JP2006013627A - Image processing apparatus and image output apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image processing apparatus and an image output apparatus for executing processing in accordance with a security level. <P>SOLUTION: This apparatus includes: a step S11 of discriminating whether or not a print data read request is received from an operation panel or an external information processing apparatus; steps S12, S13 of receiving a user code and a password when the reception of the print data read request is discriminated (YES in S11); a step S14 of discriminating whether or not the read request comes from a creator of the print data; a step S15 of executing print processing without a limit when it is discriminated that the read request comes from the creator (YES in S14); and a step S16 of executing the print processing in accordance with the security level when it is discriminated that the request comes from a read request from a third party (NO in S14). <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an image processing apparatus and an image output apparatus that execute processing according to a security level.

  Conventionally, an original to be copied is optically scanned and read as image data, the image data is temporarily stored in a storage medium, and image data of an arbitrary original is repeated from the storage medium as many times as desired. An image processing apparatus having a document filing function for reading out and printing out on a recording sheet is known (for example, see Patent Document 1).

  In an image processing apparatus having such a document filing function, for example, by using FAT (File Allocation Table), designation of a storage position on a storage medium when storing image data and read-out of the image data are performed on the storage medium. The storage location is specified. According to the FAT, an information number is assigned to each piece of information stored in the storage medium, and a reference value of the FAT is determined based on this information number, whereby the storage position of each image data on the storage medium is specified.

  The FAT is updated every time printout of image data to be managed is completed. Further, when the contents of the FAT are deleted or updated, it becomes impossible for the image processing apparatus to read the image data stored in the storage medium specified by the FAT. Therefore, the use of FAT reduces the risk of information leakage and ensures the security of image data.

  However, with the progress and spread of information processing technology in recent years, even when the contents of the FAT are erased or updated, the image data itself stored in the storage medium (such as a hard disk) is erased. Unless this is the case, a malicious third party may remove the storage medium (for example, hard disk) itself from the apparatus and take it out, read the image data stored in the storage medium, and acquire it illegally.

  Therefore, the following techniques have been proposed in consideration of image data security against information leakage or unauthorized use.

For example, an image processing apparatus that uses the apparatus after personal authentication (see Patent Document 2), an image processing apparatus that can embed specific information in output image data and track the path of the image data (patent Reference 3), an image processing apparatus that encrypts image data and stores it in a storage medium (see Patent Document 4), and an image that is automatically deleted when image data stored in the storage medium becomes unnecessary It is said that it is possible to prevent leakage or unauthorized use of image data remaining in the apparatus.
Japanese Patent Laid-Open No. 6-178041 JP-A-7-28365 JP 2000-187419 A JP-A-1-256068 Japanese Patent Laid-Open No. 9-223061

  However, when the user himself / herself sets the above-described processing through the operation panel of the printer driver or the image processing apparatus, it may not be set due to forgotten setting or annoyance, and information leakage and unauthorized use are sufficient. It has a problem that it cannot be prevented.

  In addition, when the above-described processing is uniformly executed by the image processing apparatus in order to provide a strong security environment, image data that is not highly confidential is encrypted, or the image data is automatically processed after processing. Therefore, there is a problem that processing stagnation may occur.

  The present invention has been made in view of such circumstances, and accepts identification information for identifying a user when reading image data, authenticates the user based on the received identification information, and accepts the received identification information. In addition, by adopting a configuration that determines the processing to be executed based on the authentication result by the authentication means, it is possible to suppress taking-out, copying, etc. on the operation side without impairing convenience, and depending on the use situation An object of the present invention is to provide an image processing apparatus and an image output apparatus capable of proposing a security environment.

  An image processing apparatus according to the present invention includes storage means for storing image data, reads image data from the storage means, and executes processing on the read image data. The image processing apparatus reads image data from the storage means. Means for accepting identification information for identifying the user at the time of delivery, authentication means for authenticating the user based on the received identification information, and processing to be executed on the read image data, the received identification information and the authentication Means for determining based on the authentication result of the means, and the determined processing is executed.

  In the present invention, when the image data is read, the identification information for identifying the user is received, the user is authenticated based on the received identification information, and the received identification information and the authentication result by the authentication means are used. Since the process to be executed is determined based on, for example, the image data is executed when the creator himself or the administrator himself reads the image data and when another person reads the image data. Processing can be made different. For this reason, the output process itself can be executed as much as possible without restriction, and it is possible to suppress taking-out and copying on the operational side, and to improve confidentiality without deteriorating convenience. It becomes possible.

  An image processing apparatus according to the present invention includes means for storing a table that defines a correspondence between identification information and a process to be executed, and determines the process to be executed with reference to the table when the identification information is received. It is made to do so.

  In the present invention, since the table that defines the association between the identification information and the process to be executed is provided, it is possible to set the process to be executed for each user, and the confidentiality is not reduced. It is possible to improve the performance.

  The image processing apparatus according to the present invention is characterized in that the table defines a process to be executed when the authentication unit does not authenticate a user.

  In the present invention, the processing to be executed when the authentication means does not authenticate the user is defined by the table, so that the creator or the administrator himself / herself reads the image data and performs the processing. It is possible to control such that the execution of the process is permitted without restriction, and the restriction is applied only when executed by a third party. Copying and the like can be suppressed, and confidentiality can be improved without impairing convenience.

  The image processing apparatus according to the present invention is characterized in that the process to be executed on the image data is a process for processing the image data.

  In the present invention, when performing processing on image data, the image data is processed. Therefore, a part of the image data is deformed, deleted, an additional image is combined, and the like is reproduced. It is possible to output an image that has the effect of suppressing or preventing the leakage of information.

