JP2005251156A - Electronic device, image formation device, control method of electronic device, program, recording medium, image formation device management system, member with digital certificate stored, digital certificate acquisition method and digital certificate setting system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent degradation of trust in a device due to trouble of a non-genuine member and to prevent even a genuine member from being used in a device without being intended on the supply side. <P>SOLUTION: In a process cartridge used in an image formation device, a digital certificate with identification information of a device using the cartridge described is previously stored; and a controller of the image formation device authenticates the process cartridge by using the digital certificate in startup (S2). When the authentication is failed, it is determined that the process cartridge is not a genuine unit, and warning is issued by display of a warning message or the like (S4). When identification information of the image formation device itself is not described in the digital certificate, warning is also issued by determining that the cartridge is not allowed to be used by itself. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an electronic device that uses a member storing a digital certificate, an image forming apparatus that is an example of such an electronic device, a method for controlling the electronic device, and a computer that controls the electronic device. Used in a computer program, a computer-readable recording medium storing such a program, an image forming apparatus management system including the image forming apparatus and a management apparatus that manages the image forming apparatus, and the electronic apparatus Member storing digital certificate, digital certificate acquisition method for acquiring digital certificate to be stored in such member from certificate issuing device, and digital certificate setting for setting such digital certificate in the above member About the system.

Conventionally, in various devices, some parts are configured as a unit that can be detached from the main unit, so that the unit may fail, be worn or worn, or become unusable due to the end of its life as a unit. Even if it becomes, it is easily exchanged by a user or a service person so that the operation of the entire apparatus can be maintained.
And taking such a configuration is used by appropriately replacing the device when operating the device, such as parts that are less durable than other parts of the device and consumables consumed according to the operation of the device. This is particularly important in devices that use members.

  Specific examples of such a unit include a process cartridge for image formation used in an image forming apparatus such as an electrophotographic printer, a digital copying machine, and a digital multifunction machine. In addition, in such an image forming apparatus, a unit configuration such as a photosensitive drum, a charging unit, a developing unit, a toner bottle, a cleaning unit, an optical unit, a transfer unit, a paper feeding unit, a fixing unit, and the like can be replaced. It has also been done.

By the way, since these consumables need to be distributed as replacement units, they are not always distributed in the same manner as the apparatus main body. In recent years, in addition to manufacturers that produce device bodies, non-genuine replacement units have been manufactured and supplied by manufacturers unrelated to the manufacturers that supply the device bodies.
However, for non-genuine units (units that are produced in a state where the manufacturer of the equipment that uses the unit cannot fully control the quality, such as those produced by a manufacturer completely unrelated to the equipment that uses the unit), In many cases, the manufacturer that supplies the product cannot manage the quality. Therefore, when such a non-genuine unit is used, it is not always possible to guarantee the operation of the apparatus, and even if it seems to be operating normally at first glance, there is a problem in detail or an abnormality. It may be easy to generate. For example, in the case of the above image forming apparatus, the image forming quality is lowered. If such a situation occurs, there is a possibility that the trust in the device itself may be reduced.

Therefore, as a manufacturer that supplies the device itself, use as genuine a unit as possible (a unit that was produced by the manufacturer of the device that uses the unit itself, or that has been produced in a state where the manufacturer can sufficiently control the quality). There is a request to want.
As a technique for realizing such a request, for example, a technique described in Patent Document 1 or Patent Document 2 can be considered.
In Patent Document 1, identification information is recorded in advance on consumables, and whether or not an image forming apparatus using the consumables can form an image according to whether or not the identification information matches the previously registered identification information. It is described to be determined. Therefore, by using this technology, it is possible to eliminate the use of non-genuine units by enabling image formation only when the identification information recorded on the consumables matches the identification information of the genuine unit. It is possible.

Japanese Patent Application Laid-Open No. H10-228867 discloses a toner ID including a cartridge ID No. It describes that history information of reproduction processing and the like are encrypted and stored with predetermined key information and the information is transmitted to the management center when the toner cartridge is connected to the printer. In the management center, the received information is stored in the cartridge ID No. The key information managed using the information as a key is decrypted. If decryption is successful, the key information is transmitted to the printer. When the printer receives the key information, the information is read from the toner cartridge memory. In addition, it is described that an operation becomes possible by decoding and writing to an EEPROM.
JP 2002-333800 A JP 2002-318511 A

However, in the case of the configuration described in Patent Document 1, if the identification information registered in advance in the apparatus is analyzed, it is easy to record the same identification information in the unit. Therefore, if the supplier of the non-genuine unit records the same identification information on the unit, the device using the unit cannot distinguish between the genuine unit and the non-genuine unit. there were.
Even if it is difficult to copy only the identification information, if the entire data in the memory is copied, it is not possible to distinguish the genuine unit from the illegal unit by copying. There was a problem that.

  Further, even a non-genuine unit does not necessarily have a problem in quality, and there may be a unit having a quality equivalent to that of a genuine unit. And even when such a unit is used, it becomes impossible to operate the device uniformly because it is non-genuine, limiting the options of the user of the device, which is an appropriate measure. There was also a problem of not.

Further, if the technique described in Patent Document 2 is used, it is possible to cope with a warning or the like when the user tries to use a toner cartridge other than a genuine one.
However, in this technique, the management center determines whether or not the mounted toner cartridge is genuine. Therefore, if the printer cannot communicate with the management center when the toner cartridge is installed, there is a problem that operation cannot be permitted even if a genuine toner cartridge is installed. In addition, since it is necessary to make an inquiry to the management center each time a toner cartridge is installed, in a dial-up environment or other environment where connection takes time or a metered fee is required, an extra burden on the user There was also the problem of being forced.

In addition to the above consumables, other members that can be used as appropriate when operating the electronic device include software for operating the computer, recording media for recording music and video to be viewed, and the like. Conceivable. With respect to such a recording medium, in recent years, flooding of so-called pirated copies due to illegal copying has become a problem. In many cases, the computer is used by a plurality of computers even though the use is permitted only by one computer.
Accordingly, there has been a demand for such a member to prevent the use of a non-genuine product that has been illegally copied and manufactured, or to prevent the supplier from using the product even if it is a genuine product.

  The present invention solves such a problem, and prevents the deterioration of trust in the device due to the malfunction of the non-genuine member even in the environment where the non-genuine member circulates in the member used in the electronic device. The purpose is to have genuine members used as much as possible. Another object of the present invention is to control the use of a genuine member in an unintended apparatus on the supply side.

  In order to achieve the above object, an electronic device according to the present invention is an electronic device using a member storing a digital certificate, an acquisition means for acquiring a digital certificate stored in the member, and the digital An authentication means for authenticating the member using a certificate and a means for controlling the operation of the electronic device based on an authentication result by the authentication means are provided. A digital certificate in which identification information is described is provided, and means for determining an authentication result based on the identification information of the electronic device described in the digital certificate is provided in the authentication means.

In such an electronic device, it is preferable to provide means for notifying the authentication result by the authentication means.
Further, the digital certificate may be a digital certificate in which information related to the member and information that does not need to be rewritten is described.
Furthermore, the information that does not need to be rewritten may be information on the type of member, serial number, manufacturer, or upper limit of the number of recycling.
Furthermore, communication means for communicating with the member in use in the electronic device is provided, and information that needs to be rewritten among the information stored in the member or stored in the member is the digital certificate. It is good to use as a means for transmitting and receiving through a communication path in which the contents are encrypted using a certificate.
Furthermore, it is preferable to provide control means for controlling the operation of the electronic device according to the control information received from the member via the encrypted communication path.

