JP6582930B2 - Data transmission / reception system, information processing apparatus, data transmission / reception method, and data transmission / reception program - Google Patents

Description

  The present invention relates to a data transmission / reception system, an information processing apparatus, a data transmission / reception method, and a data transmission / reception program, and in particular, a data transmission / reception system with enhanced data transmission / reception security, an information processing apparatus included in the data transmission / reception system, and an information processing apparatus Relates to a data transmission / reception method and a data transmission / reception program.

  When sending electronic data in encrypted form, the user who receives the encrypted data needs to know the encryption key to decrypt the data, so the user who sends the data receives the data. It is necessary to notify the encryption key to the user who performs the operation. Japanese Patent Application Laid-Open No. 2014-086835 discloses an information processing apparatus capable of decrypting an encrypted attached file attached to an e-mail and managing a password table in which a password corresponding to a transmission source address is registered Management means, acquisition means for obtaining the received mail of the user who receives the mail, and when the attached file is attached to the received mail received by the receiving means, it is determined whether the attached file is encrypted And when the attachment is determined to be encrypted as a result of the determination by the determination unit, from the password table managed by the management unit, to the transmission source address of the encrypted attachment Using the extraction means for extracting the corresponding password and the password extracted by the extraction means; Information having decryption means for performing decryption processing to release encryption of the attached file and transmission means for sending mail including the attachment file decrypted by the decryption means to the user A processing device is described.

However, the information processing apparatus described in Japanese Patent Application Laid-Open No. 2014-086835 must manage a password table in which a password corresponding to a transmission source address is registered. In the information processing apparatus that receives data, the transmission source address It is necessary to obtain in advance a password corresponding to, and store the password in association with the source address. For this reason, the data sender needs to store his / her password in an information processing apparatus used by another user. In addition, when the user's own password is changed, it is necessary to notify another user of the changed password, which causes a problem that the password update becomes complicated.
JP 2014-086835 A

  The present invention has been made to solve the above-mentioned problems, and one of the objects of the present invention is to transmit / receive data while maintaining security without managing an encoding key in order to encode data. Is to provide a simple data transmission / reception system.

  Another object of the present invention is to provide an information processing apparatus capable of transmitting and receiving data while maintaining security without managing an encoding key for encoding data.

  Still another object of the present invention is to provide a data transmission / reception method capable of transmitting / receiving data while maintaining security without managing an encoding key for encoding data.

  Still another object of the present invention is to provide a data transmission / reception program capable of transmitting / receiving data while maintaining security without managing an encoding key for encoding data.

According to an aspect of the present invention to achieve the above-described object, the data transmission / reception system is a data transmission / reception system having a plurality of information processing devices, and each of the plurality of information processing devices is provided for each of a plurality of users . An association means for associating a registration apparatus corresponding to the user, and the transmission apparatus among the plurality of information processing apparatuses receives a data acquisition means for acquiring data and designation of a destination user as a transmission destination of the acquired data Destination receiving means, encoding key acquisition means for acquiring an encoding key corresponding to the destination user from a registration device associated with the destination user, and a code obtained by encoding data based on the acquired encoding key Encoding means for generating encoded data and transmitting means for transmitting the encoded data to the destination user. An authentication information storage unit that stores authentication information for authenticating a user who operates the computer, and a first encoding key determination unit that determines an encoding key based on the authentication information. device includes a data receiving means for receiving encoded data transmitted to the destination user addressed by the sending device, based on authentication information inputted by the destination user, registration device associated with the destination user operates the registration device Second encoding key determining means for determining an encoding key in the same procedure as the procedure for determining an encoding key based on authentication information for authenticating a user, and the encoded data using the determined encoding key And decoding means for decoding.

  According to this aspect, the transmission device accepts designation of the destination user that is the transmission destination of the acquired data, acquires the encoding key corresponding to the destination user from the registration device associated with the destination user, and acquires Based on the encoded key, the encoded data obtained by encoding the data is transmitted to the destination user. The registration device stores authentication information for authenticating a user who operates the registration device, and determines an encoding key based on the authentication information. Further, the receiving device receives the encoded data transmitted by the transmitting device, determines an encoding key in the same procedure as that determined by the registration device based on the authentication information input by the destination user, The encoded data is decrypted using the determined encoding key. For this reason, since the transmission apparatus acquires the encoding key corresponding to the destination user from the registration apparatus, the data sender does not need to know the encoding key. In addition, if the destination user inputs his / her authentication information registered in the registration apparatus to the reception apparatus, the received encoded data is decoded, so there is no need to inquire about the encoding key from the data sender. Therefore, it is not necessary to manage the encoding key for encoding the data to be transmitted. As a result, it is possible to provide a data transmission / reception system capable of transmitting / receiving data while maintaining security without managing an encoding key for encoding data.

  Preferably, the registration device accepts a transmission request and a request reception means for receiving a transmission request for an encoding key corresponding to the destination user from the transmission device on the condition that the transmission device is a trusted device registered in advance. And an encoding key transmitting means for transmitting the encoding key determined based on the authentication information of the destination user to the transmitting device.

  According to this aspect, the registration device transmits the encoding key determined based on the authentication information of the destination user to the transmission device on the condition that the transmission device is a trusted device registered in advance. The key is transmitted only to a transmission device registered in advance as a trusted device. For this reason, since the transmission destination of the encoding key is limited, the possibility that the authentication information of the destination user is leaked can be reduced as much as possible.

  Preferably, the registration device accepts a transmission request and a request reception unit that receives a transmission request for an encoding key corresponding to the destination user from the transmission device on the condition that authentication of a user who operates the transmission device is successful. And an encoding key transmitting means for transmitting the encoding key determined based on the authentication information of the destination user to the transmitting device.

  According to this aspect, the registration device transmits the encoding key determined based on the authentication information of the destination user to the transmission device on the condition that the authentication of the user who operates the transmission device is successful. The key is transmitted only when the user registered in the registration device operates the transmission device. For this reason, since the transmission destination of the encoding key is limited, the possibility that the authentication information of the destination user is leaked can be reduced as much as possible.

  Preferably, the registration device is a server that provides a predetermined service on condition that a user registered in advance is authenticated.

  According to this aspect, since the encoding key is determined using the authentication information stored in the server, the existing authentication information can be used.

Preferably, the registration device is one of a plurality of information processing devices and functions as a reception device.

  According to this aspect, the destination user can receive data at the registration device.

  Preferably, the receiving device further includes image processing means for processing an image of the decoded data.

  According to this aspect, the destination user can perform image processing on the data obtained by decoding the received encoded data.

Preferably, the transmission device further includes a document reading unit that reads a document, and the data acquisition unit acquires image data output by the document reading unit reading the document.

  According to this aspect, the sender can transmit data obtained by reading an image formed on a document.

Preferably, the authentication information, only contains a password,

  The encoding key is a password included in the authentication information.

  According to this aspect, since the authentication information is a password, the encoding key can be easily determined.

  Preferably, the authentication information includes a password, and the encoding key is a value obtained by converting the password included in the authentication information according to a predetermined rule.

  According to this aspect, since the encoding key is a value obtained by converting the password included in the authentication information according to a predetermined rule, it is not necessary to transmit / receive the password, and the password can be prevented from leaking.

According to another aspect of the present invention, the information processing apparatus transmits data corresponding to each of a plurality of users, associating means for associating a registration apparatus that stores authentication information for authenticating the user, and data When functioning as a transmission device, a data acquisition unit for acquiring data, a destination reception unit for receiving designation of a destination user as a transmission destination of the acquired data, and a registration device associated with the destination user from the registration device to the destination user Encoding key acquisition means for acquiring an encoding key determined by the registration device based on corresponding authentication information, and encoding means for generating encoded data obtained by encoding data based on the acquired encoding key; Transmitting means for transmitting the encoded data to the destination user, and when functioning as a receiving apparatus for receiving the data, Data receiving means for receiving the encoded data sent to the destination user addressed, on the basis of the authentication information inputted by the destination user, registration device associated with the destination user based on the authentication information corresponding to the destination user code It comprises a second encoding key determining means for determining an encoding key in the same procedure as for determining the encryption key, the encoded data, decoding means for decoding using the determined encoding key, a.

  According to this aspect, it is possible to provide an information processing apparatus capable of transmitting and receiving data while maintaining security without managing an encoding key for encoding data.

  Preferably, the registration device is a server that provides a predetermined service on condition that a user registered in advance is authenticated.

