unit 11 transmits the FAX transmission job received from the terminal 200 by facsimile instead of being recorded by the image forming unit 7.
Further, the FAX transmission / reception unit 11 also transmits the print job history data 92-1 to 92-n and the like stored in the storage unit 9 by facsimile according to a user instruction.

The network transmitting / receiving unit 12 is means for connecting to an external network 100 including a LAN board, a wireless transmitter / receiver, a telephone dialer, a coupler, and the like for connecting to the network 100. The network 100 is a network such as a LAN, a WAN, or a mobile phone network.
The network transmission / reception unit 12 is connected to the terminal 200 and the server 300 via the network 100. The network transmission / reception unit 12 receives a job instruction from the terminal 200 or the server 300. The network transmission / reception unit 12 transmits the history data 92-1 to 92-n and the like to the terminal 200, the server 300, and the like.

  In the image forming apparatus 1, the control unit 8 and the image processing unit 10 may be integrally formed, such as a CPU with a built-in GPU or a chip-on-module package.

[History Secret Storage Processing by Image Forming Apparatus 1]
Next, with reference to FIG. 3 to FIG. 4, the history confidential storage process by the image forming apparatus 1 according to the embodiment of the present invention will be described.
In the history confidential storage process of the present embodiment, before reading an original into the image forming apparatus 1, the user is allowed to select a “confidential level” that is an important document parameter indicating how important the document is.
On this basis, the image forming apparatus 1 selects whether to leave image data in the history of subsequent jobs, whether to leave it, or to leave it encrypted according to the confidentiality level. At this time, a restriction is placed on the selectable secret level according to the authority information of the user account setting 90.
In this way, the job history can be classified according to the confidential level of the manuscript, so it can be divided into a user who sees only the history of dealing with highly important manuscripts and a user who sees the history of less important manuscripts. , Make it easier to find problematic historical data.
That is, a user who handles highly important manuscripts is a relatively high-ranking user, and it is difficult to check all histories in terms of time and labor that can be spent. On the other hand, it is difficult for regular employees to check confidential documents. For this reason, by distinguishing a document that is classified as a confidential document by a right from a general document and sharing the history to be checked, the history check is made efficient and security is increased.
This history secret storing process is realized mainly by the history secret control unit 81 of the control unit 8 executing a program or the like stored in the storage unit 9 using hardware resources in cooperation with each unit. Hereinafter, the history secret storage process will be described in detail for each step with reference to the flowchart of FIG.

(Step S100)
First, the history confidential control unit 81 performs a login process.
The history secret control unit 81 performs user authentication by inputting a password or the like on the operation panel unit 6. At this time, the history secret control unit 81 may perform authentication using an IC card reader, a biometric authentication device or the like (not shown). The history secret control unit 81 may perform user authentication by inputting a password or the like from the terminal 200 or the web browser of the server 300.
The history confidential control unit 81 determines information such as the input password by referring to the account setting 90 in the storage unit 9 and performs user authentication.
At this time, the history secret control unit 81 reads the authority information on whether or not the confidential document can be handled included in the account of the authenticated user, and determines whether the user is a responsible user or a general user.
When the operation is performed without performing user authentication, the same processing as when logging in as a general user is performed.
When the user authentication is successful or the operation is performed without performing the user authentication, the history confidential control unit 81 advances the process to step S101.

(Step S101)
Next, the history secret control unit 81 performs a secret selection process.
The history secret control unit 81 acquires, from the terminal 200, the server 300, or the operation panel unit 6 of the image forming apparatus 1, a job instruction or the like by a user accompanying scanning of a document such as scan, network scan, and facsimile transmission.
At this time, the history secrecy control unit 81 acquires whether or not the secrecy designation of the history data 92-1 to 92-n of the document read by the user is performed and the secrecy level when the secrecy is designated.

