WO2022185984A1 - Information processing device and information processing system - Google Patents

Information processing device and information processing system Download PDF

Info

Publication number
WO2022185984A1
WO2022185984A1 PCT/JP2022/007106 JP2022007106W WO2022185984A1 WO 2022185984 A1 WO2022185984 A1 WO 2022185984A1 JP 2022007106 W JP2022007106 W JP 2022007106W WO 2022185984 A1 WO2022185984 A1 WO 2022185984A1
Authority
WO
WIPO (PCT)
Prior art keywords
vpn
communication
image forming
communication path
processing
Prior art date
Application number
PCT/JP2022/007106
Other languages
French (fr)
Japanese (ja)
Inventor
亮祐 加藤
経介 福島
重中 金光
康史 塚本
明彦 伊ヶ崎
Original Assignee
京セラドキュメントソリューションズ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 京セラドキュメントソリューションズ株式会社 filed Critical 京セラドキュメントソリューションズ株式会社
Publication of WO2022185984A1 publication Critical patent/WO2022185984A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements

Definitions

  • the present invention relates to an information processing device and an information processing system.
  • a VPN Virtual Private Network
  • the external image forming device obtains a print job from the office and executes it (for example, See Patent Document 1).
  • organizations such as companies may set up a VPN that connects external user terminal devices to networks within the organization's bases for remote work of organization members such as employees.
  • organizational members may use image forming devices such as printers at remote sites such as homes.
  • image forming devices such as printers at remote sites such as homes.
  • resources servers, devices, data, etc.
  • a VPN as described above for security reasons.
  • Zero trust security is required from an organizational base such as an office to an image forming device at a remote base such as a user's home.
  • VPN methods there are many different VPN methods depending on the VPN vendor, and different VPN methods are adopted by different organizations. Regardless of the VPN method, it is difficult to set up a VPN between an image forming apparatus at an organizational base and a remote base.
  • the present invention has been made in view of the above problems, and an object thereof is to obtain an information processing apparatus and an information processing system that perform VPN communication between an image forming apparatus at an organizational base and a remote base.
  • An information processing apparatus includes a communication control unit that controls a communication device connected to a local network in a remote site, and a first VPN communication between an organization site via a router using the communication control unit a first VPN processing unit for setting a path; a second VPN processing unit for setting a second VPN communication path between an image forming apparatus connected to the local network using the communication control unit; and the first VPN communication path. and a VPN connection unit for connecting the second VPN communication path.
  • An information processing system includes the information processing device and the image forming device. Then, the image forming apparatus executes a job using resources of the organizational base via the first VPN communication path and the second VPN communication path.
  • an information processing device and an information processing system that perform VPN communication between an organizational base and an image forming device at a remote base can be obtained.
  • FIG. 1 is a block diagram showing the configuration of an information processing system according to an embodiment of the invention.
  • FIG. 2 is a block diagram showing the configuration of the user terminal device 21 in FIG.
  • FIG. 3 is a block diagram showing the configuration of the image forming apparatus 22 in FIG. 1.
  • FIG. 4 is a block diagram showing the configuration of the image forming apparatus 11 in FIG. 1.
  • FIG. 5 is a sequence diagram showing communication processing between the organizational site 1 and the image forming apparatus 22 (1/2).
  • FIG. 6 is a sequence diagram showing communication processing between the organizational site 1 and the image forming apparatus 22 (2/2).
  • FIG. 1 is a block diagram showing the configuration of an information processing system according to an embodiment of the present invention.
  • the information processing system shown in FIG. Each has a user terminal device 21, an image forming device 22, a router 23, and a local network 24, and VPN communication ( communication over a virtual private network).
  • VPN communication communication over a virtual private network.
  • the organizational site 1 is the office of the company
  • the remote site 2-i is the home of the employee (user) of the company.
  • the image forming apparatus 11 is a printer, a multifunction device, or the like connected to the local network 15, and executes a job (print job, scan-to-job, etc.) requested by the user.
  • the terminal device 12 is a personal computer or the like connected to the local network 15 and transmits a job request to the image forming device 11 via the local network 15 .
  • the server 13 is connected to the local network 15 and has functions such as a file server and an active directory server.
  • the router 14 is a communication device that has a VPN server function and connects the local network 15 and the wide area network 3 .
  • the local network 15 is a wired LAN (Local Area Network), a wireless LAN, or the like.
  • the user terminal device 21 is connected to the local network 24 and is an information processing device used by a user who is an organization member, such as a personal computer or a mobile terminal device.
  • the image forming apparatus 22 is a printer, multi-function peripheral, etc., connected to the local network 24, and executes a job (print job, scan-to-job, etc.) requested by the user.
  • the router 23 is communication equipment that connects the local network 24 and the wide area network 3 .
  • the local network 24 is a wired LAN, wireless LAN, or the like.
  • FIG. 2 is a block diagram showing the configuration of the user terminal device 21 in FIG.
  • the user terminal device 21 includes an input device 31, a display device 32, a storage device 33, a communication device 34, and an arithmetic processing device 35.
  • the input device 31 is a device such as a hard key or touch panel that detects user operations and outputs information indicating user operations.
  • the display device 32 is a device such as a liquid crystal display that displays various information to the user.
  • the input device 31 and the display device 32 may be built in the user terminal device 21, or may be connected to the user terminal device 21 as external devices.
  • the storage device 33 is a rewritable non-volatile storage device such as a hard disk or flash memory, and stores programs and data.
  • the communication device 34 is a device that is connected to the local network 24 and performs data communication with other devices via the local network 24 .
  • the arithmetic processing unit 35 includes a computer that executes various programs, an ASIC (Application Specific Integrated Circuit), etc., and the computer, ASIC, etc. operates as various processing units.
  • the arithmetic processing unit 35 operates as the communication control unit 41, the VPN processing unit 42-1, the VPN processing unit 42-2, the VPN connection unit 43, and the driver 44.
  • the communication control unit 41 controls the communication device 34 connected to the local network 24 within the remote site 2-i, and performs data communication according to a predetermined communication protocol.
  • the VPN processing unit 42-1 uses the communication control unit 41 to set up the first VPN communication path with the organizational base 1 via the router 23.
  • the VPN processing unit 42-2 sets up a second VPN communication path with the image forming device 22 connected to the local network 24 using the communication control unit 41.
  • the VPN method of the first VPN communication channel and the VPN method of the second VPN communication channel may be the same or different.
  • the communication control unit 41 transmits and receives packets encapsulated by the VPN protocol (VPN method) of the first VPN communication channel using a lower-layer communication protocol (TCP (Transmission Control Protocol)/IP (Internet Protocol), etc.). , transmits and receives a packet encapsulated by the VPN protocol (VPN method) of the second VPN communication path using a lower layer communication protocol.
  • VPN protocol VPN method
  • TCP Transmission Control Protocol
  • IP Internet Protocol
  • the VPN connection unit 43 connects the above-described first VPN communication path and the above-described second VPN communication path.
  • the VPN processing unit 42-1 executes decapsulation processing and decryption processing of packets received through the first VPN communication channel, and executes encryption processing and encapsulation processing of packets to be transmitted through the first VPN communication channel.
  • the VPN processing unit 42-2 executes decapsulation processing and decryption processing of packets received through the second VPN communication channel, and executes encryption processing and encapsulation processing of packets to be transmitted through the second VPN communication channel.
  • the VPN connection unit 43 transfers packets between the VPN processing units 42-1 and 42-2. Note that this packet transfer is executed only inside the processing unit 35 without going through the outside.
  • the driver 44 is a driver of the image forming apparatus 22 , generates a job request (such as a print request) according to the user's operation on the input device 31 , and transmits the job request to the image forming apparatus 22 through the communication device 34 .
  • the driver 44 may transmit the job request to the image forming apparatus 22 using the second VPN communication path here, or may transmit the job request to the image forming apparatus 22 without using the second VPN communication path. You may
  • VPN processing unit 42-1, the VPN connection unit 43, and the driver 44 are collectively installed in the user terminal device 21 by an installer provided by the vendor of the image forming apparatus 22, for example.
