JP2011233049A - Image processing apparatus, alteration detection system and detection method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To detect that an application program is altered when executing the application program using an API.SOLUTION: An information processor which discloses the API for developing an application, stores API information which indicates the API which is possible to be called by the application. When a request of processing is accepted from the application outside of this information processor, the information processor detects the API which is called on the accepted process. When the detected API is not indicated by the API information, the information processor does not call the API.

Description

  The present invention relates to detection of falsification of an application program.

  In recent years, copying machines have become more multifunctional, and so-called multifunction machines (hereinafter referred to as “MFP (Multi Function Peripheral)”) have become mainstream.

  These functions are realized by incorporating a number of application programs into the MFP, and these application programs are developed using an API (Application Program Interface) provided in the MFP.

  Some MFP manufacturers have released APIs (Application Program Interfaces) for developing new functions and expanding currently installed functions.

  By publishing the API, it becomes easy for many application program developers to develop various application programs, and there is an advantage that more advanced and easier-to-use functions can be installed in the MFP. is there.

  However, unconditionally mounting an application program developed by an application program developer on the MFP has a problem in terms of security, and various techniques have been proposed.

  For example, a technique for restricting an API that can be used for each application program has been proposed (see Patent Document 1).

  Specifically, a permission level is determined for each command (API) provided in the MFP, and the application program can use only a command having a permission level corresponding to a level key given to itself.

  As another technique, there is a technique in which the MFP executes an application program only when positive authentication is performed based on an authentication key included in the application program. The MFP manufacturer verifies the application program in advance, and gives an authentication key only to those that have passed, for example, those that do not use inappropriate APIs.

JP 2006-344146 A

  However, if the MFP manufacturer changes the application program after giving the authentication key, or if the application program is modified in the market, the application program is executed because the authentication key is a valid key. become.

  Therefore, an object of the present invention is to detect that an application program has been tampered with when an application program using an API is executed.

  In order to achieve the above object, an image processing apparatus according to an aspect of the present invention is an image processing apparatus that publishes one or more APIs that can be called by an application program. API information storage means for storing API information indicating the APIs each of which is permitted to be called for each application program, request accepting means for accepting an API call request from an external application program of its own device, When the API called in the request received by the request receiving means is not indicated by the API information stored in association with the external application program, the control means includes a control means for suppressing the API call.

  The image processing apparatus having the above configuration can detect that the application program has been tampered with when executing the application program using the API.

It is a figure which shows the example of the whole structure of a tampering detection system. 2 is a diagram illustrating an example of a hardware configuration of an MFP. FIG. FIG. 3 is a diagram illustrating an example of a procedure from development of an application program to installation in an MFP and functional blocks used until installation in the MFP. It is a block diagram which shows the example of a functional structure of a user terminal and MFP. It is a figure which shows the example of the execution process of an application. It is a figure which shows the example of a structure and content of an API extraction list. It is a figure which shows the example of a structure and content of an API list. It is a figure which shows the example of a structure and content of authentication data. It is a figure which shows the example of an application list screen. It is a flowchart which shows the authentication data generation process in an authentication data generation apparatus. It is a flowchart which shows the registration process of an application. 5 is a flowchart showing application execution processing in the MFP. It is a figure showing an example of composition and contents of an API list of a modification.

<Embodiment>
<Overview>
In the MFP of the embodiment, the name of an API that may be executed in an application program installed in the MFP is stored for each application program. “API” refers to an interface for accessing commands and functions that can be used when developing an application program installed in the MFP, and each of the commands and functions is also referred to as “API”. is there. Here, each of the functions and the like is referred to as “API”.

  If an API with a name other than the stored name is called during the execution of the application program, the execution of the application program is stopped without executing the API.

  Here, the API of the name stored is the API used in the application program verified to give the authentication key by the MFP manufacturer. In other words, these APIs can be said to be APIs that the MFP manufacturer permits to be called by an application program.

  Accordingly, after the authentication key is assigned, the application program that has been changed to use a new API cannot be executed.

  However, a change using the API that was used when the authentication key was assigned is allowed. In other words, there is an advantage that it is not necessary to newly apply for an authentication key to the MFP manufacturer simply by making a modification or upgrading without calling another API. In addition, since the API which the MFP manufacturer does not want to be called is not called for the MFP manufacturer, the security intended when the authentication key is given can be ensured, and what verification work to give the authentication key can be performed. There is an advantage that it is never done.

  Hereinafter, an alteration detection system 100 according to an embodiment of the present invention will be described with reference to the drawings.

<Configuration>
FIG. 1 is a diagram illustrating an example of the overall configuration of a falsification detection system 100.

  The falsification detection system 100 includes a user terminal 1000, a user terminal 1001, a user terminal 1002, an MFP 2000, and an authentication data generation device 3000. In FIG. 1, three user terminals and one MFP are included, but one or more may be included. Moreover, although the authentication data generation device 3000 is one unit, it may be one or more units.

  The user terminal 1000, the user terminal 1001, and the user terminal 1002 are so-called terminal devices such as personal computers, which have an interface such as a display and a keyboard, send print jobs to the MFP 2000, and application programs in response to requests from the MFP 2000. Or execute.

  The MFP 2000 is generally called a multifunction peripheral, and is an apparatus that integrates functions such as a copy function, a fax function, a network printing function, a scanner function, and a box function. Upon receiving an application program execution instruction from the user, the MFP 2000 performs processing in cooperation with the user terminal 1000.

  The authentication data generation device 3000 is a so-called terminal device such as a personal computer, and includes an interface such as a display and a keyboard, reads an application program, and generates authentication data for the application program. Only when the authentication data is positively authenticated by the MFP 2000, the application program can be registered in the MFP 2000 and executed.

  Next, the hardware configuration of the MFP 2000 will be described.

  FIG. 2 is a diagram illustrating an example of a hardware configuration of the MFP 2000. The MFP 2001 and the MFP 2002 have the same configuration.

  The MFP 2000 includes a central processing unit (CPU) 20a, a random access memory (RAM) 20b, a read only memory (ROM) 20c, a hard disk 20d, a control circuit 20e, an operation panel 20f, a communication interface 20g, a printing device 20h, and an IC card reader. 20i or the like.

  The control circuit 20e is a circuit for controlling the hard disk 20d, the operation panel 20f, the communication interface 20g, the printing device 20h, the IC card reader 20i, and the like.

  The operation panel 20f is a touch panel display panel, a screen for giving a message or an instruction to the user, a screen for inputting a processing type and processing conditions desired by the user, and processing executed by the CPU 20a. A screen showing the result is displayed. In addition, the user can give an instruction to the MFP 2000, specify processing conditions, and input a password or the like by touching a predetermined position on the operation panel 20f. As described above, the operation panel 20f serves as a user interface of a user who operates the MFP 2000.

  The communication interface 20g is a network interface card (NIC) or a modem for communicating with a device such as the authentication data generation device 3000 via a communication line using TCP / IP (Transmission Control Protocol / Internet Protocol).

  The printing apparatus 20h is an apparatus that prints an image reproduced based on print data of a print job acquired from the user terminal 1000 or the like on a sheet.

  The IC card reader 20i is an IC card reader device that reads data such as a user ID from an IC card.

  Hereinafter, the functions executed in the falsification detection system 100 will be described in two parts. There are two cases: when an application is developed and installed in MFP 2000, and when an application installed in MFP 2000 is executed.

<When installing an application>
A procedure from development of an application program to installation in the MFP 2000 will be described with reference to FIG. 3 and functions of each device used until installation in the MFP 2000 will be described.

  First, an application program developer (hereinafter referred to as “vendor”) develops an application program 4010 in the application development device 4000. This application program uses an API provided by the MFP 2000.

  Next, the vendor hands over the source code of the developed application program 4010 to the MFP manufacturer and requests verification (see arrow 10).

  The MFP manufacturer generates authentication data 3210 in the authentication data generation device 3000 and passes it to the vendor.

  Here, the authentication data generation device 3000 includes an API extraction unit 3100 and an authentication data generation unit 3200.

  The API extraction unit 3100 has a function of extracting an API called by the application program 4010.

  Specifically, the API extraction unit 3100 extracts the name of the API described for execution, not as a comment or the like, in the source code of the application program 4010.

  The authentication data generation unit 3200 has a function of generating authentication data 3210 including the API name extracted by the API extraction unit 3100 and information necessary for authentication. Details of the authentication data 3210 will be described in the section <Data>.

  The MFP manufacturer encrypts the generated authentication data 3210 and passes it to the vendor. For example, encryption is performed using a method such as DES (Data Encryption Standard) or AES (Advanced Encryption Standard).

  The vendor who has received the encrypted authentication data 3210 (hereinafter referred to as “encrypted authentication data 3210”) sells an application program 4011 incorporating the passed encrypted authentication data 3210 (see arrow 11).

  The user who purchased the application program installs the purchased application program 4011 in the user terminal 1000 and registers the application in the MFP 2000 (see arrow 12). A function that can be realized by the application program 4011 is referred to as an “application”, and the function that can be executed by the MFP 2000 is referred to as “registration”.

  In the embodiment, the application program 4011 includes a registration program, and an application registration process is performed by a registration tool 1450 realized by executing the program.

  In the registration process, when the encrypted authentication data 3210 in the application program 4011 is transmitted to the MFP 2000 and positive authentication is performed by the MFP 2000, information necessary for executing the application program 4011, for example, the IP address of the user terminal 1000 Etc., and programs and the like are stored in the MFP 2000 as necessary.

  Here, the MFP 2000 has an application registration unit 2800 including an application authentication unit 2810. Note that FIG. 3 shows only functions related to the registration process among the functions of the MFP 2000.

  Application registration unit 2800 has a function of receiving a registration request from registration tool 1450 of user terminal 1000 and registering the application in MFP 2000. The application registration unit 2800 also receives the encrypted authentication data 3210 when receiving the registration request. The application registration unit 2800 performs an application registration process only when the encrypted authentication data 3210 is positively authenticated by the application authentication unit 2810.

  In the embodiment, the following three processes are performed as the registration process.

  First, data for displaying an application name or the like on the operation panel 20f (see FIG. 2) of the MFP 2000, for example, an application name is stored in the user information storage unit 5000. In the embodiment, the name of the application registered by the user is stored in association with the user ID.

  Second, the API name used in the application is stored in the API list storage unit 5200. In the embodiment, a list indicating the name of the API is stored for each application program.

  Third, information necessary for executing an application, such as an application program describing processing executed on the MFP 2000 side, is received from the application program 4011 and stored in the application storage unit 5100. The content of information acquired from the application program 4011 differs depending on each application.

  The application authentication unit 2810 has a function of authenticating the encrypted authentication data 3210 and passing the authentication result to the application registration unit 2800.

  Specifically, the application authentication unit 2810 stores the same key as the key obtained by encrypting the authentication data 3210 by the authentication data generation device 3000, and decrypts the encrypted authentication data 3210 using the key. When the key and the authentication key included in the decrypted authentication data 3210 are the same, it is determined that the authentication data is valid data, and a positive authentication result is passed to the application registration unit 2800.

<When executing an application>
Next, functions of each device used when executing an application installed in the MFP 2000 will be described with reference to FIG.

  FIG. 4 is a block diagram illustrating examples of functional configurations of the user terminal 1000 and the MFP 2000.

  The user terminals 1000 to 1002 (see FIG. 1) have the same functions as the functions according to the present invention. Accordingly, the user terminal 1000 will be described here.

  The user terminal 1000 includes a communication unit 1100, a transmission data generation unit 1200, a reception data analysis unit 1300, an application 1400, a registration tool 1450, and an application program storage unit 1500.

  Some or all of the functions of the respective units of the user terminal 1000 described below are realized by executing a program stored in a memory included in the user terminal 1000 by a CPU included in the user terminal 1000.

  The communication unit 1100 has a function of communicating with the MFP 2000. Specifically, a process request or the like is received from the MFP 2000, or a process result or the like is transmitted. In the embodiment, the exchange with the MFP 2000 is performed, for example, in XML format data (hereinafter referred to as “XML data”).

  An application 1400 indicates an application realized by reading an application program from the application program storage unit 1500 and executing it.

  The registration tool 1450 indicates a registration tool that is realized by reading a registration program from the application program storage unit 1500 and executing it.

  The transmission data generation unit 1200 has a function of generating XML data that is instructed from the application 1400 and transmitted to the MFP 2000.

  The received data analysis unit 1300 has a function of analyzing the XML data received from the MFP 2000 and issuing an instruction or the like to the application 1400 according to the analysis result.

  The transmission data generation unit 1200 and the reception data analysis unit 1300 may actually be described as part of an application program.

  The application program storage unit 1500 has a function of storing an application program 4011 (see FIG. 3) installed by the user.

  The MFP 2000 includes a communication unit 2100, a transmission data generation unit 2200, a reception data analysis unit 2300, an application 2400, an operation unit 2500, a login information authentication unit 2600, an application selection unit 2700, an application registration unit 2800, a user information storage unit 5000, and an application storage. A section 5100, an API list storage section 5200, and an API program storage section 5300.

  A part or all of the functions of each unit of the MFP 2000 described below is realized by the CPU 20a executing a program stored in a memory such as the hard disk 20d of the MFP 2000.

  The communication unit 2100 has a function of communicating with the user terminal 1000. Specifically, a processing request or the like is transmitted to the user terminal 1000, or a processing result or the like is received. In the embodiment, the exchange with the user terminal 1000 is performed, for example, in XML format data.

  An application 2400 indicates an application realized by reading an application program from the application storage unit 5100 and executing it.

  The transmission data generation unit 2200 has a function of generating XML data that is instructed from the application 2400 and transmitted to the user terminal 1000.

  The reception data analysis unit 2300 has a function of analyzing the XML data received from the user terminal 1000 and issuing an instruction or the like to the application 2400 according to the analysis result.

  The transmission data generation unit 2200 and the reception data analysis unit 2300 may actually be described as part of an application program.

  The operation unit 2500 includes an operation panel 20f and an IC card reader 20i, and has a function of displaying a display screen corresponding to the operation on the operation panel 20f and acquiring an instruction from the user.

  The operation unit 2500 has a function of acquiring login information, specifically, a user ID from a user who intends to use the MFP 2000. Specifically, the user ID read by the IC card reader 20i is acquired from the held IC card.

  The login information authentication unit 2600 has a function of authenticating login information with reference to user information that is information about the user stored in the user information storage unit 5000. The login information authentication unit 2600 sets a positive authentication result if the login information is registered in the user information, and sets a negative authentication result if the login information is not registered. The authentication result is notified to the operation unit 2500.

  The application selection unit 2700 has a function of displaying the name of the application installed by the user indicated by the login information on the operation panel 20f, acquiring the application name selected by the user, and starting the application with the selected name.

  The application registration unit 2800 has a function of receiving a registration request from the registration tool 1450 of the user terminal 1000 and registering an application in the MFP 2000 (see the description of FIGS. 3 and 3).

  The user information storage unit 5000 has a function of storing user information that is information about the user. Specifically, a user ID of a user who has authority to use MFP 2000, an application name installed by the user in association with the user ID, and the like are stored. The application selection unit 2700 displays an application list on the operation panel 20f with reference to the application name stored in association with the user ID.

  The application storage unit 5100 has a function of storing programs, data, and the like necessary for executing an application installed by the user.

  The API list storage unit 5200 has a function of storing a list indicating the names of APIs used in registered applications for each application.

  The API program storage unit 5300 stores information necessary for executing a registered application, such as an IP address of the user terminal 1000, an application program describing processing executed on the MFP 2000 side, data required for execution, and the like. It has a function to keep.

  Here, FIG. 5 shows an example of application execution.

  FIG. 5 shows examples of three applications.

  The first is an “scan data storage application” that stores data scanned using the scanner function of the MFP 2000 under an arbitrary directory of the user terminal 1000.

  In this application, an API “API02” is used to display a predetermined directory structure of the user terminal 1000 on the operation panel 20f of the MFP 2000, and an API “API03” is used to scan an image printed on paper. ing. Also, an API “API01” that reads scan data stored in the scan data storage unit of the MFP 2000 is used. Therefore, when an API other than “API01”, “API02”, and “API03” is called, the application program is falsified.

  The second is an application “authentication application” that transmits authentication information to the authentication server 1010 and receives an authentication result.

  This application does not use the MFP 2000 API. Therefore, when any API is called, the application program is falsified.

  A third application is an “pull print application” that is read from the print job storage server apparatus 1020 and prints.

  In this application, the API “API02” is used to display a list of print job identifiers stored in the print job storage unit of the print job storage server apparatus 1020 on the operation panel 20f of the MFP 2000, and the print job is printed. For this purpose, the API “API04” is used. Therefore, when an API other than “API02” and “API04” is called, the application program is falsified.

<Data>
Hereinafter, main data used in the falsification detection system 100 of the present embodiment will be described with reference to FIGS.

  FIG. 6 is a diagram illustrating an example of the configuration and contents of the API extraction list 3110.

  The API extraction list 3110 is created in the working memory when the API extraction unit 3100 (see FIG. 3) of the authentication data generation device 3000 extracts the API.

  The API extraction list 3110 includes a usage status 3111 and an API name 3112, and one record of this configuration is registered for one API published by the MFP 2000.

  Use / non-use 3111 indicates whether or not the API indicated by the API name 3112 is used. “◯” indicates that it is used, and “×” indicates that it is not used.

  An API name 3112 indicates the name of the API.

  The API extraction unit 3100 searches for the name of the API set as the API name 3112 in the record of the API extraction list 3110 from the source code of the application program. When the description of the searched API name is a description for executing the API, “O” is set as the use / non-use 3111 of the record. If the API name is not described in the source code or is not executed even if it is described, for example, it is described as a comment, “X” is set.

  The API extraction unit 3100 performs this process for all records in the API extraction list 3110.

  FIG. 7 is a diagram showing an example of the configuration and contents of the API list 5210.

  The API list 5210 is generated by the authentication data generation unit 3200 (see FIG. 3) of the authentication data generation device 3000 and is included in the authentication data 3210.

  The API list 5210 includes a number 5211 and an API name 5212, and one is created for each application.

  A number 5211 indicates a record number. That is, the API number indicated by the API name 5212 is indicated.

  The API name 5212 indicates the name of the API.

  This API list 5210 is generated by extracting the name of the API set as the API name 3112 in a record in which “O” is set as the usage status 3111 of the API extraction list 3110.

  Therefore, the name of the API indicated by the API name 5212 is described in a format to be executed in the source code of the application program. That is, it shows an API that may be called when the application is executed.

  FIG. 8 is a diagram illustrating an example of the configuration and contents of the authentication data 3210.

  The authentication data 3210 is generated by an authentication data generation unit 3200 (see FIG. 3) of the authentication data generation device 3000.

  The authentication data 3210 includes items 3211 and contents 3212, and is created for each application.

  An item 3211 indicates an item included in the authentication data 3210.

  A content 3212 indicates the content of the item indicated by the item 3211.

  For example, the item 3211 “application name” indicates the name of the application when the application program to which the authentication data 3210 is assigned is executed. The item 3211 “vendor name” indicates the name of the vendor who created the application program, and the item 3211 “application overview” indicates the contents of the application. The item 3211 “expiration date” indicates the expiration date of the authentication data 3210.

  The item 3211 “authentication key” is data referred to in order to confirm the validity of the authentication data 3210. Also, the authentication data 3210 is encrypted using the key indicated by this “authentication key”.

  The item 3211 “API information” is information indicating an API used in the application program to which the authentication data 3210 is assigned. An API list 5210 (see FIG. 7) is set as the content 3212.

<Display screen>
Hereinafter, a display screen used in the falsification detection system 100 of the present embodiment will be described with reference to FIG. The display screen described here is an example of a screen displayed on operation panel 20f of MFP 2000.

  FIG. 9 is a diagram illustrating an example of the application list screen 2520.

  The application list screen 2520 displays a list of application names and functions registered by the logged-in user. The user moves the cursor and selects an application to be executed. In FIG. 9, an application whose application name is “AP-Scan” is selected with the cursor 2521. Here, when the “OK” button is pressed, the selected application is activated.

<Operation>
Hereinafter, the operation of the falsification detection system 100 according to the embodiment will be described with reference to FIGS.

  Here, the following three processes will be described.

  The first is processing for generating authentication data 3210 in the authentication data generating device 3000. The second is processing for registering an application in the MFP 2000. The third is processing for executing an application in the MFP 2000.

<Authentication data generation process>
FIG. 10 is a flowchart showing a process for generating authentication data 3210 in authentication data generation apparatus 3000 (see FIG. 3).

  The vendor hands over the source code of the application program 4010 (hereinafter simply referred to as “source code”) to the MFP manufacturer, and requests the application of authentication data. The method of passing the source code may be any method such as passing through a network or passing a recording medium on which a program is recorded. When the application program 4010 includes a plurality of source codes, all source codes are passed.

  The MFP manufacturer stores the passed source code in the working memory of the authentication data generation device 3000 and instructs the API extraction unit 3100 to extract the API via the interface.

  The API extraction unit 3100 reads the source code from the working memory (step S100).

  Next, the API extraction unit 3100 sets “x” as the usage status 3111 of all the records in the API extraction list 3110 (see FIG. 6). It is assumed that the API name 3112 is set in advance.

  The API extraction unit 3100 sequentially searches for the API name set as the API name 3112 from the source code of the application program from the first record to the last record in the API extraction list 3110 (step S140: Yes) (step S140). S110).

  If the name of the API is searched and it is a description for executing the API (step S120: Yes), “O” is set as the use / non-use 3111 of the record (step S130).

  If the API name is not described in the source code, or if it is described, it is not for execution. For example, when it is described as a comment (No in step S120), nothing is set. That is, it is left as “x”.

  The API extraction unit 3100 that has processed up to the last record of the API extraction list 3110 (step S140: No), and if the next source code is stored in the working memory (step S150: Yes), the process proceeds from step S110 to step S140. Repeat the process.

  The API extraction unit 3100 that has performed the API name extraction processing from all the source codes passes the API extraction list 3110 to the authentication data generation unit 3200.

  The authentication data generation unit 3200 to which the API extraction list 3110 is passed extracts the API name set as the API name 3112 from the API extraction list 3110 in which “O” is set as the usage status 3111. A list 5210 is generated (step S160).

  The authentication data generation unit 3200 that generated the API list 5210 sets the generated API list 5210 as the content 3212 of the item 3211 “API information” of the authentication data 3210. Further, the authentication data generation unit 3200 sets data in each content 3212 such as the other item 3211 “application name” of the authentication data 3210, and generates the authentication data 3210 (step S170).

  The authentication data generation unit 3200 that generated the authentication data 3210 encrypts the generated authentication data 3210 using the key set as the content 3212 of the item 3211 “authentication key” of the authentication data 3210 (step S180).

  The MFP manufacturer gives the encrypted authentication data 3210 to the vendor.

<Application registration process>
FIG. 11 is a flowchart showing processing for registering an application in MFP 2000.

  The user activates the registration tool 1450 via the interface of the user terminal 1000 and designates the MFP 2000 to be registered (step S200).

  The registration tool transmits the encrypted authentication data 3210 included in the application program 4011 to the designated MFP 2000 to request registration (step S210).

  Upon receiving the encrypted authentication data 3210 and the registration request, the MFP 2000 passes the encrypted authentication data 3210 to the application registration unit 2800 and requests registration.

  Upon receiving the request, the application registration unit 2800 decrypts the encrypted authentication data 3210 using a key therein (step S220). If the authentication key set as the content 3212 of the item 3211 “authentication key” of the decrypted authentication data 3210 is the same as the key used for decryption, it is determined that the authentication data is valid and affirmed. Authentication results. If the authentication key set as the content 3212 is different from the key used for decryption, it is determined that the authentication data is invalid and the result is a negative authentication result. If the date and time set as the content 3212 of the item 3211 “expiration date” is present, that is, before the date and time at the time of authentication, a negative authentication result is set.

  Application authentication unit 2810 passes the authentication result to application registration unit 2800. If the authentication result is affirmative, the decrypted authentication data 3210 is also passed to the application registration unit 2800.

  If the authentication result is negative (step S230: NG), the application registration unit 2800 that has received the authentication result ends the registration process and notifies the user terminal 1000 of that fact.

  On the other hand, if the authentication result is affirmative (step S230: OK), the application registration unit 2800 stores the API list 5210 set as the content 3212 of the item “API information” of the authentication data 3210 in the application storage. The data is stored in the unit 5100 (step S240).

  Thereafter, the application registration unit 2800 stores the application name set as the content 3212 of the item “application name” of the authentication data 3210 in the user information storage unit 5000. At this time, it is stored in association with the identifier (user ID) of the user who has requested registration. Further, information necessary for executing the registered application is acquired from the registration tool 1450 of the user terminal 1000 (steps S250 and S260).

<Application execution processing>
FIG. 12 is a flowchart showing processing for executing an application in MFP 2000. The process surrounded by the dotted line is a process performed by the activated application, and is different for each application. Here, the processing related to the falsification detection processing is mainly described. Therefore, actually, processing other than the processing described here is also performed.

  The user logs in to use MFP 2000. Specifically, the IC card carried by the user is held over the IC card reader 20 i provided in the MFP 2000.

  The IC card reader 20i that has read the user ID from the held IC card passes the read user ID to the operation unit 2500 (step S300).

  Receiving the user ID, the operation unit 2500 passes the received user ID to the login information authentication unit 2600 to request authentication.

  The requested login information authentication unit 2600 confirms whether or not the passed user ID is stored in the user information storage unit 5000 as a user ID indicating a user having authority to use the MFP 2000.

  If it is stored, the login information authentication unit 2600 determines that it has been authenticated positively. If it is not stored, it determines that it has been authenticated negatively and returns the authentication result to the operation unit 2500.

  The operation unit 2500 that has received the authentication result ends the process if the authentication result is negative, accepts login if the authentication result is positive, and displays an initial screen on the operation panel 20f.

  When the operation unit 2500 detects that the user has performed an operation for displaying an application list on the initial screen, the operation unit 2500 passes the user ID to the application selection unit 2700 and displays the application list screen 2520 (see FIG. 9). Ask to do it.

  Upon receiving the request, the application selection unit 2700 reads the application name stored in association with the user ID from the user information storage unit 5000, and displays the application list screen 2520 on the operation panel 20f (step S310).

  Here, the user selects an application to be executed. Specifically, the cursor 2521 is moved to the name of the application to be executed, and the “OK” button is pressed.

  For example, in FIG. 9, an application whose application name is “AP-Scan” is selected.

  The operation unit 2500 that has detected that the application has been selected notifies the application selection unit 2700 of the name of the selected application (step S320).

  Upon receiving the notification, the application selection unit 2700 activates the application 2400 indicated by the notified application name (step S330).

  The application 2400 performs initial processing as necessary, such as starting the application 1400 on the user terminal 1000 side (step S340).

  After completing the initial process, the application 2400 instructs the transmission data generation unit 2200 to generate XML data indicating the process requested to the user terminal 1000, and transmits it to the user terminal 1000 via the communication unit 2100.

  The received data analysis unit 1300 of the user terminal 1000 analyzes the XML data received via the communication unit 1100 and requests the application 1400 to perform processing according to the analysis content.

  The application 1400 instructs the transmission data generation unit 1200 to generate XML data for executing the API published by the MFP 2000 according to the processing, and transmits the XML data to the MFP 2000 via the communication unit 1100.

  The received data analysis unit 2300 that has received the XML data via the communication unit 2100 of the MFP 2000 analyzes the XML data and detects a called API.

  When the API has not been called (step S350: No), the reception data analysis unit 2300 instructs the application 2400 to indicate the instruction indicated by the XML data.

  Upon receiving the instruction, the application 2400 performs processing.

  On the other hand, when the API is called (step S350: Yes), the reception data analysis unit 2300 confirms whether the name of the API is registered in the API list 5210. Specifically, it is confirmed whether the API name is set as the API name 5212 of the API list 5210 stored in the API list storage unit 5200 in association with the name of the application 2400. The reception data analysis unit 2300 determines that the API name is registered when the API name is set, and determines that it is not registered when the API name is not set.

  If it is determined that the API name is registered in the API list 5210 (step S360: Yes), the received data analysis unit 2300 instructs the application 2400 to execute the API. Upon receiving the instruction, the application 2400 executes the API (step S370).

  Until the processing of the application 2400 is completed (step S380: No), the processing of step S350 to step S370 is repeated, and when the processing is completed (step S380: Yes), the application 2400 performs termination processing and ends the application 2400 (step) S390).

  On the other hand, if it is determined in step S360 that the API name is not registered in the API list 5210 (step S360: No), the received data analysis unit 2300 transmits an error message to the user terminal 1000. (Step S372), the application 2400 performs termination processing, and terminates the application 2400 (step S390).

For example, taking the case of executing the application “scan data storage application” in FIG. 5 as an example, XML that causes an API named “API99” to be executed while the application “scan data storage application” is being executed. When the data is received, the reception data analysis unit 2300 transmits an error message to the user terminal 1000 and ends the application “scan data storage application”.
<Supplement>
As mentioned above, although embodiment of this invention was described, this invention may be as follows not only the said form.
(1) In the embodiment, it is determined whether or not the application can be called by the name of the API, but other conditions may be used.

  For example, not only the API name but also the API may be called only when the parameter setting value is within a predetermined range.

  FIG. 13 shows an example of the configuration and contents of the API list 5220. The API list 5220 is obtained by adding a first parameter 5223, a second parameter 5224, and a third parameter 5225 to the API list 5210.

  The first parameter 5223 indicates the range of data that can be specified by the first parameter. The same applies to the second parameter 5224 and the third parameter 5225. Further, “-” indicates that there is no parameter or a parameter for which a specifiable range is not imposed.

  For example, since “0/1/2” is set as the second parameter 5224 of the record of the API name 5212 “API001”, one of “0”, “1”, and “2” is set. Is possible. Therefore, when “3” is set, the API cannot be called.

  The value set as the first parameter 5223 or the like of the API list 5220 is extracted simultaneously when the API extraction unit 3100 of the authentication data generation device 3000 extracts the name of the API from the source code. That is, what value is set as a parameter when the API is called in the application program at the time of verification is extracted. Then, at the time of execution, an API in which a value deviating from the value is set as a parameter is prevented from being executed.

In the authentication data generation process shown in FIG. 10, when searching for the name of a certain API from the source code, if the name of the API is detected, the subsequent source code is not searched. However, when extracting the parameter setting range, it is necessary to search to the end of the source code and extract the parameter setting range.
(2) In the embodiment, the communication between the user terminal 1000 and the MFP 2000 uses data in the XML format, but other data formats may be used. It is only necessary that the called API can be detected on the MFP 2000 side.
(3) In the embodiment, the authentication data 3210 including the API list 5210 is encrypted. However, the API list 5210 may be encrypted and the encrypted API list 5210 may be included in the authentication data 3210. Further, the authentication method of the authentication data 3210 is not limited to the example of the embodiment.
(4) In the embodiment, the name of the API included in the source code is extracted, but other methods may be used.

  For example, an identification code is assigned to the API, and the API is called by setting the identification code as the first parameter. Then, the identification code may be extracted and an API list 5210 in which the identification code is set in the API name 5212 may be created.

  In the embodiment, individual APIs that can be called at the time of execution are managed by the API list 5210. However, APIs may be grouped and managed in units of groups. For example, any API that reads data can be called by any API.

Further, the API extracted from the source code may be limited to a specific API. For example, it is an API having a great influence when not properly executed.
(5) In the falsification detection system, all or some of the components of each device shown in FIG. 3 and the like may be realized by an integrated circuit of one chip or a plurality of chips.
(6) The falsification detection system may be realized by all or part of the components of each device shown in FIG. 3 and the like by a computer program, or may be implemented in any other form.

  In the case of a computer program, a program written in any recording medium such as a memory card or CD-ROM may be read and executed by a computer, or a program may be downloaded and executed via a network. Also good.

100 falsification detection system 20h printing device 20f operation panel 100 falsification detection system 1000 1001 1002 user terminal 1010 authentication server 1020 print job storage server device 1100 2100 communication unit 1200 2200 transmission data generation unit 1300 2300 reception data analysis unit 1400 2400 application 1450 registration tool 1500 Application program storage unit 2500 Operation unit 2520 Application list screen 2521 Cursor 2600 Login information authentication unit 2700 Application selection unit 2800 Application registration unit 2810 Application authentication unit 3000 Authentication data generation device 3100 API extraction unit 3110 API extraction list 3200 Authentication data generation unit 3210 Authentication data 4000 Application development device 4010 4011 Application Application program storage unit 5100 application storage unit 5200 API list storage unit 5210 5220 API list 5300 API program storage unit

Claims (6)

An image processing apparatus that publishes one or more APIs (Application Program Interface) that can be called by an application program,
API information storage means for storing, for each application program, API information indicating an API permitted to be called by each of the one or more application programs;
Request accepting means for accepting an API call request from an application program external to the device;
Control means for suppressing the API call when the API called in the request received by the request receiving means is not indicated by the API information stored in association with the external application program. An image processing apparatus. Authentication means associated with an application program and authenticating authentication information including information indicating an API permitted to be called by the application program;
API information acquisition means for storing the API information included in the authentication information in the API storage means in association with the application when the authentication performed by the authentication means is affirmative,
The request accepting means accepts an API call request from an application program associated with authentication information that has been positively authenticated by the authenticating means,
The image processing apparatus according to claim 1, wherein the API information is information indicating an API called from an application program associated with the authentication information when the authentication information is generated. The API information further includes a parameter condition indicating data that can be set as an API parameter,
When the API detected by the detection unit is not indicated by the API information, or when the data set as the API parameter detected by the detection unit does not satisfy the parameter condition The image processing apparatus according to claim 1, wherein the API call is suppressed. An alteration detection system including an image processing device that publishes one or more APIs that can be called from an application program,
An authentication information generating unit that extracts an API called from an application program and includes authentication information that includes API information indicating the extracted API and is associated with the application program;
The image processing apparatus includes:
An authentication means for acquiring the authentication information from outside the own device and authenticating the acquired authentication information;
API information acquisition means for storing the API information included in the authentication information in the API information storage means in association with the application program when the authentication means performs positive authentication;
Request accepting means for accepting an API call request from an application program associated with authentication information for which the authentication means has performed positive authentication;
A tamper detection system, comprising: a control unit that suppresses calling of an API when the API called in the request received by the request receiving unit is not indicated by the API information. API information that publishes one or more APIs that can be called by an application program and stores API information indicating the APIs that each of the one or more application programs is allowed to call for each application program A detection method for causing an image processing apparatus including a storage unit to detect falsification of an application program,
An API call request is accepted from an application program external to the device,
A detection method that suppresses calling of an API when the API called in the received request is not indicated by API information stored in association with the external application program. API information that publishes one or more APIs that can be called by an application program and stores API information indicating the APIs that each of the one or more application programs is allowed to call for each application program A computer program for causing an image processing apparatus provided with storage means to detect falsification of an application program,
A request acceptance process for accepting an API call request from an application program external to the own apparatus is executed.
If the API called in the request received in the request receiving process is not indicated by the API information stored in association with the external application program, a computer that executes a control process for suppressing the API call program.

Images