JP2004299389A - Image formation device, program updating method, and storage medium for updating - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image formation device which can improve the reliability of a new program when updating a program which functions an image formation device to the new program, a program updating method, and a storage medium for updating. <P>SOLUTION: The image formation device is composed of the following: a storage medium where a program to function the image formation device is stored; and a recording medium set-up method for updating which sets up the storage medium for updating where a program to update the above-mentioned program which is stored in the above-mentioned recording medium. With a condition that the electronic signature related to the above-mentioned program obtained from the above-mentioned storage medium for updating is rightful, the above-mentioned program stored in the above-mentioned storage medium is updated to the above-mentioned program obtained from the above-mentioned storage medium for updating. A program updating method for this update is also included. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an image forming apparatus such as a copier, a printer, a scanner, a facsimile, a multifunction peripheral, a multifunction peripheral, a program updating method, and a storage medium for updating.

  2. Description of the Related Art In recent years, “multifunction machines” and “multifunction machines” that realize functions of copying, a printer, a scanner, and a facsimile with one device have become commercially available. These multifunction devices and multifunction devices are equipped with hardware such as an imaging unit, a printing unit, and a communication unit, and are provided with four types of software corresponding to a copy, a printer, a scanner, and a facsimile. Functions as a copy, printer, scanner, or facsimile. When functioning as a copy or a printer, an image is printed on printing paper or the like, and when functioning as a scanner or facsimile, the image is transmitted to another device via a network or the like.

  Various programs (firmware and other software) such as applications and platforms are required to make the multifunction device or the multifunction device function. When a program for operating a multifunction peripheral or a multifunction peripheral is updated with a new program, the reliability of the new program becomes a problem. For example, if a new program is updated via a general-purpose memory card or network in order to update a program that causes a multifunction device or a multifunction device to function, the new program will be altered (falsification or text This is because there is a possibility of being garbled.

  Accordingly, an object of the present invention is to improve the reliability of a new program when updating a program that causes the image forming apparatus to function with a new program.

  The invention (image forming apparatus) according to claim 1 is a storage medium storing a program for causing the image forming apparatus to function, and an update storing a program for updating the program stored in the storage medium. An update storage medium setting means for setting a storage medium for use in the storage medium, provided that the electronic signature of the program obtained from the update storage medium is valid. There is provided a program updating means for updating the stored program to the program obtained from the update storage medium.

  According to a second aspect of the invention (an image forming apparatus), a storage medium setting means for setting a storage medium storing a program for causing the image forming apparatus to function, and updating the program stored in the storage medium And an update storage medium setting means for setting an update storage medium storing a program for performing the operation, the electronic signature of the electronic signature of the program acquired from the update storage medium. Program updating means for updating the program stored in the storage medium to the program acquired from the update storage medium, provided that the program is stored on the storage medium.

  The invention (image forming apparatus) according to claim 3, wherein a storage medium storing a program that causes the image forming apparatus to function, and a receiving unit that receives a program for updating the program stored in the storage medium An image forming apparatus comprising: a storage unit configured to store the program stored in the storage medium on condition that an electronic signature of the program received by the receiving unit is valid. Program updating means for updating the program.

  The invention (image forming apparatus) according to claim 4 is a storage medium setting means for setting a storage medium storing a program for causing the image forming apparatus to function, and updating the program stored in the storage medium. Receiving means for receiving a program for performing the program stored in the storage medium, on condition that the electronic signature of the program received by the receiving means is valid, A program update unit that updates the program received by the reception unit.

  The invention (image forming apparatus) according to a fifth aspect is the invention according to the first aspect (the image forming apparatus), wherein the program updating means includes the program stored in the storage medium and the program The electronic signature is updated to the program acquired from the update storage medium and the electronic signature related to the program.

  The invention (image forming apparatus) according to a sixth aspect is the invention according to the third aspect (image forming apparatus), wherein the program updating unit includes the program stored in the storage medium and the program stored in the storage medium. The electronic signature is updated to the program received by the receiving unit and the electronic signature related to the program.

  According to a seventh aspect of the present invention, in the image forming apparatus according to the first or second aspect, the program updating unit may be configured to control an electronic device according to the program acquired from the storage medium for updating. The validity of the signature is determined by comparing the message digest created from the program with the message digest obtained by decrypting the electronic signature.

  An invention (image forming apparatus) according to an eighth aspect is the invention according to the third or fourth aspect (image forming apparatus), wherein the program updating unit is configured to execute an electronic signature of the program received by the receiving unit. The validity is determined by comparing the message digest created from the program with the message digest obtained by decrypting the electronic signature.

  An invention (image forming apparatus) according to a ninth aspect relates to the invention (image forming apparatus) according to any one of the first to eighth aspects, wherein the program stored in the storage medium is related to the program. On the condition that the validity of the electronic signature and the validity of the electronic signature of the setting file relating to the program are provided, a program starting means is provided for starting according to the setting file stored in the storage medium.

  According to a tenth aspect of the present invention, in the image forming apparatus according to the ninth aspect, the program activating unit determines whether the electronic signature of the program stored in the storage medium is valid. Is determined by comparing the message digest created from the program with the message digest obtained by decrypting the electronic signature.

  According to an eleventh aspect of the present invention, in the image forming apparatus according to the ninth aspect, the program activating unit may determine whether the electronic signature of the setting file stored in the storage medium is valid. Is determined by comparing the message digest created from the setting file with the message digest obtained by decrypting the electronic signature.

  The invention (image forming apparatus) according to the twelfth aspect is the invention according to the invention (image forming apparatus) according to the eleventh aspect, wherein the electronic signature of the setting file stored in the storage medium includes the setting file and the storage medium. The message digest created from the data unique to the message is encrypted.

  According to a thirteenth aspect of the present invention, in the image forming apparatus according to the twelfth aspect, the data unique to the storage medium is a serial ID of the storage medium.

  The invention (program updating method) according to claim 14 is a storage medium storing a program for causing the image forming apparatus to function, and an update storing a program for updating the program stored in the storage medium. Updating method for an image forming apparatus comprising: an update storage medium setting unit for setting an update storage medium, provided that a validity of an electronic signature of the program acquired from the update storage medium is a condition. And updating the program stored in the storage medium to the program obtained from the update storage medium.

