US20040190714A1 - Data security in an information processing device - Google Patents
Data security in an information processing device Download PDFInfo
- Publication number
- US20040190714A1 US20040190714A1 US10/653,216 US65321603A US2004190714A1 US 20040190714 A1 US20040190714 A1 US 20040190714A1 US 65321603 A US65321603 A US 65321603A US 2004190714 A1 US2004190714 A1 US 2004190714A1
- Authority
- US
- United States
- Prior art keywords
- data
- key
- encryption
- information processing
- processing device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
- Facsimile Transmission Control (AREA)
- Record Information Processing For Printing (AREA)
- Facsimiles In General (AREA)
Abstract
A device is provided that combines data protection for stored data with ease of use in cases where data encrypted using a public key is received and stored.
Public key encrypted data received by a data receiver module (50) is decrypted by a PKI encryption module 52 using a private key. A job controller module (51) then determines whether or not protection is necessary for this data based on processing instructions etc. for the data. When data protection is necessary, this data is encrypted by an internal key encryption module (56) and stored in HDD (16). The internal key encryption module 56 performs encryption using an internal key generated from a device serial number of a device. The internal key differs from a PKI public key in having no expiration date and not requiring updating, and can also be used to decrypt old data stored on the HDD (16).
Description
- 1. Field of the Invention
- The present invention relates to an information processing device for executing processing in accordance with processing instruction data and processing target data received via a network, and particularly relates to technology for ensuring security of such data.
- 2. Description of the Related Art
- In recent years, demands have been increasing to increase the strength of information security due to the increasing prevalence of networks and the accompanying misuse of information. In response to these demands, fundamental technology referred to as P K I (public key infrastructure) using public key encryption methods has become widespread, with various types of information equipment such as copiers, multi-function equipment, and facsimiles that are PKI-compatible being developed.
- PKI-compatible equipment receives processing instruction data and processing target data encrypted using a public key for its own device via a network from external PCs (personal computers) and various devices. In this case, the forms that processing of encrypted data received by PKI-compatible equipment takes can be roughly classified into the following two types.
- First, equipment decrypts received encrypted data using a private key of its own equipment and existing processing is executed based on the results of this decryption. Second, equipment decrypts received encrypted data using a private key of its own equipment, holds the results of decryption in an internal storage device (for example, a hard disk), and then reads out the held data and carries out processing afterwards. An example of the second form of processing would be a security print. Insecurity print processing, the printer temporarily internally stores print data sent from an external PC and executes print processing on the saved print data on condition that the user inputs the correct password to the printer.
- Further, that disclosed in Japanese Patent Laid-open Publication No. Hei. 09-134264 is known as an image processing device for decrypting and processing received encrypted data.
- In this way, with related PKI-compatible equipment, in the above second method there is a possibility that decrypted data will be held for long periods of time in storage devices within the equipment and there is a danger of information being disclosed during this time.
- In order to deal with this, the second method has been considered where encrypted data received from external devices is held in storage devices in place of decrypted data in the processing of the above two methods. However, this method causes the following problems to arise.
- First, with PKI, reliability is based on public key certificates for public keys certified by a Certificate Authority (CA). Such public key certificates have an period of validity (usually one year) and when this period of validity runs out, it is necessary to create a new separate private key/public key pair and have a public key certificate issued. When data encrypted using the old public key is then held in a storage unit within the equipment, it is necessary to save not just the current private key but also the old private key in order to execute processing on this data. Management of old private keys therefore becomes complex in cases where public key certificates are issued by a number of certifying authorities such as public certifying authorities or private in-house certificate authorities. This problem is more prominent for data stored for short periods such as with print processing for printers and multi-purpose equipment. This is because the amount of data kept over long periods of time in such cases is small but private key history management is still necessary regardless of the amount of data being small.
- Second, the encryption strength of encrypted data sent from external devices to the equipment depends on the encryption method used by the external device and on key length. The encryption strength of encrypted data from different external devices may therefore differ. On the other hand, in the management of information within a single enterprise, it is demanded that encryption strength of data held in equipment within the enterprise is of a fixed extent or greater. However, encrypted data received from external devices is managed as is and this condition is therefore not fulfilled.
- An information processing device of the present invention comprises a data input interface for inputting encrypted data, a decryption module for decrypting encrypted data inputted by the data input interface using a decryption key forming a pair with a first encryption key used to encrypt the data, an encryption module for encrypting data decrypted by the decryption module using a second encryption key different from the first encryption key, and storage for storing data encrypted by the encryption module.
- In a preferred embodiment of the present invention a key generator is provided for generating a second encryption key used when the encryption module carries out encryption.
- In a further preferred embodiment, volatile memory and a memory controller for storing the second encryption key in the volatile memory are provided.
- FIG. 1 is a view showing the essential parts of a hardware configuration for an image-forming device of the present invention.
- FIG. 2 is a functional block view showing the main essential parts of a control mechanism of the image-forming device.
- FIG. 3 is a view showing an example of a key creation procedure for an internal key management module.
- FIG. 4 is a view showing a processing procedure for receiving data.
- FIG. 5 is a view showing an example of encrypted received data.
- FIG. 6 is a view showing an example of a processing procedure for determining encryption of stored data is necessary.
- FIG. 7 is a further view showing an example of a key creation procedure for an internal key management module.
- FIG. 8 is a still further view showing an example of a key creation procedure for an internal key management module.
- The following is a description based on the drawings of a preferred embodiment of the present invention. In the following a description is given of an image-forming device such as digital multi-function equipment etc. given as an example of an information processing device of the present invention.
- First, referring to FIG. 1, a description is given of a hardware configuration for an image-forming device of this embodiment. FIG. 1 is a view showing structural elements essential to the description of the control of this embodiment, with other structural elements being omitted from the drawing.
- This image-forming device is a device such as a digital copier or digital multifunction peripheral that handles images obtained by optically reading an original document as digital data. This image-forming device is equipped with PKI-compatible functions. Namely, the image-forming device has a private key/public key pair corresponding to a public key certificate issued for itself by a certificate authority and is provided with a function for using the private key to decrypt data from external devices encrypted using this public key. Further, the image-forming device is equipped with a function for encrypting data using the public key of external equipment when data is sent to the external equipment.