  • FIG. 3 is a block diagram showing the configuration of the image forming apparatus 22 shown in FIG.
  • the image forming apparatus 22 shown in FIG. 3 includes a storage device 51, an operation panel 52, an arithmetic processing device 53, a printing device 54, an image reading device 55, a communication device 56, and the like.
  • the storage device 51 is a non-volatile rewritable storage device such as flash memory.
  • the storage device 51 stores programs and data.
  • the operation panel 52 is arranged on the front side of the upper surface of the housing of the image forming apparatus 22, and includes a display device 52a such as a liquid crystal display, and an input device 52b such as hard keys and a touch panel.
  • the display device 52 a displays various screens to the user, and the input device 52 b accepts user operations input by the user 102 .
  • the arithmetic processing unit 53 is a computer having a CPU (Central Processing Unit), ROM (Read Only Memory), and RAM (Random Access Memory), and loads programs stored in the ROM and the storage device 51 into the RAM. It operates as various processing units by being executed by the CPU. Arithmetic processing unit 53 operates as controller 61 , communication control unit 62 , and VPN processing unit 63 .
  • CPU Central Processing Unit
  • ROM Read Only Memory
  • RAM Random Access Memory
  • the printing device 54 prints the target image (original image, etc.) on printing paper based on the image data.
  • the image reading device 55 optically reads a document image from a document and generates image data of the document image.
  • the communication device 56 is connected to the local network 24 and performs data communication with the user terminal device 21, the router 23, and the like.
  • the controller 61 controls the internal devices such as the printing device 54, the image reading device 55, and the communication device 56 according to user operations on the operation panel 52 and job requests received from the user terminal device 22 through the communication device 56, job.
  • the communication control unit 62 controls the communication device 56 to perform data communication according to a predetermined communication protocol.
  • the VPN processing unit 63 uses the communication control unit 62 to perform VPN communication.
  • the VPN processing unit 63 performs encryption processing and encapsulation processing of transmission data and decapsulation processing and decryption processing of reception data according to the same VPN method as the VPN processing unit 42-2 of the user terminal device 21.
  • FIG. 1 A block diagram illustrating an exemplary computing environment in accordance with the present disclosure.
  • FIG. 4 is a block diagram showing the configuration of the image forming apparatus 11 shown in FIG.
  • the image forming apparatus 11 shown in FIG. 4 includes a storage device 71, an operation panel 72, an arithmetic processing device 73, a printing device 74, an image reading device 75, a communication device 76, a facsimile device 77, and the like.
  • Storage device 71, operation panel 72, arithmetic processing device 73, printing device 74, image reading device 75, and communication device 76 are the storage device 51, operation panel 52, arithmetic processing device 53, printing device 54, and image reading device, respectively. 55 , and communication device 56 . Note that the functions of both may be different.
  • the display device 72a and the input device 72b are devices similar to the display device 52a and the input device 52b, respectively.
  • controller 81 and the communication control unit 82 are processing units similar to the controller 61 and the communication control unit 62, respectively.
  • FIG. 5 and 6 are sequence diagrams showing communication processing between the organizational base 1 and the image forming apparatus 22.
  • FIG. 5 and 6 are sequence diagrams showing communication processing between the organizational base 1 and the image forming apparatus 22.
  • the user operates the user terminal device 21 or the image forming device 22 to input a job request to the image forming device 22 and causes the image forming device 22 to execute the job.
  • the controller 61 accepts the job request, and if the job specified by the job request is a job (such as a print job) that does not require the resources of the organizational base 1 , the image forming apparatus 22 does not access the organizational base 1 . , the internal device of the image forming apparatus 22 is used to execute the job.
  • a job such as a print job
  • the controller 61 connects the first VPN communication path relayed by the user terminal device 2 and the second VPN communication path. 2 The job is executed using the resources of the organizational site 1 via the VPN communication path.
  • an image data file of an image obtained by image reading (here, a document image read by the image forming device 22 of the remote site 2-i) is sent to a file server (here, the server 13 in the organization site 1).
  • a file server here, the server 13 in the organization site 1.
  • the file is generated by the image forming device 22 of the remote site 2-i via the first VPN communication path and the second VPN communication path, and the image forming apparatus of the remote site 2-i It is transferred from the device 22 to the server 13 of the organizational base 1 and stored therein.
  • an application here, image forming in the In the case of a scan-to-SaaS (Software as a Service) job that executes a predetermined process using an application installed on the device 11, the image data is sent to the remote site 2 via the first VPN communication path and the second VPN communication path. It is generated by the image forming apparatus 22 of -i, transferred from the image forming apparatus 22 of the remote site 2-i to the image forming apparatus 11 of the organization site 1, and processed by the application of the image forming apparatus 11.
  • image data stored in an external storage device (here, the server 13 in the organizational site 1) is acquired, and a document image based on the image data is printed (here, the remote site 2-i
  • the image data is transferred from the server 13 of the organizational site 1 to the image forming apparatus of the remote site 2-i via the first VPN communication path and the second VPN communication path. 22, and acquired by the image forming apparatus 22 of the remote site 2-i, and the image forming apparatus 22 prints an image based on the image data.
  • the first VPN communication path and the second VPN communication path are , the address book data is transferred from the image forming device 11, server 13, etc. of the organizational site 1 to the image forming device 22 of the remote site 2-i, acquired by the image forming device 22 of the remote site 2-i, Addresses based on the address book data are used as scan-to-email destinations, facsimile transmission destinations, and the like.
  • VPN communication from the organizational base 1 to the image forming apparatus 22 is executed as shown in FIG. That is, in the router 14 (or another communication device) of the organizational base 1, encryption processing and encapsulation processing of the data to be transmitted are executed, and the data (packet) destined for the image forming apparatus 22 is transmitted through the first VPN communication. It is transmitted over the network and received by the communication control section 41 of the user terminal device 21 (step S1). Decapsulation processing and decryption processing of the data (packet) are executed by the VPN processing unit 42-1 (step S2), and the data (packet) is transferred from the VPN processing unit 42-1 to the VPN processing unit by the VPN connecting unit 43.
  • step S3 to S5 steps S3 to S5
  • encryption processing and encapsulation processing are executed by the VPN processing unit 42-2 (step S6).
  • step S6 the data (packet) is transmitted to the image forming apparatus 22 through the second VPN communication channel by the communication control unit 41 (step S7).
  • the data (packets) are used after decapsulation and decoding.
  • VPN communication from the image forming device 22 to the organizational base 1 is executed as shown in FIG. That is, the data to be transmitted is encrypted and encapsulated in the image forming apparatus 22, and the data (packet) destined for the communication device (image forming apparatus 11, server 13, etc.) within the organizational base 1 is is transmitted through the second VPN channel and received by the communication control unit 41 of the user terminal device 21 (step S21). Then, decapsulation processing and decryption processing of the data (packet) are executed by the VPN processing unit 42-2 (step S22), and the data (packet) is transferred from the VPN processing unit 42-2 to the VPN by the VPN connection unit 43.
  • step S26 the data (packet) is transmitted by the communication control unit 41 to the router 14 of the organizational base 1 through the first VPN communication path (step S27).
  • the data (packets) are decapsulated and decrypted by a router 14 or another communication device for subsequent use.
  • the communication control unit 41 controls the communication device 34 connected to the local network 24 within the remote site 2-i.
  • the VPN processing unit 42-1 uses the communication control unit 41 to set the first VPN communication path with the organizational site 1 via the router 23.
  • the VPN processing unit 42-2 sets up a second VPN communication path with the image forming apparatus 22 connected to the local network 24 using the communication control unit 41.
  • the VPN connection unit 43 connects the above-described first VPN communication channel and second VPN communication channel.
  • VPN communication is performed between the organizational base 1 and the image forming apparatus 22 to achieve zero trust security.
  • the VPN communication method between the organizational base 1 and the user terminal device 21 has already been specified, the VPN communication method between the user terminal device 21 and the image forming device 22 is set to a single fixed VPN. Since the method may be used, the implementation cost of the VPN communication function of the image forming apparatus 22 is reduced.
  • the present invention is applicable, for example, to an information processing system that performs VPN communication.

