JP2007181945A - Image forming apparatus, output judging program and output judging method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To ensure security of printing data received through a network. <P>SOLUTION: An MFP 100 comprises a key forming part 153 for forming an open key and a secret key, an HDD 321 for storing related data 321A relating the open key and the secret key with an IP address in accordance with receiving a request signal containing a PC IP address, an open key transmitting part 154 for returning the open key related to the IP address, a code data receiving part 161 for receiving a code data added with the IP address through the network, a decoding part 170 for decoding the code data by the secret key related to the IP address added to the code data, and a secret key extracting part 163 for prohibiting decoding by the secret key related to the IP address in accordance with image formation of the print data decoded by an image forming part 14. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an image forming apparatus, an output determination program, and an output determination method, and more particularly to an image forming apparatus that receives print data via a network and an output determination program and an output determination method that are executed by the image forming apparatus.

  In recent years, networks have become widespread, and personal computers and image forming apparatuses typified by MFP (Multi Function Peripheral) are often connected and used on the network. The personal computer transmits the print data to the MFP, and the MFP forms an image on a recording medium such as paper. However, since the print data flows on the network, other computers connected to the network can easily receive the print data flowing on the network. In addition, the print data on the network can be encrypted in preparation for being received by another computer, but the MFP is encrypted by sending the encrypted data to the MFP again. There is a problem that the data is decoded to form an image of the print data.

  On the other hand, Japanese Patent Application Laid-Open No. 2004-118709 (Patent Document 1) describes a printing system that ensures the security of authentication information flowing on a network. In the printing system described in Japanese Patent Laid-Open No. 2004-118709, at least one printing apparatus that prints a print job and a job server are connected via a network, and the job server encrypts user authentication information. Processing for generating a public key / private key for encryption / decryption, processing for receiving user identification information and user authentication information encrypted with the public key from the printing apparatus, and encryption with the public key Processing for decrypting user authentication information with a secret key, processing for authenticating user identification information and decrypted user authentication information using a user authentication file describing the correspondence, and generated public key / secret The process of deleting the key is executed.

However, in Japanese Patent Laid-Open No. 2004-118709, it is possible to secure the security of user authentication information flowing on the network, but to ensure the security of print data because print data (print job) flows on the network. There is a problem that can not be.
JP 2004-118709 A

  The present invention has been made to solve the above-described problems, and one of the objects of the present invention is executed by an image forming apparatus that secures the security of print data received via a network and the image forming apparatus. Output judgment program and output judgment method.

  In order to achieve the above object, according to one aspect of the present invention, an image forming apparatus includes a combination of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key. Generating means, request signal receiving means for receiving a request signal including identification information for identifying a device, and a pair of encryption key and decryption key generated in response to reception of the request signal and identification information The key table storage means for storing the association data associated with each other, the encryption key reply means for returning the encryption key associated with the identification information by the association data, and the data with the identification information added via the network Data receiving means for receiving, decrypting means for decrypting the received data using a decryption key associated with the identification information added to the received data by the association data, and decrypted data An image forming unit that forms an image of the image, and a prohibiting unit that prohibits decryption by the decryption unit using a decryption key associated with the identification information added to the received data in accordance with image formation by the image forming unit. Prepare.

  According to this aspect, a pair of an encryption key and a decryption key is generated, and an association that associates the generated pair of the encryption key and the decryption key with the identification information included in the request signal in response to reception of the request signal. Data is stored and an encryption key is returned. When the data with the identification information added is received via the network, the received data is decrypted using the decryption key associated with the identification information added to the data and the associated data to form an image. The Furthermore, decryption using a decryption key associated with the identification information added to the received data is prohibited according to image formation. For this reason, since decryption of data using the decryption key is limited to one-time image formation, for example, when a third party acquires data being transmitted to the image forming apparatus via the network, the third party Even if the data is transmitted to the image forming apparatus without decrypting the data, decryption with the decryption key for decrypting the data is prohibited, so that data transmitted by a third party may be decrypted to form an image. Absent. As a result, it is possible to provide an image forming apparatus that ensures the security of data received via a network.

  Preferably, the prohibition unit includes a deletion unit that deletes the association data including the identification information added to the received data.

  Preferably, the prohibiting means includes use prohibiting means for prohibiting the use of associated data including identification information added to the data received by the decrypting means.

  Preferably, the prohibition unit includes a generation prohibition unit that does not cause the key generation unit to generate a combination of the decryption key and the encryption key associated with the identification information added to the received data by the association data.

  Preferably, the key generation unit generates a pair of an encryption key and a decryption key in response to receiving the request signal.

  Preferably, the key generation means includes key storage means for generating and storing a plurality of pairs of encryption keys and decryption keys in advance, and is used as identification information among a plurality of pairs of encryption keys and decryption keys stored in the key storage means. When the number of unassociated groups is equal to or less than a predetermined number, a new group is generated.

  According to another aspect of the present invention, an image forming apparatus stores a plurality of pairs of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key. And a request signal receiving means for receiving a request signal including identification information for identifying the device, and one of a plurality of sets of encryption keys and decryption keys stored in the key storage means in response to reception of the request signal Key table storage means for storing association data in which one is associated with identification information, encryption key reply means for returning an encryption key associated with identification information by association data, and data with identification information added thereto, Data receiving means for receiving via the network, decrypting means for decrypting the received data using the decryption key associated with the identification information added to the received data by the associated data, and decryption Comprising the image forming means for data image formation, according to the image formation by the image forming unit, a deleting means for deleting the association data including identification information added to the received data.

