JP2006059141A - Device, function management method, program, and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent unauthorized use of unintended functions while enabling easy change of the range of functions enabled for all users.
In a device having an application 160 that provides a plurality of functions, a function management module 102 that manages validity / invalidity of each function, and a certificate storage unit 130 that stores a digital certificate 131 used for the management. When the valid digital certificate 131 is stored in the certificate storage unit 130, the function provided by the application 160 is enabled, and only valid digital certificates for which no expiration date is set are provided. In such a case, only a part of the functions provided by the application 160 is enabled. In this case, information indicating functions to be enabled is described in the digital certificate 131, and the validity / invalidity of each function may be controlled based on the information.
[Selection] Figure 3

Description

  The present invention relates to a device capable of providing a plurality of functions, and in particular, a device characterized by a method for managing validity / invalidity of each function, a function management method for managing validity / invalidity of each function in such a device, The present invention relates to a program for causing a computer to function as the above-described device, and a computer-readable recording medium on which such a program is recorded.

Conventionally, in a device capable of providing a plurality of functions, all or some of the functions are initially set not to be provided, registration is performed indicating that the user is a regular user, and a predetermined fee is charged. It is known to perform control so that all functions can be used only when a release key or the like that has been paid and purchased is used.
Examples of documents related to such a technique include Patent Document 1 and Patent Document 2.
JP 2001-337732 A JP 2003-296281 A

In Patent Document 1, authentication software having functions such as an authorization ID acquisition function, a usage status inquiry function, and a usage period acquisition function is incorporated in the software of a computer, and when a user tries to use the software, the software is predetermined via the Internet. A technique is described in which the software can be used only for a predetermined period when it is authenticated by accessing the user authentication server.
Patent Document 2 discloses a certificate authority corresponding to a certificate of a service providing server from a license server after confirming payment of a predetermined fee when a user tries to use a service provided by the service providing server. Describes technology to issue a certificate and allow access to the server and use the service only when a CA certificate corresponding to the certificate sent from the service providing server exists. Yes.

  However, in the past, there has been a problem that it is difficult to fluidly determine the range of functions that can be used in the device shipment state before the user is authenticated or uses a release key. In other words, it is possible to change the range of functions that can be used by changing register values, etc., if it is possible to determine in a fluid way. In addition, there is a risk that all functions can be used without authentication or a release key.

  The present invention has been made to solve such a problem, and is a function that is enabled for all users when managing the validity / invalidity of each function in a device that can provide a plurality of functions. The purpose of the present invention is to prevent unauthorized use of unintended functions while making it possible to easily change the scope of the above.

  In order to achieve the above object, the device of the present invention includes a function providing means for providing a plurality of functions, a function management means for managing the validity / invalidity of each function provided by the means, and the function providing means. A certificate storage unit that stores a digital certificate including permitted function information indicating a function to be validated among the provided functions, and the function management unit stores the effective digital stored in the certificate storage unit Means for managing the validity / invalidity of the function provided by the function providing means according to the permitted function information in the certificate is provided.

  Further, the function management method of the present invention is a function management method in the device as described above, in which a function provided by the function providing means is provided as the permitted function information in a digital certificate with no expiration date set. When a part of the certificate is stored in the certificate storage unit of the device, and the valid digital certificate stored in the certificate storage unit is only a digital certificate for which the expiration date is not set Further, only a part of the functions provided by the function providing means is made effective by the function management means.

In addition, the program of the present invention includes a function providing unit that provides a plurality of functions, a function management unit that manages validity / invalidity of each function provided by the unit, and a function provided by the function providing unit. Including a program for functioning as a certificate storage unit that stores a digital certificate including permitted function information indicating a function to be enabled, and the function management unit stores valid programs stored in the certificate storage unit It is a program provided with a function for managing the validity / invalidity of the function provided by the function providing means according to the permitted function information in the digital certificate.
The recording medium of the present invention is a computer-readable recording medium on which the above program is recorded.

According to the device or function management method of the present invention as described above, when managing the validity / invalidity of each function in a device capable of providing a plurality of functions, the range of functions to be enabled for all users is reduced. It is possible to prevent unauthorized use of unintended functions while allowing easy modification.
Further, according to the program of the present invention, the computer can be functioned as the above-described device to realize its characteristics, and the same effect can be obtained.
According to the recording medium of the present invention, the above effect can be obtained by causing a computer not storing the above program to read and execute the program.