- At this device, digital information such as a control program for controlling operations of the image-forming device is stored in a ROM (Read Only Memory)12. A CPU (Central Processing Unit) 10 executes control of each part of the image-forming device by implementing the control program within the
ROM 12. A PKI-compatible processing function and a data protection function for the saved data (described later) are also stored in theROM 12 together with the program described above. - A RAM (Random Access Memory)14 is the main storage device of this image-forming device and is used as work memory when executing the control program. The
RAM 14 can be used, for example, as a page buffer for storing a one page portion of image data for supplying to theprint engine 28. - A HDD (Hard Disk Drive)16 is an auxiliary storage device for storing various kinds of data. For example, the image-forming device saves job data that is received or that is generated in the
HDD 16. This job data may be, for example, print target document data for a print job requested via a network from a remote host, document image data read by ascan engine 26 for copying, or image data read by ascan engine 26 in accordance with scanning instructions. - Non-Volatile Memory18 (NVM) is memory for storing various kinds of semi-permanent setting information and programs relating to control of the image-forming device and is constructed from, for example, a battery backup RAM etc. Types of image-forming devices where the HDD 16 is optional are very common. With this kind of equipment the job data is stored in the
NVM 18 when aHDD 16 is not provided. - A secret key corresponding to the public key certificate issued for this image-forming device is stored in one of either the
HDD 16 or theNVM 18. - A one-time PROM (one-time Programmable Read Only Memory)20 is non-volatile memory capable of being written to only once. This one-time PROM is recorded with, for example, a unique device serial number for the image-forming device.
- An
operation panel 22 is user interface means for displaying a user interface for the image-forming device and for receiving input for various instructions from the user. Theoperation panel 22 is typically equipped with mechanical operation buttons such as a copy start button etc. and a liquid crystal touch-sensitive panel. The liquid crystal panel displays a GUI (Graphical User Interface) screen generated by the control program executed by theCPU 10, detects positions touched by the user on this display and passes these over to the control program. The control program then interprets this user input content from the touch position information. - A
communication interface 24 is a device for controlling data communication with a network such as a local area network etc. A print instruction etc. from the remote host is inputted to the image-forming device via thecommunication interface 24. Ascan engine 26 is a device for supplying a scan function for creating electronic image data by optically reading an original document. An original document placed at an Automatic Document Feeder (omitted from the drawings) is sent to the scan engine one page at a time by the ADF function and is optically read. - The
print engine 28 is a device for providing a print function for forming (printing) images on paper using image data provided under the control of theCPU 10. - A
token reader 30 is a device for receiving a hardware token held by the user as input and reading data stored within the token. The hardware token is configured from devices compatible with various wired interface standards such as, for example, IC cards or USB (Universal Serial Bus) etc. or devices compatible with various wireless interface standards such as Bluetooth etc. - With this kind of image-forming device, in this embodiment, the security of data saved in the
HDD 16 etc. is improved. - Next, a description is given of the main essential parts of a control mechanism for this image-forming device with reference to FIG. 2. The control mechanism shown in FIG. 2 is implemented by executing a program stored in the
ROM 12,HDD 16 orNVM 18 using theCPU 10. - First, a
data receiver module 50 is connected to a data communication network such as a LAN etc., and receives requests from external equipment (PC etc.) on the network. A job request includes instruction data indicating the requested processing content. When the requested job is printing, document data constituting the printing target is included. There are cases where an external device may send instruction data or document data constituting a job after encrypting the data using the corresponding image-forming device public key. - A
job controller module 51 exerts control to receive job requests inputted using the user interface screen displayed at theoperation panel 22 and to receive job requests received by the functions of thecommunication interface 24 and thedata receiver module 50 and to execute jobs relating to these requests. Thejob controller module 51 registers an inputted job in a queue, and when the time to execute this job arrives, provides the required data to anapplication 60 and executes the job. When the received data is encrypted, thejob controller module 51 makes a request for decryption to thePKI encryption module 52. When the job to be executed is a job for which the storage of data is necessary, thejob controller module 51 executes processing in order to save this data on theHDD 16. Jobs that require storage of job data are security print jobs and jobs where a read image is temporarily stored in a private storage area. A description of security print has already been given. - Further, the
job controller module 51 reads out job data saved temporarily at theHDD 16 at the time of use in order to execute a job and provides this job data to theapplication 60. - The
application 60 is a function module for providing each of the functions such as the printing function, scan function, facsimile function etc. provided by the image-forming device for executing jobs. - The
PKI encryption module 52 is a function module for encryption and decryption processing for public key encryption methods, and executes processing for the adding and authentication of electronic signatures in accordance with public key infrastructure. - A PKI
key management module 54 is a function module for managing key information used in encryption and decryption at thePKI encryption module 52 and in processing for adding and authenticating electronic signatures. The PKIkey management module 54 is equipped with a function for reading out private keys and public keys in the image-forming device stored in theHDD 16 or theNVM 18, and public keys for external devices. These keys are registered manually, for example, in the PKIkey management module 54 by a system manager. Further, the PKIkey management module 54 may also be configured to acquire these keys from a certifying authority as necessary. Public key certificates issued by a certifying authority have an expiration date (period of validity). When the expiration date for the public key/private key of the image-forming device runs out, this cannot practically be used by the PKI system. - An internal
key encryption module 56 is a function module for carrying out encryption processing on data stored in theHDD 16 and for carrying out decryption processing on saved encrypted data. The internalkey encryption module 56 carries out encryption and decryption processing using an internal key. This internal key differs from public keys and private keys with expiration dates in being valid for an indefinite period and the same internal key is used until changed by the user of the image-forming device. Any encryption algorithm may be used in this encryption and decryption providing that the encryption algorithm is capable of fulfilling requirements with respect to user security. There are cases, depending on the algorithm used, where the same common internal key is used for encryption and decryption, and cases where asymmetrical keys are used, namely, different internal keys are used for encryption and decryption. - An internal
key management module 58 is a function module for managing internal key information used in encryption and decryption processing of the internalkey encryption module 56. - In a preferred embodiment, the internal
key management module 58 automatically generates internal keys based on information specific to this image-forming device. One example is a method of generating internal keys from the device serial number stored in the one-time PROM 20. A key generating program for generating internal keys is stored in theROM 12. The internalkey management module 58 generates internal keys by providing the device serial number as a parameter to the key generating program. The key generating program and the device serial number are both fixed. Therefore, according to this method, it is usually possible to generate internal keys of the same value. It is possible for generation of an internal key to be carried out each time as encryption or decryption becomes necessary but it is preferable to create internal keys at prescribed times for storage in theRAM 14 and re-utilize these internal keys. The time of generation of this internal key is preferably when the image-forming device is activated by turning on the power supply. - An example of a procedure for generating an internal key is described using FIG. 3. This process is executed at the time of activation, etc.