  According to this aspect, a plurality of pairs of encryption keys and decryption keys are stored, and in accordance with reception of the request signal, any one of the plurality of pairs of encryption keys and decryption keys and the identification information included in the request signal Is stored, and the encryption key is returned. When the data with the identification information added is received via the network, the received data is decrypted using the decryption key associated with the identification information added to the data by the associated data, and an image is formed. The Furthermore, the association data including the identification information added to the received data is deleted according to the image formation. For this reason, since decryption of data using the decryption key is limited to one-time image formation, for example, when a third party acquires data being transmitted to the image forming apparatus via the network, the third party Even if the data is transmitted to the image forming apparatus without decrypting the data, since the decryption key for decrypting the data is not stored, the data transmitted by the third party is not decrypted to form an image. As a result, it is possible to provide an image forming apparatus that ensures the security of data received via a network.

  Preferably, when the data received by the decoding means cannot be decoded, the information processing apparatus further includes message transmission means for transmitting the device identification information added to the data to a predetermined transmission destination.

  Preferably, the encryption key and the decryption key are the same.

  According to still another aspect of the present invention, the output determination program is an output determination program executed by an image forming apparatus including an image forming unit that forms an image when data is input, and encrypts the data. Generating a pair of an encryption key for decrypting data encrypted with the encryption key, receiving a request signal including identification information for identifying the device, A step of storing association data associating the generated encryption key / decryption key pair with identification information in response to receiving, a step of returning the encryption key associated with the identification information by the association data, and identification The step of receiving the data to which the information is added via the network and the decryption key associated with the identification information added to the received data by the association data are used. A step of decoding the received data, a step of causing the image forming unit to form an image of the decoded data, and an identification information added to the received data in accordance with the image formation by the image forming unit. And causing the image forming apparatus to execute a step of prohibiting decryption using the decryption key.

  According to the present invention, it is possible to provide an output determination program that ensures the security of data received via a network.

  According to still another aspect of the present invention, the output determination program is an output determination program executed by an image forming apparatus including an image forming unit that forms an image when data is input, and encrypts the data. A step of storing a plurality of pairs of encryption keys for decrypting data encrypted with the encryption key and receiving a request signal including identification information for identifying the device, and a request signal In response to the reception, a step of storing association data in which any one of a plurality of pairs of an encryption key and a decryption key is associated with identification information, and an encryption key associated with the identification information by the association data is returned. A step, receiving data with identification information added via a network, and associating the identification information added to the received data with association data. A step of decrypting the received data using the decryption key, a step of causing the image forming apparatus to form an image of the decrypted data, and an identification added to the received data according to the image formation by the image forming means And deleting the associated data including information, and causing the image forming apparatus to execute.

  If this aspect is followed, the output judgment program which ensured the security of the data received via a network can be provided.

  According to still another aspect of the present invention, an output determination method generates a set of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key; A step of receiving a request signal including identification information for identifying a device, and a step of storing association data associating a pair of a generated encryption key and decryption key with the identification information in response to reception of the request signal A step of returning an encryption key associated with the identification information by the associated data, a step of receiving the data with the identification information added via the network, and a step of receiving the identification information added to the received data. A step of decrypting the received data using a decryption key associated with the attached data, a step of forming an image of the decrypted data, and an image formed by the image forming step Depending on the formation, and a step of prohibiting the decoding using the decryption key associated with the identification information added to the received data, to be executed by the image forming apparatus.

  If this aspect is followed, the output judgment method which ensured the security of the data received via a network can be provided.

  According to still another aspect of the present invention, an output determination method stores a plurality of pairs of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key; A step of receiving a request signal including identification information for identifying a device, and associating data associating identification information with one of a plurality of pairs of an encryption key and a decryption key in response to reception of the request signal , A step of returning an encryption key associated with the identification information by the association data, a step of receiving the data with the identification information added via the network, and a step of adding to the received data A step of decrypting the received data using a decryption key associated with the identification information by the associated data, a step of forming an image of the decrypted data, and an image forming step In accordance with the image formation by up to execute a step of deleting the association data including identification information added to the received data, to the image forming apparatus.

  If this aspect is followed, the output judgment method which ensured the security of the data received via a network can be provided.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description, the same parts are denoted by the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated.

<First Embodiment>
FIG. 1 is a diagram showing an overall outline of a network system according to a first embodiment of the present invention. Referring to FIG. 1, in the network system, MFP 100 and personal computers (hereinafter referred to as “PCs”) 101 and 102 are connected to network 103. The MFP 100 is an image forming apparatus having a copying function, a scanner function, a facsimile transmission / reception function, and a printing function. The network 103 may be either wired or wireless, and is a public network such as PSTN (Public Switched Telephony Networks), ISDN (Integrated Services Digital Network), packet switching network, LAN (Local Area Network) or the like. Includes network. Since the hardware configurations and functions of the PCs 101 and 102 are well known, description thereof will not be repeated here. FIG. 1 shows an example in which one MFP 100 and two PCs 101 and 102 are connected to the network 103, but the number of units is not limited, and at least one of them may be connected. . Although an example in which the MFP 100 and the PCs 101 and 102 are connected via the network 103 is shown, direct connection may be made using a serial interface or a parallel interface.

  MFP 100 according to the present embodiment can be accessed from either PC 101 or 102, and when print data is received from either one via network 103, the received print data is imaged. Since the print data flows through the network 103, the MFP 100 assigns an encryption key to each of the PCs 101 and 102. For example, when the user A performs an operation of transmitting print data with the PC 101, the PC 101 encrypts the print data with the encryption key assigned to the PC 101 and transmits it to the MFP 100. On the other hand, the MFP 100 decrypts the data received from the PC 101 with the encryption key assigned to the PC 101, and forms an image of the decrypted print data. Since data transmitted from the PC 101 to the MFP 100 flows through the network 103, the user B of the PC 102 can acquire the data. However, since the data is encrypted with the encryption key assigned to the PC 101, the encryption key User B who does not know cannot decrypt the encrypted print data and does not know the contents of the print data.