  According to this aspect, since the encoding key is determined using the authentication information stored in the server, the existing authentication information can be used.

  According to this aspect, the registration device is another information processing device that functions as a reception device.

  According to this aspect, the destination user can receive data at the registration device.

  Preferably, image processing means for processing an image of the decoded data is further provided.

  According to this aspect, the destination user can perform image processing on the data obtained by decoding the received encoded data.

Preferably, a document reading unit that reads a document is further provided, and the data acquisition unit acquires image data output by the document reading unit reading the document.

  According to this aspect, the sender can transmit data obtained by reading an image formed on a document.

According to still another aspect of the present invention, a data transmission / reception method is a data transmission / reception method executed by an information processing apparatus, and authentication information for authenticating the user is provided for each of a plurality of users. An association step for associating a registration device to be stored; a data acquisition step for acquiring data when functioning as a transmission device for transmitting data; and a destination reception step for receiving designation of a destination user as a transmission destination of the acquired data An encoding key acquisition step of acquiring an encoding key determined by the registration device based on authentication information corresponding to the destination user from the registration device associated with the destination user, and based on the acquired encoding key, An encoding step for generating encoded data obtained by encoding data, and transmitting the encoded data to the destination user The data transmission step for receiving the encoded data transmitted to the destination user by the transmission device, and the input by the destination user. A second encoding key determination step in which the registration device associated with the destination user determines the encoding key in the same procedure as that in which the registration device associated with the destination user determines the encoding key based on the authentication information corresponding to the destination user And a decoding step of decoding the encoded data using the determined encoding key.

  According to this aspect, it is possible to provide a data transmission / reception method capable of transmitting / receiving data while maintaining security without managing an encoding key for encoding data.

According to still another aspect of the present invention, the data transmission / reception program is a data transmission / reception program executed by a computer that controls the information processing apparatus, and authenticates the user corresponding to each of a plurality of users. An association step for associating a registration device that stores the authentication information, and a data acquisition step for acquiring data and a designation of a destination user as a transmission destination of the acquired data when functioning as a transmission device for transmitting data An address receiving step, an encoding key acquisition step of acquiring an encoding key determined by the registration device based on authentication information corresponding to the destination user from the registration device associated with the destination user, and the acquired encoding key An encoding step for generating encoded data obtained by encoding the data based on A data receiving step for receiving the encoded data transmitted to the destination user by the transmission device when the computer executes the transmission step for transmitting the encoded data to the destination user and functions as a reception device for receiving the data Then, based on the authentication information input by the destination user, the registration device associated with the destination user determines the encoding key in the same procedure as that for determining the encoding key based on the authentication information corresponding to the destination user. The computer executes a second encoding key determination step and a decoding step of decoding the encoded data using the determined encoding key.

  According to this aspect, it is possible to provide a data transmission / reception program capable of transmitting / receiving data while maintaining security without managing an encoding key for encoding data.

It is a figure which shows an example of the whole outline | summary of the data transmission / reception system in one of embodiment of this invention. It is a block diagram which shows an example of the outline | summary of the hardware constitutions of the server in this Embodiment. It is a block diagram which shows an example of the outline | summary of the hardware constitutions of PC in this Embodiment. 2 is a block diagram showing an outline of a hardware configuration of an MFP according to the present embodiment. FIG. It is a block diagram which shows an example of the function which CPU with which PC which functions as a transmission apparatus in 1st Embodiment has is provided. It is a block diagram which shows an example of the function which CPU which the server which functions as a registration apparatus in 1st Embodiment has has with the information memorize | stored in HDD. It is a block diagram which shows an example of the function which CPU with which PC which functions as a receiver in 1st Embodiment has is provided. It is a flowchart which shows an example of the flow of the data transmission process in 1st Embodiment. It is a flowchart which shows an example of the flow of the encoding key determination process in 1st Embodiment. It is a flowchart which shows an example of the flow of the data reception process in 1st Embodiment. It is a block diagram which shows an example of the function which CPU which the server which functions as a registration apparatus in 2nd Embodiment has has with the information memorize | stored in HDD. It is a block diagram which shows an example of the function which CPU with which PC which functions as a transmission apparatus in 2nd Embodiment has is provided. It is a flowchart which shows an example of the flow of the data transmission process in 2nd Embodiment. It is a flowchart which shows an example of the flow of the encoding key determination process in 2nd Embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description, the same parts are denoted by the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated.

  FIG. 1 is a diagram showing an example of an overall outline of a data transmission / reception system according to one embodiment of the present invention. Referring to FIG. 1, a data transmission / reception system 1 includes a server 300, MFPs (Multi Function Peripherals) 100, 100A, 100B, personal computers (hereinafter referred to as “PCs”) 200, 200A, a gateway ( G / W) device 400. Each of server 300, PC 200, 200 </ b> A and gateway device 400 is connected to Internet 5 and can communicate with each other via Internet 5. Further, each of the server 300, the PCs 200 and 200A, and the gateway device 400 can communicate with other computers connected to the Internet 5.

  The gateway device 400 is further connected to a local area network (LAN) 3, and MFPs 100, 100 A, and 100 B are connected to the LAN 3. Gateway device 400 can communicate with MFPs 100, 100A, and 100B connected to LAN 3. Furthermore, each of gateway apparatus 400 and MFPs 100, 100 </ b> A, and 100 </ b> B can communicate with other computers connected to LAN 3.

  The gateway device 400 connects the LAN 3 and the Internet 5. Therefore, server 300 can communicate with any of MFPs 100, 100A, and 100B.

  Since the hardware configuration and functions of gateway device 400 and PC 200, 200A are well known, description thereof will not be repeated here. In the present embodiment, the PCs 200 and 200A will be described as an example where they are connected to the Internet 5, but they may be connected to the LAN 3.

  The data transmission / reception system 1 according to the present embodiment is used to encode and transmit data from any one transmission device of the PCs 200, 200A, MFPs 100, 100A, and 100B to another reception device.

  FIG. 2 is a block diagram showing an example of an outline of the hardware configuration of the server in the present embodiment. Referring to FIG. 2, the server 300 includes a central processing unit (CPU) 301 for controlling the entire server 300, a ROM (Read Only Memory) 302 that stores a program to be executed by the CPU 301, A RAM (Random Access Memory) 303 used as a work area, a hard disk drive (HDD) 304 for storing data in a nonvolatile manner, a communication unit 305 for connecting the CPU 301 to the Internet 5, and a display unit 306 for displaying information , An operation unit 307 that receives an input of a user's operation, and an external storage device 309.

  The display unit 306 is a liquid crystal display device, although not limited thereto. An organic EL display may be used instead of the liquid crystal display device.

  The external storage device 309 is loaded with a CD-ROM (Compact Disk Read Only Memory) 309A. In this embodiment, an example in which the CPU 301 executes a program stored in the ROM 302 will be described. However, the CPU 301 controls the external storage device 309 to read a program to be executed by the CPU 301 from the CD-ROM 309A. The read program may be stored in the RAM 303 and executed.

The recording medium for storing the program to be executed by the CPU 301 is not limited to the CD-ROM 309A, and is a flexible disk, cassette tape, optical disk (MO (Magnetic Optical Disc) / MD (Mini Disc) / DVD (Digital Versatile Disc). )), A semiconductor memory such as an IC card, an optical card, a mask ROM, an EPROM (Erasable Programmable ROM), and an EEPROM (registered trademark) (Electrically EPROM). Further, the CPU 301 downloads a program from a computer connected to the Internet 5 and stores the program in the HDD 304, or the computer connected to the Internet 5 writes the program in the HDD 304 so that the program stored in the HDD 304 is stored in the RAM 303. The CPU 301 may execute the program. The program here includes not only a program directly executable by the CPU 301 but also a source program, a compressed program, an encrypted program, and the like.

  Since the hardware configurations and functions of the PCs 200 and 200A are the same, the PC 200 will be described as an example here.

  FIG. 3 is a block diagram showing an example of the outline of the hardware configuration of the PC in the present embodiment. Referring to FIG. 3, PC 200 includes a CPU 201 for controlling the entire PC 200, a ROM 202 for storing a program to be executed by CPU 201, a RAM 203 used as a work area for CPU 201, and data in a nonvolatile manner. It includes an HDD 204 for storing, a communication unit 205 for connecting the CPU 201 to the Internet 5, a display unit 206 for displaying information, an operation unit 207 for accepting input of user operations, and an external storage device 209.

