JP2008048153A - Image processing system and image processing apparatus - Google Patents

Abstract

Security of an image processing system is enhanced by restricting the functions of the image processing device by an external device capable of communicating with the image processing device.
When trust is set in an image processing apparatus, the power supply of the external apparatus is confirmed and a management key is acquired from the external apparatus. When the image processing apparatus acquires the management key from all external devices having a trust relationship, the image processing apparatus can execute all functions. When the power of the external device is off, or when the management key cannot be acquired from the external device, the image processing device prohibits execution of a specific function.
[Selection] Figure 6

Description

  The present invention relates to an image processing system having security measures for preventing unauthorized use of an image processing apparatus.

  In a multifunctional image processing apparatus that executes copying, printing, facsimile, data transmission, etc., in order to prevent leakage of image data and management information, authentication information such as a password is entered and a user is authenticated by an IC card. The use of the user is permitted. However, if the authentication information or the IC card is stolen, the third party may use the image processing apparatus illegally.

Therefore, Patent Document 1 describes performing two types of authentication using a password and a portable device. Patent Document 2 also describes that authentication is performed using a password and an authentication server. Thus, security is enhanced by using two types of authentication methods.
JP 2003-288323 A Japanese Patent Laid-Open No. 2006-140827

  In the case of an authentication method using a portable device, it is necessary to prepare the portable device. Moreover, the user must always have a portable device. If the user forgets the portable device, the image processing device cannot be used, which is inconvenient for the user.

  In the case of an authentication method using an authentication server, it is necessary to provide a server. In recent years, an image processing system has been constructed by connecting an image processing apparatus to a network together with an information processing apparatus such as a personal computer. When constructing a new image processing system, it is easy to introduce an authentication server. However, if an image processing system already exists, it is necessary to add a server. The user must install and set up the server, which imposes a burden on the user.

  In view of the above, an object of the present invention is to provide an image processing system that can easily enhance security without requiring a new portable device or server.

  The present invention relates to an image processing system in which an image processing device that executes a plurality of functions and a plurality of external devices are communicably connected, and the image processing device includes setting means for setting a trust relationship with the external device; And a restricting means for restricting the function based on a combination of external devices having a trust relationship. The external device is another image processing device or information processing device.

  By establishing a trust relationship with a plurality of external devices, the image processing apparatus can select functions to be restricted. Conversely, in order to execute a limited function, the trust relationship with the external device may be invalidated. However, the combination of external devices is arbitrary, and it is difficult for a third party to clarify the relationship with external devices. As a result, security in the image processing system can be enhanced. In particular, the restricting means restricts the function of outputting image data to the outside. Even if the image processing apparatus is illegally used, execution of this function is prohibited, so that leakage of image data can be prevented.

  The image processing apparatus includes a detecting unit that detects an operating state of the external device, and the limiting unit determines a function to be limited according to the operating state of the external device. The detecting means detects whether or not the external device is energized, and determines that the external device is in an operating state when the energization of the external device is detected.

  In order to confirm the trust relationship with the external device, the external device needs to be in an operating state. Therefore, the detection means detects whether or not the external device is in an operating state. When the external device is not operating, it is impossible to confirm the trust relationship because it cannot communicate with the external device. The limiting function is associated with each external device having a trust relationship. Therefore, the limiting means can determine the function to be limited based on the detected operating state of each external device.

  The restricting unit permits execution of all functions when all of the plurality of external devices having the trust relationship are in an operating state. In this case, since the trust relationship with the external device can be confirmed, the restriction on the function is released. When only some of the external devices having a trust relationship are in an operating state, execution of a specific function is permitted. In this case, since the trust relationship with the external device that is not in the operating state cannot be confirmed, the execution of the function associated with the external device is restricted to be prohibited. That is, other functions can be executed.

  The image processing apparatus includes an acquisition unit that acquires a management key from an external device, and the limiting unit determines a function to be limited according to the acquired management key. The acquisition unit can acquire the management key by communicating with an external device in an operating state. The management key is associated with the function to be restricted. Functions related to the acquired management key are executable, and functions related to the management key that cannot be acquired are restricted to prohibit execution.

  The external device has a plurality of management keys and assigns a limiting function to each management key. The external apparatus transmits one management key or a plurality of management keys to the image processing apparatus. The image processing apparatus can acquire a necessary management key. Here, a specific function can be restricted by controlling transmission of each management key from the external apparatus. Therefore, when it is desired to limit a specific function, the management key is not transmitted from the external device.

