[go: up one dir, main page]

CN100476848C - Image reading device, verification method, evaluation system, evaluation method, and computer program product - Google Patents

Image reading device, verification method, evaluation system, evaluation method, and computer program product Download PDF

Info

Publication number
CN100476848C
CN100476848C CNB2007100020664A CN200710002066A CN100476848C CN 100476848 C CN100476848 C CN 100476848C CN B2007100020664 A CNB2007100020664 A CN B2007100020664A CN 200710002066 A CN200710002066 A CN 200710002066A CN 100476848 C CN100476848 C CN 100476848C
Authority
CN
China
Prior art keywords
image reading
reading device
information
unit
parameter information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2007100020664A
Other languages
Chinese (zh)
Other versions
CN101004773A (en
Inventor
角谷浩
小谷诚刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
Original Assignee
Fujitsu Ltd
PFU Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Ltd, PFU Ltd filed Critical Fujitsu Ltd
Publication of CN101004773A publication Critical patent/CN101004773A/en
Application granted granted Critical
Publication of CN100476848C publication Critical patent/CN100476848C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A TPM chip installed in an image reading apparatus records an operation log, and encrypts recorded operation log with a secret key. The image reading apparatus transmits encrypted operation log to an evaluation apparatus. The evaluation apparatus receives the encrypted operation log, decrypted received operation log, and evaluates an operation performed on the image reading apparatus based on decrypted operation log.