- In this process, first, the internal
key management module 58 reads the device serial number from the one-time PROM 20 (S10). Next, the secret key generating program is executed taking the device serial number as a parameter and a value is calculated for the internal key (S12). The value for the internal key calculated in this way is stored in theRAM 14 and the internalkey encryption module 56 is notified of information (for example, internal key address information for the RAM 14) for accessing this internal key (S14). When encryption or decryption is necessary, the internalkey encryption module 56 acquires a value for the internal key based on this access information. - In this example, the internal key itself is therefore not stored in non-volatile storage media (
HDD 16 orNVM 18 etc.) of the image-forming device and the risk of disclosure of the internal key can therefore be reduced. Even if the device serial number is known, it is not possible for a third party to generate an internal key if the confidentiality of the key generating program is maintained. Moreover, in this example, the generated encryption keys are stored in thevolatile RAM 14 and the internal key is therefore deleted when the power to the image generating device is cut off. The security of the internal key is therefore improved. Next, a description is given with reference to FIG. 4 of processing carried out by the image-forming device when job request data from an external device is received via a network. - In this process, first, the
job controller module 51 makes a determination as to whether or not data received by thedata receiver module 50 is encrypted (S20). When it is determined that the data is encrypted, the data is decrypted by thePKI encryption module 52. As a result, thePKI encryption module 52 acquires a secret key for the image-forming device from the PKIkey management module 54 and decrypts the data using this private key (S22). - An example of this decryption processing is described utilizing the encrypted data shown in FIG. 5.
- The encrypted data shown in FIG. 5 is encrypted in accordance with XML encryption of the W3C recommendation. In this example, an
element 102 indicating an algorithm used in encryption of the data is described in anencryption data element 100. Theelement 102 indicates that triple DES is used as the encryption algorithm. - Next,
elements element 110 is an element describing information for this encrypted symmetric key. Anelement 112 indicating an algorithm used in encryption of the symmetric key, anelement 114 indicating a key used in this encryption, and anelement 116 indicating the value of the encrypted symmetric key are included in theelement 110. Theelement 114 indicating the encrypted key indicates the name of the image-forming device. This means that a public key corresponding to this name can be used. - The
element 104 following after thiselement 110 includes and reference information indicating use of the key shown in theelement 110 as a key for encrypting the data. - An
element 106 indicating the value for the data encryption results is then described afterelements - The
PKI encryption module 52 first decrypts the value for the encrypted symmetric key indicated inelement 116 using the private key for the image-forming device. Next, the encrypted data value included in theelement 106 is decrypted to plain text using the algorithm indicated inelement 102 and the symmetric key. - The description now returns again to the processing procedure shown in FIG. 4. The
job controller module 51 determines whether or not it is necessary to store the received data (S24). This determination can be carried out based on a job classification indicated in instruction data corresponding to the received data. For example, if classification of the job requested by the external device is job processing such as for a security print that is not executed soon, it is determined that saving is necessary. If the job is a type of job such as a normal print job where the job processing is executed soon, it is determined not to be necessary to save the data. When instruction data from an external device is encrypted, the determination processing in step S24 is executed after decryption of the instruction data. - When it is determined that saving of the data is not necessary in step S24, the
job controller module 51 executes processing on data decrypted by thePKI encryption module 52 as soon as possible (S26). - When it is determined that saving of data is necessary, a determination is made as to whether or not data protection is necessary for the data to be saved (S28). This determination can be carried out based on attribute information for this data (or for a job targeting this data). Confidentiality instructed by the requester of the job for this data or storage time etc. may also be given as attributes capable of being used in this determination. The storage time indicates the period for which the requester of the job wishes the data to be stored at the image-forming device. This image-forming device then destroys this data when the storage time from receipt of the data elapses. The expiration date may also be used in place of the storage time. In this example, the user interface for the print driver provided at the external equipment receives authentication information (for example, a pass-phrase) for the security print, confidentiality, and storage time from the user as input. The print driver incorporates each item of information inputted into instruction data and sends this instruction data to the image-forming device.
- An example of determination processing occurring in step S28 is shown in FIG. 6. In this example, the
job controller module 51 compares confidentiality and storage time indicated in the instruction data for this job to corresponding threshold values (the threshold values are set by a manager of the image-forming device in advance) respectively (S40 and S42). When either one of these values is greater than a threshold value, it is determined that data protection is necessary (S44). On the other hand, if the confidentiality and storage time are both less than or equal to the threshold values, data protection is determined to be not necessary (S46). - In the example in FIG. 6, confidentiality instructed by a user and storage time are used in order to determine the necessity of data protection, but this is merely given as an example. In place of this, for example, it is also possible to determine confidentiality of the data based on key length of the symmetric key (
element 116 of FIG. 5) used in encryption of the received encrypted data and to determine whether or not data protection is necessary according to the degree of confidentiality. - In a further example of determination, there is a determination method such that, when the data inputted at the image-forming device is encrypted, the data is determined to need protection at the time of storing. It is assumed that the sender wishes the data to be protected from the fact that data sent to the image-forming device was encrypted, and encryption is therefore carried out accordingly when saving. In this method, when the inputted data is not encrypted, a determination may simply be made such that encryption is not necessary during saving, or another detailed rule for determination can be made.
- Further, a determination can also be made as to whether or not data protection is necessary according to the storage device that is the data storage destination. Namely, as described above, in the case of an image-forming device where the
HDD 16 is optional, in a configuration where anHDD 16 is not provided, the stored data is stored in thenon-volatile memory 18. However, extraction of theHDD 16 from the image-forming device is comparatively easy so that, for example, there is a possibility that, for example, an unauthorized user may extract theHDD 16 overnight, etc. and analyze the contents. However, thenon-volatile memory 18 is fixed to the circuit board of the image-forming device and the possibility of thenon-volatile memory 18 being extracted and analyzed is therefore low. Whether or not the image-forming device is provided with anoptional HDD 16 is recorded in thenon-volatile memory 18 as one part of equipment configuration information. A program for determining whether or not data protection is necessary refers to the equipment configuration information to check whether or not theHDD 16 is provided. If theHDD 16 is provided, it is determined that data protection is required for the saved data, and if not provided, it is determined that data protection is not required. - Further, it is also possible for the person requesting the job to designate whether or not protection of data is required for this job. In this case, information for whether or not data protection is necessary is incorporated into the instruction data for the job and is sent to the image-forming device.