  Further, in such an electronic apparatus, the member is a toner supply member, and an image forming unit that forms an image on a sheet using toner supplied from the toner supply member, and for communicating with an external management apparatus A second communication unit, and the control unit acquires information on the remaining amount of toner from the toner supply member as the control information, and the second communication is performed when the remaining amount of toner falls below a predetermined value. The image forming apparatus may be configured to include means for placing an order for the replacement toner supply member in the management apparatus.

In each electronic device, the digital certificate stored in the member may be a certificate whose validity can be confirmed using a certification key dedicated to member authentication.
Further, the member is provided with computing means and communication means for communicating with the main body side of the electronic device, and provided with storage means for storing a digital certificate on the main body side of the electronic device. The authentication means may perform mutual authentication between the member and the main body side of the electronic device using digital certificates stored by the other party.

  The electronic device control method of the present invention is an electronic device control method using a member storing a digital certificate, wherein identification information of the electronic device using the member is described in the digital certificate. In addition, the electronic device is caused to execute an acquisition procedure for acquiring a digital certificate stored in the member and an authentication procedure for authenticating the member using the digital certificate. A procedure for determining the authentication result based on the identification information of the electronic device described in the document is provided, and the operation of the electronic device is controlled based on the authentication result in the authentication procedure.

In such an electronic device control method, the electronic device may be notified of the authentication result in the authentication procedure.
Further, the digital certificate may be a digital certificate in which information related to the member and information that does not need to be rewritten is described.
Furthermore, information that needs to be rewritten out of the information stored in the member or stored in the member in the communication procedure is executed by the electronic device in communication with the member in use in the electronic device. May be transmitted and received through a communication path in which the content is encrypted using the digital certificate.

Furthermore, the electronic device may be configured to control its own operation according to control information received from the member through the encrypted communication path.
Further, a digital certificate is also stored on the main body side of the electronic device, and the digital certificate stored by the other party is used between the member and the main body side of the electronic device in the authentication procedure. It is recommended that you perform mutual authentication.

  In addition, the program of the present invention provides a computer for controlling an electronic device that uses a member storing a digital certificate, an acquisition procedure for acquiring the digital certificate stored in the member, and the digital certificate. And a program for realizing a function of controlling the operation of the electronic device based on an authentication result in the authentication procedure. A digital certificate in which identification information of an electronic device using a member is described, and a procedure for determining an authentication result based on the identification information of the electronic device described in the digital certificate is provided in the authentication procedure. Program.

In such a program, it is preferable to include a program for causing the computer to execute a procedure for notifying an authentication result in the authentication procedure.
Further, the digital certificate may be a digital certificate in which information related to the member and information that does not need to be rewritten is described.
In addition, the computer further includes a program for executing a communication procedure for communicating with the member in use in the electronic device, and in the communication procedure, the information stored by the member or stored in the member. The information that needs to be rewritten may be transmitted and received through a communication path in which the content is encrypted using the digital certificate.

Further, the computer may be configured to control the operation of the electronic device according to the control information received from the member through the encrypted communication path.
Further, the computer is a computer having a storage means for storing a digital certificate, and the computer uses the digital certificate stored in the authentication procedure by the other party with the member in the authentication procedure. It is good to make it perform.

The recording medium of the present invention is a computer-readable recording medium on which any one of the above programs is recorded.
The image forming apparatus management system according to the present invention includes the above-described image forming apparatus and a management apparatus that can communicate with the image forming apparatus and manages the image forming apparatus, and the image forming apparatus includes the image forming apparatus. Means for receiving an order for the replacement toner supply member from the apparatus is provided.

In addition, the member storing the digital certificate of the present invention can be validated using the certification key stored in the electronic device using the member, and the identification information of the electronic device using the member is stored. It is a member that stores the digital certificate described.
In a member storing such a digital certificate, the digital certificate may be a digital certificate in which information related to the member and information that does not need to be rewritten is described.
Furthermore, the information that does not need to be rewritten may be information on the type of member, serial number, manufacturer, or upper limit of the number of recycling times.

Furthermore, communication means for communicating with the electronic device using the member is provided, and the information necessary for rewriting among the information stored in the communication means is the contents using the digital certificate. May be a means for transmitting and receiving the encrypted communication path.
Furthermore, the digital certificate stored in the member may be a certificate whose validity can be confirmed using a certification key dedicated to member authentication.
Furthermore, it is preferable to provide a communication unit that communicates with an electronic device that uses the member, and an authentication unit that acquires a digital certificate from the electronic device and authenticates the electronic device using the digital certificate.

  The digital certificate acquisition method of the present invention is the digital certificate acquisition method for acquiring a digital certificate to be stored in a member used in the electronic device, and the identification information of the electronic device using the member by a predetermined terminal device And the certificate issuing device transmits the input identification information together with the certificate issuing request, and the certificate issuing device sends the received identification information in response to the certificate issuing request. Originally, it is possible to confirm the validity using the certification key stored in the electronic device using the member, and issue a digital certificate in which the identification information of the electronic device using the member is described. Are transmitted to the terminal device, and the terminal device acquires the digital certificate.

Further, the digital certificate setting system of the present invention is a digital certificate setting system for setting a digital certificate to be stored in a member used in an electronic device, a terminal device, and a certificate issuing device for issuing the digital certificate. Means for accepting input of identification information of an electronic device using the member to the terminal device, and means for transmitting the input identification information together with a certificate issuance request to the certificate issuing device. And a means for obtaining a digital certificate issued by the certificate issuing device in response to the request and setting the digital certificate in the member, and responding to the certificate issuing request to the certificate issuing device. Based on the received identification information, the validity can be confirmed using the certification key stored in the electronic device using the member. And issues digital certificates identifying information of the electronic apparatus is described is provided with a means for transmitting to the terminal device.
In such a digital certificate setting system, means for transmitting information relating to ordering of the member to the terminal device together with the identification information of the electronic device including the electronic device using the member. It is good to provide.

  Further, the present invention is a digital certificate setting system for setting a digital certificate for a member used in an electronic device, and is installed in a management device that accepts an order for the member and a service base that sends the member to a customer. A terminal device and a certificate issuing device for issuing the digital certificate are provided, and the management device receives information related to ordering of the member together with identification information of the electronic device using the member, and receives the information. When the information regarding the order of the member is received from the management device, the terminal device provided with a means for transmitting the information to the terminal device installed in the service base that ships the ordered member to the customer. Means for transmitting the identification information of the electronic device received together with the information to the certificate issuing device together with the certificate issuing request; In response to a request, the digital certificate issued by the certificate issuing device is obtained, and means for setting the digital certificate to the member related to the order is provided, and the certificate issuing device responds to the certificate issuing request. Accordingly, based on the received identification information, the validity can be confirmed using the certification key stored in the electronic device using the member, and the identification information of the electronic device using the member is described. There is also provided a digital certificate setting system provided with means for issuing a digital certificate to be transmitted to the terminal device.

In such a digital certificate setting system, means for transmitting information relating to the ordering of the member to the electronic device together with the identification information of the electronic device including the electronic device using the member. It is good to provide.
Alternatively, the management device may be provided with means for confirming whether or not the received identification information of the electronic device is that of a device that may mediate the ordering of members.
In addition, the management device receives information related to the ordering of the member from the electronic device using the member, and is described in the digital certificate received from the electronic device during communication as the identification information of the electronic device. It is preferable to accept identification information.

  According to the electronic apparatus, the image forming apparatus, the electronic device control method, the image forming apparatus management system, or the member storing the digital certificate of the present invention as described above, even in an environment where non-genuine members are distributed. Therefore, it is possible to prevent a decrease in trust in the apparatus due to a defect of a non-genuine member and to use a genuine member as much as possible. It is possible to control the use of a genuine member in an unintended device on the supply side.

