JP7302404B2 - Information processing device and program - Google Patents

Description

The present invention relates to an information processing device and program.

Patent Literature 1 discloses a network system comprising a device management apparatus for managing at least one device via a network, and the devices managed by the device management apparatus. A network system is disclosed that reduces the user's workload for setting conditions.

Patent Literature 2 discloses a device management system in which, when a new application is installed in a multifunction machine, new setting information by the installed application can be managed by a device management device or a central management device. there is

In Japanese Patent Laid-Open No. 2004-100003, when the same setting item as the setting item included in the setting information set in another image forming apparatus is included in the setting item of the own apparatus, the setting information obtained from the other image forming apparatus is changed to the setting item. The setting items are set based on the image forming apparatus, and the other setting items are set using operation history information indicating the history of operations including printing or copying executed in another image forming apparatus. An image forming apparatus is disclosed that can be properly operated from the initial stage of installation in accordance with the user's usage conditions.

Japanese Patent No. 4858271 Japanese Patent No. 5434174 Japanese Patent No. 5896768

SUMMARY OF THE INVENTION An object of the present invention is to provide a first storage area that can be accessed from its own device without requiring an authentication process when acquiring and storing setting information related to device settings, and storing the setting information. If the second storage area, which requires authentication processing in order to access the . An object of the present invention is to provide an information processing device and a program capable of reducing the possibility of leakage to other users.

[Information processing device]
The present invention according to claim 1 comprises a memory and a processor,
The processor
When storing the setting information acquired from the device in the specified storage location, if the specified storage location is the first storage area that can be accessed from the own device without requiring authentication processing, the acquired setting information is encrypted with a first encryption key for encrypting the setting information to be stored in the first storage area and stored;
If the designated storage location is a second storage area that is accessible from other devices and requires authentication processing to access the stored setting information, the acquired setting information is stored in the second storage area. encrypting and storing the setting information to be stored in the second storage area with a second encryption key for encrypting the setting information;
When the setting information stored in the second storage area is obtained, the obtained setting information is decrypted using the second encryption key, and when an instruction to re-store the decrypted setting information is received, The information processing apparatus encrypts the decrypted setting information using the second encryption key and stores the encrypted setting information.

In the present invention according to claim 2, the processor comprises:
3. When receiving an instruction to re-store the decrypted setting information, even if the specified storage location is the first storage area, the setting information is encrypted using the second encryption key and stored. 1. The information processing apparatus according to 1.

The present invention according to claim 3 is the information processing apparatus according to claim 1 or 2, wherein the processor generates different cryptographic keys for each user as the first and second cryptographic keys.

The present invention according to claim 4 is the information processing apparatus according to claim 3, wherein the user is a group unit user composed of a plurality of individual users.

In the present invention according to claim 5, the processor generates the second encryption key based on a user identifier specified during authentication processing for accessing the second storage area. It is an information processing apparatus described.

In the present invention according to claim 6, the memory comprises first key generation information for generating the first encryption key and second key generation information for generating the second encryption key. remember information and
6. The information processing apparatus according to claim 5, wherein the processor generates the second encryption key by performing an operation using the stored second key generation information and a user identifier. .

In the present invention according to claim 7, the processor instructs to store the setting information, when the user who performs the operation of another user on behalf of another user based on the request from the other user, 4. The information processing apparatus according to claim 3, wherein the second encryption key is generated based on the identifier of the user specified during the authentication process and the request number from the other user.

According to an eighth aspect of the present invention, the memory comprises first key generation information for generating the first encryption key and second key generation information for generating the second encryption key. remember information and
8. Information according to claim 7, wherein said processor generates said second encryption key by performing a calculation using said stored second key generation information, a user's identifier, and a request number. processing equipment.

The present invention according to claim 9 is the information processing apparatus according to claim 3, wherein the processor generates the first encryption key based on authentication information preset for each user.

In the tenth aspect of the present invention, the memory comprises first key generation information for generating the first encryption key and second key generation information for generating the second encryption key. remember information and
10. The information processing apparatus according to claim 9, wherein the processor generates the first encryption key by performing an operation using the stored first key generation information and input authentication information. be.

The present invention according to claim 11 is the information processing apparatus according to any one of claims 6, 8, and 10, wherein the memory stores the first and second key generation information in an obfuscated state.

[Processor]
In the present invention according to claim 12, when setting information acquired from a device is stored in a specified storage location, the specified storage location is a first storage location that can be accessed from the own device without requiring authentication processing. a step of encrypting and storing the acquired setting information with a first encryption key for encrypting the setting information to be stored in the first storage area, if the storage area is a storage area of
If the specified storage location is a second storage area that is accessible from other devices and requires authentication processing to access the stored setting information, the acquired setting information is stored in the second storage area. a step of encrypting and storing the setting information to be stored in the second storage area with a second encryption key for encrypting the setting information;
When the setting information stored in the second storage area is obtained, the obtained setting information is decrypted using the second encryption key, and when an instruction to re-store the decrypted setting information is received, a step of encrypting and storing the decrypted setting information using the second encryption key;
It is a program that causes a computer to execute

According to the first aspect of the present invention, a first storage area that can be accessed from its own device without requiring an authentication process when acquiring and storing setting information related to device settings; In order to access the setting information stored in the second storage area, authentication processing is required. It is possible to provide an information processing apparatus capable of reducing the possibility of information content being leaked to other users.

According to the second aspect of the present invention, a first storage area that can be accessed from its own device without requiring an authentication process when acquiring and storing setting information related to device settings; In order to access the setting information stored in the second storage area, authentication processing is required. It is possible to provide an information processing apparatus capable of reducing the possibility of information content being leaked to other users.

