JP6939095B2 - Information processing equipment, information processing systems, information processing methods and programs - Google Patents

Description

The present invention relates to an information processing apparatus, an information processing system, an information processing method and a program.

Recently, as a method of managing information, a technology for storing data in a storage unit and managing the number of times the data has been accessed and what kind of processing has been executed, and a non-volatile storage device for storing data. There is a known technique for erasing data so that it cannot be restored. As such a technique related to data erasure, in order to completely erase the data uploaded on the network, the existence of the data erasure function of the data storage destination and the data deletion method are investigated via the network, and the data is deleted. A technique is disclosed in which the data is deleted by the method expected by the user (see Patent Document 1).

However, even if the technology disclosed in Patent Document 1 is applied, the information registrant has registered specific information (for example, questionnaire information, etc.) based on a contract that the information retention period is, for example, one year. In this case, there is a problem that in order to know whether or not the registered information has been deleted after the information retention period has elapsed, there is no choice but to contact the information manager who manages the registered information. In addition, as a result of the inquiry, even if the information does not exist, there is a problem that it is not possible to identify whether the information has not been registered from the beginning or has been registered and then deleted.

The present invention has been made in view of the above problems, and provides an information processing device, an information processing system, an information processing method, and a program capable of easily proving that the registered information has been deleted. The purpose is.

In order to solve the above-mentioned problems and achieve the object, the present invention acquires an information input unit for inputting information and tracking data for tracking the information input by the information input unit. The acquisition unit, the tracking data acquired by the first acquisition unit, the registration unit that registers the information input by the information input unit in the first storage unit as registration information, and the tracking data. A fourth storage in which the data output unit to be output, the tracking input unit for inputting the tracking data output by the data output unit, the tracking data, and the access log for the registration information are stored in association with each other. A third acquisition unit that acquires the access log corresponding to the tracking data input by the tracking input unit, and if the access log is not acquired by the third acquisition unit, the tracking data and the data. A second acquisition unit that acquires the deletion certificate corresponding to the tracking data input by the tracking input unit is provided from the second storage unit that is stored in association with the deletion certificate of the registration information. It is characterized by that.

According to the present invention, it can be easily proved that the registered information has been deleted.

FIG. 1 is a diagram showing an overall configuration of an information processing system according to an embodiment and an example of a hardware configuration of each component. FIG. 2 is a diagram showing an example of a software configuration of the image forming apparatus of the embodiment. FIG. 3 is a diagram showing an example of the software configuration of the database device of the embodiment. FIG. 4 is a diagram showing an example of the software configuration of the tracking dedicated device of the embodiment. FIG. 5 is a diagram showing an example of the configuration of the functional block of the image forming apparatus of the embodiment. FIG. 6 is a diagram showing an example of the configuration of the functional block of the database device of the embodiment. FIG. 7 is a diagram showing an example of the configuration of the functional block of the tracking dedicated device of the embodiment. FIG. 8 is a diagram illustrating an example of an operation of registering data in the information processing system according to the embodiment. FIG. 9 is a diagram illustrating an example of an operation of acquiring an access log using tracking data and an operation of displaying deletion certification information in the information processing system according to the embodiment. FIG. 10 is a flowchart showing an example of the overall flow of processing of the information processing system according to the embodiment. FIG. 11 is a flowchart showing an example of the initial setting process of the information processing system according to the embodiment. FIG. 12 is a diagram showing an example of the initial setting screen. FIG. 13 is a diagram showing an example of a pop-up screen displayed on the initial setting screen. FIG. 14 is a flowchart showing an example of execution processing of the information processing system according to the embodiment. FIG. 15 is a flowchart showing an example of a panel input process in the execution process. FIG. 16 is a diagram showing an example of an information input screen. FIG. 17 is a flowchart showing an example of the database registration process in the panel input process. FIG. 18 is a flowchart showing an example of the tracking data creation process in the database registration process and the own machine registration process. FIG. 19 is a flowchart showing an example of the own machine registration process in the panel input process. FIG. 20 is a flowchart showing an example of an image input process in the execution process. FIG. 21 is a flowchart showing an example of program processing in the image input processing. FIG. 22 is a flowchart showing an example of database processing of the database device of the embodiment. FIG. 23 is a flowchart showing an example of the information registration process in the database process. FIG. 24 is a diagram showing an example of data table access processing in database processing. FIG. 25 is a flowchart showing an example of the deletion process in the data table access process. FIG. 26 is a flowchart showing an example of access log table access processing in database processing.

Hereinafter, embodiments of an information processing apparatus, an information processing system, an information processing method, and a program according to the present invention will be described in detail with reference to FIGS. 1 to 26. Further, the present invention is not limited by the following embodiments, and the components in the following embodiments include those easily conceived by those skilled in the art, substantially the same, and so-called equivalent ranges. Is included. Furthermore, various omissions, substitutions, changes and combinations of components can be made without departing from the gist of the following embodiments.

(Overall configuration of information processing system and hardware configuration)
FIG. 1 is a diagram showing an overall configuration of an information processing system according to an embodiment and an example of a hardware configuration of each component. The overall configuration of the information processing system 1 and the hardware configuration of each component according to the present embodiment will be described with reference to FIG.

As shown in FIG. 1, the information processing system 1 according to the present embodiment includes an image forming apparatus 10, a database apparatus 20, and a tracking dedicated apparatus 30. The image forming apparatus 10, the database apparatus 20, and the tracking dedicated apparatus 30 are capable of data communication with each other via the network 2. The network 2 is a network configured by at least one of a LAN (Local Area Network), a dedicated line, the Internet, and the like. The network 2 is, for example, an Ethernet (registered trademark) standard network, and in this case, data communication is performed by a protocol such as TCP (Transmission Control Protocol) / IP (Internet Protocol). Further, the network 2 is not limited to being configured by a wired network, and may be configured to include at least a part of a wireless network.

The image forming apparatus 10 is an information processing device that reads information input by the user (for example, personal information such as a questionnaire result) and embeds electronic information such as a digital watermark as tracking data in the read information and outputs the information. Is. The image forming apparatus 10 is, for example, a multifunction device (MFP: Multifunction Peripherals) having at least two functions of a copy function, a printer function, a scanner function, and a fax function. The image forming device 10 includes a control device 11, an operation display device 12, an image input device 13, an image output device 14, a primary storage device 15, a secondary storage device 16, and an external communication device 17. Be prepared.

The control device 11 is a CPU (Central Processing Unit) that controls the overall operation of the image forming device 10 by executing the program P1 read from the secondary storage device 16 to the primary storage device 15. The program P1 includes various software belonging to the application layer, the service layer, and the handler layer of the software group described later, and is executed by the control device 11 in a state of being read by the primary storage device 15. Further, when the control device 11 stores the registration information in the image forming device 10 or the like, the control device 11 associates the access authority to the access log corresponding to the registration information with the tracking data. Further, the control device 11 acquires the access log corresponding to the registration information.

The program P1 executed by the control device 11 is stored in the secondary storage device 16 in advance, and is stored in a CD-ROM (Compact Disc Read Only Memory) or a memory in an installable format or an executable format file. It may be configured to be recorded and provided on a computer-readable storage medium such as a card, a CD-R (Compact Disc-Recordable), or a DVD (Digital Versaille Disc).

Further, the program P1 may be provided by being stored on another computer capable of data communication via the external communication device 17 and being downloaded via the external communication device 17. Further, the program P1 may be configured to be provided or distributed via the network 2.

The operation display device 12 is a device including a liquid crystal display for displaying information and an input device including a hardware switch or a touch panel for inputting information. The operation display device 12 reads the information to be registered (hereinafter, may be referred to as “registration information”) composed of image data or text data input by the user into the image forming device 10. Further, the operation display device 12 displays the contents of the access log acquired by the access log acquisition unit 111, which will be described later, or the deletion certificate acquired by the deletion certificate acquisition unit 112.

The image input device 13 is a device that inputs image data in which tracking data, which will be described later, is embedded, which is used for tracking registration information, to the image forming device 10. Here, the input of the image data means, for example, inputting the image data itself in which the tracking data is embedded, and reading the paper medium in which the image in which the tracking data is embedded is printed out by the scanning function. Is shown. Further, the image input device 13 inputs image data to the image forming device 10 as registration information. Specifically, the image input device 13 reads a paper medium on which an image for registration is printed and output by a scanning function, and inputs the obtained image data to the image forming device 10 as registration information. The image output device 14 is a device that outputs image data in which tracking data is embedded. Here, the output of image data means, for example, generating image data in which additional data is embedded and transmitting the image data to the outside, or printing and outputting the image data.

The primary storage device 15 is a volatile storage device such as a RAM (Random Access Memory) that functions as a work area of the control device 11.

The secondary storage device 16 is a non-volatile storage device that stores the above-mentioned program P1, a table for storing registration information, setting information, and the like. The secondary storage device 16 is, for example, an HDD (Hard Disk Drive), an SSD (Solid State Drive), a memory card, or the like.

The external communication device 17 is a communication device that performs data communication with the database device 20, the tracking dedicated device 30, and the like via the network 2. The external communication device 17 transmits, for example, the registration information input by the operation display device 12 to the database device 20 via the network 2.

The database device 20 is a device that stores and stores the registration information when the image forming device 10 is set to store the registration information to the outside. The database device 20 includes a control device 21, an input / output device 22, a primary storage device 25, a secondary storage device 26, and an external communication device 27.

The control device 21 is a CPU that controls the operation of the entire database device 20 by executing the program P2 read from the secondary storage device 26 to the primary storage device 25. The program P2 includes various software (including an OS (Operating System)) belonging to the application layer, the service layer, and the handler layer of the software group described later, and is executed by the control device 21 in a state of being read in the primary storage device 25. NS. Further, when the control device 21 stores the registration information in the database device 20 or the like, the control device 21 associates the access authority to the access log corresponding to the registration information with the tracking data.

The program P2 executed by the control device 21 is stored in the secondary storage device 26 in advance, and is also a file in an installable format or an executable format such as a CD-ROM, a memory card, a CD-R, or a DVD. It may be configured to be recorded and provided on a storage medium that can be read by a computer such as.

Further, the program P2 may be provided by being stored on another computer capable of data communication via the external communication device 27 and being downloaded via the external communication device 27. Further, the program P2 may be configured to be provided or distributed via the network 2.

The input / output device 22 is an input device for inputting information such as a mouse and a keyboard, a display device such as a display, and the like. The display device in this case is, for example, a CRT (Cathode Ray Tube) display, a liquid crystal display, an organic EL (Electro-Lumisensence) display, or the like.

The primary storage device 25 is a volatile storage device such as a RAM that functions as a work area of the control device 21.

The secondary storage device 26 is a non-volatile storage device that stores the above-mentioned program P2 and a table or the like that stores registration information. The secondary storage device 26 is, for example, an HDD or an SSD.

