Patent Application
20220070329
This application is based on and claims priority under 35 USC 119 from Japanese Patent Application No. 2020-144462 filed Aug. 28, 2020.
The present disclosure relates to an information processing apparatus, a non-transitory computer readable medium, and an information processing system.
Japanese Unexamined Patent Application Publication No. 2017-167660 discloses that image data that represents a scanned image is saved by a server on the Internet, location data that represents a location at which the image data is saved is transmitted to a designated address of an electronic mail, and the image data is accessed from a terminal that receives the electronic mail.
Aspects of non-limiting embodiments of the present disclosure relate to inhibiting image data from being leaked to a third person who is not authorized, when the image data stored in a data storing apparatus is used via a communication line.
Aspects of certain non-limiting embodiments of the present disclosure address the above advantages and/or other advantages not described above. However, aspects of the non-limiting embodiments are not required to address the advantages described above, and aspects of the non-limiting embodiments of the present disclosure may not address advantages described above.
According to an aspect of the present disclosure, there is provided an information processing apparatus including a processor configured to store a storage range identifier for identification of a range of a location at which image data is stored in a data storing apparatus, and an identifier common to an identifier that is retained by the data storing apparatus, transmit read image data and the identifier to the data storing apparatus, generate a storage position identifier for identification of a position at which the read image data is stored, the storage position identifier being generated by using the storage range identifier and a character string that is generated by an algorithm common to an algorithm in the data storing apparatus, and transmit the generated storage position identifier to a terminal that uses the image data stored at the position that is identified by using the storage position identifier.
An exemplary embodiment of the present disclosure will be described in detail based on the following figures, wherein:
The server apparatus 1 corresponds to an example of a data storing apparatus according to an exemplary embodiment of the disclosure and is a computer that stores the image data.
The image reading apparatus 2 corresponds to an example of an information processing apparatus or an image reading apparatus according to the exemplary embodiment of the disclosure and is a computer that optically reads an image of a document written on a medium such as paper and that generates image data that represents the image. The image reading apparatus 2 may be a multifunction peripheral into which an image forming apparatus, an image reading apparatus, a facsimile, and a copying machine, for example, are integrated.
The user terminal 3 is an apparatus that corresponds to an example of a terminal according to the exemplary embodiment of the disclosure and is a computer that is operated by a user to, for example, download, browse, edit, and/or save the image data described above. Examples of the user terminal 3 include a personal computer, a smartphone, and a tablet.
The communication line 4 connects the server apparatus 1, the image reading apparatus 2, and the user terminal 3 such that these are capable of communicating with each other. Examples of the communication line 4 may include a local area network (LAN), a wide area network (WAN), the Internet, and any combination thereof. The communication line 4 may include, for example, a public switched telephone network (PSTN) or an integrated services digital network (ISDN).
In the information processing system 9, the number of the server apparatus 1, the number of the image reading apparatus 2, the number of the user terminal 3, and the number of the communication line 4 are not limited to the numbers of those illustrated in
There is a method in which when the user terminal 3 uses the image data that is read by the image reading apparatus 2, the read image data is attached to an electronic mail and is transmitted to the user terminal 3. However, the data size of data that is attachable to the electronic mail is limited, and the method is not suitable to transmit image data having a large data size. Thus, it is considered that the image reading apparatus 2 retains the read image data for a certain period of time, and an electronic mail with a URL for downloading the image thereof is transmitted to the user terminal 3, for example, within an intranet of an organization. The reason why such a method is used is that even image data having a large data size is allowed to be downloaded by using a mail address, which is easy to designate, and accessing the URL by using, for example, a web browser, and no authentication information such as a user ID and a password is inputted.
In consideration of widespread remote work or work from home in recent years, it is convenient that such configuration is usable not only in a closed network such as the intranet but also in an open network such as the Internet. If the URL is leaked to a third person who is not authorized, however, the third person is able to download the image data, and herein lies a problem about security. Hardware Configuration of Server Apparatus 1
The processor 11 controls the components of the server apparatus 1 by reading and running a program that is stored in the memory 12. An example of the processor 11 is a central processing unit (CPU).
The interface 13 is a communication circuit that connects the server apparatus 1 to the image reading apparatus 2 with a wired cable or wirelessly via the communication line 4 such that these are capable of communicating with each other.
The memory 12 is a storage unit that stores, for example, an operating system, various programs, and data that are read by the processor 11. The memory 12 includes a random access memory (RAM) and a read only memory (ROM). The memory 12 may include, for example, a solid state drive and/or a hard disk drive. The memory 12 stores a private key 121, a public key 122, a management table 123, a keycode 124, and an algorithm 125 for generating a URL.
