The present invention relates to image forming apparatus and security control method, together with security processing program, and in particular to an image forming apparatus that ensures security at the time of printing XPS (XML Paper Specification) data and to its security control method together with security processing program.
Printing apparatuses (hereinafter called image forming apparatuses) such as printers or digital multi function peripherals have come into widespread use. When such an image forming apparatus is used as a network printer, firstly, a document data is prepared using an application of the computer terminal connected to the network. Next, using a device driver (printer driver) of the computer terminal, the document data is converted into print data in the PDL (Page Description Language) format and is sent to the image forming apparatus. Then, in the image forming apparatus, the print data is analyzed and output on sheets.
In this context, as applications for preparing documents, applications have been known that operate based on a specification called XPS that describes the document in the XML (Extensible Markup Language) format. The data prepared based on this XPS (hereinafter called XPS data) can be displayed using Internet Explorer (Registered Trademark). Further, it is possible to store font data in XPS, and it is possible to print in the same form as has been displayed on the screen. Also, regarding the above XPS, its details have been disclosed, for example, in XML Paper Specification Version 1.0 (http://www.microsoft.com/japan/whdc/XPS/XPSspec.mspx).
Since the above XPS data is compressed and sent to an image forming apparatus, and is decompressed and stored once in an HDD at the time of print processing, the XPS data is not erased but remains even after the print processing has ended. Because of this, a malicious user can obtain XPS data from the HDD, and security cannot be ensured.
Regarding this problem, overwriting and erasing the XPS data decompressed in the HDD using various algorithms can be thought of. However, since the access speed of an HDD is slow, it takes time to overwrite and erase all the XPS data, there is the problem that, in the meantime, the CPU will be engaged, and the processing of the image forming apparatus will be delayed.
Although not related to the above technology of printing XPS data, as a technology of erasing the stored job data, the Japanese Unexamined Patent Application Publication No. 2004-288049 has been known. This Japanese Unexamined Patent Application Publication discloses a method, at the time of storing the job data necessary for executing a job, of storing a part of the job data in the RAM and the remaining in the HDD, and of erasing a part of the job data in the RAM at the time the job ends.
The technology disclosed in Japanese Unexamined Patent Application Publication No. 2004-288049 is one in which the job data is stored distributing it between the HDD and the RAM, and the data stored in the RAM is erased, and the data in the RAM can be erased at a high speed. However, since which part of the job data to store in the RAM is determined based on the free space in the RAM, in the case where confidential information is included in the data stored in the HDD, security cannot be ensured even if the data in the RAM is erased.
The present invention was made in view of the above problem, and the main purpose of the present invention is to provide image forming apparatuses and security control methods together with security processing programs whereby the time required for erasing XPS data can be shorten while ensuring security at the time of printing XPS data.
To achieve at least one of the abovementioned objects, an image forming apparatus reflecting one aspect of the present invention, that receives XPS data and carries out print processing based on the XPS data, comprises: a secondary storage device that stores said XPS data after decompression thereof; and a security processing section that specifies the elements that have previously set levels of importance more or not less than a predetermined level from the constituent elements of the XPS data decompressed in said secondary storage device, and erases those specified elements by overwriting after said print processing.
In the abovementioned image forming apparatus, the predetermined level is preferably set based on a command added in advance to the XPS data. Further, in the above mentioned image forming apparatus, the element having the level of importance more or not less than the predetermined level includes at least one of page information, image data, thumbnail data, Print Ticket and font data.
XPS data is known as document data, and when printing using this XPS data, in the image forming apparatus, because of decompressing and storing the XPS data in a secondary storage device such as an HDD, the problem arises that the XPS data remains in the secondary storage device after printing, and security cannot be ensured.