- Returning again to the description of the processing procedure in FIG. 4, when it is determined in step S28 that data protection is not required for the saved data, the
job controller module 51 stores data decryption results of thePKI encryption module 52 in theHDD 16 without encrypting these results (S30). On the other hand, when it is determined in step S28 that data protection is required for the saved data, thejob controller module 51 encrypts the data decryption results of thePKI encryption module 52 at the internalkey encryption module 56 and stores these encrypted results in HDD 16 (S32). - Regarding the stored data, when the time comes to execute the job process, the
job controller module 51 extracts the stored data from theHDD 16 and if this data is encrypted, the data is decrypted by the internalkey encryption module 56 and then provided to theapplication 60. - In the above, a description is given of the processing for storing data received from external equipment via the network. With the image-forming device of this embodiment, not only this received data but also image data created by the
scan engine 26 etc. and data generated internally within the image generating device can be encrypted by the internalkey encryption module 56 when being saved to theHDD 16. - With the image-forming device of the embodiment described above, public key-encrypted data received from an external device is re-encrypted using an internal key of the device itself after being decrypted once. When the received data itself encrypted using a public key is stored, the management of old secret keys is problematic, but as the internal key is valid for an indefinite period this problem is resolved. Further, in this embodiment, data encrypted using a unified key referred to as an internal key is stored, and the encryption strength of the encrypted data stored in the
HDD 16 is therefore uniform. Requests where it is desired to have the encryption strength of data stored within theHDD 16 of a fixed extent or greater are satisfied by appropriately selecting the key length of the key used as the internal key and the encryption algorithm of the internalkey encryption module 56. - Further, when a structure is adopted where data encrypted using a public key is stored in the
HDD 16 as is, if the stored secret key becomes damaged for whatever reason, there is a danger that this encrypted data cannot be decrypted. However, in this embodiment the internal key is generated from the serial number of the device and then encrypted, and this danger is therefore reduced. In other words, the secret key which is updated every limited period of validity is stored in theHDD 16 or thenon-volatile memory 18, read and write operations are comparatively common, and there is a certain risk of damage. However, the risk of damage to the onetime PROM 20 in which the serial number is written or to theROM 12 in which the key generating program is written is comparatively low compared to theHDD 16 or thenon-volatile memory 18. - The preferred embodiment described above is merely given as an example and various modifications can be considered while remaining within the spirit of the present invention.
- For example, the internal key created by the internal
key management module 58 may be made to have a degree of encryption strength requested by the user. In this way, the user can set a value for the desired security level for the image-forming device. This setting value can be stored in theHDD 16 or thenon-volatile memory 18. The internalkey management module 58 then reads this security level setting value (S11) in addition to the device serial number (S10) as shown in FIG. 7 when the system is activated, etc. Key length of the internal key is then decided according to this security level and an internal key of this key length is generated by the key generation algorithm (S12 a) and stored in the RAM 14 (S14). - There are also countries where law dictates that there are limits put on key length of encrypted keys and the device of this embodiment is also able to deal with this. For example, by writing identification information indicating the country the device is to be shipped to in the one-
time PROM 20 or thenon-volatile memory 18 of the image-forming device, the internalkey management module 58 can read out the value set for the country being shipped to when generating an internal key and decide key length of the internal key according to this value. - Further, in this embodiment, an internal key is generated from the device serial number but it is also possible to generate the internal key from other information specific to the device stored in a storage device the image-forming device is equipped with.
- Moreover, in addition to the device serial number, it is also possible to invoke a hardware token (hereafter abbreviated to “token”) and generate an internal key. For instance, in a modified example, in addition to the device serial number, information stored in the token is used as a parameter for generating the internal key. Invoking the token then makes it difficult to illegally create an internal key even when the key generating algorithm of the internal
key management module 58 is disclosed. - An example of a procedure for a key generating process using this method is shown in FIG. 8. In the case of generating a key, the internal
key management module 58 first sets the key generation for the image-forming device and determines whether or not a token is set for use (S50). This setting can be carried out by the manager of the image-forming device and the set value can be stored inHDD 16 or in thenon-volatile memory 18. When it is determined that a token is not necessary in this determination, the same process as shown in FIG. 3 is executed (S10, S12, S14). On the other hand, when it is determined that a token is required for key generation, the internalkey management module 58 determines whether or not token data is input from the token reader 30 (S52). When there is no input, an error message indicating that a token should be installed in displayed at the display of the operation panel 22 (S54) and installation of the token is invited. When it is determined in step S52 that a token is installed, the internalkey management module 58 reads the device serial number and the token data respectively (S56), generates an internal key using the device serial number and token data as parameters (S58), and stores the internal key in the RAM 14 (S14). - A configuration where an internal key is generated only using a parameter within the token and without using the device serial number can also be considered.
- Further, rather than generating an internal key within the image-forming device, an internal key can be stored in advance within the token and this can be read out and utilized by the image-forming device.
- Moreover, in the above example, a single internal key is used for the image-forming device but it is also possible to create an internal key for each registered user registered in the image-forming device to be used to carry out encryption for each user. In this example, the image-forming device then determines the proprietor of the saved target data from received instruction data or header information for the saved target data etc. and re-encrypts decryption results of the
PKI encryption module 52 using the internal key for this proprietor and stores this in theHDD 16. - The above is a description of a preferred embodiment for the case of application of the present invention to an image-forming device such as digital multi-purpose equipment etc. However, as is clear from the above description, the method for protecting stored data in this embodiment does not depend on the type of processing or the type of data to be stored, and application to various job processing devices other than image-forming devices is possible.
- Although a specific embodiment of the invention has been disclosed, it will be understood by those having skill in the art that changes can be made to this specific embodiment without departing from the spirit and scope of the invention. The scope of the invention is not to be restricted, therefore, to the specific embodiment, and it is intended that the appended claims should cover any and all such applications, modifications, and embodiments within the scope of the present invention.