Description

Image-reading device, verification method, evaluating system, appraisal procedure and computer program
Technical field
The present invention relates to guarantee that the reliability of information and primitiveness are to be evaluated at the technology of the operation of carrying out on the image-reading device.
Background technology
For image-reading device has been carried out checking and assessment to operation, operating process and the operating parameter of being carried out by the user.When verifying and assess, must guarantee to be used to verify and the primitiveness of credibility, reliability and the mandate of the information assessed with higher accuracy.For example, be directly connected to the personal computer of image-reading device, use predetermined driver software identification image fetch equipment, and obtain information about the operating parameter of image-reading device.
For the security enhancement function of independently initiating by each enterprise, as the industry organization that the enterprise of technology is provided for personal computer (PC) platform, the calculating group (TCG) of being trusted is devoted to develop and promote to have the novel hardware/software of higher reliability and security.Japanese Patent Application Publication publication No.2005-317026 has illustrated that TCG is used for judging the technology of standard of the console module of being trusted (TPM) of the security chip that relates to computing platform.In addition, can also carry out checking and parameter information is verified, improve security by the combination that utilizes the digital certificates that biological characteristic validation, certification authority issue based on the classification of the operation parameter of messaging device.Japanese Patent Application Publication publication No.2004-157790 has illustrated the security determination methods of safeguarding suitable security and realizing information transmission and reception stably, the technology that system and security judgment device are judged in security.
Yet according to routine techniques, because used predetermined driver software simply, the information that is used to assess may be changed by duplicity ground.Therefore, a problem is arranged: the primitiveness of credibility, reliability and the mandate of the information that can not guarantee to be used to assess with higher accuracy.
Summary of the invention
The objective of the invention is to solve at least in part existing problem in the routine techniques.
Image-reading device according to an aspect of the present invention comprises the acquiring unit and the anti-chip of altering of the user totem information that is used to obtain identifying user.Anti-alter chip and comprise storage unit, be used for storing therein: the peculiar secret keys of image-reading device, be used to identify the validated user identification information that is allowed to validated user that image-reading device is operated, the peculiar device-specific information of image-reading device and about the environment for use of image-reading device and the facility environment information of operating environment; The collector unit that is used for collecting device customizing messages and facility environment information; User authentication unit, this unit comes the user is verified by the validity based on the user totem information that obtains of validated user identification information judgment of storage; The device authentication unit, this unit comes image-reading device is verified by judge the validity of the device-specific information of collecting based on the device-specific information of storage; The environment authentication unit, this unit comes the facility environment of image-reading device is verified by judge the validity of the facility environment information of collecting based on the facility environment information of storage; And the secret keys of utilizing storage ciphering unit that information is encrypted.
Evaluating system according to another aspect of the present invention is by network image-reading device to be coupled together with the assessment apparatus of assessing the operation that image-reading device is carried out to form.Image-reading device comprises the acquiring unit and the anti-chip of altering of the user totem information that is used to obtain identifying user.Anti-alter chip and comprise storage unit, be used for storing therein: the peculiar secret keys of image-reading device, be used to identify the validated user identification information that is allowed to validated user that image-reading device is operated, the peculiar device-specific information of image-reading device and about the environment for use of image-reading device and the facility environment information of operating environment; The collector unit that is used for collecting device customizing messages and facility environment information; User authentication unit, this unit comes the user is verified by the validity based on the user totem information that obtains of validated user identification information judgment of storage; The device authentication unit, this unit comes image-reading device is verified by judge the validity of the device-specific information of collecting based on the device-specific information of storage; The environment authentication unit, this unit comes the facility environment of image-reading device is verified by judge the validity of the facility environment information of collecting based on the facility environment information of storage; The ciphering unit that the secret keys of utilization storage is encrypted information; And with the transmission unit of information transmission to assessment apparatus.Assessment apparatus comprises the receiving element that receives the facility environment information of encrypting from image-reading device; The decryption unit that the facility environment information that receives is decrypted; And based on the assessment unit of the facility environment information evaluation of deciphering to the operation of image-reading device execution.
Appraisal procedure according to a further aspect of the invention is at evaluating system, and this evaluating system is by network image-reading device to be coupled together with the assessment apparatus of assessing the operation that image-reading device is carried out to form.This appraisal procedure comprises acquisition process, comprises the user totem information that is obtained identifying user by image-reading device; Implementation, comprise by image-reading device by based on the validity that is used to identify the user totem information that the validated user identification information judgment that is allowed to validated user that image-reading device is operated obtains, come the user is verified anti-alter in chip of described validated user identification information storage in being installed in image-reading device; Collection process, when the user totem information that obtains when judgement was effective, image-reading device was collected the peculiar device-specific information of image-reading device and the environment for use of relevant image-reading device and the facility environment information of operating environment; Implementation comprises by image-reading device coming image-reading device is verified by judging the validity of the device-specific information of collecting based on being stored in the anti-device-specific information of altering in the chip; Implementation comprises by image-reading device coming facility environment is verified by judging the validity of the facility environment information of collecting based on being stored in the anti-facility environment information of altering in the chip; Ciphering process, when the facility environment information of device-specific information of judge collecting and collection was effective, the image-reading device utilization was stored in the anti-secret keys of altering in the chip facility environment information is encrypted; Transmission course comprises by image-reading device the facility environment information transmission of encrypting to assessment apparatus; Receiving course comprises by image-reading device receiving the facility environment information of encrypting from image-reading device; Decrypting process comprises by assessment apparatus the facility environment information that receives is decrypted; And evaluation process, comprise the operation of based on the facility environment information evaluation of deciphering image-reading device being carried out by assessment apparatus.