With reference to FIG. 4, the secret designation by the user will be described. Screen example 500 shows a confidential instruction screen displayed on terminal 200, server 300, or operation panel unit 6 of image forming apparatus 1.
The display column 610 displays “user P”, which is the user's account ID, authority to handle confidential documents, job type, and the like.
The display field 620 displays the file name, destination, reading date and time of the corresponding job in a list format.
In the display column 630, a dialog such as “Do you want to designate it as a confidential document?” Is displayed, and buttons 710 to 730 for instructing the presence / absence of confidentiality designation and “confidential level” are displayed. In the case of a general user or a responsible user, the history secret control unit 81 displays a button 710 for designating a “normal secret” secret level in the display column 630. In addition, when the user is the responsible user, the history confidentiality control unit 81 also displays a button 720 for designating a “high confidentiality” confidentiality level for performing higher level log confidentiality. Further, the history confidential control unit 81 also displays a button 730 for designating the confidential level of “ordinary document” which is not designated as a confidential document by either a general user or a responsible user. It should be noted that “secret level” that cannot be selected as a general user can be displayed so that the existence of the item itself can be recognized by graying out or the like. Further, a configuration in which the grayed out item itself is selected is also possible.
The history secret control unit 81 acquires these instructions from the terminal 200, the server 300, or the operation panel unit 6 of the image forming apparatus 1 using a touch panel or a pointing device operated by the user.

(Step S102)
Next, the history confidential control unit 81 performs a reading process.
The history secret control unit 81 instructs the document reading unit 2 to read the document. The read image data is subjected to image processing by the image processing unit 10 and temporarily stored as scan image data 91 in the storage unit 9.
At this time, the history secret control unit 81 may perform OCR or the like of the scan image data 91. In this case, the history confidentiality control unit 81 has a case where “secret” or “external secret” is described outside the character column or a dot pattern indicating “non-external transmission” is described in the scanned image. In addition, a secret designation such as “normal secret” is set. At this time, the history secrecy control unit 81 may set secrecy designation in the case of transmission to “outside”, for example, by the destination IP address or telephone number of the account setting 90. Here, when the document is set as a normal document in step S101 described above, it is preferable to prioritize the setting of confidential designation by OCR or the like.
Then, in the case of a scan job, the history secret control unit 81 stores the scanned image data 91 in a storage folder of the storage unit 9 or an external recording medium.
In the case of a remote scan job, the history confidential control unit 81 transmits the scan image data 91 to the terminal 200 or the server 300 via the network transmission / reception unit 12.
In the case of a FAX job, the history confidential control unit 81 transmits the scanned image data 91 by facsimile from the FAX transmitting / receiving unit 11 to another facsimile machine or the like.
Even in such a case, the history confidential control unit 81 temporarily stores the scan image data 91 in the storage unit 9. After the transmission, the history secret control unit 81 may perform color reduction, resolution reduction, compression, etc. on the scanned image data 91.

(Step S103)
Next, the history secret control unit 81 determines whether or not there is a secret designation from the user. The history secret control unit 81 determines Yes when “normal secret” is designated by the button 710 or “high secret” is designated by the button 720 in step S101 described above. In addition, if “normally confidential” is designated by OCR or the like in step S102 described above, it is also determined as Yes. In other cases, for example, when “not designated” is designated by the button 730, or when no secret is designated by the OCR, it is determined as No.
In the case of Yes, the history confidential control unit 81 proceeds with the process to step S104.
In No, the history confidential control part 81 advances a process to step S108.

(Step S104)
When confidentiality is designated, the history confidentiality control unit 81 determines whether or not the user authenticated by the user is a responsible user.
The history confidential control unit 81 determines Yes when the user is a responsible user. Otherwise, it is determined No.
In the case of Yes, the history confidential control unit 81 proceeds with the process to step S109.
In No, the history confidential control part 81 advances a process to step S105.

(Step S105)
If there is a confidential designation but the user authenticated by the user is not the responsible user, the history confidential control unit 81 performs a responsible person permission process.
Specifically, the history secret control unit 81 displays a dialog such as “responsible person password?” On the display unit of the operation panel unit 6 of the terminal 200, the server 300, or the image forming apparatus 1, and authentication by the responsible person. Ask for. Thereby, even if it is a general user, the history confidential control part 81 acquires the responsible person permission which is permission by the responsible person user. The history secret control unit 81 obtains the responsible person permission in the same manner as the login process in step S101 described above. By this person-in-charge permission, even a general user can make confidential designation equivalent to the person in charge who designated “normally confidential”.
It should be noted that even with this person-in-charge permission, it is preferable for general users to set “high confidentiality” with a high confidentiality level so that it cannot be designated. As a result, it is possible to transmit highly confidential documents at the responsibility of the person in charge and keep them secret from other users.