The best mode for carrying out the present invention will be described below with reference to the drawings.
First, the configuration of a digital multi-function peripheral (MFP) that is an embodiment of the device of the present invention will be described. FIG. 1 is a block diagram showing the configuration of the MFP.
As shown in FIG. 1, the MFP 10 includes a CPU 11, a ROM 12, a RAM 13, a timer 14, an operation port I / F (interface) 15, an HDD (hard disk drive) I / F 17, an NVRAM (nonvolatile RAM) 19, a flash ROM 20, and a network. A communication control unit 21, an external media I / F 22, a scanner I / F 23, a plotter I / F 25, an encoding / decoding processing unit 27, a character generator 28, and a GSTN (General Switched Telephone Network: public line) communication control unit 29; These are connected by a system bus 31.
The operation panel 16 is provided for the operation port I / F 15, the HDD 18 is provided for the HDD I / F 17, the scanner engine 24 is provided for the scanner I / F 23, the plotter engine 26 is provided for the plotter I / F 25, and the GSTN communication control unit 29 is provided for the operation. Each network control unit 30 is connected.

The CPU 11 is a control unit that performs overall control of the entire MFP 10, and controls the overall operation of the MFP 10 by executing various programs recorded in the ROM 12, the HDD 18, the NVRAM 19, and the like. Realize the function.
The ROM 12 is a nonvolatile storage unit, and stores programs executed by the CPU 11, fixed parameters, and the like. The ROM 12 may be configured as a rewritable storage means so that these data can be updated.

The RAM 13 is storage means for storing temporarily used data or used as a work memory for the CPU 11.
The timer 14 is a time measuring unit that measures time, and continues measuring time regardless of whether the apparatus is turned on or off. The CPU 11 can acquire information on the current date and time from this timer.
The operation port I / F 15 is an interface for connecting the operation panel 16 to the system bus 31. The operation panel 16 includes a display unit and an operation unit, and has a function of displaying various messages according to control from the CPU 11 and receiving operations from the user.

The HDD I / F 17 is an interface for connecting the HDD 18 to the system bus. The HDD 18 is a rewritable nonvolatile storage means that stores a program executed by the CPU 11, image data read by the scanner engine 24, and the like.
The NVRAM 19 and the flash ROM 20 are also rewritable nonvolatile storage means, and store parameter values and the like that need to be retained even after the apparatus is turned off. Further, as will be described later, a digital certificate used for managing the validity / invalidity of functions in the MFP 10 is also stored in these storage means.

The network communication control unit 21 is a unit including an interface for connecting the MFP 10 to the network and a circuit necessary for communication control, and is an interface for performing Ethernet (registered trademark) communication, for example. And when communicating with another apparatus via a network, this network communication control part 21 and CPU11 function as a communication means. Note that various types of networks can be used regardless of wired or wireless, such as Ethernet (registered trademark), wireless LAN (local area network), IEEE (Institute of Electrical and Electronic Engineers) 1394, or the like.
The external media I / F 22 is an external media (recording medium) such as an SD (Secure Digital) card, a compact flash (registered trademark), a memory stick, and a ROM-DIMM (Dual Inline Memory Module). This is an interface for connecting to the MFP 10.

The scanner I / F 23 is an I / F for connecting the scanner engine 24 to the system bus 31 so that the CPU 11 can control it. The scanner engine 24 is an image reading unit that reads an image of a document as image data. .
The plotter I / F 25 is an I / F that connects the plotter engine 26 to the system bus 31 and allows the CPU 11 to control the plotter engine 26. The plotter engine 26 forms an image on a sheet based on image data. Image forming means.

The encoding / decoding processing unit 27 includes various images such as MH (Modified Huffman), MR (Modified Read), MMR (Modified MR), JBIG (Joint Bi-level Image experts Group), JPEG (Joint Photographic Experts Group), and the like. This is a unit that encodes and decodes image data according to an encoding method.
The character generator 28 is a unit for converting character data into image data representing the character.
The GSTN communication control unit 29 is a unit that controls communication using a public line in order to perform modem communication and facsimile communication. The network control unit 30 provides an electrical interface between the public line and the MFP 10. It is a unit for taking.