Auth method according to a further aspect of the invention comprises the user totem information that obtains the user who is used for the identification image fetch equipment; By based on the validity that is used to identify the user totem information that the validated user identification information judgment that is allowed to validated user that image-reading device is operated obtains, come the user is verified anti-alter in chip of described validated user identification information storage in being installed in image-reading device; When the user totem information that obtains when judgement is effective, collect the peculiar device-specific information of image-reading device and the environment for use of relevant image-reading device and the facility environment information of operating environment; By judging the validity of the device-specific information of collecting, come image-reading device is verified based on being stored in the anti-device-specific information of altering in the chip; By judging the validity of the facility environment information of collecting, come facility environment is verified based on being stored in the anti-facility environment information of altering in the chip; When the facility environment information of device-specific information of judge collecting and collection is effective, utilize to be stored in the anti-secret keys of altering in the chip facility environment information is encrypted; And with the facility environment information transmission of encrypting to assessment apparatus.
Computer program according to a further aspect of the invention comprises the spendable medium of computing machine, program code with the embodied on computer readable that in medium, realizes, when carrying out these program codes, computing machine is carried out: the user totem information that obtains the user who is used for the identification image fetch equipment; By based on the validity that is used to identify the user totem information that the validated user identification information judgment that is allowed to validated user that image-reading device is operated obtains, come the user is verified anti-alter in chip of described validated user identification information storage in being installed in image-reading device; When the user totem information that obtains when judgement is effective, collect the peculiar device-specific information of image-reading device and the environment for use of relevant image-reading device and the facility environment information of operating environment; By judging the validity of the device-specific information of collecting, come image-reading device is verified based on being stored in the anti-device-specific information of altering in the chip; By judging the validity of the facility environment information of collecting, come facility environment is verified based on being stored in the anti-facility environment information of altering in the chip; When the facility environment information of device-specific information of judge collecting and collection is effective, utilize to be stored in the anti-secret keys of altering in the chip facility environment information is encrypted; And with the facility environment information transmission of encrypting to assessment apparatus.
Appraisal procedure according to a further aspect of the invention comprises the facility environment information of the encryption of the environment for use that receives relevant image-reading device and operating environment; The facility environment information that receives is decrypted; And based on the operation of the facility environment information evaluation of deciphering to the image-reading device execution.
Computer program according to a further aspect of the invention comprises the spendable medium of computing machine, program code with the embodied on computer readable that in medium, realizes, when carrying out these program codes, computing machine is carried out: the facility environment information that receives the encryption of the environment for use of relevant image-reading device and operating environment; The facility environment information that receives is decrypted; And based on the operation of the facility environment information evaluation of deciphering to the image-reading device execution.
By below reading to the detailed description of presently preferred embodiment of the present invention, and with reference to the accompanying drawings, will understand the meaning of above-mentioned and other purpose of the present invention, feature, advantage and technology and industry better.
Description of drawings
Fig. 1 is the synoptic diagram that is used to illustrate universal of the present invention;
Fig. 2 is the block scheme according to image-reading device of the present invention;
Fig. 3 is the block scheme according to TPM chip of the present invention;
Fig. 4 is the block scheme according to assessment apparatus of the present invention;
Fig. 5 is the process flow diagram of the processing procedure of operations according to the instant invention; And
Fig. 6 A and 6B are the synoptic diagram that is used for illustrating the operation of being carried out by the consistency checking unit of assessment apparatus.
Embodiment
Describe one exemplary embodiment of the present invention below with reference to the accompanying drawings in detail.The present invention is not limited only to following illustrated embodiment.For example, illustrated that the TPM chip is as the anti-example of altering chip according to the present invention.Yet the present invention is not limited only to this.
Fig. 1 is the synoptic diagram that is used to illustrate universal of the present invention.System according to the present invention generally comprises following feature.System the image-reading device 100 that provides in the equipment such as scanner, printer, multifunctional product and facsimile recorder is provided and is used to assess the assessment apparatus 200 of the operation that the user by image-reading device 100 carries out.Image-reading device 100 and assessment apparatus 200 link together, so that can communicate between them.Image-reading device 100 comprises as the anti-TPM chip 10 of altering chip, be used to obtain the user's that user totem information operates image-reading device 100 with sign acquiring unit and be used to transmit the transmission of Information unit.
TPM chip 10 has memory function, collecting function, user authentication feature, device authentication function, parameter authentication function and encryption function.
Memory function is used for storage: image-reading device 100 peculiar secret keys, be used to identify to image-reading device 100 operate through the validated user identification information of authorized user (promptly, password or fingerprint), image-reading device 100 peculiar device-specific information (that is the serial number of device identification number or image-reading device 100) and about the device parameter information of the device parameter such as operation parameter and operating parameter of image-reading device 100.
Collecting function is used for collecting device customizing messages and device parameter information, as comprise the operating parameter that image-reading device 100 is operated of being used for of resolution, colour/monochrome, document size, brightness and contrast, and/or comprise the Operation Log information (operation and process information) of the content of operation.
Whether user authentication feature is used for, correct based on the user totem information that is used to identify the user that image-reading device 100 is operated (that is, password or fingerprint) that the validated user identification information judgment of utilizing the memory function storage is obtained, to carry out user rs authentication.That is, user authentication feature is used for carrying out checking so that identifying user (identifying user) based on user totem information.
The device authentication function is used for, and judges based on the device-specific information of utilizing the memory function storage whether the device-specific information of utilizing collecting function to collect is correct, so that image-reading device 100 is carried out checking.That is, the device authentication function is used for based on device-specific information, and the authenticity of image-reading device 100 is carried out checking (marking equipment).
The parameter authentication function is used for, and judges based on the device parameter information of utilizing the memory function storage whether the device parameter information of utilizing collecting function to collect is correct, carries out checking with the device parameter that image is read parameter 100.
Encryption function is used for creating electronic signature, and utilizes secret keys that information is encrypted.