  The external storage device 209 is loaded with a CD-ROM 209A. In this embodiment, an example in which the CPU 201 executes a program stored in the ROM 203 will be described. However, the CPU 201 controls the external storage device 209 to read a program to be executed by the CPU 201 from the CD-ROM 209A. The read program may be stored in the RAM 203 and executed.

The recording medium for storing the program to be executed by the CPU 201 is not limited to the CD-ROM 209A, but a flexible disk, cassette tape, optical disk (MO / MD / DVD), IC card, optical card, mask ROM, EPROM, It may be a medium such as a semiconductor memory such as EEPROM (registered trademark) . Further, the CPU 201 downloads the program from a computer connected to the Internet 5 and stores it in the HDD 204, or the computer connected to the network writes the program in the HDD 204, so that the program stored in the HDD 204 is stored in the RAM 203. It may be loaded and executed by the CPU 201. The program here includes not only a program directly executable by the CPU 201 but also a source program, a compressed program, an encrypted program, and the like.

  The hardware configurations and functions of MFPs 100, 100A, and 100B are basically the same. Therefore, in the following description, MFP 100 will be described as an example unless otherwise specified.

  FIG. 4 is a block diagram showing an outline of the hardware configuration of the MFP according to the present embodiment. Referring to FIG. 4, MFP 100 functioning as an image processing apparatus includes a main circuit 110, a document reading unit 130 for reading a document, an automatic document conveyance device 120 for conveying a document to document reading unit 130, An image forming unit 140 for forming an image on a sheet or the like based on image data output by the document reading unit 130 reading the document, a sheet feeding unit 150 for supplying the image forming unit 140 with a sheet, and a user interface As an operation panel 160.

  The automatic document feeder 120 automatically conveys a plurality of documents set on the document tray one by one to a predetermined document reading position set on the platen glass of the document reading unit 130, and the document reading unit 130. Thus, the document on which the image formed on the document is read is discharged to the document discharge tray. The document reading unit 130 includes a light source that irradiates light to the document conveyed to the document reading position and a photoelectric conversion element that receives light reflected from the document, and scans a document image corresponding to the size of the document. The photoelectric conversion element converts the received light into image data that is an electrical signal and outputs the image data to the image forming unit 140. The paper feed unit 150 conveys the paper stored in the paper feed tray to the image forming unit 140.

  The image forming unit 140 forms an image by a well-known electrophotographic method, and the image data after data processing is obtained by performing various data processing such as shading correction on the image data input from the document reading unit 130. Alternatively, based on image data received from the outside, an image is formed on a sheet conveyed by the sheet feeding unit 150, and the sheet on which the image is formed is discharged to a sheet discharge tray.

  The main circuit 110 includes a CPU 111 that controls the entire MFP 100, a communication interface (I / F) unit 112, a ROM 113, a RAM 114, a hard disk drive (HDD) 115 as a mass storage device, a facsimile unit 116, An external storage device 117. CPU 111 is connected to automatic document feeder 120, document reading unit 130, image forming unit 140, sheet feeding unit 150, and operation panel 160, and controls the entire MFP 100.

  The facsimile unit 116 is connected to the public switched telephone network (PSTN) and transmits facsimile data to the PSTN or receives facsimile data from the PSTN. The facsimile unit 116 stores the received facsimile data in the HDD 115, converts it into print data that can be printed by the image forming unit 140, and outputs the print data to the image forming unit 140. As a result, the image forming unit 140 forms an image on a sheet of facsimile data received by the facsimile unit 116. Further, the facsimile unit 116 converts the data stored in the HDD 115 into facsimile data, and transmits the facsimile data to a facsimile machine connected to the PSTN.

  Communication I / F unit 112 is an interface for connecting MFP 100 to LAN 3. The communication I / F unit 112 communicates with other computers or data processing devices connected to the network using a communication protocol such as TCP (Transmission Control Protocol) or FTP (File Transfer Protocol). The network to which the communication I / F unit 112 is connected is not limited to the LAN 3, and may be a wide area network (WAN), a public switched telephone network (PSTN), the Internet, or the like.

  The ROM 113 stores a program executed by the CPU 111 or data necessary for executing the program. The RAM 114 is used as a work area when the CPU 111 executes a program. Further, the RAM 114 temporarily stores the read images continuously sent from the document reading unit 130.

  Operation panel 160 is provided on the upper surface of MFP 100. Operation panel 160 includes a display unit 161 and an operation unit 163. The display unit 161 is, for example, a liquid crystal display device (LCD), and displays an instruction menu for a user, information about acquired image data, and the like. Instead of the LCD 165, for example, an organic EL (electroluminescence) display can be used as long as the device displays an image.

  The operation unit 163 includes a touch panel 165 and a hard key unit 167. The touch panel 165 is a capacitive type. Note that the touch panel 165 is not limited to the capacitance method, and other methods such as a resistance film method, a surface acoustic wave method, an infrared method, and an electromagnetic induction method can be used. Hard key portion 167 includes a plurality of hard keys. The hard key is, for example, a contact switch.

  The external storage device 117 is controlled by the CPU 111 and a CD-ROM 118 is mounted. In this embodiment, an example in which the CPU 111 executes a program stored in the ROM 113 will be described. However, the CPU 111 controls the external storage device 117 to read a program to be executed by the CPU 111 from the CD-ROM 118. The read program may be stored in the RAM 102 and executed.

  The recording medium for storing the program to be executed by the CPU 111 is not limited to the CD-ROM 118, and may be a medium such as a flexible disk, a cassette tape, an optical disk, an IC card, an optical card, and a semiconductor memory. Further, the CPU 111 downloads a program from a computer connected to the network and stores it in the HDD 115, or loads the program stored in the HDD 115 into the RAM 114 so that the computer connected to the network writes the program to the HDD 115. Then, it may be executed by the CPU 111. The program here includes not only a program directly executable by the CPU 111 but also a source program, a compressed program, an encrypted program, and the like.

<First Embodiment>
In the first embodiment, a case where user A operating PC 200 transmits data to user B will be described as an example. In the first embodiment, the user B is registered in the server 300 in order to receive the service provided by the server 300. Specifically, the server 300 stores a set of user identification information and a password as user B authentication information. In the data transmission / reception system 1 according to the first embodiment, data transmitted from the PC 200 to the user B is encoded with an encoding key generated from a password stored in the server 300 in which the user B is registered. The In addition, the apparatus for receiving data by the user B is not limited, but here, a case where the data is received by the PC 200A will be described as an example. Hereinafter, the operation from when user A operates PC 200 to transmit data until user B operates PC 200A to receive data will be described in detail. In this case, the PC 200 functions as a transmission device, the PC 200B functions as a reception device, and the server 300 functions as a registration device.

  FIG. 5 is a block diagram illustrating an example of a function of a CPU included in the PC functioning as the transmission device according to the first embodiment. Here, the function of the CPU 201 provided in the PC 200 functioning as a transmission device is shown. The functions shown in FIG. 5 may be realized by hardware, or may be realized by the CPU 201 by causing the CPU 201 of the PC 200 to execute a data transmission program stored in the ROM 202, the HDD 204, or the CD-ROM 209A. It may be. The data transmission program is a part of the data transmission / reception program. Here, since the PC 200 functions as a transmission device, a case where the CPU 201 included in the PC 200 executes a data transmission program will be described as an example. Referring to FIG. 4, CPU 201 provided in PC 200 includes a destination receiving unit 251 that receives a data destination, an association unit 255, an encoding key acquisition unit 257, and a data acquisition unit that acquires data to be transmitted. 253, an encoding unit 259 that encodes data to generate encoded data, and a transmission unit 261 that transmits the encoded data to a destination.

  The data acquisition unit 253 acquires data to be transmitted. For example, the data acquisition unit 253 acquires data to be transmitted by reading data specified by the user from among a plurality of data stored in the HDD 204. The data stored in the HDD 204 includes, but is not limited to, application data generated by a task that executes an application program and data received from another computer. The data acquisition unit 253 outputs the acquired data to the encoding unit 259.

  The destination receiving unit 251 receives a destination that is a transmission destination of data to be transmitted. Here, the destination is a user. The destination receiving unit 251 receives user identification information for identifying a user input to the operation unit 207 as a destination. The user identification information only needs to be able to distinguish a user from another user, and is, for example, the name, number, or code of the user. The destination reception unit 251 outputs the received user identification information to the association unit 255 and the transmission unit 261. Here, a case where user identification information of user B is accepted as a destination will be described as an example.