Further, according to the program of the present invention, it is possible to achieve the characteristics by controlling the electronic device by the computer and obtain the same effect. According to the recording medium of the present invention, the above effect can be obtained by causing a computer not storing the above program to read and execute the program.
Furthermore, according to the digital certificate acquisition method and the digital certificate setting system of the present invention, the above-described effects can be obtained by making it possible to easily supply the member storing the digital certificate.

Preferred embodiments of the present invention will be described below with reference to the drawings.
[First Embodiment: FIGS. 1 to 15]
First, an electronic apparatus according to a first embodiment of the present invention will be described by taking an image forming apparatus as an example. In this example, the image forming apparatus uses the process cartridge which is the first embodiment of the member storing the digital certificate of the present invention as a consumable. The process cartridge is a unit including an image forming unit and a toner supply member that supplies toner to the image forming unit, as will be described later.
FIG. 1 is a schematic cross-sectional view showing the overall configuration of the image forming apparatus.

The image forming apparatus 100 shown in this figure is a digital multi-function peripheral having functions such as copying, facsimile, and scanner, and a function for communicating with an external device, and an application program for providing a service related to those functions is mounted. It is what you are doing.
The image forming apparatus 100 is a unit that is replaceably installed at an installation position corresponding to an optical unit (optical unit) 2 that emits laser light based on image information and each color (yellow, magenta, cyan, black). Process cartridges 500Y, 500M, 500C, and 500BK (hereinafter collectively referred to as “500”), a sheet feeding unit (sheet feeding unit) 61 in which a transfer material P such as a transfer sheet is stored, a sheet feeding roller 62, and conveyance A sheet conveying means including a guide 63, a registration roller 64, a suction roller 27, a transfer belt 30, and the like, a heating roller 67, a pressure roller 68, and a paper discharge roller 69 are provided to fix an unfixed image on the transfer material P. Unit (fixing unit) 66, scanner 90 for optically reading a placed document, and an operation provided so that part of the exterior of the apparatus body is exposed 209, the controller 200 is a controller that comprehensively controls the operation of the image forming apparatus 100, and a like engine control unit 400 for controlling the operation of the engine unit.
Although a color image forming apparatus is shown here, the present invention is naturally applicable to a monochrome image forming apparatus. In this case, the image forming apparatus includes only one process cartridge.

In the image forming apparatus 100, each color process cartridge 500 has a photosensitive drum 21 as an image carrier, a charging unit 22 that charges the photosensitive drum 21, and an electrostatic latent image formed on the photosensitive drum 21. A developing unit 23 for developing, a cleaning unit 25 for collecting untransferred toner on the photosensitive drum 21, a toner supplying unit 32 as a toner supplying unit for supplying toner to the developing unit 23, and a control chip used for identifying the process cartridge 500 80 etc., and these are integrally held. Further, a transfer roller 24 for transferring the toner image formed on the photoconductive drum 21 to the transfer material P is disposed at a position corresponding to the photoconductive drum 21.
Then, the corresponding color image is formed on the photosensitive drum 21 of each process cartridge 500. At this time, the toner of each color is supplied to the developing unit 23 of each process cartridge 500 from the toner supply units 32Y, 32M, 32C, and 32BK.

Hereinafter, an operation during normal color image formation in the image forming apparatus 100 will be described.
When performing image formation, each of the four photosensitive drums 21 rotates clockwise in FIG. First, the surface of the photosensitive drum 21 is uniformly charged at a position facing the charging unit 22 (charging process). Thereafter, the surface of the charged photosensitive drum 21 reaches the irradiation position of each laser beam.

  On the other hand, the optical unit 2 is supplied with image data regarding an image to be formed. In the optical unit 2, laser light corresponding to the image signal is emitted from the LD light source corresponding to each color. The laser light is incident on the polygon mirror 3 and reflected, and then passes through the lenses 4 and 5. The laser light after passing through the lenses 4 and 5 passes through different optical paths for each color component of yellow, magenta, cyan, and black.

  The yellow component laser light is reflected by the mirrors 6 to 8 and then irradiated to the surface of the photosensitive drum 21 of the first process cartridge 500Y from the right side of the drawing. At this time, the yellow component laser light is scanned in the rotation axis direction (main scanning direction) of the photosensitive drum 21 by the polygon mirror 3 that rotates at high speed. Thus, an electrostatic latent image of a yellow component is formed on the photosensitive drum 21 charged by the charging unit 22.

  Similarly, the magenta component laser light is reflected by the mirrors 9 to 11 and then irradiated to the surface of the photosensitive drum 21 of the second process cartridge 500M from the right side of the sheet, thereby forming an electrostatic latent image of the magenta component. The The cyan component laser light is reflected by the mirrors 12 to 14 and then irradiated to the surface of the photosensitive drum 21 of the third process cartridge 500C from the right side of the paper, thereby forming an electrostatic latent image of the cyan component. The black component laser light is reflected by the mirror 15 and then irradiated onto the surface of the photosensitive drum 21 of the fourth process cartridge 500BK from the right side of the paper to form an electrostatic latent image of black component (exposure process). .

Thereafter, the surface of the photosensitive drum 21 on which the electrostatic latent images of the respective colors are formed further rotates and reaches a position facing the developing unit 23. Then, the toner of each color is supplied from the developing unit 23 onto the photosensitive drum 21, and the latent image on the photosensitive drum 21 is developed (developing process).
Thereafter, the surface of the photosensitive drum 21 after the development process reaches a position facing the transfer belt 30. Here, the transfer roller 24 is installed at each facing position so as to contact the inner peripheral surface of the transfer belt 30. Then, the toner images of the respective colors formed on the photosensitive drum 21 are sequentially transferred onto the transfer material P conveyed by the transfer belt 30 at the position of the transfer roller 24 (transfer process).

  In the transfer belt unit (transfer section), the transfer belt 30 is stretched and supported by a driving roller and three driven rollers. Then, the transfer belt 30 travels in the direction of the arrow in the drawing by the driving roller. The transfer belt unit is configured as an apparatus unit in which members such as the transfer roller 24 and the transfer belt 30 described above are integrally formed and is replaceable with respect to the apparatus main body.

Then, the surface of the photosensitive drum 21 after the transfer process reaches a position facing the cleaning unit 25. The untransferred toner remaining on the photosensitive drum 21 is collected by the cleaning unit 25 (cleaning process).
Thereafter, the surface of the photosensitive drum 21 passes through a static elimination unit (not shown), and a series of image forming processes is completed.

On the other hand, the material to be transferred P fed by the paper feed roller 62 is guided from the paper feed unit 61 (paper feed unit) to the position of the registration roller 64 after passing through the transport guide 63. The transfer material P guided to the registration roller 64 is transported toward the contact portion between the transfer belt 30 and the suction roller 27 while the transport timing is controlled.
Thereafter, the transfer material P sequentially passes through the facing positions of the four photosensitive drums 21 while being conveyed to the transfer belt 30 that runs in the direction of the arrow in the drawing. Thus, the toner images of the respective colors are transferred onto the transfer material P, and a color image is formed.

Thereafter, the transfer material P on which the color image is formed is separated from the transfer belt 30 of the transfer belt unit and guided to the fixing unit 66. In the fixing unit 66, the color image is fixed on the transfer material P at the nip portion between the heating roller 67 and the pressure roller 68.
The transferred material P after the fixing process is discharged out of the apparatus main body by the paper discharge roller 69, and a series of image forming operations is completed.