According to the third aspect of the present invention, it is possible to reduce the possibility that the contents of setting information of a certain user stored in the first storage area or the second storage area will leak to other users. It is possible to provide a sophisticated information processing apparatus.

According to the fourth aspect of the present invention, there is a possibility that the contents of the user's setting information for each group stored in the first storage area or the second storage area may be leaked to users belonging to other groups. can be provided.

According to the fifth aspect of the present invention, it is possible to provide an information processing apparatus capable of saving the trouble of inputting different information for each user.

According to the sixth aspect of the present invention, it is possible to provide an information processing apparatus capable of preventing generation of the second encryption key just by knowing the identifier of the user.

According to the seventh aspect of the present invention, even when an agent stores setting information based on a request from another user, it prevents setting information of different users from being encrypted with the same encryption key. It is possible to provide an information processing device capable of

According to the eighth aspect of the present invention, it is possible to provide an information processing apparatus capable of preventing the second encryption key from being generated only by knowing the user's identifier and request number.

According to the ninth aspect of the present invention, it is possible to provide an information processing apparatus capable of making the first encryption key different for each user.

According to the tenth aspect of the present invention, it is possible to provide an information processing apparatus capable of preventing the generation of the first encryption key only by knowing the authentication information of the user.

According to the eleventh aspect of the present invention, the possibility of leakage of the first or second key generation information is greater than when the first and second key generation information are stored as non-obfuscated information. can be provided.

According to the twelfth aspect of the present invention, a first storage area that can be accessed from its own device without requiring authentication processing when acquiring and storing setting information related to device settings; In order to access the setting information stored in the second storage area, authentication processing is required. It is possible to provide a program capable of reducing the possibility of information content being leaked to other users.

It is a figure showing the system configuration of the information processing system of one embodiment of the present invention. FIG. 4 is a diagram showing how backup data is directly backed up from the image forming apparatus 40 to the cloud server 20. FIG. 2 is a diagram showing how backup data is stored in a cloud server 20 via a terminal device 10. FIG. 4 is a diagram showing how backup data is stored in a file server 50 via the terminal device 10. FIG. FIG. 10 is a diagram for explaining a case where the terminal device 10 encrypts with the same encryption key "1234" when saving in a cloud environment and when saving in an on-premises environment. FIG. 10 is a diagram for explaining a case where backup data encrypted with the encryption key “1234” is obtained from the cloud server 20 by a malicious third party and imported into the terminal device 90. FIG. The diagram shows how the backup data acquired from the cloud server 20 is decrypted with the encryption key "1234" and stored in the HDD of the terminal device 90 after being encrypted with the encryption key "1234". be. A malicious third party can decrypt the backup data stored in the HDD of the terminal device 90 by using the encryption key "1234" to view the contents or to leak the contents. It is a figure for demonstrating a state. FIG. 3 is a diagram showing how the CE saves and restores backup data of the image forming apparatus 40. FIG. If the backup data obtained from the image forming apparatus 40A of Company A is encrypted with the encryption key "1234" and stored in the terminal device 60, it is decrypted with the encryption key "1234" and the image forming apparatus of Company B is stored. FIG. 10 is a diagram for explaining how information leakage occurs when restoring to 40B; 1 is a diagram for explaining the hardware configuration of a terminal device 10 in an information processing system according to one embodiment of the present invention; FIG. 1 is a diagram for explaining the functional configuration of a terminal device 10 in an information processing system according to one embodiment of the present invention; FIG. 3 is a diagram showing a specific example of key generation data 1 and 2 stored in a key generation data storage unit 26; FIG. 4 is a diagram for explaining a method of generating an encryption key by an encryption key generation unit 25; FIG. 4 is a flowchart for explaining encryption key generation processing when an encryption key is generated by an encryption key generation unit 25; 4 is a sequence chart for explaining an operation when a manager of a customer user operates the terminal device 10 to execute backup processing in an on-premises environment; In the terminal device 10, it is a figure which shows the example of a display screen at the time of inputting a password from the manager of a customer user. 4 is a sequence chart for explaining an operation when a manager of a customer user operates the image forming apparatus 40 to perform direct backup to the cloud environment; It is a sequence chart for explaining operation|movement in the case of a customer user's manager operating the terminal device 10, editing the backup data backed up by the cloud environment, and preserve|saving again. 4 is a sequence chart for explaining an operation when a CE receiving a request from a customer user operates the image forming apparatus 40 to perform direct backup to a cloud environment; FIG. 4 is a diagram showing a display example when a CE inputs a request number to the image forming apparatus 40; FIG. 11 is a sequence chart for explaining an operation when a CE operates the terminal device 60 to edit backup data backed up in a cloud environment and save it again. FIG. FIG. 3 is a diagram for explaining how backup data is stored in the cloud server 20 in a state encrypted with a different encryption key for each user. 4 is a sequence chart for explaining the operation when a malicious third party illegally obtains backup data stored in the cloud server 20. FIG. FIG. 4 is a diagram for explaining how backup data is stored encrypted with different encryption keys depending on whether the backup data is stored in a cloud environment or in an on-premises environment. Different encryption keys are used when the backup management software of the terminal device 10 stores the backup data in the cloud environment or obtains it from the cloud environment, and when it stores it in the on-premises environment or obtains it from the on-premises environment. It is a figure for demonstrating a state. 10 is a flowchart for explaining the operation of the terminal device 10 when performing re-encryption processing to acquire backup data that has been temporarily stored, re-encrypt it, and store it. FIG. 4 is a diagram for explaining how a malicious third party illegally obtains backup data stored in the cloud server 20 using the terminal device 90. FIG. For explaining how the backup data illegally obtained from the cloud server 20 by a malicious third party is decrypted with the encryption key 2, re-encrypted with the encryption key 2, and stored in the HDD of the terminal device 90. It is a diagram. FIG. 10 is a diagram for explaining a situation when a malicious third party tries to decrypt backup data stored in the terminal device 90; FIG.

