JP2011166654A - Document processing apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a document processing apparatus which determines the existence of document processing authority without storing information necessary for determining the document processing authority in its own processing apparatus. <P>SOLUTION: A multifunction machine 1 for authentication is loaded with a document processing apparatus and includes a scanner 12 for generating image data of a document on which a QR code including authentication information is printed, a QR code extraction part 21 for extracting the QR code from the image data, an operation part 16 for receiving the authentication information from a user, an authentication part 22 for performing authentication by using the authentication information included in the QR code and the received authentication information, and an authority determination part 23 for determining the existence of the processing authority based on an authentication result. A printer 11 executes or stops printing processing according to a determination result of the processing authority. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a document processing apparatus.

  Conventionally, document processing apparatuses that perform document processing such as copying and FAX transmission are widely known. Patent Document 1 describes an apparatus that determines whether or not processing authority is given to a document when document processing is performed. This apparatus stores user authentication information and authority information for a document in the apparatus in advance, and prints a document to be determined by adding a QR code (registered trademark, the same applies hereinafter).

  When an operation for instructing document processing such as copying is input for a printed document, the apparatus reads the document with a scanner and requests a user to input authentication information when a QR code is detected. When authentication information is received from the user in response to the request, the presence / absence of processing authority for the document is determined using authentication information and authority information stored in the apparatus in advance. The apparatus executes processing such as document copying when it is determined that the user has processing authority, and stops processing the document when it is determined that the user does not have processing authority.

JP 2008-288847 A

  With the technique described in Patent Document 1, when a user processes a document using a device that stores authentication information and authority information, it is possible to determine whether the user has processing authority. However, if a user tries to process a document using a device that does not store authentication information, authority information, and the like, it is impossible to determine whether the user has processing authority. That is, the apparatus described in Patent Document 1 cannot determine whether or not there is document processing authority unless it stores information necessary for determining document processing authority.

  The present invention has been made to solve the above-mentioned problems, and it is possible to determine whether or not there is a document processing authority without storing information necessary for determining the document processing authority in the apparatus. An object of the present invention is to provide a document processing apparatus that can be used.

  A document processing apparatus according to the present invention is a document processing apparatus that performs processing using information included in a code image printed on a document, and includes a reading unit that reads the document and generates image data of the document, and a reading unit Extracting means for extracting the code image from the image data generated by the user, receiving means for receiving authentication information from the user, authentication information included in the code image extracted by the extracting means, and authentication information received by the receiving means, , Authentication means for performing authentication, determination means for determining whether or not the user has processing authority for the document based on the authentication result by the authentication means, and when the determination means determines that the user has processing authority. Execute the process for the document, and if the determination means determines that the user does not have processing authority, Characterized in that it comprises a means.

  In the document processing apparatus according to the present invention, a code image is extracted from image data generated by reading a document, and authentication is performed using authentication information included in the code image and authentication information received from a user. Then, based on the authentication result, it is determined whether or not the user has processing authority for the document data. When it is determined that the user has processing authority, the processing for the document is executed and it is determined that there is no processing authority. In this case, the processing for the document is stopped. In other words, since authentication is performed using the authentication information included in the code image printed on the document, it is possible to check whether the document has the processing authority without storing the information necessary for determining the document processing authority. Judgment can be made.

  In the document processing apparatus according to the present invention, the accepting unit accepts authentication information set for the user, and the authentication information included in the code image encrypts the authentication information set for the user in one direction. The authentication unit calculates the one-way value of the authentication information received by the receiving unit, and calculates the calculated one-way value and the one-way value of the authentication information included in the code image. It is preferable to authenticate by collating.

  In this case, authentication can be performed by calculating a one-way value of authentication information input from the user and collating the calculated one-way value with the one-way value included in the code image. Further, since the authentication information itself cannot be obtained even if the code image is decoded, it is possible to prevent the authentication information from being stolen. Therefore, it is possible to determine whether each user has processing authority so that only authorized users can process the document.

  In the document processing apparatus according to the present invention, the accepting unit accepts authentication information set for the document, and the authentication information included in the code image unidirectionally encrypts the authentication information set for the document. The authentication unit calculates the one-way value of the authentication information received by the receiving unit, and calculates the calculated one-way value and the one-way value of the authentication information included in the code image. It is preferable to authenticate by collating.

  In this case, authentication can be performed by calculating a one-way value of authentication information input from the user and collating the calculated one-way value with the one-way value included in the code image. Further, since the authentication information itself cannot be obtained even if the code image is decoded, it is possible to prevent the authentication information from being stolen. Accordingly, it is possible to determine whether or not there is a processing authority for each document so that only a user having authority for the document can process the document.

