JP4266995B2 - Image forming apparatus - Google Patents

Description

  BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an image forming apparatus such as a printer, a copying machine, a facsimile machine, or a multi-function machine that transports paper and forms an image on the paper, and in particular, an image forming apparatus having a function for formatting for security About.

  In the image forming apparatus, a hard disk drive has been built in as the amount of data to be stored has increased. Since an image forming apparatus is generally shared by a plurality of people, it is necessary to ensure the security of data on the hard disk.

  Therefore, in Patent Document 1 below, a unique machine identification number of the image forming apparatus is stored in the NVRAM built in the image forming apparatus, and when data is stored in the NVRAM, the data is encrypted using this number as a key. A configuration is disclosed in which data is decrypted with this key when data is read from the hard disk.

  According to this configuration, for example, even if the hard disk is detached from the image forming apparatus and attached to another image forming apparatus and the data is read out, the data cannot be decoded.

Further, in Patent Document 2 below, in order to ensure the security of a file deleted from the hard disk, when deleting the file, the area in which the file is stored is overwritten with meaningless data such as 0. A method for preventing the contents of a file from being restored is disclosed.
JP-A-2004-139163 JP 2005-96082 A

  However, there are cases where the selection of the hard disk formatting method is different between the user who needs processing for ensuring security from the time of installation of the image forming apparatus and the user who needs it halfway. It is not easy to understand and select the format method, and there is a possibility that time may be lost due to an inappropriate selection.

  In view of these problems, the object of the present invention is to allow a user who needs processing from the beginning to ensure security and a user who needs processing from the middle to select a hard disk formatting method easily and appropriately. An object of the present invention is to provide an image forming apparatus that can be executed.

In the first aspect of the image forming apparatus according to the present invention,
A processor;
A hard disk drive coupled to the processor;
Program storage means coupled to the processor and storing a program;
An operation unit coupled to the processor and including an instruction input unit and a display unit;
And an image forming apparatus for forming an image on a supplied paper,
Detecting means for detecting whether or not the image forming apparatus is in an initial use;
And the program includes a routine for formatting the hard disk drive, the routine for the processor,
(A) When in the initial stage of use, the display means displays a selection screen as to whether or not to perform an overwriting process for writing meaningless data in each sector to the hard disk drive, and the instruction input If the instruction input from the means indicates that the overwriting process is to be performed or if it is not in the initial use, the overwriting process is performed,
(B) Cause the hard disk drive to perform logical formatting regardless of the determination result in step (a).

In a second aspect of the image forming apparatus according to the present invention, in the first aspect,
The detection means includes
Means for counting power-on of the image forming apparatus;
Means for determining the initial use when the power-on count is the first time in step (a).

In a third aspect of the image forming apparatus according to the present invention, in the first aspect,
The detection means includes
Means for counting the total number of printed sheets of the image forming apparatus;
Means for determining the initial use when the total number of printed sheets is less than a set value in step (a).

In a fourth aspect of the image forming apparatus according to the present invention, in the second or third aspect,
A writable non-volatile memory coupled to the processor for storing usage information indicating "unused" or "used";
A coupling means to which a storage key composed of a removable storage device is coupled;
An interface for a removable storage device coupled between the coupling means and the processor;
And the program for the processor,
(C) When the storage key is coupled to the coupling means and the usage information indicates “unused”, the authentication target information is read from the storage key;
(D) determining whether the authentication target information is authentic,
(E) When a positive determination is made, the process proceeds to step (a).

In a fifth aspect of the image forming apparatus according to the present invention, in the fourth aspect,
The storage key further stores usage information indicating “unused” or “used”.
The program further provides the processor with
After the step (e), the usage information indicating “used” is written to the storage key;
Further, in the step (c), the usage information is read from the storage key, and the process proceeds to the step (d) only when the usage information indicates “unused”.

In a sixth aspect of the image forming apparatus according to the present invention, in the fifth aspect, the program is further transmitted to the processor in the step (a).
Display a selection screen of the first mode and the second mode in which the number of times of writing is different on the display means;
The number of times meaningless data is written in each sector is set to the number corresponding to the mode selected by the instruction input means.