Next, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a diagram showing the system configuration of an information processing system according to one embodiment of the present invention.

As shown in FIG. 1, an information processing system according to an embodiment of the present invention has a configuration in which an image forming apparatus 10, an image forming apparatus 40, a file server 50, and a cloud server 20 are connected via the Internet 30. there is The image forming device 40, the terminal device 10, and the file server 50 are installed in the office of a customer user.

The image forming apparatus 40 is a so-called multifunction device having multiple functions such as a printing function, a scanning function, a copying function, and a facsimile function.

The cloud server 20 is an information processing apparatus that provides a service as a so-called cloud service that stores setting information of the image forming apparatus as backup data and restores the stored setting information upon request. . Specifically, the cloud server 20 receives setting information uploaded from the image forming apparatus 40 and stores it as backup data. Although only one image forming apparatus 40 is illustrated in FIG. 1 for the sake of simplicity, the cloud server 20 stores setting information of many image forming apparatuses as backup data. .

The reason why the setting information of the image forming apparatus 40 is stored as backup data in the cloud server 20 in this way is that if the setting information is accidentally deleted in any of the apparatuses, the original setting contents can be restored. , when the device is replaced, the device after replacement can take over the same settings as before, and the newly introduced device can be set with the same content as the installed device. Hereinafter, the process of setting using such saved setting information will be referred to as restoration.

Here, the setting information includes, for example, various setting items such as the scanning resolution when performing scanning processing and the color mode when performing copying processing, setting values for each setting item, and information used for FAX transmission. It contains various information such as address book information.

Backup management software for backing up and restoring setting information of the image forming apparatus is installed in the terminal device 10 . With this backup management software, the terminal device 10 acquires setting information of the image forming device 40 and transmits it to the management server 20 to perform backup, or acquires setting information backed up in the management server 20 to create an image. It is an information processing device that performs processing such as restoration in the forming device 40 .

Here, such a backup of the setting information of the image forming apparatus 40 is often performed by the manager of the customer user in which the image forming apparatus 40 is installed. However, in some cases, such as when there are a large number of installed image forming apparatuses, or when the administrator is unfamiliar with the operation, the maintenance of the image forming apparatus 40 manufacturer is required to perform such backup and restore operations on behalf of the administrator. In some cases, a request is made to a customer engineer (hereinafter abbreviated as CE) who is in charge.

Then, the administrator of the customer user directly operates the image liquid device 40 to store the backup data in the cloud server 20, or operates the terminal device 10 to acquire the backup data from the image forming device 40, The file is stored in the HDD (abbreviation for hard disk drive) in the device itself or in the file server 50 .

In the following description, saving backup data in a device managed by the user, such as the HDD in the terminal device 10 or the file server 50, is expressed as saving in an on-premises environment. Storing the backup data in the cloud server 20 is expressed as storing in the cloud environment.

First, FIG. 2 shows how backup data is directly backed up from the image forming apparatus 40 to the cloud server 20 . In FIG. 2, by operating the operation panel of the image forming apparatus 40, the setting information of the image forming apparatus 40 can be saved as backup data in the cloud server 20 via the Internet 30, or can be saved in the cloud server 20. A state of restoring backed-up data to the image forming apparatus 40 is shown.

FIG. 3 shows how the backup data is stored in the cloud server 20 via the terminal device 10. As shown in FIG. FIG. 3 shows how the terminal device 10 acquires the setting information from the image forming device 40 as backup data, performs editing, etc., and then downloads the edited backup data to the cloud server 20 . Also shown is a state in which the terminal device 10 downloads backup data saved from the cloud server 20 and performs restore processing on the image forming device 40 .

The backup processing shown in FIGS. 2 and 3 is processing for storing backup data in a cloud environment.

Next, FIG. 4 shows how the backup data is stored in the file server 50 via the terminal device 10 . FIG. 4 shows how the terminal device 10 acquires the setting information from the image forming device 40 as backup data, edits the data, and saves the edited backup data in the file server 50 . Also shown is a state in which the terminal device 10 acquires backup data saved from the file server 50 and performs restore processing on the image forming device 40 . In some cases, the image forming apparatus 10 saves the edited backup data in the internal HDD of the image forming apparatus 10 .

The backup processing shown in FIG. 4 is processing for storing backup data in an on-premises environment.

Here, the setting information acquired from the image forming apparatus 40 includes not only setting values for controlling copying operations, scanning operations, etc., but also confidential information such as destination information for sending faxes and emails. , must be stored encrypted.

However, if the same encryption key is used for encryption when storing backup data in the cloud environment and when storing backup data in the on-premises environment, the content of illegally obtained backup data may be leaked. more likely to get lost.

For example, as shown in FIG. 5, the backup management software installed in the terminal device 10 encrypts with the same encryption key "1234" when saving in the cloud environment and when saving in the on-premises environment. A case will be used for explanation.

In the case shown in FIG. 5, the backup data stored in the cloud server 20 is encrypted with the encryption key "1234", and the backup data stored in the file server 50 is also encrypted with the encryption key "1234". will be saved.

Here, the file server 50 is installed in the customer user's system and is protected from external intrusion. In addition, since the cloud server 20 is configured to perform user authentication processing and permit login, it is not possible to acquire or browse the saved data of the user who saved the data. However, since anyone can access the cloud server 20 via the Internet 30, there is a possibility that data may be obtained during communication, or a user ID or password may be obtained in the middle of communication and authentication processing may be performed illegally. There is also sex.