Regarding this problem, overwriting and erasing all the XPS data inside the secondary storage device can be thought of; however in this method, it takes time for erasing the data, the CPU will be engaged for a long time, and the processing in the image forming apparatus will be delayed. Further, a method can be considered in which the data is stored by dividing it between the HDD and the RAM; however in this method, security cannot be ensured in the case in which confidential information is included in the data inside the HDD.
In view of this, in the present preferred embodiments, a method is adopted of not erasing all the data stored in the secondary storage device such as an HDD, but of using the features in the structure of the XPS data, and overwriting and erasing only the elements in the XPS data that are important for ensuring security. Because of this, it is possible to shorten the time required for overwriting and erasing while ensuring security and to prevent the delay in the processing of the image forming apparatus.
In order to describe in further detail the preferred embodiments of the present invention mentioned above, the image forming apparatus and the security control method together with the security processing program according to a first preferred embodiment of the present invention are described below with reference to
As shown in
Further, as shown in
The control section 21 is configured using a CPU (Central Processing Unit) 21a and memory sections such as a ROM (Read Only Memory) 21b and a RAM (Random Access Memory) 21c, that are connected to the CPU 21a. The application preparing documents is, usually, read out into the RAM 21c from the ROM 21b or the storage device 22, and the print request from the application is conveyed from the CPU 21a to the image forming apparatus 30 connected via a communication network, and the printing is carried out in the image forming apparatus 30. This application is the Internet Explorer or the like.
The storage device 22 is configured using an HDD (Hard Disk Drive) or the like, and stores various types of programs and data.
The input device 23 is configured using a mouse and a keyboard and others, and carries out instructions for document preparation, printing and others.
The display device 24 is configured using an LCD (Liquid Crystal Display) or the like, and displays the prepared document or the print setting screens and others.
The network connecting section 25 is configured using an NIC (Network interface Card), a modem or the like, and connects to an image forming apparatus 30 via a communication network.
Further, in
Further, as shown in
The ROM 31b stores programs and others and others for controlling the operations of the entire image forming apparatus. The RAM 31c stores data necessary for the control by the CPU 31a and data that requires temporary storage during the control operation. Further, the CPU 31a, in coordination with the ROM 31b and the RAM 31c, functions as a control section that controls the operations of the entire image forming apparatus.
The HDD 32 is a secondary storage device, and stores the XPS data after decompression, and other data.
The LAN I/F 34 is an interface for connecting to a communication network such as an NIC or a modem, and connects with the computer terminals 20 via the communication network.
The USB I/F 33 is an interface for connecting devices such as an USB (Universal Serial Bus) memory.
The display and operation section 35 is configured using a display section such as an LCD and an operation section such as a touch panel that covers the display section, and not only displays various icons or key buttons, and various types of settings necessary for printing on the LCD in accordance with the display signal from the CPU 31a, but also outputs the operation signals inputted from the touch panel to the CPU 31a.
The language analyzing section 36 analyses the print data (XPS data, data described in a page description language (PDL) such as PS (Post Script) or PCL (Printer Control Language), PDF (Portable Document Format) data or the like, that has been inputted from the computer terminals 20 via the LAN I/F 34 and generates the data in an intermediate format (hereinafter called the intermediate data) before the print data is expanded into the data in the bit map format (hereinafter called bit map data).
The image processing section 37 prepares the printable bit map data from the intermediate data prepared by the language analyzing section 36.
The security processing section 38 analyzes the XPS data decompressed and stored in a secondary storage device such as the HDD 32 and, according to some rules determined in advance, specifies the elements in the XPS data that are important for ensuring security, and processes the specified elements so that they cannot be recovered from the HDD 32.
The printing section 39 carries out printing based on the bit map data prepared by the image processing section 37. In specific terms, the processing is done by emitting light from the exposure unit according to the bit map data onto a photoreceptor drum charged by an charging unit thereby forming an electrostatic latent image, developing it by making charged toner adhere to it in the developing unit, and transferring that toner image onto the recording medium via a primary transfer roller and a secondary transfer belt, and fixing it using the fixing unit.