The MFP 10 has the above-described configuration, and various functions such as a printer, a scanner, a copier, and a facsimile communication apparatus can be realized by the CPU 11 executing a necessary control program and controlling each unit. It is an image processing apparatus that can be used.
Note that it is not essential to configure the MFP 10 so that all of these functions can be realized. For example, when it is necessary to function only as a printer, the scanner I / F 23, the scanner engine 24, the GSTN communication control unit 29, and the network control unit 30 are unnecessary.
Further, it is conceivable that the network communication control unit 21 is not provided and only the GSTN communication control unit 29 performs communication with the outside, and there is no need to provide any means for performing communication with the external device. . In addition to those shown in the drawings, a CPU, ROM, RAM, NVRAM, flash ROM, or the like may be provided for each part, or an LSI or the like may be provided. Conversely, there may be a case where the flash ROM 20 is not provided.

Next, FIG. 2 shows an example of a usage environment when the user uses the MFP 10 as shown in FIG.
Since an MFP as shown in FIG. 1 often has a function of performing communication via a network, as shown in FIG. 2, in a user-side environment, a PC (personal computer) 41 or a network compatible device is used. It can be considered that it is connected to the LAN 44 together with the printer 42 and the like. In this case, data can be exchanged between the devices connected to the LAN 44, and if the LAN 44 is connected to the Internet 60 via the router 43 or the like, the data via the Internet 60 is used. Can also be exchanged.

In addition, the manufacturer that provides the MFP 10 should provide a service center for providing various consumables used by the MFP 10 and for dispatching service personnel for periodic maintenance and repairs in the event of an abnormality. However, it is conceivable that the server device 51 is provided in such a service center so that data can be exchanged with the MFP 10 in the user environment. With such a system configuration, when an abnormality occurs in the MFP 10, the service center is automatically notified to that effect, or when the consumables are almost gone, or the user operates the MFP 10. This makes it possible to make an order from the service center.
In the example shown in FIG. 2, the service center is also provided with a CA (Certificate Authority) 52 that issues a digital certificate, which will be described later, and can communicate with the server device 51 via the network 53.
Note that the configuration shown in this figure is merely an example, and it is not essential to operate the illustrated MFP 10 in a state where it can communicate with the illustrated device. Even when communication is possible, the communication path to be used is a wired / wireless network. Any communication path may be used regardless of wireless communication.

Next, FIG. 3 shows a part related to the features of this embodiment in the functional configuration of the MFP 10. In the following description, in order to simplify the description, expressions such as the software having the function or the function being realized by the software are used for the function realized by the CPU executing the software. Sometimes.
As shown in this figure, the MFP 10 is an authentication module 100, a timer control module 110, a security information access library 120, a main control module 140, and a network control module 150 as software for realizing functions related to the features of this embodiment. , Various applications 160 are provided. Reference numeral 130 denotes a certificate storage unit that is a certificate storage unit that stores a digital certificate and related information for use in control of validity / invalidity of functions and authentication processing. The arrows connecting these modules indicate that data is exchanged between processes related to the modules, and do not mean that a bus or the like is provided.

Among these, the authentication module 100 is a module for performing control of validity / invalidity of functions using a digital certificate and control related to authentication processing.
The timer control module 110 is a module for controlling the operation of the timer 14 and is used here to monitor expiration of the digital certificate using the timer 14.
The security information access library 120 is a module for reading the digital certificate 131 stored in the certificate storage unit 130 and the signature confirmation public key 132 which is related information. The information stored in the certificate storage unit 130 is information that needs to be strongly concealed, and there is a security problem if it is easily read out by a memory dump or the like. Reading and writing is done only using the access module. In this way, it is possible to enhance security by distributing or encrypting data by the function of the security information access library 120.

The certificate storage unit 130 is a storage unit for storing the digital certificate 131 and the signature confirmation public key 132 that is related information, and can be provided in the NVRAM 19 or the flash ROM 20 as hardware.
The digital certificate 131 includes a certificate used for valid / invalid control of each function in the MFP 10 and a public key certificate used for SSL (Secure Socket Layer) authentication processing. A digital certificate that doubles as these may be used, and a plurality of digital certificates 131 may be stored for each purpose.

  The signature confirmation public key 132 is a public key corresponding to the private key used when a digital signature is attached to the digital certificate 131, and the digital signature is decrypted using the signature confirmation public key 132 to obtain a certificate. By comparing with the contents of the certificate, the validity of the digital certificate (issued by an appropriate company or institution, etc., and has not been altered or damaged) can be confirmed. . The signature confirmation public key 132 may also be attached with a digital signature that can be used to confirm the authenticity so as to have a digital certificate format.