Next, the process cartridge installed in the image forming apparatus 100 in a replaceable manner will be described in detail.
FIG. 2 is a cross-sectional view showing the process cartridge 500 in a new state (a state in which a non-recycled product or a recycled product has never been used in the apparatus main body after manufacturing or after a recycling process).

As shown in the figure, a process cartridge 500 mainly includes a photosensitive drum 21 as an image carrier, a charging unit 22, a developing unit 23, and a cleaning unit 25, which are integrally stored in a case 26. In addition, the toner supply unit 32 is also configured integrally. Therefore, the process cartridge 500 is also called a toner cartridge.
The developing unit 23 includes a developing roller 23a, stirring rollers 23b and 23c, a doctor blade 23d, a T sensor 29 (toner density sensor), and the like, and a developer composed of carrier C and toner T is accommodated therein. Has been. The toner T in the toner bottle 33 provided in the toner supply unit 32 is appropriately supplied into the developing unit 23 as the toner T in the developing unit 23 is consumed. The cleaning unit 25 includes a cleaning blade 25a, a cleaning roller 25b, and the like.

  A control chip 80 is fixed on the case 26 of the process cartridge 500. Although details will be described later, the control chip 80 is a microcomputer including a CPU, NVRAM (nonvolatile RAM), and the like, and is a packaged IC including an external terminal. The external terminals of the control chip 80 are connected to the connection terminals of the socket 81 fixed to the case 26. The form of the control chip 80 is not particularly limited, and may be an IC chip having a size of several millimeters square, or an IC chip is mounted on a PCB (printed circuit board) having external terminals. You can also.

  By the way, the process cartridge 500 has a shorter life than the main body of the image forming apparatus 100, and is consumed when the photosensitive drum 21, the cleaning unit 25, etc. are worn out or when the toner in the toner bottle 33 runs out. It is a product. When replacement is performed, an operator performs replacement work on the apparatus main body in units of the process cartridge 500. At this time, the operator opens the door (not shown) of the apparatus main body, and inserts the process cartridge 500 into the apparatus main body along a rail (not shown), thereby installing the process cartridge 500 in the apparatus main body. can do.

FIG. 3 is a cross-sectional view schematically showing a peripheral state when the process cartridge is installed in the installation unit of the image forming apparatus.
In this state, the socket 81 of the process cartridge 500 is connected to the CPU 401 of the engine control unit 400 via the serial bus 230, and the control chip 80 can communicate with the controller 200 via the engine control unit 400 and the PCI bus 218. It becomes a state.
In this state, the process cartridge 500 performs an image forming operation using the toner supplied from the toner bottle 33.

  That is, the developing roller 23a rotates in the direction of the arrow in the drawing, and the toner T in the developing portion 23 is supplied from the toner supply portion 32 by the stirring rollers 23b and 23c that rotate counterclockwise in the drawing. Along with T, it is mixed with carrier C. The frictionally charged toner T is supplied onto the developing roller 23a together with the carrier C by one stirring roller 23b.

The toner T in the developing unit 23 is consumed by a toner concentration sensor (P sensor) 28 as an optical sensor facing the photosensitive drum 21 and a toner concentration sensor (T) as a magnetic permeability sensor provided in the developing unit 23. Sensor) 29 and notified to the CPU on the control chip 80.
Further, the toner T carried on the developing roller 23a reaches the position facing the photosensitive drum 21 after passing through the position of the doctor blade 23d. At the opposite position, the toner T adheres to the electrostatic latent image formed on the surface of the photosensitive drum 21. Specifically, the toner T adheres to the surface of the photosensitive drum 21 by an electric field formed by a potential difference between the surface potential of the region irradiated with the laser light L and the developing bias applied to the developing roller 23a.

Most of the toner T adhering to the photosensitive drum 21 is transferred onto the transfer material P. The toner T remaining on the photosensitive drum 21 is collected in the cleaning unit 25 by the cleaning blade 25a and the cleaning roller 25b.
Here, the process cartridge 500 and the toner supply unit 32 are integrally configured as one consumable, but the toner supply unit 32 may be configured as an independently replaceable unit. In such a case, when the toner in the toner bottle 33 runs out, the toner bottle or toner supply unit is replaced with a new unit.

Next, the configuration of the image forming apparatus 100 will be further described focusing on hardware related to control and communication. FIG. 4 is a block diagram showing the configuration of the image forming apparatus, focusing on hardware related to control and communication.
As shown in FIG. 4, the image forming apparatus 100 includes a CPU 201, an ASIC (Application Specific Integrated Circuit) 202, an SDRAM 203, an NVRAM (nonvolatile memory) 204, an NRS memory 205, a PHY (physical media interface) 206, and an operation unit. 209, HDD (hard disk drive) 210, modem 211, PI (personal interface) 212, FCU (fax control unit) 213, USB (Universal Serial Bus) 214, IEEE 1394_215, engine control unit 400, engine unit 410, and process cartridge 500 It has.
The CPU 201, the ASIC 202, the SDRAM 203, the NVRAM 204, the NRS memory 205, and the HDD 210 constitute a controller 200 that is a control unit that controls the overall operation of the image forming apparatus 100.

The CPU 201 is arithmetic processing means that performs data processing (control of each function) via the ASIC 202.
The ASIC 202 is a multi-function device board including a CPU interface, an SDRAM interface, a local bus interface, a PCI interface, a MAC (Media Access Controller), an HDD interface, and the like. From the aspect, it helps to improve the development efficiency of applications (application software) and common system services.
The SDRAM 203 is a main memory used as a program memory for storing various programs including an OS, a work memory used when the CPU 201 performs data processing, and the like. In place of the SDRAM 203, a DRAM or SRAM may be used.

The NVRAM 204 is a non-volatile memory (storage means) and holds stored contents even when the power is turned off. The NV-RAM 204 can be used as a boot loader (boot program) for activating the image forming apparatus 100, a program memory for storing an OS image as an OS file, and a secure SSL (SSL) for communication with an external communication partner. Certificate memory for storing digital certificates used for mutual authentication using Socket Layer) and mutual authentication using PKI (Public Key Infrastructure) with consumables such as process cartridge 500, initial value of printer function and scanner A fixed parameter memory that stores various fixed parameters that hardly change the value, such as an initial value of the function, a model number memory that stores a model number that is identification information of the image forming apparatus 100, and an operation by the operation unit 209 A memory for storing the initial values above, and a memory for storing the initial values of each application (APL). Li, a memory or the like for storing each counter information (data such as billing counter).
Of course, the NVRAM 204 may be composed of a plurality of memory units, or may be distributed in each part of the apparatus. As these memory units, for example, a nonvolatile RAM in which a backup circuit using a RAM and a battery is integrated, a nonvolatile memory such as an EEPROM, or a flash memory can be used.

The NRS memory 205 is a non-volatile memory that stores an NRS application described later, and an NRS function can be added as an option.
The PHY 206 is an interface for communicating with an external device via a LAN, and functions as a second communication unit together with the CPU 201.
The operation unit 209 is operation display means (operation means and display means).
The HDD 210 is a storage unit (recording medium) that stores and saves data regardless of whether the power is on or off. The HDD 210 can store the above-described program in the NVRAM 204 and other data.

The modem 211 is modulation / demodulation means. When data is transmitted to an external device via a public line, the modem 211 modulates the data to flow through the public line. In addition, when modulated data sent from an external device is received, the data is demodulated.
The PI 212 includes an interface conforming to the RS485 standard, and is connected to a public line via a line adapter (not shown). These modems 211 and PI 212 may function as the second communication means.

The FCU 213 controls communication with an external apparatus such as a fax machine or an image forming apparatus such as a digital copying machine or a digital multifunction peripheral having a modem function (FAX communication function) and a management apparatus via a public line.
USB 214 and IEEE 1394 — 215 are USB standard and IEEE 1394 standard interfaces for communicating with peripheral devices, respectively.