  The invention (program updating method) according to claim 15 is a storage medium setting means for setting a storage medium storing a program for causing the image forming apparatus to function, and updating the program stored in the storage medium. And an update storage medium setting means for setting an update storage medium storing a program for storing the program. A program update step of updating the program stored in the storage medium to the program obtained from the update storage medium on condition that the electronic signature is valid.

  An invention (program updating method) according to claim 16, wherein a storage medium storing a program for causing the image forming apparatus to function, and a receiving unit receiving a program for updating the program stored in the storage medium A program update method for an image forming apparatus, comprising: receiving the program stored in the storage medium on the condition that the electronic signature of the program received by the receiving unit is valid. A program updating step of updating the received program.

  The invention (program updating method) according to claim 17 is a storage medium setting means for setting a storage medium storing a program for causing the image forming apparatus to function, and updating the program stored in the storage medium. And a receiving unit for receiving a program for receiving the program, the program updating method for an image forming apparatus, comprising: a storage unit that stores the electronic signature of the program received by the receiving unit on a condition that the electronic signature is valid. And updating the program to the program received by the receiving means.

  An invention (program updating method) according to claim 18 is the invention according to claim 14 or 15 (program updating method), wherein the program updating step includes executing the program stored in the storage medium, The electronic signature is updated to the program acquired from the update storage medium and the electronic signature related to the program.

  An invention (program updating method) according to claim 19 is the invention according to claim 16 or 17 (program updating method), wherein the program updating step includes the step of storing the program stored in the storage medium and the program The electronic signature is updated to the program received by the receiving unit and the electronic signature related to the program.

  The invention (program updating method) according to claim 20 relates to the invention (program updating method) according to any one of claims 14 to 19, wherein the program stored in the storage medium is related to the program. Provided is a program starting step for starting in accordance with the setting file stored in the storage medium, on condition that the validity of the electronic signature and the validity of the electronic signature of the setting file relating to the program.

  The invention according to claim 21 (update storage medium) is the update storage medium according to claim 1 or 2, wherein the program stored in the storage medium according to claim 1 or 2 is updated. And an update storage medium storing a program for executing the program and an electronic signature related to the program.

The invention (image forming apparatus) according to claim 1 or 2 updates a program that causes the image forming apparatus to function with a new program, so that the new program is transmitted and received via an update storage medium. It is possible to improve the reliability of a new program.
The invention (image forming apparatus) according to claim 3 or 4 updates a program that causes the image forming apparatus to function with a new program. Therefore, when the new program is transmitted and received by communication, the reliability of the new program is improved. It is possible to improve the performance.
The invention (program updating method) according to claim 14 or 15 updates the program that causes the image forming apparatus to function with a new program, so that the new program is transmitted and received via an update storage medium. It is possible to improve the reliability of a new program.
The invention (program updating method) according to claim 16 or 17 updates the program that causes the image forming apparatus to function with a new program, so that when the new program is transmitted and received by communication, the new program is trusted. It is possible to improve the performance.
According to a twenty-first aspect of the present invention, an updating storage medium is used for updating a program that causes an image forming apparatus to function with a new program. It is possible to improve the reliability of simple programs.

  As described above, the present invention makes it possible to improve the reliability of a new program when updating a program that causes the image forming apparatus to function with a new program.

  An embodiment of the present invention will be described.

  FIG. 1 shows a multifunction peripheral 101 according to an embodiment of the present invention. The multifunction peripheral 101 in FIG. 1 includes various hardware 111, various software 112, and a multifunction peripheral starting unit 113. Thus, the MFP 101 of FIG. 1 functions as a copier, printer, scanner, or facsimile.

  The hardware 111 includes an imaging unit 121, a printing unit 122, and other hardware 123.

  The imaging unit 121 is hardware for obtaining an image (image data) from a document, and is used when functioning as a copy, a scanner, or a facsimile. The imaging unit 121 may be a monochrome image or a color image. The photographing unit 121 includes a document setting unit and the like as a mechanism relating to a document.

  The printing unit 122 is hardware for printing an image (image data) on printing paper or the like, and is used when functioning as a copy, a printer, or a facsimile. The printing unit 122 may be for monochrome images or color images. The printing unit 122 employs an electrophotographic method here, and includes a photoconductor, a charging device, an exposure device, a developing device, a transfer device, a fixing device, and the like. The print unit 122 includes a paper feed unit, a paper discharge unit, a print paper transport mechanism, and the like as mechanisms related to print paper and the like.

  The other hardware 123 will be described with reference to FIG.

  As the software 112, there are various applications 131 and a platform 132. These are executed in parallel in process units by an OS (operating system) such as UNIX (registered trademark).

  The application 131 is software for executing information processing unique to each function such as copying, a printer, a scanner, and a facsimile. The applications 131 include a copy application 141 that is a copy application, a printer application 142 that is a printer application, a scanner application 143 that is a scanner application, a facsimile application 144 that is a facsimile application, and a network. There is a network file application 145 that is a file application. The network file application 145 includes Web server software for delivering HTML documents and the like, a Web browser for browsing HTML documents and the like, and the like.

  The platform 132 is software for executing information processing regarding a processing request from the application 131 to the hardware 111. The processing request from the application 131 is received by using an application interface (API) 133 that receives the processing request by a predefined function. The transmission of the processing request to the hardware 111 is performed by using a predefined function. An engine interface (ENI) 134 for transmitting a processing request by using a function is used. The platform 132 includes various control services 151, a system resource manager 152, and various handlers 153.

  The control service 151 interprets a processing request from the application 131 to the hardware 111 and generates a request to acquire the hardware 111 according to the interpretation result. The control services 151 include a network control service (NCS) 161, a facsimile control service (FCS) 162, a delivery control service (DCS) 163, an engine control service (ECS) 164, and a memory control service (MCS) 165. , An operation panel control service (OCS) 166, a user directory control service (UCS) 167, a system control service (SCS) 168, and an on-demand update service (OUS) 169.

