JP2008168561A - Image forming apparatus - Google Patents

Abstract

The present invention relates to an image forming apparatus that operates by switching a plurality of firmware.
An image forming apparatus GK determines a firmware switching instruction of an operation panel 15 by a firmware determination unit 11, and a firmware having a low security level among firmware in a firmware storage unit 14 is determined by a startup firmware selection module 13a. When activated, the firmware is switched to a higher security level at a predetermined switching timing. Therefore, it is possible to prevent the use state of firmware having a low security level from continuing indefinitely, and to appropriately maintain intended security requirements while improving usability.
[Selection] Figure 2

Description

  The present invention relates to an image forming apparatus, and more particularly to an image forming apparatus such as a composite apparatus that operates by switching a plurality of firmware.

  In an image forming apparatus such as a printer, a facsimile machine, a copying machine, and a composite apparatus (MFP), the functions tend to be increased in order to change and support the functions according to the user's request.

  In recent years, various functions of the image forming apparatus have been modularized. For example, in a copying apparatus, a reading function for reading an image of a document, and on a photoconductor on the basis of image data of a document read by the reading function. Writing function to form an electrostatic latent image by writing on the image, image forming function to develop the electrostatic latent image on the photosensitive member to form a developer image and transfer the developer image onto the transfer paper, development on the transfer paper The copying process is performed through each functional process such as a fixing function for fixing the agent image, and these functions are also modularized. By modularizing in this way, the device can be developed for each module.

  Each of these modules is controlled by the firmware of a system controller that controls the whole while operating by individual firmware.

  Recently, in order to improve the scalability of firmware and applications of image forming apparatuses that have been put on the market, image forming apparatuses are retrofitted with various media, for example, applications by third parties other than composite device manufacturers. It has become possible to perform installation and firmware update (see Patent Document 1).

JP 2001-216115 A

  In recent years, however, data security has been emphasized, and image forming apparatuses have been required to satisfy certain security requirements (such as company-specific requirements and public institution authentication).

  In this case, if the firmware and application of an image forming apparatus such as a composite apparatus are always fixed simply because of ease of use, a result that violates security requirements may be caused. In other words, there is a risk of inducing a security hole by making a user-friendly state by installing a third-party application.

  On the other hand, if it is used due to security requirements and ignoring usability, user convenience is impaired.

  Accordingly, the present invention provides an image forming apparatus that appropriately manages firmware so as to appropriately maintain intended security requirements in consideration of the degree of use such as the level of firmware versions and the level of security requirements. The purpose is that.

  An image forming apparatus according to a first aspect of the present invention is an image forming apparatus having a plurality of functions, the function operation of which is controlled by firmware. Firmware storing means for storing firmware, switching instruction means for instructing switching of the plurality of firmware, and firmware starting means for starting firmware corresponding to the switching instruction by the switching instruction means, wherein the firmware starting means is When the firmware whose safety level is lower than the predetermined partition safety level is activated by the switching instruction from the switching instruction means, the partition safety among the plurality of firmware of the firmware storage means is sent at a predetermined switching timing. Fur with a predetermined safety level of at least By switching to wear, it has achieved the above objects.

  In this case, for example, as described in claim 2, the firmware storage unit also stores user-related information regarding a user who is permitted to start the firmware, and the firmware activation unit includes the switching instruction. The activation of firmware corresponding to the switching instruction by the means may be controlled based on the user related information.

  Further, for example, in the image forming apparatus, the user related information includes authority information related to permission / inhibition of a firmware activation instruction by the user, and the firmware activation unit includes: Based on the authority information of the firmware corresponding to the switching instruction, it is determined whether the user who has performed the switching instruction by the switching instruction means is a user who has the authority to permit the activation instruction, It may be possible to control whether to activate the firmware corresponding to the switching instruction.

  Further, for example, in the image forming apparatus, the switching timing may be when a predetermined switching period elapses after the low-safety firmware is activated.

  Further, for example, as described in claim 5, in the image forming apparatus, the switching instruction unit instructs the safety degree of the firmware of the switching destination, and the firmware activation unit is stored in the firmware storage unit. The firmware corresponding to the degree of safety instructed by the switching instruction means may be selected from the plurality of firmware, and the selected firmware may be activated.