The server apparatus 1 and the image reading apparatus 2 are prepared for every organization such as a company or a place of business. Thus, the server apparatus 1 and the image reading apparatus 2 store a common keycode as an identifier (an example of an identifier according to the exemplary embodiment of the disclosure) for identification of the organization. An example of the keycode is a character string that includes a predetermined number of characters. In
A set of the private key and the public key to be stored in the server apparatus 1 are prepared for the organization described above. The private key and the public key conform to, for example, a public key infrastructure (PKI).
The memory 12 stores the image data that is generated by the image reading apparatus 2. The image data is stored in a storage range having a certain size in the memory 12, and the storage range is allotted to every organization. According to the exemplary embodiment, the storage range having a certain size and allotted to every organization is referred to as an image data storage range, and a position at which the image data is stored in the image data storage range is referred to as an image data storage position. The image data storage range and the image data storage position are represented by Uniform Resource Locators (URLs). The URL that represents the image data storage range is a higher-level URL than the URL that represents the image data storage position. The algorithm for generating a URL that the memory 12 stores corresponds to a program for generating the URL that represents the image data storage range and the URL that represents the image data storage position.
The processor 21 controls the components of the image reading apparatus 2 by reading and running a program that is stored in the memory 22. An example of the processor 21 is a CPU.
The interface 23 is a communication circuit that connects the image reading apparatus 2 to the server apparatus 1 with a wired cable or wirelessly via the communication line 4 such that these are capable of communicating with each other.
The operation unit 24 includes operators for various instructions, such as an operation button, a keyboard, a touch screen, and a mouse, receives an operation, and transmits a signal in response to the content of the operation to the processor 21.
The display unit 25 includes a display screen such as a liquid-crystal display and displays an image under control of the processor 21. A transparent touch screen of the operation unit 24 may be stacked on the display screen.
The memory 22 is a storage unit that stores, for example, an operating system, various programs, and data that are read by the processor 21. The memory 22 includes a RAM and a ROM. The memory 22 may include, for example, a solid state drive and/or a hard disk drive. The memory 22 stores a public key 221, a keycode 222, a serial number 223, and an algorithm 224 for generating a URL as in the server apparatus 1 described above.
The operation of the information processing system 9 will be described with reference to
The processor 21 of the image reading apparatus 2 first requests the public key and an electronic signature from the server apparatus 1 (step S11 in
Subsequently, the processor 21 of the image reading apparatus 2 requests the server apparatus 1 to generate a range in which the image data that is transmitted from the image reading apparatus 2 is to be stored (step S13 in FIG. 7). The request for generating the image data storage range is made in a manner in which the keycode and the serial number (for example, aaa) that are stored in the memory 22, and the form of the request for generation (including, for example, attribution information about the image data storage range, such as the size or validity period of the image data storage range) are encrypted by using the public key described above.
The processor 11 of the server apparatus 1 receives the request for generating the image data storage range from the image reading apparatus 2 via the interface 13 (step S103 in
Subsequently, in the case where the image reading apparatus 2 is instructed to read an image, processing illustrated by way of example in
The image reading apparatus 2 is first instructed to read the image by a user, and the processor 21 of the image reading apparatus 2 transmits a request for using a service to the server apparatus 1 (step S21 in
The processor 11 of the server apparatus 1 receives the request for using the service from the image reading apparatus 2 via the interface 13 and decrypts this by using the private key to determine the availability (step S22 in
Subsequently, the processor 21 of the image reading apparatus 2 transmits a request for storing the image data to the server apparatus 1 (step S25 in
The processor 11 of the server apparatus 1 receives the request for storing the image data from the image reading apparatus 2 via the interface 13, decrypts this by using the private key, and determines whether the image data is allowed to be stored. The determination is made by determining whether the decrypted keycode matches the keycode that is stored in the memory 12 and by determining whether there is an image data storage range related to the decrypted serial number. That is, if the decrypted keycode matches the keycode that is stored in the memory 12, and there is the image data storage range related to the decrypted serial number, the processor 11 of the server apparatus 1 determines that the image data is allowed to be stored. In the case where the image data is allowed to be stored, the processor 11 of the server apparatus 1 stores the image data in the memory 12 at a position at which the image data is accessible by using the image data storage position URL (for example, www.xxx.com/yyy/aaa/jksaroie585) including the decrypted random character string (for example, jksaroie585) at the end of the image data storage range (for example, www.xxx.com/yyy/aaa) related to the decrypted serial number (step S26 in
In the case where the result of the storage is received (step S204 in
In
With the configurations described above, the server apparatus 1 stores the image data after the server apparatus 1 and the image reading apparatus 2 perform the authentication by using the keycode.