  The process of the NCS 161 provides an API for performing data communication via a network or the like. The process of the FCS 162 provides an API for performing image data communication, image data acquisition, image data printing, and the like as a facsimile. The process of the DCS 163 controls the distribution of the document data stored in the MFP 101. The process of the ECS 164 controls the engine units such as the imaging unit 121 and the printing unit 122. The process of the MCS 165 controls a memory and a hard disk drive such as image data storage and image data processing. The process of the OCS 166 controls the operation panel. The process of the UCS 167 controls the management of user information. The process of the SCS 168 controls the management of the system. The OUS 169 process controls the update of the program.

  The system resource manager (SRM) 152 arbitrates the acquisition request for the hardware 111 and performs control for realizing the processing request to the hardware 111 according to the arbitration result. Specifically, the process of the SRM 152 determines whether the hardware 111 related to the acquisition request is available (whether there is no conflict with another acquisition request), and if it is available, the fact is determined. To the control service 151. Further, a use schedule of the hardware 111 according to the acquisition request is created, and control for realizing a processing request to the hardware 111 is performed according to the creation result.

  The handler 153 manages the hardware 111 according to the arbitration result. As the handler 153, a facsimile control unit handler (FCUH) 171 and an image memory handler (IMH) 172 exist. The FCUH 171 manages the facsimile control unit. The IMH 172 allocates memory to each process and manages the memory allocated to each process.

  The multifunction peripheral starting unit 113 is executed first when the multifunction peripheral 101 is powered on. As a result, an OS such as UNIX (registered trademark) is started, and the application 131 and the platform 132 are started. These programs are stored in a memory card or the like, reproduced from the memory card or the like, and activated in the memory.

  FIG. 2 illustrates the hardware 111 of the MFP 101 of FIG. The hardware 111 includes a controller 201, an operation panel 202, a facsimile control unit (FCU) 203, an imaging unit 121, and a printing unit 122. Components other than the imaging unit 121 and the printing unit 122 in FIG. 2 correspond to the “other hardware 123” in FIG.

  The controller 201 includes a CPU 211, an ASIC 212, an NB (north bridge) 221, an SB (south bridge) 222, a MEM-P (system memory) 231, a MEM-C (local memory) 232, and an HDD (hard disk drive). 233, a NIC (Network Interface Controller) 241, a USB device 242, an IEEE 1394 device 243, a Centronics device 244, a memory card slot 251 and an update memory card slot 252.

  The CPU 211 is hardware for executing various information processing. For example, the application 131 and the platform 132 are executed in parallel on a process basis by an OS such as UNIX (registered trademark). The ASIC 212 is an image data processing IC. The NB 221 is a bridge for connecting the CPU 211 and the ASIC 212. The SB 222 is a bridge for connecting the NB 221 to peripheral devices and the like. The ASIC 212 and the NB 221 are connected via an AGP (Accelerated Graphics Port).

  The MEM-P 231 is a memory connected to the NB 221 and used. The MEM-C 232 is a memory connected to the ASIC 212 and used. The HDD 233 is a storage connected to the ASIC 212 and used for storing image data, document data, programs, font data, form data, and the like.

  The NIC 241 is a controller for performing data communication using a MAC address or the like via a network or the like. The USB device 242 is a device for providing a serial port conforming to the USB standard. The IEEE 1394 device 243 is a device for providing a serial port compliant with the IEEE 1394 standard. The Centronics device 244 is a device for providing a parallel port of the Centronics specification. The NIC 241, the USB device 242, the IEEE 1394 device 243, and the Centronics device 244 are connected to the NB 221 and the SB 222 by a PCI bus.

  The memory card slot 251 is a slot that is used by being connected to the SB 222, and is a slot for setting (inserting) the memory card 261. The update memory card slot 252 is a slot that is used by being connected to the SB 222, and is a slot for setting (inserting) the update memory card 262.

  The operation panel 202 is hardware (operation unit) for the operator to input data to the multifunction peripheral 101 and hardware (display unit) for the multifunction peripheral 101 to output data to the operator. The operation panel 202 is connected to the ASIC 212. The FCU 203, the imaging unit 121, and the printing unit 122 are connected to the ASIC 212 via a PCI bus.

  FIG. 3 shows an appearance of the multifunction peripheral 101 of FIG. FIG. 3 illustrates the position of the imaging unit 121, the position of the printing unit 122, and the position of the operation panel 202. FIG. 3 further shows a document setting unit 301 for setting a document, a paper feeding unit 302 as a paper feeding destination, and a paper discharging unit 303 as a printing paper discharging destination. The document setting unit 301 is a component of the imaging unit 121, and the paper feeding unit 302 and the paper discharging unit 303 are components of the printing unit 122.

  The operation panel 202 includes a touch panel 311, numeric buttons 312, and a start button 313, as shown in FIG.

  The touch panel 311 is hardware (touch operation unit) for the operator to perform an input to the multifunction peripheral 101 by a touch operation, and hardware (screen display unit) for the multifunction peripheral 101 to output to the operator by screen display. It is. The number buttons 312 are hardware for the operator to input numbers to the multifunction peripheral 101 by button operations. The start button 313 is hardware for an operator to input a start to the multifunction peripheral 101 by button operation.

  When a document is set in the document setting unit 301, the MFP 101 obtains an image from the document by the imaging unit 121 by pressing the start button 313. When functioning as a copy, the MFP 101 prints the image on a print sheet or the like by the printing unit 122, and when functioning as a scanner or facsimile, the image is transmitted to another device via a network or the like by the NIC 241 or the like. Will be sent to The paper feed destination of the print paper is the paper feed unit 302, and the paper discharge destination of the print paper is the paper discharge unit 303.

  The document setting unit 301 includes an automatic document feeder (ADF) 321, a flatbed 322, and a flatbed cover 323.

  The ADF 321 is installed on the upper surface of the flatbed cover 323. A plurality of originals can be set on the ADF 321 in an overlapping manner. When a document is set on the ADF 321, when the start button 313 is pressed, the multifunction peripheral 101 obtains an image from the document by the imaging unit 121. Specifically, when the start button 313 is pressed, the ADF 321 conveys a plurality of documents one by one along a path as shown by an arrow in FIG. An image is acquired from a document conveyed one by one in a path.