The main control module 140 is a module for generally managing the progress of processing by each module, including modules not shown in FIG. 3, and mediates transmission of information and instructions between the modules. It has a function to allocate resources to modules.
The network control module 150 is a module for driving the network communication control unit 21 to communicate with an external device via the network.

  The application 160 is a module for providing various functions such as a printer, a scanner, a copier, and a facsimile communication device using the hardware resources of the MFP 10. The CPU 11 executes the application 160 to execute various functions. It functions as a function providing means. Further, the application 160 is provided for each function unit such as a printer, a scanner, a copier, and a facsimile communication apparatus. However, when controlling the validity / invalidity of a function, the application 160 may be finer even if it is performed for each unit. It may be performed in units or in units of a plurality of applications 160.

In more detail, the authentication module 100 includes a certificate status determination module 101, a function management module 102, a data transmission / reception module 103, an SSL processing module 104, and an encryption / decryption module 105.
The certificate status determination module 101 provides a function for confirming the validity of the digital certificate 131 read from the certificate storage unit 130, confirming whether or not there is an expiration date, whether it is within the expiration date, and the like. It is. Note that whether or not the expiration date of the digital certificate 131 has arrived may be confirmed by reading and directly referring to the certificate when the apparatus is started up. This can be done by setting a timer to notify when the certificate expires and then monitoring for notification.

The function management module 102 is a module that provides a function for controlling the validity / invalidity of each function that can be provided by the application 160. The function management module 102 notifies the main control module 140 of the function to be activated, and the function 160 It also has a function to control activation and operation. The types of functions to be enabled are information on “validated functions” described in the digital certificate 131 and information on determination results regarding the validity and expiration date of the certificate by the certificate status determination module 101. Based on this.
The data transmission / reception module 103 is a module that provides a function of mediating data exchange between a process related to each module in the authentication module 100 and a process related to each other module. In some cases, as in the case of the certificate status determination module 101 and the timer control module 110, data is exchanged between the inside and the outside of the authentication module 100 without using the data transmission / reception module 103. .

The SSL processing module 104 is a module for providing a function of performing an authentication process by SSL when the MFP 10 communicates with an external device via a network. The public key certificate used for the SSL authentication process is one of the digital certificates 131 stored in the certificate storage unit 130.
The encryption / decryption module 105 encrypts and decrypts data using a public key or a private key that is used for authentication processing by the SSL processing module and for checking the validity of the digital certificate by the certificate status determination module 101. This module provides the function
In the MFP 10, by providing each module as described above, the validity / invalidity of the function provided by the application 160 is controlled based on the description content of the digital certificate 131 stored in the certificate storage unit 130. be able to.

Next, the contents of the processing executed by each module shown in FIG. 3 in order to realize such a function will be specifically described.
First, FIG. 4 shows an example of the description content of the digital certificate 131 used for the function validity / invalidity control.
As shown in this figure, the digital certificate 131 includes “validation function”, “certificate expiration date”, “issuer”, and “digital signature” information.

  The “validation function” information may be validated when the digital certificate 131 including the information is stored in a valid state (a state in which validity can be confirmed and within the valid period). This indicates the function and corresponds to the permitted function information. The functions that may be enabled may be designated by function names such as “monochrome printing” and “color copy”, or may be designated by a predetermined code or the type of application 160 for providing the functions. Also good.

The “certificate expiry date” information indicates the expiry date of the digital certificate 131 and can be expressed by the date of the expiration date, or by the start date and end date and time of the validity period. In some cases, an expiration date is not set in the certificate. In this case, nothing may be written as the expiration date information.
In some cases, it is necessary to describe an expiration date from a request in the format of a digital certificate. Even in such a case, the expiration date is longer than the expected useful life of the MFP 10, for example, after 40 years. By setting it after 50 years, etc., it is possible to obtain a digital certificate with virtually no expiration date. In this specification, it is assumed that the expiration date is not set when the expiration date is described such that the expiration date does not substantially arrive during the operation of the apparatus.
The “issuer” information indicates the name of the company or institution that issued the digital certificate 131.