Further, in
In the following, before the procedure of printing XPS data using a printing system 10 with the above configuration is described, in order to ease the understanding of the present preferred embodiment, the structure of an XPS data is described here.
According to the specifications, the XPS data is to be compressed into the ZIP format, and an XPS data after ZIP decompression has a structure as shown in
An ordinary procedure of printing an XPS data of the above structure is described below referring to the flow chart of
To begin with, in Step S100, the image forming apparatus 30 receives the XPS data from a computer terminal 20 via the LAN I/F 34.
Next, in Step S200, the control section of the image forming apparatus 30 carries out spooling processing of the received XPS data. When this processing is shown in concrete terms, it is found in
Next, in Step S300, the control section decompresses the spooled XPS data and expands it in the HDD 32. This processing is shown in concrete terms in
Next, in Step S400, the language analyzing section 36 carries out analysis processing of the decompressed data, and generates the intermediate data.
Next, in Step S500, the image processing section 37 carries out rasterizing processing on the prepared intermediate data and generates the bit map data.
Further, in Step S600, the printing section 39 transfers the bit map data to the sheet and outputs it, whereupon the sequence of operations is ended.
Here, in the case of XPS, in order to carry out language analysis processing after ZIP decompression as described above, it is necessary to store the data once in a secondary storage device such as the HDD 32. Because of this, there is danger that the ZIP decompressed XPS data can be read out by other people, and there is the problem that security cannot be ensured.
In view of this problem, although it is possible to think of a method of erasing all the ZIP decompressed XPS data from the secondary storage device such as the HDD 32, since the size of the ZIP decompressed XPS data is large, in this method, it takes a long time to erase the data from the HDD 32, and a delay will be caused in the processing. On the other hand, the XPS data is constituted of various elements, as shown in
In view of this, in the present preferred embodiment, all the elements of the XPS data decompressed in a secondary storage device such as the HDD 32 are not erased, but, considering the importance in terms of security, only the elements having levels of importance above a level determined in advance are erased, thereby ensuring the security of XPS data while preventing delay in the processing.
The procedure of printing XPS data in this case becomes as shown in
Since the Steps S100 to S600 of
The security processing section 38, to begin with, in Step S701, searches for the XPS data inside the HDD 32, and after analyzing the structure of the XPS data and specifying the individual elements, in Step S702, carries out judgment as to whether or not each element is an important element in terms of security. For example, as shown in Table 1, among the constituent elements of XPS data, for the page information, image data, thumbnail data, Print Ticket, and font data, the level of importance is set from 5 to 1 in an order starting from the highest importance, and the level of importance of 0 is set to all other elements. Further, the security processing section 38, based on whether the level of importance of each individual element is above a predetermined level, carries out a judgment as to whether the element is an important one (that is, whether the element is the target of erasure). Further, the method of specifying the value indicating the level of importance can be any method, and it is possible to set the level of importance from 1 to 5 in an order starting from the highest importance.
Next, in Step S703, the elements that have been judged to be important (for example, elements with a level of importance 1 or higher, or the elements shown in hatched boxes in
After that, in Step 3704, a judgment is made as to whether the verification of all the elements has been completed, and if there are any elements that have not been verified yet, similar processing is repeated after returning to Step S701, and when the verification of all the elements has been completed, the security processing program is ended.
In this manner, in the present preferred embodiment, since the XPS data decompressed and stored in a secondary storage device such as the HDD 32 is analyzed, a judgment is made as to whether each individual element is an important element according to a predetermined level of importance, and only important elements are overwritten and erased, it is possible to shorten the processing time compared to the method of overwriting and erasing all the elements of the XPS data.