  The image processing apparatus and the external apparatus include an authentication unit that authenticates a user. The image processing apparatus permits use by a user who is not authenticated by the self apparatus but is authenticated by another external apparatus. That is, if the image processing apparatus has a trust relationship with another external apparatus, the image processing apparatus permits the use of a user who is authenticated by the external apparatus. The user can use an image processing apparatus that is not originally authenticated and cannot be used, and the convenience for the user is improved.

  The image processing apparatus outputs log information from the authorized user to another external device. Thereby, log information is transmitted to the image processing apparatus normally used by the user, and the usage record of the user can be managed.

  According to the present invention, by setting a trust relationship between the image processing apparatus and the external apparatus in the image processing system, it is possible to limit functions that can be used by the image processing apparatus and the external apparatus in cooperation. Since the limitation of the function is determined by the combination of the trust relationship with the external device, the third party cannot easily determine the combination and it is difficult to remove the limitation. In this way, it is possible to improve the security of the image processing system using only an existing device without requiring a conventional portable device or server.

  An image processing system of this embodiment is shown in FIG. In this image processing system, a plurality of image processing apparatuses 1 and an information processing apparatus 2 such as a personal computer and a server are communicably connected through networks N1 to N4. The networks N1 to N4 are a LAN, a WAN, the Internet, and the like. The image processing device 1 and the information processing device 2 are connected to the individual networks N1 to N4, respectively. Network. Here, for any one image processing apparatus 1, the other image processing apparatus 1 and the information processing apparatus 2 are regarded as external apparatuses.

  The image processing apparatus 1 is a multifunction machine that executes a copy mode, a print mode, a scanner mode, and a facsimile mode. The image processing apparatus communicates with an operation unit 5 for performing display and input operations, an image reading unit 6 for reading an original and inputting image data, an image forming unit 7 for printing image data, and an external device. A communication unit 8, a modem unit 9 for facsimile communication, an image memory 10 for temporarily storing image data, a storage unit 11 for storing image data, and a management unit 12 for storing and managing various information. And a control unit 13 that controls the entire apparatus.

  As shown in FIG. 2, the operation unit 5 includes various operation keys 15 and a display unit 16, which are provided on the operation panel. The display unit 16 includes a liquid crystal display and is a touch panel. Touch keys are formed in the operation screen displayed on the display unit 16, and these are also referred to as operation keys 15.

  The image reading unit 6 includes a scanner device that reads an image of a document and inputs it as image data, and an automatic document transport device that automatically transports the document. That is, the image reading unit 6 executes a data input function for inputting image data.

  The communication unit 8 is a communication interface for communicating with an external device through a network. The communication unit 8 inputs and outputs image data with an external device. The modem unit 9 is connected to the public telephone line network Nn and performs facsimile communication with the facsimile apparatus 17 which is an external apparatus. The modem unit 9 is capable of data communication with an external device such as a server or a portable information terminal by dial-up connection. That is, the communication unit 8 and the modem unit 9 execute a data input function for inputting image data and a data transmission function for transmitting and outputting image data.

  The image forming unit 7 includes a photoconductor, a charging device, a laser beam exposure device, a transfer device, a cleaning device, and a fixing device, and forms an image on a sheet by an electrophotographic method. The image forming unit 7 performs color printing, but may perform only monochrome printing. The image formation is not limited to the electrophotographic method, but may be another method such as an ink jet method or a thermal transfer method. As described above, the image forming unit 7 executes a data output function for printing and outputting image data.

  The image memory 10 is composed of, for example, a DRAM. The image memory 10 temporarily stores input image data or output image data such as read image data, image data received from an external device, image data to be output by printing or data communication. The image data is subjected to image processing such as compression, decompression, and processing by an image data processing unit. The image data subjected to the image processing is stored in the storage unit 11.

  The storage unit 11 includes a hard disk device. The storage unit 11 accumulates the image data transferred from the image memory 10. At this time, the image data may be encrypted. The storage unit 11 also stores log information created when each function is executed. Then, image data is read from the storage unit 11 according to a user instruction or an external device instruction, and the image data is output to the outside by printing, data transmission, or facsimile communication. In other words, the storage unit 11 executes a filing function for saving input image data for output.

  Note that the output image data is erased from the storage unit 11 in accordance with an instruction from the control unit 13. At the time of this erasure, the image data is invalidated so that it cannot be restored by overwriting the image data with random data.