  The image processing apparatus according to the present invention is characterized in that the process is a process of deleting a part of the image data.

  In the present invention, since processing for deleting a part of image data is performed, it is possible to perform processing for preventing leakage of information and output the processed data.

  The image processing apparatus according to the present invention is characterized in that the process is a process of changing a resolution of the image data.

  In the present invention, since the process of changing the resolution of the image data is performed, it is possible to perform output for processing to prevent information leakage.

  The image processing apparatus according to the present invention is characterized in that the processing is processing for combining predetermined image data with the image data.

  In the present invention, since processing for combining predetermined image data with the read image data is performed, it is possible to output an image with an effect of preventing duplication.

  The image processing apparatus according to the present invention is characterized in that the predetermined image data includes at least one of a watermark, a barcode, and image data related to a watermark image.

  In the present invention, since the image to be combined includes at least one of a watermark, a barcode, and a watermark image, it is possible to output an image with an effect of preventing duplication.

  The image processing apparatus according to the present invention includes means for executing an output process based on the image data after executing the process.

  In the present invention, since the output process is performed based on the image data after the process is executed, it is possible to output an image having an effect of suppressing duplication or an effect of preventing leakage of information.

  An image output apparatus according to the present invention includes storage means for storing image data, reads image data from the storage means, and executes output processing based on the read image data. Means for receiving identification information for identifying a user when reading data; authentication means for authenticating a user based on the received identification information; and the authentication information received based on the received identification information and an authentication result by the authentication means. Limiting means for limiting output processing based on image data.

  In the present invention, when the image data is read, the identification information for identifying the user is received, the user is authenticated based on the received identification information, and the received identification information and the authentication result by the authentication means are used. Since the output process is limited based on the output process, for example, the output process by the creator or the administrator himself can be different from the output process by a third party. Therefore, the output process itself can be executed as much as possible, and it is possible to suppress taking-out, copying, etc. in terms of operation, and it is possible to improve confidentiality without reducing convenience. It becomes possible.

  The image output apparatus according to the present invention is characterized in that, when the authentication unit authenticates a user, the restriction on output processing is released.

  In the present invention, when the user is authenticated, the restriction on the output process is lifted, so that the process by the creator of the image data or the administrator himself can freely output without restriction. Become.

  The image output apparatus according to the present invention is characterized in that the limiting means is means for stopping output processing based on the image data.

  In the present invention, since the output process is limited by stopping the output process based on the read image data, if the user authentication is not performed, the output process can be stopped, Information leakage is prevented.

  The image output apparatus according to the present invention is characterized in that the limiting means is means for executing output processing based on a part of the image data.

  In the present invention, since the output process is restricted by executing the output process based on a part of the image data, for example, the leakage of information can be prevented by restricting the output page.

  The image output apparatus according to the present invention comprises means for counting the number of executions of output processing based on the image data, and the limiting means is means for limiting the number of executions.

  In the present invention, since the number of executions of the output process is limited, for example, the leakage of information can be prevented by limiting the number of output copies.

  In the image output apparatus according to the present invention, the output processing includes processing for displaying an image based on the image data, processing for forming an image on a sheet based on the image data, and processing for transmitting the image data to the outside. Among them, at least one is included.

  In the present invention, the output process includes a process of displaying an image, a process of forming an image on a sheet, and a process of transmitting image data to the outside, so that browsing restriction, printing restriction, or transmission restriction is performed. As a result, information leakage can be prevented.

  In the case of the present invention, the identification information for identifying the user when the image data is read is received, the user is authenticated based on the received identification information, and based on the received identification information and the authentication result by the authentication means. The process to be executed is determined. Therefore, for example, it is possible to make different processing to be performed on image data when the creator himself or the administrator himself reads the image data and when another person reads the image data. For this reason, the output process itself can be executed as much as possible without restriction, and it is possible to suppress taking-out and copying on the operational side, and to improve confidentiality without deteriorating convenience. be able to.

  In the case of the present invention, a table that defines the correspondence between the identification information and the process to be executed is provided. Therefore, it is possible to set processing to be executed for each user, and it is possible to improve confidentiality without deteriorating convenience.

  In the case of the present invention, the table defines the processing to be executed when the authentication means does not authenticate the user. Therefore, when the creator himself or the administrator himself reads the image data and performs processing, the execution of the processing is permitted without restriction, and control can be performed so that the restriction is applied only when the third party executes it. Further, it is possible to suppress unauthorized take-out and copying by a third party without restricting the output processing itself as much as possible, and it is possible to improve confidentiality without impairing convenience.

  According to the present invention, when processing is performed on image data, the image data is processed. Accordingly, it is possible to output an image that has the effect of suppressing duplication or preventing the leakage of information by performing partial deformation or erasure of image data, synthesis of additional images, and the like.

  In the case of the present invention, since processing for deleting a part of image data is performed, it is possible to perform processing for preventing leakage of information and output the processed data.

  In the case of the present invention, since the process of changing the resolution of the image data is performed, it is possible to perform processing for preventing leakage of information and output the processed data.

  In the case of the present invention, since processing for combining predetermined image data with the read image data is performed, it is possible to output an image with an effect of preventing duplication.

  In the case of the present invention, the image to be synthesized includes at least one of a watermark, a barcode, and a watermark image, so that it is possible to output an image with an effect of preventing duplication.

  According to the present invention, since the output process is performed based on the image data after the process is executed, it is possible to output an image having an effect of suppressing duplication or an effect of preventing leakage of information.