  The associating unit 255 associates the user with the registration device in which the user is registered. The registration device may be any device that stores authentication information for authenticating the user. Specifically, when the user inputs a set of user identification information and device identification information to the operation unit 207, the association unit 255 generates an association record including them and stores the association table stored in the HDD 204. Add to Here, in order for the user B to receive the service provided by the server 300, the user B is registered in the server 300, and the association unit 255 includes the association including the user identification information of the user B and the device identification information of the server 300 A case where the attached record is included in the association table of the HDD 204 will be described as an example. The association unit 255 refers to the association table stored in the HDD 204 in response to the input of the user identification information of the destination user from the destination reception unit 251, determines the device in which the user is registered, The set of the device identification information and the user identification information of the determined device is output to the encoding key acquisition unit 257. Specifically, the association unit 255 extracts an association record including user identification information input from the destination reception unit 251 from a plurality of association records included in the association table stored in the HDD 204. The pair of the device identification information and the user identification information included in the association record is output to the encoding key acquisition unit 257. Here, since user identification information of user B is input, association section 255 outputs a set of user identification information of user B and apparatus identification information of server 300 to encoding key acquisition section 257.

  The encoding key acquisition unit 257, when a pair of device identification information and user identification information is input from the associating unit 255, converts the encoding key corresponding to the user specified by the user identification information to the device identification. Acquired from the registration device specified by the information. Here, since the set of the user identification information of the user B and the device identification information of the server 300 is input from the association unit 255 to the encoding key acquisition unit 257, the encoding key acquisition unit 257 An encoding key transmission request is transmitted to the server 300, which is a corresponding registration apparatus, via the communication unit 205. The transmission request includes the user identification information of the user B input from the association unit 255. Although details of the operation of the server 300 that receives the transmission request will be described later, an encoding key corresponding to the user B is returned. The encoding key acquisition unit 257 acquires the encoding key that the communication unit 205 receives from the server 300, and outputs the acquired encoding key to the encoding unit 259.

  The encoding unit 259 receives data to be transmitted from the data acquisition unit 253 and receives an encoding key from the encoding key acquisition unit 257. The encoding unit 259 generates encoded data obtained by encoding the data to be transmitted with the encoding key, and outputs the generated encoded data to the transmitting unit 261.

  The transmission unit 261 receives user identification information of a destination user from the destination reception unit 251, and receives encoded data from the encoding unit 259. The transmission unit 261 controls the communication unit 205 to transmit the encoded data to the user specified by the user identification information. The transmission unit 261 refers to an address table stored in advance in the HDD 204 and determines a network address assigned to the user specified by the user identification information. The address table includes an address record in which user identification information is associated with a network address. The network address differs depending on the data transmission method. For example, when the transmission method is transmission of an electronic mail, the network address is an electronic mail address. When the transmission method is file transfer, the network address is a network address of a storage area. The network address of the storage area is, for example, a combination of a URL (Uniform Resource Locator) or a computer name (IP address) and a folder name. When the user inputs a network address to the operation unit 207, the transmission unit 261 determines the network address input by the user as the network address assigned to the transmission destination user.

  When the transmission method is an email transmission, the transmission unit 261 sets the email address of the user B as a destination, generates an email including encoded data, and sets the generated email to a predetermined value. The data is transmitted to the electronic mail server via the communication unit 205. When the transmission method is file transfer, the transmission unit 261 transmits the encoded data to the computer specified by the storage area determined by the network address via the communication unit 205, and transmits the encoded data to the computer in the storage area determined by the network address. Remember.

  FIG. 6 is a block diagram illustrating an example of functions of a CPU included in a server functioning as a registration device according to the first embodiment, together with information stored in the HDD. The functions shown in FIG. 6 may be realized by hardware, or by causing the CPU 301 included in the server 300 to execute the encoding key determination program stored in the ROM 302, the HDD 304, or the CD-ROM 309A, the CPU 301 It may be realized. Here, since the server 300 functions as a registration device, a case where the CPU 301 provided in the server 300 executes an encoding key determination program will be described as an example. Referring to FIG. 6, the CPU 301 included in the server 300 includes an authentication unit 351 that authenticates a user who provides a service, a transmission request reception unit 353 that receives a transmission request for an encoding key, and an encoding key. A first encoding key determining unit 355 for determining and an encoding key transmitting unit 357 for transmitting the encoding key are included.

  The HDD 304 stores authentication information 391 and trusted device information 393. The authentication information is information for authenticating a user registered as a user who receives the service. Although the authentication information is not limited, it is a set of user identification information and a password. Here, since the user B is registered in the server 300, the authentication information 391 includes a set of the user identification information of the user B and a password.

  The trusted device information 393 includes device identification information of a device registered in advance in the server 300. A device registered in advance is a device that is determined by the administrator of the server 300 and registered in the server 300. For the device identification information, for example, a MAC (Media Access Control) address is preferably used. Here, the case where the trusted device information 393 includes the device identification information of the PC 200 will be described as an example. When the PC 200 is registered as a trusted device in the server 300, the server 300 and the PC 200 have a predetermined relationship. The predetermined relationship is, for example, a reliable relationship with respect to data transmission / reception.

  The authentication unit 351 authenticates a user who is a target for providing a service. When a service is requested from an external device, the authentication unit 351 authenticates a user who has requested the service. Here, the case where user B operates MFP 100 and receives a service request from MFP 100 will be specifically described as an example. When the communication unit 305 receives a service request from the MFP 100, the authentication unit 351 transmits a login screen to the MFP 100 via the communication unit 305, and requests transmission of a set of user identification information and a password. The login screen includes a screen for inputting user identification information and a password. When communication unit 305 receives the combination of user identification information and password from MFP 100, it refers to authentication information 391 stored in HDD 304 and the same user identification information as the combination of user identification information and password received from MFP 100. If the authentication information 391 includes a set of password and password, authentication is performed. Otherwise, authentication is not performed. CPU 301 provides a service in response to a request from MFP 100 on the condition that authentication by authentication unit 351 succeeds. The services provided by the server 300 are not limited, but are, for example, services for storing data, services for processing data images, and services for recognizing data images.

  When a transmission of an encoding key is requested from an external device, the transmission request reception unit 353 receives a transmission request on the condition that the external device is a trusted device registered in advance. Here, the case where transmission of an encoding key is requested from PC 200 as a transmission device will be specifically described. Specifically, the transmission request reception unit 353 identifies the PC 200 that has transmitted the transmission request for the encoding key in response to the communication unit 305 receiving the transmission request for the encoding key from the PC 200 that is the transmission device. To do. Then, the transmission request receiving unit 353 refers to the trusted device information 393 stored in the HDD 304 and determines whether or not the specified PC 200 is a device registered as a trusted device. If the trusted device information 393 stored in the HDD 304 includes the device identification information of the PC 200, the transmission request receiving unit 353 determines that the PC 200 is a trusted device. When the transmission request reception unit 353 determines that the PC 200 is a trusted device, the transmission request reception unit 353 outputs the user identification information included in the transmission request received from the PC 200, here the user identification information of the user B, to the first encoding key determination unit 355. At the same time, the device identification information of the PC 200 that has transmitted the request is output to the encoding key transmission unit 357.

  The first encoding key determination unit 355 determines an encoding key corresponding to the user specified by the user identification information in response to the user identification information input from the transmission request reception unit 353. The encoding key is determined based on user authentication information registered for providing the service by the server 300. Specifically, the first encoding key determination unit 355 refers to the authentication information 391 stored in the HDD 304 and acquires a password that is paired with the user identification information of the user B input from the transmission request reception unit 353. To do. And the encoding key corresponding to the user B is determined using the acquired password. The encoding key is determined based on a password and a predetermined rule. For example, an encoding key may be generated using a hash function. Specifically, the hash value obtained by inputting the password of user B into the hash function is determined as the encoding key. Alternatively, a hash value obtained by inputting a user specific value predetermined for the user B and the password of the user B into a hash function may be determined as the encoding key. The encoding key may be the password of user B itself. The first encoding key determination unit 355 outputs the determined encoding key to the encoding key transmission unit 357.

  The encoding key transmission unit 357 controls the communication unit 305 in response to the input of the encoding key from the encoding key determination unit 355, and is specified by the device identification information input from the transmission request reception unit 353. The encoding key is transmitted to the PC 200.