  The management unit 12 includes a non-volatile memory, and stores information necessary for operating the image processing apparatus 1 such as control information, setting information, and user authentication information of the image processing apparatus 1. When these pieces of information are created and changed, the management unit 12 updates the information as needed.

  The control unit 13 includes a CPU, reads a control program stored in the ROM 18 into the RAM, and executes the control program. As each unit operates according to the control program, the data input function, data output function, data transmission function, and filing function are executed. The control program also includes a browser and mail software, and the control unit 13 performs data communication with an external device or transmits / receives an e-mail using a communication protocol such as a TCP / IP protocol.

  Here, the image processing apparatus 1 restricts the execution of each function in cooperation with an external apparatus as one of security settings for preventing unauthorized use by a third party. Therefore, the image processing apparatus 1 includes a setting unit 20 that sets a trust relationship with an external device, and a restriction unit 21 that limits a function that can be executed based on a combination of external devices having a trust relationship. Controlled by the unit 13.

  The setting unit 20 determines an external device that establishes a trust relationship by an input operation from the operation unit 5. Further, a combination of the external device and a function that is permitted to be executed is determined. That is, the trust setting is performed by the user performing the following operation. The user setting key on the operation panel shown in FIG. 2 is operated, and the user setting screen shown in FIG. 3 is displayed. When the key operator program key is operated, a screen for authenticating the user is displayed. When the user enters the service code, a program setting screen is displayed.

  Here, when the security setting key is operated, a security setting screen shown in FIG. 4 is displayed. When the trust setting key is operated, a list of external devices connected to the network is displayed. The user selects an external device that the user wants to establish a trust relationship with. As a result, the trust setting is validated, and an external device that establishes a trust relationship is determined. A list of external devices having a trust relationship in this way is stored in the management unit 12 as trust setting information. Here, the image processing device 1 is set to have a trust relationship with the first to third external devices. If there is no external device having a trust relationship, the trust setting is invalid.

  Next, as shown in FIG. 5, when the function restriction key is operated, a function restriction setting screen is displayed. The user assigns an external device to the function to be restricted. As a result, the combination of the external device and the function having a trust relationship is determined. The function restriction information set in this way is stored in the management unit 12.

  The limiting function is preferably a data transmission function in order to prevent data from leaking outside. Specific functions are data transmission through a network, data transmission through a telephone line, and tandem printing. In each data communication, data including image data can be transmitted not only to an external device in the network but also to an external server and personal computer through the Internet. Each data communication includes electronic mail and Internet FAX. In tandem printing, image data for printing can be transmitted to another image processing apparatus 1 and an image can be printed by a plurality of image processing apparatuses 1. The function to be restricted is not limited to the data transmission function, and other functions may be set.

  For data transmission through the network, the first to third external devices are combined. For data transmission through a telephone line, the first and second external devices are combined. For tandem printing, the first and third external devices are combined.

  The restricting unit 21 determines a function that permits execution and a function that prohibits execution according to the operation state of the external device having the trust relationship. In other words, if a trust relationship with a combined external device can be confirmed for each function, the function can be executed. For example, when all of a plurality of external devices having a trust relationship are in an operating state, execution of all functions is permitted. In addition, when only some of the external devices having a trust relationship are in an operating state, execution of a specific function is permitted. In other words, when some of the external devices are not in the operating state, the execution of the function assigned to the external device is prohibited.

  In order to confirm this operation state, it has the detection part 22 which detects the operation state of an external apparatus. The detection unit 22 is controlled by the control unit 13 and communicates with an external device through the communication unit 8. As a result of communication, the operating state is determined based on whether or not the external device is energized.

  Further, the image processing apparatus 1 includes an acquisition unit 23 that acquires a management key possessed by an external apparatus. This management key is information unique to the external device, and the external device can be identified by the management key. The acquisition unit 23 is controlled by the control unit 13 and receives a management key from an external device through the communication unit 8. The restriction unit 21 refers to the function restriction information and determines a function that is permitted to be executed and a function that is prohibited from being executed according to the acquired management key.

  The image processing apparatus 1 also has its own management key. Examples of the management key include a MAC address, an IP address, an ID, and a unique name of the device.

  Next, the operation for function restriction will be described with reference to FIG. The image processing apparatus 1 determines the function to be restricted at startup or periodically. Further, when the user uses the image processing apparatus 1, a function to be restricted may be determined. First, the control unit 13 of the image processing apparatus 1 checks whether the trust setting is valid (S1). When the trust setting is invalid, the image processing apparatus 1 performs a normal operation (S8). That is, the user can use the image processing apparatus 1 without any limitation.