  Further, MFP 100 in the present embodiment does not form an image of such data in case User B inputs data acquired from the network to PC 101 and transmits the data from PC 101 to MFP 100 as it is. I have to. The encryption key may be a common key or a combination of a public key and a secret key. Hereinafter, a case where print data is transmitted from the PC 101 to the MFP 100 will be described as an example.

  FIG. 2 is a perspective view showing the appearance of the MFP. Referring to FIG. 2, MFP 100 includes an automatic document feeder (ADF) 17, an image reading unit 13, an image forming unit 14, and a paper feeding unit 18. The ADF processes a plurality of documents placed on the document table one by one in order and conveys them to the image reading unit 13. The image reading unit 13 optically reads image information such as photographs, characters, pictures and the like from a document and acquires image data. When image data is input, the image forming unit 14 prints an image on a recording sheet such as paper based on the image data. The paper supply unit 18 stores recording sheets, and supplies the stored recording sheets one by one to the image forming unit 14. In addition, MFP 100 includes operation panel 11 on the top surface thereof.

  FIG. 3 is a block diagram illustrating an example of a hardware configuration of the MFP. Referring to FIG. 3, MFP 100 includes an information processing unit 301, a facsimile unit 302, a communication control unit 303, an image reading unit 13, an image forming unit 14, a paper feeding unit 18, and an ADF 17. The information processing unit 301 includes a central processing unit (CPU) 311, a RAM (Random Access Memory) 311 a used as a work area of the CPU 311, an image memory 312, and a hard disk drive (HDD) for storing data in a nonvolatile manner. ) 321, timer 320, display unit 313, operation unit 310, data communication control unit 309, and data input / output unit 308. The CPU 311 is connected to the data input / output unit 308, the data communication control unit 309, the operation unit 310, the image memory 312, and the display unit 313, and controls the entire information processing unit 301. The CPU 311 is connected to the facsimile unit 302, the communication control unit 303, the image reading unit 13, the image forming unit 14, the paper feeding unit 18, and the ADF 17, and controls the entire MFP 100. The image memory 312 stores image data to be printed by the image forming unit 14. The timer 320 measures time and outputs the time measured to the CPU 311.

  The display unit 313 is a display device such as a liquid crystal display (LCD) or an organic ELD (Electro Luminescence Display), and displays an instruction menu for the user, information about acquired image data, and the like. The operation unit 310 includes a plurality of keys, and accepts input of various instructions, data such as characters and numbers by user operations corresponding to the keys. The operation unit 310 includes a touch panel provided on the display unit 313. The display unit 313 and the operation unit 310 constitute the operation panel 11.

  The data communication control unit 309 is connected to the data input / output unit 308. The data communication control unit 309 controls the data input / output unit 308 according to an instruction from the CPU 311 and transmits / receives data to / from an external device connected to the data input / output unit 308. The data input / output unit 308 includes a LAN terminal 314 that is an interface for communication using TCP / IP (Transmission Control Protocol / Internet Protocol), a USB (Universal Serial Bus) terminal 315, a Centronics terminal 316, and an RS-232C (Recommended Standard 32). A serial interface terminal 317 such as Version C) and a JTAG (Joint Test Action Group) terminal 318.

  In the MFP 100, when a LAN cable for connecting to the network 103 is connected to the LAN terminal 314, the data communication control unit 309 controls the data input / output unit 308 to connect the PC 101, connected via the LAN terminal 314, 102 communicates. When a device is connected to any one of the USB terminal 315, the Centronics terminal 316, the serial interface terminal 317, and the JTAG terminal 318, the data communication control unit 309 controls the data input / output unit 308 to connect to the connected device. Communicate with each other to input and output data. A USB memory 319 incorporating a flash memory is connected to the USB terminal 315. The USB memory 319 stores an output determination program, which will be described later, and the CPU 311 controls the data communication control unit 309 to read the output determination program from the USB memory 319 and store the read output determination program in the RAM 311a. ,Execute.

  The recording medium for storing the output determination program is not limited to the USB memory 319, but a flexible disk, a cassette tape, an optical disk (CD-ROM (Compact Disc-Read Only Memory) / MO (Magnetic Optical Disc / MD (Mini Disc)). ) / DVD (Digital Versatile Disc)), IC card (including memory card), optical card, mask ROM, EPROM (Erasable Programmable ROM), EEPROM (Electronically EPROM), etc. The program here is not only a program that can be directly executed by the CPU 311 but also a source program. Including a program in a program format, a compressed program, an encrypted program, and the like.

  The facsimile unit 302 is connected to the PSTN and transmits facsimile data to the PSTN or receives facsimile data from the PSTN. The facsimile unit 302 converts the received facsimile data into print data that can be printed by the image forming unit 14 and outputs the print data to the image forming unit 14. As a result, the image forming unit 14 prints the facsimile data received by the facsimile unit 302 on a recording sheet.

  The communication control unit 303 is a modem for connecting the CPU 311 to the PSTN. The communication control unit 303 communicates with other computers connected to the PSTN. As a result, the CPU 311 can transmit / receive data to / from another computer via the PSTN. A communication control unit 303 is used when the MFP 100 is connected to the PCs 101 and 102 via the PSTN.