  Further, for example, as described in claim 6, the firmware storage unit includes a firmware that has received a predetermined authentication as the firmware and that has a high degree of safety and a firmware that has not received the authentication and has a low degree of safety. Two firmwares may be stored.

  According to the image forming apparatus of the present invention, when a firmware whose safety level is lower than a predetermined partition safety level is activated in response to a firmware switching instruction, the firmware is set to be equal to or higher than the partition safety level at a predetermined switching timing. Switch to firmware with a certain degree of safety, so that the usage status of firmware with low safety is prevented from forever, and the usability is improved by considering the degree of usage such as high and low firmware versions and high and low security requirements. In addition, the firmware can be appropriately managed so as to appropriately maintain the intended security requirements, and convenience and safety can be improved.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In addition, since the Example described below is a suitable Example of this invention, various technically preferable restrictions are attached | subjected, However, The scope of the present invention limits this invention especially in the following description. As long as there is no description of the effect, it is not restricted to these aspects.

  1 to 11 are diagrams showing an embodiment of an image forming apparatus of the present invention. FIG. 1 is a system configuration diagram of a network system 1 to which an embodiment of the image forming apparatus of the present invention is applied.

  In FIG. 1, a network system 1 includes a plurality of client terminals CT, a distribution server SV1, an SMTP server SV2, an FTP (File Transfer Protocol) server SV3, and a plurality of images on a network NW such as the Internet or a LAN (Local Area Network). A forming apparatus GK and the like are connected.

  The distribution server SV1 includes a modem M, and transmits facsimile data received from the client terminal CT via the network NW to the communication destination facsimile apparatus FX via a telephone line (not shown) and also received from the facsimile apparatus FX. The facsimile data thus transferred is transferred to the client terminal CT on the network NW.

  The SMTP server SV2 transmits / receives mail to / from a plurality of client terminals CT via the network NW using SMTP (Simple Mail Transport Protocol).

  When the FTP server SV3 receives a file transfer request to itself using FTP (File Transfer Protocol) which is a transfer command of the network NW, the FTP server SV3 receives files stored therein in response to the file transfer request from the client terminal CT or the like. Perform file transfer.

  The client terminal CT is an ordinary personal computer, and performs exchange of facsimile data with the distribution server SV1, exchange of mail with the SMTP server SV2, exchange of files with the FTP server SV3, and the like. The file is sent to the image forming apparatus GK via the server SV3 or directly, and the image forming apparatus GK is caused to print the file.

  As the image forming apparatus GK, for example, an MFP (composite apparatus) or the like is used, and an ADF (Auto Document Feeder) that transports a document to an image reading position of a paper feeding unit, an image forming unit, a scanner unit, and a scanner unit, a facsimile A communication function unit, a network communication function unit, and the like are provided to realize a so-called copy function, fax function, printer function, scanner function, and the like.

  As shown in FIG. 2, the image forming apparatus GK includes a firmware determination unit 11, a determination data storage unit 12, a firmware management unit 13, a firmware storage unit 14, an operation panel 15, and the like. Execute.

  As shown in FIG. 3, the operation panel (switching instruction means) 15 includes a numeric keypad 21, a start key 22, a clear / stop key 23, a preheating key 24, a reset key 25, an initial setting key 26, a copy key 27, a copy server key. 28, a scanner key 29, a printer key 30, a FAX key 31, a personal environment key 32, a user information key 33, and a display unit 34 are provided.

  The numeric keypad 21 is used for input operations such as the number of copies and the facsimile transmission destination number, and is also used for various operations in firmware management processing described later, for example, a security level setting operation. The start key 22 is used for various operations. It is used for operation start instruction operation, input content confirmation operation with various keys, and the like.

  The clear / stop key 23 is used for instructing operation of clear / stop of various operations and clear / stop of key operations, and the preheat key 24 is used to shift from a standby state to a preheat state (power reduction state) or to fix. It is operated when the temperature is lowered or the display on the display unit 34 of the operation panel 15 is turned off. The preheating state means a low power state defined by the International Energy Star Program. When the preheating state, the off state / sleep state is canceled and the state is shifted to the standby state, the preheating key 24 is operated again.