  In the case of the present invention, the identification information for identifying the user when the image data is read is received, the user is authenticated based on the received identification information, and based on the received identification information and the authentication result by the authentication means. To limit output processing. Therefore, for example, it is possible to make the output process by the creator or the administrator himself different from the output process by a third party. Therefore, the output process itself can be executed as much as possible, and it is possible to suppress taking-out, copying, etc. in terms of operation, and it is possible to improve confidentiality without reducing convenience. it can.

  According to the present invention, when the user is authenticated, the restriction on the output process is released, so that the process by the creator of the image data itself or the manager himself can freely output without restriction.

  According to the present invention, the output process is limited by stopping the output process based on the read image data. Therefore, when user authentication is not performed, output processing can be stopped and information leakage can be prevented.

  According to the present invention, the output process is limited by executing the output process based on a part of the image data. Therefore, for example, information leakage can be prevented by limiting the output page.

  According to the present invention, the number of executions of output processing is limited. Therefore, for example, information leakage can be prevented by limiting the number of output copies.

  In the case of the present invention, the output process includes a process of displaying an image, a process of forming an image on a sheet, and a process of transmitting image data to the outside. Therefore, information leakage can be prevented by performing browsing restriction, printing restriction, or transmission restriction.

Hereinafter, the present invention will be specifically described with reference to the drawings illustrating embodiments thereof.
Embodiment 1 FIG.
FIG. 1 is a block diagram showing the overall configuration of the image forming system according to the present embodiment. In the figure, reference numeral 10 denotes a scanner function for reading an image of a document, a copy function for reading an image of a document and performing printing processing on a sheet such as paper or an OHP film, and performing printing processing on a sheet based on a received print job. A digital multifunction device having a print function and a document filing function for storing processed image data. The digital multifunction device 10 includes information processing devices 50, 50,... Such as a personal computer and a workstation via a communication network N1. , 50 are connected, and the facsimile apparatus 60 is connected via the public telephone line network N2.

  The information processing apparatus 50 is preinstalled with an application program for creating a document, graphics, and the like, and a driver program (printer driver) for using the digital multifunction peripheral 10 via the communication network N1. The printer driver is called from the application program, and a print job created by the printer driver is transmitted to the digital multi-function peripheral 10 to print out documents, graphics, and the like.

  The facsimile apparatus 60 has a function of encoding and decoding image data by a predetermined method, and can transmit and receive facsimile data obtained by encoding via the public telephone line network N2. That is, the facsimile data received via the public telephone line network N2 is decoded, print processing is performed based on the obtained image data, and the image data to be transmitted is encoded and transmitted to the digital multifunction peripheral 10. To do.

  In the present embodiment, the digital multi-function peripheral 10 has a so-called document filing function, and image data, print data, and the like can be stored inside the digital multi-function peripheral 10. Then, user authentication is performed when reading image data or the like, and output processing is limited based on information (user code and password) input at that time and authentication result information. .

  FIG. 2 is a block diagram showing the configuration of the control system of the digital multifunction machine 10. The digital multifunction machine 10 includes a CPU 11. The CPU 11 reads and executes a control program stored in the ROM 13 in advance, thereby controlling various hardware connected via the bus 12. The image processing apparatus and the image output apparatus are operated.

  The management unit 14 is configured by a rewritable nonvolatile memory, and a part of the storage capacity is print data management for registering information when print data developed by a received print job is stored in the HDD 22. Table 141, user table 142 for storing information about users, security level management table 143 for defining restrictions for each security level, and additional image management table for managing images to be added according to security levels (additional images) 144 is used. The details of the tables 141 to 144 will be described later.

  The operation panel 15 includes an operation unit 151 that includes various hardware keys and a display unit 151 that includes a liquid crystal display. The operation panel 15 accepts user instructions such as switching operations of various functions and an instruction to start reading a document. Information to be notified to the user is displayed.

  The image reading unit 16 includes a light source that irradiates light to a reading document, an image sensor such as a CCD element, an AD converter, and the like (not shown), and displays an image of the document set at a predetermined reading position. An image is formed on the image sensor and converted into an analog electric signal, and the converted analog signal is AD converted by an AD converter. Then, the image reading unit 16 corrects the light distribution characteristics of the light source at the time of reading the document, sensitivity variations of the image sensor, and the like on the digital signal obtained by AD conversion, thereby converting the digital image data. Generate.

  The image forming unit 17 is, for example, a charger that charges the photosensitive drum to a predetermined potential, laser writing that emits a laser beam according to image data received from the outside and generates an electrostatic latent image on the photosensitive drum. An apparatus, a developing device that supplies toner to the electrostatic latent image formed on the surface of the photosensitive drum to make it visible, a transfer device that transfers the toner image formed on the surface of the photosensitive drum onto paper (not shown), etc. And an image desired by the user is formed on a sheet by electrophotography. In the present embodiment, the image forming unit 17 is configured to perform image formation by an electrophotographic method using a laser writing device. However, the image forming unit 17 is configured to perform image formation by an inkjet method, a thermal transfer method, or a sublimation method. Of course, it may be.

  The image processing unit 18 performs image processing on the image data acquired by the image reading unit 16. Image processing performed by the image processing unit 18 includes processing for processing image data according to setting values such as a scale and density at the time of printing set through the operation panel 15, and limiting printing processing and transmission processing according to the security level. For example, a process of synthesizing an additional image may be used.