  FIG. 7 is a block diagram illustrating an example of a function of a CPU included in a PC that functions as a receiving device according to the first embodiment. Here, the function of the CPU 201 provided in the PC 200A functioning as a receiving device is shown. The functions shown in FIG. 7 may be realized by hardware, or may be realized by the CPU 201 by causing the CPU 201 included in the PC 200A to execute a data reception program stored in the ROM 202, the HDD 204, or the CD-ROM 209A. It may be. The data reception program is a part of the data transmission / reception program. Here, since the PC 200A functions as a receiving device, a case where the CPU 111 provided in the PC 200A executes a data reception program will be described as an example. Referring to FIG. 7, CPU 201 provided in PC 200A includes an authentication information receiving unit 271 that receives authentication information input by the user, a second encoding key determination unit 273, a data receiving unit 277 that receives encoded data, And a decoding unit 275 that decodes the received encoded data.

  The data receiving unit 277 controls the communication unit 205 to receive encoded data from an external device. For example, when the transmission method is e-mail transmission, the data reception unit 277 receives an e-mail from the e-mail server and acquires encoded data attached to the received e-mail. In addition, when the transmission method is file transfer, the data reception unit 277 acquires encoded data that the communication unit 205 receives from an external device. The data receiving unit 277 outputs the acquired encoded data to the decoding unit 275.

  The authentication information reception unit 271 receives authentication information input to the operation unit 207 by the user. Here, a case where the user B operates the PC 200A will be described as an example. In this case, the authentication information input to the PC 200A by the user B is a password registered in the server 300 because the user B is registered in the server 300. The authentication information reception unit 271 outputs the received authentication information to the second encoding key determination unit 273.

  The second encoding key determination unit 273 determines the encoding key based on the authentication information in response to the input of the authentication information from the authentication information reception unit 271. Specifically, the second encoding key determination unit 273 uses the authentication information input from the authentication information reception unit 271 to determine based on the rules defined by the server 300. For example, when the server 300 is defined to generate an encoding key using a hash function, the hash value obtained by inputting the authentication information of the user B into the hash function defined by the server 300 Is determined as the encoding key. Further, if the server 300 is determined to generate an encoding key using the user specific value determined for the user B, the authentication information of the user B, and the hash function, for the user B, Then, the hash value obtained by inputting the user specific value predetermined with the server 300 and the authentication information of the user B into the hash function determined by the server 300 is determined as the encoding key. If the server 300 stipulates that the authentication information itself is an encoded key, the user B's password itself is determined as the encoded key. The second encoding key determination unit 355 outputs the determined encoding key to the decoding unit 275.

  The decoding unit 275 receives the encoded data from the data receiving unit 277 and the encoding key from the second encoding key determination unit 273. The decoding unit 275 decodes the encoded data input from the data receiving unit 277 with the encoding key input from the second encoding key determination unit 273.

  FIG. 8 is a flowchart illustrating an example of the flow of data transmission processing according to the first embodiment. The data transmission process is a process executed by the transmission device. Here, a case where the PC 200 functions as a transmission device will be described as an example. In this case, the data transmission processing is processing executed by the CPU 201 when the CPU 201 included in the PC 200 executes a data transmission program stored in the ROM 202, the HDD 204, or the CD-ROM 209A. Referring to FIG. 8, CPU 201 provided in PC 200 determines whether or not data designation is accepted (step S01). When the user inputs an operation for specifying data to the operation unit 207, the specification of data is accepted. For example, when a list of file names of data stored in the HDD 204 is displayed on the display unit 206 and the user operates the operation unit 207 to indicate one or more of the displayed file names, the specified one or more The specification of the data specified by the file name is accepted. The process waits until data designation is accepted (NO in step S01). If data designation is accepted (YES in step S01), the process proceeds to step S02. When the process proceeds to step S02, one or more designated data is set as a transmission target.

  In step S02, it is determined whether a destination has been accepted (step S02). When the user inputs an operation for designating a destination to the operation unit 207, the destination is accepted. For example, a list of user identification information registered in the address book stored in the HDD 204 is displayed on the display unit 206, and the user operates the operation unit 207 to indicate one of the user identification information displayed as a list. In this case, the user specified by the instructed user identification information is accepted as a destination. The process waits until an address is accepted (NO in step S02). If the address is accepted (YES in step S02), the process proceeds to step S03. Here, a case where user identification information of user B is designated and user B is designated as a destination will be described as an example.

  In the next step S03, the registered device is specified, and the process proceeds to step S04. Specifically, an association record including the user identification information of the user accepted as the destination in step S02 is extracted from the plurality of association records included in the association table stored in the HDD 204, and the association record is extracted. The device specified by the device identification information included in is registered as a registered device. Here, a case where the server 300 is associated with the user B and the server 300 is specified as a registration device will be described as an example.

  In step S04, the registration apparatus specified in step S03 is requested to transmit an encoding key. Specifically, the communication unit 205 is controlled to transmit an encoding key transmission request to the server 300 which is a registration apparatus. The encoding key transmission request includes the user identification information of the user B designated as the destination in step S02. In the next step S05, it is determined whether or not an encoding key has been received. It is determined whether or not the communication unit 205 has received an encoding key from the server 300 that is a registration device. If the encoding key has been received, the process proceeds to step S06. If not, the process proceeds to step S08. In step S08, an error message is displayed on display unit 206, and the process ends.

  In step S06, the data specified in step S01 is encoded using the encoding key received in step S05 to generate encoded data. At this point, it is preferable to delete the encoded key received in step S05 from the memory. This is because when the encoding key is used as a password, the password of the user B may be leaked. In the next step S07, the encoded data is transmitted to the user B accepted as the destination in step S02, and the process is terminated. Specifically, a network address assigned to user B is determined with reference to an address table stored in advance in HDD 204. The address table includes an address record in which user identification information is associated with a network address. The network address differs depending on the data transmission method. For example, when the transmission method is transmission of an electronic mail, the network address is an electronic mail address. When the transmission method is file transfer, the network address is a network address of a storage area. When the address data is an e-mail address, the e-mail address of user B is set as the destination, an e-mail including the encoded data is generated, and the generated e-mail is communicated to a predetermined e-mail server. Via 205. When the address data is a network address in the storage area, the encoded data is transmitted to the computer determined by the network address via the communication unit 205 and stored in the storage area determined by the network address.

  FIG. 9 is a flowchart illustrating an example of the flow of the encoding key determination process according to the first embodiment. The encoding key determination process is a process executed by the registration device. Here, a case where the server 300 functions as a registration device will be described as an example. In this case, the encoding key determination process is a process executed by the CPU 301 when the CPU 301 included in the server 300 executes the encoding key determination program stored in the ROM 302, the HDD 304, or the CD-ROM 309A. Referring to FIG. 9, CPU 301 provided in server 300 determines whether or not an encoding key transmission request has been received (step S11). The communication unit 305 is in a standby state until it receives an encoding key transmission request from an external device (NO in step S11). If it receives an encoding key transmission request (YES in step S11), the process proceeds to step S12. Proceed to Here, a case where an encoding key transmission request including user identification information of user B is received from PC 200 functioning as a transmission device will be described as an example.

  In step S12, it is determined whether the device that has transmitted the transmission request for the encoding key, in this case, the PC 200 is a trusted device. If the device that has transmitted the transmission request for the encoding key is a trusted device, the process proceeds to step S13; otherwise, the process proceeds to step S16. Specifically, if the trusted device information 393 stored in the HDD 304 includes the device identification information of the PC 200 that has transmitted the transmission request for the encoding key, the PC 200 is determined to be a trusted device. In step S16, an error is notified to the device that has transmitted the transmission request for the encoding key, and the process ends.

  In step S13, the user authentication information specified by the user identification information included in the encoding key transmission request is acquired. Referring to authentication information 391 stored in HDD 304, a password that is paired with user identification information included in the transmission request for the encoding key is acquired as authentication information.

  In the next step S14, an encoding key is determined, and the process proceeds to step S15. Using the password acquired as the authentication information in step S13, the encoding key corresponding to the user B specified by the user identification information included in the transmission request for the encoding key is determined. More specifically, the hash value obtained by inputting the password of the user B acquired in step S13 into the hash function defined in the server 300 is determined as the encoding key. The hash function is a function determined in advance between the server 300 functioning as a registration device and the reception device.

  In step S15, the determined encoding key is transmitted, and the process ends. Specifically, the communication unit 305 is controlled to transmit the encoding key determined in step S14 to the device that has transmitted the transmission request for the encoding key, in this case, the PC 200.