The engine control unit 400 is a control unit that controls the operation of the engine unit 410 according to an instruction from the controller 200, and is an interface for connecting the engine unit 410 to the PCI bus 218. Further, it has a function of mediating communication between the CPU of the process cartridge 500 and the CPU 201 of the controller 200.
The engine unit 410 corresponds to the image reading / forming engine shown in FIG. 1, a post-processing unit for performing post-processing such as sorting, punching, and stapling on the paper on which images are formed by the plotter engine.
The process cartridge 500 is as described above, and is connected to the engine control unit 400 by the serial bus 230.

  Here, when the power is turned on (power is turned on), the CPU 201 activates the boot loader in the NVRAM 204 via the ASIC 202, reads the OS image in the NVRAM 204 according to the boot loader, loads it into the SDRAM 203, and develops it into a usable OS. To do. When the OS deployment is completed, the OS is started. Thereafter, if necessary, various functions can be realized by reading a program such as an application in the NVRAM 204 or an NRS application in the NRS memory 205, loading it into the SDRAM 203, developing it, and starting it.

Next, a software configuration in the image forming apparatus 100 will be described with reference to FIG.
FIG. 5 is a block diagram illustrating an example of a software configuration of the image forming apparatus 100. The software configuration of the image forming apparatus 100 includes an uppermost application module layer and a lower service module layer. The programs constituting these software are stored in the NVRAM 204 and the NRS memory 205, read out as necessary, and executed by the CPU 201.

The application module layer software is configured by a program for causing the CPU 201 to function as a plurality of application control means (process execution means) that operate hardware resources to realize a predetermined function. The CPU 201 is interposed between the hardware resource and each application control unit, and receives an operation request for the hardware resource from a plurality of application control units, arbitrates the operation request, and controls the execution of the operation based on the operation request. It is comprised by the program for functioning as a service control means (process execution means) which performs.
The OS 319 is an operating system such as UNIX (registered trademark), and executes the programs of the service module layer and the application module layer in parallel as processes.

  The service module layer includes an operation control service (OCS) 300, an engine control service (ECS) 301, a memory control service (MCS) 302, a network control service (NCS) 303, a fax control service (FCS) 304, a customer support system (CSS). 305, system control service (SCS) 306, system resource manager (SRM) 307, image memory handler (IMH) 308, delivery control service (DCS) 316, user control service (UCS) 317, data encryption security service (DESS) ) 318 is implemented. Further, a copy application 309, a fax application 310, a printer application 311, a scanner application 312, a net file application 313, a web application 314, and an NRS (New Remote Service) application 315 are installed in the application module layer.

These will be described in further detail.
The OCS 300 is a module that controls the operation unit 209.
The ECS 301 is a module that controls an engine such as hardware resources.
The MCS 302 is a module that performs memory control. For example, the MCS 302 acquires and releases an image memory, uses the HDD 210, and the like.
The NCS 303 is a module that performs mediation between the network and each application program in the application module layer.
The FCS 304 is a module that performs facsimile transmission / reception, facsimile reading, facsimile reception printing, and the like.

The CSS 305 is a module that converts data when data is transmitted / received via a public line, and is a module that summarizes functions related to remote management via a public line.
The SCS 306 is a module that performs startup management and termination management of each application program in the application module layer according to the content of the command.
The SRM 307 is a module that controls the system and manages resources.
The IMH 308 is a module that manages a memory for temporarily storing image data.

The DCS 316 is a module that transmits and receives image files and the like stored in the HDD 210 and the SDRAM 203 using SMTP (Simple Mail Transfer Protocol) and FTP (File Transfer Protocol).
The UCS 317 is a module that manages user information such as destination information and address information registered by the user.
The DESS 318 is a module that authenticates each unit or external device using PKI or SSL and encrypts communication.

The copy application 309 is an application program for realizing a copy service.
The fax application 310 is an application program for realizing a fax service.
The printer application 311 is an application program for realizing a printer service.

The scanner application 312 is an application program for realizing a scanner service.
The net file application 313 is an application program for realizing a net file service.
The web application 314 is an application program for realizing a web service.
The NRS application 315 is an application program for realizing data conversion when data is transmitted / received via the network and functions related to remote management via the network (including functions related to communication with the management apparatus 102). .

Next, the internal configuration of the NRS application 315 included in the software configuration of the image forming apparatus 100 described above will be further described with reference to FIG.
FIG. 6 is a functional block diagram illustrating an example of the configuration of the NRS application. As shown in the figure, the NRS application 315 performs processing between the SCS 306 and the NCS 303. The web server function unit 600 performs a response process related to a request received from the outside. The request here may be a SOAP request by SOAP (Simple Object Access Protocol) described in XML (Extensible Markup Language) format which is a structured language, for example. The web client function unit 601 performs processing for issuing an external request. The libsoap 602 is a library that processes SOAP, and the libxml 603 is a library that processes data described in the XML format. Further, libgwww 604 is a library that processes HTTP, and libgw_ncs 605 is a library that performs processing with the NCS 303.

  In the image forming apparatus 100 as described above, when the apparatus is activated by turning on the power, resetting, or the like, in the initialization process, between the controller 200 and the process cartridge 500 that is a replaceable consumable, An authentication process using PKI is performed, and a warning is issued when authentication fails. Further, the content of the warning is changed according to the content of the authentication failure. Next, the configuration and operation of each unit related to the authentication process and warning will be described. FIG. 7 shows the configuration of each unit related to the authentication process and warning. In order to simplify the description, only the configuration and processing related to one process cartridge will be described in the following description (including other embodiments), but the other process cartridges have the same configuration, and the controller It is assumed that the same processing is performed in parallel or sequentially with 200 or the engine control unit 400.

First, the controller 200, the engine control unit 400, and the process cartridge 500 are actually involved in mutual authentication.
Among these, the configuration of the controller 200 is as described above, but only a part of the configuration is shown here. However, the I / O port 220 indicates a connection port with the PCI bus 218 provided in the ASIC 202.
The engine control unit 400 includes a CPU 401, ROM 402, RAM 403, NVRAM 404, and I / O port 405, which are connected by an internal bus 406. Then, the CPU 401 executes a program stored in the ROM 402 or the NVRAM 404 to perform processing related to control of the engine unit 410 and data communication between the controller 200 and the process cartridge 500.

  The process cartridge 500 also includes a CPU 501, ROM 502, RAM 503, NVRAM 504, and I / O port 505, which are connected by an internal bus 506. Among these, the NVRAM 504 stores a digital certificate and a key used for the above authentication processing. Then, the CPU 501 executes a program stored in the ROM 502 or the NVRAM 504, thereby performing processing relating to control of the process cartridge 500, data management, data communication with the engine control unit 400, and authentication processing. That is, the CPU 501 functions as a communication unit and a calculation unit. Each of these units is provided on the control chip 80 or the socket 81.

By the way, when the controller 200 and the process cartridge 500 communicate with each other in the configuration shown in FIG. Accordingly, when the controller 200 and the process cartridge 500 perform mutual authentication, a configuration related to this is simply shown in FIG.
That is, the CPU 201 of the controller 200 reads out the digital certificate and key on the controller 200 side necessary for the authentication process from the NVRAM 204 functioning as a certificate memory.

The CPU 501 of the process cartridge 500 reads out the digital certificate and key on the process cartridge 500 side necessary for the authentication process from the NVRAM 504 functioning as a certificate memory. Then, communication is performed between the CPU 201 and the CPU 501, and authentication processing is performed using these digital certificates and keys. In this case, the CPU 201 and CPU 501 and the buses and interfaces between them correspond to communication means.
Since the other configuration shown in FIG. 7 and the like is only supplementarily involved in this authentication process, the following description is based on the configuration shown in FIG.