  FIG. 4 is a flowchart illustrating an example of a flow of encrypted data creation processing executed by the PC according to the first embodiment. This encryption data creation processing is, for example, processing executed by the PC 101 when a print instruction is input to the PC 101 that executes the application program. The print instruction includes an instruction whether to encrypt data. Referring to FIG. 4, when a print instruction is input, PC 101 creates print data from data to be printed (step S101). If encryption is instructed (YES in step S102), the process proceeds to step S103. If not instructed (NO in step S102), the process proceeds to step S107. If encryption is not instructed, the PC 101 transmits the print data created in step S101 to the MFP 100 as it is (step S107), and ends the process. On the other hand, if encryption is instructed, the PC 101 requests the MFP 100 to transmit a public key (step S103), and waits until the public key is received (NO in step S104). When the public key is received (YES in step S104), the print data created in step S101 is encrypted (step S105), and the encrypted data is transmitted to MFP 100 (step S106).

  FIG. 5 is a functional block diagram showing an outline of the functions of the CPU of the MFP together with information stored in the HDD. Referring to FIG. 5, CPU 311 has a request receiving unit 151 for receiving a public key transmission request transmitted from PC 101, and an association unit for associating PC 101 that has requested transmission with a public key and a private key. 152 and a public key transmission unit 154 that transmits the public key to the PC 101.

  The encrypted data receiving unit 151 receives a public key transmission request output from the data input / output unit 308. When the PC 101 connected to the network 103 transmits a public key transmission request to the MFP 100, the data input / output unit 308 receives the public key transmission request. The data input / output unit 308 outputs the received public key transmission request and the IP address assigned to the PC 101 to the request reception unit 151. When receiving a transmission request, the request reception unit 151 outputs the IP address of the PC 101 to the association unit 152. The IP address assigned to the PC 101 is identification information for identifying the PC 101. Here, the IP address assigned to the PC 101 is used for the identification information, but a MAC address assigned to the PC 101 or its peripheral device may be used. Further, when user authentication is required in MFP 100 when printing is performed by MFP 100, the user ID information and the authentication information are requested to be input when the PC 101 issues a print instruction, and the PC 101 is replaced with the ID information. Thus, user identification information may be used. Thereby, security on the network 103 of the data to be printed can be ensured for each user.

  When the IP address of the PC 101 is input from the request receiving unit 151, the associating unit 152 generates association data that associates the IP address, the secret key, and the public key pair, and stores the associated data in the HDD 321. The IP address and the public key are output to the public key transmission unit 154. As a result, the associated data 321A is stored in the HDD 321. The association unit 152 includes a key generation unit 153, and the key generation unit 153 generates a pair of a secret key and a public key. The public key transmission unit 154 transmits the public key to the input IP address. As a result, the public key is transmitted from the data input / output unit 308 to the PC 101.

  Furthermore, the CPU 311 has a cryptographic data reception unit 161 for receiving encrypted cryptographic data transmitted via the network 103, and key management for extracting a secret key associated with the PC 101 that has transmitted the cryptographic data. Unit 162, decryption unit 170 for decrypting the received encrypted data with the private key, and error transmission unit 164.

  The encrypted data receiving unit 161 receives the encrypted data output from the data input / output unit 308. When the PC 101 connected to the network 103 transmits encrypted data to the MFP 100, the encrypted data is received by the data input / output unit 308. The data input / output unit 308 outputs the received encrypted data and the IP address assigned to the PC 101 to the encrypted data receiving unit 161. The encrypted data reception unit 161 outputs the encrypted data to the decryption unit 170 and outputs the IP address assigned to the PC 101 to the key management unit 162.

  When the IP address of the PC 101 is input from the encrypted data reception unit 161, the key management unit 162 outputs the secret key associated with the IP address by the association data 321A to the decryption unit 170. The key management unit 162 includes a secret key extraction unit 163. When the IP address of the PC 101 is input from the encrypted data reception unit 161, the secret key extraction unit 163 associates the associated data stored in the HDD 321 with the IP address. 321A is searched, and association data 321A including the IP address of the PC 101 is extracted. When the secret key extraction unit 163 can extract the association data 321A including the IP address of the PC 101, the secret key extraction unit 163 outputs the secret key included in the association data 321A to the decryption unit 170 and transmits the IP address of the PC 101 in error. To the unit 164. The reason why the IP address of the PC 101 is output to the error transmission unit 164 is that the error transmission unit 164 transmits an error message when the decryption unit 170 (to be described later) cannot decode the IP address. On the other hand, when the associated data 321A including the IP address of the PC 101 is not stored in the HDD 321, the key extraction unit outputs the IP address of the PC 101 and an error signal to the error transmission unit 164. The key management unit 162 receives a signal indicating whether or not the encrypted data can be decrypted from the decryption unit 170. When the signal indicating that the decryption has been performed is input, the key management unit 162 extracts the association information extracted by the secret key extraction unit 163. The data 321A cannot be used. Specifically, the secret key extraction unit 163 deletes the associated data 321A extracted by the secret key extraction unit 163 from the HDD 321.

  The decryption unit 170 receives the encrypted data from the encrypted data reception unit 161, receives the secret key from the key management unit 162, and decrypts the encrypted data with the secret key. If the decryption unit 170 can decrypt the encrypted data, the decryption unit 170 outputs the print data obtained by decrypting the encrypted data to the image forming unit 14 and outputs a signal indicating that the decryption has been performed to the key management unit 162. As a result, the print data is formed as an image on a recording medium such as paper by the image forming unit 14. On the other hand, the decryption unit 170 outputs an error signal to the error transmission unit 164 when the encrypted data cannot be decrypted.