(Step S106)
Next, the history confidentiality control unit 81 determines whether or not the person in charge is permitted.
If Yes, that is, if the person in charge is permitted, the history confidentiality control unit 81 proceeds to step S107 to encrypt the image data.
If No, that is, if the above-mentioned responsible person permission has not been given, the history confidentiality control unit 81 proceeds to step S108 and does not encrypt the image data.

(Step S107)
When the “normal security” security level is designated, the history security control unit 81 performs image encryption processing.
The history confidential control unit 81 scans the scanned image data when the responsible user designates the “normally confidential” confidential level, or when the general user designates the “normally confidential” confidential level and is authorized by the responsible person. 91 is encrypted. That is, the history confidential control unit 81 refers to the account setting 90 and uses the encryption unit of the image processing unit 10 or the control unit 8 to scan the scanned image with the user ID and password of the responsible user or a dedicated encryption key. Data 91 is encrypted. At this time, the historical security control unit 81 may perform color reduction, resolution reduction, compression, etc. on the scanned image data 91 at this time. The encrypted scan image data 91 is included in the history data 92-1 to 92-n as image data, as will be described later.
As a result, the encrypted image data of the history data 92-1 to 92-n can be browsed only when the responsible user who has been authenticated by the user or the general user who has acquired the permission of the responsible person logs in.
In addition to the scan image data 91, each data to be included in the history data 92-1 to 92-n can be encrypted.

(Step S108)
When the security level “ordinary document” or “normal security” is designated, the history security control unit 81 performs history storage processing.
Here, the history secret control unit 81 stores a log of a series of reading and transmission of the user in the storage unit 9 as each data of the history data 92-1 to 92-n. In other words, the history secret control unit 81 includes the job type, job ID, various data, operation history, user ID, output information, and the like in the corresponding history data 92-1 to 92-n. At this time, when the scan image data 91 is encrypted, the history secret control unit 81 converts the encrypted scan image data 91 into various data of the corresponding history data 92-1 to 92-n. Include as image data.
Thereafter, the history secret control unit 81 proceeds with the process to step S111.

(Step S109)
If it is the responsible user who has logged in, the history confidentiality control unit 81 determines whether or not the confidential level of “high confidentiality” has been instructed. The history confidentiality control unit 81 determines Yes when the user instructs “high confidentiality”. Otherwise, it is determined No.
In the case of Yes, the history confidential control unit 81 proceeds with the process to step S110.
In No, the history confidential control part 81 advances a process to step S107.

(Step S110)
The history secret control unit 81 performs image deletion history encryption processing.
The history secret control unit 81 deletes the image data of various data of the scanned image data 91 and the history data 92-1 to 92-n after transmission. Then, the history secret control unit 81 encrypts some data of the corresponding history data 92-1 to 92-n. The history secret control unit 81 encrypts, for example, the operation history and output information of the history data 92-1 to 92-n, includes the history data 92-1 to 92-n, and stores the encrypted data in the storage unit 9. .
Thereafter, the history secret control unit 81 proceeds with the process to step S111.

That is, the history secret control unit 81 summarizes the process of storing the history data 92-1 to 92-n according to the secret level as follows:
First, the history secret control unit 81 does not encrypt the history data 92-1 to 92-n in the case of “ordinary document” for which no secret is designated.
The history secret control unit 81 mainly encrypts the image data included in the history data 92-1 to 92-n in the case of “normal secret”.
Further, in the case of “high confidentiality”, the history secret control unit 81 deletes the image data from the history data 92-1 to 92-n and, for example, encrypts the operation history and the output information.

(Step S111)
Here, the history secret control unit 81 performs history output processing.
The history secret control unit 81 refers to the account setting 90, and if the output destination of the history data 92-1 to 92-n is the storage unit 9, the history data 92-1 to 92-n is stored in the storage unit 9. Store in the administrator's storage folder or external recording medium. Further, when the output destination is set to the terminal 200 or the server 300, the history secret control unit 81 transmits the history data 92-1 to 92-n to the terminal 200 or the server 300 from the network transmission / reception unit 12 to the network 100. Send through.

