JP2007142961A - Image processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image processor which can select an encryption method. <P>SOLUTION: A control section 4 selects an encryption process for image data to be processed according to the content of processing (for example, copy, fax, print, hold, file) inputted through an operating section 9, a communication section 7, and a fax modem 8, and then outputs a control signal to an image forming section 2 to perform the selected encryption. The image data inputted into the image forming section 2 is output to either a CBC encryption section or ECB encryption section by a selector based on the control by the control section 4. The CBC encryption section or ECB encryption section encrypts the inputted image data by a predetermined encryption method, and stores the encrypted data in HDD 6 via HDD interface section. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an image processing apparatus having an encryption processing function for encrypting acquired image data.

  In recent years, with the speeding up of information processing represented by the Internet or the increase in the amount of information, digital multifunction devices equipped with a scanner function, printer function, facsimile function, etc. are connected to a network and transmitted from many personal computers. Based on the demand, a large amount of image data has been processed at high speed.

  For example, a digital multi-function peripheral installed in an office is shared by many users in the office and also by many remote users connected through a network. In addition to fax, print, copy, etc., the digital multi-function peripheral also has functions such as document file processing that creates and files created documents and drawings as a database. Has come to handle.

Therefore, in order to protect the information held by each user, the image information such as documents and drawings of each user to be stored is stored in an encrypted state, and the stored information is read out as necessary. There has been proposed a copier with encryption function that restores image information and prints and displays the restored image information (see Patent Document 1).
JP-A-6-303440

  However, in the copying machine of Patent Document 1, when the acquired image data is encrypted, only a predetermined encryption process is always performed, and a high degree of security is required, so-called high security level. Even if it is a process or a process with a low security level, the encryption process is always performed at the same level. For this reason, even when a high security level is required, there is a possibility that encryption processing according to the required level is not performed. In addition, when the user's security consciousness is low, the encryption process is not performed, and there is a possibility that confidential information is leaked. Further, the encryption process is performed even on the data that does not require the encryption process, and there is a possibility that the data that should be shared by many users cannot be shared.

  The present invention has been made in view of such circumstances, and includes a plurality of encryption means having different encryption methods, and encrypts image data with the encryption means selected by the selection means. An object of the present invention is to provide an image processing apparatus that can select the image.

  Another object of the present invention is to provide specifying means for specifying the contents of a predetermined process, and by selecting the encryption means based on the processing contents specified by the specifying means, according to the processing contents. Another object of the present invention is to provide an image processing apparatus capable of selecting an encryption method.

  Another object of the present invention is to provide a specifying means for specifying a request source of a predetermined process, and by selecting the encryption means based on the request source specified by the specifying means, a request for processing An object of the present invention is to provide an image processing apparatus capable of selecting an encryption method according to the original.

  An image processing apparatus according to the present invention encrypts acquired image data, and performs a predetermined process on the encrypted data or the data obtained by decrypting the encrypted data. Means and a selection means for selecting the encryption means, and the image data is encrypted by the encryption means selected by the selection means.

  The image processing apparatus according to the present invention includes a specifying unit that specifies the content of a predetermined process, and the selection unit is configured to select the encryption unit based on the processing content specified by the specifying unit. It is characterized by being.

  The image processing apparatus according to the present invention includes a specifying unit that specifies a request source of a predetermined process, and the selection unit should select the encryption unit based on the request source specified by the specifying unit. It is characterized by being.

  In the present invention, the selection means selects an encryption means selected from a plurality of encryption means having different encryption methods. The selected encryption means encrypts the image data. For example, a plurality of encryption means having different security strengths of CBC (Cipher Block Chaining) method and ECB (Electronic Code Book) method are provided, and the encryption means selected by the selection means is used. This makes it possible to select encryption processes with different security levels.

  In the present invention, the specifying means specifies the content of the predetermined process. For example, the predetermined processing includes copying, faxing, printing, and file. The selection unit selects the encryption unit based on the specified processing content. For example, select the CBC method with high security for high-density print and file processing, and select the low-security ECB method for low-sensitive copy and fax processing. To do.

  In the present invention, the specifying unit specifies a request source of a predetermined process. For example, the request source is the user's title or department. The selection unit selects the encryption unit based on the specified request source. For example, the CBC method with high security strength is selected for requests from users or departments with high security, and the ECB method with low security strength is selected for requests from users or departments with low security. To do.

  In the present invention, a plurality of encryption means having different encryption methods are provided, and encryption methods having different security levels (strengths) are selected by encrypting image data with the encryption means selected by the selection means. can do

  In the present invention, a specifying unit for specifying the content of a predetermined process is provided, and the encryption unit is selected based on the processing content specified by the specifying unit, so that the processing content can be matched. The encryption method can be selected.