  The image memory 19 is configured by a semiconductor memory, and temporarily holds image data acquired by the image reading unit 16, image data developed from a print job, image data read from the HDD 22, and the like. The image data temporarily stored in the image memory 19 is transferred to a transfer destination according to the purpose of use in accordance with an instruction from the CPU 11. That is, when printing processing is performed by the print function, the image data is transferred to the image forming unit 17, when image data is transmitted, the image data is transferred to the communication interface 20 or the facsimile modem 21, and the image data is stored by the document filing function. Is transferred to the HDD 22.

  The communication interface 20 includes a line termination circuit that complies with the communication standard of the communication network N1, receives print jobs from the information processing devices 50, 50,..., 50 connected to the communication network N1, and transmits the information. Information to be notified is transmitted to the processing devices 50, 50,. The communication interface 20 controls such transmission / reception of various data.

  The facsimile modem 21 includes a line termination circuit for connecting the facsimile apparatus 60, and transmits / receives facsimile data via the public telephone line network N2. For this reason, the facsimile modem 21 is provided with a decoding circuit for decoding the received facsimile data, and the image data obtained by the decoding is transferred to the image forming unit 17 via the image memory 19 for printing processing. Let it run. The facsimile modem 21 is provided with an encoding circuit for encoding facsimile data to be transmitted, and transmits the facsimile data encoded by the encoding circuit to the target facsimile apparatus 60. The facsimile modem 21 executes such facsimile data transmission / reception and facsimile data encoding / decoding processing.

  The HDD 22 includes a disk-shaped magnetic recording medium, and a part of the storage area is used as a data area for storing image data and the like. When a request is received through the operation panel 15 or when a request from the information processing apparatus 50 is received via the communication interface 20, the image data stored in the data area is read out. Therefore, when it is necessary to re-execute the print process due to a failure of the print process or an insufficient number of output copies, it is possible to arbitrarily read the image data stored in the data area and execute the print process.

  3 and 4 are conceptual diagrams illustrating examples of various tables included in the management unit 14. FIG. 3A shows an example of the print data management table 141. In the print data management table 141, the name of the print data, the user code, the date and time when the print job was received, and the communication address (transmission source address) assigned to the information processing apparatus 50 that is the transmission source of the print job are stored in association with each other. is doing. For example, the first record shown in FIG. 3A is data created by a user whose print data “P001” has a user code “user A”, and “190.xxx.xxx”. .. ”is transmitted from the information processing apparatus 50 having the communication address, and it is received by the digital multi-function peripheral 10 on“ May 20, 2004, 12:13 ”. The same applies to other records. Here, the user code is identification information for identifying each user.

  FIG. 3B shows an example of the user table 142. The user table 142 stores the user code and password of each user in association with each other and defines the security level for each user. For example, the user “Mr. A” is given a user code “User A”, and the password for user authentication is set to “AAA”. In addition, the security level of the user “Mr. A” is “rank A”. The same applies to other users.

  FIG. 4A shows an example of the security level management table 143. The security level management table 143 defines the operation conditions for each security level. For example, when the security level is “rank A”, it is set that print processing, transmission processing, and browsing processing are permitted without restriction. Has been. On the other hand, when the security level is “rank B”, the printing process and the transmission process are set to permit the operation on the condition that the additional image A is added, and the browsing process is permitted without limitation. . When the security level is “rank C”, the operation is permitted on the condition that the additional image B is added for the printing process, and the operation is permitted without restriction for the browsing process, but the operation is performed for the transmission process. Is set to disallowed. Further, when the security level is “rank D”, any operation is set to not permitted.

  FIG. 4B shows an example of the additional image management table 144. In the additional image management table 144, the additional image and the file name of the additional image are stored in association with each other. When the additional image is added to the print data, a predetermined storage area is referred to with reference to the additional image management table 144. The additional image stored in advance is read out and the image processing unit 18 combines them.

  FIG. 5 is a schematic diagram illustrating an example of an image output from the digital multifunction peripheral 10. FIG. 5A shows an example of an output image when printing is performed without restriction. When the additional image A is added to the output image shown in FIG. 5A and printing is performed, for example, an output image as shown in FIG. 5B is output. In the output image shown in FIG. 5B, a “confidential” watermark is added to the upper left side of the image. Further, when print output is performed by adding the additional image B to the output image shown in FIG. 5A, for example, an output image as shown in FIG. 5C is output. In the output image shown in FIG. 5 (c), a watermark “XX is not allowed to be taken outside” is added to the upper left of the image.

  In the present embodiment, the “externally secret” watermark is added as the additional image A, and the “xx external prohibition” watermark is added as the additional image B. However, this is added when the output is restricted. It goes without saying that the types of images need not be limited to those shown in FIG. Of course, the position, number, color, and the like for combining the additional image with the print data may be arbitrarily set by the apparatus manager or the like.

  FIG. 6 is a flowchart for explaining processing executed by the digital multi-function peripheral 10 when a print data read request is received. First, the CPU 11 of the digital multi-function peripheral 10 determines whether or not a print data read request has been received (step S11). The digital multi-function peripheral 10 accepts a print data read request in response to an instruction from the operation panel 15 or an instruction from the information processing apparatus 50 via the communication network N1. It is determined whether a read request has been accepted based on information received through the interface 20. If it is determined that the read request is not accepted (S11: NO), the process waits until the read request is accepted.

  If it is determined that the read request has been accepted (S11: YES), for example, a display prompting the user code and password to be entered is displayed on the display unit 151 of the operation panel 15, and the user code and password are accepted (step S12). , S13). When the user code and password are accepted, the user authentication is performed based on the information registered in the user table 142, and the information registered in the print data management table 141 is referred to, so that the print data creator It is determined whether it is a read request (step S14).