Next, certificates and keys for use in authentication processing stored in the NVRAMs 204 and 504 will be described. FIG. 9 shows the types of certificates and keys stored in the respective NVRAMs.
In this image forming apparatus 100, the NVRAM 504 of the process cartridge 500 stores the cartridge certificate set shown in FIG. 9A, and the NVRAM 204 of the controller 200 stores the controller certificate set shown in FIG. 9B. .

  Each of these certificate sets includes a public key certificate, a private key, and a root key certificate related to public key cryptography. Among these, the private key is a private key issued by a certificate authority (CA) to each device (here, the image forming apparatus 100) or a member (here, the process cartridge 500) used by the device. The key certificate is a digital certificate in which the CA adds a digital signature to the public key corresponding to the private key. The root key certificate is a digital certificate obtained by attaching a digital signature to a root key corresponding to the root private key used by the CA for the digital signature.

FIG. 10 shows these relationships.
As shown in FIG. 10A, for example, the public key A includes a key body for decrypting a document encrypted using the private key A corresponding to the public key A, and an issuer (CA) of the public key. And bibliographic information including information such as expiration date. Then, the CA encrypts the hash value obtained by hashing the public key A using the root private key to indicate that the key body or bibliographic information has not been tampered with, and stores the hash value in the public key A as a digital signature. Attached. At this time, the identification information of the root private key used for the digital signature is added to the bibliographic information of the public key A as the signature key information. The public key certificate with the digital signature is public key certificate A.

When this public key certificate A is used for authentication processing, the digital signature included therein is decrypted using the key body of the root key, which is the public key corresponding to the root private key. If this decryption is carried out normally, it can be seen that the digital signature is certainly attached by the CA. If the hash value obtained by hashing the public key A portion matches the hash value obtained by decryption, it is understood that the key itself is not damaged or tampered. Further, if the received data can be normally decrypted using the public key A, it is understood that the data is transmitted from the owner of the private key A.
The public key certificate as described above is, for example, X. Although it can create according to the format called 509, it is not limited to this.

  Here, in order to perform authentication, it is necessary to store the root key in advance. This root key is also a root key certificate with a digital signature by the CA, as shown in FIG. Remember. This root key certificate is a self-signed form in which a digital signature can be decrypted with a public key included in the root key certificate. When the root key is used, the digital signature is decrypted using the key body included in the root key certificate, and compared with the hash value obtained by hashing the root key. If they match, it can be confirmed that the root key is not damaged.

Next, FIG. 11 shows in more detail the information described in the cartridge public key certificate and the controller public key certificate.
As shown in FIG. 11A, in the cartridge public key certificate, the bibliographic information, along with the expiry date of the public key certificate, as information on the member (here, the process cartridge) to which the public key is issued, Information such as the type of member, lot number, serial number, manufacturer, date of manufacture, upper limit of the number of times of recycling, device ID used is described. Since these pieces of information are information that does not need to be rewritten, they are described inside the public key in order to prevent tampering.

The type of member may be a rough category such as “process cartridge”, or may be shown in more detail by adding version information or describing it with a product number.
“Used device ID” is identification information of a device that is permitted to use a member for which a public key is issued, that is, identification information of a device that can use a member storing this certificate. This information can be described by the serial number of the device. Further, identification information of a plurality of devices may be described. In this case, any device described can use a member storing the certificate.
By describing such “use device ID” information in the cartridge public key certificate, as will be described later, a replaceable member such as a process cartridge can be used only in a specific device even in the same model. It can be. This also means that even if the entire certificate set is dumped from the genuine unit's memory and copied to another unit, the copy-destination unit cannot be used on another device. Effective in prevention. Note that the “use device ID” may be rewritten, but is described in the public key in order to prevent falsification.

In addition to this, if there is information about consumables and information that does not need to be rewritten, it may be described in the bibliographic information. It may be possible to describe identification information such as a serial number that can identify an individual member. Also, fixed image forming conditions that are determined at the time of manufacturing the process cartridge, such as the exposure amount, the charge amount, and the developing bias, are described, and the controller 200 acquires these and uses them for control during image formation. It may be.
If such information is described in the cartridge public key certificate, the image forming conditions cannot be changed even if the authentication process is cleared by the copy certificate as described above. High image formation quality cannot be obtained even when using. Accordingly, it is also effective to prevent the unauthorized use of the certificate by describing the image forming conditions in the cartridge public key certificate.

  Further, as shown in FIG. 11B, the controller public key certificate includes the bibliographic information, the expiration date of the public key certificate, and the identification information of the device as information on the device to which the public key is issued. ID (serial number etc.) information is described. Therefore, a separate public key certificate is stored for each device. However, information for identifying an individual such as an ID may not be described, and the same public key certificate may be stored in all devices having a specific function (such as a color image forming apparatus).

Next, processing performed when the CPU 201 of the controller 200 starts up in such an image forming apparatus 100 will be described. FIG. 12 is a flowchart showing the processing.
In the image forming apparatus 100, the CPU 201 starts the process shown in the flowchart of FIG. 12 by executing a necessary control program when the apparatus is started by turning on the power, resetting, or the like.
In this process, first, in step S1, general activation processes such as initialization of each unit and transition to an operable state are performed. If the process cartridge 500 is not installed, an error is generated at this point.

  After that, in step S2, the process cartridge 500 is authenticated using the certificate set described with reference to FIGS. Although the specific contents of this process will be described in detail later, this authentication is a process that succeeds when the process cartridge 500 is a genuine unit and fails when the process cartridge 500 is a non-genuine unit. Further, in this process, information on “use device ID” described in the cartridge public key certificate is stored. This process is an acquisition procedure and an authentication procedure. Here, the CPU 201 functions as an acquisition unit and an authentication unit.

  Returning to the description of FIG. 12, next, in step S3, it is determined whether or not the authentication of the process cartridge 500 is successful in the authentication process of step S2. If the process cartridge 500 is successful, it is found that the process cartridge 500 is a genuine unit, and the process proceeds to the next step S6.

  On the other hand, if the authentication fails in step S3, the process cartridge 500 is a non-genuine unit, and there is a possibility that there is a problem in quality. Therefore, a warning is displayed on the display of the operation unit 209 in step S4. For example, the display screen shown in FIG. 13 is conceivable. Further, this process is a warning procedure process, in which the CPU 201 and the operation unit 209 function as warning means.

When the user presses the confirmation key 240 in the display screen or when a predetermined time has elapsed, it is determined in step S5 that it is time to cancel the warning, and the process proceeds to step S9, and thereafter normal operation is permitted. At this time, the display on the operation unit 209 is also returned to the normal one.
That is, by the processing of steps S3 to S5, control is performed so that the operation of the image forming apparatus 100 is changed based on the authentication result in the authentication processing.

If the process proceeds from step S3 to step S6, it is determined in step S6 whether or not its own ID is included in the “use device ID” information stored in the authentication process in step S2. The authentication result is determined, and it is determined here whether or not the installed process cartridge 500 is permitted to be used in the image forming apparatus 100. This process is also a part of the process of the authentication procedure for authenticating the process cartridge, and the CPU 201 also functions as an authentication unit here.
If the ID is included, authentication is successful, and it is understood that the process cartridge 500 is a cartridge that is permitted to be used in the image forming apparatus 100, and normal operation may be permitted. The normal operation of the forming apparatus 100 is permitted, and thereafter, the process proceeds to normal operation processing for controlling the normal operation of each unit.