  According to the configuration of the first aspect, when the image forming apparatus is in the initial stage of use, the display unit displays a selection screen as to whether or not to perform an overwrite process for writing meaningless data to each sector on the hard disk drive. When the instruction input from the instruction input means indicates that the overwriting process is to be performed or when the instruction input is not in the initial stage of use, the overwriting process is performed, and then the hard disk drive is performed regardless of the determination result. Therefore, when the image forming apparatus is in the initial stage of use, there is no need to perform the overwriting process on the hard disk drive after printing a non-secret document. In consideration of the fact that a certain document has been printed, it is left to the user to select whether or not to perform the overwriting process. Since it is estimated that the data to be secured is stored in the hard disk and it is assumed that the overwriting process is selected, the overwriting process is performed, so that the user can easily and appropriately format the hard disk. It is possible to select and execute this.

  According to the configuration of the fourth aspect, the usage information indicating “unused” or “used” is stored in the non-volatile memory coupled to the processor, the storage key is coupled to the coupling means, When the usage information indicates “unused”, the authentication information is read from the storage key, whether or not the authentication information is authentic, and an affirmative determination is made. Causes the usage information indicating "used" to be written into the non-volatile memory and the processing of the first mode to be performed. Even if it is combined, the overwriting process is not executed again, and it is possible to prevent a user's erroneous operation.

  According to the configuration of the fifth aspect, usage information indicating “unused” or “used” is further stored in the storage key, and “used” is indicated after the step (e). The usage information indicating that it is present is written into the storage key, and the usage information is further read from the storage key in the step (c), and only when the usage information indicates "unused" d), the secure format cannot be executed even if the storage key is attached to another image forming apparatus, and the management of the storage key for each of a plurality of image forming apparatuses is facilitated. Play.

  According to the configuration of the sixth aspect, the selection screen of the first mode and the second mode with different numbers of times of writing is displayed on the display means, and the number of times that meaningless data is written into each sector is expressed as follows. Since the number of times corresponds to the mode selected by the instruction input means, the security level can be selected according to the user's time margin with a simple configuration.

  Other objects, configurations and effects of the present invention will become apparent from the following description.

  FIG. 5 is a schematic block diagram of the image forming apparatus 10 according to the first embodiment of the present invention.

  In this image forming apparatus 10, the MPU 11, the ROM 12R, the DRAM 12D, the NVRAM 13, the NIC 15, the modem 20, the interfaces 14I, 16I to 19I and 21I are coupled by the bus 23, and the hard disk 14 and the auto sheet are connected to the interfaces 14I and 16I to 19I, respectively. A feeder 16, a scanner 17, a printer 18, and an operation panel 19 are combined.

  The ROM 12R stores a bootstrap, an operating system (OS), an application that operates on the upper layer of the OS, and various device drivers that operate on the lower layer of the OS. This application is for causing the image forming apparatus 10 to function as a multifunction peripheral, and includes a secure format program. Here, the secure format overwrites all storage areas of the file and FAT (File Allocation Table) with meaningless data, that is, a state where physical formatting is performed (a series of data read / write in each sector). In this state, the logical format is ignored in an index numbered state, and the entire sector area is continuously overwritten with meaningless data in units of sectors, and then the logical format is performed. The functions of the multifunction machine include copy, scan, print, and fax.

  The DRAM 12D is used as a main memory. The NVRAM (nonvolatile memory) 13 is a flash memory, for example, and is electrically rewritable. The copy protection area includes the power-on count Cp, the usage state U1 and the composite secret key SK of FIG. Stored. When data in the copy protection area is read out, the stored data is encrypted and read out, and it becomes meaningless even if it is copied to a person who does not know the secret key. The usage state U1 is for a secure format to be described later, and the composite secret key SK is for encryption and decryption to be described later, both of which relate to the hard disk 14.

  The NIC 15 is connected to an external host computer on the network and used for a print job. The scanner 17 inputs an image in conjunction with the auto sheet feeder 16 and is used for copying and fax transmission jobs. The printer 18 includes a print engine, a fixing device, a paper feed unit, a conveyance unit, and a paper discharge unit, and forms an electrostatic latent image on a photosensitive drum of the print engine based on bitmap data supplied as print data. Then, this is developed with toner, transferred onto paper, fixed, and discharged. The operation panel 19 includes a display unit and a key input unit, and is used for inputting setting information or instructions to display a selection screen, a setting screen, or the like. The modem 20 is for fax transmission / reception. The USB memory interface 21I has a port for detachably inserting the USB key 21 as a storage key.