  In the present invention, it is provided with specifying means for specifying a request source of a predetermined process, and by selecting the encryption means based on the request source specified by the specifying means, the sensitivity of the request source is increased. The encryption method can be selected accordingly.

  Hereinafter, a digital multi-function peripheral as an example of an image processing apparatus according to the present invention will be described with reference to the drawings illustrating embodiments. FIG. 1 is a block diagram showing an internal configuration of a digital multifunction peripheral 100 according to the present invention. As shown in the figure, the digital multifunction peripheral 100 includes an image reading unit 1, an image forming unit 2, a processing unit 3, a control unit 4, a storage unit 5, an HDD 6, a communication unit 7, a FAX modem 8, an operation unit 9, and the like. .

  The image reading unit 1 includes a CCD 11, a document sensor 12, and the like. The image reading unit 1 is, for example, an automatic document feeder (ADF), which detects a document placed at a predetermined position by a document sensor 12 and applies light to a document moving on a transport path for transporting the document. , And the reflected light from the original is photoelectrically converted by the CCD 11 and converted into an analog signal, and the obtained analog signal is converted into a digital signal by an A / D converter (not shown). The image reading unit 1 outputs a digital signal obtained by the conversion to the image forming unit 2.

  The image forming unit 2 includes a memory 21, an encryption / decryption unit 22, a printing unit 23, and the like. The digital signal input from the image reading unit 1 is temporarily stored as image data in the memory 21. The image forming unit 2 reads the stored image data, the processing unit 3 performs density conversion processing, magnification conversion processing, Nin1 and other editing processing on the read image data, and then the processed image data is encrypted and decrypted. 22 to output.

  FIG. 2 is a block diagram showing the configuration of the encryption / decryption unit 22. As shown in the figure, the encryption / decryption unit 22 includes a memory interface unit 221, selector units 222 and 226, a CBC (Cipher Block Chaining) encryption unit 223, and an ECB (Electronic Code Book) encryption unit 224. HDD interface unit 225, CBC decoding unit 227, ECB decoding unit 228, and the like.

  Image data input from the memory 21 through the memory interface unit 221 is output to either the CBC encryption unit 223 or the ECB encryption unit 224 by the selector unit 222 under the control of the control unit 4.

  The CBC encryption unit 223 divides the image data into blocks having a predetermined length (block length), and performs encryption in units of the divided blocks. The first block to be encrypted is XORed with the initial vector and encrypted using a secret key (for example, a serial number of the digital multi-function peripheral). The next block is XORed with the previously encrypted block and encrypted using the secret key. Thereafter, similarly, the block to be encrypted is XORed with the previously encrypted block, and the image data is encrypted by encrypting the block using the secret key.

  The ECB encryption unit 224 divides the image data into blocks having a fixed length (block length), and generates a ciphertext by encrypting the divided block units with a secret key. When the selector unit 222 selects the CBC encryption unit 223 or the ECB encryption unit 224, the CBC encryption unit 223 or the ECB encryption unit 224 encrypts the input image data with a predetermined encryption method, and transmits the encrypted data to the HDD 6 through the HDD interface unit 225. Remember.

  The HDD 6 stores the data encrypted by the image forming unit 2. The HDD 6 is divided into two areas, for example, one area is used as a document filing area for storing the encrypted data in a database, and the other area is used to decrypt the encrypted data once. It can be used as a processing work area for immediate output.

  Under the control of the control unit 4, the image forming unit 2 decrypts the encrypted data stored in the HDD 6 and performs image data output processing. Under the control of the control unit 4, the selector unit 226 selects either the CBC decryption unit 227 or the ECB decryption unit 228 in order to decrypt the encrypted data using the same encryption method.

  The CBC decryption unit 227 decrypts the encrypted data input from the selector unit 226 through the HDD interface unit 225 using the CBC method, and stores the combined image data in the memory 21 through the memory interface unit 221.

  The ECB decrypting unit 228 decrypts the encrypted data input from the selector unit 226 through the HDD interface unit 225 using the ECB method, and stores the combined image data in the memory 21 through the memory interface unit 221.

  The printing unit 23 forms an image on a sheet based on the image data stored in the memory 21 and discharges the sheet on which the image is formed. The printing unit 23 includes, for example, a photosensitive drum, a charger that charges the photosensitive drum to a predetermined potential, a laser writing device that forms an electrostatic latent image on the surface of the photosensitive drum, and an electrostatic latent image on the surface of the photosensitive drum. The image forming apparatus includes a developing device that supplies toner to the image to make a visible image, a transfer device that transfers the toner image on the surface of the photosensitive drum to a sheet (all not shown). The printing unit 23 is not limited to the electrophotographic system, and may be any system such as an ink jet system or a thermal transfer system.