  In the document processing apparatus according to the present invention, the code image includes authority information indicating the presence / absence of the processing authority set for each type of processing, and the determination means determines the processing authority based on the authority information included in the code image. It is preferable to determine the presence or absence. In this case, the presence or absence of processing authority can be determined for each type of processing.

  In the document processing apparatus according to the present invention, a one-way value obtained by one-way encrypting each of a plurality of authentication information set for each of a plurality of users in a code image, a plurality of users, and a processing type Authority information indicating presence / absence of the processing authority set in the authentication means, and the authentication means calculates a one-way value of the authentication information received by the receiving means, and the authentication includes the calculated one-way value and the code image. It is preferable that authentication is performed by comparing with a one-way value of information, and the determination unit determines whether or not the user has processing authority based on the authority information of the user authenticated by the authentication unit. In this case, the presence or absence of processing authority can be determined for each user and for each type of processing.

  The document processing apparatus according to the present invention further includes a specifying unit that specifies the document data printed on the document from the document data stored in the storage folder using the specifying information included in the code image, and the processing unit includes: When executing processing for a document, it is preferable to perform processing using document data specified by the specifying means.

  In this case, when it is determined that the user has authority and the document is processed, the document data specified using the specific information included in the code image is used from the document data stored in the storage folder. Are processed. Therefore, it is possible to perform processing using data with less deterioration as compared to processing using image data generated by reading a document.

  A document processing apparatus according to the present invention is a document processing apparatus that prints a code image together with input document data, and generates a code image using an acquisition unit that acquires authentication information and the authentication information acquired by the acquisition unit Generating means, a code image generated by the generating means, and printing means for printing the input document data on paper.

  In the document processing apparatus according to the present invention, a code image is generated using the authentication information acquired by the acquisition unit, and the generated code image and document data are printed on paper. Therefore, when processing a document on which document data is printed, it is possible to acquire authentication information by decoding the printed code image. Accordingly, it is possible to determine whether or not there is a document processing authority by receiving authentication information input from the user and performing authentication using the received authentication information and the authentication information acquired from the code image. That is, it is possible to determine whether or not there is a document processing authority without storing information necessary for determining the document processing authority in the apparatus.

  In the document processing apparatus according to the present invention, the acquisition unit acquires the authentication information set for the user, and the generation unit generates a code image including a one-way value obtained by one-way encryption of the authentication information. It is preferable to produce.

  In this case, authentication can be performed by calculating a one-way value of authentication information input from the user and collating the calculated one-way value with the one-way value of authentication information obtained by decoding the code image. it can. Further, since the authentication information itself cannot be obtained even if the code image is decoded, it is possible to prevent the authentication information from being stolen. Therefore, it is possible to determine whether each user has processing authority so that only authorized users can process the document.

  In the document processing apparatus according to the present invention, the acquisition unit acquires authentication information set for the document data, and the generation unit includes a code image including a one-way value obtained by one-way encryption of the authentication information. Is preferably generated.

  In this case, authentication can be performed by calculating a one-way value of authentication information input from the user and comparing the calculated one-way value with a one-way value obtained by decoding the code image. Further, since the authentication information itself cannot be obtained even if the code image is decoded, it is possible to prevent the authentication information from being stolen. Accordingly, it is possible to determine whether or not there is a processing authority for each document so that only a user having authority for the document can process the document.

  In the document processing apparatus according to the present invention, the acquisition unit acquires authority information indicating the presence or absence of processing authority set for each type of processing, and the generation unit generates a code image including the authority information acquired by the acquisition unit. It is preferable to produce. In this case, the presence or absence of processing authority can be determined for each type of processing.

  In the document processing apparatus according to the present invention, the acquisition unit acquires a plurality of authentication information set for each of a plurality of users, and authority information indicating presence / absence of processing authority set for each of a plurality of users, and a generation unit Preferably, a code image including a one-way value and authority information obtained by one-way encrypting each of a plurality of pieces of authentication information acquired by the acquiring unit is generated. In this case, the presence or absence of processing authority can be determined for each user and for each type of processing.

  The document processing apparatus according to the present invention further includes an output unit that outputs the input document data to a storage folder, and the generation unit generates a code image including specific information that can specify the document data from the storage folder. Is preferred.

  In this case, since the input document data is output to the storage folder, the document data is stored in the storage folder. In addition, since the printed code image includes specific information that can specify the document data from the storage folder, the specific information is acquired by decoding the printed code image and stored in the storage folder. Document data can be specified. Therefore, it is possible to determine whether or not the document data stored in the storage folder has processing authority.

  According to the present invention, it is possible to determine the presence / absence of a document processing authority without storing information necessary for determining the document processing authority in the apparatus itself.