The “digital signature” is information obtained by encrypting a part other than the “digital signature” in the digital certificate 131 with a private key for signing the CA that issued the digital certificate 131. Then, a public key (signature confirmation public key 132) corresponding to the private key used for the signature is obtained, and the digital signature is decrypted with the public key and compared with the other parts to obtain the digital signature. Can be confirmed. This is because if the digital certificate 131 is falsified or damaged, it is considered that these pieces of information do not match.
When a digital signature is attached, the signature target data may be encrypted with a private key for signature after data processing such as hash processing is performed.

  Of course, the digital certificate 131 may include information other than that shown in FIG. For example, when a digital certificate used for function validity / invalidity control and a public key certificate used for SSL authentication processing are used together, the digital certificate 131 also includes public key information. It is also conceivable that identification information such as the serial number of the MFP 10 is described in the digital certificate 131 and the certificate can be used only by a specific device having the same serial number. It is also conceivable to provide a flag for distinguishing between a digital certificate used for function validity / invalidity control and a digital certificate used for SSL authentication processing.

Next, FIG. 5 simply shows an example of a digital certificate in accordance with the format shown in FIG.
(A) is an example of a digital certificate in which the function of monochrome printing and monochrome copying is enabled and which has no expiration date.
(B) is an example of a digital certificate in which the function of color printing and color copying is enabled and which has no expiration date.
(C) is an example of a digital certificate in which the expiration date is set to March 31, 2005, which describes that the color printing function is to be enabled.
Each digital certificate shown here is issued by AAA.

  In addition, the MFP 10 checks the contents of each digital certificate 131 stored in the certificate storage unit 130 at the time of activation. The digital certificate within the valid period can be confirmed as valid and can be confirmed, and is described in the “validate function” item of the valid digital certificate among the functions provided by each application 160. Only the functions are effective, that is, provided to the user.

Next, the flowchart shown in FIG. 6 shows processing executed by the CPU 11 of the MFP 10 at the time of activation in order to realize such a function.
This process shows a part of the activation process of the MFP 10 and is performed by the CPU 11 executing a program related to each module shown in FIG. 3 and other necessary programs. However, illustration of portions not related to the above functions is omitted. In addition, at the time of step S11 in FIG. 6, it is assumed that the activation of each module except for the application 160 has been completed.

In the process shown in FIG. 6, the CPU 11 first checks the validity and expiration date of the digital certificate 131 stored in the certificate storage unit 130 by the certificate status determination module 101 in step S11. It should be noted that only digital certificates used for function validity / invalidity control are subject to confirmation here, and the distinction from those not used for validity / invalidity control is, for example, “Function to enable”. This can be done with or without information.
Among these, the validity is confirmed by confirming that the digital certificate 131 has not been damaged or tampered with using the signature confirmation public key 132 and information on the “issuer” in the digital certificate 131. This can be done by confirming that it has been issued by an appropriate issuer. Appropriate issuers may be the manufacturer who manufactured the MFP 10, or the issuer set by the manufacturer and set in the MFP 10.

  Further, the expiration date can be confirmed by referring to the “certificate expiration date” information in the digital certificate and comparing it with the current date and time information supplied by the timer 14. At this time, it is also confirmed whether or not an expiration date is set in the digital certificate 131. If the information by the timer 14 is not necessarily reliable, the information may be acquired from an external reliable time measuring means.

In step S12, it is determined whether there is a valid digital certificate without an expiration date.
Then, if there is, in step S13, an application having a function to be enabled is started based on the information of “function to be enabled” in the found digital certificate with no expiration date, and the process proceeds to the next step S14. In this activation process, the certificate status determination module 101 passes the certificate information to the function management module 102, and the function management module 102 selects an application to be activated from the information and selects the main control module 140. The main control module 140 performs the activation process according to the notification. If there are a plurality of certificates in step S12, the process in step S13 is performed for each certificate. However, even if the same function is described in a plurality of certificates, the application related to the function is not activated repeatedly.
On the other hand, if there is no valid digital certificate without an expiration date in step S12, the process directly proceeds to step S14.

In step S14, it is determined whether there is a valid digital certificate that has an expiration date and is within the expiration date.
If there is, in step S15, the timer control module 110 sets a timer to start monitoring the validity period of the digital certificate found. The contents of this monitoring may be such that when the expiration date comes, the certificate status determination module 101 is notified from the timer 14 via the timer control module 110.