Claims (18)
1. An information processing device comprising:
a data input interface for inputting encrypted data;
a decryption module for decrypting encrypted data inputted by the data input interface using a decryption key forming a pair with a first encryption key used to encrypt the data;
an encryption module for encrypting data decrypted by the decryption module using a second encryption key different from the first encryption key; and
a storage device for storing data encrypted by the encryption module.
2. The information processing device of claim 1 , wherein
an expiration date is not set for the second encryption key.
3. The information processing device of claim 1 , wherein
the data input interface also inputs unencrypted data, and
the encryption module also encrypts unencrypted data input by the data input interface.
4. The information processing device of claim 1 , further comprising:
a key generator for generating the second encryption key.
5. The information processing device of claim 4 , further comprising:
volatile memory; and
a memory controller for storing the second encryption key in the volatile memory.
6. The information processing device of claim 4 , wherein
the key generator generates the second encryption key using information characteristic to the device itself.
7. The information processing device of claim 4 , wherein
the key generator generates the second encryption key when power to the device is turned on.
8. The information processing device of claim 4 , further comprising:
a media reader capable of being installed with a removable portable storage media storing key generation parameters for reading a key generation parameter stored on the installed portable storage media, wherein
the key generator generates the second encryption key using the key generation parameter.
9. The information processing device of claim 4 , further comprising:
a security level setting module for setting a security level for the information processing device, wherein
the key generator generates the second encryption key of a key length corresponding to the security level set at the security level setting module.
10. The information processing device of claim 4 , further comprising:
a region setting module for receiving settings for a region where the device is to be used, wherein
the key generator generates the second encryption key of a key length corresponding to the region set at the region setting module.
11. The information processing device of claim 1 , further comprising:
a media reader capable of being installed with a removable portable storage media storing the encryption key, wherein
the encryption module reads the second encryption key from the portable storage media installed in the media reader and performs encryption.
12. The information processing device of claim 1 , equipped with a plurality of the storage devices, and having second encryption keys corresponding to each storage device, wherein the encryption module performs encryption using the second encryption key corresponding to storage device decided by a data storage destination.
13. The information processing device of claim 1 , having encryption keys corresponding to each user using the device, wherein
the encryption module performs encryption using an encryption key for the user corresponding to the data.
14. The information processing device of claim 1 , further comprising:
deciding means for deciding whether or not to encrypt data inputted by the data input interface, wherein
the encryption module encrypts data decided upon for encryption by the deciding means.
15. The information processing device of claim 14 , wherein
the deciding means decides to encrypt when data inputted by the data input interface is encrypted.
16. The information processing device of claim 1 , further comprising a printer for decrypting and printing data stored in the storage device.
17. A method for storing data inputted to an information processing device, comprising the steps of:
inputting encrypted data;
decrypting encrypted data inputted using a decryption key forming a pair with a first encryption key used to encrypt the data;
encrypting decrypted data using a second encryption key different from the first encryption key; and
storing data encrypted using the second encryption key.
18. The information processing device of claim 17 , further comprising a step of:
storing the second encryption key in the volatile memory.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/718,793 US8301908B2 (en) | 2003-03-24 | 2010-03-05 | Data security in an information processing device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003-081558 | 2003-03-24 | ||
JP2003081558A JP4655452B2 (en) | 2003-03-24 | 2003-03-24 | Information processing device |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/718,793 Continuation US8301908B2 (en) | 2003-03-24 | 2010-03-05 | Data security in an information processing device |
Publications (1)
Publication Number | Publication Date |
---|---|
US20040190714A1 true US20040190714A1 (en) | 2004-09-30 |
Family
ID=32984980
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/653,216 Abandoned US20040190714A1 (en) | 2003-03-24 | 2003-09-03 | Data security in an information processing device |
US12/718,793 Expired - Lifetime US8301908B2 (en) | 2003-03-24 | 2010-03-05 | Data security in an information processing device |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/718,793 Expired - Lifetime US8301908B2 (en) | 2003-03-24 | 2010-03-05 | Data security in an information processing device |
Country Status (4)
Country | Link |
---|---|
US (2) | US20040190714A1 (en) |
JP (1) | JP4655452B2 (en) |
KR (1) | KR100613156B1 (en) |
CN (1) | CN1296839C (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050114688A1 (en) * | 2003-11-25 | 2005-05-26 | Leis Benjamin A. | Encryption of system paging file |
US20050281405A1 (en) * | 2004-03-03 | 2005-12-22 | Canon Kabushiki Kaisha | Print system, control method therefor, information processing apparatus, control method therefor, program for implementing the control method, and storage medium storing the control program |
US20060050879A1 (en) * | 2004-09-09 | 2006-03-09 | Canon Kabushiki Kaisha | Method and apparatus for encrypted print processing |
US20060120520A1 (en) * | 2004-09-24 | 2006-06-08 | Fuji Xerox Co., Ltd. | Encryption device, encryption processing method and program, and information protection system employing the encryption device |
US20060262928A1 (en) * | 2005-05-23 | 2006-11-23 | Hagai Bar-El | Method, device, and system of encrypting/decrypting data |