  When an error signal is input from the secret key extraction unit 163 or when an error signal is input from the decryption unit 170, the error transmission unit 164 sends the transmission destination stored in the HDD 321 in advance to the transmission destination from the secret key extraction unit 163. The input IP address and error message are transmitted. The transmission method is not particularly limited, but is transmitted by electronic mail. The error message indicates that illegal printing has been performed, for example, “There was an illegal printing instruction from the PC of ***”.

  FIG. 6 is a diagram illustrating an example of association data stored in the HDD. Referring to FIG. 6, association data 321A associates a set of public key A and secret key B with IP address A. Here, the case where one piece of associated data 321A is stored is shown, but a plurality of pieces of data may be stored.

  FIG. 7 is a flowchart illustrating an example of the flow of key transmission processing executed by the CPU of the MFP according to the first embodiment. Referring to FIG. 7, CPU 311 determines whether or not a key request signal has been received (step S01). If received, the process proceeds to step S02. NO in step S01). Here, a case where a request signal is received from the PC 101 will be described as an example. The CPU 311 acquires the IP address assigned to the PC 101 (step S02) and generates a key (step S03). The generated key may be a common key or a combination of a public key and a secret key. Here, a case where a public key and a secret key are generated will be described. Then, the CPU 311 generates association data in which the IP address acquired in step S02 is associated with the public key and secret key pair generated in step S03 (step S04), and is stored in the HDD 321 (step S05). Furthermore, only the public key is transmitted to the IP address acquired in step S02 (step S06). As a result, the public key is received by the PC 101.

  FIG. 8 is a flowchart illustrating an example of the flow of print processing executed by the CPU of the MFP according to the first embodiment. Referring to FIG. 8, CPU 311 determines whether or not print data has been received (step S11). If received, the process proceeds to step S12. If not received, the CPU 311 is in a standby state until print data is received. (NO in step S11). In step S12, it is determined whether or not the received print data is encrypted data. If it is encrypted data, the process proceeds to step S13. If not, the process proceeds to step S21. In step S21, the received print data is output to the image forming unit 14 as it is. Thereby, the image forming unit 14 forms an image of the print data on a recording medium such as paper.

  Hereinafter, a case where encrypted data obtained by encrypting print data from the PC 101 is received in step S11 will be described as an example. The CPU 311 acquires the IP address assigned to the PC 101 (step S13), and determines whether or not the associated data 321A including the IP address assigned to the PC 101 is stored in the HDD 321 (step S14). If such association data 321A is stored, the process proceeds to step S15. If not stored, the process proceeds to step S20. The CPU 101 searches the association data 321A stored in the HDD 321 and extracts the association data 321A including the IP address. If the IP address can be extracted, it is determined that it is stored, and if it cannot be extracted, it is determined that it is not stored.

  The CPU 311 acquires a secret key from the associated data 321A extracted in step S14 (step S15), and decrypts the print data received in step S11 with the secret key (step S16). Then, the CPU 311 determines whether or not the encrypted data can be decrypted (step S17). If the decrypted data can be decrypted correctly, the process proceeds to step S18. If the decrypted data cannot be decrypted correctly, the process proceeds to step S20. The CPU 311 outputs the print data obtained by decrypting the encrypted data to the image forming unit 14 (step S18). Thereby, the image forming unit 14 forms an image of the print data on a recording medium such as paper. Next, the CPU 311 deletes the associated data 321A extracted in step S14 from the HDD 321 (step S19), and ends the process.

  On the other hand, when the process proceeds to step S20, if the associated data 321A including the IP address of the PC 101 is not stored in the HDD 321, or if the encrypted data is correctly stored with the secret key that is stored but included in the associated data 321A. This is a case where decryption is impossible. In such a case, the CPU 311 transmits an e-mail including the IP address of the PC 101 and the error message acquired in step S13 to the transmission destination stored in advance in the HDD 321. The destination stored in advance is preferably an email address of a user who mainly uses the PC 101 or an email address of an administrator of the MFP 100. As a result, it is possible to notify the administrator or the user who mainly uses the PC 101 that unauthorized printing has been performed.

  As described above, upon receiving a request signal from the PC 101, the MFP 100 according to the first embodiment generates a set of a public key and a secret key, and the generated set of the public key and secret key and the IP address of the PC 101 Is stored in the HDD 321, and the public key is returned to the PC 101. When the encrypted data is received from the PC 101 via the network 103, the received encrypted data is decrypted using the secret key associated with the IP address of the PC 101 and the associated data to form an image. Further, the associated data 321A including the IP address of the PC 101 is deleted in accordance with image formation. For this reason, since the decryption of the encrypted data using the secret key is limited to one time, for example, the encrypted data being transmitted from the PC 101 to the MFP 100 via the network 103 is acquired by the PC 102, and is again transmitted to the MFP 100 without being decrypted. Even if it is transmitted, since the secret key for decrypting the encrypted data is not stored, it is not decrypted to form an image. As a result, the security of data received via the network can be ensured.

<First Modification>
The MFP 100 according to the first embodiment described above deletes the associated data 321A after forming the print data image. The MFP 100 according to the first modification is configured to store a use history without deleting the used association data 321A from the HDD 321. Since other configurations are the same as those of MFP 100 described above, description thereof will not be repeated here.

  FIG. 9 is a diagram illustrating an example of association data stored in the HDD of the MFP in the first modification. Referring to FIG. 9, associated data 321A associates a set of public key E and secret key E with IP address E. Each set of other public keys A to D and secret keys A to D is marked with “used” indicating that it has already been used.