As an example, to what extent the processing speed is improved by adopting the security processing of the present preferred embodiment is described here. If the size of the XPS data after decompression is 2289664 bytes and the size of the important elements within that (the size of elements with a level of importance of 1 or higher) is 1907268 bytes, the size of the important elements is about 83.3% of the size of the XPS data after decompression. Here, since the processing time of overwriting and erasing is proportional to size to be overwritten and erased, a processing speed improvement of 16.7% can be expected in the case when only the important elements are deleted.
Next, the image forming apparatus and the security control method together with the security processing program according to a second preferred embodiment of the present invention are described below with reference to
In the first preferred embodiment described above, although overwriting and erasing was done uniformly for elements with levels of importance from 1 to 5, depending on the user or the print data, there are cases in which it is desired to overwrite and erase completely giving priority to security, and there are also cases in which it is desired to give priority to performance while sacrificing the security to some extent. In view of this, in the present preferred embodiment, by specifying the security level in the PJL (Printer Job Language) or the like, it is made possible for the user to specify elements of up to which level are to be overwritten and erased.
The security processing flow in the present preferred embodiment is shown in
In the present preferred embodiment, to begin with, in Step S711, the control section analyzes the PJL command added to the XPS data, and sets the security level according to the instruction in the PJL command. An example of the PJL command is shown in Table 3. However, Table 3 is merely one example, and it is also possible to set the security levels in finer detail.
Further, the security processing section 38, in Step S712, searches the XPS data inside the HDD 32, and in Step S713, carries out a judgment as to whether or not each element of the XPS data is the target of overwriting erasure according to the security level set earlier. Next, if the element is the target for overwriting erasure, in Step S714, the element is overwritten and erased so that it cannot be recovered from the HDD 32. After that, in Step S715, a judgment is made as to whether the verification of all the elements has been completed, and if there are any elements that have not been verified yet, same processing is repeated after returning to Step S711. When the verification of all the elements has been completed, the security processing is ended.
In this manner, by making it possible to set the security level, the user can control the security with a degree of freedom.
As an example, to what extent the processing speed is improved by adopting the security processing of the present preferred embodiment is described here. If the size of the XPS data after decompression is 2289664 bytes, the size of the page information is 1743428 bytes, image is 147456 bytes, thumbnail is 0 bytes, Print Ticket is 8192 bytes, and font data is 8192 bytes, the size of the elements with the importance level 5 (page information) is about 76.1% of the size of the XPS data after decompression. Here, since the processing time of overwriting and erasing is proportional to the size of file to be overwritten and erased, it is possible to expect a processing speed improvement of about 24% in the case when only the elements with the importance level 5 are deleted. Further, compared to when elements with levels of importance of 1 or higher are deleted, a processing speed improvement of about 8.6% can be expected.
Further, in the above, although the configuration was made such that the security level was set using the PJL command added to the XPS data, it is sufficient if such a command can be recognized by the image forming apparatus 30 and is not restricted to PJL commands. Further, in the above, although the configuration was made such that the PJL command was added to the XPS data in the computer terminal 20 and transmitted to the image forming apparatus 30, it is also possible to display a screen in the display and operation section 35 of the image forming apparatus 30 for setting the security level, and to make it possible for the user to set the security level in the image forming apparatus 30.
Further, in the above preferred embodiment, although descriptions were given for the security control of XPS, the present invention is not restricted to the above preferred embodiments, but can be applied in a similar manner to all document data stored in a secondary storage device such as the HDD 32 at the time of printing.
The present invention can be used in image forming apparatuses that carry out printing using a secondary storage device such as an HDD in the security control method in such image forming apparatuses, and in the security processing programs that operate in such image forming apparatuses.
According to the image forming apparatus and the security control method together with the security processing program according to the present invention, by erasing the XPS data stored in a secondary storage device such as an HDD, it is possible to ensure security. In addition, by making only the important elements in an XPS data become the target of erasure, it is possible to shorten the time required for erasing.
Number | Date | Country | Kind |
---|---|---|---|
JP2008-025961 | Feb 2008 | JP | national |