  The communication unit 7 includes an interface for performing communication with the network device 200 to which the digital multifunction peripheral 100 is connected, the terminal devices 201 and 201 connected to the Internet 400, the Internet FAX 401, the external personal computer 402, and the like. Yes. The communication unit 7 receives processing requests and image data transmitted from the terminal devices 201 and 201, the Internet FAX 401, and the external personal computer 402, and transmits information notified to these external devices.

  The FAX modem 8 includes a facsimile communication interface for performing facsimile communication with the facsimile 301 connected to the telephone line network 300 to which the digital multifunction peripheral 100 is connected.

  The operation unit 9 is, for example, a touch panel type operation panel, and includes an input unit 91 that receives a user's operation instruction, a display unit 92 that includes a liquid crystal display that displays information notified to the user, and the like. ing.

  The storage unit 5 is configured by a non-volatile memory, HDD, or the like, and processing content management information 51 that associates the processing content processed by the digital multifunction peripheral 100 with the encryption method, and the requesting user of the processing processed by the digital multifunction peripheral 100 Management of request source post management information 52 that associates the title of the client with the encryption method, request source department management information 53 that associates the request source department of the processing to be processed by the digital multifunction peripheral 100 with the encryption method, and manages the document filed in the HDD 6 Filing management information 54 to be transmitted, transmission destination management information 55 for managing a transmission destination of information transmitted from an external device, job management information 56 for managing a job being processed by the digital multifunction peripheral 100, and the like. In addition, the storage unit 5 stores the encrypted data stored in the HDD 6 and the encryption method in which the encrypted data is encrypted in association with each other. Thereby, the encrypted data can be correctly restored.

  The control unit 4 is configured by a CPU or the like, and controls processing of the entire digital multi-function peripheral 100. The control unit 4 encrypts image data to be processed in accordance with processing contents such as processing (for example, copy, FAX, print, hold, file) input through the operation unit 9, the communication unit 7, and the FAX modem 8. A process is selected, and a control signal is output to the image forming unit 2 to perform the selected encryption process. In addition, the control unit 4 encrypts image data to be processed in accordance with a processing request source (for example, a user's job title, a user's department) input through the operation unit 9, the communication unit 7, and the FAX modem 8. A control signal is selected, and a control signal is output to the image forming unit 2 to perform the selected encryption process.

  FIG. 3 is an explanatory diagram showing the configuration of the processing content management information 51. As shown in the figure, when the processing requested for the digital multi-function peripheral 100 is copying or FAX, ECB encryption is performed on the image data acquired through the image reading unit 1, the communication unit 7, the FAX modem 8, or the like. The processing is selected. If the processing requested of the digital multi-function peripheral 100 is print, hold (for example, temporary storage, etc.), or file, the image data acquired through the image reading unit 1, the communication unit 7, the FAX modem 8, etc. CBC encryption processing is selected. When the image data is acquired, the control unit 4 outputs a control signal to the image forming unit 2 to perform an ECB method or CBC method encryption process based on the processing content of the acquired image data.

  FIG. 4 is an explanatory diagram showing the configuration of the request source post management information 52. As shown in the figure, when the post of the user who requested the processing requested to the digital multifunction peripheral 100 is, for example, a general employee, the image data acquired through the image reading unit 1, the communication unit 7, the FAX modem 8, or the like. In contrast, ECB encryption processing is selected. In addition, when the job title of the user requesting the processing requested for the digital multifunction peripheral 100 is a general manager, the CBC encryption is performed on the image data acquired through the image reading unit 1, the communication unit 7, the FAX modem 8, or the like. The processing is selected. When acquiring the image data, the control unit 4 outputs a control signal to the image forming unit 2 in order to perform an ECB method or CBC method encryption process based on the user who requested the processing for the acquired image data. .

  FIG. 5 is an explanatory diagram showing the configuration of the request source department management information 53. As shown in the figure, when the user who requested the processing requested by the digital multifunction peripheral 100 belongs to the planning department, the CBC is applied to the image data acquired through the image reading section 1, the communication section 7, the FAX modem 8, and the like. The encryption method of the method is selected. In addition, when the user requesting the processing requested by the digital multifunction peripheral 100 belongs to the sales department, the ECB encryption is performed on the image data acquired through the image reading section 1, the communication section 7, the FAX modem 8, and the like. The processing is selected. When acquiring the image data, the control unit 4 outputs a control signal to the image forming unit 2 in order to perform an ECB method or CBC method encryption process based on the user who requested the processing for the acquired image data. .

  In addition, when selecting the encryption method according to the request source of the process, it may be selected based only on the user's job title, may be selected based only on the department to which the user belongs, An encryption method may be selected by setting a priority in the user's title or department.

  FIG. 6 is an explanatory diagram showing the configuration of filing management information 54, transmission destination management information 55, and job management information 56. The filing management information 54 includes, for example, a folder name (A, B,...), A paper size (A4, B4,...), A number of sheets (5 sheets, 1 sheet,...), A format (form A, report No. 2,. ), Administrator (registrant) name (administrator XX, administrator BB,...), Registration date and time, registration terminal (a,...), And other information.