  MFP 100 in the first modified example has a configuration similar to that of the functional block diagram shown in FIG. 5, except that key generation unit 153 generates a public key and a secret included in associated data 321 </ b> A when generating a new key. Generation of the same public key and private key pair as the key pair is prohibited. Therefore, when generating a new key, the key generation unit 153 refers to the associated data 321A, and sets the public key and private key different from the public key and private key pair included in the associated data 321A. Is generated. In addition, when the decryption unit 170 has successfully decrypted the encrypted data, the key management unit 162 rewrites the IP address included in the associated data 321A with a “used” mark. As a result, a plurality of pairs of the same public key and secret key are not generated, so that the security of the print data can be further ensured.

  FIG. 10 is a flowchart illustrating an example of the flow of key transmission processing executed by the CPU of the MFP in the first modification. Referring to FIG. 10, the same processes as those shown in FIG. The difference from the process shown in FIG. 7 is that the process of step S03 is changed to the process of step S03A. In step S03A, CPU 311 refers to associated data 321A, and generates a public key and private key pair different from the public key and private key pair included in associated data 321A.

  FIG. 11 is a flowchart illustrating an example of the flow of print processing executed by the CPU of the MFP in the first modification. Referring to FIG. 11, the same processes as those shown in FIG. The difference from the process shown in FIG. 8 is that step S19A is executed instead of step S19. In step S19A, the CPU 311 sets the association data 321A extracted in step S14 to use prohibition. Specifically, the IP address included in the associated data 321A is rewritten to a “used” mark.

  As described above, the MFP 100 according to the first modified example stores the use history without deleting the used association data 321A from the HDD 321 and prohibits the use of the used association data. In addition, since the same set as the set of the public key and the secret key included in the used association data is not generated, the security of the print data flowing on the network 103 can be further ensured.

<Second Modification>
The MFP 100 according to the first embodiment described above is configured to generate a key when a request signal for requesting transmission of a public key is received from the PC 101. However, the MFP 100 according to the second modification is previously unused. Are generated, and an unused key is assigned in response to reception of the request signal. Since it is not necessary to generate a key between the reception of the request signal and the transmission of the public key, the processing time can be shortened.

  MFP 100 in the second modified example has the same configuration as that of the functional block diagram shown in FIG. 5, but key generation unit 153 refers to associated data 321 </ b> A to determine unused associated data 321 </ b> A in advance. When the number is less than the specified number, a new set of public key and secret key is generated, and the associated data 321A is stored in the HDD 321. Further, when the IP address of the PC 101 is input from the request reception unit 151, the association unit 152 assigns unused association data among the association data 321A stored in the HDD 321 to the IP address.

  FIG. 12 is a first diagram illustrating an example of association data stored in the HDD of the MFP in the second modification. Referring to FIG. 12, the difference from associated data 321A shown in FIG. 6 is that a set of public key B and private key B marked with “unassigned” indicating that the data is not assigned to an IP address. And a set of public key C and secret key C and a set of public key D and secret key D.

  FIG. 13 is a flowchart illustrating an example of the flow of key generation processing executed by the CPU of the MFP in the second modification. Referring to FIG. 13, CPU 311 has the number of unused associated data marked with “unassigned” indicating that an IP address is not assigned among associated data 321 </ b> A smaller than threshold value T. (Step S31), if smaller than the threshold value T, the process proceeds to Step S32, and if smaller than the threshold value T, the process is terminated. In step S32, the CPU 311 generates a new public key / private key pair and stores it in the HDD 321 (step S33). At this time, a mark “unassigned” indicating that an IP address is not assigned to the set of the public key and the private key is stored. Thus, the unused association data 321 </ b> A corresponding to the threshold value T is stored in the HDD 321.

  FIG. 14 is a flowchart illustrating an example of a key transmission process executed by the CPU of the MFP according to the second modification. Referring to FIG. 14, the same processes as those shown in FIG. The difference from the process shown in FIG. 7 is that step S03 to step S05 are deleted and step S03B is added. In step S03B, the CPU 311 refers to the associated data 321A, and associates data 321A including the set of the public key B and the secret key B to which the mark “unassigned” indicating that the IP address is not assigned is attached. And the IP address of the PC 101 acquired in step S02 is assigned. Then, only the public key B included in the associated data 321A selected in step S04B is transmitted to the IP address acquired in step S02 (step S06).

  The CPU of MFP 100 in the second modification example executes the printing process shown in FIG. Note that the CPU of MFP 100 in the second modification may execute the printing process shown in FIG. 11, and in this case, the association data 321A is used as shown in FIG. The association data 321A is included as history information. FIG. 15 is a second diagram illustrating an example of association data stored in the HDD of the MFP in the second modification.

  The MFP 100 in the second modification example generates a plurality of unused public key and private key pairs in advance and assigns an unused key in response to the reception of the request signal. The processing time until the transmission of can be shortened. In addition, since a new set is generated when the number of unused key pairs is equal to or less than a predetermined number, even if a plurality of request signals are received at the same time, an unused key set can be assigned immediately. .

<Second Embodiment>
The MFP 100 according to the first embodiment generates a key, but the MFP 100 according to the second embodiment stores a plurality of keys in advance. Hereinafter, differences from MFP 100 in the first embodiment will be mainly described.

  FIG. 16 is a functional block diagram showing an outline of functions of the CPU of the MFP according to the second embodiment, together with information stored in the HDD. Referring to FIG. 16, the HDD 321 stores key data 321B in advance. The key data 321B includes a plurality of sets of public keys and secret keys. The CPU 311 includes a request accepting unit 151, an association unit 152A, and a public key transmission unit 154. When the IP address of the PC 101 is input from the request receiving unit 151, the associating unit 152A randomly extracts one from a plurality of public key and private key pairs defined by the key data 321B, and extracts The associated data that associates the set of the public key and the private key with the IP address of the PC 101 is generated and stored in the HDD 321, and the IP address and the public key are output to the public key transmitting unit 154. As a result, the associated data 321A is stored in the HDD 321.