As described above, the history data 92-1 to 92-n indicate the processing content of which user has done what. For this reason, it is possible to display the image on the display unit for browsing by the operation of the terminal 200, the server 300, or the operation panel unit 6 of the image forming apparatus 1, or to print on the recording paper by the image forming unit 7. At this time, portions of the history data 92-1 to 92-n that are encrypted can be viewed only when the person in charge at the time of encryption logs in with the user ID.
That is, the “ordinary document” history data 92-1 to 92-n can access the image forming apparatus 1, the terminal 200, or the server 300, and can be browsed freely by the user.
On the other hand, in the history data 92-1 to 92-n of the document designated as “normally confidential”, the contents such as the job type and the job ID can be confirmed by all users. Can be viewed only when logged in as the responsible user.
Further, in the case of “high confidentiality”, the image data is not left, and the operation and the output destination can be browsed only when the responsible user logs in.
The image data stored in the server 300 may be directly accessed and browsed using the encryption key registered in the account setting 90.
Further, in the above-described embodiment, for the sake of simplification of explanation, an example having a confidential level of “normal document”, “normally confidential”, and “highly confidential” has been described. However, other confidential levels can be set. is there. For example, it is also possible to use a setting that deletes other data from the history data 92-1 to 92-n, leaving only the user ID, job registration time, and the fact of transmission as “highest confidentiality”.
Thus, the history confidential storage process is completed.

With the configuration described above, the following effects can be obtained.
Since the conventional technique 1 stores all image data in a storage device, the image data remains even when a confidential document is processed. For this reason, there is a possibility that the image data of the confidential document can be easily browsed, and there is a problem in security.
On the other hand, the image forming apparatus 1 according to the embodiment of the present invention encrypts the image data included in the history data 92-1 to 92-n designated as “normally confidential” and does not allow general users to view it. By doing so, security can be improved.
Also, the image forming apparatus 1 according to the present embodiment compares the processed confidential document with the storage unit 9, the terminal 200, and the server as compared to the case where all the read image data is stored without encryption as in the conventional technique 1. 300 is not stored as it is. For this reason, even if stored data is leaked, it is safe because important documents cannot be viewed.

In addition, when all of the read image data is encrypted as in the prior art 1, the number of users who can view the encrypted data is limited. Therefore, there is a fear that discovery may be delayed when a confidential document is handled incorrectly. there were. In other words, there was a fear that discovery would be delayed when information leakage occurred.
On the other hand, the image forming apparatus 1 according to the present embodiment classifies the history data 92-1 to 92-n by browsing the history data 92-1 to 92-n as “normal document”, “normally confidential”, and “highly confidential”. -1 to 92-n can be confirmed by the responsible user and the general user. As a result, early detection of information leakage can be expected.
That is, the image forming apparatus 1 according to the present embodiment allows many general users to view the history data 92-1 to 92-n when the confidential document is handled as “ordinary document” without being designated as confidential. It becomes a state. For this reason, even if confidential documents that ordinary employees should not be able to see can be viewed, early detection can be expected. In this way, information leakage can be detected early, thereby preventing further damage from information leakage.
On the other hand, in the image forming apparatus 1 of the present embodiment, the responsible user only needs to perform a log check of confidential document processing processed by the responsible user. For this reason, it is not necessary to take time to check low-priority ordinary documents, and it can be expected that if the responsible user himself / herself has a log that mishandles confidential information, it can be discovered early.

The image forming apparatus 1 according to the present embodiment is an image forming apparatus having a login user authentication function for managing operation authority, and can handle up to how important a document is in one of the user authentication account items. There is an important document parameter for selecting whether or not the document can be read, and before the document is read by this image forming apparatus, an option for selecting the confidential level of the document is displayed on the operation panel, and the account of the logged-in user is displayed. According to the value of the important document parameter set in advance, selectable items are switched among the items of options for selecting the security level.
The image forming apparatus 1 of the present embodiment is characterized in that a secret level that cannot be selected among options for selecting a secret level is displayed on the panel so that the existence of the item itself can be recognized by graying out. .
The image forming apparatus 1 according to this embodiment is characterized in that a job history including user information operated and which security level is selected is stored as an operation history in an external storage device such as the storage unit 9 or the server 300. To do.
The image forming apparatus 1 according to the present exemplary embodiment stores, in an external storage device such as the storage unit 9 or the server 300, job information including the operated user information and which security level is selected, and the read used for the job. An operation history is stored in association with encrypted image data of an original.
The image forming apparatus 1 according to the present embodiment is characterized in that the processing method for the read image data is set according to the selected security level.
The image forming apparatus 1 according to the present embodiment allows a user who wants to browse the stored encrypted image data from the security level selected by the selection option of the security level specified immediately before saving. When the set authority is the same or low, the image data can be browsed through the user authentication function of the image forming apparatus.