  When the trust setting is valid, the control unit 13 confirms the operation state of the external device (S2). That is, the control unit 13 transmits a confirmation signal to each external device by multicast. If the power supply of the external device is on, the external device is in an energized state and returns a response signal. If the power of the external device is off, the external device is not energized and no response signal is returned. Thereby, the control unit 13 determines the operating state of the external device.

  When the image processing apparatus 1 confirms that all the external apparatuses are in the operating state, it requests each external apparatus to transmit a management key (S3). The external device subject to this request is an external device having a trust relationship. When the external apparatus receives this request, it transmits a management key to the image processing apparatus 1.

  The image processing apparatus 1 receives the management key from the requested external apparatus. The control unit 13 confirms whether or not all the management keys of the external device having the trust relationship have been received (S4). When all the management keys are received, the control unit 13 permits the execution of all functions and sets no function restriction (S9).

  When a part of the management key is received, the control unit 13 identifies the external device that has transmitted the management key and the external device that has not transmitted the management key. Then, a function to be restricted is determined based on the function restriction information (S5). When some of the external devices are powered off, the control unit 13 identifies an external device that has returned a response signal and an external device that has not returned a response signal. Then, the function to be restricted is determined in the same manner as described above.

  For example, when the management key from the third external device is not received or the power of the third external device is off, execution of these functions is prohibited for data transmission and tandem printing through the network. On the other hand, the execution of this function is permitted for data transmission through a telephone line (S6).

  When the user performs an operation of transmitting data from the image processing apparatus 1 to the external apparatus through the network, the control unit 13 prohibits the execution of this function. (S7).

  As described above, when a plurality of external devices having a trust relationship are in an operating state, and when the permission condition includes all the management keys of these external devices, all functions can be executed. If any of these permission conditions is not satisfied, a specific function cannot be executed.

  Therefore, in order to restrict the execution of a specific function, the external device assigned to the specific function is turned off, or the external device is set not to transmit a management key. Therefore, the user can easily change the function restriction by turning on and off the power supply of the external device as necessary. As the image processing system, the security level can be easily changed.

  That is, the function can be restricted by selecting an arbitrary combination from among a combination of an unspecified number of external devices. Therefore, it is difficult for a third party to understand the combination of external devices, and it is difficult to release the function restriction. The security of the image processing system can be easily enhanced. As a result, an image processing system that makes it difficult to illegally use the image processing apparatus 1 can be easily constructed without introducing a new apparatus.

  By the way, the image processing apparatus 1 permits use by authenticating the user. The control unit 13 determines whether the user is a registered user based on the authentication information input by the user. If it is not a registered user, the control unit 13 prohibits use. That is, the user's operation is not accepted. The authentication information is a password, biometric information, an ID by an IC card, or the like. In the external device, authentication is performed in the same manner. Although authentication is performed in the image processing apparatus 1 or an external apparatus, a management server may be provided in the network and authentication may be performed in the management server.

  The plurality of image processing apparatuses 1 authenticate different users. Therefore, for example, the user can use the first image processing apparatus 1, but cannot use the second image processing apparatus 1. This lacks convenience for the user. Therefore, the use of such users is permitted between image processing apparatuses having a trust relationship.

  The control unit 13 permits use by a user who is not authenticated by the own device but is authenticated by another external device having a trust relationship. At this time, the control unit 13 determines a function that can be executed by the user based on the function restriction information. Since the image processing apparatus 1 that authenticates the user is not in an operating state and cannot acquire a management key, execution of a function related to the image processing apparatus 1 or a function related to the management key is prohibited.

  For example, a user who is authenticated in the first image processing apparatus 1 uses the second image processing apparatus 1. As shown in FIG. 7, the second image processing apparatus 1 performs authentication based on authentication information input by the user. In this case, the user is not a user who is authenticated by the second image processing apparatus 1. If the user is authenticated by the second image processing apparatus 1, the user can use it as usual.

  The control unit 13 of the second image processing apparatus 1 confirms whether the trust setting is valid. If the trust setting is disabled, the use of the user is prohibited. When the trust setting is enabled, the control unit 13 confirms whether the user is a user who is authenticated by the first image processing apparatus 1.

  As a means for this confirmation, each image processing apparatus 1 stores in the management unit 12 user information related to a user who is authenticated by another image processing apparatus 1. Based on the shared user information, it is determined whether the user is authenticated by another image processing apparatus 1. If a management server is provided, it can be confirmed by the image processing apparatus 1 inquiring of the management server. Alternatively, the image processing apparatus 1 may directly inquire each image processing apparatus 1.