  The USB key 21 is a USB memory, and includes an NVRAM, for example, a flash memory chip, and stores a key type code K, an authenticated code X, and a use state U2 shown in FIG. The key type code K, the code to be authenticated X, and the use state U2 are for a secure format described later. The code to be authenticated X and the use state U2 are stored in the same copy protection area as described above.

  Next, a part of the application will be described.

  The secure format takes more time than the normal format because of the overwriting process. For this reason, if not necessary, a normal format is initially performed. However, whether or not it is necessary to perform secure formatting changes according to changes in the user's business content. When performing the secure format, the user inserts the USB key 21 into the USB memory interface 21I.

  When a USB memory is attached to the port of the USB memory interface 21I, this is detected by an interrupt process, and the hard disk security ensuring process shown in FIG. 1 is started. FIG. 1 is a flowchart showing hard disk security ensuring processing among the processing executed when the USB memory is mounted. This process is performed by a program stored in the ROM 13. In the following, the step identification codes in the figure are shown in parentheses.

  It is assumed that the hard disk drive 14 is physically formatted at the time of shipment from the factory.

  (S0) It is determined whether or not the hard disk drive 14 is provided. If it is provided, the process proceeds to step S2, and if not, the process of FIG. 1 is terminated.

  (S1) The usage state U1 (FIG. 2A) is read from the NVRAM 13, and if this indicates “used”, the processing of FIG. 1 is terminated, and if it indicates “not used”, the process proceeds to step S2.

  (S2) K, X, and U2 in FIG. 2B are read from a predetermined address of the USB memory. If the USB memory is the USB key 21, a value indicating that the hard disk security ensuring function activation key or another key is stored in K, and X is an authentication target for permitting the use of the USB key 21. A code is stored, and a use state indicating “unused” or “used” is stored in U2.

  (S3) If the value of the key type code K indicates a hard disk security ensuring function activation key and the use state U2 indicates “unused”, the authenticated code X is authentic. It is determined whether or not. In this determination, for example, the authenticated code X is substituted into a predetermined function f to obtain a = f (X). If the value a matches a predetermined value, it is determined that the authenticated code X is authentic. In other words, the code to be authenticated X and the function f are determined such that the value a is equal to a predetermined value when the code to be authenticated X is authentic. This predetermined value a is stored in the copy protection area of the NVRAM 13 (FIG. 2A).

  (S4) If it is determined that the to-be-authenticated code X is authentic, the process proceeds to step S5, and if not, the process in FIG. 1 is terminated.

  (S5, S6) First, as shown in FIG. 3A, a confirmation screen as to whether or not to perform secure formatting is displayed on the display unit of the operation panel 19. In the operation panel 19, an “Enter” key, a “Cancel” key, and a direction key are arranged on the right side of the display unit. These keys are hardware keys or software keys on the touch panel.

  Data encryption / decryption with respect to the hard disk 14 is performed regardless of whether or not the secure format is selected in the following steps S9 and S10. The following AES (Advanced Encryption Standard) key is for encryption / decryption and is not directly related to the secure format.

  When the user presses the “Enter” key, as shown in FIG. 3 (B), “AES (Advanced Encryption Standard) key should be entered” is displayed, and each digit of 6 digits is entered below. The column is displayed as a black rectangle. When the up and down direction keys are pressed, the black rectangle of the most significant digit is first removed and the numerical value is incremented or decremented. When the right direction key is pressed, the black rectangle of the next digit is removed and 0 is displayed, and when the up and down direction key is pressed, this numerical value similarly changes. When a 6-digit numerical value is input in this way, the result is as shown in FIG. When the “Enter” key is pressed in this state, the process proceeds to step S7 in FIG.

  (S7) The unique machine ID code MID of the image forming apparatus is read from, for example, the printer 18 and the scanner 17, and combined with the ASE key input in step S5, encrypted, and stored in the NVRAM 13 as a composite secret key SK. (FIG. 2 (A)).

  This composite secret key SK is used in the job after the processing in FIG. 1 for encryption before writing data to the hard disk 14 and decryption after reading the written data. These encryption and decryption are performed independently of the application and the USB key 21 as part of the processing of the hard disk driver.

  (S8) If the power-on count Cp is 1, the process proceeds to step S9. This power-on count Cp has an initial value of 0 and is incremented by 1 in the application initialization routine every time the image forming apparatus is turned on. When it becomes a value, for example, 2, it is not incremented.