  FIG. 10 is a flowchart illustrating an example of a flow of data reception processing according to the first embodiment. The data reception process is a process executed by the receiving device. Here, an example will be described in which PC 200A operated by user B functions as a receiving device. In this case, the data reception process is a process executed by the CPU 201 when the CPU 201 included in the PC 200A executes a data reception program stored in the ROM 202, the HDD 204, or the CD-ROM 209A. Referring to FIG. 10, CPU 201 provided in PC 200A determines whether or not encoded data has been received (step S21). The communication unit 305 is in a standby state until it receives encoded data from an external device (NO in step S21). If encoded data is received (YES in step S21), the process proceeds to step S22. Here, a case where encoded data is received from PC 200 functioning as a transmission device will be described as an example. For example, the PC 200 functioning as a transmission device includes an encoded data and transmits an email in which the email address of the user B is set as a destination to the email server. The user B operates the PC 200A to send an email. When an operation to receive is input, the PC 200A receives an e-mail transmitted from the e-mail server by the PC 200 functioning as a transmission device. In addition, when the PC 200 functioning as a transmission device transmits encoded data to the PC 200A, the encoded data is received from the PC 200.

  In step S22, authentication information is accepted. A password input by user B to operation unit 207 is accepted as authentication information. The password that the user B inputs to the operation unit 207 is a password registered in the server 300 in order for the user B to receive a service from the server 300 that is a registration device.

  In the next step S23, an encoding key is determined based on the authentication information accepted in step S22. Specifically, the step is determined based on the rules defined in server 300 using the authentication information received in S22. For example, if the server 300 is determined to generate an encoding key using a hash function, the hash value obtained by inputting the authentication information accepted in step S22 into the hash function is used as the encoding key. To decide. When it is determined that the authentication information itself is an encoded key with the server 300, the password of the user B is determined as the encoded key.

  In the next step S24, the encoded data received in step S21 is decoded using the encoding key determined in step S23, and the process ends.

  As described above, in the data transmission / reception system 1 according to the first embodiment, the PC 200 functioning as a transmission apparatus is operated by the user A and accepts the designation of the user B as a destination user to which data is to be transmitted, Encoded data obtained by acquiring an encoding key corresponding to user B from server 300 associated as a registration device for user B designated as the destination user, and encoding the data based on the acquired encoding key Is sent to user B. The server 300 as a registration device stores authentication information for authenticating a user who operates the server 300, and upon receiving an encoding key transmission request from the PC 200, a user identification included in the encoding key transmission request. Based on the authentication information of user B specified by the information, an encoding key corresponding to user B is determined and transmitted to PC 200. Furthermore, when the user B operates the PC 200A, the PC 200A functions as a receiving device. The PC 200A receives the encoded data transmitted from the PC 200, determines the encoding key in the same procedure as that determined by the server 300 based on the authentication information input by the user B to the PC 200A, and is received from the PC 200. The encoded data is decoded using the determined encoding key. For this reason, since the PC 200 acquires the encoding key corresponding to the user B from the server 300 that is a registration apparatus corresponding to the user B who is the destination user, the user A who operates the PC 200 needs to know the encoding key. Absent. Further, if the user B inputs his / her authentication information registered in the server 300 which is a registration device to the PC 200A, the encoded data received from the PC 200 is decoded, so that the user A who is the data sender is notified to the user A. There is no need to query the encoding key. Therefore, it is not necessary to manage the encoding key for encoding the data to be transmitted. Further, since the encoded data transmitted from the PC 200 to the PC 200A is encoded with the encoding key, security can be maintained.

  The server 300 functioning as a registration device is specified by the user identification information included in the encoding key transmission request on the condition that the PC 200 that requests transmission of the encoding key is a pre-registered trusted device. The encoding key determined based on the user B authentication information is transmitted to the PC 200. For this reason, since the transmission destination of the encoding key is limited, the possibility that the authentication information of the destination user is leaked can be reduced as much as possible.

  Further, since the encoding key is determined using the authentication information stored in the server 300, the existing authentication information can be used.

  When MFP 100A is used as a registration device and a reception device, user B who is a destination user can receive data by operating MFP 100A.

  Further, when the encoding key corresponding to the user B is the password of the user B, the encoding key can be easily determined.

  Further, when the encoding key corresponding to the user B is a value obtained by converting the password into a predetermined rule, for example, using a hash function, it is not necessary to transmit / receive the password itself, and the password can be prevented from leaking. .

<First Modification>
In the first embodiment described above, an example in which the transmission apparatus is the PC 200 has been described. However, the transmission apparatus may be one of the MFPs 100, 100A, and 100B. In this case, for example, the CPU 111 provided in the MFP 100 has a function similar to the function illustrated in FIG. The data acquisition unit 253 included in the CPU 111 provided in the MFP 100 may acquire an image of a document read by the document reading unit 130 as data to be transmitted.

  Further, although the case where the receiving device is PC 200A has been described as an example, the receiving device may be any one of MFPs 100, 100A, and 100B. In this case, for example, the CPU 111 provided in the MFP 100 has the same function as the function illustrated in FIG. The MFP 100 causes the image forming unit 140 to form an image of the data decoded by the decoding unit 275 included in the CPU 111 of the MFP 100 on a sheet supplied from the sheet feeding unit 150 according to the printing conditions set by the user B.

  Furthermore, although the registration apparatus is described as an example of the server 300, the registration apparatus may be one of the MFPs 100, 100A, and 100B. In this case, for example, the CPU 111 included in the MFP 100 has the same function as the function illustrated in FIG. 6, and the HDD 115 included in the MFP 100 stores the authentication information 391 and the trusted device information 393 illustrated in FIG. 6. Authentication information 391 stored in HDD 115 includes a set of user identification information and a password of a user registered in MFP 100 as a user permitted to use MFP 100.

  Therefore, each of MFPs 100, 100A, and 100B can function as a transmission device and a registration device, and can function as a reception device and a registration device.

  For example, when MFP 100A operated by user B functions as a registration device and a reception device, MFP 100A can form an image of data obtained by decoding encoded data. Further, when user A operates MFP 100, data obtained by causing MFP 100 to read a document can be transmitted.

<Second Embodiment>
In the first embodiment, the trusted device information 393 is stored in the HDD 304 provided in the server 300 serving as a registration device. In the second embodiment, the trusted device information 393 is not stored in the HDD 304 of the server 300 serving as a registration device. Hereinafter, the data transmission / reception system 1 according to the second embodiment will be described mainly with respect to differences from the data transmission / reception system 1 according to the first embodiment. The overall overview of the data transmission / reception system 1 and the hardware configuration of each device in the second embodiment are the same as the overall overview of the data transmission / reception system 1 and the hardware configuration of each device in the first embodiment. Therefore, description is not repeated here.

  In the data transmission / reception system 1 according to the second embodiment, the server 300 functions as a registration device, and the user A who is a data sender as a user who can receive services provided by the server 300 to the server 300 and User B who is the destination of data is registered.

  FIG. 11 is a block diagram illustrating an example of functions of a CPU included in a server functioning as a registration device according to the second embodiment, together with information stored in the HDD. The function shown in FIG. 11 may be realized by hardware, or the CPU 301 included in the server 300 stores the encoding key determination program according to the second embodiment stored in the ROM 302, the HDD 304, or the CD-ROM 309A. It may be realized by the CPU 301 by executing it. Here, since the server 300 functions as a registration device, a case where the CPU 301 provided in the server 300 executes an encoding key determination program will be described as an example. Referring to FIG. 11, the difference from the function shown in FIG. 6 is that authentication unit 351 and transmission request reception unit 353 are changed to authentication unit 351A and transmission request reception unit 353A, respectively. Other functions are the same as the functions shown in FIG. 6, and thus description thereof will not be repeated here.

  When a transmission of an encoding key is requested from an external device, the transmission request reception unit 353A receives a transmission request on the condition that a user who operates the external device is registered as a user who provides a service. Here, the case where transmission of an encoding key is requested from PC 200 as a transmission device will be specifically described. Specifically, the transmission request reception unit 353 outputs an authentication instruction to the authentication unit 351A in response to the communication unit 305 receiving an encoding key transmission request from the PC 200.

  In response to the input of the authentication instruction, the authentication unit 351A transmits a login screen to the PC 200A via the communication unit 305 and requests transmission of a set of user identification information and a password. The login screen includes a screen for inputting user identification information and a password. When the communication unit 305 receives a set of user identification information and a password from the PC 200, the user identification information that is the same as the combination of the user identification information and the password received from the PC 200 is referred to the authentication information 391 stored in the HDD 304. If the authentication information 391 includes a set of password and password, authentication is performed. Otherwise, authentication is not performed. The authentication unit 351 outputs a permission signal to the transmission request receiving unit 353A when authenticating after the authentication instruction is input, but outputs a non-permission signal to the transmission request receiving unit 353A when not authenticating. Here, a case where the user A who operates the PC 200 is registered as a user who can receive the service provided by the server 300 will be described as an example.