  On the other hand, if the ID is not included in step S3, the authentication has failed, and it can be seen that the process cartridge 500 is a cartridge that is not permitted to be used in the image forming apparatus 100. Therefore, the display on the operation unit 209 is displayed in step S7. A warning is displayed. For example, the display screen shown in FIG. This process is also a warning procedure, and the CPU 201 and the operation unit 209 also function as warning means.

In the state of step S7, there is a high possibility that the user has installed the process cartridge 500 in the wrong device or installed an unauthorized process cartridge whose certificate has been copied from another genuine cartridge. it is conceivable that. Therefore, the user does not shift to the normal operation by pressing the confirmation key, but allows the user to replace the process cartridge.
Then, it waits in step S8 until the exchange is completed, and then returns to step S2 to repeat the process.
As described above, the processes of steps S6 to S8 are also controlled so as to change the operation of the image forming apparatus 100 based on the authentication result in the authentication process.
It should be noted that the warning display in step S7 is as shown in FIG. 13, and as in the case of steps S4 and S5, the warning is canceled and the normal operation is permitted when a predetermined condition is satisfied. It is also possible to do.

  By performing the processing as described above, when a non-genuine cartridge is installed as the process cartridge 500, a warning that the image forming apparatus 100 may not operate normally can be issued. At this time, since the digital certificate is used for the authentication of the process cartridge 500, even if the information such as the cartridge type or the manufacturer name is falsified, it can be detected and the non-genuine cartridge can be identified with high reliability. can do.

  Therefore, since the user never assumes that a non-genuine cartridge is used as a genuine cartridge, if the malfunction of the non-genuine cartridge adversely affects the operation of the device, such as a decrease in image formation quality, the cause of the cartridge is the cause. It is easy to understand the situation, and it is possible to prevent a decrease in the reliability of the apparatus main body. In addition, a user who places importance on quality can be prompted to select a genuine cartridge, so that the supplier of the apparatus can use consumables whose quality can be managed. And since genuine consumables can be fully adjusted by the manufacturer in accordance with the equipment to be used, the use of such genuine products also has an advantage for the user in that high image formation quality can be obtained. is there.

  Further, by performing the above-described processing, when a cartridge that is not permitted to be used in the image forming apparatus 100 is installed, a warning to that effect and prompting replacement can be issued. At this time, since the digital certificate is used to identify the process cartridge 500, even if the information on the device ID of the cartridge is falsified, it can be detected.

  Therefore, even when an unauthorized cartridge that is a complete copy of the cartridge certificate set of a genuine cartridge is available, the information on the device ID used cannot be rewritten, so that the cartridge can be used only by a specific device. Damage can be minimized. Also, since genuine cartridges can be used only in devices approved by the supply side, the purpose of use can be easily managed on the supply side even when the product is handed over to the user. Can be prevented from being used unintentionally.

  In the above processing, the processing in step S6 is performed after the processing in step S3. The non-genuine information that does not include information on the device ID used or does not store the public key certificate in the first place. This is to prevent the cartridges from being handled in the same way as an illegal cartridge or a cartridge attached to the wrong apparatus. If it is not necessary to do this, the process of step S6 may be performed first, and the cartridge that does not have a certificate including the device ID of the image forming apparatus 100 itself may be excluded first. Alternatively, the public key certificate in which the device ID of the image forming apparatus 100 itself is not described may not be recognized as a valid public key certificate in the authentication process in step S2.

In addition to the message display or in place of the message display, the warning may be performed by warning sound, voice guidance, lighting or blinking of the light source, and the like. Further, any means other than the warning may be used as long as the operation can notify the result of the authentication process.
It is also conceivable that warnings that allow the user to cancel like Steps S4 and S5 and warnings that do not allow the user to release like Steps S7 and S8 can be used arbitrarily. Further, the content of the warning may be changed for each function to be used, such as copy, printer, or facsimile.
Although an example in which the authentication process is performed immediately after the activation process has been described here, the timing of performing the authentication process is not limited to this, and can be performed at an arbitrary timing. For example, it is conceivable to perform the function when the user switches the function used in the image forming apparatus 100.

  Here, the details of the authentication processing performed in step S2 of FIG. 12 are shown in the flowchart of FIG. In this figure, the arrow between the two flowcharts indicates the data transfer, the transmission side performs the transfer process at the step at the base of the arrow, and the reception side receives the information, the process at the tip of the arrow Shall be performed. If the process in each step is not normally completed, an authentication failure response is returned to the communication partner at that time, the process is interrupted, and the process proceeds to step S3 in FIG. The same applies to the case where an authentication failure response is received from the other party or the process times out.

In the process of step S2 of FIG. 12, the CPU 201 of the controller 200 performs the process of the flowchart shown on the left side of FIG. First, the controller certificate set is read from the NVRAM 204 in step S10, and a connection request is transmitted to the process cartridge 500 in step S11.
On the other hand, when receiving the connection request, the CPU 501 of the process cartridge 500 starts the processing of the flowchart shown on the right side of FIG. 15 by executing a required control program. In step S20, the cartridge certificate set is read from the NVRAM 504. In step S21, a first random number is generated, and this is encrypted using the cartridge private key. In step S22, the encrypted first random number and the cartridge public key certificate are transmitted to the controller 200.

Upon receiving this, the controller 200 confirms the validity of the cartridge public key certificate using the root key certificate in step S12. For this purpose, not only is it confirmed that there has been no damage or tampering as described above, but the process cartridge 500 is compared with information stored on the controller 200 side by referring to the bibliographic information, and the image forming apparatus This includes a process for confirming that the cartridge is suitable for use in 100, for example, a genuine cartridge or an appropriate type of cartridge.
If the process cartridge 500 is non-genuine, an appropriate public key certificate cannot be stored, so the authentication process is considered to fail here. On the contrary, when the process cartridge 500 is genuine, an appropriate public key certificate can be stored, so that if the user does not install the wrong type of cartridge, the processing of this part is performed. Can be considered a success.

If the confirmation can be made in step S12, in step S13, the information of “used device ID” in the cartridge public key certificate is stored. This information is used in the determination in step S6 of FIG.
In step S14, the first random number is decrypted using the cartridge public key included in the received cartridge public key certificate. If the decryption is successful here, it can be confirmed that the first random number is certainly received from the cartridge public key certificate issuance target.
Thereafter, in step S15, a second random number and a third random number are generated separately. In step S16, the second random number is encrypted using the controller private key, and the third random number is encrypted using the cartridge public key. In step S17, these are transmitted to the process cartridge 500 together with the controller public key certificate. . The encryption of the third random number is performed so that the target other than the process cartridge 500 cannot know the random number.

When receiving this, the process cartridge 500 confirms the validity of the controller public key certificate using the root key certificate in step S23. Also in this case, as in step S12, it is preferable to include processing for confirming that the image forming apparatus 100 is an apparatus suitable for use of the process cartridge 500.
If it can be confirmed, in step S24, the second random number is decrypted using the controller public key included in the received controller public key certificate. If the decryption is successful, it can be confirmed that the second random number is certainly received from the controller public key certificate issuance target.

  Thereafter, in step S25, the third random number is decrypted using the cartridge private key. Through the processing so far, the first to third random numbers common to the controller 200 side and the process cartridge 500 side are shared. At least the third random number is not known except by the generated controller 200 and the process cartridge 500 having the cartridge private key. If the processing so far is successful, a response of authentication success is returned to the controller 200 in step S26.

  Upon receiving this, the controller 200 generates a common key from the first to third random numbers in step S17, and ends the authentication process as being used for subsequent communication encryption. On the process cartridge 500 side, the same processing is performed in step S27, and the process proceeds to step S3 in FIG. Then, communication is established with the above processing, and thereafter, communication is performed using the common key generated in step S18 or S27, using the common key encryption method to encrypt the data.