  The flatbed 322 appears when the flatbed cover 323 is opened. The flat bed 322 is formed of a transparent member such as glass or plastic. The original is set downward on the flatbed 322. When a document is set on the flatbed 322, the MFP 101 obtains an image from the document by the imaging unit 121 by pressing the start button 313. Specifically, when the start button 313 is pressed, the imaging unit 121 acquires an image from a document facing the user via the flatbed 322.

  The paper supply unit 302 includes four paper supply trays serving as print paper supply destinations and one manual feed tray. The paper discharge unit 303 includes one paper discharge tray serving as a paper discharge destination of the printing paper.

(Fusion machine starter)
A description will be given of the MFP activation unit 113 appearing in FIG.

  As shown in FIG. 5, the multifunction peripheral starting unit 113 includes a memory monitoring unit 501 and a program starting unit 502.

  When the power of the multifunction peripheral 101 in FIG. 1 is turned on, the BIOS and the boot loader constituting the memory monitor unit 501 are activated, and thereby the OS such as UNIX (registered trademark) is activated. Subsequently, a start-up processing program included in the program start-up unit 502 is started, and accordingly, the application 131 and the platform 132 are started appropriately. When UNIX (registered trademark) is started, the kernel of UNIX (registered trademark) is started, the root file system is expanded, and the file system related to the application 131 or the platform 132 is mounted on the root file system. Will be done.

  Examples of mount processing and activation processing related to the application 131 and the platform 132 will be described. The program starting unit 502 reads the master setting file “init.conf” in etc in the root directory of UNIX (registered trademark), and executes mounting and starting according to the mount command described in the master setting file. The program launching unit 502 further reads 1) the setting file “init.conf” or “init.cnf” in the mounted file system, and reads the setting file and writes the mount command described in the setting file. 2) If the setting directory “init.d” exists, read the setting file “****. Conf” or “***. Cnf” in the setting directory and execute the setting file. Mount and start according to the mount command described in. An authentication file “***. Lic” in which the digital signature of the setting file is written is prepared, and the program starting unit 502 executes mounting and starting according to the mount command described in the setting file. Alternatively, an electronic signature check of the setting file may be executed.

  The electronic signature check will be described using the memory card 261 as a specific example.

  As shown in the example of FIG. 6, programs such as the application 131 and the platform 132 are stored in the memory card 261 as a mod file “**. Mod” having an extension of “mod”, and the electronic file of the mod file is stored. The signature is stored as a mac file “***. Mac” having the extension “mac”.

  As shown in the example of FIG. 6, the memory card 261 further stores a setting file (refer to the column of the multifunction peripheral starter) as a cnf file “***. Cnf” having an extension of cnf. The authentication file in which the digital signature of the setting file is written (see the column of the multifunction peripheral starting unit) is stored as a lic file “***. Lic” having an extension of lic.

  Here, the electronic signature of each file is obtained by encrypting a message digest created from each file by a hash function such as MD5 or SHA1 using a secret key. For example, an electronic signature of a mod file or a cnf file is obtained by encrypting a message digest created from a mod file or a cnf file with a secret key.

  Here, the electronic signature check of each file can be executed by comparing a message digest created from each file by a hash function such as MD5 or SHA1 with a message digest obtained by decrypting the electronic signature of each file with a public key. For example, the validity of an electronic signature of a mod file or a cnf file is determined by comparing a message digest created from a mod file or a cnf file with a message digest obtained by decrypting an electronic signature written in a mac file or a lic file with a public key. It can be determined by The electronic signature check of each file is performed by, for example, the program activation unit 502 as part of the mounting process or the activation process by the program activation unit 502.

  When an SD memory card is used as the memory card 261, the electronic signature of the cnf file may be a message digest created from the cnf file and the SD serial ID, which is encrypted with a secret key. Since the SD serial ID of the SD memory card is an ID unique to each SD memory card, the lic file stored in each SD memory card becomes a file unique to each SD memory card, which helps to prevent card copying. In this case, the validity of the electronic signature of the cnf file can be determined by comparing the message digest created from the cnf file and the SD serial ID with the message digest obtained by decrypting the electronic signature written in the lic file with the public key. It is. The SD serial ID of the SD memory card is stored in each SD memory card. Based on this, a description will be given of a mounting process and a starting process for files in the memory card 261.

  FIG. 7 is a flowchart relating to the mounting process and the starting process for files in the memory card 261.

  When the memory card 261 inserted in the memory card slot 251 is mounted (S31), the program starting unit 502 executes a digital signature check of each cnf file in the memory card 261 (S32), and executes the memory card 261. Then, the electronic signature check of each mod file is executed (S33). The program activation unit 502 then converts the mod file (the program of the application 131 or the platform 132) into a condition that the electronic signature of the cnf file related to the mod file is valid and the validity of the electronic signature of the mod file. According to the mount command for the mod file described in the cnf file, the mount is performed (S34) and activated (S35).

  This will be described again specifically. First, if a cnf file exists in the memory card 261, the program activation unit 502 executes a digital signature check of the cnf file (S32). For example, copy. If cnf exists, copy. For example, an electronic signature check of cnf is executed. The process proceeds to S33 on the condition that the electronic signature of the cnf file is valid. Next, if the mount command related to the mod file exists in the cnf file, the program starting unit 502 checks the electronic signature of the mod file (S33). For example, copy. copy. If there is a mount command “mount gzromfs copy.mod / arch / copy” related to mod. For example, an electronic signature check of the mod is performed. The process proceeds to S34 on condition that the electronic signature of the mod file is valid. Then, the program starting unit 502 mounts (S34) and starts (S35) the mod file (the program of the application 131 or the platform 132) according to the mount command related to the mod file described in the cnf file. .

  In this way, the mod file (the program of the application 131 or the platform 132) in the memory card 261 is mounted (S34) and started (S35) according to the mount command described in the cnf file in the memory card 261. Because

  FIG. 8 is a flowchart relating to the electronic signature check of the cnf file in the memory card 261 (S32). First, the program activation unit 502 acquires the serial ID (SD serial ID) of the memory card 261 from the memory card 261 (SD memory card) (S41). Next, the program starting unit 502 creates MDa (S42). MDa is a message digest created from the cnf file and the serial ID. Next, the program activation unit 502 creates MDb (S43). MDb is a message digest obtained by decrypting a digital signature (a message digest created from a cnf file and the above serial ID with a secret key) written in a lic file using a public key. Then, the program activation unit 502 determines the validity of the electronic signature of the cnf file by comparing MDa and MDb (S44). If MDa and MDb match, the electronic signature of the cnf file is determined to be valid (S45), and if MDa and MDb do not match, it is determined that the electronic signature of the cnf file is not valid (S46).