  Further, the CPU 311 includes an encrypted data receiving unit 161, a secret key extracting unit 163 for extracting a secret key associated with the PC 101 that has transmitted the encrypted data, a decrypting unit 170, an error transmitting unit 164, and a data deleting unit. 165. The encrypted data receiving unit 161 receives the encrypted data output from the data input / output unit 308, outputs the encrypted data to the decrypting unit 170, and outputs the IP address assigned to the PC 101 to the secret key extracting unit 163.

  When the IP address of the PC 101 is input from the encrypted data receiving unit 161, the secret key extracting unit 163 searches the associated data 321A stored in the HDD 321 with the IP address, and associated data including the IP address of the PC 101. Extract 321A. When the secret key extraction unit 163 can extract the association data 321A including the IP address of the PC 101, the secret key extraction unit 163 outputs the secret key included in the association data 321A to the decryption unit 170 and transmits the IP address of the PC 101 in error. To the unit 164. On the other hand, when the associated data 321A including the IP address of the PC 101 is not stored in the HDD 321, the secret key extraction unit 163 outputs the IP address of the PC 101 and an error signal to the error transmission unit 164.

  When the encrypted data can be decrypted, the decrypting unit 170 outputs the print data obtained by decrypting the encrypted data to the image forming unit 14 and outputs a signal indicating that the encrypted data has been decrypted to the data deleting unit 165. The decryption unit 170 outputs an error signal to the error transmission unit 164 when the encrypted data cannot be decrypted.

  The data deleting unit 165 receives a signal indicating whether or not the encrypted data can be decrypted from the decrypting unit 170, and when the signal indicating that the decrypting can be performed is input, the associated data 321A extracted by the secret key extracting unit 163. Is deleted from the HDD 321. Since the associated data is deleted, even if encrypted data is subsequently transmitted from the PCs 101 and 102, the encrypted data is not decrypted, and no print data is formed.

  FIG. 17A illustrates an example of key data stored in the HDD 321 of the MFP 100 according to the second embodiment. Referring to FIG. 17A, key data 321B includes a plurality of sets of public keys and secret keys. Here, an example is shown in which the key data 321B includes 10 sets of public key and private key. FIG. 17B is a diagram illustrating an example of association data stored in the HDD 321 of the MFP 100 according to the second embodiment. Referring to FIG. 17B, association data 321A is the same as association data 321A shown in FIG.

  FIG. 18 is a flowchart illustrating an example of a flow of key transmission processing executed by the CPU of the MFP according to the second embodiment. Referring to FIG. 18, the difference from the key transmission process shown in FIG. 7 is that the process in step S03 is changed to the process in step S03C. When the CPU 311 acquires the IP address assigned to the PC 101 (step S02), the CPU 311 randomly extracts one from a plurality of public key and private key pairs defined in the key data 321B (step S03C). Then, association data that associates the extracted set of public key and secret key with the IP address of the PC 101 is generated (step S04).

  The CPU of MFP 100 in the second embodiment executes the printing process shown in FIG.

  As described above, MFP 100 according to the second embodiment stores in advance a plurality of combinations of a public key and a secret key, and any of a plurality of combinations of an encryption key and a decryption key according to reception of a request signal. Since the association data 321A in which one of them is associated with the IP address of the PC 101 is generated, there is no need to generate a pair of a public key and a secret key, and the load on the MFP 100 is reduced and the processing speed is increased. Can do. Further, since the association data including the IP data of the PC 101 is deleted according to the image formation, it is possible to ensure the security of the print data flowing on the network.

  Although the MFP 100 has been described in the above-described embodiment, an output determination method for causing the CPU 311 to execute the processes illustrated in FIGS. 7, 8, 10, 11, 13, 14, and 18. Needless to say, the present invention can be grasped as an output determination program.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

It is a figure which shows the whole network system outline | summary in the 1st Embodiment of this invention. 1 is a perspective view showing an appearance of an MFP. 2 is a block diagram illustrating an example of a hardware configuration of an MFP. FIG. It is a flowchart which shows an example of the flow of the encryption data creation process performed with PC in 1st Embodiment. 2 is a functional block diagram showing an outline of functions of a CPU of an MFP together with information stored in an HDD. FIG. It is a figure which shows an example of the association data memorize | stored in HDD. 6 is a flowchart illustrating an example of a flow of key transmission processing executed by the CPU of the MFP according to the first embodiment. 6 is a flowchart illustrating an example of a flow of a printing process executed by the CPU of the MFP according to the first embodiment. It is a figure which shows an example of the association data memorize | stored in HDD of MFP in the 1st modification. 12 is a flowchart illustrating an example of a flow of key transmission processing executed by the CPU of the MFP in the first modification. 10 is a flowchart illustrating an example of a flow of a printing process executed by a CPU of an MFP in a first modification. It is a 1st figure which shows an example of the association data memorize | stored in HDD of MFP in the 2nd modification. 12 is a flowchart illustrating an example of a flow of key generation processing executed by a CPU of an MFP according to a second modification. 12 is a flowchart illustrating an example of a flow of key transmission processing executed by the CPU of the MFP in a second modification. FIG. 10 is a second diagram illustrating an example of association data stored in the HDD of the MFP according to the second modification. 10 is a functional block diagram showing an outline of functions of a CPU of an MFP according to a second embodiment together with information stored in an HDD. FIG. 6 is a diagram illustrating an example of key data and association data stored in an HDD of an MFP according to a second embodiment. FIG. 12 is a flowchart illustrating an example of a flow of key transmission processing executed by the CPU of the MFP according to the second embodiment.