Image-reading device 100 utilizes TPM chip 10 to collect the Operation Log information as device parameter information, and with operation log information recording in TPM chip 10.Image-reading device 100 uses and is stored in secret keys in the TPM chip 10, utilizes the Operation Log information of 10 pairs of records of TPM chip to encrypt.After this, image-reading device 100 arrives assessment apparatus 200 with the Operation Log information transmission of encrypting.
Assessment apparatus 200 receives from the Operation Log information of image-reading device 100 transmission.The Operation Log information that 200 pairs of assessment apparatus receive is decrypted, and based on the Operation Log information of deciphering, assessment is by the operation of user's execution of image-reading device 100.When assessing, assessment apparatus 200 can be based on the Operation Log information of deciphering, the running time of the sequence of operations that the user of measurement image fetch equipment 100 carries out, can be based on the Operation Log information of deciphering with about the predetermined operating process information of the proper operation process of image-reading device 100, checking is by the consistance of the operating process of the operation of user's execution of image-reading device 100, and can be based on running time of measuring and the result who obtains from checking, assessment is by the skill level of the operation of user's execution of image-reading device 100.Assessment apparatus 200 not only can be assessed skill level, but also validity that can evaluation operation and appropriateness and user's qualification.
Fig. 2 is the block scheme of image-reading device 100.Only in the conceptive part configuration that has shown according to image-reading device 100 of the present invention.
As shown in Figure 2, image-reading device 100 generally comprises machine assembly 110, control module 120 and optical unit 130, as minimal configuration.Image-reading device 100 all comprises TPM chip 10 with respect to each unit, is used to collect the information about each unit, and canned data therein.In other words, disposed at least one unit for image-reading device 100, with a plurality of unit, with respect to each unit, all comprise TPM chip 10, be used to obtain the unit-specific information (that is, device identification number or serial number) of each unit, store the information of being obtained, and electronic signature is added in the information.TPM chip 10 storage unit information specific as serial number with create electronic signature and encrypt required secret keys, and comprise user authentication feature, device authentication function and parameter authentication function.In the main body of each unit, provide TPM chip 10, so that can not take out TPM chip 10 like a cork from the outside.In addition, stipulate that also if TPM chip 10 is disassembled, then just can't work in the unit.
Machine assembly 110 comprises and automatic document feeder (ADF) unit/flat unit (comprising motor and sensor, TPM chip 10) that interconnected, and the unit-interface unit that is used for machine assembly is connected to other unit.
Control module 120 comprises and interconnected microprocessing unit (MPU), the memory cell of having stored control program, graphics processing unit, fingerprint acquiring unit, network interface unit, random-access memory (ram), TPM chip 10 and unit interface unit.
Optical unit 130 comprises optical system unit, comprising charge-coupled device (CCD) and light source, and TPM chip 10, they are by the unit interface cell interconnection together.
Fig. 3 is the block scheme of TPM chip 10.Only in the conceptive part configuration that has shown according to TPM chip 10 of the present invention.As shown in Figure 3, as minimal configuration, TPM chip 10 comprises, MPU 11, be used to control the control program 12 of each unit, be used to the secret keys file 13 that utilizes secret keys that the information such as facility information is encrypted, stored the unit information file 14 of the device identification number of each unit, stored and be used for the password that the user is verified and the user authentication information file 15 of finger print information, stored and be used to the content of operating the operating parameter of each unit and/or comprising the operation of operating image-reading device 100, about the information of operating parameter and about the RAM 16 of the Operation Log information of the information of cell parameters.TPM chip 10 utilizes MPU 11 to carry out collecting function, user authentication feature, device authentication function, parameter authentication function and encryption function.
Fig. 4 is the block scheme of assessment apparatus 200.Only in the conceptive part configuration that has shown according to assessment apparatus 200 of the present invention.As shown in Figure 4, as minimal configuration, assessment apparatus 200 comprises, control module (comprising the CPU (central processing unit) that constitutes by hardware (CPU)), storage unit comprises hard disk drive and the memory cell such as RAM and ROM (read-only memory) (ROM), input block, output unit (that is, monitor and printer), I/O (I/O) control interface and Communications Control Interface.Each function in the assessment apparatus 200 all is to realize by the program of controlling each unit and each unit in the assessment apparatus 200.The hardware configuration of assessment apparatus 200 can be a messaging device, as the workstation or the personal computer that can from market, obtain, also can be the auxiliary device of messaging device.
As minimal configuration, the control module of assessment apparatus 200 comprises, receiving element, this unit receives from the device parameter information of the encryption of image-reading device 100 transmission (specifically, Operation Log information), decryption unit, this unit to the device parameter information that received by receiving element (specifically, Operation Log information) be decrypted, assessment unit, this unit is based on the operation of being carried out by image-reading device 100 through device parameter information (Operation Log the information specifically) assessment of decryption unit deciphering.Assessment unit comprises running time measuring unit, consistency checking unit and skill level assessment unit.The running time measuring unit is based on the running time of the operation of user's execution of the Operation Log information measurement image-reading device of deciphering through decryption unit 100.The consistency checking unit is based on through the Operation Log information of decryption unit deciphering with about the predetermined operating process information of the proper operation process of image-reading device 100, the consistance of the operating process of the operation that checking is carried out by the user of image-reading device 100.The skill level assessment unit is based on running time of being measured by the running time measuring unit and the checking result that obtained by the consistency checking unit, the skill level of the operation that assessment is carried out by the user of image-reading device 100.
Fig. 5 is the process flow diagram of the processing procedure of operations according to the instant invention.Image-reading device 100 obtains the user's that image-reading device 100 is operated password or fingerprint by the fingerprint acquiring unit in the control module 120, and based on password that obtains and fingerprint, utilize the user authentication feature of TPM chip 10, carry out user rs authentication (step SA-1, obtaining step and user rs authentication step).
When the checking result who is obtained in step SA-1 can accept, image-reading device 100 utilizes the collecting function of TPM chip 10 to obtain and write down serial number and Operation Log information, based on serial number of collecting and Operation Log information, utilize the device authentication function of TPM chip 10, image-reading device 100 is carried out device authentication (step SA-2 collects step and device authentication step).After this, image-reading device 100 utilizes the parameter authentication function of TMP chip 10 that the parameter of image-reading device 100 is verified (step SA-3, collection step and parameter verification step) based on the Operation Log information of collecting.
When the checking result who obtains in step SA-2 and step SA-3 can accept, image-reading device 100 uses the encryption function of TPM chip 10, utilize secret keys, the Operation Log information of collecting in step SA-3 is encrypted (step SA-4, encrypting step).