US20070220257A1 (en) * | 2006-03-06 | 2007-09-20 | Sandisk Il Ltd. | Controlled-Access Recording Generator |
US20090164804A1 (en) * | 2007-12-25 | 2009-06-25 | Sandisk Il Ltd. | Secured storage device |
US20090210701A1 (en) * | 2005-06-23 | 2009-08-20 | Junbiao Zhang | Multi-Media Access Device Registration System and Method |
US20100332820A1 (en) * | 2008-02-25 | 2010-12-30 | Hideki Matsushima | Information security device and information security system |
US8294940B1 (en) * | 2007-06-01 | 2012-10-23 | Marvell International Ltd. | Updating data in a one-time programmable data storage device |
US9058503B2 (en) | 2013-05-10 | 2015-06-16 | Successfactors, Inc. | Systems and methods for secure storage on a mobile device |
US9755824B2 (en) * | 2012-12-14 | 2017-09-05 | Intel Corporation | Power line based theft protection of electronic devices |
US9806888B1 (en) * | 2016-07-06 | 2017-10-31 | Shimon Gersten | System and method for data protection using dynamic tokens |
US9984238B1 (en) * | 2015-03-30 | 2018-05-29 | Amazon Technologies, Inc. | Intelligent storage devices with cryptographic functionality |
US10178072B2 (en) | 2004-07-20 | 2019-01-08 | Time Warner Cable Enterprises Llc | Technique for securely communicating and storing programming material in a trusted domain |
US10362018B2 (en) | 2006-10-20 | 2019-07-23 | Time Warner Cable Enterprises Llc | Downloadable security and protection methods and apparatus |
US10404752B2 (en) | 2007-01-24 | 2019-09-03 | Time Warner Cable Enterprises Llc | Apparatus and methods for provisioning in a download-enabled system |
US10652607B2 (en) | 2009-06-08 | 2020-05-12 | Time Warner Cable Enterprises Llc | Media bridge apparatus and methods |
US10848806B2 (en) | 2004-07-20 | 2020-11-24 | Time Warner Cable Enterprises Llc | Technique for securely communicating programming content |
US10958629B2 (en) | 2012-12-10 | 2021-03-23 | Time Warner Cable Enterprises Llc | Apparatus and methods for content transfer protection |
US10965727B2 (en) | 2009-06-08 | 2021-03-30 | Time Warner Cable Enterprises Llc | Methods and apparatus for premises content distribution |
US11076203B2 (en) | 2013-03-12 | 2021-07-27 | Time Warner Cable Enterprises Llc | Methods and apparatus for providing and uploading content to personalized network storage |
US11792462B2 (en) | 2014-05-29 | 2023-10-17 | Time Warner Cable Enterprises Llc | Apparatus and methods for recording, accessing, and delivering packetized content |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7725729B2 (en) * | 2004-01-28 | 2010-05-25 | Fuji Xerox Co., Ltd. | Electronic device and controlling method of electronic device |
JP4341838B2 (en) | 2004-10-01 | 2009-10-14 | ペルメレック電極株式会社 | Electrode cathode |
JP2006222483A (en) * | 2005-02-08 | 2006-08-24 | Murata Mach Ltd | E-mail communications apparatus |
JP4765416B2 (en) * | 2005-06-07 | 2011-09-07 | コニカミノルタビジネステクノロジーズ株式会社 | Image processing apparatus and image storage method |
JP2007312357A (en) * | 2006-04-18 | 2007-11-29 | Canon Inc | Data processing device and control method therefor, data processing system, program, storage medium |
JP4539613B2 (en) * | 2006-06-28 | 2010-09-08 | 富士ゼロックス株式会社 | Image forming apparatus, image generation method, and program |
JP4530035B2 (en) * | 2007-12-13 | 2010-08-25 | コニカミノルタビジネステクノロジーズ株式会社 | Image forming apparatus, image forming apparatus terminal apparatus, image forming system, and program |
JP2009200565A (en) * | 2008-02-19 | 2009-09-03 | Murata Mach Ltd | Digital multifunction machine |
WO2009125141A2 (en) * | 2008-03-31 | 2009-10-15 | France Telecom | Method of access and of transferring data related to an application installed on a security module associated with a mobile terminal, associated security module, management server and system |
US8510552B2 (en) | 2010-04-07 | 2013-08-13 | Apple Inc. | System and method for file-level data protection |
US8788842B2 (en) * | 2010-04-07 | 2014-07-22 | Apple Inc. | System and method for content protection based on a combination of a user PIN and a device specific identifier |
CN104184921B (en) * | 2013-05-24 | 2018-10-12 | 中兴通讯股份有限公司 | Encryption method and server and decryption method and terminal |
US8964237B2 (en) * | 2013-06-28 | 2015-02-24 | Lexmark International, Inc. | Imaging device including wear leveling for non-volatile memory and secure erase of data |
US10142304B2 (en) * | 2016-08-23 | 2018-11-27 | Seagate Technology Llc | Encryption key shredding to protect non-persistent data |
JP7419941B2 (en) * | 2020-04-07 | 2024-01-23 | 富士フイルムビジネスイノベーション株式会社 | History management device and program |
CN113935018B (en) * | 2021-12-16 | 2022-03-11 | 飞腾信息技术有限公司 | Password operation method, system on chip and computer equipment |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5442616A (en) * | 1992-02-13 | 1995-08-15 | Sharp Kabushiki Kaisha | Light source unit and method of adjusting for maximizing focus and tracking errors thereby |
US5677952A (en) * | 1993-12-06 | 1997-10-14 | International Business Machines Corporation | Method to protect information on a computer storage device |
US5805706A (en) * | 1996-04-17 | 1998-09-08 | Intel Corporation | Apparatus and method for re-encrypting data without unsecured exposure of its non-encrypted format |
US20020133543A1 (en) * | 2001-03-14 | 2002-09-19 | Yoko Fujiwara | Device, method, and program for data transmission as well as computer readable recording medium stored with program |
US20020174351A1 (en) * | 2001-05-18 | 2002-11-21 | Aralion Inc | High security host adapter |
US6567914B1 (en) * | 1998-07-22 | 2003-05-20 | Entrust Technologies Limited | Apparatus and method for reducing transmission bandwidth and storage requirements in a cryptographic security system |
US20030145218A1 (en) * | 2002-01-31 | 2003-07-31 | Xerox Corporation | Encryption of image data in a digital copier |
US20030219127A1 (en) * | 2002-05-24 | 2003-11-27 | Russ Samuel H. | Apparatus for entitling remote client devices |
US6658566B1 (en) * | 1997-03-13 | 2003-12-02 | Bull Cp8 | Process for storage and use of sensitive information in a security module and the associated security module |
US20040015687A1 (en) * | 2000-07-21 | 2004-01-22 | Luca Chiarabini | Dual level encrypted cache for secure document print on demand |
US6993130B1 (en) * | 2000-02-04 | 2006-01-31 | Xtec, Incorporated | Methods and apparatus for mediametric data cryptoprocessing |
US6996238B2 (en) * | 2000-10-02 | 2006-02-07 | Sony Corporation | Method for generating and looking-up transaction keys in communication networks |