Abstract

A communications control unit (41) in a user terminal device (21) controls a communications device (34) that is connected to a local network (24) inside a remote base (2-i). A VPN processing unit (42-1) uses the communications control unit (41) and sets a first VPN communications path between the VPN processing unit and an organization base (1) via a router (23). A VPN processing unit (42-2) uses the communications control unit (41) and sets a second VPN communications path between the VPN processing unit and an image formation device (22) connected to the local network (24). A VPN connection unit (43) connects the first VPN communications path and the second VPN communications path.

Description

情報処理装置および情報処理システムInformation processing device and information processing system
 本発明は、情報処理装置および情報処理システムに関するものである。 The present invention relates to an information processing device and an information processing system.
 あるシステムでは、オフィス内のVPNサーバーと外部の画像形成装置との間でVPN(Virtual Private Network)が設定され、外部の画像形成装置は、オフィスからプリントジョブを取得し、実行している(例えば特許文献1参照)。 In one system, a VPN (Virtual Private Network) is set up between a VPN server in the office and an external image forming device, and the external image forming device obtains a print job from the office and executes it (for example, See Patent Document 1).
特開2020-154802号公報Japanese Patent Application Laid-Open No. 2020-154802
 一般的に、企業などの組織は、従業員などの組織メンバーのリモートワークなどのために、外部のユーザー端末装置から組織の拠点内のネットワークに接続するVPNを設定することがある。 In general, organizations such as companies may set up a VPN that connects external user terminal devices to networks within the organization's bases for remote work of organization members such as employees.
 他方、組織メンバー(ユーザー)は、自宅などのリモート拠点でプリンターなどの画像形成装置を使用することがある。その場合において、組織の拠点におけるリソース(サーバー、デバイス、データなど)を使用して、リモート拠点の画像形成装置でジョブを実行するときには、セキュリティ上、上述のようにVPNを使用する必要があり、オフィスなどの組織拠点からユーザーの自宅などのリモート拠点の画像形成装置までのゼロトラストセキュリティが要求される。 On the other hand, organizational members (users) may use image forming devices such as printers at remote sites such as homes. In that case, when using resources (servers, devices, data, etc.) at the organization's bases to execute jobs on image forming devices at remote bases, it is necessary to use a VPN as described above for security reasons. Zero trust security is required from an organizational base such as an office to an image forming device at a remote base such as a user's home.
 しかしながら、VPNベンダーによって異なる多くのVPN方式があり、組織によって異なる方式のVPNが採用されているため、リモート拠点の画像形成装置をすべてのVPN方式に対応させて、ユーザー端末装置に採用されているVPNの方式に拘わらず、組織拠点とリモート拠点の画像形成装置との間でVPNを設定することは困難である。 However, there are many different VPN methods depending on the VPN vendor, and different VPN methods are adopted by different organizations. Regardless of the VPN method, it is difficult to set up a VPN between an image forming apparatus at an organizational base and a remote base.
 本発明は、上記の問題に鑑みてなされたものであり、組織拠点とリモート拠点の画像形成装置との間でのVPN通信を行う情報処理装置および情報処理システムを得ることを目的とする。 The present invention has been made in view of the above problems, and an object thereof is to obtain an information processing apparatus and an information processing system that perform VPN communication between an image forming apparatus at an organizational base and a remote base.
 本発明に係る情報処理装置は、リモート拠点内のローカルネットワークに接続された通信装置を制御する通信制御部と、前記通信制御部を使用してルーターを介して組織拠点との間で第1VPN通信路を設定する第1VPN処理部と、前記通信制御部を使用して前記ローカルネットワークに接続された画像形成装置との間で第2VPN通信路を設定する第2VPN処理部と、前記第1VPN通信路と前記第2VPN通信路とを接続するVPN接続部とを備える。 An information processing apparatus according to the present invention includes a communication control unit that controls a communication device connected to a local network in a remote site, and a first VPN communication between an organization site via a router using the communication control unit a first VPN processing unit for setting a path; a second VPN processing unit for setting a second VPN communication path between an image forming apparatus connected to the local network using the communication control unit; and the first VPN communication path. and a VPN connection unit for connecting the second VPN communication path.
 本発明に係る情報処理システムは、上記情報処理装置と、前記画像形成装置とを備える。そして、前記画像形成装置は、前記第1VPN通信路および前記第2VPN通信路を介して前記組織拠点のリソースを使用してジョブを実行する。 An information processing system according to the present invention includes the information processing device and the image forming device. Then, the image forming apparatus executes a job using resources of the organizational base via the first VPN communication path and the second VPN communication path.
 本発明によれば、組織拠点とリモート拠点の画像形成装置との間でのVPN通信を行う情報処理装置および情報処理システムが得られる。 According to the present invention, an information processing device and an information processing system that perform VPN communication between an organizational base and an image forming device at a remote base can be obtained.
 本発明の上記又は他の目的、特徴および優位性は、添付の図面とともに以下の詳細な説明から更に明らかになる。 The above or other objects, features and advantages of the present invention will become further apparent from the following detailed description together with the accompanying drawings.
図1は、本発明の実施の形態に係る情報処理システムの構成を示すブロック図である。FIG. 1 is a block diagram showing the configuration of an information processing system according to an embodiment of the invention. 図2は、図1におけるユーザー端末装置21の構成を示すブロック図である。FIG. 2 is a block diagram showing the configuration of the user terminal device 21 in FIG. 図3は、図1における画像形成装置22の構成を示すブロック図である。FIG. 3 is a block diagram showing the configuration of the image forming apparatus 22 in FIG. 1. As shown in FIG. 図4は、図1における画像形成装置11の構成を示すブロック図である。FIG. 4 is a block diagram showing the configuration of the image forming apparatus 11 in FIG. 1. As shown in FIG. 図5は、組織拠点1との画像形成装置22との通信処理を示すシーケンス図である(1/2)。FIG. 5 is a sequence diagram showing communication processing between the organizational site 1 and the image forming apparatus 22 (1/2). 図6は、組織拠点1との画像形成装置22との通信処理を示すシーケンス図である(2/2)。FIG. 6 is a sequence diagram showing communication processing between the organizational site 1 and the image forming apparatus 22 (2/2).
 以下、図に基づいて本発明の実施の形態を説明する。 Embodiments of the present invention will be described below based on the drawings.
 図1は、本発明の実施の形態に係る情報処理システムの構成を示すブロック図である。図1に示す情報処理システムは、組織拠点1において、画像形成装置11、端末装置12、サーバー13、ルーター14、およびローカルネットワーク15を備え、1または複数のリモート拠点2-1~2-Nのそれぞれにおいて、ユーザー端末装置21、画像形成装置22、ルーター23、およびローカルネットワーク24を備え、広域ネットワーク3(インターネットなど)を介して組織拠点1と各リモート拠点2-iとの間のVPN通信(バーチャルプライベートネットワークを介した通信)を実行する。 FIG. 1 is a block diagram showing the configuration of an information processing system according to an embodiment of the present invention. The information processing system shown in FIG. Each has a user terminal device 21, an image forming device 22, a router 23, and a local network 24, and VPN communication ( communication over a virtual private network).
 例えば、組織拠点1は、企業のオフィスであり、リモート拠点2-iは、企業の従業員(ユーザー)の自宅である。 For example, the organizational site 1 is the office of the company, and the remote site 2-i is the home of the employee (user) of the company.
 画像形成装置11は、ローカルネットワーク15に接続されている、プリンター、複合機などであって、ユーザーにより要求されたジョブ(プリントジョブ、スキャントゥジョブなど)を実行する。端末装置12は、ローカルネットワーク15に接続されている、パーソナルコンピューターなどであって、ローカルネットワーク15を介して、ジョブの要求を画像形成装置11へ送信する。サーバー13は、ローカルネットワーク15に接続されており、ファイルサーバー、アクティブディレクトリサーバーなどといった機能を有する。ルーター14は、VPNサーバー機能を有し、ローカルネットワーク15と広域ネットワーク3とを接続する通信機器である。 The image forming apparatus 11 is a printer, a multifunction device, or the like connected to the local network 15, and executes a job (print job, scan-to-job, etc.) requested by the user. The terminal device 12 is a personal computer or the like connected to the local network 15 and transmits a job request to the image forming device 11 via the local network 15 . The server 13 is connected to the local network 15 and has functions such as a file server and an active directory server. The router 14 is a communication device that has a VPN server function and connects the local network 15 and the wide area network 3 .
