This application is based upon and claims the benefit of priority from the prior Japanese Patent Application No. 2006-083812 and 2006-083813, filed on Mar. 24, 2006, the entire contents of which are incorporated herein by reference.
The present invention relates to an image forming apparatus, such as a printer, a copier, a facsimile machine, a multifunction peripherals, that carries a sheet to form images thereon and is equipped with a hard disk, and more specifically to an image forming apparatus with function to format an equipped hard disk with ensuring security.
Due to an increasing amount of data to be stored, an image forming apparatus is often equipped with a hard disk drive. Since an image forming apparatus is, generally speaking, used communally by a plurality of people, it is necessary to ensure the security of data in the hard disk.
JP No. 2004-139163-A discloses a configuration wherein a unique identification number of an image forming apparatus is stored in a nonvolatile memory which is installed in the image forming apparatus; the unique identification number, when storing data in the nonvolatile memory, is used as a key to encrypt the data, and; the key is used to decode the encrypted data when reading the data from a hard disk of the image forming apparatus.
With this configuration, data in a hard disk of an image forming apparatus cannot be decoded by, for example, installing the hard disk on another image forming apparatus.
Also, JP No. 2005-96082-A discloses a method of disabling the restoration of files that are deleted from a hard disk by overwriting the stored area of the files with dummy data such as 0 when deleting the files, in order to secure the deleted files.
On the other hand, JP No. 2003-58486-A discloses a method of activating an optional routine that is preinstalled as an inactivated state in advance, on condition that an SD card key on which ID data and encrypting data are written is inserted in an image forming apparatus and that the two sets of data are verified to be valid.
However, selection of a hard disk format method may be different, for users who need a process of ensuring security when they first set up an image forming apparatus, and for users who do not need the process until later. On the other hand, understanding and selecting a hard disk format method is not easy for general users, possibly resulting in a loss of user's time.
Besides, users are not aware of a necessity of a process to ensure the security, such as the process above, at first. If a user attempts to perform the process when the user realizes a necessity of the process later, the user has to replace an image forming apparatus with the one with function for such a process, adding a burden to the user.
If a configuration allows for activation of an optional routine in accord with the insertion of a key when a user realizes a necessity of the process with function to ensure the security, with the optional routine preinstalled on an image forming apparatus, there is a high possibility to execute the function by mistake by a user, especially if the image forming apparatus is communal to many people. If a configuration requires users to call for service personnel to execute the process, the cost is high and reservation for the service is required, both aspects being inconvenient for users.
Accordingly, it is an object of the present invention to provide an image forming apparatus capable of readily and properly executing a hard disk format upon selecting a format method, both for users who need a process of ensuring security since they first set the image forming apparatus, and for users who do not need the process until later.
Another object of the present invention is to provide an image forming apparatus capable of executing a security ensuring process for a hard disk without an error at a point when a user realizes a necessity of the process.
In a first aspect of the present invention, a format routine orders a processor to perform the steps of:
(a) performing an overwrite process which writes dummy data onto each sector in a hard disk drive if it is determined that the use of the image forming apparatus is not a first time; and
(b) performing a logical format on the hard disk drive regardless of the determination in the step (a).
According to the above configuration, since it is presumable that data to be secured is stored in the hard disk if the use of the image forming apparatus is not a first time, the format routine orders a processor to perform the overwrite process, assuming the overwrite process is selected. Therefore, there is an advantage in that user is able to readily execute a hard disk format.
In a second aspect of the present invention including the first aspect, and the routine orders the processor, in the step (a), to display, on display means, a screen to select whether to perform the overwrite process if it is determined that the use of the image forming apparatus is a first time, and to perform the overwrite process if an instruction from instruction inputting means indicates performing the overwrite process.
The above configuration leaves options to a user whether to execute the overwrite process if the image forming apparatus is used for the first time, considering a case that the user printed out a confidential document, although there is no necessity to perform an overwrite process with dummy data after printing out a non-confidential document. Therefore, there is an advantage in that user is able to properly execute a hard disk format upon selecting a format method.