FIG. 2 is a diagram for explaining an overview of an authentication multifunction peripheral and a generation multifunction peripheral in which the document processing apparatus according to the embodiment is mounted. 2 is a block diagram illustrating a configuration of an authentication multifunction peripheral. FIG. It is a block diagram which shows the structure of the control part which the multifunction device for authentication has. It is a figure for demonstrating an example of QR code. It is a block diagram which shows the structure of the control part which the compound machine for production | generation has. It is a table | surface which shows an example of the authentication information memorize | stored in the memory | storage part which the compound machine for production | generation has. It is a table | surface which shows an example of the authority information memorize | stored in the memory | storage part which the compound machine for production | generation has. 10 is a flowchart illustrating a procedure for generating a QR code-added document by a generating multifunction device. 10 is a first half of a flowchart showing a procedure for determining whether the authentication multifunction peripheral has the authority to process a document. 6 is a second half of a flowchart showing a procedure for determining whether the authentication multifunction peripheral has the authority to process a document.

  DESCRIPTION OF EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings. First, with reference to FIG. 1, an overview of an authentication multifunction device 1 and a generation multifunction device 3 on which a document processing apparatus according to the present embodiment is mounted will be described. The multifunction machine 1 and the multifunction machine 3 have functions for processing documents such as a printer, a scanner, a FAX, and an IFAX function, and are connected to a LAN (local area network) 90. A personal computer 91, a file server 92, and the like are connected to the LAN 90.

  The authentication multifunction device 1 is a device that determines whether or not there is a document data processing authority without storing information necessary for determining the document data processing authority. When the user sets the document 51 on which the QR code 50 is printed on the multifunction device 1 and performs an operation for instructing processing such as copying, the multifunction device 1 uses the authentication information and the authority information included in the QR code 50. The processing authority of the document 51 is determined. If the multifunction device 1 determines that it has processing authority, it uses the identification information included in the QR code 50 to identify the PC print data stored in the storage folder 93 in the file server 92 and allows the user operation. Perform appropriate processing. If it is determined that there is no processing authority, the processing is stopped.

  The generation multifunction device 3 is a device that generates the document 51 with the QR code. When document data (hereinafter referred to as “PC print data”) is input together with a print instruction from the personal computer 91 via the LAN 90, the multifunction machine 3 stores a copy in the file server 92 in order to save the PC print data. Output to folder 93. The storage folder may be a storage folder in the multifunction device 1. Then, the multifunction device 1 adds the QR code 50 to the PC print data and prints on the paper.

  Subsequently, the configurations of the multifunction machine 1 and the multifunction machine 3 will be described. First, the configuration of the authentication multifunction device 1 will be described. FIG. 2 is a block diagram illustrating a configuration of the multifunction peripheral 1 for authentication. The multifunction machine 1 includes a printer 11, a scanner 12, an NCU (Network Control Unit) 13, a modem 14, an IFAX control unit 15, an operation unit 16, a display unit 17, a LAN interface 18, and a control unit 20. Each unit is connected to be communicable with each other via a communication line 19.

  The printer 11 is an electrophotographic printer, and prints by adding a QR code 50 to PC print data input from a personal computer (hereinafter referred to as “PC”) 91. The scanner 12 includes a light source, a CCD, and the like, reads a document, and generates image data. That is, the scanner 12 functions as a reading unit described in the claims.

  The NCU 13 controls the connection between the modem 14 and the public switched telephone network (PSTN) 94 and controls the FAX transmission / reception function. When FAX data that is a target of FAX transmission is input from the PC 91 or the file server 92 to the multifunction device 1, the NCU 13 transmits the input FAX data by FAX.

  The IFAX control unit 15 is a part that controls the transmission / reception function of the Internet FAX (IFAX). When IFAX data to be subjected to IFAX transmission is input from the PC 91 or the file server 92 to the multi function device 1, the IFAX control unit 15 attaches the input IFAX data to an e-mail and performs IFAX transmission processing.

  The operation unit 16 includes a plurality of operation buttons used for operating the multifunction device 1. The display unit 17 is a display that displays setting contents and the like. The display unit 17 displays a message requesting the user to input a password, and the operation unit 16 receives a password input from the user. That is, the operation unit 16 functions as a receiving unit described in the claims.

  The control unit 20 integrally controls the hardware constituting the multi-function device 1 by executing a program. Therefore, the control unit 20 includes a microprocessor that performs calculations, a ROM that stores programs, a RAM that temporarily stores various data such as calculation results, a backup RAM, and the like.

  With reference to FIG. 3, a functional configuration of the control unit 20 included in the authentication multifunction peripheral 1 will be described. FIG. 3 is a block diagram illustrating a functional configuration of the control unit 20 included in the authentication multifunction peripheral 1. The control unit 20 functions as a QR code extraction unit 21, an authentication unit 22, an authority determination unit 23, a specification unit 24, and a deletion processing unit 25 in cooperation with software and hardware configuring the control unit 20.