The exemplary embodiment is described above. The content of the exemplary embodiment, however, may be modified as described below. Modifications described below may be combined with each other.
The server apparatus 1 according to the exemplary embodiment described above includes the processor 11 that includes the CPU. However, a controller that controls the server apparatus 1 may have a different structure. For example, the server apparatus 1 may include various processors other than the CPU.
In the embodiments above, the term “processor” refers to hardware in a broad sense. Examples of the processor include general processors (e.g., CPU: Central Processing Unit) and dedicated processors (e.g., GPU: Graphics Processing Unit, ASIC: Application Specific Integrated Circuit, FPGA: Field Programmable Gate Array, and programmable logic device).
In the embodiments above, the term “processor” is broad enough to encompass one processor or plural processors in collaboration which are located physically apart from each other but may work cooperatively. The order of operations of the processor is not limited to one described in the embodiments above, and may be changed.
According to the exemplary embodiment described above, the processor 21 of the image reading apparatus 2 writes the image data storage position URL on the electronic mail and transmits the image data storage position URL to the user terminal 3. In addition to the image data storage position URL, a URL containing a character string that designates a process (for example, deletion of the image data) to be performed on the image data may also be written on the electronic mail and may be transmitted to the user terminal 3. When, for example, the image data is used by a single user terminal 3 and the user who uses the image data deletes the used image data, the processor 11 of the server apparatus 1 deletes the stored image data in response to access to the URL described above. The processor 21 of the image reading apparatus 2 may thus transmit, to the user terminal 3, the storage position identifier including the character string that designates the process to be performed on the image data stored in the server apparatus 1.
Electronic mails on which the image data storage position URLs are written may be transmitted to multiple user terminals 3 (that is, multiple mail addresses). In this case, the image data storage position URLs that are transmitted to the respective user terminals 3 differ from each other. That is, the image data storage position URLs different from each other for the multiple user terminals 3 are written on the respective electronic mails. The processor 11 of the server apparatus 1 may determine which user uses the image data by monitoring whether there is access to a corresponding image data storage position URL. That is, in the case where the image data storage position URLs are transmitted to the multiple user terminals 3, the processor 21 of the image reading apparatus 2 may transmit an electronic mail on which is written an image data storage position identifier including a terminal identifier (for example, the mail address) for identification of the user terminal 3 to which the electronic mail is transmitted.
According to the exemplary embodiment described above, the server apparatus 1 and the image reading apparatus 2 that are associated with each other belong to the common organization as a premise. However, a business operator that provides an image data storage service, for example, may prepare the server apparatus 1 or a data storage region in the server apparatus 1 for every organization. That is, it suffices that the server apparatus 1 and the image reading apparatus 2 are associated with each other.
The password may be set per image data. For example, the user may input a password into the image reading apparatus 2 when an image is read, the image reading apparatus 2 may notify the server apparatus 1 of the password, the user may input a password into the user terminal 3 when the image data is used, the user terminal 3 may notify the server apparatus 1 of the password, and the processor 11 of the server apparatus 1 may compare the passwords and may determine that the image data is usable if the passwords match.
The image data that is stored in the server apparatus 1 may be deleted by the processor 11 after a predetermined time has passed.
As for communications via the communication line, a measure against data leakage may be taken, for example, by using S/MIME encryption or by using a SSL communication.
A program that is run by the processor 11 of the server apparatus 1 according to the exemplary embodiment described above corresponds to an example of a program causing a computer that includes a processor to execute a process including storing the storage range identifier for identification of a range of a location at which image data is stored in the data storing apparatus that stores the image data transmitted from the processor, and the identifier common to the identifier that is retained by the data storing apparatus, transmitting the read image data and the identifier to the data storing apparatus, generating the storage position identifier for identification of the position at which the read image data is stored, by using the storage range identifier and the character string that is generated by the algorithm common to that in the data storing apparatus, and transmitting the generated storage position identifier to the terminal that uses the image data stored at the position that is identified by using the storage position identifier. The program may be provided as the program stored in a computer readable storage medium, for example, a magnetic storage medium such as a magnetic tape or a magnetic disk, an optical storage medium such as an optical disk, a magneto-optical storage medium, or a semiconductor memory. The program may be downloaded via a communication line such as the Internet.
The foregoing description of the exemplary embodiments of the present disclosure has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the disclosure to the precise forms disclosed. Obviously, many modifications and variations will be apparent to practitioners skilled in the art. The embodiments were chosen and described in order to best explain the principles of the disclosure and its practical applications, thereby enabling others skilled in the art to understand the disclosure for various embodiments and with the various modifications as are suited to the particular use contemplated. It is intended that the scope of the disclosure be defined by the following claims and their equivalents.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2020-144462 | Aug 2020 | JP | national |