  As a result of the confirmation, if the user is a user who is not authenticated by any of the image processing apparatuses 1, the use of the user is prohibited. When the user is a user who is authenticated by the first image processing apparatus 1, the control unit 13 of the second image processing apparatus 1 permits the use of the user.

  A user performs desired image processing by an executable function. At this time, the control unit 13 creates log information according to the image processing and stores it in the storage unit. Then, it is confirmed whether the power of the first image processing apparatus 1 is turned on. If the power is on, communication with the first image processing apparatus 1 is possible, and the control unit 13 transmits log information to the first image processing apparatus 1. In the first image processing apparatus 1, this log information is stored in the storage unit 11 as log information for the user. By collecting the log information in this way, the usage record of the user in the other image processing apparatus 1 can be managed, which is useful when the user is charged.

  Even if the user cannot use the image processing apparatus 1 that is normally used, the user can use another image processing apparatus 1 having a trust relationship. Therefore, there is no inconvenience to the user.

  In addition, this invention is not limited to the said embodiment, Of course, many corrections and changes can be added to the said embodiment within the scope of the present invention. A plurality of management keys for the image processing apparatus and the external apparatus may be provided for one apparatus. Each management key is associated with a different function. When one external apparatus receives a management key transmission request from the image processing apparatus, it transmits one management key or a plurality of management keys. When the image processing apparatus receives all management keys from the external apparatus, the image processing apparatus permits execution of all functions. When a part of the management keys is received, the control unit identifies the management key and determines a function to be restricted based on the function restriction information. As a result, fine function restrictions can be made for a large number of functions.

The figure which shows schematic structure of the image processing system and image processing apparatus of this invention The figure which shows the operation panel of an image processing apparatus Diagram showing the operation screen when setting trust The figure which shows the operation screen which sets the external device which ties the trust relationship Diagram showing the operation screen for setting function restrictions Flowchart for executing function restriction of image processing apparatus Flow chart when an authenticated user uses another image processing apparatus

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Image processing apparatus 5 Operation part 6 Image reading part 7 Image formation part 8 Communication part 9 Modem part 11 Storage part 12 Management part 13 Control part 20 Setting part 21 Limiting part 22 Detection part 23 Acquisition part

Claims (12)

An image processing system in which an image processing device that executes a plurality of functions and a plurality of external devices are communicably connected. The image processing device includes a setting unit that sets a trust relationship with the external device, and a trust relationship. An image processing system comprising: a restricting unit that restricts a function based on a combination of external devices. The image processing system according to claim 1, wherein the image processing apparatus includes a detecting unit that detects an operating state of the external device, and the limiting unit determines a function to be limited according to the operating state of the external device. The restricting means permits execution of all functions when all of a plurality of external devices having a trust relationship are in an operating state, and only some of the external devices having a trust relationship are in an operating state. 3. The image processing system according to claim 2, wherein execution of a specific function is permitted. 3. The image processing system according to claim 2, wherein the detecting means detects whether or not the external device is energized, and determines that the external device is in an operating state when the energization of the external device is detected. The image processing system according to claim 1, wherein the image processing apparatus includes an acquisition unit that acquires a management key from an external device, and the limiting unit determines a function to be limited according to the acquired management key. The external apparatus has a plurality of management keys, and a function for restricting each management key is assigned. The external apparatus transmits one management key or a plurality of management keys to the image processing apparatus. The image processing system according to claim 5. The image processing apparatus and the external apparatus include authentication means for authenticating a user, and the image processing apparatus is permitted to use a user who is not authenticated by the own apparatus but is authenticated by another external apparatus. The image processing system according to claim 1, wherein: The image processing system according to claim 7, wherein the image processing apparatus outputs log information from a user who has been permitted to use to another external apparatus. The image processing system according to claim 1, wherein the restriction unit restricts a function of outputting the image data to the outside. The image processing system according to claim 1, wherein the external device is an image processing device or an information processing device. An image processing apparatus capable of communicating with a plurality of external devices and capable of executing a plurality of functions, and having a function based on a combination of setting means for setting a trust relationship with the external device and an external device having a trust relationship An image processing apparatus comprising restriction means for restricting. 12. The image processing apparatus according to claim 11, wherein the restricting unit determines a function to be restricted according to an operation state of the external apparatus.

Images