If the backup management software to be installed in the terminal device 10 is made available to anyone, the content of the backup data stored in the cloud environment will be leaked if it is obtained illegally.

Specifically, as shown in FIG. 6, it is assumed that the backup data encrypted with the encryption key "1234" is obtained from the cloud server 20 by a malicious third party and imported into the terminal device 90. .

In this case, as shown in FIG. 7, since the backup management software is also installed on the terminal device 90, the backup data obtained from the cloud server 20 is decrypted with the encryption key "1234" and stored in the HDD of the terminal device 90. , it is also encrypted with the encryption key "1234" before being saved.

Then, as shown in FIG. 8, a malicious third party decrypts the backup data stored in the HDD of the terminal device 90 using the cryptographic key "1234" to view the contents, or to view the contents. It becomes possible to let it flow away.

In addition, if the same encryption key is used for storing backup data in an on-premises environment and in a cloud environment, the possibility that the contents of the backup data will be leaked even if it is not done by a malicious person is explained.

As described above, the backup processing and restoration processing of the backup data as described above may not only be performed by the administrator of the customer user, but may also be performed by the CE requested by the customer user.

FIG. 9 shows how the CE saves and restores the backup data of the image forming apparatus 40 in this way. FIG. 9 shows how the CE uses the terminal device 60 to acquire the setting information of the image forming apparatus 40 as backup data and restore the acquired backup data. The same backup management software as that installed in the terminal device 10 is also installed in this terminal device 60 .

Such a CE is responsible not only for one customer user but for multiple customer users. Therefore, if the backup data of any customer is encrypted with the same encryption key and stored, there is a possibility that the backup data of a certain customer user will be restored to the image forming apparatus of another customer user. There is

For example, as shown in FIG. 10, when the backup data acquired from the image forming apparatus 40A of Company A is encrypted with the encryption key "1234" and stored in the terminal device 60, the encryption key "1234" is used to decrypt the backup data. If the data is restored to the image forming apparatus 40B of Company B, information leakage will occur.

Therefore, in the information processing system of the present embodiment, by switching the encryption key used when saving backup data in the cloud environment and when saving backup data in the on-premises environment, the data content of the backup data as described above is changed. outflow is suppressed.

First, the hardware configuration of the terminal device 10 in the information processing system of this embodiment will be described with reference to FIG.

As shown in FIG. 11, the terminal device 10 includes a CPU 11, a memory 12, a storage device 13 such as a hard disk drive, and a communication interface (IF and ) 14, and a user interface (abbreviated as UI) device 15 including a touch panel or liquid crystal display and a keyboard. These components are connected to each other via a control bus 16 .

The CPU 11 executes predetermined processing based on a control program stored in the memory 12 or storage device 13 to control the operation of the terminal device 10 . In this embodiment, the CPU 11 reads and executes a control program stored in the memory 12 or the storage device 13. It is also possible to provide

FIG. 12 is a block diagram showing the functional configuration of the terminal device 10 realized by executing the above control program.

As shown in FIG. 12, the terminal device 10 of this embodiment includes an operation input unit 21, a display unit 22, a data transmission/reception unit 23, a backup processing control unit 24, an encryption key generation unit 25, and a key generation unit. A data storage unit 26 and a backup data storage unit 27 are provided.

The display unit 22 displays various information to the user who is the user. The operation input unit 21 inputs various operation information performed by the user.

The data transmission/reception unit 23 transmits and receives data to and from the image forming apparatus 40 and the file server 50 via the local network, and transmits and receives data to and from the cloud server 20 via the Internet 30 .

When storing the setting information acquired from the image forming apparatus 40, which is a device to be backed up, in the designated storage location, the backup processing control unit 24, if the designated storage location is a storage area in the on-premises environment, the acquisition The setting information is encrypted with the encryption key for the on-premises environment and stored.

Here, the storage area in the on-premises environment is a storage area that can be accessed from its own device without requiring authentication processing, and specifically corresponds to the HDD and file server 50 in the terminal device 10 . The encryption key for the on-premises environment is an encryption key for encrypting the setting information stored in the storage area in the on-premises environment.

In addition, when the specified storage location is a storage area in the cloud environment, the backup processing control unit 24 encrypts and stores the acquired setting information with an encryption key for the cloud environment.

Here, the storage area in the cloud environment is a storage area that can be accessed from other devices and requires authentication processing in order to access the stored setting information. Specifically, the cloud server 20 is applicable. The encryption key for the cloud environment is an encryption key for encrypting the setting information stored in the storage area in the cloud environment.

Furthermore, when the backup processing control unit 24 acquires the setting information stored in the storage area in the cloud environment, the backup processing control unit 24 decrypts the acquired setting information using the encryption key for the cloud environment, and restores the decrypted setting information. When receiving an instruction to do so, the decrypted setting information is encrypted using a cloud encryption key and stored regardless of the specified storage location.

In other words, when receiving an instruction to re-store the decrypted setting information, the backup processing control unit 24 uses the encryption key for the cloud environment even if the specified storage location is a storage area in the on-premises environment. Store encrypted.

The encryption key generation unit 25 generates the encryption key for the on-premises environment and the encryption key for the cloud environment as different encryption keys for each user. Note that this user is not an individual user, but a group of users made up of a plurality of individual users. For example, it is a group of users made up of a plurality of individuals such as a company or a department.

For example, the encryption key generation unit 25 generates an encryption key for the on-premises environment based on authentication information preset for each user, such as password information.

Also, the encryption key generation unit 25 generates an encryption key for the cloud environment based on the user ID, which is the identifier of the user specified during the authentication process for accessing the cloud server 20 .