The external communication device 27 is a communication device that performs data communication with the image forming device 10, the tracking dedicated device 30, and the like via the network 2. The external communication device 27 receives, for example, the registration information input by the image forming device 10 and the tracking instruction of the registration information via the network 2. Further, when the external communication device 27 receives the tracking instruction of the registration information from the image forming apparatus 10, for example, the external communication device 27 transmits the tracking instruction of the registration information to the tracking dedicated device 30 via the network 2.

The tracking-only device 30 is a device that tracks the registered information based on the tracking data corresponding to the registered information when the image forming apparatus 10 is set to track the registered information externally. The tracking dedicated device 30 includes a control device 31, a primary storage device 35, a secondary storage device 36, and an external communication device 37.

The control device 31 is a CPU that controls the operation of the entire tracking dedicated device 30 by executing the program P3 read from the secondary storage device 36 to the primary storage device 35. The program P3 includes various software (including an OS (Operating System)) belonging to the application layer, the service layer, and the handler layer of the software group described later, and is executed by the control device 31 in a state of being read in the primary storage device 35. NS.

The program P3 executed by the control device 31 is stored in the secondary storage device 36 in advance, and is also a file in an installable format or an executable format such as a CD-ROM, a memory card, a CD-R, or a DVD. It may be configured to be recorded and provided on a storage medium that can be read by a computer such as.

Further, the program P3 may be provided by being stored on another computer capable of data communication via the external communication device 37 and being downloaded via the external communication device 37. Further, the program P3 may be configured to be provided or distributed via the network 2.

The primary storage device 35 is a volatile storage device such as a RAM that functions as a work area of the control device 31.

The secondary storage device 36 is a non-volatile storage device that stores the above-mentioned program P3 and information necessary for tracking registration information. The secondary storage device 36 is, for example, an HDD or an SSD.

The external communication device 37 is a communication device that performs data communication with the image forming device 10, the database device 20, and the like via the network 2. The external communication device 37 receives, for example, a tracking instruction of registration information from the database device 20 via the network 2. Further, the external communication device 37 transmits, for example, the tracking result of the registration information to the database device 20 via the network 2.

The user accesses the image forming apparatus 10, the database apparatus 20, the tracking dedicated apparatus 30, and the like from a computer connected to the network 2 to use the information processing system 1.

Further, the image forming apparatus 10 can store the registration information inside itself (secondary storage device 16) as described above, and can track the registration information. Alternatively, the storage of the registration information and the tracking of the registration information can be performed by an external device other than the image forming device 10. For example, it is possible that the database device 20 stores the registration information and the tracking dedicated device 30 tracks the registration information. In this case, the setting of the storage location of the registered information, the setting of the subject that executes the tracking process of the registered information, and the like are performed based on the initial setting process (FIG. 11) described later. Here, the tracking of the registration information specifically means the acquisition of the access log corresponding to the registration information, or the acquisition of the deletion certificate when the registration information has been deleted.

Further, the hardware configurations of the image forming apparatus 10, the database apparatus 20, and the tracking dedicated apparatus 30 shown in FIG. 1 are shown as an example, and it is not necessary to include all the components shown in FIG. May include the components of.

(Software configuration of image forming device)
FIG. 2 is a diagram showing an example of a software configuration of the image forming apparatus of the embodiment. The software configuration of the image forming apparatus 10 of the present embodiment will be described with reference to FIG.

As shown in FIG. 2, the image forming apparatus 10 has a software group 200 for realizing various operations by utilizing the engine 241 and the hardware resource 242. The software group 200 includes an application layer 200a running on an OS such as UNIX (registered trademark), a service layer 200b, and a handler layer 200c. The platform 200e that provides various functions to the application layer 200a includes a service layer 200b, a handler layer 200c, and a hard layer 200d. Further, the platform 200e receives an API (Application Program Interface) 251 that receives a processing request from the application layer 200a by a predefined function or the like, and a drive command from the software group 200 to the engine 241 and the hardware resource 242. Includes engine I / F252.

The application layer 200a includes a software group composed of applications directly operated by the user. The software included in the application layer 200a makes a necessary request for the platform 200e according to an instruction and a setting request from the operation display device 12 of the image forming device 10, and executes the function of each application. As shown in FIG. 2, the application layer 200a includes a printer application 201 which is a printer application, a copy application 202 which is a copy application, a fax application 203 which is a fax application, and a scanner application 204 which is a scanner application. And the net file application 205, which is an application for net files.

The service layer 200b includes a software group that controls an input function, an output function, a user authentication function, an electronic embedding function, an electronic embedding detection function, an external communication function, and the like included in the image forming apparatus 10. As shown in FIG. 2, the service layer 200b includes NCS (Network Control Service) 211, OCS (Operation panel Control Service) 212, FCS (Fax Control Service) 213, and MCS (Memoriy Control Service) 214. ) 215, DCS (Delivery Control Service) 216, CCS (Certification and Charge Control Service) 217, LCS (Log Control Service) 218, UCS (User Information) Includes service modules.

NCS211 is a service that can be commonly used for applications that require network I / O. The NCS211 distributes the data received by each protocol from the network side to each application, and mediates when transmitting the data from each application to the network side.

The OCS212 is a service that controls the operation display device 12 (for example, the operation control of the touch panel) that performs the input operation of the registration information.

The FCS 213 is used for sending and receiving faxes from the application layer 200a using the PSTN (Public Telephone Network) or ISDN (Integrated Services Digital Network) network, registering and quoting various fax data managed by a memory for backup. , And a service that provides an API for receiving and printing faxes.

MCS214 is a service that controls the memory of the primary storage device 15 and the secondary storage device 16. ECS215 is a service that controls the hardware layer 200d including the engine 241 and the hardware resource 242, which will be described later. DCS216 is a service that controls distribution of stored documents and the like. CCS217 is a service that controls authentication and billing. LCS218 is a service that manages and retains log information. UCS219 is a service that manages user information. The SCS 220 is a service that performs processing such as application management, operation unit control, system screen display control, hardware resource management, and interrupt application control.

The service layer 200b further includes an SRM (System Resource Manager) 221. SRM221 is software that controls the system together with SCS220 and manages the engine 241 and the hardware resource 242. The SRM221 performs arbitration and controls execution according to, for example, an acquisition request from an upper layer that uses the engine 241 and the hardware resource 242. Specifically, the SRM 221 determines whether the hardware resource 242 that is the target of the acquisition request is available, and if it is available, notifies the upper layer that the hardware resource 242 is available. .. Further, the SRM221 performs scheduling for using the hardware resource 242 in response to the acquisition request from the upper layer, and the request contents (for example, paper transfer by the printer engine, image drawing operation, memory allocation, file generation, etc.). To execute.

The handler layer 200c includes a software group that stores data in the primary storage device 15 and the secondary storage device 16 and controls data reading, and controls hardware belonging to the hardware layer 200d described later. As shown in FIG. 2, the handler layer 200c includes, for example, FCUH (Facsimile Control Unit Handler) 231, IMH (Image Memory Handler) 232, and MEU (Media Edit Utility) 233.

The FCUH231 manages a control unit that controls a fax function included in the hard layer 200d described later. The IMH232 allocates memory to the process and manages the memory allocated to the process. The MEU 233 is connected to the hardware layer 200d, which will be described later, and controls MLB (Media Link Board) and the like included in the hardware resource 242.

As shown in FIG. 2, the hardware layer 200d includes an engine 241 and a hardware resource 242.

The engine 241 is a hardware resource that controls a plotter, a scanner, and the like. The hardware resource 242 is a hardware resource other than the engine 241.

(Software configuration of database device)
FIG. 3 is a diagram showing an example of the software configuration of the database device of the embodiment. The software configuration of the database device 20 of the present embodiment will be described with reference to FIG.

As shown in FIG. 3, the database device 20 has a software group 300 for realizing various operations by utilizing the I / O device 321 and the hardware resource 322. The software group 300 includes an application layer 300a running on an OS such as Windows (registered trademark) or UNIX, a service layer 300b, and a handler layer 300c. The platform 300e that provides various functions to the application layer 300a includes a service layer 300b, a handler layer 300c, and a hard layer 300d. Further, the platform 300e has an API 331 that receives a processing request from the application layer 300a by a predefined function or the like, and a connection I that receives a drive command from the software group 300 to the I / O device 321 and the hardware resource 322. / F332 and.

The software included in the application layer 300a makes a request necessary for the platform 300e in order to realize the operation of the database device 20, and executes the function of each application. As shown in FIG. 3, the application layer 300a includes, for example, a DB management application 301 that controls the management operation of the database device 20 as a database.

The service layer 300b is included in the OS 310, and includes a software group that controls each function such as user authentication 311, file management 312, authority management 313, tracking management 314, and erasure management 315, as shown in FIG. ..

The handler layer 300c is also included in the OS 310, and controls data storage and data reading in the primary storage device 25 and the secondary storage device 26, and controls the hardware belonging to the hardware layer 300d, which will be described later. Includes software group.

As shown in FIG. 3, the hardware layer 300d includes an I / O device 321 and a hardware resource 322.

The I / O device 321 is an input / output device such as a display, a keyboard, and a mouse. The hardware resource 322 is a hardware resource other than the I / O device 321.

(Software configuration of dedicated tracking device)
FIG. 4 is a diagram showing an example of the software configuration of the tracking dedicated device of the embodiment. The software configuration of the tracking dedicated device 30 of the present embodiment will be described with reference to FIG.

As shown in FIG. 4, the tracking dedicated device 30 has a software group 400 for realizing various operations by utilizing the I / O device 421 and the hardware resource 422. The software group 400 includes an application layer 400a running on an OS such as Windows (registered trademark) or UNIX, a service layer 400b, and a handler layer 400c. The platform 400e that provides various functions to the application layer 400a includes a service layer 400b, a handler layer 400c, and a hard layer 400d. Further, the platform 400e has an API 431 that receives a processing request from the application layer 400a by a predefined function or the like, and a connection I that receives a drive command from the software group 400 to the I / O device 421 and the hardware resource 422. / F432 and.

The software included in the application layer 400a makes a request necessary for the platform 400e in order to realize the operation of the tracking dedicated device 30, and executes the function of each application. As shown in FIG. 4, the application layer 400a includes, for example, a DB management application 401 that controls the management operation of the tracking dedicated device 30 as a database.

The service layer 400b is included in the OS 410, and includes a software group that controls each function such as user authentication 411, file management 412, authority management 413, tracking management 414, and erasure management 415, as shown in FIG. ..

The handler layer 400c is also included in the OS 410, and controls data storage and data reading in the primary storage device 35 and the secondary storage device 36, and controls the hardware belonging to the hardware layer 400d, which will be described later. Includes software group.

As shown in FIG. 4, the hardware layer 400d includes an I / O device 421 and a hardware resource 422.