 なお、ローカルネットワーク15は、有線LAN(Local Area Network)、無線LANなどである。 The local network 15 is a wired LAN (Local Area Network), a wireless LAN, or the like.
 ユーザー端末装置21は、ローカルネットワーク24に接続されており、組織メンバーであるユーザーの使用する情報処理装置であり、パーソナルコンピューターや携帯端末装置などである。画像形成装置22は、ローカルネットワーク24に接続されている、プリンター、複合機などであって、ユーザーにより要求されたジョブ(プリントジョブ、スキャントゥジョブなど)を実行する。ルーター23は、ローカルネットワーク24と広域ネットワーク3とを接続する通信機器である。 The user terminal device 21 is connected to the local network 24 and is an information processing device used by a user who is an organization member, such as a personal computer or a mobile terminal device. The image forming apparatus 22 is a printer, multi-function peripheral, etc., connected to the local network 24, and executes a job (print job, scan-to-job, etc.) requested by the user. The router 23 is communication equipment that connects the local network 24 and the wide area network 3 .
 なお、ローカルネットワーク24は、有線LAN、無線LANなどである。 The local network 24 is a wired LAN, wireless LAN, or the like.
 図2は、図1におけるユーザー端末装置21の構成を示すブロック図である。 FIG. 2 is a block diagram showing the configuration of the user terminal device 21 in FIG.
 図2に示すように、ユーザー端末装置21は、入力装置31、表示装置32、記憶装置33、通信装置34、および演算処理装置35を備える。 As shown in FIG. 2, the user terminal device 21 includes an input device 31, a display device 32, a storage device 33, a communication device 34, and an arithmetic processing device 35.
 入力装置31は、ユーザー操作を検出し、ユーザー操作を示す情報を出力する、ハードキー、タッチパネルなどといった装置である。表示装置32は、ユーザーに対して各種情報を表示する、液晶ディスプレイなどといった装置である。なお、入力装置31および表示装置32は、ユーザー端末装置21に内蔵されていてもよいし、外部装置としてユーザー端末装置21に接続されていてもよい。 The input device 31 is a device such as a hard key or touch panel that detects user operations and outputs information indicating user operations. The display device 32 is a device such as a liquid crystal display that displays various information to the user. The input device 31 and the display device 32 may be built in the user terminal device 21, or may be connected to the user terminal device 21 as external devices.
 記憶装置33は、ハードディスク、フラッシュメモリーなどといった書換可能な不揮発性の記憶装置であって、プログラムやデータを記憶している。 The storage device 33 is a rewritable non-volatile storage device such as a hard disk or flash memory, and stores programs and data.
 通信装置34は、ローカルネットワーク24に接続されており、ローカルネットワーク24を介して他の装置との間でデータ通信を行う装置である。 The communication device 34 is a device that is connected to the local network 24 and performs data communication with other devices via the local network 24 .
 演算処理装置35は、各種プログラムを実行するコンピューター、ASIC(Application Specific Integrated Circuit)などを備え、そのコンピューター、ASICなどで、各種処理部として動作する。ここでは、演算処理装置35は、通信制御部41、VPN処理部42-1、VPN処理部42-2、VPN接続部43、およびドライバー44として動作する。 The arithmetic processing unit 35 includes a computer that executes various programs, an ASIC (Application Specific Integrated Circuit), etc., and the computer, ASIC, etc. operates as various processing units. Here, the arithmetic processing unit 35 operates as the communication control unit 41, the VPN processing unit 42-1, the VPN processing unit 42-2, the VPN connection unit 43, and the driver 44.
 通信制御部41は、リモート拠点2-i内のローカルネットワーク24に接続された通信装置34を制御し、所定の通信プロトコルでデータ通信を行う。 The communication control unit 41 controls the communication device 34 connected to the local network 24 within the remote site 2-i, and performs data communication according to a predetermined communication protocol.
 VPN処理部42-1は、通信制御部41を使用してルーター23を介して組織拠点1との間で第1VPN通信路を設定する。 The VPN processing unit 42-1 uses the communication control unit 41 to set up the first VPN communication path with the organizational base 1 via the router 23.
 VPN処理部42-2は、通信制御部41を使用してローカルネットワーク24に接続された画像形成装置22との間で第2VPN通信路を設定する。 The VPN processing unit 42-2 sets up a second VPN communication path with the image forming device 22 connected to the local network 24 using the communication control unit 41.
 なお、第1VPN通信路のVPN方式と第2VPN通信路のVPN方式とは同一でもよいし、異なっていてもよい。 The VPN method of the first VPN communication channel and the VPN method of the second VPN communication channel may be the same or different.
 つまり、通信制御部41は、第1VPN通信路のVPNプロトコル(VPN方式)でカプセル化されているパケットを下層の通信プロトコル(TCP(Transmission Control Protocol)/IP(Internet Protocol)など)で送受信するとともに、第2VPN通信路のVPNプロトコル(VPN方式)でカプセル化されているパケットを下層の通信プロトコルで送受信する。例えば、SoftEtherVPNの場合、仮想ネットワーク上のIPパケットを転送するイーサーネットフレームが、実際のネットワークのTCP/IP上のHTTPSで転送される。 In other words, the communication control unit 41 transmits and receives packets encapsulated by the VPN protocol (VPN method) of the first VPN communication channel using a lower-layer communication protocol (TCP (Transmission Control Protocol)/IP (Internet Protocol), etc.). , transmits and receives a packet encapsulated by the VPN protocol (VPN method) of the second VPN communication path using a lower layer communication protocol. For example, in the case of SoftEtherVPN, Ethernet frames that transfer IP packets on the virtual network are transferred over HTTPS over TCP/IP on the real network.
 VPN接続部43は、上述の第1VPN通信路と上述の第2VPN通信路とを接続する。 The VPN connection unit 43 connects the above-described first VPN communication path and the above-described second VPN communication path.
 具体的には、VPN処理部42-1は、第1VPN通信路で受信したパケットのデカプセル処理および復号処理を実行し、第1VPN通信路で送信すべきパケットの暗号化処理およびカプセル化処理を実行する。VPN処理部42-2は、第2VPN通信路で受信したパケットのデカプセル処理および復号処理を実行し、第2VPN通信路で送信すべきパケットの暗号化処理およびカプセル化処理を実行する。VPN接続部43は、VPN処理部42-1とVPN処理部42-2との間でパケットの転送を行う。なお、このパケットの転送は、外部を経由せず演算処理装置35の内部のみで実行される。 Specifically, the VPN processing unit 42-1 executes decapsulation processing and decryption processing of packets received through the first VPN communication channel, and executes encryption processing and encapsulation processing of packets to be transmitted through the first VPN communication channel. do. The VPN processing unit 42-2 executes decapsulation processing and decryption processing of packets received through the second VPN communication channel, and executes encryption processing and encapsulation processing of packets to be transmitted through the second VPN communication channel. The VPN connection unit 43 transfers packets between the VPN processing units 42-1 and 42-2. Note that this packet transfer is executed only inside the processing unit 35 without going through the outside.
 また、ドライバー44は、画像形成装置22のドライバーであって、入力装置31に対するユーザー操作に従ってジョブ要求(プリント要求など)を生成し、通信装置34で、そのジョブ要求を画像形成装置22に送信する。なお、ドライバー44は、ここでは、第2VPN通信路を使用してジョブ要求を画像形成装置22に送信してもよいし、第2VPN通信路を使用せずにジョブ要求を画像形成装置22に送信してもよい。 Further, the driver 44 is a driver of the image forming apparatus 22 , generates a job request (such as a print request) according to the user's operation on the input device 31 , and transmits the job request to the image forming apparatus 22 through the communication device 34 . . Note that the driver 44 may transmit the job request to the image forming apparatus 22 using the second VPN communication path here, or may transmit the job request to the image forming apparatus 22 without using the second VPN communication path. You may
 なお、VPN処理部42-1、VPN接続部43、およびドライバー44は、例えば、画像形成装置22のベンダーによって提供されるインストーラーによって一括してユーザー端末装置21にインストールされる。 Note that the VPN processing unit 42-1, the VPN connection unit 43, and the driver 44 are collectively installed in the user terminal device 21 by an installer provided by the vendor of the image forming apparatus 22, for example.
 図3は、図1に示す画像形成装置22の構成を示すブロック図である。図3に示す画像形成装置22は、記憶装置51、操作パネル52、演算処理装置53、プリント装置54、画像読取装置55、通信装置56などを備える。 FIG. 3 is a block diagram showing the configuration of the image forming apparatus 22 shown in FIG. The image forming apparatus 22 shown in FIG. 3 includes a storage device 51, an operation panel 52, an arithmetic processing device 53, a printing device 54, an image reading device 55, a communication device 56, and the like.
 記憶装置51は、フラッシュメモリーなどの不揮発性の書換可能な記憶装置である。記憶装置51には、プログラムやデータが記憶される。 The storage device 51 is a non-volatile rewritable storage device such as flash memory. The storage device 51 stores programs and data.