If the user is a CE or the like, and the encryption key generator 25 has generated the encryption key for the cloud environment based on the user ID, the setting information of a plurality of customer users must be encrypted with the same encryption key. Become. Therefore, when the user who instructed to store the setting information is a person such as a CE who performs the operation on behalf of a customer user who is another user, the encryption key generation unit 25 performs the authentication process. An encryption key for the cloud environment generated based on the user ID specified at the time and the request number from the customer user is generated.

According to such a method of generating an encryption key, the encryption key generated for each request number is different and also differs for each user.

The key generation data storage unit 26 stores key generation data 1, which is key generation information for generating an encryption key for an on-premises environment, and key generation information, which is key generation information for generating an encryption key for a cloud environment. Generating data 2 is stored.

A specific example of the key generation data 1 and 2 stored in the key generation data storage unit 26 is shown in FIG. Referring to FIG. 13, as an example of key generation data 1 for generating an encryption key when storing an on-premises environment and key generation data 2 for generating an encryption key when storing a cloud environment, each is 256-bit data. is set. Note that the key generation data shown in FIG. 13 is merely an example. In the following description, the key generation data 1 may be denoted as seed1 and the key generation data 2 may be denoted as seed2.

The key generation data storage unit 26 stores the key generation data 1 and the key generation data 2 in an obfuscated state. Specifically, storing in an obfuscated state means storing in a state in which the key generation data 1 and 2 cannot be specified even if the backup management software installed in the terminal device 10 is decompiled and analyzed. means that

Then, the encryption key generation unit 25 generates an encryption key for the on-premises environment by performing calculations using the key generation data 1 stored in the key generation data storage unit 26 and the input password information. do.

If the user who instructed to store the backup data is a user other than the CE, the encryption key generation unit 25 stores the key generation data 2 stored in the key generation data storage unit 26 and the user ID. An encryption key for the cloud environment is generated by performing calculations using

When the user instructing the storage of the backup data is the CE, the number key generation unit 25 generates the key generation data 2 stored in the key generation data storage unit 26, the CE user ID, and the customer An encryption key for the cloud environment is generated by performing calculation using the request number when receiving the request from the user.

FIG. 14 shows a method of generating an encryption key by the encryption key generator 25. In FIG. FIG. 14 shows how different encryption keys are generated depending on where the backup data is stored and whether the operator who instructed the storage is the administrator of the customer user or the CE. The symbol "+" in FIG. 14 means that the character strings before and after are connected.

Note that F(x, y) in FIG. 14 means a function for key generation. Here, as the function F(x, y) for key generation, for example, a function for generating HMAC (abbreviation of Hash-based Message Authentication Code: message authentication code using hash value) can be used. Specifically, the HMAC is calculated by calculating a hash value from the character string y and encrypting the calculated hash value with the character string x.

Here, the calculation method for key generation is not limited to a calculation method for calculating HMAC, and any calculation method may be used as long as it is possible to generate a unique encryption key. can be For example, it is possible to use a hash function such as SHA (abbreviation of Secure Hash Algorithm) 256 for calculating a hash value of a character string obtained by concatenating a character string x and a character string y.

Next, the encryption key generation processing when the encryption key generation unit 25 generates the encryption key will be described with reference to the flowchart of FIG.

First, in step S101, the encryption key generation unit 25 determines whether or not the specified storage location is a storage location in the cloud environment. If it is determined in step S101 that the specified storage location is not a storage location in the cloud environment, that is, it is a storage location in the on-premises environment, the encryption key generator 25 inputs a password from the operator in step S102. Then, in step S103, the encryption key generation unit 25 generates the encryption key by performing the calculation as described above using the key generation data 1 and the input password.

If it is determined in step S101 that the designated storage location is a storage location in the cloud environment, the backup processing control unit 24 logs into the cloud server 20 and identifies the operator in step S104. Then, in step S105, the backup processing control unit 24 determines whether the operator is the CE or the customer user.

If it is determined in step S105 that the customer user is not the CE, that is, if the customer user is determined to be the customer user, the encryption key generation unit 25 uses the key generation data 2 and the user ID in step S106. An encryption key is generated by performing the above-described calculation.

Then, when it is determined in step S105 that the customer user is the CE, the encryption key generation unit 25 inputs a request number in step S107. Then, in step S108, the encryption key generation unit 25 generates the encryption key by performing the calculation as described above using the key generation data 2, the user ID, and the request number.

The backup data storage unit 27 stores backup data encrypted by the backup processing control unit 24 .

In the above description, the backup management software is installed and the operation of the terminal device 10 is mainly described. At that time, the same processing as the encryption processing and decryption processing by the terminal device 10 is executed.

Next, the operation of the information processing system of this embodiment will be described in detail with reference to the drawings.

First, the operation when the administrator of the customer user operates the terminal device 10 to execute backup processing in the on-premises environment will be described with reference to the sequence chart of FIG. 16 .

First, in step S<b>201 , the administrator of the customer user presets the password set for this customer user to the image forming apparatus 40 . Specifically, a password “123456” is set for the image forming apparatus 40 .

Then, the administrator of the user operates the terminal device 10 to issue a backup instruction to the image forming device 40 in step S202.

Then, in step S203, the image forming apparatus 40 acquires the setting information in its own apparatus and generates backup data. Further, in image forming apparatus 40, an encryption key is generated by the above-described encryption key generation method in step S204. Specifically, the encryption key 1 is generated by performing a predetermined operation between the encryption key generation data 1 (indicated as seed1 in the drawing) and the password "123456".