Explanation of symbols

  13 image reading unit, 14 image forming unit, 17 ADF, 18 paper feeding unit, 100 MFP, 101, 102 PC, 103 network, 151 request receiving unit, 152, 152A association unit, 153 key generation unit, 154 public key transmission 161, encrypted data reception unit, 162 key management unit, 163 secret key extraction unit, 164 error transmission unit, 165 data deletion unit, 170 decryption unit, 301 information processing unit, 302 facsimile unit, 303 communication control unit, 308 data input Output unit, 309 Data communication control unit, 310 operation unit, 312 image memory, 313 display unit, 319 USB memory, 321 HDD, 321A associated data, 321B key data.

Claims (13)

Key generation means for generating a set of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key;
Request signal receiving means for receiving a request signal including identification information for identifying a device;
A key table storage unit that stores association data that associates the set of the encryption key and the decryption key generated with the identification information in response to reception of the request signal;
An encryption key return means for returning the encryption key associated with the identification information by the associated data;
Data receiving means for receiving the data to which the identification information is added via a network;
Decryption means for decrypting the received data using a decryption key associated with the identification information added to the received data by the association data;
Image forming means for forming an image of the decoded data;
An image forming apparatus comprising: prohibiting means for prohibiting decryption by the decryption means using a decryption key associated with the identification information added to the received data in response to image formation by the image forming means; .   The image forming apparatus according to claim 1, wherein the prohibiting unit includes a deleting unit that deletes the association data including the identification information added to the received data.   The image forming apparatus according to claim 1, wherein the prohibiting unit includes a use prohibiting unit that prohibits the decoding unit from using the associated data including the identification information added to the received data.   The said prohibition means includes a generation prohibition means for preventing the key generation means from generating a combination of a decryption key and an encryption key associated with the identification information added to the received data by the associated data. The image forming apparatus described in 1.   The image forming apparatus according to claim 1, wherein the key generation unit generates the set of the encryption key and the decryption key in response to reception of the request signal. The key generation means includes key storage means for previously generating and storing a plurality of sets of the encryption key and the decryption key,
The new set is generated when the number of sets not associated with the identification information among a plurality of sets of the encryption key and the decryption key stored in the key storage unit is equal to or less than a predetermined number. Image forming apparatus. Key storage means for storing a plurality of pairs of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key;
Request signal receiving means for receiving a request signal including identification information for identifying a device;
In response to receiving the request signal, a key table storage that stores association data in which any one of the plurality of sets of the encryption key and the decryption key stored in the key storage unit is associated with the identification information Means,
An encryption key return means for returning the encryption key associated with the identification information by the associated data;
Data receiving means for receiving the data to which the identification information is added via a network;
Decryption means for decrypting the received data using a decryption key associated with the identification information added to the received data by the association data;
Image forming means for forming an image of the decoded data;
An image forming apparatus comprising: deletion means for deleting the associated data including the identification information added to the received data in accordance with image formation by the image forming means.   The image according to claim 1, further comprising message transmission means for transmitting identification information added to the data to a predetermined destination when the received data cannot be decoded by the decoding means. Forming equipment.   The image forming apparatus according to claim 1, wherein the encryption key and the decryption key are the same. An output determination program executed by an image forming apparatus including an image forming unit that forms an image when data is input,
Generating a set of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key;
Receiving a request signal including identification information for identifying the device;
Storing association data associating the set of the encryption key and the decryption key generated with the identification information in response to reception of the request signal;
Returning the encryption key associated with the identification information by the associated data;
Receiving the data to which the identification information is added via a network;
Decrypting the received data using a decryption key associated with the identification data attached to the received data by the associated data;
Causing the image forming means to form an image of the decoded data;
An output determination program that causes the image forming apparatus to execute a step of prohibiting decryption using a decryption key associated with the identification information added to the received data in accordance with image formation by the image forming unit. An output determination program executed by an image forming apparatus including an image forming unit that forms an image when data is input,
Storing a plurality of pairs of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key;
Receiving a request signal including identification information for identifying the device;
Storing association data associating any one of the plurality of sets of the encryption key and the decryption key with the identification information in response to receiving the request signal;
Returning the encryption key associated with the identification information by the associated data;
Receiving the data to which the identification information is added via a network;
Decrypting the received data using a decryption key associated with the identification data attached to the received data by the associated data;
Causing the image forming apparatus to form an image of the decoded data;
An output determination program for causing the image forming apparatus to execute the step of deleting the associated data including the identification information added to the received data in accordance with image formation by the image forming means. Generating a set of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key;
Receiving a request signal including identification information for identifying the device;
Storing association data associating the set of the encryption key and the decryption key generated with the identification information in response to reception of the request signal;
Returning the encryption key associated with the identification information by the associated data;
Receiving the data to which the identification information is added via a network;
Decrypting the received data using a decryption key associated with the identification data attached to the received data by the associated data;
Forming an image of the decoded data;
An output determination method for causing an image forming apparatus to execute a step of prohibiting decryption using a decryption key associated with the identification information added to the received data in accordance with image formation in the image forming step. Storing a plurality of pairs of an encryption key for encrypting data and a decryption key for decrypting data encrypted with the encryption key;
Receiving a request signal including identification information for identifying the device;
Storing association data associating any one of the plurality of sets of the encryption key and the decryption key with the identification information in response to receiving the request signal;
Returning the encryption key associated with the identification information by the associated data;
Receiving the data to which the identification information is added via a network;
Decrypting the received data using a decryption key associated with the identification data attached to the received data by the associated data;
Forming an image of the decoded data;
An output determination method for causing an image forming apparatus to execute the step of deleting the associated data including the identification information added to the received data in accordance with image formation in the image forming step.

Images