US7093295B1 (en) * | 1998-10-15 | 2006-08-15 | Makoto Saito | Method and device for protecting digital data by double re-encryption |
US7180909B1 (en) * | 2001-12-17 | 2007-02-20 | Supergate Technology Usa, Inc. | Interface receive circuits for modularized data optimization engines and methods therefor |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5457748A (en) * | 1992-11-30 | 1995-10-10 | Motorola, Inc. | Method and apparatus for improved security within encrypted communication devices |
JP3281235B2 (en) | 1995-11-08 | 2002-05-13 | キヤノン株式会社 | Image processing device |
US6947560B1 (en) * | 1999-04-26 | 2005-09-20 | Telefonaktiebolaget L M Ericsson (Publ) | Method and device for effective key length control |
US6862583B1 (en) * | 1999-10-04 | 2005-03-01 | Canon Kabushiki Kaisha | Authenticated secure printing |
JP4622064B2 (en) * | 2000-04-06 | 2011-02-02 | ソニー株式会社 | Information recording apparatus, information reproducing apparatus, information recording method, information reproducing method, information recording medium, and program providing medium |
JP2002016594A (en) * | 2000-06-30 | 2002-01-18 | Toshiba Corp | Wireless communication equipment and method for controlling key length for encryption/decoding processing applied to the equipment |
JP3925095B2 (en) * | 2001-02-01 | 2007-06-06 | 株式会社日立製作所 | Data receiver |
US6944770B2 (en) * | 2001-05-17 | 2005-09-13 | Intelli-Mark Technologies, Inc. | Methods and systems for generating and validating value-bearing documents |
US7284061B2 (en) * | 2001-11-13 | 2007-10-16 | Canon Kabushiki Kaisha | Obtaining temporary exclusive control of a device |
EP1320006A1 (en) * | 2001-12-12 | 2003-06-18 | Canal+ Technologies Société Anonyme | Processing data |
-
2003
- 2003-03-24 JP JP2003081558A patent/JP4655452B2/en not_active Expired - Fee Related
- 2003-09-03 US US10/653,216 patent/US20040190714A1/en not_active Abandoned
- 2003-09-22 KR KR1020030065573A patent/KR100613156B1/en active IP Right Grant
- 2003-10-10 CN CNB2003101007921A patent/CN1296839C/en not_active Expired - Lifetime
-
2010
- 2010-03-05 US US12/718,793 patent/US8301908B2/en not_active Expired - Lifetime
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5442616A (en) * | 1992-02-13 | 1995-08-15 | Sharp Kabushiki Kaisha | Light source unit and method of adjusting for maximizing focus and tracking errors thereby |
US5677952A (en) * | 1993-12-06 | 1997-10-14 | International Business Machines Corporation | Method to protect information on a computer storage device |
US5805706A (en) * | 1996-04-17 | 1998-09-08 | Intel Corporation | Apparatus and method for re-encrypting data without unsecured exposure of its non-encrypted format |
US6658566B1 (en) * | 1997-03-13 | 2003-12-02 | Bull Cp8 | Process for storage and use of sensitive information in a security module and the associated security module |
US6567914B1 (en) * | 1998-07-22 | 2003-05-20 | Entrust Technologies Limited | Apparatus and method for reducing transmission bandwidth and storage requirements in a cryptographic security system |
US7093295B1 (en) * | 1998-10-15 | 2006-08-15 | Makoto Saito | Method and device for protecting digital data by double re-encryption |
US6993130B1 (en) * | 2000-02-04 | 2006-01-31 | Xtec, Incorporated | Methods and apparatus for mediametric data cryptoprocessing |
US20040015687A1 (en) * | 2000-07-21 | 2004-01-22 | Luca Chiarabini | Dual level encrypted cache for secure document print on demand |
US6996238B2 (en) * | 2000-10-02 | 2006-02-07 | Sony Corporation | Method for generating and looking-up transaction keys in communication networks |
US20020133543A1 (en) * | 2001-03-14 | 2002-09-19 | Yoko Fujiwara | Device, method, and program for data transmission as well as computer readable recording medium stored with program |
US20020174351A1 (en) * | 2001-05-18 | 2002-11-21 | Aralion Inc | High security host adapter |
US7180909B1 (en) * | 2001-12-17 | 2007-02-20 | Supergate Technology Usa, Inc. | Interface receive circuits for modularized data optimization engines and methods therefor |
US20030145218A1 (en) * | 2002-01-31 | 2003-07-31 | Xerox Corporation | Encryption of image data in a digital copier |
US20030219127A1 (en) * | 2002-05-24 | 2003-11-27 | Russ Samuel H. | Apparatus for entitling remote client devices |
Cited By (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050114688A1 (en) * | 2003-11-25 | 2005-05-26 | Leis Benjamin A. | Encryption of system paging file |
US7325115B2 (en) * | 2003-11-25 | 2008-01-29 | Microsoft Corporation | Encryption of system paging file |
US7864955B2 (en) * | 2004-03-03 | 2011-01-04 | Canon Kabushiki Kaisha | Print system, control method therefor, information processing apparatus, control method therefor, program for implementing the control method, and storage medium storing the control program |
US20050281405A1 (en) * | 2004-03-03 | 2005-12-22 | Canon Kabushiki Kaisha | Print system, control method therefor, information processing apparatus, control method therefor, program for implementing the control method, and storage medium storing the control program |
US8457310B2 (en) | 2004-03-03 | 2013-06-04 | Canon Kabushiki Kaisha | Print system, control method therefor, information processing apparatus, control method therefor, program for implementing the control method, and storage medium storing the control program |
US10178072B2 (en) | 2004-07-20 | 2019-01-08 | Time Warner Cable Enterprises Llc | Technique for securely communicating and storing programming material in a trusted domain |
US10848806B2 (en) | 2004-07-20 | 2020-11-24 | Time Warner Cable Enterprises Llc | Technique for securely communicating programming content |
US11088999B2 (en) | 2004-07-20 | 2021-08-10 | Time Warner Cable Enterprises Llc | Technique for securely communicating and storing programming material in a trusted domain |
US20060050879A1 (en) * | 2004-09-09 | 2006-03-09 | Canon Kabushiki Kaisha | Method and apparatus for encrypted print processing |
US7853017B2 (en) * | 2004-09-09 | 2010-12-14 | Canon Kabushiki Kaisha | Method and apparatus for encrypted print processing |
US20060120520A1 (en) * | 2004-09-24 | 2006-06-08 | Fuji Xerox Co., Ltd. | Encryption device, encryption processing method and program, and information protection system employing the encryption device |
US7839999B2 (en) * | 2004-09-24 | 2010-11-23 | Fuji Xerox Co., Ltd. | Encryption device, encryption processing method and program, and information protection system employing the encryption device |