Note that the history confidential storage process of the present embodiment can be applied to an information processing apparatus other than the image forming apparatus. In other words, a configuration using a network scanner, a terminal 200 to which the scanner is separately connected by a USB, a server 300, or the like, an external storage, or the like may be used.
Further, the history confidential storage process of the present embodiment is not limited to image reading, but can be applied to jobs such as facsimile reception and printing. In this case, the above-described processing is performed on various data such as print data instead of the scan image data 91.

  Note that the configuration and operation of the above-described embodiment are examples, and it is needless to say that the configuration and operation can be appropriately changed and executed without departing from the gist of the present invention.

DESCRIPTION OF SYMBOLS 1 Image forming apparatus 2 Original reading part 3 Original feeding part 4 Main body part 5 Stack tray 6 Operation panel part 7 Image forming part 8 Control part 9 Storage part 10 Image processing part 11 FAX transmission / reception part 12 Network transmission / reception part 21 Scanner 22 Platen glass 23 Document reading slit 31 Document placing section 32 Document discharge section 33 Document transport mechanism 41 Discharge port 42 Paper feed section 43 Paper transport path 44 Transport roller 45 Discharge roller 71 Photosensitive drum 72 Exposure section 73 Development section 74 Transfer section 75 Fixing section 81 History security control unit 90 Account setting 91 Scanned image data 92-1 to 92-n History data 100 Network 200 Terminal 300 Server 421 Paper feed cassette 422 Paper feed roller 500 Screen examples 610, 620, 630 Display fields 710, 720, 730 button

Claims (4)

In an image forming apparatus comprising: a reading unit that reads a document as image data; and an image forming unit that prints the image data read by the reading unit.
Input means for accepting user authentication and transmission instructions;
Account information storage means for storing account information including authority information for determining the type of authority or not,
User authentication means for referring to the account information based on the authentication instruction and performing user authentication;
A transmission unit that transmits the image data read by the reading unit based on an instruction of the transmission by the user authenticated by the user authentication unit;
Encryption means for encrypting the image data;
History storage means for storing the image data transmitted by the transmission means and the transmission instruction as a transmission history;
History secret control means for encrypting the image data stored as the transmission history in the history storage means by the encryption means when the user authenticated by the user authentication means is the authorized person. ,
The transmission history includes the image data, an operation history that is a history of job execution including which security level the user has specified, and output information that indicates an output state for each job,
The history secret control means, when storing the transmission history in accordance with the security level,
If the transmission history is an ordinary document that has not been classified , the transmission history is not encrypted,
When the transmission history is normally confidential, the image data included in the transmission history is encrypted,
Wherein when transmission history of high sensitive erases the image data from the transmission history, encrypts and said operation history the output information, the image forming apparatus and to store in the history storage unit. The history secret control means includes:
When OCR of the image data is performed and it is described as secret or confidential outside the character column, a dot pattern indicating that external transmission is impossible is described, and / or when transmission to the outside is instructed, the normally sensitive, further comprising even common document, image forming apparatus according to claim 1, characterized in that priority is given to the normal secret by the OCR. The history secret control means includes:
When the user authenticated by the user authentication means is the authorized person and receives an encryption instruction by the input means, the image data stored as the transmission history in the history storage means is encrypted. Encrypted by the encryption means,
When the user authenticated by the user authenticating means is not the authorized person, and also when an instruction for encryption is received by the input means, when it is determined that there is authorized person permission from the authorized person, The image forming apparatus according to claim 1, wherein the image data is encrypted by the encryption unit. In an image forming method of reading a document as image data and printing the read image data,
Accepts user authentication and transmission instructions,
Stores account information including authority information for determining the type of authority or not,
Refer to the account information based on the authentication instruction, perform user authentication,
Based on the transmission instruction by the authenticated user, the read image data is transmitted ,
Storing the transmitted image data and the transmission instruction as a transmission history;
When the authenticated user is the authorized person, the image data stored as the transmission history is encrypted,
The transmission history includes the image data, an operation history that is a history of job execution including which security level the user has specified, and output information that indicates an output state for each job,
In storing the transmission history in accordance with the security level,
If the transmission history is an ordinary document that has not been classified , the transmission history is not encrypted,
When the transmission history is normally confidential, the image data included in the transmission history is encrypted,
Wherein when transmission history of high sensitive erases the image data from the transmission history, encrypts and said operation history the output information, an image forming method characterized by storing as the transmission history.

Images