The Operation Log information transmission that image-reading device 100 utilizes control module 120 to encrypt in step SA-4 by network interface unit arrives assessment apparatus 200 (step SA-5, transmitting step).
Assessment apparatus 200 receives from the Operation Log information (step SA-6, receiving step) of image-reading device 100 transmission by the receiving element in the control module of assessment apparatus 200.
Assessment apparatus 200 uses corresponding decruption key (that is, PKI), by the decryption unit in the control module of assessment apparatus 200, Operation Log information is decrypted (step SA-7, decryption step).
Assessment apparatus 200 is by the assessment unit in the control module of assessment apparatus 200, and based on the Operation Log information of deciphering in step SA-7, assessment is by the operation (step SA-8, appraisal procedure) of user's execution of image-reading device 100.
In step SA-8, assessment unit can be in the running time measuring unit, and based on the Operation Log information of deciphering in step SA-7, measurement is by the running time of the operation of user's execution of image-reading device 100.In addition, assessment unit can also be based on the Operation Log information of deciphering in step SA-7 with about the predetermined operating process information of the proper operation process of image-reading device, the consistance of the operating process of the operation that checking is carried out by the user of image-reading device 100 in the consistency checking unit.After this, assessment unit can be based on running time of being measured by the running time measuring unit and the checking result who is obtained by the consistency checking unit, and assessment is by the skill level of the operation of user's execution of image-reading device 100.
Specifically, assessment unit is to analyzing about the Operation Log information of the sequence of operation shown in Fig. 6 B that is carried out by the user, and by measuring unit measuring operation time running time (running time shown in Fig. 6 B " t ").Assessment unit compares and analyzes about the Operation Log information of the sequence of operation shown in Fig. 6 B that is carried out by the user with about the operating process information in proper order of the proper operation shown in Fig. 6 A, with the error in the detecting operation process, and the consistance of the operation carried out of the user by consistency checking unit authentication image fetch equipment 100.After this, assessment unit based on by the running time of running time measuring unit measurement and the checking result who is obtained by the consistency checking unit, is assessed skill level by the skill level assessment unit.In addition, assessment unit can also detect the frequency that breaks down based on Operation Log information, can be based on user's sequence of operation, running time and the frequency that breaks down, and the assessment skill level.
As mentioned above, according to the present invention, image-reading device 100 utilizes the user authentication feature of TPM chip 10 to carry out user rs authentication, the device authentication function of utilizing TPM chip 10 utilizes the parameter authentication function of TPM chip 10 that image-reading device 100 execution parameter are verified to the checking of image-reading device 100 actuating equipments.In addition, image-reading device 100 also writes down the Operation Log information of being collected by the collecting function of TPM chip 10, and utilizes the encryption function of TPM chip 10, by secret keys the Operation Log information of record is encrypted.Image-reading device 100 arrives assessment apparatus 200 by control module 120 with the Operation Log information transmission of encrypting.Assessment apparatus 200 receives from the Operation Log information of image-reading device 100 transmission by receiving element, by decryption unit the Operation Log information that receives is decrypted, by assessment unit, based on the Operation Log information of deciphering, the operation that assessment is carried out by image-reading device 100.As a result, when operation that assessment is carried out by the user of image-reading device 100, can guarantee the primitiveness of credibility, reliability and the mandate of the information that is used to assess with higher accuracy.
The present invention only is confined to the detail and the representational embodiment that show and describe here.Correspondingly, under the situation of the spirit or scope that do not depart from claims and their the defined general inventive concept of equivalent, can carry out various modifications.For example, in the various processing that illustrate in the description to one exemplary embodiment, manually carrying out in explanation is that some or all processing of automatically carrying out also are acceptables.On the contrary, using known technology automatically to carry out in explanation is that some or all processing of manually carrying out also are acceptables.
In addition, unless stated otherwise, can revise the processing procedure, control procedure, specific names, the information that comprises various data and parameter, image and the database structure that exist in text and the accompanying drawing in any form.
The assembly of equipment shown in the accompanying drawing is based on concept of function.Assembly not necessarily must be arranged according to mode shown in the accompanying drawing physically.For example, the some or all processing capacities that provided by equipment can realize by CPU and the program of being analyzed and being carried out by CPU, also can be used as the hardware with hard wired logic and realize.Program is recorded in the recording medium, as illustrated after a while, and is retrieved with mechanical means as required by control module.
The computer program from the instruction of various processing to CPU being used for of sending that carry out that is associated with operating system (OS) is stored in the storage unit such as ROM or hard disk (HD).Computer program is loaded into and supplies among the RAM to carry out, and collaborative CPU has realized control module.Computer program can be stored in the apps server that connects by network, can download a part or whole computer program as required.
Can store in the computer-readable recording medium according to computer program of the present invention, comprise removable physical medium, built-in physical medium and the communication media that has temporarily kept program.Removable physical medium comprises floppy disk (FD), and magneto-optic (MO) dish, ROM, EPROM (Erasable Programmable Read Only Memory) (EPROM), EEPROM (Electrically Erasable Programmable Read Only Memo) (EEPROM), compact disc read-only memory (CD-ROM) or digital versatile disc (DVD).Built-in physical medium comprises ROM, RAM or the HD that is installed in the computer system.Communication media comprises communication line or the carrier that is used for by the network transmission program such as Local Area Network, wide area network (WAN) or the Internet.Program is with the data processing method of any compiling form with written in any language, causes source code and binary code both to accept.Not necessarily, also can be used as a plurality of modules or storehouse and separately prepare with single structure preparation routine.In addition, also can comprise and realized the functional programs that is associated with other programs such as OS.Be used for reading customized configuration, read process, and the installation process after reading can be known configurations and process according to the recording medium of each unit of embodiment.
Distribute and the AD HOC of integrated equipment is not limited only to shown those in the accompanying drawing.Can be according to various loads and user mode, on any any unit on function or distribution physically or integration section or all devices.For example, each database can make up a part of processing independently as independent database equipment and can realize by CGI (Common Gateway Interface) (CGI).
According to embodiments of the invention, when operation that assessment is carried out by the user of image-reading device, can guarantee the primitiveness of credibility, reliability and the mandate of the information that is used to assess with higher accuracy.
Though be describe with reference to specific embodiment of the present invention, to guarantee providing complete and explanation clearly, but, appended claim is not done so restriction, and all modifications and alternative structure have been interpreted as realizing, known to those skilled in the art, also in the scope of the ultimate principle of here being set forth.