  When the image data of the document 51 is generated by the scanner 12, the QR code extraction unit 21 extracts the QR code 50 from the generated image data. That is, the QR code extraction unit 21 functions as an extraction unit described in the claims.

  FIG. 4 is a diagram for explaining an example of the QR code 50. The QR code 50 includes specific information, authentication information, and authority information. The identification information is information for identifying PC print data from the storage folder 93. In the example of FIG. 4, the file name “filenameA” is included as the specific information.

  The authentication information and authority information are information for determining the processing authority for the PC print data. In the present embodiment, the authentication information is an ID and password set for the user. In the example of FIG. 4, the hash value and ID of the passwords of “administrator”, “registered user”, and “general user” are included in the QR code 50 as authentication information.

  The “registered user” in FIG. 4 is a user who has issued an instruction to print PC print data from the PC 91 to the multi-function device 1 and has performed an operation for saving the PC print data in the save folder 93. “General user” is a user other than “administrator” and “registered user”. About a user, you may show using the type of users, such as an administrator and a general user, and may show using a user's name "user A" etc.

  The authority information is information indicating whether or not processing is possible for each of a plurality of users and for each of a plurality of processes. In the example of FIG. 4, the QR code 50 includes the presence / absence of authority for QR code copy and deletion processing for each type of user. The QR code copy authority is an authority to execute QR code copy of the corresponding PC print data. The authority of the deletion process is an authority to execute the process of deleting the corresponding PC print data from the storage folder 93.

  Here, the QR code copy is a copy process in which stored PC print data is specified using specific information included in the QR code 50 printed on the document 51, and printing is performed using the specified PC print data. It is. The QR code copy can perform clearer printing because the data is not deteriorated compared to a general copy process in which printing is performed using image data generated by reading a document.

  Returning to FIG. 3, the description of the control unit 20 will be continued. The authentication unit 22 performs authentication using the authentication information included in the QR code 50, the password received from the user by the operation unit 16, and the ID acquired at the time of user login authentication. More specifically, the authentication unit 22 decodes the QR code 50, and if the QR code 50 includes an ID that matches the ID acquired at the time of login authentication, the authentication unit 22 obtains the hash value of the password received from the user. calculate.

  In the example of FIG. 4, when the ID “AAA” of “registered user” is acquired at the time of login authentication, since the ID “AAA” is included in the QR code 50, the hash value of the password accepted from the user is calculated. . Then, the calculated hash value of the password is compared with the hash value “Y” of the password of the registered user included in the QR code 50. If the hash values match, the authentication unit 22 determines that the authentication for “registered user” has succeeded.

  The authentication unit 22 determines that the authentication has failed when the ID that matches the ID acquired at the time of login authentication is not included in the QR code 50. The authentication unit 22 determines that the authentication has failed when the hash value of the password included in the QR code 50 does not match the hash value of the password received from the user for the user whose ID matches.

  The authority determining unit 23 uses the authentication result and the authority information included in the QR code 50 to determine whether the user has processing authority for the document. That is, the authority determining unit 23 functions as a determining unit described in the claims. If the authentication by the authentication unit 22 fails, the authority determining unit 23 determines that the user has no processing authority. When the authentication is successful, the authority determining unit 23 determines whether or not the user who has succeeded in the authentication has the authority of the process operated by the user using the authority information included in the QR code 50.

  For example, in the example of FIG. 4, since the authority information “possible” for QR code copying is included in the QR code 50, it is determined that the user has processing authority if the authentication is successful. In addition, since “unusable” authority information regarding the deletion process is included in the QR code 50, the “general user” is determined to have no processing authority even if the authentication is successful.

  On the other hand, when the authority determining unit 23 determines that the user has processing authority, the specifying unit 24 uses the specific information included in the QR code 50 to select a document from the PC print data stored in the storage folder 93. PC print data printed in 51 is specified.

  The printer 11 executes print processing using the PC print data specified by the specifying unit 24 when an operation for instructing QR code copying by the user is input and the authority determining unit 23 determines that the user has processing authority. To do. If the authority determining unit 23 determines that the user has no processing authority, the printer 11 stops without executing the printing process. That is, the printer 11 also functions as processing means described in the claims.

  The deletion processing unit 25 executes a deletion process of the PC print data specified by the specifying unit 24 when a deletion operation by the user is input and the authority determining unit 23 determines that there is a processing authority. If the authority determining unit 23 determines that the user has no processing authority, the deletion processing unit 25 stops without executing the deleting process. That is, the deletion processing unit 25 also functions as a processing unit described in the claims.