  The transmission request reception unit 353A specifies the PC 200 that has transmitted the transmission request for the encoding key in response to the permission signal being input from the authentication unit 351A after outputting the authentication instruction to the authentication unit 351A, and receives it from the PC 200. The user identification information included in the transmitted request, here, the user identification information of user B is output to the first encoding key determination unit 355, and the device identification information of the PC 200 that transmitted the request is encoded key transmission unit 357. Output to. As described above, the transmission request receiving unit 353A is provided on the condition that the user A who has instructed the transmission request for the encoding key is registered as a user who can receive provision of services in the server 300 as a registration device. In addition, an encoding key transmission request is accepted. For this reason, an encoding key corresponding to the user B designated by the user A is returned to the PC 200 operated by the user A registered in the server 300 in advance, and the device operated by the user not registered in the server 300 is used. Does not return an encoding key. For this reason, it is possible to prevent the encoding key corresponding to the user B from being known to a third party.

  FIG. 12 is a block diagram illustrating an example of a function of a CPU included in a PC that functions as a transmission device according to the second embodiment. Here, the function of the CPU 201 provided in the PC 200 functioning as a transmission device is shown. The function shown in FIG. 12 is different from the function shown in FIG. 5 in that the encoding key acquisition unit 257 is changed to an encoding key acquisition unit 257A. Other functions are the same as the functions shown in FIG. 5, and thus description thereof will not be repeated here.

  The encoding key acquisition unit 257A obtains an encoding key corresponding to the user specified by the user identification information in response to the input of a set of device identification information and user identification information from the association unit 255. Acquired from the device specified by the information. Here, the encoding key acquisition unit 257A receives the set of the user identification information of the user B and the device identification information of the server 300 from the association unit 255, so that the encoding key acquisition unit 257A An encoding key transmission request is transmitted via the communication unit 205. The transmission request includes the user identification information of the user B input from the association unit 255. The server 300 that receives the transmission request transmits a login screen to confirm that the user operating the PC 200 that has transmitted the transmission request is a user registered as a user who provides the service. The acquisition unit 257A displays a login screen received from the server 300 on the display unit 206, and receives user identification information and a password that the user A inputs to the operation unit 207. The encoding key acquisition unit 257A transmits a set of user identification information and a password input by the user A to the server 300. The server 300 that receives the combination of the user identification information and the password returns an encoding key corresponding to the user B when the authentication using the received combination of the user identification information and the password is successful. The key acquisition unit 257A acquires the encoding key that the communication unit 205 receives from the server 300, and outputs the acquired encoding key to the encoding unit 259.

  The function of the PC 200A that functions as the receiving device in the second embodiment is the same as the function shown in FIG. Therefore, the description will not be repeated here.

  FIG. 13 is a flowchart illustrating an example of a flow of data transmission processing according to the second embodiment. The difference between the data transmission process in the second embodiment and the data transmission process in the first embodiment shown in FIG. 8 is that steps S31 to S33 are added between step S04 and step S05. Is a point. Other processing is the same as the processing shown in FIG. 8, and therefore description thereof will not be repeated here.

  Here, a case where the PC 200 operated by the user A functions as a transmission device will be described as an example. In step S04, when a transmission request for an encoding key is transmitted to server 300, which is a registration device, server 300 transmits a login screen. In step S31, it is determined whether communication unit 205 has received a login screen. The process waits until the login screen is received (NO in step S31). When the login screen is received (YES in step S31), the process proceeds to step S32.

  In step S32, authentication information input to the operation unit 207 by the user A operating the PC is received. In the next step S33, the authentication information accepted in step S32 is transmitted to the server 300, which is a registration device, via the communication unit 205, and the process proceeds to step S05.

  FIG. 14 is a flowchart illustrating an example of the flow of an encoding key determination process according to the second embodiment. Referring to FIG. 14, the difference between the encoding key determination process in the second embodiment and the encoding key determination process in the first embodiment shown in FIG. 9 is that step S41 is substituted for step S12. -Step S43 is added. Other processing is the same as the processing shown in FIG. 9, and therefore description thereof will not be repeated here.

  Here, a case where the server 300 functions as a registration device will be described as an example. When an encoding key transmission request is received in step S11, a login screen is transmitted via the communication unit 205 to the apparatus that has transmitted the encoding key transmission request, in this case, the PC 200 that is the transmission apparatus (step S41). In the next step S42, it is determined whether or not the communication unit 205 has received authentication information from the PC 200. The process waits until the authentication information is received (NO in step S42). If the authentication information is received, the process proceeds to step S43.

  In step S43, it is determined whether or not the authentication using the received authentication information is successful. If the authentication is successful, the process proceeds to step S13; otherwise, the process proceeds to step S16. If the authentication information 391 includes the same combination of user identification information and password as the combination of user identification information and password included in the authentication information received from the PC 200, the authentication is not performed.

  In the data transmission / reception system 1 according to the second embodiment, the PC 200 functioning as a transmission device is operated by the user A and receives the designation of the user B as the destination user to which the data is to be transmitted. When the authentication is successful, an encoding key corresponding to the user B is acquired from the server 300 associated as the registration device with respect to the user B designated as the destination user, and data is obtained based on the acquired encoding key. Is transmitted to the user B. The server 300 which is a registration device stores authentication information for authenticating a user who operates the server 300. When the authentication of the user A is successful and an encoding key transmission request is received from the PC 200, the server 300 The encoding key corresponding to the user B is determined based on the authentication information of the user B specified by the user identification information included in the transmission request for the encryption key, and transmitted to the PC 200. Furthermore, when the user B operates the PC 200A, the PC 200A functions as a receiving device. The PC 200A receives the encoded data transmitted from the PC 200, determines the encoding key in the same procedure as that determined by the server 300 based on the authentication information input by the user B to the PC 200A, and is received from the PC 200. The encoded data is decoded using the determined encoding key. For this reason, since the PC 200 acquires the encoding key corresponding to the user B from the server 300 that is a registration apparatus corresponding to the user B who is the destination user, the user A who operates the PC 200 needs to know the encoding key. Absent. Further, if the user B inputs his / her authentication information registered in the server 300 which is a registration device to the PC 200A, the encoded data received from the PC 200 is decoded, so that the user A who is the data sender is notified to the user A. There is no need to query the encoding key. Therefore, it is not necessary to manage the encoding key for encoding the data to be transmitted. Further, since the encoded data transmitted from the PC 200 to the PC 200A is encoded with the encoding key, security can be maintained.

  In addition, the server 300 functioning as a registration device has the encoding key determined based on the authentication information of the user B who is the destination user on the condition that the authentication of the user A who operates the PC 200 functioning as the transmission device is successful. Is transmitted to the PC 200. For this reason, the encoding key is transmitted only when the user A registered in the server 300 operates the PC 200. Thus, since the server 300 restricts the transmission destination of the encoding key, the possibility that the authentication information of the destination user is leaked can be reduced as much as possible.

<Second Modification>
In the above-described second embodiment, the example in which the transmission apparatus is the PC 200 has been described. However, the transmission apparatus may be any one of MFPs 100, 100A, and 100B. In this case, for example, the CPU 111 provided in the MFP 100 has a function similar to the function illustrated in FIG. The data acquisition unit 253 included in the CPU 111 provided in the MFP 100 may acquire an image of a document read by the document reading unit 130 as data to be transmitted. When user A operates MFP 100, data obtained by causing MFP 100 to read a document can be transmitted.

  Further, although the case where the receiving device is PC 200A has been described as an example, the receiving device may be any one of MFPs 100, 100A, and 100B. In this case, for example, when MFP 100A operated by user B functions as a registration device and a reception device, CPU 111 provided in MFP 100A has the same function as the function shown in FIG. The user B operating the MFP 100A prints the image of the data decoded by the decoding unit 275 included in the CPU 111 of the MFP 100A on the paper supplied from the paper supply unit 150 to the image forming unit 140 and the printing conditions set by the user B The image can be formed according to the above.