Claims (7)

1.一种图像读取设备,包括:1. An image reading device, comprising: 用于获取标识用户的用户标识信息的获取单元;以及an acquisition unit for acquiring user identification information identifying the user; and 抗窜改芯片,包括:Tamper-resistant chips, including: 存储单元,用于在其中存储:A storage unit, in which to store: 图像读取设备所特有的机密密钥;A confidential key specific to the image reading device; 用于标识被允许对图像读取设备进行操作的有效用户的有效用户标识信息;Valid user identification information used to identify valid users who are allowed to operate the image reading device; 图像读取设备所特有的设备特定信息;以及device specific information unique to image reading devices; and 有关图像读取设备的使用参数和操作参数的设备参数信息;Device parameter information about the usage parameters and operating parameters of the image reading device; 用于收集设备特定信息和设备参数信息的收集单元;A collection unit for collecting device-specific information and device parameter information; 用户验证单元,该单元通过基于存储的有效用户标识信息判断获取的用户标识信息的有效性,来对用户进行验证;A user verification unit, which verifies the user by judging the validity of the acquired user identification information based on the stored effective user identification information; 设备验证单元,该单元通过基于存储的设备特定信息判断收集的设备特定信息的有效性,来对图像读取设备进行验证;a device verification unit that verifies the image reading device by judging the validity of the collected device specific information based on the stored device specific information; 参数验证单元,该单元通过基于存储的设备参数信息判断收集的设备参数信息的有效性,来对图像读取设备的设备参数进行验证;以及a parameter verification unit, which verifies the device parameters of the image reading device by judging the validity of the collected device parameter information based on the stored device parameter information; and 利用存储的机密密钥对所述用户标识信息、所述设备特定信息和所述设备参数信息中的至少一个进行加密的加密单元,an encryption unit that encrypts at least one of said user identification information, said device specific information, and said device parameter information using a stored secret key, 所述图像读取设备还包括用于将加密的设备参数信息传输到评估设备的传输单元。The image reading device also includes a transmission unit for transmitting encrypted device parameter information to the evaluation device. 2.根据权利要求1所述的图像读取设备,其中:2. The image reading apparatus according to claim 1, wherein: 设备参数信息包括有关图像读取设备的操作的操作参数和包括操作的内容的操作日志信息中的至少一个。The device parameter information includes at least one of operation parameters related to the operation of the image reading device and operation log information including contents of the operation. 3.一种通过网络将图像读取设备和评估对图像读取设备执行的操作的评估设备连接起来而形成的评估系统,其中3. An evaluation system formed by connecting an image reading device and an evaluation device for evaluating an operation performed on the image reading device through a network, wherein 图像读取设备包括:Image reading devices include: 用于获取标识用户的用户标识信息的获取单元;以及an acquisition unit for acquiring user identification information identifying the user; and 抗窜改芯片,包括:Tamper-resistant chips, including: 存储单元,用于在其中存储:图像读取设备所特有的机密密钥,用于标识被允许对图像读取设备进行操作的有效用户的有效用户标识信息,图像读取设备所特有的设备特定信息以及有关图像读取设备的使用参数和操作参数的设备参数信息;A storage unit for storing therein: a secret key unique to the image reading device, valid user identification information for identifying a valid user who is allowed to operate the image reading device, device-specific key information specific to the image reading device Information and device parameter information about the usage parameters and operating parameters of the image reading device; 用于收集设备特定信息和设备参数信息的收集单元;A collection unit for collecting device-specific information and device parameter information; 用户验证单元,该单元通过基于存储的有效用户标识信息判断获取的用户标识信息的有效性,来对用户进行验证;A user verification unit, which verifies the user by judging the validity of the acquired user identification information based on the stored effective user identification information; 设备验证单元,该单元通过基于存储的设备特定信息判断收集的设备特定信息的有效性,来对图像读取设备进行验证;a device verification unit that verifies the image reading device by judging the validity of the collected device specific information based on the stored device specific information; 参数验证单元,该单元通过基于存储的设备参数信息判断收集的设备参数信息的有效性,来对图像读取设备的设备参数进行验证;以及a parameter verification unit, which verifies the device parameters of the image reading device by judging the validity of the collected device parameter information based on the stored device parameter information; and 利用存储的机密密钥对所述用户标识信息、所述设备特定信息和所述设备参数信息中的至少一个进行加密的加密单元;以及an encryption unit that encrypts at least one of the user identification information, the device specific information, and the device parameter information with a stored secret key; and 所述图像读取设备还包括将加密的设备参数信息传输到评估设备的传输单元,以及The image reading device further includes a transmission unit that transmits the encrypted device parameter information to the evaluation device, and 评估设备包括:Evaluation equipment includes: 从图像读取设备接收加密的设备参数信息的接收单元;a receiving unit that receives encrypted device parameter information from the image reading device; 对接收到的设备参数信息进行解密的解密单元;以及a decryption unit for decrypting the received device parameter information; and 基于解密的设备参数信息评估对图像读取设备执行的操作的评估单元。An evaluation unit that evaluates operations performed on the image reading device based on the decrypted device parameter information. 4.根据权利要求3所述的评估系统,其中4. The evaluation system of claim 3, wherein 设备参数信息包括有关图像读取设备的操作的操作参数和包括操作的内容的操作日志信息中的至少一个,以及The device parameter information includes at least one of an operation parameter related to an operation of the image reading device and operation log information including contents of the operation, and 评估单元进一步包括Assessment units further include 操作时间测量单元,该单元基于操作日志信息测量图像读取设备的操作时间;an operation time measuring unit that measures an operation time of the image reading device based on the operation log information; 一致性验证单元,该单元基于操作日志信息和有关正确操作过程的预先确定的操作过程信息,验证对图像读取设备执行的操作过程的一致性;以及a consistency verification unit that verifies consistency of an operation procedure performed on the image reading device based on the operation log information and predetermined operation procedure information on a correct operation procedure; and 熟练程度评估单元,该单元基于测量的操作时间和一致性验证单元执行的验证结果评估对图像读取设备执行的操作的熟练程度。A proficiency evaluation unit that evaluates proficiency in operations performed on the image reading apparatus based on the measured operation time and the verification result performed by the consistency verification unit. 5.