  If it is determined that it is a read request of the creator of the print data (S14: YES), the corresponding print data is read from the HDD 22, and the read print data is transferred to the image forming unit 17 to execute the printing process (Step S14). S15). If it is determined that it is not a read request of the creator of the print data (S14: NO), a print process corresponding to the security level is executed (step S16).

  FIG. 7 is a flowchart for explaining a processing procedure when executing a printing process corresponding to the security level. First, the CPU 11 of the digital multi-function peripheral 10 determines whether or not the security level of the user corresponds to rank A based on the user code and password input when the print data read request is received. (Step S17). When it is determined that the security level corresponds to rank A (S17: YES), the operation condition in the printing process is checked with reference to the registered content of the security level management table 143. In the present embodiment, when the security level is rank A, since the operation is permitted without restriction in the printing process, the printing process is executed based on the read print data (step S18).

  When it is determined that the security level does not correspond to rank A (S17: NO), it is determined whether or not it corresponds to rank B (step S19). If it is determined that the security level corresponds to rank B (S19: YES), adding the additional image A by the security level management table 143 is defined as a condition for executing the printing process. Is added with the additional image A (step S20), and the printing process is executed (step S21).

  When it is determined that the security level does not correspond to rank B (S19: NO), it is determined whether or not it corresponds to rank C (step S22). If it is determined that the security level corresponds to rank C (S22: YES), adding the additional image B by the security level management table 143 is defined as a condition for executing the printing process. Is added with the additional image B (step S23), and the printing process is executed (step S24).

  When it is determined that the security level does not correspond to rank C (S22: NO), it is determined whether or not it corresponds to rank D (step S25). If it is determined that the security level corresponds to rank D (S25: YES), the user is notified that the printing process is prohibited because the printing process is set to be prohibited by the security level management table 143 ( Step S26). The notification that the printing process is prohibited may be, for example, a configuration in which characters and images are displayed on the display unit 151 of the operation panel 15 to notify the user, and a configuration in which notification is given by voice, warning sound, or the like. It may be. Moreover, the structure which notifies the information to that effect to the information processing apparatus 50 by communication via the communication network N1 may be sufficient.

  If it is determined that the security level does not correspond to rank D (S25: NO), an error process is executed because the input user code and password are not associated with the security level (step S27). In the error processing, for example, the received processing request is handled with the security level as rank D, and notification that the processing request from the unregistered user has been received is made to the apparatus administrator.

  In the flowchart shown in FIG. 7, the procedure in the printing process has been described, but the output process is also limited in the same process in the transmission process and the browsing process.

Embodiment 2. FIG.
In the first embodiment, the “additional confidential” and “xx outside prohibition” watermarks are combined as additional images, but other types of images may be added. A configuration may be adopted in which part of the read print data is processed to limit output.

  FIG. 8 is a schematic diagram showing another example of an output image. FIG. 8A shows an output image when output restriction is not performed, FIG. 8B shows an output image with a barcode added to the upper right of the image, and FIG. 8C shows a watermark image at the upper left. The output image added to is shown. FIG. 8D shows an output image created by deleting a part of the image read from the HDD 22. When erasing a part of the read image, it may be configured to detect a specific character string, and may be configured to delete when a specific character string is detected. It may be configured to erase the image in the area.

Embodiment 3 FIG.
In the above-described embodiment, the configuration is such that an additional image is added or a part of the image is processed, but a configuration in which the entire image is processed may be used. FIG. 9 is a schematic diagram illustrating another example of an output image. FIG. 9A shows an output image when output restriction is not performed, FIG. 9B shows an output image obtained by reducing the entire image to 50%, and FIG. 9C shows 25% of the entire image. Shows a reduced output image. When these restrictions are defined by the security level management table 143 in the digital multi-function peripheral 10, for example, when executing a printing process or a transmission process, it is determined that the security level is a processing request from a user of rank B If the read image is reduced to 50%, print processing or transmission processing is executed, and it is determined that the security level is a processing request from a user with rank C, the image is reduced to 25% for print processing or It is configured to execute transmission processing.

Embodiment 4 FIG.
In the third embodiment, the output is limited by outputting a reduced image that should be output as an output image. However, a configuration in which an image with a reduced resolution is generated and output may be used. FIG. 10 is a schematic diagram illustrating another example of an output image. FIG. 10 (a) shows an output image when output restriction is not performed, FIG. 10 (b) shows an output image with the image resolution reduced to 50%, and FIG. 10 (c) shows the image resolution. An output image in which is reduced to 25% is shown. When these restrictions are defined by the security level management table 143 in the digital multi-function peripheral 10, for example, when executing a printing process or a transmission process, it is determined that the security level is a processing request from a user of rank B If the resolution of the read image is reduced to 50%, the printing process or the transmission process is executed, and it is determined that the security level is a processing request from a user with rank C, the image resolution is reduced to 25%. The printing process or the transmission process is executed.

Embodiment 5. FIG.
In the first and second embodiments, an additional image is added or output is limited by processing a part of the image. In the third and fourth embodiments, the entire image is processed and output. Although the configuration is such that the limitation is performed, a configuration in which the limitation is performed by mixing them may be used.

  FIG. 11 is a conceptual diagram showing an example of the security level management table 143a used in the present embodiment. Similar to the one described in the first embodiment, the security level management table 143a defines the operation conditions for each security level. For example, when the security level is “rank A”, the printing process is performed without limitation. In addition, permission to view processing is set, and permission to transmit processing is set on condition that the additional image A is added.