  Next, the configuration of the generating multifunction machine 3 will be described. Similar to the multifunction device 1, the multifunction device 3 includes the printer 11, the scanner 12, the NCU (Network Control Unit) 13, the modem 14, the IFAX control unit 15, the operation unit 16, the display unit 17, and the LAN interface 18. ing.

  The generation multifunction machine 3 includes a control unit 30 shown in FIG. FIG. 5 is a block diagram illustrating a functional configuration of the control unit 30 included in the generating multifunction machine 3. The control unit 30 functions as a storage unit 31, a data output unit 32, an information acquisition unit 33, and a QR code generation unit 34 in cooperation with software and hardware configuring the control unit 30.

  The storage unit 31 is configured by a memory such as a RAM, for example, and includes a storage folder 311 and a database 312. Note that a compact flash (registered trademark) or the like can be used as the storage folder 311. The save folder 311 stores PC print data output from the data output unit 32. Specifically, when PC print data is input from the PC 91 to the multifunction machine 3, the data output unit 32 outputs the input PC print data to the storage folder 311 or the storage folder 93 in the file server 92 described above. . As a result, the PC print data is stored in the storage folder 311 in the multifunction machine 3 or the storage folder 93 in the file server 92. The data output unit 32 functions as an output unit described in the claims.

  The database 312 stores authentication information and authority information. The information acquisition unit 33 acquires authentication information and authority information from the database 312, and the QR code generation unit 34 generates a QR code using the acquired authentication information and authority information. That is, the information acquisition unit 33 functions as an acquisition unit described in the claims, and the QR code generation unit 34 functions as a generation unit.

  The authentication information will be described with reference to FIG. FIG. 6 is a table showing an example of authentication information stored in the storage unit 31 of the generating multifunction machine 3. In the example of FIG. 6, the ID “MMM” and the password “mmmm” are stored for the user “administrator”, and the ID “AAA” and the password “aaaa” are stored for the user “user A”.

  Next, authority information will be described with reference to FIG. FIG. 7 is a table showing an example of authority information stored in the storage unit 31 of the generating multifunction machine 3. In the example of FIG. 7, the presence / absence of authority for QR code copy and deletion processing is stored for each type of user. Specifically, the example of FIG. 7 stores information indicating QR code copy “permitted” and deletion processing “permitted” for the user type “manager”. This indicates that the administrator has the authority to execute the QR code copy and the authority to execute the deletion process.

  For example, the storage unit 31 stores information “1” indicating “permitted” and information “0” indicating “impossible” as authority information. The information of “1” or “0” indicating whether or not this is possible includes QR code copy authority of “administrator”, delete process authority, QR code copy authority of “registered user”, delete process authority, and “general user” QR code. They are stored in order of copy authority and delete process authority. That is, information of “1, 1, 1, 1, 1, 0” is stored in the database 212 of the storage unit 31 as the authority information shown in FIG.

  When the PC print data is input from the PC 91, the information acquisition unit 33 acquires authentication information and authority information necessary for generating the QR code 50. The information acquisition unit 33 acquires IDs and passwords of “administrator”, “general user”, and “registered user” as authentication information. The information acquisition unit 23 acquires IDs and passwords of “administrator” and “general user” from the database 312.

  For the ID and password of the “registered user”, the ID and password input at the time of login authentication can be used. For example, when “User A” performs printing operation of PC print data, since “Registered User” is “User A” who performed the operation, the ID and password of “User A” are input at the time of login authentication. Yes. Therefore, the information acquisition unit 33 can acquire the ID and password input into the multifunction device 3 via the PC driver at the time of login authentication as the ID and password of the “registered user”. Further, the information acquisition unit 33 acquires, from the database 312, QR code copy and deletion processing authority information stored for “administrator”, “general user”, and “registered user”.

  The information acquisition unit 33 further acquires specific information for specifying PC print data stored in the storage folder 93 or the storage folder 311. As the specific information, for example, the PC print data file name input from the PC 91 together with the PC print data, path information indicating the storage folder, and the like can be used.

  The QR code generation unit 34 generates the QR code 50 using the authentication information, authority information, and specific information acquired by the information acquisition unit 33. The QR code generating unit 34 calculates a hash value for the password of the authentication information, and generates a QR code 50 by converting the hash value, ID, authority information, and specific information of the password into a QR code.

  The QR code generation unit 34 combines the generated QR code with rasterized PC print data (hereinafter referred to as “print image”). The print image combined with the QR code is printed by the printer 11. That is, in the generating multifunction machine 3, the printer 11 functions as a printing unit described in the claims.

  Subsequently, operations of the authentication multifunction device 1 and the generation multifunction device 3 will be described. First, with reference to FIG. 8, a description will be given of a procedure in which the generating multifunction device 3 prints the QR code-added document 51. FIG. 8 is a flowchart illustrating a procedure in which the generating multifunction machine 3 prints the QR code-added document 51.