Then, the image forming apparatus 40 encrypts the backup data using the generated encryption key 1 in step S205. Then, the image forming apparatus 40 transmits the encrypted backup data to the terminal device 10 in step S206.

Then, in the terminal device 10, in step S207, the administrator of the customer user inputs a password. In this case, as shown in FIG. 17, the same password "123456" as the password set in the image forming apparatus 40 is entered.

Then, the encryption key generation unit 25 of the terminal device 10 generates the encryption key 1 by performing a predetermined operation between the input password and the key generation data 1 in step S208. Then, the backup processing control unit 24 of the terminal device 10 decrypts the backup data transmitted from the image forming device 10 using the generated encryption key 1 in step S209.

Then, in the terminal device 10, in step S210, the decrypted plaintext backup data is edited. After that, in the terminal device 10, a process of encrypting the edited backup data with the encryption key 1 is executed in step S211.

Then, in the terminal device 10, the backup process control unit 24 executes a process of saving the encrypted backup data in step S212. Since FIG. 16 shows the case where the encrypted backup data is stored in the file server 50, the file server 50 stores the encrypted backup data in step S213. Note that when the encrypted backup data is stored in the backup data storage unit 27 of the terminal device 10 , the encrypted backup data is stored in the backup data storage unit 27 .

Next, the operation when the manager of the customer user operates the image forming apparatus 40 to perform direct backup to the cloud environment will be described with reference to the sequence chart of FIG. 18 .

First, the administrator of the customer user operates the image forming apparatus 40 and logs into the cloud server 20 via the Internet 30 in step S301.

Then, the cloud server 20 executes authentication processing in step S302, and if the authentication succeeds, the user ID information "cid1" is returned to the image forming apparatus 40 in step S303.

Then, in step S304, the image forming apparatus 40 acquires the setting information in its own apparatus and generates backup data. Further, in image forming apparatus 40, in step S305, an encryption key is generated by the encryption key generation method as described above. Specifically, the encryption key 2 is generated by performing a predetermined operation between the encryption key generation data 2 (shown as seed12 in the figure) and the user ID "cid1".

Then, the image forming apparatus 40 encrypts the backup data using the generated encryption key 2 in step S306. Then, the image forming apparatus 40 transmits the encrypted backup data to the cloud server 20 in step S307.

Then, the cloud server 20 stores the transmitted backup data in step S308.

Next, the operation when the manager of the customer user operates the terminal device 10 to edit and save the backup data backed up in the cloud environment again will be described with reference to the sequence chart of FIG. 19 .

First, the manager of the customer user operates the terminal device 10 to log in to the cloud server 20 via the Internet 30 in step S401.

Then, the cloud server 20 executes authentication processing in step S402, and if the authentication succeeds, the user ID information "cid1" is returned to the terminal device 10 in step S403.

Next, in step S404, when the administrator of the customer user requests the cloud server 20 to send the backup data from the terminal device 10, the cloud server 20 sends the encrypted backup data requested in step S405. The backed-up data is transmitted to the terminal device 10 .

In step S406, the terminal device 10 generates the encryption key 2 by performing a predetermined operation between the encryption key generation data 2 and the user ID "cid1". In step S407, the terminal device 10 decrypts the backup data using the generated encryption key 2. FIG.

After that, in the terminal device 10, the plaintext backup data is displayed in step S408, and the displayed backup data is edited in step S409.

When such editing is finished, the terminal device 10 re-encrypts the edited backup data with the encryption key 2 in step S410. Then, the terminal device 10 transmits the re-encrypted backup data to the cloud server 20 in step S411.

Then, the cloud server 20 stores the transmitted backup data in step S412.

Next, operations in the case where the CE receiving a request from the customer user operates the image forming apparatus 40 to perform direct backup to the cloud environment will be described with reference to the sequence chart of FIG. 20 .

First, the CE operates the image forming apparatus 40 and logs into the cloud server 20 via the Internet 30 in step S501.

Then, the cloud server 20 executes authentication processing in step S502, and if the authentication succeeds, the user ID information "cid2" is returned to the image forming apparatus 40 in step S503.

Then, in step S504, the image forming apparatus 40 requests the CE to input the request number and inputs the request number "190803A". FIG. 21 shows a display example when CE inputs the request number to the image forming apparatus 40 through such processing. Further, in response to the CE's backup data creation instruction, the image forming apparatus 40 acquires the setting information within the own apparatus and creates backup data in step S505.

Then, in step S506, the image forming apparatus 40 generates the encryption key 3 by performing a predetermined calculation using the encryption key generation data 2, the user ID "cid2", and the request number "190803A".

Then, the image forming apparatus 40 encrypts the backup data using the generated encryption key 3 in step S507. Then, the image forming apparatus 40 transmits the encrypted backup data to the cloud server 20 in step S508.

Then, the cloud server 20 stores the transmitted backup data in step S509.

Next, the operation when the CE operates the terminal device 60 to edit and save the backup data backed up in the cloud environment again will be described with reference to the sequence chart of FIG.

First, the CE operates the terminal device 60 to log in to the cloud server 20 via the Internet 30 in step S601.

Then, the cloud server 20 executes authentication processing in step S602, and if the authentication succeeds, the user ID information "cid2" is returned to the terminal device 10 in step S603.

Next, in step S604, when the CE requests the cloud server 20 to send the backup data from the terminal device 60, the cloud server 20 sends the encrypted backup data requested in step S605. Data is transmitted to the terminal device 60 .

Next, in step S606, the terminal device 60 performs a display similar to that shown in FIG. 21 and inputs the request number from the CE.

In step S607, the terminal device 60 generates the encryption key 3 by performing a predetermined calculation using the encryption key generation data 2, the user ID "cid1", and the request number "190803A". In step S608, the terminal device 60 decrypts the backup data using the generated encryption key 3. FIG.