 操作パネル52は、画像形成装置22の筐体の上面前側などに配置され、液晶ディスプレイなどの表示装置52a、およびハードキー、タッチパネルなどの入力装置52bを備える。表示装置52aは、ユーザーに対して各種画面を表示し、入力装置52bは、ユーザー102により入力されるユーザー操作を受け付ける。 The operation panel 52 is arranged on the front side of the upper surface of the housing of the image forming apparatus 22, and includes a display device 52a such as a liquid crystal display, and an input device 52b such as hard keys and a touch panel. The display device 52 a displays various screens to the user, and the input device 52 b accepts user operations input by the user 102 .
 演算処理装置53は、CPU(Central Processing Unit)、ROM(Read Only Memory)、およびRAM(Random Access Memory)を有するコンピューターであって、ROMや記憶装置51に記憶されているプログラムをRAMにロードしてCPUで実行することにより、各種処理部として動作する。演算処理装置53は、コントローラー61、通信制御部62、およびVPN処理部63として動作する。 The arithmetic processing unit 53 is a computer having a CPU (Central Processing Unit), ROM (Read Only Memory), and RAM (Random Access Memory), and loads programs stored in the ROM and the storage device 51 into the RAM. It operates as various processing units by being executed by the CPU. Arithmetic processing unit 53 operates as controller 61 , communication control unit 62 , and VPN processing unit 63 .
 プリント装置54は、画像データに基づき対象画像(原稿画像など)をプリント用紙にプリントする。画像読取装置55は、原稿から原稿画像を光学的に読み取り、その原稿画像の画像データを生成する。 The printing device 54 prints the target image (original image, etc.) on printing paper based on the image data. The image reading device 55 optically reads a document image from a document and generates image data of the document image.
 通信装置56は、ローカルネットワーク24に接続され、ユーザー端末装置21、ルーター23などとデータ通信を行う。 The communication device 56 is connected to the local network 24 and performs data communication with the user terminal device 21, the router 23, and the like.
 コントローラー61は、操作パネル52に対するユーザー操作や通信装置56によりユーザー端末装置22から受信されたジョブ要求に従って、プリント装置54、画像読取装置55、通信装置56などの内部装置を制御して、要求されたジョブを実行する。 The controller 61 controls the internal devices such as the printing device 54, the image reading device 55, and the communication device 56 according to user operations on the operation panel 52 and job requests received from the user terminal device 22 through the communication device 56, job.
 通信制御部62は、通信装置56を制御して、所定の通信プロトコルでデータ通信を行う。 The communication control unit 62 controls the communication device 56 to perform data communication according to a predetermined communication protocol.
 VPN処理部63は、通信制御部62を使用してVPN通信を行う。VPN処理部63は、ユーザー端末装置21のVPN処理部42-2と同一のVPN方式に従って、送信データの暗号化処理およびカプセル化処理を行うとともに、受信データのデカプセル処理および復号処理を実行する。 The VPN processing unit 63 uses the communication control unit 62 to perform VPN communication. The VPN processing unit 63 performs encryption processing and encapsulation processing of transmission data and decapsulation processing and decryption processing of reception data according to the same VPN method as the VPN processing unit 42-2 of the user terminal device 21. FIG.
 図4は、図1に示す画像形成装置11の構成を示すブロック図である。 FIG. 4 is a block diagram showing the configuration of the image forming apparatus 11 shown in FIG.
 図4に示す画像形成装置11は、記憶装置71、操作パネル72、演算処理装置73、プリント装置74、画像読取装置75、通信装置76、ファクシミリ装置77などを備える。 The image forming apparatus 11 shown in FIG. 4 includes a storage device 71, an operation panel 72, an arithmetic processing device 73, a printing device 74, an image reading device 75, a communication device 76, a facsimile device 77, and the like.
 記憶装置71、操作パネル72、演算処理装置73、プリント装置74、画像読取装置75、および通信装置76は、それぞれ、記憶装置51、操作パネル52、演算処理装置53、プリント装置54、画像読取装置55、および通信装置56と同様の装置である。なお、それぞれ、両者の機能は異なっていてもよい。表示装置72aおよび入力装置72bは、それぞれ、表示装置52aおよび入力装置52bと同様の装置である。 Storage device 71, operation panel 72, arithmetic processing device 73, printing device 74, image reading device 75, and communication device 76 are the storage device 51, operation panel 52, arithmetic processing device 53, printing device 54, and image reading device, respectively. 55 , and communication device 56 . Note that the functions of both may be different. The display device 72a and the input device 72b are devices similar to the display device 52a and the input device 52b, respectively.
 また、コントローラー81および通信制御部82は、それぞれ、コントローラー61および通信制御部62と同様の処理部である。 Also, the controller 81 and the communication control unit 82 are processing units similar to the controller 61 and the communication control unit 62, respectively.
 次に、上記システムの動作について説明する。図5および図6は、組織拠点1との画像形成装置22との通信処理を示すシーケンス図である。 Next, the operation of the above system will be explained. 5 and 6 are sequence diagrams showing communication processing between the organizational base 1 and the image forming apparatus 22. FIG.
 リモート拠点2-iにおいて、ユーザーは、ユーザー端末装置21または画像形成装置22を操作してジョブ要求を画像形成装置22に入力し、画像形成装置22にジョブを実行させる。 At the remote site 2-i, the user operates the user terminal device 21 or the image forming device 22 to input a job request to the image forming device 22 and causes the image forming device 22 to execute the job.
 画像形成装置22では、コントローラー61が、ジョブ要求を受け付け、ジョブ要求により指定されたジョブが組織拠点1のリソースを必要としないジョブ(プリントジョブなど)であれば、組織拠点1にアクセスせずに、画像形成装置22の内部装置を使用して、そのジョブを実行する。 In the image forming apparatus 22 , the controller 61 accepts the job request, and if the job specified by the job request is a job (such as a print job) that does not require the resources of the organizational base 1 , the image forming apparatus 22 does not access the organizational base 1 . , the internal device of the image forming apparatus 22 is used to execute the job.
 一方、ジョブ要求により指定されたジョブが組織拠点1のリソースを必要とするジョブ(センドトゥファイルサーバージョブなど)であれば、コントローラー61は、ユーザー端末装置2により中継される第1VPN通信路および第2VPN通信路を介して組織拠点1のリソースを使用してジョブを実行する。 On the other hand, if the job specified by the job request is a job (such as a send-to-file server job) that requires resources in the organizational base 1, the controller 61 connects the first VPN communication path relayed by the user terminal device 2 and the second VPN communication path. 2 The job is executed using the resources of the organizational site 1 via the VPN communication path.
 例えば、画像読取で得られた画像(ここでは、リモート拠点2-iの画像形成装置22で読み取られた原稿画像)の画像データファイルをファイルサーバー(ここでは、組織拠点1内のサーバー13など)に保存するスキャントゥファイルサーバージョブの場合、第1VPN通信路および第2VPN通信路を介して、そのファイルが、リモート拠点2-iの画像形成装置22により生成され、リモート拠点2-iの画像形成装置22から組織拠点1のサーバー13などに転送され保存される。 For example, an image data file of an image obtained by image reading (here, a document image read by the image forming device 22 of the remote site 2-i) is sent to a file server (here, the server 13 in the organization site 1). In the case of a scan-to-file server job to be stored in the remote site 2-i, the file is generated by the image forming device 22 of the remote site 2-i via the first VPN communication path and the second VPN communication path, and the image forming apparatus of the remote site 2-i It is transferred from the device 22 to the server 13 of the organizational base 1 and stored therein.
 また、例えば、画像読取で得られた画像(ここでは、リモート拠点2-iの画像形成装置22で読み取られた原稿画像)の画像データに対してアプリケーション(ここでは、組織拠点1内の画像形成装置11にインストールされているアプリケーション)で所定の処理を実行するスキャントゥSaaS(Software as a Service)ジョブの場合、第1VPN通信路および第2VPN通信路を介して、その画像データが、リモート拠点2-iの画像形成装置22により生成され、リモート拠点2-iの画像形成装置22から組織拠点1の画像形成装置11に転送され、画像形成装置11のアプリケーションにより処理される。 Further, for example, an application (here, image forming in the In the case of a scan-to-SaaS (Software as a Service) job that executes a predetermined process using an application installed on the device 11, the image data is sent to the remote site 2 via the first VPN communication path and the second VPN communication path. It is generated by the image forming apparatus 22 of -i, transferred from the image forming apparatus 22 of the remote site 2-i to the image forming apparatus 11 of the organization site 1, and processed by the application of the image forming apparatus 11. FIG.