一种评估系统的评估方法,该评估系统是通过网络将图像读取设备和评估对图像读取设备执行的操作的评估设备连接起来而形成的,该评估方法包括:5. An evaluation method of an evaluation system formed by connecting an image reading device and an evaluation device for evaluating an operation performed on the image reading device through a network, the evaluation method comprising: 获取过程,包括由图像读取设备获取标识用户的用户标识信息;An acquisition process, including acquiring, by the image reading device, user identification information identifying the user; 执行过程,包括由图像读取设备通过基于用于标识被允许对图像读取设备进行操作的有效用户的有效用户标识信息判断获取的用户标识信息的有效性,来对用户进行验证,所述有效用户标识信息存储在安装在图像读取设备中的抗窜改芯片中;performing a process comprising authenticating the user by the image reading device by judging the validity of the acquired user identification information based on the valid user identification information for identifying a valid user who is allowed to operate the image reading device, the valid User identification information is stored in an anti-tampering chip installed in the image reading device; 收集过程,在判断获取的用户标识信息有效时,由图像读取设备收集图像读取设备所特有的设备特定信息和有关图像读取设备的使用参数和操作参数的设备参数信息;In the collection process, when it is judged that the obtained user identification information is valid, the image reading device collects device-specific information unique to the image reading device and device parameter information about the use parameters and operating parameters of the image reading device; 执行过程,包括由图像读取设备通过基于存储在抗窜改芯片中的设备特定信息判断收集的设备特定信息的有效性,来对图像读取设备进行验证;performing a process comprising authenticating, by the image reading device, the image reading device by judging the validity of the collected device specific information based on the device specific information stored in the tamper resistant chip; 执行过程,包括由图像读取设备通过基于存储在抗窜改芯片中的设备参数信息判断收集的设备参数信息的有效性,来对设备参数进行验证;The execution process includes verifying the device parameters by the image reading device by judging the validity of the collected device parameter information based on the device parameter information stored in the anti-tampering chip; 加密过程,包括在判断收集的设备特定信息和收集的设备参数信息有效时,由图像读取设备利用存储在抗窜改芯片中的机密密钥对设备参数信息进行加密;Encryption process, including when the collected device-specific information and collected device parameter information are judged to be valid, the image reading device encrypts the device parameter information with the secret key stored in the tamper-resistant chip; 传输过程,包括由图像读取设备将加密的设备参数信息传输到评估设备;The transmission process, including the transmission of encrypted device parameter information by the image reading device to the evaluation device; 接收过程,包括由评估设备从图像读取设备接收加密的设备参数信息;a receiving process comprising receiving, by the evaluation device, encrypted device parameter information from the image reading device; 解密过程,包括由评估设备对接收到的设备参数信息进行解密;以及a decryption process, including decryption by the evaluation device of the received device parameter information; and 评估过程,包括由评估设备基于解密的设备参数信息评估对图像读取设备执行的操作。An evaluation process includes evaluating, by the evaluation device, operations performed on the image reading device based on the decrypted device parameter information. 6.根据权利要求5所述的评估方法,其中6. The assessment method according to claim 5, wherein 设备参数信息包括有关图像读取设备的操作的操作参数和包括操作的内容的操作日志信息中的至少一个,以及The device parameter information includes at least one of an operation parameter related to an operation of the image reading device and operation log information including contents of the operation, and 所述评估过程进一步包括:The assessment process further includes: 基于操作日志信息测量图像读取设备的操作时间;measuring the operating time of the image reading device based on the operation log information; 基于操作日志信息和有关正确操作过程的预先确定的操作过程信息,验证对图像读取设备执行的操作过程的一致性;以及verifying the consistency of operating procedures performed on the image reading device based on operating log information and predetermined operating procedure information regarding correct operating procedures; and 基于测量的操作时间和验证时的验证结果评估对图像读取设备执行的操作的熟练程度。The proficiency in the operation performed on the image reading device is evaluated based on the measured operation time and the verification result at the time of verification. 7.一种评估方法,包括:7. An assessment method comprising: 获取用于标识图像读取设备的用户的用户标识信息;Acquiring user identification information for identifying a user of the image reading device; 通过基于用于标识被允许对图像读取设备进行操作的有效用户的有效用户标识信息判断获取的用户标识信息的有效性,来对用户进行验证,所述有效用户标识信息存储在安装在图像读取设备中的抗窜改芯片中;The user is authenticated by judging the validity of the acquired user identification information based on the valid user identification information for identifying a valid user who is allowed to operate the image reading device, the valid user identification information being stored in the image reading device. Take the anti-tampering chip in the device; 当判断获取的用户标识信息有效时,收集图像读取设备所特有的设备特定信息和有关图像读取设备的使用参数和操作参数的设备参数信息;When it is judged that the obtained user identification information is valid, collect device-specific information unique to the image reading device and device parameter information about the use parameters and operating parameters of the image reading device; 通过基于存储在抗窜改芯片中的设备特定信息判断收集的设备特定信息的有效性,来对图像读取设备进行验证;authenticating the image reading device by judging the validity of the collected device-specific information based on the device-specific information stored in the tamper-resistant chip; 通过基于存储在抗窜改芯片中的设备参数信息判断收集的设备参数信息的有效性,来对设备参数进行验证;Verify the device parameters by judging the validity of the collected device parameter information based on the device parameter information stored in the tamper-resistant chip; 当判断收集的设备特定信息和收集的设备参数信息有效时,利用存储在抗窜改芯片中的机密密钥对设备参数信息进行加密;When it is judged that the collected device-specific information and the collected device parameter information are valid, the device parameter information is encrypted using the secret key stored in the tamper-resistant chip; 将加密的设备参数传输到评估设备;transfer encrypted device parameters to the evaluation device; 接收有关图像读取设备的使用参数和操作环境的加密的设备参数;Receive encrypted device parameters related to the use parameters and operating environment of the image reading device; 对接收到的设备参数进行解密;以及decrypt the received device parameters; and 基于解密的设备参数评估对图像读取设备执行的操作。The operation performed on the image reading device is evaluated based on the decrypted device parameters.
CNB2007100020664A 2006-01-18 2007-01-18 Image reading device, verification method, evaluation system, evaluation method, and computer program product Expired - Fee Related CN100476848C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2006010356 2006-01-18
JP2006010356 2006-01-18
JP2006158720 2006-06-07