The I / O device 421 is an input / output device such as a display, a keyboard, and a mouse. The hardware resource 422 is a hardware resource other than the I / O device 421.

(Configuration and operation of functional blocks of the image forming apparatus)
FIG. 5 is a diagram showing an example of the configuration of the functional block of the image forming apparatus of the embodiment. The configuration and operation of the functional block of the image forming apparatus 10 of the present embodiment will be described with reference to FIG.

As shown in FIG. 5, the image forming apparatus 10 includes an information input unit 101, an authentication unit 102, a tracking data acquisition unit 103 (first acquisition unit), and a database editing unit 104 (registration unit, replication management unit). (Example), own machine registration unit 105, external registration unit 106, electronic embedding unit 107, image input unit 108 (tracking input unit), electronic embedding detection unit 109 (detection unit), tracking unit 110, Access log acquisition unit 111 (an example of a third acquisition unit), deletion certification acquisition unit 112 (an example of a second acquisition unit), deletion unit 113, deletion certification creation unit 114 (an example of a creation unit), and a storage unit. It has 115 (an example of a first storage unit, an example of a second storage unit, an example of a third storage unit, an example of a fourth storage unit) and an output unit 116 (a data output unit, a display unit).

The information input unit 101 is a functional unit that performs setting information input processing and registration information input processing in the initial setting processing (described later) of the image forming apparatus 10. The information input unit 101 is realized by at least one of the operation display device 12 and the image input device 13 shown in FIG.

The authentication unit 102 is a functional unit that authenticates a user who is a user of the image forming apparatus 10. When the authentication unit 102 determines that the authentication has failed, the authentication unit 102 prompts the information input unit 101 to input information for authentication again. The authentication unit 102 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The tracking data acquisition unit 103 generates tracking data for tracking the registration information when the registration information is input by the information input unit 101, or is for tracking for tracking the registration information from the outside. It is a functional part that acquires data. The tracking data acquisition unit 103 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The database editing unit 104 is a functional unit that registers the registration information input by the information input unit 101 and associates the access log corresponding to the registration information with the tracking data acquired by the tracking data acquisition unit 103. .. The database editing unit 104 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG. The database editing unit 104 has a self-machine registration unit 105 (an example of a registration unit) and an external registration unit 106 (an example of a registration unit).

The own machine registration unit 105 registers (stores) the registration information input by the information input unit 101 in the storage unit 115, and the access log corresponding to the registration information and the tracking data acquired by the tracking data acquisition unit 103. It is a functional unit that associates data with the access log table T2 (described later) stored in the storage unit 115.

The external registration unit 106 has a function of transmitting the registration information input by the information input unit 101 and the tracking data acquired by the tracking data acquisition unit 103 to the database device 20 in order to store them in the database device 20. It is a department.

The electronic embedding unit 107 sets the registration destination of the tracking data acquired by the tracking data acquisition unit 103 and the registration information corresponding to the tracking data as information such as an electronic watermark, and sets the image data (for example, "image". It is a functional part to be embedded in the image data) that shows the contents such as "You can know the access status and deletion status by loading it into the MFP." The electronic embedding unit 107 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The image input unit 108 is a functional unit for inputting image data (an example of predetermined information) in which tracking data is embedded. The image input unit 108 is realized by the image input device 13 shown in FIG.

The electronic embedding detection unit 109 is a functional unit that detects tracking data from the image data input by the image input unit 108. The electronic embedding detection unit 109 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The tracking unit 110 is a functional unit that tracks the registration information corresponding to the tracking data when the tracking data is detected from the image data by the electronic embedding detection unit 109. Specifically, the tracking unit 110 sends a tracking data and an access log acquisition command corresponding to the registration information using the tracking data to the access log acquisition unit 111. The tracking unit 110 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The access log acquisition unit 111 is a functional unit that acquires the access log corresponding to the registration information by using the tracking data. The access log acquisition unit 111 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The deletion certificate acquisition unit 112 is a functional unit that acquires a deletion certificate when the access log corresponding to the registration information cannot be acquired by the access log acquisition unit 111 and the registration information is deleted. The deletion certification acquisition unit 112 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The deletion unit 113 is, for example, a functional unit that deletes the registration information registered in the storage unit 115 according to an operation input via the information input unit 101 by the user. Specifically, when deleting the registration information, the deletion unit 113 deletes the registration information registered in the data table T1 described later, and also includes an access log corresponding to the registration information in the access log table T2 described later. delete. The deletion unit 113 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The deletion certificate creation unit 114 is a functional unit that creates a deletion certificate certifying that the registration information has been deleted by the deletion unit 113 and deletion certification information including information such as a deletion method and stores it in the storage unit 115. be. The deletion certificate creation unit 114 is realized by a program (for example, program P1) that operates in the control device 11 shown in FIG.

The storage unit 115 is a functional unit that stores the above-mentioned program P1, registration information, access log, deletion certificate, and the like. The storage unit 115 is realized by, for example, the secondary storage device 16 shown in FIG.

The output unit 116 is a functional unit that outputs information indicating the result of processing by each functional unit. Specifically, when the electronic embedding detection unit 109 does not detect tracking data such as a digital watermark as electronic embedding from the image data, the output unit 116 outputs an error indicating that fact. Further, when the access log is acquired by the access log acquisition unit 111, the output unit 116 displays and outputs the access log. Further, when the deletion certificate is acquired by the deletion certificate acquisition unit 112, the output unit 116 displays and outputs the contents (deletion certificate information) of the deletion certificate. Further, the output unit 116 outputs the image data in which the tracking data and the registration destination of the registration information are embedded by the electronic embedding unit 107. The output unit 116 is realized by the operation display device 12 and the image output device 14 shown in FIG.

It should be noted that each functional block of the image forming apparatus 10 shown in FIG. 5 conceptually shows a function, and is not limited to such a configuration. For example, a plurality of functional units illustrated as independent functional units in the image forming apparatus 10 shown in FIG. 5 may be configured as one functional unit. On the other hand, in the image forming apparatus 10 shown in FIG. 5, the functions of one functional unit may be divided into a plurality of functions and configured as a plurality of functional units.

Further, the above-mentioned authentication unit 102, tracking data acquisition unit 103, database editing unit 104, own machine registration unit 105, external registration unit 106, electronic embedding unit 107, electronic embedding detection unit 109, tracking unit 110, access log acquisition unit. 111, the deletion certificate acquisition unit 112, the deletion unit 113, and a part or all of the deletion certificate creation unit 114 are not programs that are software, but an FPGA (Field-Programmable Gate Array), an ASIC (Application Specific Integrated Circuit), or the like. It may be realized by a hardware circuit.

Further, the functional block diagram shown in FIG. 5 is a diagram showing the main functional parts of the image forming apparatus 10, and the functions of the image forming apparatus 10 are not limited thereto.

(Configuration and operation of functional blocks of the database device)
FIG. 6 is a diagram showing an example of the configuration of the functional block of the database device of the embodiment. The configuration and operation of the functional block of the database device 20 of the present embodiment will be described with reference to FIG.

As shown in FIG. 6, the database device 20 includes an external access detection unit 121, an access authority reference unit 122, an authentication unit 123, a database editing unit 124 (an example of a replication management unit), and a tracking unit 125 (second). An example of an acquisition unit, an example of a third acquisition unit), a storage unit 126 (an example of a first storage unit, an example of a second storage unit, an example of a third storage unit, an example of a fourth storage unit), and a deletion unit. It has 127 and a deletion certificate creating unit 128 (an example of the creating unit).

The external access detection unit 121 is a functional unit that detects whether or not the database device 20 is accessed from the outside. The external access detection unit 121 is realized by a program (for example, program P2) that operates in the control device 21 shown in FIG.

The access authority reference unit 122 is a functional unit that refers to the access authority to the access log of the registration information registered in the storage unit 126 of the database device 20. The access authority reference unit 122 is realized by a program (for example, program P2) that operates in the control device 21 shown in FIG.

The authentication unit 123 is a functional unit that authenticates a user who has accessed the database device 20. When the authentication unit 123 determines that the authentication has failed, the authentication unit 123 causes the external access detection unit 121 to detect the presence or absence of re-access to the database device 20. The authentication unit 123 is realized by a program (for example, program P2) that operates in the control device 21 shown in FIG.

The database editorial unit 124 is a functional unit that associates the access log corresponding to the registration information with the tracking data. The database editing unit 124 is realized by a program (for example, program P2) that operates in the control device 21 shown in FIG.

The tracking unit 125 is a functional unit that tracks the registration information corresponding to the tracking data when the registration information is stored in the storage unit 126. The tracking unit 125 is realized by a program (for example, program P2) that operates in the control device 21 shown in FIG.

The storage unit 126 is a functional unit that stores the above-mentioned program P2, registration information, access log, deletion certificate, and the like. The storage unit 126 is realized by, for example, the secondary storage device 26 shown in FIG.

The deletion unit 127 is a functional unit that deletes the registration information registered in the storage unit 126 in accordance with an external deletion command. The deletion unit 127 is realized by a program (for example, program P2) that operates in the control device 21 shown in FIG.

The deletion certificate creation unit 128 is a functional unit that creates a deletion certificate including the fact that the registration information has been deleted by the deletion unit 127 and stores it in the storage unit 126. The deletion certificate creation unit 128 is realized by a program (for example, program P2) that operates in the control device 21 shown in FIG.

It should be noted that each functional block of the database device 20 shown in FIG. 6 conceptually shows a function, and is not limited to such a configuration. For example, a plurality of functional units illustrated as independent functional units in the database device 20 shown in FIG. 6 may be configured as one functional unit. On the other hand, in the database device 20 shown in FIG. 6, the function of one functional unit may be divided into a plurality of functions and configured as a plurality of functional units.

Further, a part or all of the above-mentioned external access detection unit 121, access authority reference unit 122, authentication unit 123, database editing unit 124, tracking unit 125, deletion unit 127, and deletion certification creation unit 128 are programs that are software. Instead, it may be realized by a hardware circuit such as FPGA or ASIC.

Further, the functional block diagram shown in FIG. 6 is a diagram showing the main functional parts of the database device 20, and the functions of the database device 20 are not limited to these.

(Configuration and operation of functional blocks of dedicated tracking device)
FIG. 7 is a diagram showing an example of the configuration of the functional block of the tracking dedicated device of the embodiment. The configuration and operation of the functional block of the tracking dedicated device 30 of the present embodiment will be described with reference to FIG. 7.

As shown in FIG. 7, the tracking dedicated device 30 includes an external access detection unit 131, an authentication unit 132, a tracking unit 133, and a tracking database reference unit 134.

The external access detection unit 131 is a functional unit that detects whether or not the tracking dedicated device 30 is accessed from the outside. The external access detection unit 131 is realized by a program (for example, program P3) that operates in the control device 31 shown in FIG.

The authentication unit 132 is a functional unit that authenticates the access authority to the access log of the registration information registered in the storage unit 126 of the database device 20. When the authentication unit 132 determines that the authentication has failed, the authentication unit 132 causes the external access detection unit 131 to detect the presence or absence of re-access to the tracking dedicated device 30. The authentication unit 132 is realized by a program (for example, program P3) that operates in the control device 31 shown in FIG.

The tracking unit 133 is a functional unit that tracks the registration information corresponding to the tracking data when the registration information is stored in the storage unit 126 of the database device 20. The tracking unit 133 is realized by a program (for example, program P3) that operates in the control device 31 shown in FIG.

The tracking database reference unit 134 is a functional unit that refers to the storage unit 126 of the database device 20 in order to track the registration information in accordance with the instruction of the tracking unit 133. The tracking database reference unit 134 is realized by a program (for example, program P3) that operates in the control device 31 shown in FIG.

It should be noted that each functional block of the tracking dedicated device 30 shown in FIG. 7 conceptually shows a function, and is not limited to such a configuration. For example, a plurality of functional units illustrated as independent functional units in the tracking dedicated device 30 shown in FIG. 7 may be configured as one functional unit. On the other hand, in the tracking dedicated device 30 shown in FIG. 7, the functions of one functional unit may be divided into a plurality of functions and configured as a plurality of functional units.

Further, a part or all of the above-mentioned external access detection unit 131, authentication unit 132, tracking unit 133, and tracking database reference unit 134 is realized not by a program that is software but by a hardware circuit such as FPGA or ASIC. May be good.

Further, the functional block diagram shown in FIG. 7 is a diagram showing the main functional parts of the tracking dedicated device 30, and the functions of the tracking dedicated device 30 are not limited to these.

As described with reference to FIG. 5 above, in the information processing system 1, the registered information (registration information) is stored inside the image forming apparatus 10 (storage unit 115), and the image forming apparatus 10 itself stores the registered information. (For example, acquisition of access log, etc.) can be performed. Further, the registration information may be stored in the database device 20 outside the image forming apparatus 10, and the database device 20 may track the registration information. Further, the tracking dedicated device 30 may specialize the tracking operation with respect to the registration information stored in the image forming device 10 or the database device 20. That is, the information processing system 1 may have an image forming apparatus 10 and may not have a database apparatus 20 and a tracking dedicated apparatus 30, or may have a database apparatus 20 in addition to the image forming apparatus 10. Further, it is also possible to have a configuration having a tracking dedicated device 30. In the following description, it is assumed that the registration information is stored in the image forming apparatus 10 or the database apparatus 20, and the tracking operation of the registration information is also performed by the image forming apparatus 10 or the database apparatus 20.

(Outline of operation to register data)
FIG. 8 is a diagram illustrating an example of an operation of registering data in the information processing system according to the embodiment. The operation of registering data in the information processing system 1 according to the present embodiment will be described with reference to FIG.

As shown in FIG. 8, when the user inputs information I1 such as a questionnaire result to the operation display device 12 (information input unit 101) of the image forming device 10, the image forming device 10 inputs the input information I1. Is read as the information I2 that can be registered, and the tracking data Tc is generated as the tracking data corresponding to the information I2.

The read information I2 is uploaded (transmitted) to the database device 20, written in the free area (empty record) of the data table T1 stored in the database device 20, and stored as registration information. In the example of FIG. 8, the information I2 is written in the record in which the data identification number (No.) of the data table T1 is "003".

Further, the tracking data Tc corresponding to the information I2 written in the data table T1 is an access log for each information I2 in the access log table T2 (in the example of FIG. 8, the number of prints, the number of edits, the number of duplicates, and the number of references). ) Is associated with. Further, the tracking data Tc corresponding to the information I2 is the deletion certificate No. which identifies the access authority to the access log of the access log table T2 and the deletion certificate of the registration information in the access log authority management table T3. Associated with. By associating the tracking data Tc with the access authority, when it is desired to conceal the access log for the registered information, it is possible to conceal the access log by setting the access authority. In addition, the tracking data Tc is deleted with the deletion certification No. By associating with, the deletion proof No. associated with the tracking data Tc of the target registration information. By confirming the presence or absence of the information, it is possible to determine whether or not the registration information has been deleted.

For example, in FIG. 8, the access log corresponding to the tracking data “1234” of the information I2 written in the record of the data identification number “003” of the data table T1 is edited with the number of prints “0” in the access log table T2. The number is "0", the number of duplicates is "0", and the number of references is "0" (all are initial values). Further, in the access log authority management table T3, the access authority to the access log is set to "reference / download" for the tracking data "1234", and the deletion certification No. Has been shown to have not been published yet.

As a result, by using the tracking data Tc, the user acquires the access log corresponding to the (registered) information I2 (registration information) written in the database device 20 by referring to the access log table T2. can do. Further, by using the tracking data Tc, the user has a deletion certificate certifying that the information I2 (registration information) written (registered) in the database device 20 in the past has been deleted. This can be confirmed by referring to the access log authority management table T3.

Note that FIG. 8 shows an example in which the data table T1, the access log table T2, and the access log authority management table T3 are stored in the database device 20 (storage unit 126), but the present invention is not limited thereto. , It may be stored in the image forming apparatus 10 (storage unit 115).

Further, in FIG. 8, since the data identification numbers (No.) of the data table T1, the access log table T2, and the access log authority management table T3 all correspond to the same registration information, the data table T1 has tracking data. Is not written, but tracking data may be written in the same record together with the information I2 as in the data table T1 shown in FIG. 9 described later.

(Overview of the operation to acquire the access log and the operation to display the deletion certification information)
FIG. 9 is a diagram illustrating an example of an operation of acquiring an access log using tracking data and an operation of displaying deletion certification information in the information processing system according to the embodiment. The operation of acquiring the access log and the operation of displaying the deletion certification information in the information processing system 1 according to the present embodiment will be described with reference to FIG.

As shown in FIG. 9, the user who has input the information I1 (see FIG. 8) to the image forming apparatus 10 receives and manages the image data J1 in which the tracking data Tc is electronically embedded. The user causes the image forming device 10 (image input device 13) to read the image data J1 when he / she wants to confirm the access log for the information I1 or when he / she wants to confirm the proof that the information I1 has been deleted.

The image forming device 10 (image input device 13) reads the image data J1, detects that the tracking data Tc is electronically embedded in the image data J1, and accesses the database device 20. The database device 20 refers to the access log authority management table T3, and delete proof No. 20 associated with the detected tracking data Tc. To get.

The database device 20 has a deletion proof No. 20 associated with the tracking data Tc. Is not issued, that is, when the deletion certificate for the registration information corresponding to the tracking data Tc has not been issued, the access log table T2 is referred to. Then, the database device 20 acquires the access log L1 associated with the tracking data Tc in the access log table T2, and transmits the access log L1 to the image forming device 10. The image forming apparatus 10 causes the operation display device 12 (output unit 116) to display the received access log L1 as shown in FIG.

In this case, the user can confirm whether or not the registration information has been leaked by viewing the contents of the access log L1 displayed on the operation display device 12 of the image forming device 10. For example, in the example of FIG. 9, since the number of views for the registered information is a very large value, it can be estimated that the registered information may have been accessed from the outside.

On the other hand, the database device 20 has a deletion proof No. 20 associated with the tracking data Tc. When the deletion certificate is issued for the registration information corresponding to the tracking data Tc, the deletion certificate management table T4 is referred to and the location on the storage unit 126 where the deletion certificate is stored. (LBA: Logical Block Addressing) is confirmed, and the deletion certificate is obtained from the location on the storage unit 126. Further, the database device 20 refers to the deletion content table T5 and acquires information on the deletion certificate (in the example of FIG. 9, the deletion date and time and the deletion method) from the record corresponding to the tracking data Tc. Then, the database device 20 transmits the deletion certificate certifying that the registration information has been deleted and the deletion certification information D1 including the information acquired from the deletion content table T5 to the image forming device 10. The image forming apparatus 10 causes the operation display device 12 (output unit 116) to display the received deletion certification information D1 as shown in FIG.

In this way, the user can confirm the proof that the registration information is registered once and then actually deleted by viewing the deletion proof information D1 for the registration information corresponding to the tracking data Tc. Can be done.

In the example shown in FIG. 9, when the registration information is registered in the storage unit 126 of the database device 20, that is, the data table T1, the access log table T2, the access log authority management table T3, the deletion certification management table T4, and the deletion. The case where the content table T5 is stored has been described as an example, but the present invention is not limited to this. For example, each table may be stored in the storage unit 115 of the image forming apparatus 10. Further, it is not necessary for each table to be stored in the same storage unit, and the tables may be distributed and stored in a plurality of storage units.

(Overall operation of information processing system)
FIG. 10 is a flowchart showing an example of the overall flow of processing of the information processing system according to the embodiment. The flow of the entire process of the information processing system 1 according to the present embodiment will be described with reference to FIG.

<Step S1>
First, the image forming apparatus 10 performs the initial setting process. Here, the initial setting process includes setting the registration destination of the registration information read by the image forming apparatus 10, setting the acquisition destination of the access log, setting the creation location of the tracking data, and whether or not the electronic embedding is detected. This is the process of making settings. Details of the initial setting process will be described later with reference to FIGS. 11 to 13. Then, the process proceeds to step S2.

<Step S2>
Next, the image forming apparatus 10 performs an execution process. Here, the execution process means that the process of registering the input registration process, the process of acquiring the access log of the registration information corresponding to the tracking data, and the process of deleting the registration information corresponding to the tracking data are deleted. This is a process for displaying the deletion certification information to be shown. Details of the execution process will be described later with reference to FIGS. 14 to 21. Then, a series of processes by the information processing system 1 is completed.

(Initial setting process)
FIG. 11 is a flowchart showing an example of the initial setting process of the information processing system according to the embodiment. FIG. 12 is a diagram showing an example of the initial setting screen. FIG. 13 is a diagram showing an example of a pop-up screen displayed on the initial setting screen. The initial setting process in the image forming apparatus 10 according to the present embodiment will be described with reference to FIGS. 11 to 13.

<Step S11>
First, the authentication unit 102 of the image forming apparatus 10 performs an authentication process for authenticating the user based on the information (user name, password, etc.) operation-input by the user via the information input unit 101. Then, the process proceeds to step S12.

<Step S12>
The output unit 116 of the image forming apparatus 10 displays, for example, the initial setting screen 500 shown in FIG. Then, the process proceeds to step S13.

<Step S13>
The image forming apparatus 10 sets information registration as to whether the registration information is registered to the own machine (image forming apparatus 10) or to the outside (database apparatus 20) according to the operation input via the information input unit 101 by the user. I do. Further, when the registration destination is set to the own machine, the image forming apparatus 10 sets whether to allow access from the outside according to the operation input, and determines whether or not the access is possible by manual operation each time the access occurs. Set whether to do it or not. Specifically, the operation input by the user is performed in the information registration setting area 501 of the initial setting screen 500 shown in FIG. Further, when the "own machine / external" setting button in the information registration setting area 501 is pressed, for example, the information registration setting pop-up 510 shown in FIG. 13 is displayed. In the information registration setting pop-up 510, the above-mentioned information registration setting is performed by selecting by pressing the own machine button 511 or the external button 512. Further, the registration destination selection unit 511a sets a storage device as a registration destination of the registration information when the registration destination is the own machine. Further, the access destination input unit 512a sets an access destination (external device) to be the registration destination of the registration information when the registration destination is external. Then, the process proceeds to step S14.

<Step S14>
Next, the image forming apparatus 10 either acquires the access log corresponding to the registration information by its own machine (image forming apparatus 10) or externally (as an access acquisition setting) according to the operation input via the information input unit 101 by the user. The database device 20 or the tracking-only device 30) is used to set whether to acquire the information, and whether or not to keep the acquired access log. Specifically, the operation input by the user is performed in the access log acquisition setting area 502 of the initial setting screen 500 shown in FIG. Then, the process proceeds to step S15.

<Step S15>
Next, the image forming apparatus 10 creates tracking data corresponding to the registered information by its own machine (image forming apparatus 10) or externally (database apparatus 20) according to the operation input via the information input unit 101 by the user. ) To create and acquire tracking data. Specifically, the operation input by the user is performed in the tracking data acquisition setting area 503 of the initial setting screen 500 shown in FIG. Then, the process proceeds to step S16.

<Step S16>
Then, the image forming apparatus 10 sets whether or not to detect the electronic embedding as the electronic embedding setting according to the operation input via the information input unit 101 by the user, and a program to be executed when the electronic embedding is detected. (Acquisition of access log, acquisition of deletion certification information if deleted, printing of access log, printing of deletion certification information, etc.). Specifically, the operation input by the user is performed in the electronic embedding setting area 504 of the initial setting screen 500 shown in FIG. Then, the initial setting process is completed.

(Execution processing)
FIG. 14 is a flowchart showing an example of execution processing of the information processing system according to the embodiment. The execution process in the information processing system 1 according to the present embodiment will be described with reference to FIG.

<Step S21>
The image forming apparatus 10 determines whether to perform the panel input processing or the image input processing based on the operation input via the information input unit 101 by the user. When the panel input process is performed (step S21: panel input process), the process proceeds to step S22, and when the image input process is performed (step S21: image input process), the process proceeds to step S23.

<Step S22>
The image forming apparatus 10 performs a panel input process according to an operation input via the information input unit 101 by the user. Here, in the panel input process, registration information is registered (stored) in the image forming apparatus 10 or the database apparatus 20, tracking data corresponding to the registration information is generated, and the tracking data and the registration information are combined. This is the process of associating with the access log. Details of the panel input process will be described later with reference to FIGS. 15 to 19. Then, the execution process is terminated.

<Step S23>
The image forming apparatus 10 performs an image input process according to an operation input via the information input unit 101 by the user. Here, the image input process is a process of detecting electronic embedding in an image at the time of image input, and if detected, performing a set program process. Details of the image input process will be described later with reference to FIGS. 20 and 21. Then, the execution process is terminated.

(Panel input processing)
FIG. 15 is a flowchart showing an example of a panel input process in the execution process. FIG. 16 is a diagram showing an example of an information input screen. The panel input process in the information processing system 1 according to the present embodiment will be described with reference to FIGS. 15 and 16.

<Step S221>
The user inputs information (registration information) for registration by operating the information input unit 101. Here, the input of the registration information will be described with reference to the information input screen 520 shown in FIG. The information input screen 520 is an example of a screen for inputting registration information displayed on the output unit 116 (operation display device 12 (touch panel)) of the image forming apparatus 10. As shown in FIG. 16, after the information to be registered is input to the registration information input unit 521, the upload destination (registration destination) of the registration information is specified by the registration destination setting unit 522. In the example shown in FIG. 16, "ABC Co., Ltd." is input to the registration destination setting unit 522 as the registration destination, and the server of "ABC Co., Ltd." is designated as the registration destination.

Next, the access log output selection unit 523 sets whether or not to output the access log for the registration information. When the output of the access log is set, that is, when the management function for the access log is provided, the tracking data is required to acquire the access log, so the tracking data creation process described later is executed. Will be. After that, the user presses the operation button 524 via the information input unit 101 to start uploading the registration information to the designated registration destination. Then, the process proceeds to step S222.

<Step S222>
The database editing unit 104 of the image forming apparatus 10 determines whether the registration destination of the registration information is set to the external (database apparatus 20) or the own machine (image forming apparatus 10) in the information registration setting of the initial setting process. Check. When the registration destination is set to the outside (step S222: Yes), the process proceeds to step S223, and when the registration destination is set to the own machine (step S222: No), the process proceeds to step S224.

<Step S223>
The image forming apparatus 10 executes a database registration process for registering the input registration information in the database apparatus 20. Details of the database registration process will be described later with reference to FIGS. 17 and 18. Then, the process proceeds to step S225.

<Step S224>
The image forming apparatus 10 executes a self-machine registration process for registering the input registration information in the image forming apparatus 10 itself. The details of the own machine registration process will be described later in FIGS. 18 and 19. Then, the process proceeds to step S225.

<Step S225>
The image forming apparatus 10 determines whether or not to output tracking data. As described above, when the output of the access log is set on the information input screen 520 (when it has a management function for the access log), the image forming apparatus 10 may determine that the tracking data is output. .. When the tracking data is output (step S225: Yes), the process proceeds to step S226, and when the tracking data is not output (step S225: No), the panel input process is terminated.

<Step S226>
The electronic embedding unit 107 of the image forming apparatus 10 sets the registration destination of the tracking data acquired by the tracking data acquisition unit 103 and the registration information corresponding to the tracking data as information such as an electronic watermark, and image data (for example, , Image data showing registration information). Then, the output unit 116 of the image forming apparatus 10 outputs the image data in which the tracking data and the registration destination of the registration information are embedded by the electronic embedding unit 107. Then, the panel input process is finished.

(Database registration process)
FIG. 17 is a flowchart showing an example of the database registration process in the panel input process. The database registration process in the information processing system 1 according to the present embodiment will be described with reference to FIG.

<Step S2231>
The image forming apparatus 10 establishes communication with the database apparatus 20 set as the registration destination. Then, the process proceeds to step S2232.

<Step S2232>
When communication is established between the image forming apparatus 10 and the database apparatus 20 (step S2232: Yes), the process proceeds to step S2233, and when communication is not established (step S2232: No), the process proceeds to step S2239.

<Step S2233>
The image forming apparatus 10 determines whether or not the database apparatus 20 has a management function for the access log. For example, in the above-mentioned information input screen 520, when the registration destination is set to the outside (database device 20) and the output of the access log for the registration information is set, the image forming device 10 has the database device 20 for the access log. It may be determined that it has a management function. When the access log has a management function (step S2233: Yes), the process proceeds to step S2234, and when the access log management function is not provided (step S2233: No), the process proceeds to step S2237.

<Step S2234>
The image forming apparatus 10 executes a tracking data creation process for creating (acquiring) tracking data. Details of the tracking data creation process will be described later with reference to FIG. Then, the process proceeds to step S2235.

<Step S2235>
The external registration unit 106 of the image forming device 10 is a database device for storing the registration information input by the information input unit 101 and the tracking data acquired by the tracking data acquisition unit 103 in the database device 20. Upload (send) to 20. Then, the process proceeds to step S2236.

<Step S2236>
By receiving the notification of registration success from the database device 20, the image forming apparatus 10 confirms that the tracking data and the access log of the input registration information are associated with each other. The registration operation of the registration information in the database device 20, the association operation between the tracking data and the access log of the input registration information, and the like will be described later in the information registration process of FIG. 23. Then, the database registration process is terminated.

<Step S2237>
When the database device 20 does not have a management function for the access log, the image forming device 10 determines whether or not to register only the registration information. For example, when the information input screen 520 described above is set not to output the access log for the registration information, the image forming apparatus 10 may determine that only the registration information is registered. When only the registration information is registered (step S2237: Yes), the process proceeds to step S2238, and when the registration information is not registered (step S2237: No), the process proceeds to step S2239.

<Step S2238>
The external registration unit 106 uploads (transmits) the registration information input from the information input unit 101 to the database device 20 in order to store it in the database device 20. The image forming apparatus 10 confirms that the registration information has been registered by receiving the notification of registration success from the database apparatus 20. Then, the database registration process is terminated.

<Step S2239>
If communication is not established between the image forming apparatus 10 and the database apparatus 20 in step S2232, or if the registration information is not registered in step S2237, the external registration unit 106 uses the output unit 116 (operation). Display an error that communication is not possible on the display device 12). Then, the database registration process is terminated.

(Tracking data creation process)
FIG. 18 is a flowchart showing an example of the tracking data creation process in the database registration process and the own machine registration process. The tracking data creation process in the image forming apparatus 10 according to the present embodiment will be described with reference to FIG.

<Step S22341>
The tracking data acquisition unit 103 of the image forming apparatus 10 determines whether the tracking data is created by its own machine (image forming apparatus 10) or externally (database apparatus 20). Specifically, the tracking data acquisition unit 103 may make a determination based on the result set in the tracking data acquisition setting on the above-mentioned initial setting screen 500. When the tracking data is created by the own machine (step S22341: Yes), the process proceeds to step S22342, and when the tracking data is acquired from the outside (step S22341: No), the process proceeds to step S22343.

<Step S22342>
The tracking data acquisition unit 103 creates tracking data corresponding to the registration information input by the information input unit 101. Then, the tracking data creation process is terminated.

<Step S22343>
The tracking data acquisition unit 103 externally requests the creation of tracking data corresponding to the registration information input by the information input unit 101, and acquires the tracking data created externally. Then, the tracking data creation process is terminated.

(Own machine registration process)
FIG. 19 is a flowchart showing an example of the own machine registration process in the panel input process. The own machine registration process in the image forming apparatus 10 according to the present embodiment will be described with reference to FIG.

<Step S2241>
The image forming apparatus 10 determines whether or not it has a management function for the access log. For example, in the above-mentioned information input screen 520, when the registration destination is set to the own machine (image forming apparatus 10) and the output of the access log for the registration information is set, the image forming apparatus 10 has a management function for the access log. It may be determined that the product has. When the access log has a management function (step S2241: Yes), the process proceeds to step S2242, and when the access log management function is not provided (step S2241: No), the process proceeds to step S2245.

<Step S2242>
The image forming apparatus 10 executes a tracking data creation process for creating (acquiring) tracking data. The details of the tracking data creation process are as described above in FIG. Then, the process proceeds to step S2243.

<Step S2243>
The own machine registration unit 105 of the image forming apparatus 10 stores (registers) the registration information input by the information input unit 101 and the tracking data acquired by the tracking data acquisition unit 103 in the storage unit 115. Specifically, the own machine registration unit 105 writes the registration information in the free area (empty record) of the data table T1 of the storage unit 115, and associates the tracking data in the access log table T2 with the access log for the registration information. Remember. Then, the process proceeds to step S2244.

<Step S2244>
The image forming apparatus 10 confirms that the tracking data and the access log of the input registration information are associated with each other by storing the registration information and the tracking data by the own machine registration unit 105. Then, the own machine registration process is completed.

<Step S2245>
The own machine registration unit 105 stores (registers) the registration information input from the information input unit 101 in the storage unit 115. Specifically, the own machine registration unit 105 writes the registration information in the free area (empty record) of the data table T1 of the storage unit 115. Then, the own machine registration process is completed.

(Image input processing)
FIG. 20 is a flowchart showing an example of an image input process in the execution process. The image input process in the information processing system 1 according to the present embodiment will be described with reference to FIG.

<Step S231>
The image input unit 108 of the image forming apparatus 10 inputs image data. The image forming apparatus 10 determines whether or not the setting for detecting electronic embedding in the image data is set. Specifically, the image forming apparatus 10 determines based on the setting contents of the above-mentioned initial setting process. If the setting to detect the electronic embedding is set (step S231: Yes), the process proceeds to step S232, and if the setting is not made (step S231: No), the process proceeds to step S236.

<Step S232>
The electronic embedding detection unit 109 of the image forming apparatus 10 detects the electronically embedded information (tracking data and registration destination) from the input image data. If the electronically embedded information is detected (step S232: Yes), the process proceeds to step S233, and if it is not detected (step S232: No), the process proceeds to step S236.

<Step S233>
When the electronic embedding detection unit 109 detects the electronically embedded information (tracking data and registration destination), the image forming apparatus 10 determines whether or not a program to be operated is set. Specifically, the image forming apparatus 10 determines based on the setting contents of the above-mentioned initial setting process. If the program to be operated is set (step S233: Yes), the process proceeds to step S234, and if it is not set (step S233: No), the process proceeds to step S235.

<Step S234>
When a program to be operated is set, the image forming apparatus 10 executes a program process based on the program. Details of the program processing will be described later with reference to FIG. Then, the image input process is finished.

<Step S235>
The image forming apparatus 10 causes the output unit 116 (operation display device 12) to display the electronically embedded information (tracking data, registration destination of registration information, etc.). Then, the image input process is finished.

<Step S236>
When the electronic embedding detection is not set, the output unit 116 of the image forming apparatus 10 outputs the image data input by the image input unit 108 as it is. Then, the image input process is finished.

(Program processing)
FIG. 21 is a flowchart showing an example of program processing in the image input processing. The program processing in the information processing system 1 according to the present embodiment will be described with reference to FIG. 21.

<Step S2341>
The image forming apparatus 10 determines whether or not the electronically embedded information detected by the electronic embedding detection unit 109 is tracking data and a registration destination. If it is the tracking data and the registration destination (step S2341: Yes), the process proceeds to step S2342, and if it is not the tracking data and the registration destination (step S2341: No), the process proceeds to step S2356.

<Step S2342>
The tracking unit 110 of the image forming apparatus 10 acquires the tracking data and the registration destination detected from the image data by the electronic embedding detection unit 109. Then, the process proceeds to step S2343.

<Step S2343>
The image forming apparatus 10 determines whether or not the registration destination detected by the electronic embedding detection unit 109 indicates the outside (database apparatus 20). When the registration destination indicates the outside (step 2343: Yes), the process proceeds to step S2344, and when the registration destination indicates the own machine (image forming apparatus 10) (step S2343: No), the process proceeds to step S2350.

<Step S2344>
The image forming apparatus 10 establishes communication with the registration destination (database apparatus 20). Then, the process proceeds to step S2345.

<Step S2345>
When communication is established between the image forming apparatus 10 and the registration destination (database apparatus 20) (step S2345: Yes), the process proceeds to step S2346, and when communication is not established (step S2345: No), step S2351 Move to.

<Step S2346>
The access log acquisition unit 111 of the image forming apparatus 10 transmits the acquired tracking data to the registration destination (database apparatus 20) acquired by the tracking unit 110. Based on the received tracking data, the database device 20 acquires the access log of the registration information to be tracked by the tracking data from the storage unit 126 and transmits it to the image forming device 10. The information acquisition operation (access log table access process) based on the tracking data by the database device 20 will be described later with reference to FIG. Then, the process proceeds to step S2347.

<Step S2347>
The access log acquisition unit 111 determines whether or not the data received (acquired) from the database device 20 is the deletion certification information. If the acquired data is an access log (step S2347: No), the process proceeds to step S2348. On the other hand, when the acquired data is the deletion certification information (step S2347: Yes), the access log acquisition unit 111 sends the deletion certification information to the deletion certification acquisition unit 112, and proceeds to step S2349.

<Step S2348>
The access log acquisition unit 111 causes the output unit 116 (operation display device 12) to display the acquired access log. For example, the access log L1 shown in FIG. 9 described above is displayed on the operation display device 12. Then, the program processing is terminated.

<Step S2349>
The deletion certification acquisition unit 112 causes the output unit 116 (operation display device 12) to display the acquired deletion certification information. For example, the deletion certification information D1 shown in FIG. 9 described above is displayed on the operation display device 12. Then, the program processing is terminated.

<Step S2350>
The image forming apparatus 10 determines whether or not the user has the authority to refer to the access log. For example, the image forming apparatus 10 refers to the access log authority management table T3 of the storage unit 115, acquires the access authority corresponding to the tracking data acquired by the tracking unit 110, and the access authority refers to the access log. It suffices to determine whether or not it is an authority. If there is an authority to refer to the access log (step S2350: Yes), the process proceeds to step S2352, and if there is no authority to refer to the access log (step S2350: No), the process proceeds to step S2351.

<Step S2351>
If you do not have the authority to refer to the access log, or if communication with the registration destination (database device 20) is not established, the image forming device 10 indicates that there is no information in the output unit 116 (operation display device 12). Display it. Then, the program processing is terminated.

<Step S2352>
The access log acquisition unit 111 of the image forming apparatus 10 refers to the access log authority management table T3 stored in the storage unit 115 based on the acquired tracking data, and the deletion certification No. corresponding to the tracking data. Determine if there is.

Deletion certification No. corresponding to the tracking data. If there is no access log acquisition unit 111, the access log acquisition unit 111 refers to the access log table T2 and acquires the access log corresponding to the tracking data. On the other hand, the deletion certification No. corresponding to the tracking data. If there is, the deletion certificate acquisition unit 112 refers to the deletion certificate management table T4 and acquires an LBA indicating the location where the deletion certificate corresponding to the tracking data is stored. The deletion certificate acquisition unit 112 acquires the deletion certificate stored in the location indicated by the acquired LBA in the storage unit 115. Further, the deletion certificate acquisition unit 112 refers to the deletion content table T5 and acquires the deletion date and time and the deletion method corresponding to the tracking data. In this way, the deletion certificate acquisition unit 112 acquires the acquired deletion certificate, the deletion date and time, and the deletion method as the deletion certificate information.

<Step S2353>
When the access log is acquired by the access log acquisition unit 111 (step S2353: No), the process proceeds to step 2354, and when the deletion certification information is acquired by the deletion certification acquisition unit 112 (step S2353: Yes), the process proceeds to step S2355. Transition.

<Step S2354>
The access log acquisition unit 111 causes the output unit 116 (operation display device 12) to display the acquired access log. For example, the access log L1 shown in FIG. 9 described above is displayed on the operation display device 12. Then, the program processing is terminated.

<Step S2355>
The deletion certification acquisition unit 112 causes the output unit 116 (operation display device 12) to display the acquired deletion certification information. For example, the deletion certification information D1 shown in FIG. 9 described above is displayed on the operation display device 12. Then, the program processing is terminated.

<Step S2356>
When the electronically embedded information detected by the electronically embedded detection unit 109 is not the tracking data and the registration destination, the image forming apparatus 10 executes an operation based on another program. Since the operation based on another program is not related to the present invention, the description thereof will be omitted. Then, the program processing is terminated.

(Database processing)
FIG. 22 is a flowchart showing an example of database processing of the database device of the embodiment. The database processing in the database device 20 of the present embodiment will be described with reference to FIG. 22. The database process in the database device 20 is a process when the registration information is stored (registered) in the database device 20. Further, even when the registration information is stored in the own machine (image forming apparatus 10), the same processing as the operation described below may be performed in the image forming apparatus 10.

<Step S31>
The external access detection unit 121 of the database device 20 confirms whether or not there is access from the image forming device 10. When there is access from the image forming apparatus 10 (step S31: Yes), the process proceeds to step S32, and when there is no access (step S31: No), the external access detection unit 121 continues to access from the image forming apparatus 10. Check if there is.

<Step S32>
The external access detection unit 121 confirms whether the access destination from the image forming apparatus 10 is the data table T1, the access log authority management table T3, and the access log table T2. When the access destination is the data table T1 (step S32: data table), the process proceeds to step S33, and the access destination is the access log authority management table T3 and the access log table T2 (step S32: access log table). If so, the process proceeds to step S36.

<Step S33>
The external access detection unit 121 confirms whether or not the access from the image forming apparatus 10 requires the registration of information (registration information). When the registration of information is requested (step S33: Yes), the process proceeds to step S34, and when the registration of information is not requested (step S33: No), the process proceeds to step S35.

<Step S34>
The database editing unit 124 of the database device 20 executes an information registration process for registering registration information in the data table T1 of the storage unit 126. The details of the information registration process will be described later with reference to FIG. 23. Then, the database processing is terminated.

<Step S35>
When the access from the image forming apparatus 10 by the external access detecting unit 121 does not request the registration of information, the database editing unit 124 executes the data table access process. Details of the data table access process will be described later in FIGS. 24 and 25. Then, the database processing is terminated.

<Step S36>
When the access destination from the image forming apparatus 10 is the access log authority management table T3 and the access log table T2, the database apparatus 20 executes the access log table access process. The details of the access log table access process will be described later with reference to FIG. Then, the database processing is terminated.

(Information registration process)
FIG. 23 is a flowchart showing an example of the information registration process in the database process. The information registration process in the database device 20 of the present embodiment will be described with reference to FIG. 23.

<Step S341>
The database editing unit 124 of the database device 20 confirms whether or not there is a free area (empty record) in the data table T1 of the storage unit 126. If there is a free area in the data table T1 (step S341: Yes), the process proceeds to step S342, and if there is no free area (step S341: No), the process proceeds to step S346.

<Step S342>
The database editorial unit 124 registers the registration information in the free area (empty record) of the data table T1 (see FIG. 8 for a specific example). Then, the process proceeds to step S343.

<Step S343>
The database editing unit 124 confirms whether or not the tracking data corresponding to the registration information is received from the image forming apparatus 10 in addition to the registration information. If the tracking data is received (step S343: Yes), the process proceeds to step S344, and if the tracking data is not received (step S343: No), the process proceeds to step S345.

<Step S344>
The database editing unit 124 stores tracking data in the access log table T2 of the storage unit 126 in association with the access log corresponding to the registration information. Further, the database editorial unit 124 grants the access authority to the access log of the registration information corresponding to the tracking data, and in the access log authority management table T3 of the storage unit 126, the tracking data and the access authority are assigned. Associate and memorize. Then, the process proceeds to step S345.

<Step S345>
The database device 20 transmits a notification indicating success such as registration of registration information to the image forming device 10. Then, the information registration process is completed.

<Step S346>
When there is no free area (empty record) in the data table T1 of the storage unit 126, the database device 20 transmits a notification indicating that the registration information cannot be registered to the image forming device 10. Then, the information registration process is completed.

(Data table access processing)
FIG. 24 is a diagram showing an example of data table access processing in database processing. The data table access process in the database device 20 of the present embodiment will be described with reference to FIG. 24.

<Step S351>
The external access detection unit 121 of the database device 20 confirms the content of the access from the image forming device 10. When the content of the access is "edit" (step S351: edit), the process proceeds to step S352, and when the access content is "reference" (see step S351), the process proceeds to step S353 and "prints" (step). S351: Print), the process proceeds to step S354, and if it is “duplicate” (step S351: duplicate), the process proceeds to step S355, and if it is “delete” (step S351: delete), the process proceeds to step S358.

<Step S352>
When the content of the access is "edit", the database editing unit 124 of the database device 20 corresponds to the registration information in the access log table T2 after the registration information to be the target of the data table T1 is edited. Add 1 to the current value of the number of edits (edit count) that is part of the access log corresponding to the tracking data. Then, the process proceeds to step S357.

<Step S353>
When the content of the access is "reference", the database editorial unit 124 refers to the registration information to be the target of the data table T1 and then displays the tracking data corresponding to the registration information in the access log table T2. Add 1 to the current value of the number of references (reference count) that is part of the corresponding access log. Then, the process proceeds to step S357.

<Step S354>
When the content of the access is "print", the database editorial unit 124 prints the registered information to be the target of the data table T1 and then displays the tracking data corresponding to the registered information in the access log table T2. 1 is added to the current value of the number of prints (print count) which is a part of the access log corresponding to. Then, the process proceeds to step S357.

<Step S355>
When the content of the access is "duplicate", the database editorial unit 124 performs the duplication process for the registration information to be the target of the data table T1, and then, in the access log table T2, the tracking data corresponding to the registration information. 1 is added to the current value of the number of duplicates (duplicate count) that is a part of the access log corresponding to. Then, the process proceeds to step S356.

<Step S356>
The database editorial unit 124 stores the copy destination in association with the tracking data corresponding to the registration information each time the registration information is duplicated. For example, in the access log table T2, in addition to the tracking data and the columns of each access log, a column of the duplication destination is provided, and each time the number of duplications is counted, the duplication destination is associated and stored in the access log table T2. It may be made to. In this case, the storage unit 126 that stores the access log table T2 serves as an example of the "third storage unit" of the present invention, and the process proceeds to step S357.

<Step S357>
The database editing unit 124 reflects the addition result of the number of edits, the number of references, the number of prints, and the number of copies added by 1 in the access log table T2. Then, the data table access process is terminated.

<Step S358>
When the content of the access is "deletion", the database device 20 executes a deletion process of deleting the registration information registered in the data table T1 and the data duplicated based on the registration information. Details of the deletion process will be described later with reference to FIG. 25. Then, the data table access process is terminated.

(Delete process)
FIG. 25 is a flowchart showing an example of the deletion process in the data table access process. The deletion process in the database device 20 of the present embodiment will be described with reference to FIG. 25.

<Step S3581>
The database editorial unit 124 of the database device 20 refers to the access log table T2 and refers to the number of duplicates corresponding to the tracking data of the registration information to be deleted. When the number of referenced duplicates is 1 or more, that is, the registration information is duplicated (step S3581: Yes), the process proceeds to step S3582, and the number of referenced duplicates is 0, that is, the registration information is not duplicated (step S3581: Yes). S3581: No), the process proceeds to step S3590.

<Step S3582>
Of the replication destinations associated with the registration information to be deleted, the deletion unit 127 of the database device 20 may refer to the replication destinations for which it has not been determined whether or not the duplicated data can be deleted (hereinafter, referred to as "target replication destinations"). There is) to access. Then, the process proceeds to step S3583.

<Step S3583>
The deletion unit 127 determines whether or not the target replication destination can be accessed. If the target replication destination can be accessed (step S3583: Yes), the process proceeds to step S3584, and if access is not possible (step S3583: No), the process proceeds to step S3596.

<Step S3584>
The deletion unit 127 confirms the duplicated data (target data) at the target duplication destination. Then, the process proceeds to step S3585.

<Step S3585>
As a result of checking the target data by the deletion unit 127, if the target data has been deleted (step S3585: Yes), the process proceeds to step S3593, and if the target data has not been deleted (step S3585: No), the process proceeds to step S3586. do.

<Step S3586>
The deletion unit 127 deletes the target data of the target replication destination. For example, the deletion unit 127 deletes the target data by a deletion method that makes it impossible to restore the target data. Then, the process proceeds to step S3587.

<Step S3587>
If the deletion of the target data by the deletion unit 127 is successful (step S3587: Yes), the process proceeds to step S3593, and if the deletion of the target data fails (step S3587: No), the process proceeds to step S3588.

<Step S3588>
The deletion certificate creation unit 128 of the database device 20 records the failure to delete the target data at the target replication destination. Then, the process proceeds to step S3589.

<Step S3589>
The database device 20 confirms whether or not all the determinations as to whether or not the duplicated data can be deleted have been completed for the copy destination associated with the registration information to be deleted. When the determination of whether or not the data can be deleted is completed at all the duplication destinations (step S3589: Yes), the process proceeds to step S3590, and when it is not completed (step S3589: No), the process returns to step S3581.

<Step S3590>
The deletion unit 127 deletes the registration information stored in the data table T1 in the storage unit 126 of the own machine (database device 20), and the deletion certificate creation unit 128 records that the registration information has been deleted. For example, the deletion unit 127 deletes the registered information by a deletion method that makes it impossible to restore the registration information. Then, the process proceeds to step S3591.

<Step S3591>
The deletion certificate creation unit 128 records the deletion deletion method for the registration information stored in the data table T1. Specifically, the deletion certificate creation unit 128 writes the deletion date and time and the deletion method in association with the tracking data of the deleted registration information in the deletion content table T5 of the storage unit 126. Then, the process proceeds to step S3592.

<Step S3592>
The deletion certificate creation unit 128 creates a deletion certificate including the registration information and all records related to the deletion of the target data at each copy destination, and the deletion certificate No. uniquely corresponding to the deletion certificate. Is issued. Further, the deletion certificate creation unit 128 issues the deletion certificate No. 128 in association with the tracking data of the deleted registration information in the access log authority management table T3 of the storage unit 126. To write. Further, the deletion certificate creation unit 128 stores the created deletion certificate in the storage unit 126, and indicates the location where the deletion certificate is stored in the deletion certificate management table T4 in association with the tracking data of the deleted registration information. Write the LBA and the size of the deletion certificate. Then, the deletion process is terminated.

<Step S3593>
If the target data has been deleted as a result of the confirmation of the target data by the deletion unit 127, the deletion certificate creation unit 128 determines whether or not the deletion method of the target data at the target replication destination can be acquired. If the deletion method can be acquired (step S3593: Yes), the process proceeds to step S3594, and if acquisition is not possible (step S3593: No), the process proceeds to step S3595.

<Step S3594>
The deletion certificate creation unit 128 records the deletion method of the target data at the target replication destination. Then, the process proceeds to step S3595.

<Step S3595>
The deletion certificate creation unit 128 records that the target data at the target replication destination has been deleted. Then, the process proceeds to step S3589.

<Step S3596>
When the access to the target copy destination is not possible, the deletion certificate creation unit 128 records that the target data cannot be deleted due to the inaccessibility to the target copy destination. Then, the process proceeds to step S3589.

(Access log table access processing)
FIG. 26 is a flowchart showing an example of access log table access processing in database processing. The access log table access process in the database device 20 of the present embodiment will be described with reference to FIG. 26.

<Step S361>
The database device 20 confirms whether or not the tracking data is received from the image forming device 10. If the tracking data is received (step S361: Yes), the process proceeds to step S362, and if the tracking data is not received (step S361: No), the process proceeds to step S369.

<Step S362>
The tracking unit 125 of the database device 20 determines whether or not the user has access authority to the access log corresponding to the tracking data. Specifically, the tracking unit 125 refers to the access log authority management table T3 of the storage unit 126, acquires the access authority corresponding to the received tracking data, and the access authority is the authority to refer to the access log. Judge whether or not. If there is an authority to refer to the access log (step S362: Yes), the process proceeds to step S363, and if there is no authority to refer to the access log (step S362: No), the process proceeds to step S368.

<Step S363>
The tracking unit 125 confirms whether or not the registration information corresponding to the received tracking data has been deleted. Specifically, the tracking unit 125 refers to the access log authority management table T3 of the storage unit 126, and deletes the deletion certification No. corresponding to the received tracking data. Confirm whether or not there is a deletion certificate No. If exists, it is determined that the registration information has been deleted. If the registration information has been deleted (step S363: Yes), the process proceeds to step S366, and if the registration information has not been deleted (step S363: No), the process proceeds to step S364.

<Step S364>
The tracking unit 125 refers to the access log table T2 of the storage unit 126, and acquires the access log corresponding to the received tracking data. Then, the process proceeds to step S365.

<Step S365>
The tracking unit 125 transmits the acquired access log as a response to the image forming apparatus 10. Then, the access log table access process is terminated.

<Step S366>
When the registration information has been deleted, the tracking unit 125 refers to the deletion certification management table T4 of the storage unit 126, and acquires an LBA indicating the location where the deletion certificate corresponding to the received tracking data is stored. .. The tracking unit 125 acquires a deletion certificate stored in the location indicated by the acquired LBA in the storage unit 126. Further, the tracking unit 125 refers to the deletion content table T5 and acquires the deletion date and time and the deletion method corresponding to the tracking data. In this way, the tracking unit 125 acquires the acquired deletion certificate, the deletion date and time, and the deletion method as the deletion certification information. Then, the process proceeds to step S367.