  When the security level is “rank B”, adding a watermark image is set as a condition for executing the printing process, and adding an additional image A is set as a condition for executing the transmission process Has been. In addition, it is set that the browsing process can be executed without restriction.

  When the security level is “rank C”, output with a resolution of 50% is set as a condition for executing the printing process, and adding the additional image B is a condition for executing the transmission process. It is set as a condition. As for the browsing process, a reduced display of 50% is set as a condition for execution.

  When the security level is “rank D”, a part of the data is not displayed and output is set as a condition for executing the printing process, and a reduction display of 25% is performed when the browsing process is executed. It is set as a condition. Further, the transmission process is set to not permitted.

Embodiment 6 FIG.
In the above-described embodiments, the output restriction is performed by synthesizing the additional image with the image data read from the HDD 22 or by erasing a part of the read image data. However, the number of output copies is controlled. The output may be limited. The internal configuration of the apparatus is the same as that of the digital multi-function peripheral 10 shown in the first embodiment, but in this embodiment, the security level management table 143 defines restrictions on the number of output copies.

  FIG. 12 is a flowchart for explaining a processing procedure when a printing process corresponding to the security level is executed. First, the CPU 11 of the digital multi-function peripheral 10 determines whether or not the security level of the user corresponds to rank A based on the user code and password input when the print data read request is received. (Step S31). If it is determined that the security level corresponds to rank A (S31: YES), the printing process is executed based on the read print data (step S32). That is, when the security level is rank A, the printing process is executed without restriction.

  When it is determined that the security level does not correspond to rank A (S31: NO), it is determined whether or not it corresponds to rank B (step S33). When it is determined that the security level corresponds to rank B (S33: YES), the CPU 11 of the digital multi-function peripheral 10 determines whether or not the number of already printed copies exceeds 10 based on a request from the user ( Step S34). In this embodiment, the number of print copies is counted for each user and managed in a predetermined storage area of the management unit 14, and the number of print copies is 10 with reference to the information stored in the management unit 14. It is determined whether or not it exceeds the part. If the number of copies already printed is 10 or less (S34: NO), the printing process is executed (step S35), and the number of printed copies at that time is counted (step S36). The management unit 14 manages the counted number of print copies. On the other hand, when the number of copies already printed exceeds 10 (S34: YES), it is notified that the printing process is prohibited (step S42). That is, when the security level corresponds to rank B, the security level management table 143 regulates printing processing exceeding 10 copies.

  When it is determined that the security level does not correspond to rank B (S33: NO), it is determined whether or not it corresponds to rank C (step S37). When the security level corresponds to rank C (S37: YES), the CPU 11 of the digital multi-function peripheral 10 determines whether or not the number of copies already printed exceeds three based on a request from the user (step S38). ). If the number of copies already printed is 3 or less (S38: NO), the printing process is executed (step S39), and the number of copies at that time is counted (step S40). The management unit 14 manages the counted number of print copies. On the other hand, when the number of copies already printed exceeds 3 (S38: YES), it is notified that the printing process is prohibited (S42). That is, when the security level corresponds to rank C, the security level management table 143 regulates printing processing exceeding three copies.

  When it is determined that the security level does not correspond to rank C (S37: NO), it is determined whether or not it corresponds to rank D (step S41). When the security level corresponds to rank D (S41: YES), the user is notified that the printing process is prohibited (S42). That is, when the security level corresponds to rank D, the security level management table 143 defines that print processing is not permitted.

  If it is determined that the security level does not correspond to rank D (S41: NO), an error process is executed because the input user code and password are not associated with the security level (step S43). In error processing, for example, a processing request is handled in the same way as a user with a security level of rank D, and a notification that a processing request from an unregistered user has been accepted is sent to the apparatus administrator. .

Embodiment 7 FIG.
In the sixth embodiment, the output restriction is performed by controlling the number of output copies. However, the output restriction may be performed by controlling the number of output sheets. The apparatus configuration is the same as that of the digital multi-function peripheral 10 shown in the first embodiment, but in this embodiment, the security level management table 143 defines restrictions on the number of output sheets.

  FIG. 13 is a flowchart for explaining a processing procedure when a printing process corresponding to the security level is executed. First, the CPU 11 of the digital multi-function peripheral 10 determines whether or not the security level of the user corresponds to rank A based on the user code and password input when the print data read request is received. (Step S51). If it is determined that the security level corresponds to rank A (S51: YES), the printing process is executed based on the read print data (step S52). That is, when the security level is rank A, the printing process is executed without restriction.

  When it is determined that the security level does not correspond to rank A (S51: NO), it is determined whether or not it corresponds to rank B (step S53). When it is determined that the security level corresponds to rank B (S53: YES), the CPU 11 of the digital multi-function peripheral 10 prints the first page based on the read print data (step S54). Next, the CPU 11 determines whether or not the printing process based on the print data has been completed (step S55), and if it is determined that the printing process has not been completed (S55: NO), the next page is printed (step S55). Step S56). Then, it is determined whether or not the 10th page has been printed (step S57). If it is determined that the 10th page has not been printed (S57: NO), the process returns to step S55. If it is determined that the printing process for the tenth page has been completed (S57: YES), or if it is determined that printing has been completed in step S55 (S55: YES), the printing process in this routine is terminated (step S58). In other words, in the present embodiment, when the security level corresponds to rank B, the security level management table 143 regulates printing processing exceeding 10 pages.

  If it is determined that the security level does not correspond to rank B (S53: NO), it is determined whether or not it corresponds to rank C (step S59). If it is determined that the security level corresponds to rank C (S59: YES), the first page is printed based on the read print data (step S60), and the printing process is terminated (step S61). At this time, it may be configured to display on the display unit 151 of the operation panel 15 that plural pages are not permitted to be printed. That is, when the security level corresponds to rank C, the security level management table 143 defines the print processing for a plurality of pages.

  When it is determined that the security level does not correspond to rank C (S59: NO), it is determined whether or not it corresponds to rank D (step S62). When it is determined that the security level corresponds to rank D (S62: YES), the user is notified that the printing process is prohibited (step S63). That is, when the security level corresponds to rank D, the security level management table 143 defines that print processing is not permitted.

  If it is determined that the security level does not correspond to rank D (S62: NO), an error process is executed because the input user code and password are not associated with the security level (step S64). In error processing, for example, a processing request is handled in the same way as a user with a security level of rank D, and a notification that a processing request from an unregistered user has been accepted is sent to the apparatus administrator. .

Embodiment 8 FIG.
Since the digital multi-function peripheral 10 has a function (image transmission function) of reading out image data stored using the document filing function and transmitting it to the external information processing apparatus 50, transmission is performed according to the transmission destination. It may be configured to limit processing. In this case, transmission processing is restricted using the security level management table 143b shown in FIG. 14 instead of the security level management table 143 shown in FIG. Also in the present embodiment, the overall configuration of the system and the internal configuration of the digital multi-function peripheral 10 are exactly the same as those in the first embodiment, and thus description thereof will be omitted.

  FIG. 14 is a conceptual diagram showing an example of the security level management table 143b in the present embodiment. In the security level management table 143b, conditions for transmission processing are defined for each transmission destination. For example, when the destination domain name is “ΔΔΔ.d1.co.jp”, it is defined that transmission processing is permitted without restriction, and the destination domain name is “ΔΔΔ.d2”. In the case of “.co.jp”, it is defined that transmission processing is permitted on condition that a watermark image is added. Further, when the domain name of the transmission destination is different from any of the domain names described above, the transmission process is defined as not permitted.

  FIG. 15 is a flowchart for explaining processing executed by the digital multi-function peripheral 10 when an image data transmission request is received. First, the CPU 11 of the digital multi-function peripheral 10 determines whether an image data transmission request has been accepted (step S71). In the digital multi-function peripheral 10, an image data transmission request is received by an instruction from the operation panel 15 or an instruction from the information processing apparatus 50 via the communication network N 1. Information input via the operation panel 15, communication It is determined whether a transmission request has been accepted based on information received through the interface 20. If it is determined that the transmission request is not accepted (S71: NO), the process waits until the transmission request is accepted.

  If it is determined that the transmission request has been accepted (S71: YES), for example, a display prompting the user code and password to be entered is displayed on the display unit 151 of the operation panel 15, and the user code and password are accepted (step S72). , S73), and then accepts the destination setting (step S74). The setting of the transmission destination may be configured such that a transmission destination registered in advance is displayed on the display unit 151 of the operation panel 15 and is selected by an operation using the operation panel 15, and alphanumeric keys are used as software keys. The structure which arrange | positions to the display part 151 and is made to input directly may be sufficient.

  Then, user authentication is performed based on the input user code and password, and information registered in the print data management table 141 is referred to, and it is determined whether the request is a transmission request of the creator of the image data. (Step S75). If it is determined that the request is a transmission request of the creator of the image data (S75: YES), the image data read from the HDD 22 is transferred to the communication interface 20 and a transmission process is executed (step S76). If it is determined that the request is not a transmission request of the creator of the image data (S75: NO), a transmission process corresponding to the security level is executed (step S77).

Embodiment 9 FIG.
When the digital multi-function peripheral 10 receives a browsing request for image data from the external information processing apparatus 50, the image data is read from the HDD 22 based on the browsing request, and the read image data is transmitted to the information processing apparatus 50. If it has a function of browsing, the browsing process may be limited according to the transmission source of the request. In this case, instead of the security level management table 143 shown in FIG. 4A, transmission processing is restricted using the security level management table 143c shown in FIG. Also in the present embodiment, the overall configuration of the system and the internal configuration of the digital multi-function peripheral 10 are exactly the same as those in the first embodiment, and thus description thereof will be omitted.

  FIG. 16 is a conceptual diagram showing an example of the security level management table 143c in the present embodiment. In the security level management table 143c, browsing process conditions are defined for each browsing request transmission source. For example, when the communication address of the source of the browsing request is “192.168.0. ○” or “192.168.8.0.Δ”, it is defined that browsing processing is permitted without restriction. When the communication address of the transmission source of the request is “192.168.0. ×”, it is defined that the browsing process is permitted on the condition that the display is reduced. Further, when the communication address is other than the above, the browsing process is defined as non-permitted.

  FIG. 17 is a flowchart for explaining processing executed by the digital multi-function peripheral 10 when an image data transmission request is received. First, the CPU 11 of the digital multi-function peripheral 10 determines whether an image data browsing request has been received (step S81). In the digital multi-function peripheral 10, an image data browsing request is received according to an instruction from the information processing apparatus 50 via the communication network N 1, and whether or not the browsing request is received based on information received through the communication interface 20. to decide. When it is determined that the browsing request is not received (S81: NO), the process waits until the browsing request is received.

  If it is determined that the browsing request has been accepted (S81: YES), the address of the request source is acquired based on the information received by the communication interface 20 (step S82), and then the user code is displayed on the display unit 151 of the operation panel 15. Then, a display prompting the input of the password is performed, and the user code and password are accepted (steps S83 and S84).