In a third aspect of the present invention, use-information that indicates either “unused” or “used” is stored in a nonvolatile memory, and a program orders the processor to perform the steps of:
(a) reading authorization information from a memory key if the memory key is coupled to the coupling means and the use-information indicates “unused”;
(b) determine whether the authorization information is valid or not; and
(c) if the determination is positive, writing use-information that indicates “used” on the nonvolatile memory, writing dummy data on each sector, and performing a logical format on a hard disk device.
With the above configuration, the program orders the processor to read an authorization information from a memory key if the use-information indicates “unused”, determine whether the authorization information is valid or invalid, and write the use-information that indicates “used” on a nonvolatile memory if the validity of the authorization information is verified, and the overwrite process will not be executed once “used” is indicated regardless of any memory key being coupled to its connecting means, preventing a user from committing an error in operation.
Other aspects, objects, and the advantages of the present invention will become apparent from the following detailed description taken in connection with the accompanying drawings.
Referring now to the drawings, wherein like reference characters designate like or corresponding parts throughout several views, a preferred embodiment of the present invention will be described below.
In this image forming apparatus 10, an MPU (Micro Processing Unit) 11, a ROM 12R, a DRAM 12D, an NVM (Nonvolatile Memory) 13, an NIC (Network Interface Card) 15, a modem 20, interfaces 14I, 16I to 19I, and 21I are coupled through a BUS 23. The interfaces 14I and 16I to 19I are coupled to a HDD (Hard Disk Drive) 14, an automatic sheet feeder 16, a scanner 17, a printer 18, and a control panel 19, respectively.
The ROM 12R stores a boot strap, an operating system (OS), an application operating at an upper layer of the OS, and various device drivers operating at a lower layer of the OS. This application is to have the image forming apparatus operate as a multifunction peripherals, and a secure format program is included herein. This secure format is termed a process of overwriting all files and storing areas of an FAT (File Allocation Table) with dummy data, or overwriting all sector regions with dummy data continuously by the sector unit in a state where a physical format has been performed (a state where a series of index numbers for reading and writing data are attached to each sector) while disregarding a logical format, and performing a logical format afterwards. The function of the multifunctional machine includes copying, scanning, printing, and sending and receiving facsimiles.
The DRAM 12D is used as a main memory. An example of the NVM (nonvolatile memory) 13 is a flash memory. The NVM 13 can be electrically rewritten. A “Cp” in a
Connected to an exterior host computer on a network, the NIC 15 is used for print jobs. The scanner is to input images in accord with the automatic sheet feeder 16, used for copying and sending facsimiles. The printer 18 is equipped with a print engine, imprint equipment, a paper feeder, a paper conveyer, and a paper discharger. Based on bit map data supplied as print data, the printer 18 forms an electrostatic latent image in a photoconductor drum of print engine, develops the electrostatic latent image with a toner, transcribes the electrostatic latent image onto paper, imprints the electrostatic latent image, and discharges the paper. The control panel 19 is equipped with a display and a key input section, and is to input setting information or instructions and display a selection screen, a setting screen, etc. The modem 20 is for sending and receiving facsimiles. The USB (Universal Serial Bus) memory interface 21I is equipped with a port for the USB key 21 as a memory key, enabling free attachment and detachment of the USB key 21.
The USB key 21 is a USB memory, equipped with a NVM such as a flash memory chip, and stores a key type code “K”, an authorization code “X”, and a condition of use “U2”, as described in
Next, a portion of the application mentioned above is explained.
Due to the above-mentioned overwrite process, a secure format requires more time than a standard format requires. Therefore, a standard format is executed if there is no particular need for a secure format. However, according to changes in work contents of a user, a necessity for a secure format varies. When performing a secure format, a user inserts the USB key 21 in the port of the USB memory interface 21I. Following the insertion of the USB key 21, the USB key 21 is detected by means of a cut-in process, and hard disk security ensuring process, shown in
The hard disk drive 14 is assumed to have been physical-formatted at the time of shipping from a factory.