<Step S367>
The tracking unit 125 transmits the deletion certificate information including the acquired deletion certificate as a response to the image forming apparatus 10. Then, the access log table access process is terminated.

<Step S368>
If the tracking unit 125 does not have the authority to refer to the access log, the tracking unit 125 transmits a notification indicating that the access log is not authorized to the image forming apparatus 10. Then, the access log table access process is terminated.

<Step S369>
When the tracking data is not received from the image forming apparatus 10, the database device 20 transmits a notification to the image forming apparatus 10 that access is not possible. Then, the access log table access process is terminated.

As described above, in the information processing system 1 according to the present embodiment, tracking data for tracking the information (registered information) input from the information input unit 101 is created and stored together with the registered information. In addition, when this registration information (and the data at the copy destination where the registration information is duplicated) is deleted, a deletion certificate indicating that the registration information has been deleted is created and associated with the tracking data. save. Then, when the user wants to confirm whether or not the stored registration information has been deleted, the presence or absence of the deletion certificate corresponding to the registration information can be determined by using the tracking data created corresponding to the registration information. If it is confirmed and the deletion certificate exists, the output unit 116 displays the deletion certification information including the contents of the deletion certificate. This makes it possible to easily prove that the registered information has been deleted. In addition, the user can recognize that the registration information has been registered once and then deleted by checking the displayed deletion certification information.

Further, in the information processing system 1 according to the present embodiment, the created tracking data is embedded in other data (for example, image data) as an electronic watermark, and the data in which the tracking data is embedded is used. It is possible to confirm whether or not the registration information has been deleted. As a result, the tracking data cannot be seen by others, so that the confidentiality can be improved.

Further, in the information processing system 1 according to the present embodiment, when the tracking data is stored, it is stored in association with the access log for the registered information. Then, when the stored registration information is not deleted, the user obtains an access log for the registration information by using the tracking data created corresponding to the registration information, and accesses the registration information by the output unit 116. The log is displayed. As a result, the user can confirm for himself whether or not the registered information has been leaked without bothering the information administrator.

Further, in the information processing system 1 according to the present embodiment, as described above, by reading the tracking data corresponding to the registration information, the access status of the registration information and whether or not the registration information has been deleted are indicated. The current state of the registration information can be grasped.

In the above-described embodiment, the information processing system 1 includes the image forming device 10 as a device for confirming the deletion proof of the registration information, but the present invention is not limited to this, and for example, a projector or a medical device is used. It can also be applied to devices and image processing devices such as video conferencing systems, and can also be applied to communication terminals such as mobile phones, portable information terminals, and in-vehicle devices. Further, the program executed by the information processing system 1 of the above-described embodiment may be configured to be provided by being incorporated in a ROM or the like in advance.

Further, the program executed by the information processing system 1 of the above-described embodiment is a file in an installable format or an executable format on a computer such as a CD-ROM, a flexible disk (FD), a CD-R, or a DVD. It may be configured to be recorded on a readable recording medium and provided as a computer program product.

Further, the program executed by the information processing system 1 of the above-described embodiment may be stored on a computer connected to a network such as the Internet and provided by downloading via the network. Further, the program executed by the information processing system 1 of the above-described embodiment may be configured to be provided or distributed via a network such as the Internet.

Further, the program executed by the information processing system 1 of the above-described embodiment has a module configuration including each of the above-mentioned functional units, and as the actual hardware, the CPU reads the program from the ROM and executes it. Each of the above-mentioned functional units is loaded on the main storage device, and each functional unit is generated on the main storage device.

1 Information processing system 2 Network 10 Image forming device 11 Control device 12 Operation display device 13 Image input device 14 Image output device 15 Primary storage device 16 Secondary storage device 17 External communication device 20 Database device 21 Control device 22 Input / output device 25 Primary storage device 26 Secondary storage device 27 External communication device 30 Tracking dedicated device 31 Control device 35 Primary storage device 36 Secondary storage device 37 External communication device 101 Information input unit 102 Authentication unit 103 Tracking data acquisition unit 104 Database editing Unit 105 Own machine registration unit 106 External registration unit 107 Electronic embedding unit 108 Image input unit 109 Electronic embedding detection unit 110 Tracking unit 111 Access log acquisition unit 112 Deletion certificate acquisition unit 113 Deletion unit 114 Deletion certificate creation unit 115 Storage unit 116 Output unit 121 External access detection unit 122 Access authority reference unit 123 Authentication unit 124 Database editing department 125 Tracking unit 126 Storage unit 127 Deletion unit 128 Deletion certificate creation unit 131 External access detection unit 132 Authentication unit 133 Tracking unit 134 Tracking database reference unit 200 Software group 200a App layer 200b Service layer 200c Handler layer 200d Hard layer 200e Platform 201 Printer app 202 Copy app 203 Fax app 204 Scanner app 205 Net file app 211 NCS
212 OCS
213 FCS
214 MCS
215 ECS
216 DCS
217 CCS
218 LCS
219 UCS
220 SCS
221 SRM
231 FCUH
232 IMH
233 MEU
241 Engine 242 Hardware Resources 251 API
252 engine I / F
300 Software group 300a App layer 300b Service layer 300c Handler layer 300d Hard layer 300e Platform 301 DB management application 310 OS
311 User authentication 312 File management 313 Authority management 314 Tracking management 315 Erase management 321 I / O equipment 322 Hardware resources 331 API
332 connection I / F
400 Software group 400a App layer 400b Service layer 400c Handler layer 400d Hard layer 400e Platform 401 DB management application 410 OS
411 User authentication 412 File management 413 Authority management 414 Tracking management 415 Erase management 421 I / O equipment 422 Hardware resources 500 Initial setting screen 501 Information registration setting area 502 Access log acquisition setting area 503 Tracking data acquisition setting area 504 Electronic embedded setting Area 510 Information registration setting pop-up 511 Own button 511a Registration destination selection unit 512 External button 512a Access destination input unit 520 Information input screen 521 Registration information input unit 522 Registration destination setting unit 523 Access log output selection unit 524 Operation button D1 Deletion certification information I1, I2 information J1 image data L1 access log P1 to P3 program T1 data table T2 access log table T3 access log authority management table T4 deletion certification management table T5 deletion content table Tc tracking data

Japanese Unexamined Patent Publication No. 2014-130543

Claims (10)

Information input section for inputting information and
A first acquisition unit that acquires tracking data for tracking the information input by the information input unit, and a first acquisition unit.
A registration unit that registers the tracking data acquired by the first acquisition unit and the information input by the information input unit in the first storage unit as registration information.
A data output unit that outputs the tracking data and
A tracking input unit for inputting the tracking data output by the data output unit, and a tracking input unit.
Third acquisition to acquire the access log corresponding to the tracking data input by the tracking input unit from the fourth storage unit stored in association with the tracking data and the access log for the registration information. Department and
When the access log is not acquired by the third acquisition unit , the tracking input by the tracking input unit from the second storage unit stored in association with the tracking data and the deletion proof of the registration information. The second acquisition unit that acquires the deletion certificate corresponding to the data for
Information processing device equipped with. The information processing device according to claim 1, further comprising a display unit for displaying deletion certification information including the deletion certification acquired by the second acquisition unit. A deletion unit that deletes the registration information in the first storage unit,
A creation unit that creates the deletion certificate indicating that the registration information has been deleted by the deletion unit, and stores the deletion certificate in the second storage unit in association with the tracking data corresponding to the registration information.
The information processing apparatus according to claim 1 or 2, further comprising. When the registration information is duplicated, a replication management unit for associating the replication destination of the registration information with the tracking data of the registration information and storing it in the third storage unit is further provided.
When deleting the registration information, the deletion unit refers to the third storage unit and deletes the duplicated information at the duplication destination associated with the tracking data of the registration information.
The information processing device according to claim 3, wherein the creating unit creates the deletion certificate including the fact that the duplicated information at the copying destination has been deleted by the deleting unit. The information processing device according to claim 4, wherein the creating unit acquires a deletion method when deleting the registration information and the duplicated information at the duplication destination, and creates the deletion certificate including the deletion method. The data output unit electronically embeds the tracking data in predetermined information and outputs the data.
The tracking input unit inputs the predetermined information in which the tracking data is electronically embedded.
The information processing device according to any one of claims 1 to 5, further comprising a detection unit that detects the tracking data from the predetermined information input from the tracking input unit. The first storage unit and
The second storage unit and
The information processing apparatus according to any one of claims 3 to 5, further comprising. Information input section for inputting information and
A first acquisition unit that acquires tracking data for tracking the information input by the information input unit, and a first acquisition unit.
A registration unit that registers the tracking data acquired by the first acquisition unit and the information input by the information input unit in the first storage unit as registration information.
A data output unit that outputs the tracking data and
A deletion unit that deletes the registration information in the first storage unit,
A creation unit that creates a deletion certificate indicating that the registration information has been deleted by the deletion unit, and stores the deletion certificate in a second storage unit in association with the tracking data corresponding to the registration information.
A tracking input unit for inputting the tracking data output by the data output unit, and a tracking input unit.
Third acquisition to acquire the access log corresponding to the tracking data input by the tracking input unit from the fourth storage unit stored in association with the tracking data and the access log for the registration information. Department and
When the access log is not acquired by the third acquisition unit, the second acquisition unit that acquires the deletion certificate corresponding to the tracking data input by the tracking input unit from the second storage unit.
Information processing system with. The information input section is the information input step for inputting information,
A first acquisition step in which the first acquisition unit acquires tracking data for tracking the input information, and
A registration step in which the registration unit registers the acquired tracking data and the input information in the first storage unit as registration information.
A data output step in which the data output unit outputs the tracking data, and
A tracking input step in which the tracking input unit inputs the output tracking data, and
The access log corresponding to the tracking data input by the tracking input unit from the fourth storage unit stored in association with the tracking data and the access log for the registration information by the third acquisition unit. And the third acquisition step to acquire
When the second acquisition unit cannot acquire the access log in the third acquisition step, the tracking data input from the second storage unit stored in association with the tracking data and the deletion proof of the registration information. The second acquisition step to acquire the deletion certificate corresponding to the data for
Information processing method having. On the computer
Information entry steps to enter information and
The first acquisition step of acquiring tracking data for tracking the input information, and
A registration step of registering the acquired tracking data and the input information in the first storage unit as registration information, and
The data output step for outputting the tracking data and
A tracking input step for inputting the output tracking data, and
A third acquisition step of acquiring the access log corresponding to the tracking data input in the tracking input step from the fourth storage unit stored in association with the tracking data and the access log for the registration information. When,
When the access log cannot be acquired in the third acquisition step, the tracking data corresponding to the tracking data input from the second storage unit stored in association with the tracking data and the deletion certificate of the registration information. The second acquisition step to acquire the deletion certificate and
A program to execute.

Images