After that, in the terminal device 60, the plaintext backup data is displayed in step S609, and the displayed backup data is edited in step S610.

When such editing is finished, in the terminal device 60, the edited backup data is re-encrypted with the encryption key 3 in step S611. Then, the terminal device 60 transmits the re-encrypted backup data to the cloud server 20 in step S612.

Then, the cloud server 20 stores the transmitted backup data in step S613.

By performing the above-described processing, in the cloud server 20, as shown in FIG. 23, the backup data from each user is stored in a state encrypted with a different encryption key for each user. It will be. Referring to FIG. 23, it can be seen that the backup data from company A is encrypted with encryption key 2, and the backup data from company B is encrypted with encryption key 3. FIG. In addition, since the backup data stored by CE is stored encrypted with an encryption key generated by calculation using the request number, it is encrypted with a different encryption key for each request. will be stored.

Next, the operation when a malicious third party illegally obtains the backup data stored in the cloud server 20 will be described with reference to the sequence chart of FIG.

Here, it is assumed that the backup data acquired from the cloud server 20 is encrypted with the encryption key 2 generated by calculation using the key generation data 2 and the user ID "cid1". It is assumed that the malicious third party also entered this user ID "cid1".

First, a malicious third party uses the terminal device 90 to obtain backup data of the image forming apparatus 40 by some illegal method in step S701, and saves the backup data in the local file server or the HDD in the terminal device 90. do.

Then, in step S702, the terminal device 90 reads out the saved encrypted backup data.

In the terminal device 90, in step S703, the backup management software is activated, and the obtained user ID "cid1" is entered when entering the password.

Then, in step S704, the backup management software of the terminal device 90 recognizes that the backup data is the backup data saved in the on-premises environment because the backup data has been obtained from the local file server or the HDD within the device itself. , and generate encryption keys for the on-premises environment. Specifically, the backup management software of the terminal device 90 performs a predetermined operation between the encryption key generation data 1 and the input user ID “cid1” to generate the encryption key 5 .

Then, in step S705, the terminal device 90 uses the generated encryption key 5 to decrypt the encrypted backup data. However, since this backup data is encrypted with the encryption key 2, it cannot be decrypted with the encryption key 5, and a malicious third party cannot view the contents of the backup data.

According to the information processing system of the present embodiment described above, as shown in FIG. 25, different encryption keys are used when saving backup data in a cloud environment and when saving backup data in an on-premises environment. It will be stored in a compressed state. Specifically, referring to FIG. 25, when the backup data obtained from the image forming apparatus 40 is stored in the cloud server 20, it is encrypted with the encryption key 2 and stored in the file server 50 or When stored in the HDD of the terminal device 10 , it is stored in a state encrypted with the encryption key 1 .

Then, as shown in FIG. 26, the backup management software of the terminal device 10 encrypts the backup data with the encryption key 2 before storing it in the cloud environment, and stores the backup data acquired from the cloud environment with is decrypted with the encryption key 2 and used. Similarly, as shown in FIG. 26, the backup management software of the terminal device 10 encrypts the backup data with the encryption key 1 before storing it in the on-premise environment, and stores the backup data acquired from the on-premise environment. is decrypted with encryption key 1 and used.

Furthermore, the backup management software of the terminal device 10 stores the backed up data after being encrypted with an encryption key corresponding to the storage location in principle, even when the backed up data after editing or the like is re-stored. However, when re-encrypting and storing the backup data acquired from the cloud environment, even if the specified storage location is the on-premises environment, it is encrypted with the encryption key 2 for the cloud environment and stored.

The operation of the terminal device 10 when performing the re-encryption process of acquiring the temporarily stored backup data, encrypting it again, and storing it will be described with reference to the flowchart of FIG. 27 .

When the terminal device 10 acquires the stored backup data in step S801, it determines in step S802 whether or not the storage location where the backup data is stored is the cloud environment.

If it is determined in step S802 that the storage location is not in the cloud environment, that is, if it is determined that the storage location is in the on-premises environment, the terminal device 10, in step S803, backs up the backup data using the encryption key 1 for the on-premises environment. Decrypt.

After displaying and editing the plaintext backup data in step S804, the terminal device 10 determines in step S805 whether or not the storage location for re-storing is the cloud environment.

If it is determined in step S805 that the storage location for re-storing is the cloud environment, the terminal device 10 encrypts the backup data with the encryption key 2 for the cloud environment in step S806. If it is determined in step S805 that the storage location for re-storing is the on-premises environment, the terminal device 10 encrypts the backup data with the encryption key 1 for the on-premises environment in step S807.

Then, in step S808, the terminal device 10 stores the re-encrypted backup data in the specified storage location.

Here, if it is determined in step S802 that the storage location is the cloud environment, the terminal device 10 decrypts the backup data with the encryption key 2 for the cloud environment in step S809.

Then, after displaying and editing the plaintext backup data in step S810, in step S811, the terminal device 10 performs , encrypts the backup data with the encryption key 2 for the cloud environment.

Then, in step S808, the terminal device 10 stores the re-encrypted backup data in the specified storage location.

In other words, the backup management software of the terminal device 10 can store backup data stored in the storage area of the cloud environment even once, even if the subsequent storage location is in the cloud environment as well as in the on-premises environment. It is stored after being encrypted with the encryption key 2 for.

It should be noted that the backup data encrypted with the encryption key 2 for the cloud in this way cannot be decrypted and the contents cannot be viewed while stored in the storage area of the on-premises environment. However, even such backup data can be decrypted and returned to plaintext by the backup management software of the terminal device 10 by saving it again in the cloud environment.