  FIG. 9 is a flowchart relating to the electronic signature check of the mod file in the memory card 261 (S33). First, the program starting unit 502 creates MDa (S51). MDa is a message digest created from the mod file. Next, the program starting unit 502 creates MDb (S52). MDb is a message digest obtained by decrypting a digital signature (a message digest created from a mod file with a secret key) written in a mac file using a public key. Then, the program starting unit 502 determines the validity of the electronic signature of the mod file by comparing MDa and MDb (S53). If MDa and MDb match, the electronic signature of the mod file is determined to be valid (S54), and if MDa and MDb do not match, the electronic signature of the mod file is determined to be invalid (S55).

(Memory card and update memory card)
The memory card slot 251, the update memory card slot 252, the memory card 261, and the update memory card 262 appearing in FIG. 2 will be described.

  The memory card slot 251 is a slot for setting (inserting) a memory card 261 in which programs such as the application 131 and the platform 132 are stored. 1, the application 131 and the platform 132 are stored in the memory card 261 or the like set in the memory card slot 251 and reproduced from the memory card 261 or the like set in the memory card slot 251. Then, it is activated by the MEM-P 231 or the MEM-C 232.

  The update memory card slot 252 is a slot for setting (inserting) an update memory card 262 in which a new program for updating a program such as the application 131 or the platform 132 is stored. In the multifunction peripheral 101 of FIG. 1, the program stored in the memory card 261 set in the memory card slot 251 is converted into a program acquired from the update memory card 262 set in the update memory card slot 252. Can be updated.

  As the memory card 261 and the update memory card 262, an SD (Secure Digital) memory card, which is a kind of flash memory card, is adopted. By adopting the SD memory card, for example, a merit that a large-capacity memory can be used at low cost can be enjoyed. As the memory card slot 251 and the update memory card slot 252, SD memory card slots are employed.

  As shown in FIG. 10, the MFP 101 of FIG. 1 includes an SD memory card access driver (SD access) 621 and an SD memory card status driver (SD states) as software related to the SD memory card slot 601 and the SD memory card 611. 622, a startup processing program 623, and an SD memory card check program (SDcheck) 624.

  The SD access 621 is a driver that executes access control to the SD memory card 611, such as detecting insertion / removal of the SD memory card 611. The SDstates 622 is a driver that manages information related to insertion, removal, mounting, and unmounting of the SD memory card 611. The activation processing program 623 is a program constituting the program activation unit 502 in FIG. The SDcheck 624 is a program that executes mounting and unmounting of the SD memory card 611.

  When the SD memory card 611 is inserted into the SD memory card slot 601, the SD access 621 detects that the SD memory card 611 has been inserted (S 1), and notifies the SD states 622 of the fact (S 2). In response, the SDstates 622 manages information indicating that the SD memory card 611 has been inserted, and notifies the activation processing program 623 of the management (S3). In response, the activation processing program 623 activates the SDcheck 624 (S4) in order to mount the SD memory card 611. In response, the SDcheck 624 executes the mounting of the SD memory card 611 (S5) and notifies the SDstates 622 of the fact (S6). In response to this, the SDstates 622 manages information indicating that the SD memory card 611 has been mounted, and notifies the start-up processing program 623 and the like (S7).

  When the SD memory card 611 is removed from the SD memory card slot 601, the SD access 621 detects that the SD memory card 611 has been removed (S 1), and notifies the SD states 622 of the fact (S 2). In response, the SDstates 622 manages information indicating that the SD memory card 611 has been removed, and notifies the activation processing program 623 of the information (S3). In response, the activation processing program 623 activates the SDcheck 624 (S4) to execute the unmounting of the SD memory card 611. In response, the SDcheck 624 executes the unmounting of the SD memory card 611 (S5), and notifies the SDstates 622 of the fact (S6). In response, the SDstates 622 manages information indicating that the SD memory card 611 has been unmounted, and notifies the start-up processing program 623 and the like (S7).

  In addition, by adopting the SD memory card, it is possible to enjoy a merit that so-called hot-swapping becomes possible. That is, the operation of inserting the SD memory card 611 into the SD memory card slot 601 and the operation of removing the SD memory card 611 from the SD memory card slot 601 can be performed after the MFP 101 is started.

(First embodiment)
Based on the above description, a first embodiment of the MFP 101 of FIG. 1 will be described with reference to FIG.

  As shown in FIG. 12, the update memory card 262 stores a new program for updating programs such as the application 131 and the platform 132 as an fwu file 801 having an extension fwu.

  The fwu file 801 includes a header portion 811 and a data portion 812. The header portion 811 includes a header A1, a header A2, a header B1, a header B2, and the like, and the data portion 812 includes data A1, data A2, data B1, data B2, and the like. The header A1, the header A2, the header B1, the header B2 and the like correspond to the headers of the data A1, the data A2, the data B1, and the data B2, respectively.

  Data A1 and data B1 are data corresponding to a module program. The module program is a new program for updating a program (module program) of the copy application 141 or the NCS 161 (module) in the application 131 or the platform 132 or the like. That is, it is a new program for updating programs such as the application 131 and the platform 132 for each module. It is assumed that the module program is stored as binary data.

  Data A2 and data B2 are data corresponding to an electronic signature according to the module program. Here, the electronic signature is obtained by encrypting a message digest created from a module program using a hash function such as MD5 or SHA1 using a secret key. Data A2 corresponds to an electronic signature related to data A1, and data B2 corresponds to an electronic signature related to data B1.

  The header A1, the header A2, the header B1, and the header B2 are respectively stored in a module ID indicating a type of a module, a flag indicating whether the module is a module program or an electronic signature, and a directory where the module program and the electronic signature are stored. It consists of a model name and a path name that indicate whether to install.

  FIG. 13 shows an example of a file configuration in the update memory card 262. In the example of FIG. 13, the fwu files “update_jan_2004.fwu”, “update_feb_2004.fwu”, and “update_mar_2004.fwu” are stored in the update memory card 262.