  The registration device may be any one of MFPs 100, 100A, and 100B. In this case, for example, the CPU 111 included in the MFP 100A has the same function as the function illustrated in FIG. 11, and the HDD 115 included in the MFP 100A stores the authentication information 391 illustrated in FIG. Authentication information 391 stored in HDD 115 includes a set of user identification information and a password of a user registered in MFP 100 as a user permitted to use MFP 100. In this case, MFP 100A can also function as a receiving device. When causing MFP 100A to function as a registration device and a receiving device, user B who is a destination user can receive data by operating MFP 100A, and an image of the data is supplied from image feeding unit 150 to image forming unit 140. An image can be formed on the printing paper according to the printing conditions set by the user B.

  Although the data transmission / reception system 1 has been described in the above-described embodiment, the processing shown in FIGS. 8 and 10 or FIGS. 13 and 10 is executed by the PC 200, 200A or the MFP 100, 100A, 100B. It goes without saying that the present invention can be understood as a data transmission / reception method and as a data transmission / reception program executed by the CPU 201 provided in each of the PCs 200 and 200A or the CPU 111 provided in each of the MFPs 100, 100A, and 100B.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

1 Data transmission / reception system, 3 LAN, 5 Internet, 100, 100 A, 100 B MFP, 200, 200 A PC, 300 server, 400 gateway device, 110 main circuit, 111 CPU, 112 communication I / F unit, 113 ROM, 114 RAM, 115 HDD, 116 facsimile unit, 117 external storage device, 120 automatic document feeder, 130 document reading unit, 140 image forming unit, 150 sheet feeding unit, 160 operation panel, 161 display unit, 163 operation unit, 165 touch panel, 167 hardware Key unit, 201 CPU, 202 ROM, 203 RAM, 204 HDD, 205 communication unit, 206 display unit, 207 operation unit, 209 external storage device, 209A CD-ROM, 251 destination reception unit, 253 data acquisition unit, 255 association Part, 25 , 257A Encoding key acquisition unit, 259 encoding unit, 261 transmission unit, 271 authentication information reception unit, 273 encoding key determination unit, 275 decoding unit, 277 data reception unit, 301 CPU, 302 ROM, 303 RAM, 304 HDD , 305 communication unit, 306 display unit, 307 operation unit, 309 external storage device, 309A CD-ROM, 351, 351A authentication unit, 353, 353A transmission request reception unit, 355 first encoding key determination unit, 357 encoding key Transmitter, 391 authentication information, 393 trusted device information.

Claims (16)

A data transmission / reception system having a plurality of information processing devices,
Each of the plurality of information processing devices
An association means for associating a registration device corresponding to the user for each of a plurality of users,
Of the plurality of information processing devices, the transmission device is
Data acquisition means for acquiring data;
Destination accepting means for accepting designation of a destination user as a transmission destination of the acquired data;
Encoding key acquisition means for acquiring an encoding key corresponding to the destination user from the registration device associated with the destination user;
Encoding means for generating encoded data obtained by encoding the data based on the acquired encoding key;
Transmitting means for transmitting the encoded data to the destination user,
The registration device includes authentication information storage means for storing authentication information for authenticating a user who operates the registration device;
First encoding key determination means for determining an encoding key based on the authentication information,
Of the plurality of information processing devices, the receiving device is:
Data receiving means for receiving the encoded data transmitted to the destination user by the transmitting device;
A procedure for determining the encoding key based on the authentication information for authenticating a user who operates the registration device by the registration device associated with the destination user based on authentication information input by the destination user. Second encoding key determination means for determining an encoding key in the same procedure as
A data transmission / reception system comprising: decoding means for decoding the encoded data using the determined encoding key. The registration device, on the condition that the transmission device is a pre-registered trust device, request reception means for receiving a transmission request for an encoding key corresponding to the destination user from the transmission device;
The encoding key transmission unit according to claim 1, further comprising: an encoding key transmission unit configured to transmit an encoding key determined based on authentication information of the destination user to the transmission device in response to reception of the transmission request. Data transmission / reception system. The registration device has a request accepting unit that accepts a transmission request for an encoding key corresponding to the destination user from the transmission device, on condition that authentication of a user who operates the transmission device is successful;
The encoding key transmission unit according to claim 1, further comprising: an encoding key transmission unit configured to transmit an encoding key determined based on authentication information of the destination user to the transmission device in response to reception of the transmission request. Data transmission / reception system.   4. The data transmission / reception system according to claim 1, wherein the registration device is a server that provides a predetermined service on condition that a user registered in advance is authenticated. The data transmission / reception system according to claim 1, wherein the registration device is one of the plurality of information processing devices and functions as the reception device.   The data transmission / reception system according to claim 5, wherein the reception device further includes image processing means for processing an image of the decoded data. The transmission device further includes document reading means for reading a document,
The data transmission / reception system according to claim 1, wherein the data acquisition unit acquires image data output by the document reading unit reading and outputting a document. The authentication information includes a password ,
The data transmission / reception system according to claim 1, wherein the encoding key is a password included in the authentication information. The authentication information includes a password,
The data transmission / reception system according to claim 1, wherein the encoding key is a value obtained by converting a password included in the authentication information according to a predetermined rule. Corresponding means for associating a registration device that stores authentication information for authenticating the user corresponding to each of a plurality of users;
When functioning as a transmission device that transmits data,
Data acquisition means for acquiring data;
Destination accepting means for accepting designation of a destination user as a transmission destination of the acquired data;
Encoding key acquisition means for acquiring an encoding key determined by the registration device based on authentication information corresponding to the destination user from the registration device associated with the destination user;
Encoding means for generating encoded data obtained by encoding the data based on the acquired encoding key;
Transmitting means for transmitting the encoded data to the destination user,
When functioning as a receiving device that receives data,
Data receiving means for receiving the encoded data transmitted to the destination user by the transmitting device;
Based on the authentication information input by the destination user, the registration key associated with the destination user uses the same procedure as the procedure for determining the encoding key based on the authentication information corresponding to the destination user. Second encoding key determination means for determining
An information processing apparatus comprising: decoding means for decoding the encoded data using the determined encoding key.   The information processing apparatus according to claim 10, wherein the registration apparatus is a server that provides a predetermined service on condition that a user registered in advance is authenticated.   The information processing apparatus according to claim 10, wherein the registration apparatus is another information processing apparatus that functions as the reception apparatus.   The information processing apparatus according to claim 12, further comprising image processing means for processing an image of the decoded data. Document reading means for reading a document is further provided,
The information processing apparatus according to claim 10, wherein the data acquisition unit acquires image data output by the document reading unit reading a document. A data transmission / reception method executed by an information processing apparatus,
An association step for associating a registration device that stores authentication information for authenticating the user, corresponding to each of a plurality of users;
When functioning as a transmission device that transmits data,
A data acquisition step for acquiring data;
A destination receiving step for receiving designation of a destination user as a transmission destination of the acquired data;
An encoding key acquisition step of acquiring an encoding key determined by the registration device based on authentication information corresponding to the destination user from the registration device associated with the destination user;
An encoding step for generating encoded data obtained by encoding the data based on the acquired encoding key;
Transmitting the encoded data to the destination user, causing the information processing apparatus to execute,
When functioning as a receiving device that receives data,
A data receiving step of receiving the encoded data transmitted to the destination user by the transmitting device;
Based on the authentication information input by the destination user, the registration key associated with the destination user uses the same procedure as the procedure for determining the encoding key based on the authentication information corresponding to the destination user. A second encoding key determining step for determining
A data transmission / reception method that causes the information processing apparatus to execute a decoding step of decoding the encoded data using the determined encoding key. A data transmission / reception program executed by a computer that controls the information processing apparatus,
An association step for associating a registration device that stores authentication information for authenticating the user, corresponding to each of a plurality of users;
When functioning as a transmission device that transmits data,
A data acquisition step for acquiring data;
A destination receiving step for receiving designation of a destination user as a transmission destination of the acquired data;
An encoding key acquisition step of acquiring an encoding key determined by the registration device based on authentication information corresponding to the destination user from the registration device associated with the destination user;
An encoding step for generating encoded data obtained by encoding the data based on the acquired encoding key;
Transmitting the encoded data to the destination user, causing the computer to execute,
When functioning as a receiving device that receives data,
A data receiving step of receiving the encoded data transmitted to the destination user by the transmitting device;
Based on the authentication information input by the destination user, the registration key associated with the destination user uses the same procedure as the procedure for determining the encoding key based on the authentication information corresponding to the destination user. A second encoding key determining step for determining
A data transmission / reception program that causes the computer to execute a decoding step of decoding the encoded data using the determined encoding key.

Images