  In the next step S16, based on the “function to be enabled” information in the found digital certificate with an expiration date, the application of the function to be enabled is activated, and the process proceeds to the subsequent processing. Here, the procedure of the activation process is the same as in step S13. If there are a plurality of certificates in step S14, the processes in steps S15 and S16 are performed for each certificate. Even in this case, even if the same function is described in a plurality of certificates or the function already activated in step S13 is described, the applications related to the function are not activated repeatedly.

On the other hand, if it is determined in step S14 that there is a valid period and there is no valid digital certificate within the valid period, the process proceeds to step S16 as it is.
If this process is executed as it is, all functions cannot be used when the digital certificate 131 stored in the certificate storage unit 130 is completely damaged for some reason. Therefore, even in such a case, if any function may be validated, a function for enabling it regardless of the presence or absence of a valid digital certificate may be prepared.

Next, FIG. 7 shows a flowchart of processing executed by the CPU 11 when the expiration date for starting monitoring in step S15 in FIG. 6 has come. Each process in this flowchart is also performed by the CPU 11 executing a program related to each module shown in FIG. 3 and other necessary programs.
This process is started when the timer control module 110 detects the expiration date of the digital certificate 131 by the timer 14, and the timer control module 110 first notifies the certificate status determination module 101 in step S21.
Upon receiving this notification, the certificate status determination module 101 requests the main control module 140 to restart the system in the next step S22.

Upon receiving this request, the main control module 140 prints out restart information indicating that the MFP 10 is restarted because the certificate has expired in an appropriate application in step S23, and the system is activated in step S24. Restart and finish the process.
If the MFP 10 is executing a job that is inconvenient if interrupted halfway, such as image formation or image reading, the processing in steps S23 and S24 may be performed after the job is completed. The process in step S23 is performed to indicate to the user the reason why the apparatus has suddenly restarted or to recommend renewal of the certificate that has expired, and when the MFP 10 does not have an image forming unit. Is not necessary. In the flowchart, “END” is described after step S24, but in actuality, this process is interrupted at the time of restart in step S24.

Then, at the time of restart, the startup process shown in the flowchart of FIG. 6 is executed again. At this point, the digital certificate that has detected the expiration date is no longer within the valid period. The functions described in the certificate are not validated because they are not processing targets in steps S15 and S16.
In the processes shown in FIGS. 6 and 7, the CPU 11 functions as a function management unit. Further, by performing the above processing, it is possible to cause the MFP 10 to provide only the function described in the “validation function” item of the valid digital certificate.

Next, FIG. 8 shows a flowchart of processing executed by the CPU when a new digital certificate is added. Note that this flowchart shows processing when a new certificate is normally acquired, and does not show processing regarding a case where a failure occurs or processing is interrupted.
When the user selects a mode for adding a new digital certificate, the CPU 11 starts processing shown in the flowchart of FIG.

  In step S31, the MFP 10 determines whether there is an environment for connecting to the service center via the Internet. Here, “there is an environment to connect” is not only that access is possible, but also users and / or devices are registered in the service center, and orders for goods and services from the MFP 10 to the service center become possible. Refers to the state of being.

If “YES” in the step S31, the process proceeds to a step S32 to display a certificate purchase button on the operation panel 16. At this time, of course, a message explaining the contents of the certificate may be displayed.
After that, in step S33, the process waits until the user presses the certificate purchase button. When the user presses the button, the service center is accessed in step S34, and a new digital certificate is downloaded and acquired.

FIG. 9 shows a communication sequence at this time.
As shown in FIG. 8, in step S34 of FIG. 8, the MFP 10 first transmits a certificate issuance application to the server device 51 of the service center (S101). Then, the server device 51 confirms the application contents and determines that the application is appropriate (S102), transmits a certificate issuance request to the CA 52 (S103), and the CA 52 responds accordingly with a digital certificate (valid). If a time limit is set, it is of course within the valid period) and returned to the server device 51 (S104). Then, a process is executed in which the server apparatus 51 returns the digital certificate received from the CA 52 to the MFP 10 (S105).

Returning to the description of FIG.
If the certificate can be acquired in step S34, the process proceeds to step S38, the certificate acquired by the CPU 11 is stored in the certificate storage unit 130, the system is restarted in step S39, and the process ends. The subsequent processing is the same as in step S24 of FIG. 7, but in the startup processing after restart, the newly stored digital certificate is also handled as a valid certificate.