  The reason for proceeding to step S9 when Cp = 1 is that the image forming apparatus is installed and the USB key 21 is inserted into the port of the interface 21I to turn on the power of the image forming apparatus, or the power of the image forming apparatus is turned on. When the USB key 21 is inserted into the port of the interface 21I after turning on and printing a non-secret document, there is no need to perform secure formatting, so whether or not to perform secure formatting is selected by the user. This is to leave it to you. In the case of Cp> 1, it can be estimated that there is a high possibility that data to be secured is stored in the hard disk, and that the user uses 21 in the middle is to ensure the security of the data on the hard disk. Therefore, it is considered that the secure format has been selected, and the process proceeds to step S11.

  (S9) As shown in FIG. 4A, a screen for selecting whether or not to perform secure formatting is displayed.

  (S10) If “Yes” is selected, the process proceeds to step S11. If “No” is selected, the process proceeds to step S15.

  (S11 to S14) As shown in FIG. 4A, a selection screen for selecting whether the overwrite mode is normal or quick is displayed. Here, the quick is a mode in which all sectors are overwritten with a value of 0, for example. On the other hand, normal is a mode in which overwriting on all sectors is repeated, for example, three times. For example, the first and second times generate a random number and continuously overwrite it, and the third time, for example, 0 continuously. Overwrite mode. According to this normal mode, even if the residual magnetism is read, the data before overwriting cannot be read, and security can be ensured more reliably.

  As shown in FIG. 4B, the normal mode is highlighted and initially selected, and the selection of this mode is confirmed when the “Enter” key is pressed. In the case of selecting the quick mode, the quick button is pressed to select it, and the “Enter” key is further pressed to confirm it. When the normal mode is selected, the display of FIG. 4C is performed and the notation “in secure format” is blinked.

  The overwriting process is performed according to the selected mode.

  (S15) “Used” is written in the use states U1 and U2 of the NVRAM 13 and the USB key 21. As a result, when the secure format is executed once, the USB key 21 is not accepted, and the USB key 21 cannot be used in other image forming apparatuses. It is possible to prevent the formatting from being performed.

  (S16) Next, logical formatting is performed on the hard disk 14. If a negative determination is made in step S10 during this logical formatting, the display shown in FIG. 4D is performed and the notation “in format” is blinked. In the case of the secure format, the display of FIG. 4C is also performed in this step S16, and the notation “in secure format” is blinked. When the logical format is finished, the processing of FIG. 1 is finished.

  As described above, according to the present embodiment, when the image forming apparatus is in the initial use, a selection screen as to whether or not the hard disk drive 14 is to be securely formatted is displayed on the operation panel 19. If the input indicates that secure formatting is to be performed or if it is not in the initial stage of use, overwriting processing in secure format is performed, and then the hard disk drive 14 performs logical formatting regardless of the selection result on the selection screen. In other words, when the image forming apparatus is in the initial stage of use, there is no need to perform the overwriting process on the hard disk drive 14 after printing a non-secret document. Therefore, it is left to the user to decide whether or not to perform the overwriting process, and the image forming apparatus can be used. If it is not the initial stage, it can be estimated that there is a high possibility that data that should be secured is stored in the hard disk, and it is assumed that the overwriting process is selected. In addition, it is possible to appropriately select and execute a hard disk formatting method.

  Further, when the NVRAM 13 stores a use state indicating “unused” or “used”, the USB key 21 is inserted into the port, and the use state indicates “unused”. The authentication information X is read from the USB key 21 to determine whether or not the authentication information X is legitimate. If the determination is affirmative, the usage information indicating “used” is displayed. Since the NVRAM 13 is written and the above process is performed, any USB key inserted into the port after being “used” will not be re-executed, preventing erroneous operation by the user. There is an effect that can be done.

  Furthermore, the USB key 21 stores a usage state indicating “unused” or “used”. When the “used” is stored, this is also written to the USB key 21, and this usage information is “unused”. ”Is displayed only in the case of“ ”, the secure format cannot be executed even if the USB key 21 is attached to another image forming apparatus, and the storage key for each of the plurality of image forming apparatuses There is an effect that it becomes easy to manage.

  In addition, the normal mode and quick mode selection screens with different overwriting times are displayed on the operation panel 19, and the number of times of overwriting meaningless data in each sector of the hard disk is set to the number corresponding to the selected mode. With a simple configuration, the security level can be selected according to the user's time margin.