The reason why the backup data acquired from the cloud environment in this way is re-encrypted with the encryption key for the cloud environment even if the storage location is the on-premises environment will be explained below.

First, how a malicious third party illegally obtains backup data stored in the cloud server 20 using the terminal device 90 will be described with reference to FIG.

FIG. 28 shows how a malicious third party uses the terminal device 90 to illegally obtain the backup data encrypted with the encryption key 2 for the cloud environment.

The backup data illegally obtained from the cloud server 20 by a malicious third party in this way is decrypted with the encryption key 2 and re-encrypted with the encryption key 2 as shown in FIG. It is assumed that the file is encrypted and stored in the HDD of the terminal device 90 .

In this way, the backup data acquired from the cloud environment is re-encrypted with the encryption key 2 for the cloud environment and stored even in the on-premise environment where the storage location is within the HDD of the terminal device 90. .

Therefore, even if a malicious third party tries to decrypt the backup data stored in the terminal device 90, the backup management software of the terminal device 90 is stored in the on-premises environment as shown in FIG. Since it is the backup data that was previously stored, it tries to decrypt it using the encryption key 1 for the on-premises environment.

However, since the illegally obtained backup data is encrypted with the encryption key 2, it cannot be decrypted with the encryption key 1, and the contents cannot be viewed or copied.

In each of the above embodiments, the processor refers to a processor in a broad sense, such as a general-purpose processor (e.g. CPU: Central Processing Unit, etc.) or a dedicated processor (e.g. GPU: Graphics Processing Unit, ASIC: Application Specific Integrated Circuit, FPGA: Field Programmable Gate Array, programmable logic device, etc.).

Further, the operations of the processors in each of the above embodiments may be performed not only by one processor but also by the cooperation of a plurality of physically separated processors. Also, the order of each operation of the processor is not limited to the order described in each of the above embodiments, and may be changed as appropriate.

[Variation]
In the above-described embodiment, the case where backup data is saved and restored with an image forming apparatus as the target device has been described. The present invention can be applied in the same way when used as a device.

10 terminal device 11 CPU
12 memory 13 storage device 14 communication interface 15 user interface device 16 control bus 20 cloud server 21 operation input unit 22 display unit 23 data transmission/reception unit 24 backup processing control unit 25 encryption key generation unit 26 key generation data storage unit 27 backup data storage Unit 30 Internet 40 Image forming apparatus 50 File server 60 Terminal device 90 Terminal device

Claims (12)

with memory and processor
The processor
When storing the setting information acquired from the device in the specified storage location, if the specified storage location is the first storage area that can be accessed from the own device without requiring authentication processing, the acquired setting information is encrypted with a first encryption key for encrypting the setting information to be stored in the first storage area and stored;
If the specified storage location is a second storage area that is accessible from other devices and requires authentication processing to access the stored setting information, the acquired setting information is stored in the second storage area. encrypting and storing the setting information to be stored in the second storage area with a second encryption key for encrypting the setting information;
When the setting information stored in the second storage area is obtained, the obtained setting information is decrypted using the second encryption key, and when an instruction to re-store the decrypted setting information is received, An information processing device that encrypts and stores the decrypted setting information using the second encryption key. The processor
3. When receiving an instruction to re-store the decrypted setting information, even if the specified storage location is the first storage area, the setting information is encrypted using the second encryption key and stored. 1. The information processing device according to 1. 3. The information processing apparatus according to claim 1, wherein said processor generates different cryptographic keys for each user as said first and second cryptographic keys. 4. The information processing apparatus according to claim 3, wherein said user is a group of users composed of a plurality of individual users. 4. The information processing apparatus according to claim 3, wherein said processor generates said second encryption key based on a user identifier specified during authentication processing for accessing said second storage area. the memory stores first key generation information for generating the first encryption key and second key generation information for generating the second encryption key;
6. The information processing apparatus according to claim 5, wherein the processor generates the second encryption key by performing an operation using the stored second key generation information and a user's identifier. If the user who gave the instruction to store the setting information is a person acting on behalf of another user based on a request from the other user, the processor stores the usage specified during the authentication process. 4. The information processing apparatus according to claim 3, wherein said second encryption key is generated based on a user's identifier and a request number from another user. the memory stores first key generation information for generating the first encryption key and second key generation information for generating the second encryption key;
8. Information according to claim 7, wherein said processor generates said second encryption key by performing a calculation using said stored second key generation information, a user's identifier, and a request number. processing equipment. 4. The information processing apparatus according to claim 3, wherein said processor generates said first encryption key based on authentication information preset for each user. the memory stores first key generation information for generating the first encryption key and second key generation information for generating the second encryption key;
10. The information processing apparatus according to claim 9, wherein the processor generates the first encryption key by performing an operation using the stored first key generation information and input authentication information. 11. The information processing apparatus according to claim 6, wherein said memory stores said first and second key generation information in an obfuscated state. When storing the setting information acquired from the device in the specified storage location, if the specified storage location is the first storage area that can be accessed from the own device without requiring authentication processing, the acquired a step of encrypting and storing setting information with a first encryption key for encrypting the setting information to be stored in the first storage area;
If the specified storage location is a second storage area that is accessible from other devices and requires authentication processing to access the stored setting information, the acquired setting information is stored in the second storage area. a step of encrypting and storing the setting information to be stored in the second storage area with a second encryption key for encrypting the setting information;
When the setting information stored in the second storage area is obtained, the obtained setting information is decrypted using the second encryption key, and when an instruction to re-store the decrypted setting information is received, a step of encrypting and storing the decrypted setting information using the second encryption key;
A program that causes a computer to run

Images