  The reset key 25 is used for resetting various operations and resetting input operations.

  The initial setting key 26 is used when shifting to an initial setting mode for arbitrarily customizing the initial state of the image forming apparatus GK. For example, as will be described later, a setting operation of a security level that is started when the activation unused state of the image forming apparatus GK becomes a usage state before a predetermined time has passed, and setting of the paper size stored in the image forming apparatus GK Operation, setting operation in a state set when the clear / stop key key 23 is operated to clear the copy function mode, selection operation of an application selected preferentially when there is no operation for a certain period of time, international energy When performing the setting operation of the transition time to the low power state and the setting operation of the transition time to the auto-off / sleep mode according to the star plan, the initial setting key 26 is operated to perform these operations.

  The copy key 27 is used for selecting and operating a copy mode of the image forming apparatus GK, and the copy server key 28 is used for a copy mode such as editing (copy mode setting, printing, deleting) of existing accumulated image data. Used when selecting.

  The scanner key 29 accumulates document image data read by the scanner unit in a storage device (not shown) in the image forming apparatus GK, and transmits document image data read by the scanner unit, accumulated image data, and the like to the outside. Used when selecting the scanner mode.

  The printer key 30 is used when selecting a print mode in which print data sent together with a print request from the client terminal CT or the like via the network NW, stored image data, and print data to be printed out by the image forming unit are selected. used.

  The FAX key 31 is used when selecting a facsimile mode such as facsimile transmission of document image data read by the scanner unit or accumulated image data.

  The personal environment key 32 is used when setting the usage environment of each user who uses the image forming apparatus GK, and the user information key 33 is authentication information of the user who uses the image forming apparatus GK, in particular firmware described later. This is used when setting authentication information (authority information) for identifying a user who is permitted to change the setting as user information (user information).

  As the display unit 34, a liquid crystal touch panel in which a touch panel is superimposed on a liquid crystal display is used, and the key operation contents and function keys to which various information and various functions to be notified to the user from the image forming apparatus GK are given to the liquid crystal display. When the function key displayed and touched on the liquid crystal display is touched, the touch panel detects the touch operation, and the display on the liquid crystal display of the function key selected by the touch operation is reversed and displayed in black, etc. The key operation result of the function key is notified to the firmware determination unit 11 or a system controller (not shown).

  The firmware determination unit 11 is connected to the network NW, the operation panel 15, the determination data storage unit 12, and the like. The firmware determination unit 11 is connected to the firmware determination unit 11 from the client terminal CT, the SMTP server SV2, the FTP server SV3, and the like via the network NW. The transmitted firmware or firmware recorded in a portable memory such as an IC card (not shown) or a removable medium is input by reading through the interface of the portable memory or the removable medium.

  The determination data storage unit 12 is composed of a non-volatile memory such as a hard disk or a battery-backed RAM (Random Access Memory), and includes security level (security standard) information that is a safety level for the module as shown in FIG. Security level information as a security level for firmware as shown in FIG. 5 is stored as a security level table.

  In the security level table for the module shown in FIG. 4, the correspondence relationship is registered between the information of various modules constituting the firmware and the security level according to the information of the module. The security level table for the firmware shown in FIG. The security level of the firmware corresponding to the presence / absence of a module corresponding to the security level is registered. The modules constituting the firmware include applications provided by the manufacturer of the image forming apparatus GK or a third party. In the above description, the security level information is described as being stored in the determination data storage unit 12 in a tabular format as a security level table. However, the security level information is not limited to the tabular format. For example, XML ( A document file format described in a structured description language such as (Extensible Markup Language) may be used.

  The firmware determination unit 11 determines the security level of the input firmware with reference to the security level table of the determination data storage unit 12, and based on input from the operation panel 15 or login information using an IC card (not shown). The user authority is determined and passed to the firmware management unit 13.

  The firmware storage unit (firmware storage means) 14 uses a non-volatile storage device such as a hard disk. In this embodiment, the firmware storage unit (firmware storage means) 14 stores two types of firmware, the first firmware and the second firmware classified according to the security level. A first firmware storage area 14a and a second firmware storage area 14b are provided. This security level (LV) is information indicating a level set based on the presence or absence of authentication by a public organization or a third party organization, and a degree related to the use of the image forming apparatus GK determined by the manufacturer's original standard of the image forming apparatus GK. is there.

  The first firmware storage area 14a stores the first firmware, and the first firmware activation module 14aa that activates the first firmware and the authentication information that identifies the user permitted to change the setting of the first firmware (Authority information) is stored as user information (user information) 14ab, and the second firmware storage area 14b stores the second firmware and the second firmware activation module 14ba that activates the second firmware. And authentication information (authorization information) for identifying a user permitted to change the setting of the second firmware is stored as user information (user information) 14bb. Further, although not shown, the first firmware storage area 14a and the second firmware storage area 14b also store the security level information of each stored firmware and information on whether or not the firmware is protected by the access role. These types of information may be in any format as long as it is possible to appropriately manage whether or not the firmware is protected by the security level and the access role.

  The firmware management unit 13 includes a startup firmware selection module 13a and a firmware update module 13b, and manages the first firmware and the second firmware in the firmware storage unit 14.

  The firmware update module 13b is a module that updates the first firmware and the second firmware. The firmware update module 13b compares the input firmware with the level of the firmware currently operating on the image forming apparatus GK (the level of the first firmware and the second firmware), and determines whether the operation panel 15 needs to be updated. When displayed on the display unit 34 and instructed to execute the update, the instructed firmware (first firmware or second firmware) is updated.

  The activation firmware selection module 13a activates the first firmware or the second firmware in accordance with an instruction from the firmware determination unit 11, and the image forming apparatus GK is set to a certain security level depending on the security level of the activated firmware. This is a module that automatically switches firmware (switching between the first firmware and the second firmware) to maintain the image forming apparatus GK with the switched firmware. In addition, the activation firmware selection module 13a checks whether the selected firmware is protected by any access role, and manages information indicating whether a user having the access role is logged in.

  The firmware determination unit 11, the activation firmware selection module 13a of the firmware management unit 13, and the first firmware activation module 14aa and the second firmware activation module 14ba of the firmware storage unit 14 function as firmware activation means as a whole.

  Next, the operation of this embodiment will be described. The image forming apparatus GK according to the present exemplary embodiment performs firmware management processing for determining firmware security level and managing firmware.

  First, firmware update / setting processing will be described. The image forming apparatus GK inputs the firmware for update to the firmware determination unit 11 via the network NW, or stores the firmware recorded in a portable memory such as an IC card (not shown) or a removable medium. When the update firmware is input to the firmware determination unit 11 by reading through the interface, the firmware determination unit 11 first determines the security level of the input firmware. That is, the firmware determination unit 11 refers to the file status, communication mode, etc. of each module constituting the firmware for update based on the security level table for the module shown in FIG. 4 in the determination data storage unit 12. The process of determining whether the security level of the module is “0” or “1” is performed for each module included in the update firmware, and then, the determination data storage unit 12 illustrated in FIG. Based on the security level table for the firmware, if there is even one security level “0” module (LV0 module), it is determined that the security level is “0” firmware (LV0 firmware). If there is even one module (LV1 module) It is determined that the Curie tee level of "1" firmware (LV1 of the firmware).

  In this embodiment, the firmware security level is determined based on whether or not there is at least one module corresponding to the security level “0” or the security level “1”. The method is not limited to the above determination method. For example, the security level of the firmware is determined by the number of modules having a certain security level, or some specific modules are always set to the security level “1”, and there are a number of the specific modules. The security level of the firmware may be determined depending on the situation.

  When the firmware determination unit 11 determines the security level of the input update firmware, the firmware determination unit 11 displays the security level of the update firmware on the display unit 34 of the operation panel 15 and the first firmware in the firmware storage unit 14. The security level (LV1) of the first firmware that is already stored in the storage area 14a and the security level (LV0) of the second firmware that is already stored in the second firmware storage area 14b are displayed, and the user can update Inquires whether to update the current firmware with the firmware.

  Based on the display on the display unit 34, the user selects a security level and selects whether to update.

  Then, the firmware determination unit 11 passes the security level of the update firmware and the security level selected by the user on the operation panel 15 to the firmware update module 13b of the firmware management unit 13, and the firmware update module 13b If the firmware satisfies the required security level, the first firmware in the first firmware storage area 14a is updated with the update firmware. However, if the update firmware does not satisfy the security level requested by the user, the firmware update module 13b does not use the first firmware in the first firmware storage area 14a but the second firmware in the second firmware storage area 14b. Update the firmware with the update firmware.

  Therefore, for the firmware update to the image forming apparatus GK, the firmware to be updated by the image forming apparatus GK can be appropriately determined based on the security level.

  Further, the image forming apparatus GK according to the present embodiment stores the firmware in duplicate and acquires the certification of the certification authority, that is, the firmware that satisfies the security standard requested by the user and the certification authority. The firmware update destination is assigned by determining the firmware that is not available on the image forming apparatus GK side.

  Therefore, it is possible to prevent the firmware that has been certified by the certification authority from being updated with firmware that has not been certified by the certification authority, and to prevent the security level required by the user from being lowered. can do.

  Then, as described above, when firmware having a predetermined security level is stored in the first firmware storage area 14a and the second firmware storage area 14b, the image forming apparatus GK, as shown in FIGS. The user can select and activate the firmware having the security level intended by the user through the selection operation on the operation panel 15. In the following description, it is assumed that the first firmware having the security level “1” (LV1) is currently operating in the image forming apparatus GK.

  First, when the user operates the initial setting key 26 of the operation panel 15 illustrated in FIG. 3, the firmware determination unit 11 causes the display unit 34 to display a startup firmware selection screen as illustrated in FIG. 8, for example. In FIG. 8, the first firmware storage area 14a stores the first firmware of the security level “1” (LV1) updated by the update process, and the second firmware storage area 14b stores the security information. The case where the second firmware of level “0” (LV0) is stored is shown.

  Here, for example, when the user desires to use the image forming apparatus GK with the second firmware having the security level “0”, the user selects the function selection button “area 2: security level 0” and selects “OK”. Operate the button.

  Then, as shown in FIG. 6, when the user selects the firmware to be activated (step S101), the firmware determination unit 11 passes the selection result to the activation firmware selection module 13a (step S102), and the activation firmware selection module 13a When the selection result is passed, the process is started (step S103), and the first firmware stored in the first firmware storage area 14a of the firmware storage unit 14 and the second firmware stored in the second firmware storage area 14b are stored. The security level of the firmware is read (step S104).

  The activation firmware selection module 13a uses the firmware determination unit 11 to check each firmware in the first firmware storage unit 20 and the second firmware storage region 14b in the firmware storage area 14 and the security level of the activation firmware selected by the user (step S105), as shown in FIG. 7, it is checked whether the security level of the firmware to be activated satisfies the security level selected by the user (step S106).

  6 and 7, the first firmware in the first firmware storage unit 20 satisfies the security level selected by the user, and the second firmware in the second firmware storage area 14b satisfies the security level selected by the user. It shows a case that is not.

  If the security level of the firmware to be activated satisfies the security level selected by the user in step S106 of FIG. 7, the activation firmware selection module 13a first stores the first firmware storage unit 20 that is the firmware selected by the user. The firmware activation module 14aa is activated (step S107), and the first firmware activation module 14aa activates the first firmware (step S108).

  If the security level of the firmware to be activated does not satisfy the security level selected by the user in step S106, the activation firmware selection module 13a does not use the firmware selected by the user, but activates the second firmware in the second firmware storage unit 21. The module 14ba is activated (step S109), and the display unit 34 of the operation panel 15 displays and notifies that the security level (security standard) is not satisfied, for example, as shown in FIG. The firmware activation module 14ba activates the second firmware (step S110).

  Accordingly, the image forming apparatus GK can be used with firmware having different security levels, such as when the user wants to start the image forming apparatus GK with firmware that has not been temporarily authenticated by the certification authority, and image formation The usability of the device GK can be improved.

  Furthermore, as shown in FIG. 10, the image forming apparatus GK of the present embodiment protects the selection of firmware by permitting only the authorized user to perform the firmware selection operation.

  That is, as shown in FIG. 10, when the user operates the initial setting key 26 of the operation panel 15 shown in FIG. 3 (step S201), the firmware determination unit 11 displays the initial setting menu on the display unit 34 (step S201). When the user selects and operates the firmware activation selection menu (step S203), the activation firmware selection module 13a accesses the firmware storage unit 14 to check whether the firmware is protected by some access role (step S204). ).

  In step S204, when the firmware in the firmware storage unit 14 is not protected by the access role, the activation firmware selection module 13a does not accept any setting change from any person, so the process returns to step S202, and the firmware determination unit 11 is set. The initial setting menu is displayed on the display unit 34 of the operation panel 5 (step S202).

  When the firmware in the firmware storage unit 14 is protected by the access role in step S204, the activation firmware selection module 13a checks whether or not the user who is permitted to change the settings is logged in (step S205). When the authorized user is logged in, the firmware activation selection menu as shown in FIG. 8 is displayed on the display unit 34 of the operation panel 5 via the firmware determination unit 11 to perform the firmware activation selection protection process. After completing the process (step S206), the firmware activation selection process as described above is performed. That is, when the firmware activation selection menu is displayed on the display unit 34 and the activation firmware is selected by the user, the firmware determination unit 11 inputs the selection result to the activation firmware selection module 13a. The activation firmware selection module 13a causes the firmware activation modules 14aa and 14ba in the firmware storage areas 14a and 14ba in which the firmware of the selection result is stored to activate the firmware in the firmware storage areas 14a and 14b, and the security of the firmware The image forming apparatus GK can be used at the level.

  Then, the activation firmware selection module 13a determines whether or not the logged-in user is a user who is permitted to change settings as follows. That is, the activation firmware selection module 13a stores the firmware when the login information is input, for example, by an input operation from the operation panel 5 or reading a portable memory such as an IC card (not shown) with a portable memory interface such as an IC card reader. By referring to the first firmware storage area 14a and the second firmware storage area 14b of the unit 14, user information 14ab and 14bb corresponding to the login information is acquired from the user information 14ab and 14bb associated with the information of each firmware. The user is permitted to change the setting depending on whether or not the acquired user information 14ab, 14bb includes information indicating that the user authority is permitted to change the setting, such as a device administrator or a system administrator. It is determined whether or not. When the acquired user information 14ab, 14bb includes information indicating that the user authority is permitted to change the settings of the device administrator, the system administrator, etc., the boot firmware selection module 13a It is determined that the user is permitted to change the setting.

  In step S205, when the user who is permitted to change the setting is not logged in, the activation firmware selection module 13a logs in by the user who is permitted to change the setting by displaying on the display unit 34 of the operation panel 5 or outputting sound. (Step S207), it is checked again whether the user who has been permitted to change the setting is logged in (step S208).

  In step S208, when a user who is permitted to change the settings is logged in, the activation firmware selection module 13a displays a firmware activation selection menu as shown in FIG. 8 and ends the firmware activation selection protection process. (Step S206) Hereinafter, the firmware activation selection process as described above is performed.

  In step S208, when the user who is permitted to change the setting is not logged in, the activation firmware selection module 13a cannot recognize the setting change, and therefore, the process returns to step S202 and the operation panel 15 is set via the firmware determination unit 11. The initial setting menu is displayed on the display unit 34 and processed in the same manner as described above (steps S202 to S208).

  As described above, since the image forming apparatus GK according to the present embodiment allows only authorized users to select the firmware at the time of activation, it is possible to improve the usability while ensuring the security of the image forming apparatus GK. it can.

  Further, the image forming apparatus GK switches to firmware having a higher security level when a predetermined time-up time elapses after being activated once unused.

  That is, as shown in FIG. 11, when the image forming apparatus GK is activated (step S301) and the firmware to be activated next time is selected, for example, the firmware of the security level “1” (LV1), as shown in FIG. (Step S302) A timer that measures a preset firmware switching time from when the image forming apparatus GK is not used is started (Step S303), and the use of the image forming apparatus GK is not performed until the timer expires. It is checked whether it has not been performed (step S304). Note that the unused state of the image forming apparatus GK is, for example, a state in which power supply to an engine unit such as an image forming unit of the image forming apparatus GK is cut off, or power supply to the engine unit and the entire controller board is cut off. A state is called a timer for counting the firmware switching time from the unused state, and it is determined whether the unused state continues for the firmware switching time.

  In step S304, when the image forming apparatus GK is in use before the timer expires, that is, before the timer counts the firmware switching time, for example, power supply to the engine unit and the controller board is started. Then, while maintaining the current security level, that is, in a state where the current firmware is used as it is, the process returns to step S303, and when the next unused state is entered, a timer is started and the unused state is again set. It is checked whether the timer expires (steps S303 and S304).

  In step S304, when the timer expires in an unused state, the firmware determination unit 11 refers to the security level table in the determination data storage unit 12 and finds firmware having a higher security level than the firmware that has been operating up to now. Specifically, the firmware having the high security level is notified to the activation firmware selection module 13a, and the activation firmware selection module 13a restarts the image forming apparatus GK (step S305), and the firmware having the high security level is stored. The firmware activation modules 14aa and 14ba in the firmware storage areas 14a and 14b are activated to activate the firmware having a high security level (step S306).

  Since the firmware having the security level “1” (LV1) corresponds to the firmware having a high security level, the firmware determination module 11 instructs the activation firmware selection module 13a to activate the firmware having the security level “1” (LV1). The activation firmware selection module 13a activates the firmware activation modules 14aa and 14ba in which firmware of the security level “1” is stored in the firmware storage areas 14a and 14b of the firmware storage unit 14.

  As described above, when the firmware having a low security level as the safety level is activated, the image forming apparatus GK according to the present exemplary embodiment switches to the firmware having the higher security level at a predetermined switching timing.

  Therefore, it is possible to prevent the use state of firmware with a low security level (safety level) from continuing forever, and to improve the usability while considering the degree of use such as the version of firmware version and the level of security requirements. Firmware can be appropriately managed so as to appropriately maintain the security requirements, and convenience and safety can be improved.

  In the above description, the case where the security level of the firmware is two levels “0” and “1” has been described. However, the security level of the firmware is not limited to two levels, and more security levels. May be classified. If a large number of security levels are provided in this way, for example, the security level may be set according to various functions available in the image forming apparatus GK and protected.

  In this case, when a predetermined time-up time elapses after being activated once, when the firmware is switched to the firmware having the higher security level, the firmware determination unit 11 is, for example, a plurality of firmware stored in the firmware storage unit 14. The firmware having the highest security level is identified, and the activation firmware selection module 13a is instructed to activate the firmware having the highest security level. The startup firmware selection module 13a restarts the image forming apparatus GK and operates the firmware having the instructed highest security level.

  With this configuration, when a firmware having a security level lower than a predetermined security level is activated among a plurality of firmwares having different security levels in response to a firmware switching instruction, the firmware is set to the predetermined timing at a predetermined switching timing. It is possible to switch to firmware with a predetermined security level that is higher than or equal to the security level, and prevent the use of firmware with low safety level from continuing indefinitely, improving usability and maintaining the intended security requirements appropriately Thus, the firmware can be properly managed.

  In the above description, the security level is changed under the condition that the unused state of the image forming apparatus GK continues for a certain period of time. However, the condition for changing the security level is not limited to the above case. For example, the security level may be changed every time the image forming apparatus GK is used.

  The invention made by the present inventor has been specifically described based on the preferred embodiments. However, the present invention is not limited to the above, and various modifications can be made without departing from the scope of the invention. Needless to say.

  The present invention can be applied to an image forming apparatus such as a printer, a copying apparatus, or a composite apparatus that operates by switching a plurality of firmware.

1 is a system configuration diagram of a network system to which an embodiment of an image forming apparatus of the present invention is applied. FIG. 2 is a block diagram of a main part of the image forming apparatus in FIG. 1. FIG. 3 is a plan view of an operation panel of the image forming apparatus in FIG. 2. FIG. 3 is a diagram illustrating an example of security level information for a module stored in a determination data storage unit of the image forming apparatus in FIG. 2. FIG. 3 is a diagram illustrating an example of security level information for firmware stored in a determination data storage unit of the image forming apparatus in FIG. 2. 3 is a flowchart showing firmware selection activation processing by the image forming apparatus in FIG. 2. 7 is a flowchart showing processing subsequent to the firmware selection activation processing of FIG. The figure which shows an example of the selection screen of the starting firmware displayed on an operation panel by the firmware selection starting process of FIG. The figure which shows an example of the notification screen which displays that the security level is not satisfy | filled on the operation panel by the firmware selection starting process of FIG. FIG. 3 is a flowchart showing firmware selection processing that permits a firmware selection operation only to an authorized user by the image forming apparatus of FIG. 2. 3 is a flowchart showing automatic switching processing from firmware with a low security level to firmware with a high security level by the image forming apparatus of FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Network system NW network CT Client terminal SV1 Distribution server SV2 SMTP server SV3 FTP server GK Image formation apparatus M Modem FX Facsimile apparatus 11 Firmware judgment part 12 Judgment data storage part 13 Firmware management part 13a Startup firmware selection module 13b Firmware update module 14 Firmware Storage unit 15 Operation panel 14a First firmware storage area 14aa First firmware activation module 14ab User information 14b Second firmware storage area 14ba Second firmware activation module 14bb User information 21 Numeric keypad 22 Start key 23 Clear / stop key 24 Preheat key 25 Reset Key 26 Initial setting key 27 Copy key 28 Copy server key 29 Scanner key 30 Printer key 31 FAX key 32 Personal environment key 33 User information key 34 Display section

Claims (6)

  In an image forming apparatus having a plurality of functions, the function operation of which is controlled by firmware, among the plurality of functions, firmware storage means for storing a plurality of firmwares having different functions that can be operated according to their safety levels; Switching instruction means for instructing switching of firmware, and firmware activation means for activating firmware corresponding to the switching instruction by the switching instruction means, wherein the firmware activation means is configured to perform the safety instruction according to the switching instruction by the switching instruction means. When a firmware having a degree lower than a predetermined partition safety level is activated, the firmware is switched to a firmware having a predetermined safety level equal to or higher than the partition safety level among a plurality of firmware in the firmware storage means at a predetermined switching timing. Characterized by Image forming apparatus.   The firmware storage means also stores user-related information relating to a user who permits or prohibits the activation of the firmware, and the firmware activation means determines whether or not to activate the firmware corresponding to the switching instruction by the switching instruction means. 2. The image forming apparatus according to claim 1, wherein control is performed based on the user-related information.   In the image forming apparatus, the user-related information includes authority information related to permission / inhibition of the firmware activation instruction by the user, and the firmware activation unit is operated by the user who has performed the switching instruction by the switching instruction unit. Whether or not the user has the authority to permit the activation instruction is determined based on the authority information of the firmware corresponding to the switching instruction, and the activation permission of the firmware corresponding to the switching instruction is controlled. The image forming apparatus according to claim 2, wherein:   4. The image forming apparatus according to claim 1, wherein the switching timing is when a predetermined switching period elapses after the firmware having the low safety level is activated. 5. Image forming apparatus.   In the image forming apparatus, the switching instruction unit instructs the safety level of the firmware to be switched, and the firmware activation unit is the switching instruction unit among the plurality of firmware stored in the firmware storage unit. 5. The image forming apparatus according to claim 1, wherein firmware corresponding to the instructed safety level is selected and the selected firmware is activated.   The firmware storage means stores two firmwares: a firmware that has received a predetermined authentication as the firmware and has a high degree of safety and a firmware that has not received the authentication and has a low degree of safety. The image forming apparatus according to claim 1.

Images