  Further, when the user feels the need for the secure format, the secure format can be executed without replacing the image forming apparatus. In addition, since secure formatting cannot be executed unless the USB key 21 is inserted into the USB memory interface 21I, necessary data is deleted from the hard disk 14 by an erroneous operation of the user by having the administrator manage the USB key 21. Can be prevented. Furthermore, since the secure format can be executed by inserting the USB key 21 into the USB memory interface 21I, it is not necessary to reserve and execute this by an external service person, and the cost can be reduced and the user feels the necessity. Secure format can be executed.

  The present invention includes various modifications in addition to the above.

  For example, the count value of the number of printed sheets may be used in place of the power-on count Cp, and if this is less than the set value, the same processing as in the case of Cp = 1 may be performed.

  In the above embodiment, the case where the interface for the removable storage device is the USB memory interface 21I has been described, but it may be an interface to various removable memory cards, a removable hard disk, or the like.

  Furthermore, although the case where the image forming apparatus is a multifunction peripheral has been described in the above embodiment, the present invention is naturally applicable to a single-function image forming apparatus.

It is a flowchart which shows the hard disk security ensuring process among the processes performed by USB memory mounting based on Example 1 of this invention. (A) shows a part of the contents stored in the NVRAM built in the main body of the image forming apparatus, and (B) is a memory map showing a part of the contents stored in the USB key. FIG. 2 is a display explanatory diagram on an operation panel in the process of FIG. 1. FIG. 2 is a display explanatory diagram on an operation panel in the process of FIG. 1. 1 is a schematic block diagram of an image forming apparatus according to Embodiment 1. FIG.

Explanation of symbols

10 Image forming apparatus 11 MPU
12R ROM
12D DRAM
13 NVRAM
14 Hard disk 14I, 15I, 16I, 17I, 18I, 19I, 20I Interface 15 NIC
16 Auto Sheet Feeder 17 Scanner 18 Printer 19 Operation Panel 20 Modem 21I USB Memory Interface 21 USB Key 23 Bus X Authentication Code MID Machine ID Code U1, U2 Usage Status SK Composite Secret Key K Key Type Code

Claims (6)

A processor;
A hard disk drive coupled to the processor;
Program storage means coupled to the processor and storing a program;
An operation unit coupled to the processor and including an instruction input unit and a display unit;
And an image forming apparatus for forming an image on a supplied paper,
Detecting means for detecting whether or not the image forming apparatus is in an initial use;
And the program includes a routine for formatting the hard disk drive, the routine for the processor,
(A) When in the initial stage of use, the display means displays a selection screen as to whether or not to perform an overwriting process for writing meaningless data in each sector to the hard disk drive, and the instruction input If the instruction input from the means indicates that the overwriting process is to be performed or if it is not in the initial use, the overwriting process is performed,
(B) causing the hard disk drive to perform logical formatting regardless of the determination result in step (a);
An image forming apparatus. The detection means includes
Means for counting power-on of the image forming apparatus;
Means for determining the initial use when the power-on count is the first time in step (a);
The image forming apparatus according to claim 1, further comprising: The detection means includes
Means for counting the total number of printed sheets of the image forming apparatus;
Means for determining in the initial use when the total number of printed sheets is less than a set value in step (a);
The image forming apparatus according to claim 1, further comprising: A writable non-volatile memory coupled to the processor for storing usage information indicating "unused" or "used";
A coupling means to which a storage key composed of a removable storage device is coupled;
An interface for a removable storage device coupled between the coupling means and the processor;
And the program for the processor,
(C) When the storage key is coupled to the coupling means and the usage information indicates “unused”, the authentication target information is read from the storage key;
(D) determining whether the authentication target information is authentic,
(E) If an affirmative determination is made, the usage information indicating “used” is written into the nonvolatile memory and the process proceeds to step (a).
The image forming apparatus according to claim 2, wherein the image forming apparatus is an image forming apparatus. The storage key further stores usage information indicating “unused” or “used”.
The program further provides the processor with
After the step (e), the usage information indicating “used” is written to the storage key;
Further, in the step (c), the usage information is read from the storage key, and the process proceeds to the step (d) only when the usage information indicates “unused”.
The image forming apparatus according to claim 4. The program is further sent to the processor in step (a).
Display a selection screen of the first mode and the second mode in which the number of times of writing is different on the display means;
6. The image forming apparatus according to claim 5, wherein the number of times meaningless data is written in each sector is set to a number corresponding to the mode selected by the instruction input unit.

Images