  As shown in FIG. 14, programs such as the application 131 and the platform 132 are stored in the memory card 261 as a mod file 901 having an extension “mod”, and an electronic signature related to the program such as the application 131 and the platform 132 is stored. Is stored as a mac file 902 having an extension of mac.

  The mod file 901 includes data 911. The data 911 is data corresponding to a module program, like the data A1 and the data B1.

  The mac file 902 is composed of data 912. The data 912 is data corresponding to an electronic signature according to the module program, like the data A2 and the data B2.

  FIG. 15 shows an example of a file configuration in the memory card 261. In the example of FIG. 15, the mod files “copy.mod”, “printer.mod”, “network.mod”, etc., and the mac files “copy.mac”, “printer.mac”, “network.mac” etc. are stored in the memory card 262. And cnf files “copy.cnf” “printer.cnf” “network.cnf” and the like, and lic files “copy.cnf” “printer.lic” “network.lic” and the like are stored.

  When the update memory card 262 is inserted into the update memory card slot 252 after the start of the multifunction peripheral 101, the processes from S1 to S7 are executed by the SD access 621, the SD states 622, the start processing program 623, and the SD check 624, and the update is performed. The SDstates 622 notifies the on-demand update service (OUS) 169 included in the SCS 168 that the memory card 262 has been inserted and mounted (S11). In response to this, the OUS 169 acquires the memory via the MCS 165 (S12), acquires the fwu file 801 from the updating memory card 262 inserted in the updating memory card slot 252, and expands it in the memory (S13). ).

  The OUS 169 then updates each module program stored as the mod file 901 to each module program obtained as the fwu file 801 on condition that the electronic signature of each module program obtained as the fwu file 801 is valid ( S14). Whether a digital signature related to a certain module program is valid is determined by a message digest created from the module program using a hash function such as MD5 or SHA1, and a message digest obtained by decrypting the digital signature related to the module program using a public key. Is determined based on whether or not they match. If the module program is altered (falsified, garbled, etc.) in the middle, the message digests do not match, so that the electronic signature of the module program is determined to be invalid. In this way, the reliability of each module program acquired as the fwu file 801 is improved.

  The OUS 169 further updates each module program stored as the mod file 901 with each module program acquired as the fwu file 801, and furthermore, updates the electronic signature of each module program stored as the mac file 902 with the fwu file 801. Is updated to the electronic signature of each module program acquired as. That is, the module program is updated and the electronic signature related to the module program is updated. As a result, it is possible to determine whether the electronic signature of each module program is valid even after the update, and the reliability of each module program is further improved.

  By the way, by adopting an SD memory card as the update memory card 262, the operation of inserting the update memory card 262 into the update memory card slot 252 can be executed after the MFP 101 is started. When the updating memory card 262 is inserted into the updating memory card slot 252 after the MFP 101 is started, the updating process is automatically started, and the processes from S1 to S7 and the processes from S11 to S14 are executed. It is done. That is, the on-demand update is realized by adopting the SD memory card as the update memory card 262.

  Here, the program stored in the memory card 261 is updated to the program obtained from the update memory card 262, provided that the electronic signature of the program obtained from the update memory card 262 is valid. Similarly, the program stored in the HDD 233 is updated to a program acquired from the update memory card 262, provided that the electronic signature of the program acquired from the update memory card 262 is valid. It may be.

  FIG. 16 shows an example of a file configuration in the HDD 233. In the example of FIG. 16, in the HDD 233, the mod files “copy.mod”, “printer.mod”, “network.mod”, etc., and the mac files “copy.mac”, “printer.mac”, “network.mac”, etc. cnf files “copy.cnf”, “printer.cnf”, “network.cnf”, and the like are stored.

  Here, the processing executed by the OUS 169 will be described in detail with reference to FIG.

  When the OUS 169 is notified that the update memory card 262 has been inserted and mounted (S11), the OUS 169 acquires the memory via the MCS 165 (S12) and, at the same time, obtains the fwu file 801 stored in the update memory card 262. Is analyzed (S101). Next, it is determined whether the electronic signature of each module program stored as the fwu file 801 is valid (S102). The module program determined to be invalid is displayed as an error module on the touch panel 311 via the OCS 166 (S103), and the module program determined to be valid is displayed on the touch panel 311 via the OCS 166 as an update target module. Is displayed (S104).

  When the update target module is selected by a touch operation on the touch panel 311 (S105), the OUS 169 obtains the fwu file 801 from the update memory card 262, expands it in the memory (S13), and obtains the fwu file 801 from the update memory card 262. The header part 811 of the fwu file 801 thus analyzed is analyzed (S106). Next, it is determined whether the electronic signature of each module program acquired as the fwu file 801 is valid (S107). The module program determined to be invalid is displayed as an error module on the touch panel 311 via the OCS 166 (S108), and the module program stored as the mod file 901 is determined to be valid. , The module program acquired as the fwu file 801 (S14).

  As shown in FIG. 18, before determining whether or not the electronic signature of each module program acquired as the fwu file 801 is valid (S107), a backup of each module program stored as the mod file 901 is made. (S111). In other words, the module program stored as the mod file 901 is updated to the module program acquired as the fwu file 801 after backing up the module program (S14) to prepare for the failure of the update process.

  FIG. 19 is a flowchart related to the electronic signature check (S102, S107) of each module program. The OUS 169 first creates MDa (S61). MDa is a message digest created from the module program. Next, the OUS 169 creates the MDb (S62). MDb is a message digest obtained by decrypting a digital signature (a message digest created from the module program using a secret key) related to the module program with a public key. The OUS 169 then determines the validity of the electronic signature of the module program by comparing MDa and MDb (S63). If MDa and MDb match, the electronic signature of the module program is determined to be valid (S64), and if MDa and MDb do not match, the electronic signature of the module program is determined to be invalid (S65). .

(Second embodiment)
Based on the above description, a second embodiment of the MFP 101 of FIG. 1 will be described with reference to FIG. The second embodiment is a modification of the first embodiment.