  When the user inputs a print instruction using the PC 91, the print instruction is accepted by the PC driver of the PC 91 in step S101. Subsequently, in step S102, input of an ID and a password is received from the user, and login authentication is performed by the PC driver.

  If the login authentication is successful, the PC 3 receives the PC print data transmitted from the PC 91 in step S103. In step S <b> 104, a copy of the PC print data is output to the storage folder 93 by the data output unit 32. As a result, the PC print data is stored in the storage folder 93. Note that the data may be stored in the storage folder 311 of the multifunction machine 3.

  In step S105, specific information that can specify the PC print data from the storage folder 93 is generated. Subsequently, in step S <b> 106, authentication information including IDs and passwords of “manager” and “general user” is acquired from the database 312. The ID and password input in step S102 are used as the ID and password of “registered user”. In step S107, the hash value of the password acquired in step S106 is calculated.

  In step S <b> 108, authority information set for each “administrator”, “registered user”, and “general user” and for each processing type is acquired from the database 312. In step S109, the specific information, authentication information, and authority information are converted into a QR code. In step S110, the QR code 50 generated in step S109 is pasted on the rasterized print image. In step S111, all pages including pages with QR codes are printed. Through the above processing, the document 51 with a QR code is printed.

  Next, with reference to FIG. 9 and FIG. 10, a procedure for the authentication multifunction device 1 to determine whether or not there is a document processing authority will be described. FIG. 9 is a first half of a flowchart showing a procedure in which the authentication multifunction device 1 determines whether or not there is a document processing authority, and FIG. 10 is a second half thereof.

  When the user sets the QR code-added document 51 in the MFP 1 and performs a QR code copy or delete operation, the document 51 is read by the scanner 12 and image data is generated in step S121. In step S122, the QR code 50 is extracted from the image data, and in step S123, the extracted QR code 50 is decoded.

  In step S124, the user ID used at the time of login authentication is acquired by the authentication unit 26. In step S125, a message requesting the user to input a password is displayed on the display unit 17. When a password is input from the user in response to the message displayed on the display unit 17, the input password is received by the operation unit 16 in step S126.

  In step S127, the hash value of the password accepted in step S126 is calculated, and authentication is performed using the calculated hash value, the ID acquired in step S124, and the authentication information included in the QR code 50. If the authentication fails, the process proceeds to step S128, a message indicating that there is no access right is displayed on the display unit 17, and the process ends.

  If the authentication in step S127 is successful, the process proceeds to step S129. In step S129, it is determined whether or not a QR code copy instruction has been received from the user. If no QR code copy instruction has been received, the process proceeds to step S134. If a QR code copy instruction has been received, the process proceeds to step S130.

  In step S130, the authority information included in the QR code 50 is used to determine whether or not there is an authority for QR code copy. If it is determined in step S130 that there is no authority to perform QR code copying, the process proceeds to step S131. In step S131, a message indicating that the user does not have authority to perform QR code copy is displayed on the display unit 17, and the process ends. In this case, the QR code copy is canceled and not executed.

  If it is determined in step S130 that the user has authority to perform QR code copying, the process proceeds to step S132. In step S132, the PC print data in the storage folder 93 is specified using the specific information included in the QR code 50, and the specified PC print data is acquired. In step S133, the acquired PC print data is printed on a sheet, whereby QR code copying is executed.

  In step S134, it is determined whether or not an instruction for deletion processing has been received from the user. If the instruction for deletion processing has not been received, the processing ends. If an instruction for deletion processing has been received, the processing proceeds to step S135.

  In step S135, the authority information included in the QR code 50 is used to determine whether or not the authority for the deletion process is present. If it is determined in step S135 that there is no authority to delete, the process proceeds to step S136. In step S136, a message indicating that there is no authority to delete is displayed on the display unit 17, and the process ends. In this case, the deletion process is canceled and not executed.

  If it is determined in step S135 that the user has authority to delete, the process proceeds to step S137. In step S137, the PC print data in the storage folder 93 is specified using the specific information included in the QR code 50, and the specified PC print data is deleted. With the above processing, QR code copy and deletion processing by an unauthorized user is restricted, and only authorized users can execute QR code copy and deletion processing.

  In the authentication multifunction device 1 described above, the QR code 50 is extracted from the document 51, and authentication is performed using the authentication information included in the QR code 50 and the authentication information received from the user. Then, based on the authentication result and the authority information included in the QR code 50, it is determined whether or not the user has processing authority for the document data stored in the storage folder 93, and when it is determined that the user has processing authority. When the processing for the document is executed and it is determined that there is no processing authority, the processing for the document is stopped. That is, since the processing authority is determined using the authentication information and the authority information included in the QR code 50 printed on the document 51, information necessary for determining the processing authority of the document is not stored in the own device. It is possible to determine whether or not there is a document processing authority.