  Then, user authentication is performed based on the input user code and password, and information registered in the print data management table 141 is referred to, and it is determined whether the request is for the image data creator himself / herself. (Step S85). If it is determined that the request is for the image data creator's own browsing request (S85: YES), browsing is permitted (step S86), and the image data read from the HDD 22 is sent to the requesting information processing apparatus 50 via the communication interface 20. Send. If it is determined that the request is not a request for browsing by the creator of the image data (S85: NO), a browsing restriction corresponding to the security level is executed (step S87).

  In this embodiment, the user code and password are input through the operation panel 15 when user authentication is performed. However, a configuration in which a dedicated user authentication device is mounted may be used. As a dedicated user authentication device, for example, a user authentication device using an IC card or magnetic card reader can be used. In this case, the user information is recorded on the IC card or the magnetic card, and the user authentication is performed by reading the user information with the reader described above. The recording medium for carrying user information is not necessarily limited to a card-type memory such as an IC card. For example, a mobile phone, a PDA (Personal Digital) using wireless communication, infrared communication, Bluetooth communication, or the like is not necessary. Assistant) and user authentication information may be obtained by transmitting and receiving information to and from a communication device such as a wireless tag. Further, an authentication server such as an LDAP server (LDAP: Lightweight Directory Access Protocol) may be installed on the communication network N1 to perform user authentication.

1 is a block diagram illustrating an overall configuration of an image forming system according to an exemplary embodiment. It is a block diagram which shows the structure of the control system of a digital multifunctional device. It is a conceptual diagram which shows an example of the various tables which a management part has. It is a conceptual diagram which shows an example of the various tables which a management part has. FIG. 6 is a schematic diagram illustrating an example of an image output by a digital multifunction peripheral. 6 is a flowchart for describing processing executed by the digital multi-function peripheral when a print data read request is received. 6 is a flowchart illustrating a processing procedure when executing a printing process according to a security level. It is a schematic diagram which shows the other example of an output image. It is a schematic diagram which shows the other example of an output image. It is a schematic diagram which shows the other example of an output image. It is a conceptual diagram which shows an example of the security level management table used by this Embodiment. 6 is a flowchart illustrating a processing procedure when executing a printing process according to a security level. 6 is a flowchart illustrating a processing procedure when executing a printing process according to a security level. It is a conceptual diagram which shows an example of the security level management table in this Embodiment. 10 is a flowchart for describing processing executed by the digital multi-function peripheral when an image data transmission request is received. It is a conceptual diagram which shows an example of the security level management table in this Embodiment. 10 is a flowchart for describing processing executed by the digital multi-function peripheral when an image data transmission request is received.

Explanation of symbols

10 Digital MFP 11 CPU
12 bus 13 ROM
DESCRIPTION OF SYMBOLS 14 Management part 141 Print data management table 142 User table 143 Security level management table 144 Additional image management table 15 Operation panel 151 Operation part 152 Display part 16 Image reading part 17 Image formation part 18 Image processing part 19 Image memory 20 Communication interface 21 Facsimile modem 22 HDD
50 Information processing device 60 Facsimile device N1 Communication network N2 Public telephone network

Claims (15)

In an image processing apparatus that includes storage means for storing image data, reads image data from the storage means, and executes processing on the read image data.
Means for receiving identification information for identifying a user when reading image data from the storage means; authentication means for authenticating a user based on the received identification information; and processing to be executed on the read image data. An image processing apparatus comprising: a means for determining based on the received identification information and an authentication result by the authentication means, and executing the determined processing.   A means for storing a table that defines a correspondence between identification information and a process to be executed is provided, and when the identification information is received, the process to be executed is determined with reference to the table. The image processing apparatus according to claim 1.   The image processing apparatus according to claim 2, wherein a process to be executed when the authentication unit does not authenticate a user is defined by the table.   4. The image processing apparatus according to claim 1, wherein the process to be executed on the image data is a process of processing the image data. 5.   The image processing apparatus according to claim 4, wherein the process is a process of deleting a part of the image data.   The image processing apparatus according to claim 4, wherein the process is a process of changing a resolution of the image data.   The image processing apparatus according to claim 4, wherein the process is a process of combining predetermined image data with the image data.   The image processing apparatus according to claim 7, wherein the predetermined image data includes at least one of a watermark, a barcode, and image data related to a watermark image.   9. The image processing apparatus according to claim 1, further comprising a unit that executes an output process based on the image data after the process is executed. In an image output device comprising storage means for storing image data, reading image data from the storage means, and executing output processing based on the read image data,
Means for receiving identification information for identifying a user when reading image data from the storage means; authentication means for authenticating a user based on the received identification information; received identification information; and authentication by the authentication means An image output apparatus comprising: restriction means for restricting output processing based on the image data based on a result.   The image output apparatus according to claim 10, wherein when the authentication unit authenticates the user, the restriction on the output process is released.   12. The image output apparatus according to claim 10, wherein the limiting unit is a unit that stops output processing based on the image data.   12. The image output apparatus according to claim 10, wherein the restriction unit is a unit that executes an output process based on a part of the image data.   12. The image output apparatus according to claim 10, further comprising means for counting the number of execution times of the output process based on the image data, wherein the restriction means is a means for restricting the number of executions.   The output process includes at least one of a process for displaying an image based on the image data, a process for forming an image on a sheet based on the image data, and a process for transmitting the image data to the outside. The image output apparatus according to claim 10, wherein the image output apparatus is an image output apparatus.

Images