  If the fwu file 801 as shown in FIG. 12 is received from another device (for example, a personal computer in which the driver of the multifunction device 101 is installed) via the network or the like by the NIC 241 or the like after the start of the multifunction device 101, the NCS 161 Is determined to be an fwu file 801 (S21), the fwu file 801 is provided to an on-demand update service (OUS) 169 constituting the SCS 168 (S22). In response, the OUS 169 acquires the memory via the MCS 165, and expands the fwu file 801 in the memory (S23).

  The OUS 169 then updates each module program stored as the mod file 901 to each module program provided as the fwu file 801 on condition that the electronic signature of each module program provided as the fwu file 801 is valid ( S24).

  The OUS 169 further updates each module program stored as the mod file 901 to each module program provided as the fwu file 801, and also stores the electronic signature of each module program stored as the mac file 902 in the fwu file 801. Is updated to the electronic signature related to each module program provided as.

  Here, the program stored in the memory card 261 is updated to the program received by the NIC 241 or the like on condition that the electronic signature of the program received by the NIC 241 or the like is valid. Then, the program stored in the HDD 233 may be updated to the program received by the NIC 241 or the like on condition that the electronic signature of the program received by the NIC 241 or the like is valid.

  Details of the processing executed by the OUS 169 are the same as those in FIG. 17, FIG. 18, and FIG. However, the processing of S11, S12, S13, and S14 is appropriately replaced with the processing of S21, S22, S23, and S24.

(Application example)
As an application example of FIGS. 17 and 18, an example of a flow when a plurality of fwu files 801 exist in the update memory card 262 will be described.

  FIG. 21 is a flowchart corresponding to the application example of FIG.

  When the OUS 169 is notified that the update memory card 262 has been inserted and mounted (S11), the OUS 169 acquires the memory via the MCS 165 (S12) and, at the same time, obtains the fwu file 801 stored in the update memory card 262. , An unprocessed fwu file 801 is selected (S301). Subsequently, the header part 811 of the fwu file 801 is analyzed (S101). Next, it is determined whether the electronic signature of each module program stored as the fwu file 801 is valid (S102). If there is a module program determined not to be valid, the fact that an error module exists is displayed on the touch panel 311 via the OCS 166 (S103). When there is no module program determined to be invalid, if there is an unprocessed fwu file 801 in the update memory card 262 (S302), the process returns to S301, and the unprocessed fwu file is stored in the update memory card 262. If the file 801 does not exist (S302), the process proceeds to S104. In S104, each module program determined to be valid is displayed as a module to be updated on the touch panel 311 via the OCS 166 (S104).

  When a module to be updated is selected by a touch operation on the touch panel 311 (S105), the OUS 169 selects an unprocessed fwu file 801 from the fwu file 801 to be updated (S303). Subsequently, the fwu file 801 is obtained from the update memory card 262 and is developed in the memory (S13). Subsequently, the header part 811 of the fwu file 801 is analyzed (S106). Next, it is determined whether the electronic signature of each module program acquired as the fwu file 801 is valid (S107). If there is a module program that is determined to be invalid, the fact that an error module exists is displayed on the touch panel 311 via the OCS 166 (S108). When there is no module program determined to be invalid, if there is an unprocessed fwu file 801 in the fwu file 801 to be updated (S304), the process returns to S303, and the unprocessed fwu in the fwu file 801 to be updated. If the file 801 does not exist (S304), the process proceeds to S14. In S14, for each module program determined to be valid, the module program stored as the mod file 901 is updated to the module program acquired as the fwu file 801 (S14).

  Also in FIG. 21, the backup process (S111) of FIG. 18 may be executed.

(Details of flowchart)
Details of flowcharts of FIG. 17 and FIG. 18 and application examples thereof will be described.

  FIG. 22 is a flowchart related to module update (S14).

  The OUS 169 first updates the mod file 901 in the module directory (see FIG. 15) based on the path name obtained in the header analysis (S106) (S301). Next, the OUS 169 updates the mac file 902 in the module directory (see FIG. 15) based on the path name obtained in the header analysis (S106) (S302). The OUS 169 then repeats S301 and S302 for each header (S303).

  FIG. 23 is a flowchart related to the backup process (S111).

  The OUS 169 first deletes the backup file in the backup directory (see FIG. 15) (S401). Next, the OUS 169 copies the mod file 901 in the module directory (see FIG. 15) into the backup directory (see FIG. 15) based on the path name obtained in the header analysis (S106) (S402). Next, the OUS 169 copies the mac file 902 in the module directory (see FIG. 15) into the backup directory (see FIG. 15) based on the path name obtained in the header analysis (S106) (S403). The OUS 169 then repeats S402 and S403 for each header (S404).

1 shows a multifunction machine according to an embodiment of the present invention. FIG. 2 shows hardware of the multifunction peripheral of FIG. 1. 2 shows an appearance of the fusion machine of FIG. 1. Represents the operation panel. Represents the MFP starter. 4 illustrates an example of a file tree in a memory card. 9 is a flowchart related to a mounting process and a starting process. It is a flowchart concerning electronic signature check of a cnf file. 9 is a flowchart relating to a digital signature check of a mod file. This represents software related to the SD memory card slot and the SD memory card. FIG. 4 is a diagram for describing a first embodiment. The data structure of the data stored in the update memory card is shown. 4 illustrates an example of a file configuration in an update memory card. It shows the data structure of the data stored in the memory card. 4 illustrates an example of a file configuration in a memory card. 2 illustrates an example of a file configuration in an HDD. It is a flowchart concerning processing performed by OUS. It is a flowchart concerning processing performed by OUS. It is a flowchart concerning the electronic signature check of the module program. It is a figure for explaining a 2nd example. 18 is a flowchart corresponding to an application example of FIG. 17. It is a flowchart concerning a module update. It is a flowchart concerning a backup process.

Explanation of reference numerals

101 multifunction machine 111 hardware 112 software 113 multifunction machine activation unit 121 imaging unit 122 printing unit 123 other hardware 131 application 132 platform 133 application interface 134 engine interface 141 copy application 142 printer application 143 scanner application 144 facsimile application 145 network file application 151 control service 152 system resource manager 153 handler 161 network control service 162 facsimile control service 163 delivery control service 164 engine control service 165 memory control service 166 operation panel control service 67 User Directory control service 168 system control service 169 on-demand update service 171 a facsimile control unit handler 172 image memory handler 201 controller 202 an operation panel 203 facsimile control unit 211 CPU
212 ASIC
221 NB
222 SB
231 MEM-P
232 MEM-C
233 HDD
241 NIC
242 USB device 243 IEEE 1394 device 244 Centronics device 251 Memory card slot 252 Update memory card slot 261 Memory card 262 Update memory card 301 Original set section 302 Paper feed section 303 Paper discharge section 311 Touch panel 312 Numeric buttons 313 Start button 321 ADF
322 flatbed 323 flatbed cover 501 memory monitor section 502 program start section 601 SD memory card slot 611 SD memory card 621 SD memory card access driver 622 SD memory card status driver 623 start processing program 624 SD memory card check program 801 fwu File 811 Header part 812 Data part 901 mod file 902 mac file 911 data 912 data

Claims (21)

A storage medium storing a program for causing the image forming apparatus to function, and an update storage medium setting unit for setting an update storage medium storing a program for updating the program stored in the storage medium An image forming apparatus comprising:
Program updating means for updating the program stored in the storage medium to the program obtained from the update storage medium, on condition that the electronic signature of the program obtained from the update storage medium is valid. An image forming apparatus comprising: A storage medium setting means for setting a storage medium storing a program for causing the image forming apparatus to function, and an update storage medium storing a program for updating the program stored in the storage medium An update storage medium setting means for performing
Program updating means for updating the program stored in the storage medium to the program obtained from the update storage medium, on condition that the electronic signature of the program obtained from the update storage medium is valid. An image forming apparatus comprising: An image forming apparatus, comprising: a storage medium storing a program that causes the image forming apparatus to function, and a receiving unit that receives a program for updating the program stored in the storage medium.
A program updating unit that updates the program stored in the storage medium to the program received by the receiving unit, on condition that the electronic signature of the program received by the receiving unit is valid. Characteristic image forming apparatus. Image forming apparatus comprising: a storage medium setting unit for setting a storage medium storing a program for causing the image forming apparatus to function; and a receiving unit for receiving a program for updating the program stored in the storage medium. A device,
A program updating unit that updates the program stored in the storage medium to the program received by the receiving unit, on condition that the electronic signature of the program received by the receiving unit is valid. Characteristic image forming apparatus.   The program updating means updates the program stored in the storage medium and an electronic signature associated with the program to the program acquired from the update storage medium and an electronic signature associated with the program. The image forming apparatus according to claim 1, wherein:   The program updating unit updates the program stored in the storage medium and an electronic signature related to the program with the program received by the receiving unit and an electronic signature related to the program. The image forming apparatus according to claim 3, wherein:   The program updating unit may determine the validity of the electronic signature of the program obtained from the update storage medium by comparing a message digest created from the program with a message digest obtained by decrypting the electronic signature. The image forming apparatus according to claim 1, wherein:   The program updating unit determines the validity of the electronic signature of the program received by the receiving unit by comparing a message digest created from the program with a message digest obtained by decrypting the electronic signature. The image forming apparatus according to claim 3, wherein:   The program stored in the storage medium is read according to the setting file stored in the storage medium on condition that the validity of the electronic signature of the program and the validity of the electronic signature of the setting file of the program are satisfied. The image forming apparatus according to any one of claims 1 to 8, further comprising a program activating unit that activates the program.   The program starting means determines the validity of the electronic signature of the program stored in the storage medium by comparing a message digest created from the program with a message digest obtained by decrypting the electronic signature. The image forming apparatus according to claim 9.   The program activation unit determines that the validity of the electronic signature of the setting file stored in the storage medium is determined by comparing a message digest created from the setting file with a message digest obtained by decrypting the electronic signature. The image forming apparatus according to claim 9, wherein:   12. The digital signature of the setting file stored in the storage medium, wherein a message digest created from the setting file and data unique to the storage medium is encrypted. Image forming device.   13. The image forming apparatus according to claim 12, wherein the data unique to the storage medium is a serial ID of the storage medium. A storage medium storing a program for causing the image forming apparatus to function, and an update storage medium setting unit for setting an update storage medium storing a program for updating the program stored in the storage medium A program updating method for an image forming apparatus comprising:
A program update step of updating the program stored in the storage medium to the program obtained from the update storage medium, on condition that the electronic signature of the program obtained from the update storage medium is valid. A program updating method comprising: A storage medium setting means for setting a storage medium storing a program for causing the image forming apparatus to function, and an update storage medium storing a program for updating the program stored in the storage medium A program update method for an image forming apparatus including an update storage medium setting unit for performing
A program update step of updating the program stored in the storage medium to the program obtained from the update storage medium, on condition that the electronic signature of the program obtained from the update storage medium is valid. A program updating method comprising: A program updating method for an image forming apparatus, comprising: a storage medium storing a program for causing the image forming apparatus to function; and a receiving unit that receives a program for updating the program stored in the storage medium. ,
A program updating step of updating the program stored in the storage medium to the program received by the receiving unit, on condition that the electronic signature of the program received by the receiving unit is valid. Characteristic program update method. Image forming apparatus comprising: a storage medium setting unit for setting a storage medium storing a program for causing the image forming apparatus to function; and a receiving unit for receiving a program for updating the program stored in the storage medium. A program update method for an apparatus,
A program updating step of updating the program stored in the storage medium to the program received by the receiving unit, on condition that the electronic signature of the program received by the receiving unit is valid. Characteristic program update method.   In the program updating step, updating the program stored in the storage medium and the electronic signature of the program to the program obtained from the update storage medium and the electronic signature of the program 16. The program updating method according to claim 14, wherein:   In the program updating step, the program stored in the storage medium and an electronic signature of the program are updated to the program received by the receiving unit and an electronic signature of the program. The program updating method according to claim 16 or 17, wherein:   The program stored in the storage medium is read according to the setting file stored in the storage medium on condition that the validity of the electronic signature of the program and the validity of the electronic signature of the setting file of the program are satisfied. 20. The program updating method according to claim 14, further comprising a program starting step for starting.   An update storage medium according to claim 1 or 2, wherein a program for updating the program stored in the storage medium according to claim 1 and an electronic signature related to the program are stored. Update storage medium.

Images