US20060262928A1 (en) * | 2005-05-23 | 2006-11-23 | Hagai Bar-El | Method, device, and system of encrypting/decrypting data |
US20090210701A1 (en) * | 2005-06-23 | 2009-08-20 | Junbiao Zhang | Multi-Media Access Device Registration System and Method |
US20070220257A1 (en) * | 2006-03-06 | 2007-09-20 | Sandisk Il Ltd. | Controlled-Access Recording Generator |
US11381549B2 (en) | 2006-10-20 | 2022-07-05 | Time Warner Cable Enterprises Llc | Downloadable security and protection methods and apparatus |
US10362018B2 (en) | 2006-10-20 | 2019-07-23 | Time Warner Cable Enterprises Llc | Downloadable security and protection methods and apparatus |
US11552999B2 (en) | 2007-01-24 | 2023-01-10 | Time Warner Cable Enterprises Llc | Apparatus and methods for provisioning in a download-enabled system |
US10404752B2 (en) | 2007-01-24 | 2019-09-03 | Time Warner Cable Enterprises Llc | Apparatus and methods for provisioning in a download-enabled system |
US8810846B1 (en) | 2007-06-01 | 2014-08-19 | Marvell International Ltd. | Updating data in a one-time programmable data storage device |
US8294940B1 (en) * | 2007-06-01 | 2012-10-23 | Marvell International Ltd. | Updating data in a one-time programmable data storage device |
US20090164804A1 (en) * | 2007-12-25 | 2009-06-25 | Sandisk Il Ltd. | Secured storage device |
US20100332820A1 (en) * | 2008-02-25 | 2010-12-30 | Hideki Matsushima | Information security device and information security system |
US8489873B2 (en) * | 2008-02-25 | 2013-07-16 | Panasonic Corporation | Migration apparatus, method and system for transferring data protected within a first terminal device to a second terminal device |
US10965727B2 (en) | 2009-06-08 | 2021-03-30 | Time Warner Cable Enterprises Llc | Methods and apparatus for premises content distribution |
US10652607B2 (en) | 2009-06-08 | 2020-05-12 | Time Warner Cable Enterprises Llc | Media bridge apparatus and methods |
US10958629B2 (en) | 2012-12-10 | 2021-03-23 | Time Warner Cable Enterprises Llc | Apparatus and methods for content transfer protection |
US9755824B2 (en) * | 2012-12-14 | 2017-09-05 | Intel Corporation | Power line based theft protection of electronic devices |
US11076203B2 (en) | 2013-03-12 | 2021-07-27 | Time Warner Cable Enterprises Llc | Methods and apparatus for providing and uploading content to personalized network storage |
US9058503B2 (en) | 2013-05-10 | 2015-06-16 | Successfactors, Inc. | Systems and methods for secure storage on a mobile device |
US11792462B2 (en) | 2014-05-29 | 2023-10-17 | Time Warner Cable Enterprises Llc | Apparatus and methods for recording, accessing, and delivering packetized content |
US9984238B1 (en) * | 2015-03-30 | 2018-05-29 | Amazon Technologies, Inc. | Intelligent storage devices with cryptographic functionality |
US10521595B2 (en) | 2015-03-30 | 2019-12-31 | Amazon Technologies, Inc. | Intelligent storage devices with cryptographic functionality |
US11270006B2 (en) | 2015-03-30 | 2022-03-08 | Amazon Technologies, Inc. | Intelligent storage devices with cryptographic functionality |
US9806888B1 (en) * | 2016-07-06 | 2017-10-31 | Shimon Gersten | System and method for data protection using dynamic tokens |
Also Published As
Publication number | Publication date |
---|---|
JP4655452B2 (en) | 2011-03-23 |
KR100613156B1 (en) | 2006-08-17 |
CN1532712A (en) | 2004-09-29 |
KR20040086105A (en) | 2004-10-08 |
US20100162000A1 (en) | 2010-06-24 |
US8301908B2 (en) | 2012-10-30 |
JP2004289699A (en) | 2004-10-14 |
CN1296839C (en) | 2007-01-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8301908B2 (en) | Data security in an information processing device | |
US8010785B2 (en) | Information processing apparatus | |
US7620177B2 (en) | Secure printing | |
US8564804B2 (en) | Information processing apparatus that does not transmit print job data when both encryption and saving in a printing apparatus are designated, and control method and medium therefor | |
US7450260B2 (en) | Printer driver program and printer | |
US8863305B2 (en) | File-access control apparatus and program | |
US7782477B2 (en) | Information processing apparatus connected to a printing apparatus via a network and computer-readable storage medium having stored thereon a program for causing a computer to execute generating print data in the information processing apparatus connected to the printing apparatus via the network | |
US20040125402A1 (en) | Document printing program, document protecting program, document protecting system, document printing apparatus for printing out a document based on security policy | |
US20070283170A1 (en) | System and method for secure inter-process data communication | |
US20070115494A1 (en) | Image processing system, information processing device, computer readable recording medium, and information processing method | |
US20080267402A1 (en) | Image Forming Apparatus, Image Forming Method, Information Processing Apparatus and Information Processing Method | |
US8948383B2 (en) | Printing system, printing method, terminal, and computer-readable storage medium for computer program | |
KR101324181B1 (en) | Image forming apparatus and security printing method thereof | |
JP2016177551A (en) | Output device, program, output system, and output method | |
US20180082067A1 (en) | Information Sharing Server, Information Sharing System And Non-Transitory Recording Medium | |
JP4282301B2 (en) | Access control server, electronic data issuing workflow processing method, program thereof, computer apparatus, and recording medium | |
JP2009053808A (en) | Image forming apparatus, authentication information management method, and program | |
KR101391756B1 (en) | Image forming apparatus and security printing method thereof | |
JP2008102633A (en) | Image forming apparatus, user authentication system, control program for operating image forming apparatus, and computer-readable recording medium | |
JP4396377B2 (en) | Print control system, server device | |
JP5135239B2 (en) | Image forming system and server device | |
JP5239482B2 (en) | Communication apparatus, program, and image forming apparatus | |
JP5575090B2 (en) | Image forming apparatus | |
JP2005348250A (en) | Image forming device, data encipher method, program, and recording medium | |
JP4645421B2 (en) | Computer program and printing instruction apparatus and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FUJI XEROX CO., LTD., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MASUI, TAKANORI;YOKOHAMA, TATSUHIKO;SATAKE, MASANORI;REEL/FRAME:014472/0259 Effective date: 20030818 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |