JP4482534B2 - Image forming apparatus - Google Patents

Description

  The present invention relates to an image forming apparatus such as a printer, a copier, a facsimile machine, or a multi-function machine that forms an image on a sheet by conveying the sheet, and in particular, a format for ensuring security using a storage device such as a USB memory. The present invention relates to an image forming apparatus having a function of performing the above.

  In the image forming apparatus, a hard disk is built in as the amount of data to be stored increases. Since an image forming apparatus is generally shared by a plurality of people, it is necessary to ensure the security of data on the hard disk.

  Therefore, in Patent Document 1 below, a unique machine identification number of the image forming apparatus is stored in the NVRAM built in the image forming apparatus, and when data is stored in the NVRAM, the data is encrypted using this number as a key. A configuration is disclosed in which data is decrypted with this key when data is read from the hard disk.

  According to this configuration, for example, even if the hard disk is detached from the image forming apparatus and attached to another image forming apparatus and the data is read out, the data cannot be decoded.

  Further, in Patent Document 2 below, in order to ensure the security of a file deleted from the hard disk, when deleting the file, the area in which the file is stored is overwritten with meaningless data such as 0. A method for preventing the contents of a file from being restored is disclosed.

On the other hand, in Patent Document 3 below, an optional routine is also installed in the hard disk in advance to disable its use, and an SD card key in which ID data and encrypted data are written is inserted into the image forming apparatus. In such a case, a method is disclosed in which it is determined whether or not these data are appropriate, and the option routine is validated when it is determined that the data is appropriate.
JP-A-2004-139163 JP 2005-96082 A JP 2003-58486 A

  However, if the user does not initially feel the necessity of the process for ensuring the security as described above, and then tries to perform the process when he / she feels the necessity, the image forming apparatus has such a function. It is necessary to replace it with a new one, and the burden on the user is great.

  Therefore, it is conceivable that such a function for ensuring security is provided as an option in the image forming apparatus in advance, and when the user feels necessity, the option routine is made effective in response to key attachment.

  However, especially when the image forming apparatus is shared by a large number of people, if the function is executed by mistake, a necessary file is deleted and cannot be restored. In order to avoid this, it is inconvenient to request a service person to execute the function, because the cost is high and a reservation is required.

  In view of such problems, an object of the present invention is to provide an image forming apparatus capable of executing a process for ensuring security on a hard disk without error when a user feels necessity. is there.

In the first aspect of the present invention,
A processor;
Program storage means coupled to the processor and storing a program;
A hard disk drive coupled to the processor;
An operation unit coupled to the processor and including an instruction input unit and a display unit;
And an image forming apparatus for forming an image on a supplied paper,
A writable non-volatile memory coupled to the processor for storing usage information indicating "unused" or "used";
A storage key interface that is coupled to the processor and includes a mounting portion in which the storage key is detachable;
And the program for the processor,
(A) When the storage key is coupled to the coupling means and the usage information indicates “unused”, the authentication target information is read from the storage key;
(B) determining whether the authentication target information is authentic,
(C) If affirmative determination is made, the usage information indicating “used” is written in the nonvolatile memory, and the hard disk device is written with meaningless data in each sector. Causes logical formatting to occur.

In a second aspect of the image forming apparatus according to the present invention, in the first aspect,
The storage key further stores usage information indicating “unused” or “used”.
The program is further sent to the processor in step (c).
Write usage information indicating "used" to the storage key,
Further, in the step (a), the usage information is read from the storage key, and the process proceeds to the step (b) only when the usage information indicates “unused”.

In a third aspect of the image forming apparatus according to the present invention, in the second aspect,
The program is further sent to the processor in step (c)
Display a selection screen of the first mode and the second mode with different numbers of writing on the display means;
The number of times meaningless data is written in each sector is set to the number corresponding to the mode selected by the instruction input means.

  According to the configuration of the first aspect, when the storage key is coupled to the coupling unit and the usage information stored in the nonvolatile memory coupled to the processor indicates “unused”, When the authentication target information is read from the storage key and it is determined that the authentication target information is authentic, the usage information indicating “used” is written in the nonvolatile memory, and Since the hard disk device is written with meaningless data in each sector and then logically formatted (secure format is performed), the following effects can be obtained.

  (1) Since the secure format can be executed if the storage key is attached to the attachment portion, it is not necessary to reserve and execute this by an external service person, and the cost can be reduced and the necessity of the user can be reduced. When the user feels it, the secure format can be executed without replacing the image forming apparatus.

  (2) Since the secure format cannot be executed unless the storage key is attached to the attachment part, necessary data is deleted from the hard disk by an erroneous operation of the user by having the administrator manage the storage key. Can be prevented.

  (3) When the secure format is executed once, usage information indicating “used” is written to the internal nonvolatile memory, so the secure format is executed again regardless of which external storage key is attached. Incorrect operation can be prevented.

  According to the configuration of the second aspect, in the step (c), usage information indicating “used” is further written to the storage key, and in the step (a), the storage key further stores the usage information. Only when the usage information is read and this usage information indicates “unused”, the process proceeds to step (b). Therefore, even if the storage key is attached to another image forming apparatus, the secure format is executed. This makes it difficult to manage the storage key for each of the plurality of image forming apparatuses.

  According to the configuration of the third aspect, in the step (c), a selection screen for the first mode and the second mode with different number of times of writing is further displayed on the display means, and each sector has no meaning. Since the number of times data is written is the number corresponding to the mode selected by the instruction input means, the security level can be selected according to the user's time margin with a simple configuration.

  Other objects, configurations and effects of the present invention will become apparent from the following description.

  FIG. 5 is a schematic block diagram of the image forming apparatus 10 according to the first embodiment of the present invention.

  In this image forming apparatus 10, the MPU 11, the ROM 12R, the DRAM 12D, the NVRAM 13, the NIC 15, the modem 20, the interfaces 14I, 16I to 19I, and 21I are coupled by the bus 23, and the hard disk 14 and the auto sheet are connected to the interfaces 14I and 16I to 19I, respectively. A feeder 16, a scanner 17, a printer 18, and an operation panel 19 are combined.

  The ROM 12R stores a bootstrap, an operating system (OS), an application that operates on the upper layer of the OS, and various device drivers that operate on the lower layer of the OS. This application is for causing the image forming apparatus 10 to function as a multifunction peripheral, and includes a secure format program. Here, the secure format overwrites all storage areas of the file and FAT (File Allocation Table) with meaningless data, that is, a state where physical formatting is performed (a series of data read / write in each sector). In this state, the logical format is ignored in an index numbered state, and the entire sector area is continuously overwritten with meaningless data in units of sectors, and then the logical format is performed. The functions of the multifunction machine include copy, scan, print, and fax.

  The DRAM 12D is used as a main memory. The NVRAM (nonvolatile memory) 13 is, for example, a flash memory, and is electrically rewritable. In the copy protection area, the power-on count Cp, the usage state U1 and the composite secret key SK in FIG. Stored. When data in the copy protection area is read out, the stored data is encrypted and read out, and it becomes meaningless even if it is copied to a person who does not know the secret key. The usage state U1 is for a secure format to be described later, and the composite secret key SK is for encryption and decryption to be described later, both of which relate to the hard disk 14.

  The NIC 15 is connected to an external host computer on the network and used for a print job. The scanner 17 inputs an image in conjunction with the auto sheet feeder 16 and is used for copying and fax transmission jobs. The printer 18 includes a print engine, a fixing device, a paper feed unit, a conveyance unit, and a paper discharge unit, and forms an electrostatic latent image on a photosensitive drum of the print engine based on bitmap data supplied as print data. Then, this is developed with toner, transferred onto paper, fixed, and discharged. The operation panel 19 includes a display unit and a key input unit, and is used for inputting setting information or instructions to display a selection screen, a setting screen, or the like. The modem 20 is for fax transmission / reception. The USB memory interface 21I includes a port for connecting the USB key 21 as a storage key configured by a removable storage device.

  The USB key 21 is a USB memory, and includes an NVRAM, for example, a flash memory chip, and stores a key type code K, an authenticated code X, and a use state U2 shown in FIG. The key type code K, the code to be authenticated X, and the use state U2 are for a secure format described later. The code to be authenticated X and the use state U2 are stored in the same copy protection area as described above.

  Next, a part of the application will be described.

  The secure format takes more time than the normal format because of the overwriting process. For this reason, if not necessary, a normal format is initially performed. However, whether or not it is necessary to perform secure formatting changes according to changes in the user's business content. When performing the secure format, the user inserts the USB key 21 into the USB memory interface 21I.

  When a USB memory is attached to the port of the USB memory interface 21I, this is detected by an interrupt process, and the hard disk security ensuring process shown in FIG. 1 is started. FIG. 1 is a flowchart showing hard disk security ensuring processing among the processing executed when the USB memory is mounted. This process is performed by a program stored in the ROM 13. In the following, the step identification codes in the figure are shown in parentheses.

  It is assumed that the hard disk drive 14 is physically formatted at the time of shipment from the factory.

  (S0) It is determined whether or not the hard disk drive 14 is provided. If it is provided, the process proceeds to step S2, and if not, the process of FIG. 1 is terminated.

  (S1) The usage state U1 (FIG. 2A) is read from the NVRAM 13, and if this indicates “used”, the processing of FIG. 1 is terminated, and if it indicates “not used”, the process proceeds to step S2.

  (S2) K, X, and U2 in FIG. 2B are read from a predetermined address of the USB memory. If the USB memory is the USB key 21, a value indicating that the hard disk security ensuring function activation key or another key is stored in K, and X is an authentication target for permitting the use of the USB key 21. A code is stored, and a use state indicating “unused” or “used” is stored in U2.

  (S3) If the value of the key type code K indicates a hard disk security ensuring function activation key and the use state U2 indicates “unused”, the authenticated code X is authentic. It is determined whether or not. In this determination, for example, the authenticated code X is substituted into a predetermined function f to obtain a = f (X). If the value a matches a predetermined value, it is determined that the authenticated code X is authentic. In other words, the code to be authenticated X and the function f are determined such that the value a is equal to a predetermined value when the code to be authenticated X is authentic. This predetermined value a is stored in the copy protection area of the NVRAM 13 (FIG. 2A).

  (S4) If it is determined that the to-be-authenticated code X is authentic, the process proceeds to step S5, and if not, the process in FIG. 1 is terminated.

  (S5, S6) First, as shown in FIG. 3A, a confirmation screen as to whether or not to perform secure formatting is displayed on the display unit of the operation panel 19. In the operation panel 19, an “Enter” key, a “Cancel” key, and a direction key are arranged on the right side of the display unit. These keys are hardware keys or software keys on the touch panel.

  Data encryption / decryption with respect to the hard disk 14 is performed regardless of whether or not the secure format is selected in the following steps S9 and S10. The following AES (Advanced Encryption Standard) key is for encryption / decryption and is not directly related to the secure format.

  When the user presses the “Enter” key, as shown in FIG. 3 (B), “AES (Advanced Encryption Standard) key should be entered” is displayed, and each digit of 6 digits is entered below. The column is displayed as a black rectangle. When the up and down direction keys are pressed, the black rectangle of the most significant digit is first removed and the numerical value is incremented or decremented. When the right direction key is pressed, the black rectangle of the next digit is removed and 0 is displayed, and when the up and down direction key is pressed, this numerical value similarly changes. When a 6-digit numerical value is input in this way, the result is as shown in FIG. When the “Enter” key is pressed in this state, the process proceeds to step S7 in FIG.

  (S7) The unique machine ID code MID of the image forming apparatus is read from, for example, the printer 18 and the scanner 17, and combined with the ASE key input in step S5, encrypted, and stored in the NVRAM 13 as a composite secret key SK. (FIG. 2 (A)).

  This composite secret key SK is used in the job after the processing in FIG. 1 for encryption before writing data to the hard disk 14 and decryption after reading the written data. These encryption and decryption are performed independently of the application and the USB key 21 as part of the processing of the hard disk driver.

  (S8) If the power-on count Cp is 1, the process proceeds to step S9. This power-on count Cp has an initial value of 0 and is incremented by 1 in the application initialization routine every time the image forming apparatus is turned on. When it becomes a value, for example, 2, it is not incremented.

  The reason for proceeding to step S9 when Cp = 1 is that the image forming apparatus is installed and the USB key 21 is inserted into the port of the interface 21I to turn on the power of the image forming apparatus, or the power of the image forming apparatus is turned on. When the USB key 21 is inserted into the port of the interface 21I after turning on and printing a non-secret document, there is no need to perform secure formatting, so whether or not to perform secure formatting is selected by the user. This is to leave it to you. In the case of Cp> 1, it can be estimated that there is a high possibility that data to be secured is stored in the hard disk, and that the user uses 21 in the middle is to ensure the security of the data on the hard disk. Therefore, it is considered that the secure format has been selected, and the process proceeds to step S11.

  (S9) As shown in FIG. 4A, a screen for selecting whether or not to perform secure formatting is displayed.

  (S10) If “Yes” is selected, the process proceeds to step S11. If “No” is selected, the process proceeds to step S15.

  (S11 to S14) As shown in FIG. 4A, a selection screen for selecting whether the overwrite mode is normal or quick is displayed. Here, the quick is a mode in which all sectors are overwritten with a value of 0, for example. On the other hand, normal is a mode in which overwriting on all sectors is repeated, for example, three times. For example, the first and second times generate random numbers and continuously overwrite them, and the third time, for example, 0 continuously. Overwrite mode. According to this normal mode, even if the residual magnetism is read, the data before overwriting cannot be read, and security can be ensured more reliably.

  As shown in FIG. 4B, the normal mode is highlighted and initially selected, and the selection of this mode is confirmed when the “Enter” key is pressed. In the case of selecting the quick mode, the quick button is pressed to select it, and then the “Enter” key is pressed to confirm it. When the normal mode is selected, the display of FIG. 4C is performed and the notation “in secure format” is blinked.

  The overwriting process is performed according to the selected mode.

  (S15) “Used” is written in the use states U1 and U2 of the NVRAM 13 and the USB key 21. As a result, when the secure format is executed once, the USB key 21 is not accepted, and the USB key 21 cannot be used in other image forming apparatuses. It is possible to prevent the formatting from being performed.

  (S16) Next, logical formatting is performed on the hard disk 14. If a negative determination is made in step S10 during this logical formatting, the display shown in FIG. 4D is performed and the notation “in format” is blinked. In the case of the secure format, the display of FIG. 4C is also performed in this step S16, and the notation “in secure format” is blinked. When the logical format is finished, the processing of FIG. 1 is finished.

  As described above, according to the present embodiment, when the image forming apparatus is in the initial use, a selection screen as to whether or not the hard disk drive 14 is to be securely formatted is displayed on the operation panel 19. If the input indicates that secure formatting is to be performed or if it is not in the initial stage of use, overwriting processing in secure format is performed, and then the hard disk drive 14 performs logical formatting regardless of the selection result on the selection screen. In other words, when the image forming apparatus is in the initial stage of use, there is no need to perform the overwriting process on the hard disk drive 14 after printing a non-secret document. Therefore, it is left to the user to decide whether or not to perform the overwriting process, and the image forming apparatus can be used. If it is not the initial stage, it can be estimated that there is a high possibility that data that should be secured is stored in the hard disk, and it is assumed that the overwriting process is selected. In addition, it is possible to appropriately select and execute a hard disk formatting method.

  Further, when the NVRAM 13 stores a use state indicating “unused” or “used”, the USB key 21 is inserted into the port, and the use state indicates “unused”. The authentication information X is read from the USB key 21 to determine whether or not the authentication information X is legitimate. If the determination is affirmative, the usage information indicating “used” is displayed. Since the NVRAM 13 is written and the above process is performed, any USB key inserted into the port after being “used” will not be re-executed, preventing erroneous operation by the user. There is an effect that can be done.

  Furthermore, the USB key 21 stores a usage state indicating “unused” or “used”. When the “used” is stored, this is also written to the USB key 21, and this usage information is “unused”. ”Is displayed only in the case of“ ”, the secure format cannot be executed even if the USB key 21 is attached to another image forming apparatus, and the storage key for each of the plurality of image forming apparatuses There is an effect that it becomes easy to manage.

  In addition, the normal mode and quick mode selection screens with different overwriting times are displayed on the operation panel 19, and the number of times of overwriting meaningless data in each sector of the hard disk is set to the number corresponding to the selected mode. With a simple configuration, the security level can be selected according to the user's time margin.

  Further, when the user feels the need for the secure format, the secure format can be executed without replacing the image forming apparatus. In addition, since secure formatting cannot be executed unless the USB key 21 is inserted into the USB memory interface 21I, necessary data is deleted from the hard disk 14 by an erroneous operation of the user by having the administrator manage the USB key 21. Can be prevented. Furthermore, since the secure format can be executed by inserting the USB key 21 into the USB memory interface 21I, it is not necessary to reserve and execute this by an external service person, and the cost can be reduced and the user feels the necessity. Secure format can be executed.

  According to the present embodiment, when the user feels the need for the secure format, the secure format can be executed without replacing the image forming apparatus. In addition, since secure formatting cannot be executed unless the USB key 21 is inserted into the USB memory interface 21I, necessary data is deleted from the hard disk 14 by an erroneous operation of the user by having the administrator manage the USB key 21. Can be prevented. Furthermore, since the secure format can be executed by inserting the USB key 21 into the USB memory interface 21I, it is not necessary to reserve and execute this by an external service person, and the cost can be reduced and the user feels the necessity. Secure format can be executed.

  Note that the present invention includes various other modifications.

  For example, in the above-described embodiment, the case where the removable storage device interface is the USB memory interface 21I has been described, but it may be an interface to various removable memory cards, a removable hard disk, or the like.

  In the above-described embodiments, the case where the image forming apparatus is a multifunction peripheral has been described. However, the present invention is naturally applicable to a single-function image forming apparatus.

It is a flowchart which shows the hard disk security ensuring process among the processes performed by USB memory mounting based on Example 1 of this invention. (A) shows a part of the contents stored in the NVRAM built in the main body of the image forming apparatus, and (B) is a memory map showing a part of the contents stored in the USB key. FIG. 2 is a display explanatory diagram on an operation panel in the process of FIG. 1. FIG. 2 is a display explanatory diagram on an operation panel in the process of FIG. 1. 1 is a schematic block diagram of an image forming apparatus according to Embodiment 1. FIG.

Explanation of symbols

10 Image forming apparatus 11 MPU
12 DRAM
13 NVRAM
14 Hard disk 14I, 15I, 16I, 17I, 18I, 19I, 20I Interface 15 NIC
16 Auto Sheet Feeder 17 Scanner 18 Printer 19 Operation Panel 20 Modem 21I USB Memory Interface 21 USB Key 23 Bus X Authentication Information MID Machine ID Code U1, U2 Usage Information SK Composite Secret Key K Key Type Information

Claims (3)

A processor;
Program storage means coupled to the processor and storing a program;
A hard disk drive coupled to the processor;
An operation unit coupled to the processor and including an instruction input unit and a display unit;
And an image forming apparatus for forming an image on a supplied paper,
A writable non-volatile memory coupled to the processor for storing usage information indicating "unused" or "used";
A coupling means to which a storage key composed of a removable storage device is coupled;
An interface for a removable storage device coupled between the coupling means and the processor;
And the program for the processor,
(A) When the storage key is coupled to the coupling means and the usage information indicates “unused”, the authentication target information is read from the storage key;
(B) determining whether the authentication target information is authentic,
(C) If affirmative determination is made, the usage information indicating “used” is written in the nonvolatile memory, and the hard disk device is written with meaningless data in each sector. To perform logical formatting,
An image forming apparatus. The storage key further stores usage information indicating “unused” or “used”.
The program is further sent to the processor in step (c).
Write usage information indicating "used" to the storage key,
Further, in the step (a), the usage information is read from the storage key, and the process proceeds to the step (b) only when the usage information indicates “unused”.
The image forming apparatus according to claim 1. The program is further sent to the processor in step (c).
Display a selection screen of the first mode and the second mode with different numbers of writing on the display means;
3. The image forming apparatus according to claim 2, wherein the number of times meaningless data is written in each sector is a number corresponding to the mode selected by the instruction input unit.

Images