On the other hand, if NO in step S31, the user cannot order a new certificate from the MFP 10, and therefore purchases the certificate in advance by another means. In this case, the certificate is recorded on a medium such as a flash memory or an SD card and delivered to the user.
Accordingly, as a process executed by the CPU, a message requesting that the medium be set in the external media I / F 22 is displayed on the operation panel 16 in step S35, and the process waits until the medium is set in step S36. In step S37, a new digital certificate is read from the medium and acquired. The subsequent processing is the same as in the case of acquisition via the network.

  By performing the above processing, when a digital certificate expires or is about to expire, a new (after expiration date) digital certificate is stored, and the certificate continues. The described functions can be kept usable. This process can also be applied when a new digital certificate is stored, and the newly stored digital certificate may have no expiration date set. In addition, when storing a digital certificate used for valid / invalid control, it is preferable to add another certificate that has already been stored.

This is the end of the description of the operation of the MFP 10 of this embodiment. In this embodiment, the functions described in the digital certificate without an expiration date are the functions that the MFP 10 always provides and the digital certificate with the expiration date. The described function can be regarded as a function that allows the MFP 10 to provide the function for a predetermined period.
Therefore, if a digital certificate with no expiration date is written in the certificate storage unit 130 when the MFP 10 is manufactured, the function described therein can be used without any particular authentication or payment by the user. Can also be specified as a function that can be used in the initial state. In this case, the type of “function to be enabled” can be freely selected from the functions provided by the application 160 and can be described easily, but is described in the digital certificate. It is extremely difficult to falsify after it is described.

  Therefore, it can be said that it is possible to prevent unauthorized use of unintended functions while easily changing the range of functions enabled for all users. In addition, since a digital certificate with no expiration date is used, even if the device is left for a long period of time, the expiration date of the digital certificate will expire during that time, and the function will not be usable. There is nothing.

  In addition, when a user receives authentication or pays a fee, if a predetermined expiration date is set and a digital certificate describing a function that additionally permits use is passed to the user and set, Users can be allowed to use additional functions for a limited period of time. Even in this case, since the validity period and function type information are described in the digital certificate, it is difficult to tamper with them, so the function will continue to be used even after the permitted period has passed. It is possible to prevent a situation in which a function that is not permitted or a function that is not permitted is used.

  Because of this positioning, in digital certificates with no expiration date set, only some of the functions that can be provided by the device are listed as “functions to enable”. If only the ones that are not set are enabled, it is considered that enabling only a part of the functions of the apparatus is a proper application method of the above-described embodiment, and the above-described processing is performed. Accordingly, it is possible to cause the CPU 11 of the MFP 10 to function as means for performing such control.

  In the case of an MFP, at the time of shipment of the apparatus, a digital certificate with no expiration date is stored as a function that enables functions such as monochrome printing, monochrome copying, and monochrome scanning as a minimum part of functions. In this state, it is preferable that only a part of functions can be used. When the user receives authentication or pays a fee, additional functions such as “color printing”, “color copy”, “color scan”, “scan to email” are enabled. It is advisable to provide and store a digital certificate with an expiration date “

  When a lease contract is made for a device, there is a problem in that an appropriate use period cannot be maintained, and illegal device crossing may occur. However, by performing the above-mentioned correspondence, it is possible to store a digital certificate with an expiration date after first confirming the user so that all functions can be used. Since only a part of the basic functions can be used, the value of the device is reduced, and it is possible to make it difficult to extend the usage period and to make it cross without permission. On the other hand, if the contract is regularly renewed and the digital certificate is also renewed with a later expiration date, the device can be used with additional functions available.

  As a modified example, the information to be “validated” may not be described in the digital certificate, and the function to be validated may be determined on the MFP 10 side according to the type of the valid certificate. In this case, for example, if a certificate used for controlling the validity / invalidity of a function includes a certificate that is valid at the time of confirmation and a certificate with a valid period set, all the functions are validated. In addition, if only those for which no valid period is set are included, it may be possible to validate only some basic functions. Even in this case, it is possible to realize an operation such that only a part of the basic functions can be used after the predetermined period has elapsed.