  The authentication multifunction device 1 performs authentication by calculating a hash value of authentication information input from the user and comparing the calculated hash value with the hash value included in the QR code 50. That is, since the QR code 50 includes the authentication information hash value instead of the authentication information itself, the authentication information itself cannot be obtained even if the QR code 50 is decoded. Therefore, it is possible to prevent the authentication information from being stolen.

  The QR code 50 includes hash values of a plurality of authentication information set for each of a plurality of users, and authority information set for each of a plurality of users and for each type of processing. Therefore, it is possible to determine whether or not the processing authority exists for each user and for each type of processing.

  On the other hand, in the generating multifunction machine 3, the QR code 50 is generated using the acquired authentication information and authority information, and the generated QR code 50 and the PC print data are printed on paper. Therefore, when processing the document 50 on which the PC print data is printed, the authentication information can be acquired by the authentication multifunction device 1 by decoding the printed QR code 50.

  Further, since the generation multifunction device 3 generates the QR code 50 including the hash value of the authentication information, the authentication information itself cannot be obtained even if the QR code 50 is decoded. Can be prevented.

  Further, the generating multifunction device 3 generates a QR code 50 including hash values of a plurality of authentication information set for each of a plurality of users and authority information set for each of the plurality of users and for each type of processing. To do. Therefore, the authentication multifunction device 1 can determine whether or not the processing authority exists for each user and for each type of processing.

  Although the embodiment of the present invention has been described above, the present invention is not limited to the above embodiment, and various modifications can be made. For example, in the above embodiment, the password (authentication information) is set for each user, but a password (authentication information) set for each document may be used. In this case, for example, when generating a QR code, a password set for the document by the user is received from the user, and a hash value of the received password is included in the QR code. In this case, it is possible to determine whether or not there is processing authority for each document so that only a user having authority for the document can process the document.

  In the above embodiment, the QR code is used as the code image. However, the code image is not limited to this as long as it is a coded image. For example, a one-dimensional code such as a barcode may be used, or a two-dimensional code other than a QR code may be used. Alternatively, the code information may be printed by coding the authentication information, authority information, and specific information, and performing watermark printing on the entire surface of the paper. In this case, when determining the presence or absence of authority, the authentication information and authority information are acquired by reading and decoding the watermark printed information.

  In the above-described embodiment, the presence / absence of authority for QR code copy and deletion processing is determined. However, the present invention is not limited to this. The presence or absence of authority for FAX processing and IFAX processing may be determined. Moreover, in the said embodiment, although the presence or absence of the authority was judged using the authentication result and authority information, authority information does not need to be used. In this case, it is determined that there is an authority when the authentication is successful, and it is determined that there is no authority when the authentication fails.

  In the above-described embodiment, the PC print data is stored in the storage folder 93 or the storage folder 311, and whether or not the authority is given to the processing of the document using the stored PC print data is determined, but is not limited thereto. A QR code not including specific information may be printed without saving the PC print data in the save folder. In this case, it is determined whether or not there is an authority such as a print process of image data generated by reading a document or a FAX transmission process.

  In addition, when the user prints the QR code to be printed with information indicating that the document is a master document, and the user processes the master document, the MFP 1 confirms that the document is the master document. Instead of performing the authentication process, it may be determined that the user has processing authority and the document process may be performed. In this case, if the multi-function device 1 cannot confirm that the read document is a master document, the process authority determination process shown in FIGS. 9 and 10 is executed to determine whether the document has the process authority. Judging.

  In addition, when the master document is copied, the multifunction device 1 is configured so that it can be identified whether the document is the master document or a copy thereof by further adding information that the multifunction device 3 is not the master document and printing. May be. Or, it is possible to print the information indicating that it is a master manuscript so that it cannot be read by the light that is emitted when reading the document so that the information that it is a master manuscript is not copied even if the document is copied. The machine 3 may be configured. In this case, information indicating that the original is a master original is printed so that it can be identified only by a specific light whether it is a master original or not.

  Further, the authentication multifunction device 1 may have the function of a generation multifunction device 3 that generates a document with a QR code. Further, the generation multifunction device 3 may have the function of the authentication multifunction device 1 that performs authentication using the QR code 50. In this case, the user can perform processing using a document with a QR code by using either the multifunction device 1 or the multifunction device 3.

  In the above embodiment, the generation multifunction device 3 acquires the authentication information and the authority information from the storage unit 31 and generates the QR code 50. However, the present invention is not limited to this. For example, a directory service using LDAP (Lightweight Directory Access Protocol) may be used. In this case, authentication information and authority information are registered in advance in a directory server connected to the MFP 3 via a network. When the QR code 50 is generated, LDAP authentication is performed between the multifunction device 3 and the directory server, and the multifunction device 3 acquires the registered authentication information and authority information from the directory server. In this case, it is not necessary to store authentication information and authority information in the storage unit 31. Further, for example, when generating the QR code 50, authentication information including an ID and a password is set between the registered user and the multifunction peripheral 3, and the processing authority of each user and the processing authority of each process are set by the registered user. Accordingly, authentication information and authority information may be provided. Also in this case, it is not necessary to store authentication information and authority information in the storage unit 31.

  Moreover, in the said embodiment, although the hash value of the password contained in authentication information was used, it is not restricted to this. Other one-way values obtained by performing one-way encryption processing may be used.

DESCRIPTION OF SYMBOLS 1 Multifunction machine 3 Multifunction machine 11 Printer 12 Scanner 16 Operation part 20 Control part 21 QR code extraction part 22 Authentication part 23 Authority judgment part 24 Identification part 25 Deletion process part 30 Control part 31 Storage part 311 Storage folder 312 Database 32 Data output part 33 Information acquisition unit 34 QR code generation unit

Claims (12)

In a document processing apparatus that performs processing using information included in a code image printed on a document,
Reading means for reading the document and generating image data of the document;
Extracting means for extracting a code image from the image data generated by the reading means;
A receiving means for receiving authentication information from the user;
An authentication unit that performs authentication using the authentication information included in the code image extracted by the extraction unit and the authentication information received by the reception unit;
Determination means for determining whether the user has processing authority for the document based on an authentication result by the authentication means;
When the determination unit determines that the user has processing authority, the processing is performed on the document. When the determination unit determines that the user has no processing authority, the processing on the document is stopped. Processing means to
A document processing apparatus comprising: The accepting means accepts the authentication information set for the user;
The authentication information included in the code image is a one-way value obtained by one-way encryption of authentication information set for the user,
The authentication unit calculates a one-way value of authentication information received by the reception unit, and collates the calculated one-way value with a one-way value of authentication information included in the code image, The document processing apparatus according to claim 1, wherein authentication is performed. The accepting means accepts the authentication information set for the document;
The authentication information included in the code image is a one-way value obtained by one-way encryption of authentication information set for the document,
The authentication unit calculates a one-way value of authentication information received by the reception unit, and collates the calculated one-way value with a one-way value of authentication information included in the code image, The document processing apparatus according to claim 1, wherein authentication is performed. The code image includes authority information indicating presence / absence of processing authority set for each processing type,
The document processing apparatus according to claim 1, wherein the determination unit determines whether or not the processing authority exists based on authority information included in the code image. The code image includes a one-way value obtained by one-way encryption of each of a plurality of authentication information set for each of a plurality of users, and a processing authority set for each of the plurality of users and for each type of processing. Authority information indicating the presence or absence of
The authentication unit calculates a one-way value of authentication information received by the receiving unit, and compares the calculated one-way value with a one-way value of authentication information included in the code image. Done
The document processing apparatus according to claim 1, wherein the determination unit determines whether or not the user has processing authority based on the authority information of the user authenticated by the authentication unit. Using specifying information included in the code image, further comprising specifying means for specifying document data printed on the document from document data stored in a storage folder;
The document processing according to claim 1, wherein the processing unit performs processing using the document data specified by the specifying unit when executing processing on the document. apparatus. In a document processing apparatus that prints a code image together with input document data,
An acquisition means for acquiring authentication information;
Generating means for generating the code image using the authentication information acquired by the acquiring means;
Printing means for printing the code image generated by the generating means and the input document data on paper;
A document processing apparatus comprising: The acquisition means acquires the authentication information set for the user,
The document processing apparatus according to claim 7, wherein the generation unit generates the code image including a one-way value obtained by one-way encrypting the authentication information. The acquisition means acquires the authentication information set for the document data,
The document processing apparatus according to claim 7, wherein the generation unit generates the code image including a one-way value obtained by one-way encrypting the authentication information. The acquisition means acquires authority information indicating presence / absence of processing authority set for each type of processing,
The document processing apparatus according to claim 7, wherein the generation unit generates the code image including the authority information acquired by the acquisition unit. The acquisition unit acquires a plurality of authentication information set for each of a plurality of users, and authority information indicating presence / absence of processing authority set for each of the plurality of users and for each type of processing,
The generation unit generates the code image including a one-way value obtained by one-way encryption of each of the plurality of authentication information acquired by the acquisition unit and the authority information. 8. The document processing apparatus according to 7. An output unit that outputs the input document data to a storage folder;
The document processing apparatus according to claim 7, wherein the generation unit generates a code image including specific information that can specify the document data from the storage folder.

Images