(S0) Said program determines whether the hard disk drive 14 is equipped or not, and if the hard disk drive is equipped, proceeds to a step S2; if the hard disk drive is not equipped, the program ends the process of
(S1) The condition of use “U1” (
(S2) A “K”, an “X”, and a “U2” of
(S3) If the value of the key type code “K” indicates the activation key of hard disk security ensuring function and the condition of use “U2” indicates “unused”, the program determines whether the authorization code “X” is valid or invalid. This judgment can be conducted by substituting “X” in a predetermined function f. If a=f(X), which was calculated from the substitution, coincides with a predefined value, the validity of the authorization code “X” is verified. In other words, the value “a” in the authorization code “X” and the function “f” is defined to be equal to a predefined value if the authorization code “X” is valid. This predefined code “a” is stored in a copy-protect area of the NVMRA 13 (
(S4) The program proceeds to a step S5 if the authorization code “X” was determined to be valid, and ends the process of the
(S5) First, as shown in
Data encryption/decryption to the hard disk 14 is independent to a secure format selection in the following steps S9 and S10. The following AES (Advanced Encryption Standard) key is for data encryption/decryption, and is not directly relevant to a secure format.
Followed by user's pressing an Enter key, a sentence “Please input the AES key” appears on the display, with six black rectangles to input each digit of a six-digit number below the sentence. Pressing up/down arrow keys replaces the first (the very left) rectangle with a number and increments/decrements the number. Pressing right arrow key replaces a next black rectangle with a 0, and up/down arrow keys changes this number similarly.
(S7) A unique machine ID code MID of the image forming apparatus is read by, for example, the printer 18 and the scanner 17, combined with the ASE key input in the step 5, and encrypted. This encrypted code is stored in the NVM 13 as a composite secret key “SK” (
This composite secret key “SK” is used for, in jobs after the process of
(S8) The program proceeds to a step S9 if the “Cp” is 1. The initial value of this “Cp”, or the number of times that the power has been turned on, is set to 0. The “Cp” is incremented by 1 through an initializing routine of the application every time the power is turned on, but will not be incremented if the “Cp” has reached to a certain value, such as 2, in order to avoid the “Cp” returning to a value 1.
The reason for proceeding to a step S9 when the Cp=1 is to let users choose whether to perform a secure format or not, since a secure format is not required in a case where a user printed out a non-confidential document after installing an image forming apparatus, supplying the power to it, and inserting the USB key 21 in a port of the interface 21I. On the other hand, the program proceeds to a step S11 in a case where the Cp>1, assuming a user has chosen to perform a secure format, due to a high possibility that data whose security should be ensured is stored in the hard disk, and because a user inserting the USB key 21 in a halfway implies that the user desires to ensure the security of data in the hard disk.
(S9) As shown in
(S10) The program proceeds to a step S11 if “Yes” is selected, and to a step S15 if “No” is selected.
(S11 to S14) As shown in
As shown in
Depending on a mode selected, either one of the overwrite processes above is performed.
(S15) The program writes “used” on the above the condition of use “U1” and “U2” of the NVM 13 and the USB key 21. Thereby, the USB key 21 will not be accepted after a secure format is performed once, and the USB key 21 will not be able to be utilized for other image forming apparatuses, preventing another execution of a secure format by user's mistake and an unnecessary secure format.
(S16) Next, a logical format is executed onto the hard disk 14. If a negation is selected in the step S10,
As explained above, according to this embodiment, the configuration leaves options to a user whether to execute the overwrite process if the image forming apparatus is used for the first time, considering a case that the user printed out a confidential document, although there is no necessity to perform an overwrite process with dummy data after printing out a non-confidential document. Because it is presumable that data to be secured is stored in the hard disk if the use of the image forming apparatus is not the first time, the format routine orders a processor to perform the overwrite process, assuming the overwrite process is selected. Therefore, an effect that user is able to readily and properly execute hard disk format upon selecting a format method is achieved.
In addition, the condition of use that indicates either “unused” or “used” is stored in the NVM 13; in a case where the USB key 21 is inserted in a port and the condition of use indicates “unused”, an authorization information “X” is read from the USB key 21 and validity of the authorization information “X” is checked. If the validity of the authorization information “X” is verified, the condition of use that indicates “used” is written in the NVM 13 and the process is executed. Because the overwrite process will not be performed anymore regardless of which USB key is inserted in a port after the condition of use set to “used”, users' unintentional operation can be prevented.