 また、例えば、外部の記憶装置(ここでは、組織拠点1内のサーバー13など)に記憶されている画像データを取得し、その画像データに基づく原稿画像のプリントを(ここではリモート拠点2-iの画像形成装置22で)実行するプルプリントジョブの場合、第1VPN通信路および第2VPN通信路を介して、その画像データが、組織拠点1のサーバー13などからリモート拠点2-iの画像形成装置22に転送され、リモート拠点2-iの画像形成装置22により取得され、その画像データに基づく画像のプリントが、画像形成装置22により実行される。 Further, for example, image data stored in an external storage device (here, the server 13 in the organizational site 1) is acquired, and a document image based on the image data is printed (here, the remote site 2-i In the case of a pull-print job to be executed by the image forming apparatus 22 of ), the image data is transferred from the server 13 of the organizational site 1 to the image forming apparatus of the remote site 2-i via the first VPN communication path and the second VPN communication path. 22, and acquired by the image forming apparatus 22 of the remote site 2-i, and the image forming apparatus 22 prints an image based on the image data.
 また、例えば、外部の記憶装置(ここでは、組織拠点1内のサーバー13など)に記憶されているアドレス帳データを取得する外部アドレス帳参照ジョブの場合、第1VPN通信路および第2VPN通信路を介して、そのアドレス帳データが、組織拠点1の画像形成装置11やサーバー13などからリモート拠点2-iの画像形成装置22に転送され、リモート拠点2-iの画像形成装置22により取得され、そのアドレス帳データに基づくアドレスが、スキャントゥEmailの宛先、ファクシミリ送信の宛先などに使用される。 Further, for example, in the case of an external address book reference job that acquires address book data stored in an external storage device (here, the server 13 in the organizational base 1), the first VPN communication path and the second VPN communication path are , the address book data is transferred from the image forming device 11, server 13, etc. of the organizational site 1 to the image forming device 22 of the remote site 2-i, acquired by the image forming device 22 of the remote site 2-i, Addresses based on the address book data are used as scan-to-email destinations, facsimile transmission destinations, and the like.
 そして、組織拠点1から画像形成装置22へのVPN通信は、図5に示すように実行される。つまり、組織拠点1のルーター14(あるいは別の通信デバイス)において、送信すべきデータの暗号化処理およびカプセル化処理が実行され、画像形成装置22を宛先としたそのデータ(パケット)が第1VPN通信路で伝送され、ユーザー端末装置21の通信制御部41により受信される(ステップS1)。そして、そのデータ(パケット)のデカプセル処理および復号処理がVPN処理部42-1により実行され(ステップS2)、そのデータ(パケット)は、VPN接続部43によりVPN処理部42-1からVPN処理部42-2へ転送され(ステップS3~S5)、VPN処理部42-2により暗号化処理およびカプセル化処理が実行される(ステップS6)。そして、そのデータ(パケット)は、通信制御部41によって第2VPN通信路で画像形成装置22に伝送される(ステップS7)。画像形成装置22では、そのデータ(パケット)は、デカプセル処理および復号処理の後に使用される。 VPN communication from the organizational base 1 to the image forming apparatus 22 is executed as shown in FIG. That is, in the router 14 (or another communication device) of the organizational base 1, encryption processing and encapsulation processing of the data to be transmitted are executed, and the data (packet) destined for the image forming apparatus 22 is transmitted through the first VPN communication. It is transmitted over the network and received by the communication control section 41 of the user terminal device 21 (step S1). Decapsulation processing and decryption processing of the data (packet) are executed by the VPN processing unit 42-1 (step S2), and the data (packet) is transferred from the VPN processing unit 42-1 to the VPN processing unit by the VPN connecting unit 43. 42-2 (steps S3 to S5), and encryption processing and encapsulation processing are executed by the VPN processing unit 42-2 (step S6). Then, the data (packet) is transmitted to the image forming apparatus 22 through the second VPN communication channel by the communication control unit 41 (step S7). In the image forming device 22, the data (packets) are used after decapsulation and decoding.
 また、画像形成装置22から組織拠点1へのVPN通信は、図6に示すように実行される。つまり、画像形成装置22において、送信すべきデータの暗号化処理およびカプセル化処理が実行され、組織拠点1内の通信デバイス(画像形成装置11、サーバー13など)を宛先としたそのデータ(パケット)が第2VPN通信路で伝送され、ユーザー端末装置21の通信制御部41により受信される(ステップS21)。そして、そして、そのデータ(パケット)のデカプセル処理および復号処理がVPN処理部42-2により実行され(ステップS22)、そのデータ(パケット)は、VPN接続部43によりVPN処理部42-2からVPN処理部42-1へ転送され(ステップS23~S25)、VPN処理部42-1により暗号化処理およびカプセル化処理が実行される(ステップS26)。そして、そのデータ(パケット)は、通信制御部41によって第1VPN通信路で組織拠点1のルーター14に伝送される(ステップS27)。組織拠点1では、そのデータ(パケット)は、ルーター14または別の通信デバイスによってデカプセル処理および復号処理が実行され、その後に使用される。 Also, VPN communication from the image forming device 22 to the organizational base 1 is executed as shown in FIG. That is, the data to be transmitted is encrypted and encapsulated in the image forming apparatus 22, and the data (packet) destined for the communication device (image forming apparatus 11, server 13, etc.) within the organizational base 1 is is transmitted through the second VPN channel and received by the communication control unit 41 of the user terminal device 21 (step S21). Then, decapsulation processing and decryption processing of the data (packet) are executed by the VPN processing unit 42-2 (step S22), and the data (packet) is transferred from the VPN processing unit 42-2 to the VPN by the VPN connection unit 43. It is transferred to the processing unit 42-1 (steps S23 to S25), and the encryption processing and the encapsulation processing are executed by the VPN processing unit 42-1 (step S26). Then, the data (packet) is transmitted by the communication control unit 41 to the router 14 of the organizational base 1 through the first VPN communication path (step S27). At the organizational site 1, the data (packets) are decapsulated and decrypted by a router 14 or another communication device for subsequent use.
 以上のように、上記実施の形態によれば、ユーザー端末装置21において、通信制御部41は、リモート拠点2-i内のローカルネットワーク24に接続された通信装置34を制御する。VPN処理部42-1は、通信制御部41を使用してルーター23を介して組織拠点1との間で第1VPN通信路を設定する。VPN処理部42-2は、通信制御部41を使用してローカルネットワーク24に接続された画像形成装置22との間で第2VPN通信路を設定する。VPN接続部43は、上述の第1VPN通信路と第2VPN通信路とを接続する。 As described above, according to the above embodiment, in the user terminal device 21, the communication control unit 41 controls the communication device 34 connected to the local network 24 within the remote site 2-i. The VPN processing unit 42-1 uses the communication control unit 41 to set the first VPN communication path with the organizational site 1 via the router 23. FIG. The VPN processing unit 42-2 sets up a second VPN communication path with the image forming apparatus 22 connected to the local network 24 using the communication control unit 41. FIG. The VPN connection unit 43 connects the above-described first VPN communication channel and second VPN communication channel.
 これにより、ユーザー端末装置21と画像形成装置22との間のVPN通信の方式を単一の固定的なVPN方式としても、組織拠点1とユーザー端末装置21とのVPN通信のVPN方式に拘わらず、組織拠点1と画像形成装置22との間で、VPN通信を行い、ゼロトラストセキュリティが達成される。また、組織拠点1とユーザー端末装置21とのVPN通信のVPN方式が既に指定されていても、ユーザー端末装置21と画像形成装置22との間のVPN通信の方式を単一の固定的なVPN方式としてもよいため、画像形成装置22のVPN通信機能の実装コストが低減される。 As a result, even if the method of VPN communication between the user terminal device 21 and the image forming device 22 is set to a single fixed VPN method, regardless of the VPN method of the VPN communication between the organizational base 1 and the user terminal device 21, , VPN communication is performed between the organizational base 1 and the image forming apparatus 22 to achieve zero trust security. In addition, even if the VPN communication method between the organizational base 1 and the user terminal device 21 has already been specified, the VPN communication method between the user terminal device 21 and the image forming device 22 is set to a single fixed VPN. Since the method may be used, the implementation cost of the VPN communication function of the image forming apparatus 22 is reduced.
 なお、上述の実施の形態に対する様々な変更および修正については、当業者には明らかである。そのような変更および修正は、その主題の趣旨および範囲から離れることなく、かつ、意図された利点を弱めることなく行われてもよい。つまり、そのような変更および修正が請求の範囲に含まれることを意図している。 Various changes and modifications to the above-described embodiments are obvious to those skilled in the art. Such changes and modifications may be made without departing from the spirit and scope of its subject matter and without diminishing its intended advantages. It is therefore intended that such changes and modifications be covered by the claims.
 本発明は、例えば、VPN通信を行う情報処理システムに適用可能である。 The present invention is applicable, for example, to an information processing system that performs VPN communication.