Publications (2)

Publication Number Publication Date
CN101004773A CN101004773A (en) 2007-07-25
CN100476848C true CN100476848C (en) 2009-04-08

Family

ID=38703905

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2007100020664A Expired - Fee Related CN100476848C (en) 2006-01-18 2007-01-18 Image reading device, verification method, evaluation system, evaluation method, and computer program product

Country Status (1)

Country Link
CN (1) CN100476848C (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013015992A (en) * 2011-07-04 2013-01-24 Sony Corp Communication device, communication method, service provision device, service provision method, cooperation device, cooperation method, program, transmission/reception system and transmission/reception method
CN108769004B (en) * 2018-05-25 2021-08-03 郑州轻工业大学 A security verification method for remote operation of industrial Internet intelligent equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694032A (en) * 2004-04-29 2005-11-09 国际商业机器公司 Method and system for bootstrapping a trusted server having redundant trusted platform modules

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694032A (en) * 2004-04-29 2005-11-09 国际商业机器公司 Method and system for bootstrapping a trusted server having redundant trusted platform modules

Also Published As

Publication number Publication date
CN101004773A (en) 2007-07-25

Similar Documents

Publication Publication Date Title
JP5074709B2 (en) Target device, device management system, device management method, and external device
CN101958795B (en) Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method
US8924307B2 (en) Document authentication using electronic signature
TWI434218B (en) Ic chip, information processing apparatus, system, method, and program
JP4960023B2 (en) Image reading apparatus, authentication method, evaluation system, evaluation method, and program
KR101039390B1 (en) Method and device for checking authenticity of issued documents using barcode
US8555074B2 (en) Method and apparatus for processing information, and computer program product
TW201121280A (en) Network security verification method and device and handheld electronic device verification method.
JP3955906B1 (en) Software management system and software management program
JP2006246015A5 (en)
US8156548B2 (en) Identification and authentication system and method
JP2009532792A (en) Product certification system
CN1968095A (en) Method and apparatus for login local machine
CN101512959A (en) Information processing apparatus and information management method
JP2008181178A (en) Network output system, authentication information registration method, and authentication information registration program
US20070234055A1 (en) Communication system, network device and program
JP2007220073A (en) Image reading apparatus and program
KR100841274B1 (en) Security management system to prevent forgery and alteration of scanning original documents and security management method to maintain authenticity
CN101004772A (en) Method and apparatus for processing information, and computer program product
JP5227474B2 (en) Device management system, device management method, and external device
CN1698055A (en) Personal information management system, switching system, and terminal device
JP2008005408A (en) Recording data processing device
CN1889419A (en) Method and apparatus for realizing encrypting
CN100476848C (en) Image reading device, verification method, evaluation system, evaluation method, and computer program product
KR101285362B1 (en) Authentication system for electronic signature

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Free format text: FORMER OWNER: FUJITSU LTD.

Effective date: 20150519

Owner name: FUJITSU LTD.

Free format text: FORMER OWNER: PFU LIMITED;PFU LIMITED

Effective date: 20150519

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150519

Address after: Kanagawa, Japan

Patentee after: Fujitsu Ltd.

Address before: Ishikawa County

Patentee before: PFU Company

Patentee before: Fujitsu Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090408

Termination date: 20180118