Besides, the condition of use that indicates either “unused” or “used” is stored in the USB key 21, and “used” is written in the USB key 21 as well when storing “used” as described above. Since the program proceeds to the above-mentioned authorizing step only when the condition of use indicates “unused”, a secure format will not be executed even if the USB key 21 is inserted in other image forming apparatuses, realizing easy management of respective memory keys for multiple image forming apparatuses.
Moreover, by displaying a screen for selecting a normal mode and a quick mode which require different time for an overwrite process, and by the number of times of overwriting dummy data onto each sector in the hard disk being correspondent to a selected mode, a level of security to be ensured can be selected according to a user's time allowance with a simple configuration.
Furthermore, a user can execute a secure format when the user feels a need to without replacing an image forming apparatus with a new image forming apparatus. Plus, by having an administrator manage the USB key 21, an unintentional elimination of necessary data from the hard disk 14 by other users can be prevented, since a secure format cannot be performed unless inserting the USB key 21 in the USB memory interface 21I. Also, because a secure format can be performed by inserting the USB key 21 in the USB memory interface 21I, requesting outside service personnel for a secure format is unnecessary, resulting in a decrease in cost and a timely execution of a secure format when a user feels a need for a secure format.
Although a preferred embodiment of the present invention has been described, it is to be understood that the invention is not limited thereto and that various changes and modifications may be made without departing from the spirit and scope of the invention.
For example, an acceptable configuration of the invention may use a count value of the number of print pages instead of the number that the power has been turned on, and the same process as the case of the Cp=1 if the count value is under a certain value.
In addition, although a case where an interface for removable memory device is a USB memory interface 21I has been described in the aforementioned embodiment, the interface may be other one of various removable memory cards and removable hard disks.
Moreover, although a case where an image forming apparatus is a multifunction peripherals has been described in the aforementioned embodiment, it should be understood that the present invention is also applicable to a single-function image forming apparatus.
Number | Date | Country | Kind |
---|---|---|---|
2006-083812 | Mar 2006 | JP | national |
2006-083813 | Mar 2006 | JP | national |
Number | Name | Date | Kind |
---|---|---|---|
4628359 | Okada et al. | Dec 1986 | A |
6348974 | Takahashi et al. | Feb 2002 | B1 |
6351850 | van Gilluwe et al. | Feb 2002 | B1 |
6819446 | Ogawa et al. | Nov 2004 | B1 |
7093295 | Saito | Aug 2006 | B1 |
7471408 | Ueda et al. | Dec 2008 | B2 |
20030090705 | Ferlitsch | May 2003 | A1 |
20040120004 | Okamoto et al. | Jun 2004 | A1 |
20050088680 | Ahn | Apr 2005 | A1 |
20050111034 | Karasaki et al. | May 2005 | A1 |
20050116780 | Endo et al. | Jun 2005 | A1 |
20050231756 | Maeshima | Oct 2005 | A1 |
20060038820 | Kitani | Feb 2006 | A1 |
20060077424 | Maruta et al. | Apr 2006 | A1 |
20060182417 | Sugishita | Aug 2006 | A1 |
20070028137 | Chen | Feb 2007 | A1 |
20070086036 | Tanaka | Apr 2007 | A1 |
20080037054 | Hasegawa et al. | Feb 2008 | A1 |
Number | Date | Country |
---|---|---|
2003-58486 | Feb 2003 | JP |
2004-139163 | May 2004 | JP |
2005-96082 | Apr 2005 | JP |
2005-96082 | Apr 2005 | JP |
Entry |
---|
“Clean Disk Drive—How to Clean a Disk Drive”, Mar. 17, 2006, White Canyon, pp. 1-5. |
Partition Magic 7.0—User Guide, Aug. 2001, PowerQuest, pp. 1-221. |
Chinese Office Action dated Nov. 21, 2008, in re counterpart patent Appln. No. 20071008137.9. |
Number | Date | Country | |
---|---|---|---|
20070222810 A1 | Sep 2007 | US |