Claims (3)

  1.  リモート拠点内のローカルネットワークに接続された通信装置を制御する通信制御部と、
     前記通信制御部を使用してルーターを介して組織拠点との間で第1VPN通信路を設定する第1VPN処理部と、
     前記通信制御部を使用して前記ローカルネットワークに接続された画像形成装置との間で第2VPN通信路を設定する第2VPN処理部と、
     前記第1VPN通信路と前記第2VPN通信路とを接続するVPN接続部と、
     を備えることを特徴する情報処理装置。     a communication control unit that controls a communication device connected to a local network in a remote location;
    a first VPN processing unit that uses the communication control unit to set a first VPN communication path with an organizational base via a router;
    a second VPN processing unit that uses the communication control unit to set a second VPN communication path with an image forming apparatus connected to the local network;
    a VPN connection unit that connects the first VPN communication path and the second VPN communication path;
    An information processing device comprising:
  2.  前記第1VPN処理部は、前記第1VPN通信路で受信したパケットのデカプセル処理を実行し、前記第1VPN通信路で送信すべきパケットのカプセル化処理を実行し、
     前記第2VPN処理部は、前記第2VPN通信路で受信したパケットのデカプセル処理を実行し、前記第2VPN通信路で送信すべきパケットのカプセル化処理を実行し、
     前記VPN接続部は、前記第1VPN処理部と前記第2VPN処理部との間で前記パケットの転送を行うこと、
     を特徴とする請求項1記載の情報処理装置。     The first VPN processing unit performs decapsulation processing of packets received on the first VPN communication channel, performs encapsulation processing of packets to be transmitted on the first VPN communication channel,
    The second VPN processing unit performs decapsulation processing of packets received on the second VPN communication channel, performs encapsulation processing of packets to be transmitted on the second VPN communication channel,
    the VPN connection unit transferring the packet between the first VPN processing unit and the second VPN processing unit;
    2. The information processing apparatus according to claim 1, characterized by:
  3.  情報処理装置と、
     前記画像形成装置とを備え、
     前記情報処理装置は、リモート拠点内のローカルネットワークに接続された通信装置を制御する通信制御部と、前記通信制御部を使用してルーターを介して組織拠点との間で第1VPN通信路を設定する第1VPN処理部と、前記通信制御部を使用して前記ローカルネットワークに接続された画像形成装置との間で第2VPN通信路を設定する第2VPN処理部と、前記第1VPN通信路と前記第2VPN通信路とを接続するVPN接続部とを備え、
     前記画像形成装置は、前記第1VPN通信路および前記第2VPN通信路を介して前記組織拠点のリソースを使用してジョブを実行すること、
     を特徴とする情報処理システム。     an information processing device;
    and the image forming apparatus,
    The information processing device includes a communication control unit that controls a communication device connected to a local network in the remote site, and sets a first VPN communication path between the organization site via a router using the communication control unit. and a second VPN processing unit for setting a second VPN communication path between the image forming apparatus connected to the local network using the communication control unit, the first VPN communication path and the first VPN communication path. 2 VPN connection unit for connecting to the VPN communication path,
    the image forming apparatus executing a job using resources of the organizational base via the first VPN communication path and the second VPN communication path;
    An information processing system characterized by
PCT/JP2022/007106 2021-03-04 2022-02-22 Information processing device and information processing system WO2022185984A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2021-034211 2021-03-04
JP2021034211 2021-03-04