In the above embodiment, the MFP has been described as an example. However, the present invention can be applied to any device that provides a plurality of functions and can store and reference a digital certificate. Of course. Applicable objects include, for example, image processing devices such as printers, fax machines, digital copiers, and scanners, as well as general-purpose computers, network home appliances, vending machines, medical equipment, power supply devices, air conditioning systems, gas, water, and electricity Various electronic devices such as weighing systems, automobiles, airplanes, etc. are conceivable.
Since the digital certificate can be set by burning in a ROM or reading from a medium at a factory, it is not essential to have a function of communicating with an external device. In addition, it goes without saying that the items described as “validation function” in the digital certificate may be freely determined according to the characteristics of the apparatus. Of course, the data configuration and the like may be changed as appropriate.

The program according to the present invention is a program for causing a computer to function as a device such as the MFP 10 described above. By causing the computer to execute such a program, the above-described effects can be obtained.
Such a program may be stored in a storage means such as a ROM or HDD provided in the computer from the beginning, but a non-volatile recording such as a CD-ROM or flexible disk, SRAM, EEPROM, memory card or the like as a recording medium. It can also be recorded on a medium (memory) and provided. Each procedure described above can be executed by installing a program recorded in the memory in a computer and causing the CPU to execute the program, or causing the CPU to read and execute the program from the memory.
Furthermore, it is also possible to download and execute an external device that is connected to a network and includes a recording medium that records the program, or an external device that stores the program in a storage unit.

As described above, according to the device, the function management method, the program, or the recording medium of the present invention, when managing the validity / invalidity of each function in a device that can provide a plurality of functions, It is possible to prevent unauthorized use of unintended functions while making it possible to easily change the range of functions to be enabled.
Therefore, by using the present invention, a device having both high security and convenience can be configured.

1 is a block diagram showing a configuration of an MFP which is an embodiment of a device of the present invention. FIG. 2 is a diagram illustrating an example of a usage environment when a user uses the MFP. It is a figure which shows the part which concerns on the characteristic of embodiment among the function structures of the MFP. FIG. 6 is a diagram illustrating an example of description contents of a digital certificate used for function validity / invalidity control in the MFP. It is a figure which shows simply the example of the digital certificate according to the format shown in FIG. FIG. 3 is a flowchart illustrating a process according to a feature of the embodiment, out of processes executed by the CPU of the MFP illustrated in FIG. Similarly, it is a flowchart showing a process executed by a CPU when an expiration date of a digital certificate has come. It is a flowchart which similarly shows the process which CPU performs when adding a new digital certificate. FIG. 2 is a diagram showing a processing sequence when the MFP shown in FIG. 1 accesses a service center and downloads and acquires a new digital certificate.

Explanation of symbols

10: MFP, 11: CPU, 12: ROM, 13: RAM, 14: timer,
15: Operation port I / F, 16: Operation panel, 17: HDD I / F, 18: HDD,
19: NVRAM, 20: flash ROM, 21: network communication control unit,
22: External media I / F, 23: Scanner I / F, 24: Scanner engine,
25: Plotter I / F, 26: Plotter engine, 51: Server device, 52: CA,
60: Internet, 100: Authentication module,
101: Certificate status determination module, 102: Function management module,
103: Data transmission / reception module, 104: SSL processing module,
105: Encryption / decryption module 110: Timer control module
120: Security information access library, 130: Certificate storage unit,
131: Digital certificate, 132: Public key for signature confirmation, 140: Main control module,
150: Network control module, 160: Application

Claims (4)

A function providing means for providing a plurality of functions;
Function management means for managing validity / invalidity of each function provided by the means;
A certificate storage unit for storing a digital certificate including permitted function information indicating a function to be validated among the functions provided by the function providing unit;
The function management means is provided with means for managing validity / invalidity of the function provided by the function providing means according to the permitted function information in the valid digital certificate stored in the certificate storage means. Device to use. A function management method for a device according to claim 1, comprising:
A part of the function provided by the function providing unit is stored in the certificate storage unit of the device as the permitted function information in the digital certificate in which the expiration date is not set,
When the valid digital certificate stored in the certificate storage means is only the digital certificate for which the expiration date is not set, the function providing means provides the function provided by the function providing means. A function management method characterized in that only a part is made effective. Computer
A function providing means for providing a plurality of functions;
Function management means for managing validity / invalidity of each function provided by the means;
Including a program for functioning as certificate storage means for storing a digital certificate including permitted function information indicating a function to be validated among the functions provided by the function providing means,
The function management means is provided with a function for managing the validity / invalidity of the function provided by the function providing means according to the permitted function information in the valid digital certificate stored in the certificate storage means. Program to do. A computer-readable recording medium on which the program according to claim 3 is recorded.

Images