  The transmission destination management information 55 includes, for example, a company name (or department name), a FAX or Internet FAX distinction, a transmission destination telephone number or an address.

  The job management information 56 includes job execution date and time, job target (indicating whether it is new data or a file already stored), job content (copy, print,...), Paper size or folder name (A4). , Folder D,..., Number of sheets (3 sheets, 1 sheet,...), Operating user (XX section manager, .DELTA..DELTA. Manager,...), Selected encryption method, and the like.

  Next, the operation of the digital multifunction peripheral 100 according to the present invention will be described. FIG. 7 is a flowchart showing a procedure of processing executed by the digital multi-function peripheral 100. The control unit 4 determines whether or not there is a processing request from the operation unit 9 or from the outside (S11). If there is no processing request (NO in S11), the process of step S11 is continued and waits until there is a processing request. To do.

  When there is a processing request (YES in S11), the control unit 4 specifies the request source (S12) and specifies the processing content (S13). The control unit 4 determines whether or not the processing content is output processing (S14). If the processing content is not output processing (NO in S14), the control unit 4 selects an encryption method based on the identified request source or processing content (S14). S15).

  The control unit 4 acquires image data from the image reading unit 1, the communication unit 7, etc. (S16), and encrypts the acquired image data with the selected encryption method (CBC method or ECB method) (S17). . The control unit 14 stores the encrypted data (S18), and determines whether there is an output request (for example, copy, FAX, print, etc.) (S19).

  When there is an output request (YES in S19), the control unit 4 reads the stored encrypted data (S20), decrypts the read encrypted data (S21), and performs output processing (for example, printing, transmission, etc.). (S22), and the process is terminated.

  In step S14, when it is an output process (it is YES at S14), the control part 4 performs the process after step S20 and performs an output process. If there is no output request (NO in S19), the control unit 4 ends the process.

  As described above, according to the present invention, the processing content of a predetermined process or the request source of the predetermined process is specified, and the encryption process having different encryption methods according to the specified processing content or the request source By selecting, it is possible to select encryption methods having different security levels (strengths) according to the sensitivity of the processing content or the sensitivity of the request source.

  In the above-described embodiment, the CBC method and the ECB method are used as the encryption method. However, the encryption method is not limited to this, and the encryption method to be selected is also used. Is not limited to two. For example, in addition to the CBC method and the ECB method, a method such as CFB (Cipher Feedback) or OFB (Output Feedback) may be used, and stream encryption may be used in addition to the block cipher.

  In the above-described embodiment, the processing content for selecting the encryption method has been described by taking processing such as copying, faxing, and printing as examples. However, the processing content is not limited to these. The encryption method can be selected based on various other processing contents.

  In the above-described embodiment, as the request source of the process for selecting the encryption method, the user's job title and the department to which the user belongs are described as examples. However, the request source is not limited to these. The encryption method can be selected based on various other request sources.

  In the above-described embodiment, the CBC method and the ECB method are used as the encryption method. However, for example, the encryption process is bypassed according to the processing content or the request source. It is also possible to store image data without doing so.

1 is a block diagram illustrating an internal configuration of a digital multifunction peripheral according to the present invention. It is a block diagram which shows the structure of an encryption / decryption part. It is explanatory drawing which shows the structure of process content management information. It is explanatory drawing which shows the structure of request origin post management information. It is explanatory drawing which shows the structure of request origin department management information. It is explanatory drawing which shows the structure of filing management information, transmission destination management information, and job management information. 6 is a flowchart illustrating a procedure of processing executed by the digital multifunction peripheral.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Image reading part 2 Image formation part 3 Processing part 4 Control part 5 Memory | storage part 6 HDD
7 Communication unit 8 FAX modem 9 Operation unit 21 Memory 22 Encryption / decryption unit 221 Memory interface unit 222, 226 Selector unit 223 CBC encryption unit 224 ECB encryption unit 225 HDD interface unit 227 CBC decryption unit 228 ECB decryption unit

Claims (3)

In an image processing apparatus that encrypts acquired image data and performs predetermined processing on the encrypted data or data obtained by decrypting the data,
A plurality of encryption means having different encryption methods;
Selecting means for selecting the encryption means,
An image processing apparatus, wherein the image data is encrypted by the encryption means selected by the selection means. A specifying means for specifying the content of the predetermined process is provided,
The selection means includes
The image processing apparatus according to claim 1, wherein the encryption unit is selected based on the processing content specified by the specifying unit. A specifying means for specifying a request source of a predetermined process;
The selection means includes
The image processing apparatus according to claim 1, wherein the encryption unit is selected based on a request source specified by the specifying unit.

Images