Publications (1)

Publication Number Publication Date
WO2022185984A1 true WO2022185984A1 (en) 2022-09-09

Family

ID=83154162

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/007106 WO2022185984A1 (en) 2021-03-04 2022-02-22 Information processing device and information processing system

Country Status (1)

Country Link
WO (1) WO2022185984A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017022791A1 (en) * 2015-08-04 2017-02-09 日本電気株式会社 Communication system, communication apparatus, communication method, terminal, and program
JP2017212572A (en) * 2016-05-25 2017-11-30 富士ゼロックス株式会社 Remote access service system, information processing device, gateway device, and program
WO2019043827A1 (en) * 2017-08-30 2019-03-07 エヌ・ティ・ティ・コミュニケーションズ株式会社 Network control device, communication system, network control method, program, and recording medium
JP2019120988A (en) * 2017-12-28 2019-07-22 コニカミノルタ株式会社 Information processing terminal and program
US20200336409A1 (en) * 2019-04-17 2020-10-22 Cloudflare, Inc. Method and apparatus of automatic route optimization in a private virtual network for client devices of a local network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017022791A1 (en) * 2015-08-04 2017-02-09 日本電気株式会社 Communication system, communication apparatus, communication method, terminal, and program
JP2017212572A (en) * 2016-05-25 2017-11-30 富士ゼロックス株式会社 Remote access service system, information processing device, gateway device, and program
WO2019043827A1 (en) * 2017-08-30 2019-03-07 エヌ・ティ・ティ・コミュニケーションズ株式会社 Network control device, communication system, network control method, program, and recording medium
JP2019120988A (en) * 2017-12-28 2019-07-22 コニカミノルタ株式会社 Information processing terminal and program
US20200336409A1 (en) * 2019-04-17 2020-10-22 Cloudflare, Inc. Method and apparatus of automatic route optimization in a private virtual network for client devices of a local network

Similar Documents

Publication Publication Date Title
US20160286076A1 (en) Image forming apparatus
JP4165027B2 (en) Client device, network printing system, and print data transmission method
JP6199846B2 (en) Account management program, image forming apparatus, and image forming system
JP6405831B2 (en) Information processing apparatus, communication system, and program
US20110276673A1 (en) Virtually extending the functionality of a network device
WO2022185984A1 (en) Information processing device and information processing system
US7059784B2 (en) Printing apparatus performing bidirectional communication with a server and an information terminal
US8281124B2 (en) Network apparatus, IPsec setting method therein, and computer-readable recording medium storing a control program for executing the method
US10742840B2 (en) Communication device, non-transitory computer-readable recording medium storing computer-readable instructions for communication device, and method executed by communication device
JP6484319B2 (en) Method and system for providing safety using a loopback interface
US8312114B2 (en) Method and system for accessing network compatible devices utilizing internet-based beacon technology
JP2017085273A (en) Control system, control device, control method and program
WO2022185985A1 (en) Image forming device and information processing device
JP2003198530A (en) Packet communication device and encryption algorithm setting method
JP4666986B2 (en) Communication method, communication permission server
JP2007090712A (en) Printing system
US9015498B2 (en) Information processing apparatus and control method thereof
JP2019152965A (en) Information processing apparatus and program
US20220200958A1 (en) Network security configuration of image forming apparatus
WO2021200309A1 (en) Communication device, communication device control method, and program
JP2003345552A (en) Method and device for controlling operation mode of network equipment, network equipment, program and storage medium
JP5293070B2 (en) Network-compatible image forming apparatus and program
JP2009177560A (en) Image forming device, image formation system, security-setting program, and security-setting method
JP2008042460A (en) Communication control method and image forming apparatus
JP2006246402A (en) Built-in apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22763040

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22763040

Country of ref document: EP

Kind code of ref document: A1