By performing such processing, the controller 200 and the process cartridge 500 can securely exchange a common key, and a secure communication path in which communication is encrypted using a digital certificate can be established. .
In addition, although the example which performs mutual authentication using the digital certificate which the other party memorize | stored here was demonstrated here, in the process mentioned above, a 2nd random number is encrypted with a controller public key, and a controller public key certificate is obtained. Transmission to the process cartridge 500 is not essential.

  In this case, the process of steps S23 and S24 on the process cartridge 500 side is not necessary, and the process is as shown in FIG. In this way, the process cartridge 500 cannot authenticate the image forming apparatus 100, but this process is sufficient when the image forming apparatus 100 only needs to authenticate the process cartridge 500. In this case, only the root key certificate needs to be stored in the controller 200, and the controller private key and the controller public key certificate are unnecessary. Further, it is not necessary to store the root key certificate in the process cartridge 500.

By the way, the digital certificate used for the authentication as described above is not limited to that shown in FIGS.
For example, a public key for the process cartridge may be issued by a dedicated CA for members. In this case, as shown in FIG. 17, since the digital signature attached to the public key is attached by the dedicated CA, the root key certificate for confirming the validity of the digital signature is also obtained. Correspondingly, a root key certificate dedicated to member authentication is used.

  That is, as shown in FIG. 18B, the member authentication is performed as a dedicated root key certificate for authenticating the member separately from the normal root key certificate used for communication with other devices. The root key certificate is stored. When the authentication process as shown in FIG. 15 or 16 is performed, this member authentication root key certificate is used.

  In this case, the validity of the public key certificate received from the process cartridge 500 can be confirmed using the root key certificate for member authentication, and the process cartridge 500 can surely confirm the public key certificate by decoding the random number. If it is found that the target is a cartridge, it can be understood that the target is a genuine cartridge without referring to information such as the type of member. This is because the digital certificate issued by the member CA is a genuine member only, and it can be seen that the member to be authenticated is the process cartridge because it can be normally installed at the place where the process cartridge 500 is installed.

Therefore, when a CA dedicated to a member is used, as shown in FIG. 19A, the public key certificate may be in a format that does not describe information such as the member type or manufacturer. Here, “common” is information indicating that the content is common regardless of the type of the member. If such a certificate is used, it is not necessary to notify the CA of the issue of the public key certificate for the member, so that it is not necessary to notify the member identification information. it can.
Further, if it is only necessary to perform the minimum authentication, as shown in FIG. 19B, even if the CA is shared with the public key certificate on the image forming apparatus 100 side, the type of the member is used. A public key certificate in a format that does not describe information such as manufacturer or manufacturer may be used. Furthermore, it is conceivable to use a public key certificate in which no member information is described.
Even in this case, if the CA of the image forming apparatus 100 manages the CA itself, a public key certificate that can be verified with the root key certificate stored in the controller 200 is stored. The member can be determined to be a product of the same manufacturer.

[Second Embodiment: FIGS. 20 and 21]
Next, an image forming apparatus according to a second embodiment of the electronic apparatus of the present invention will be described.
This image forming apparatus (reference numeral 100 ′) differs from the first embodiment in that the process cartridge (reference numeral 500 ′) is not provided with the CPU 501, ROM 502, and RAM 503. That is, the configuration shown in FIG. 8 in the first embodiment is changed as shown in FIG. However, since other hardware configurations are exactly the same as those in the first embodiment, only differences will be described. In this embodiment, the same reference numerals are used for components corresponding to those of the image forming apparatus of the first embodiment.

  In a state where the process cartridge 500 ′ is installed in the image forming apparatus 100 ′, the controller 200 and the process cartridge 500 ′ exist in the same apparatus and are connected by a bus, so that authentication processing by PKI is performed. However, communication itself between the process cartridge 500 ′ and the controller 200 can be performed regardless of authentication.

  Therefore, even if the CPU is not provided in the process cartridge 500 ′, the CPU 201 of the controller 200 acquires the cartridge certificate set directly from the NVRAM 504 of the process cartridge 500 ′ and uses both the controller certificate set and the cartridge certificate set by itself. Thus, authentication processing can be performed. Therefore, this configuration is adopted in this embodiment.

Also in this case, the processing performed by the CPU 201 of the controller 200 when the image forming apparatus 100 ′ is activated may be the same as that described with reference to FIG. 12 in the first embodiment. However, the authentication process shown in step S2 is as shown in the flowchart of FIG.
That is, first, a controller certificate set is read from the NVRAM 204 in step S101, and a cartridge certificate set is read from the NVRAM 504 of the process cartridge 500 ′ in step S102.

In step S103, a first random number is generated and encrypted using a cartridge private key. Thereafter, in step S104, the validity of the cartridge public key certificate is confirmed using the root key certificate. This includes processing for confirming that the process cartridge 500 is a cartridge suitable for use in the image forming apparatus 100 with reference to the bibliographic information, as in step S12 of FIG.
If it can be confirmed, in step S105, as in the case of step S13 in FIG. 15, the information of “use device ID” in the cartridge public key certificate is stored.
Thereafter, in step S106, the first random number is decrypted using the cartridge public key included in the cartridge public key certificate. If the decryption is successful here, it can be seen that the cartridge private key and the cartridge public key certificate correspond to each other, and only one of them is not replaced.

Through the above processing, the controller 200 can authenticate the process cartridge 500 ′, and the ID of an apparatus that can use the process cartridge 500 ′ can also be acquired. And the effect similar to the case of 1st Embodiment can be acquired by this. However, since there is no CPU on the process cartridge 500 ′ side, the process cartridge 500 ′ does not authenticate the controller 200, so the one-way authentication described with reference to FIG. Further, since the decryption process is not performed on the process cartridge 500 ′ side, the communication between the process cartridge 500 ′ and the controller 200 is not encrypted.
Also in this embodiment, it is possible to use a digital certificate as described with reference to FIGS. 17 to 19 for the authentication process.

[Third Embodiment: FIGS. 22 to 38]
Next, an image forming apparatus according to a third embodiment of the electronic apparatus of the present invention and an embodiment of the image forming apparatus management system of the present invention in which the image forming apparatus is a managed apparatus in the remote management system will be described. . In addition, an embodiment of a digital certificate setting system that sets a digital certificate in a process cartridge that is a member used in the image forming apparatus will be described.
FIG. 22 shows the configuration of each apparatus constituting the image forming apparatus management system and the digital certificate setting system.

An image forming apparatus management system 1000 shown in this figure is a remote management system in which a management apparatus 102 remotely manages a plurality of image forming apparatuses 100 and image forming apparatuses with an intermediary function 110 as managed apparatuses.
The digital certificate setting system described here is a system in which each device at the service base E and a certificate issuing device (CA) 170 are added to the image forming device management system 1000, and the image forming device 100 and the mediation function. When supplying a process cartridge to be used in the attached image forming apparatus 110 to a user, the system sets a digital certificate in which information on the apparatus that uses the cartridge is set in the process cartridge.
Since these systems include many devices as common components, they are shown in the same drawing for easy understanding of the mutual relationship.

  As shown in FIG. 22, the image forming apparatus management system 1000 includes a management apparatus 102, a plurality of image forming apparatuses 100, and an intermediary apparatus 101 that mediates communication between them. Of these, the intermediary device 101 and the image forming apparatus 100 are arranged in the installation environment on the user side, and these can be communicated with the management device 102 via the Internet 103. A management apparatus 102 communicates with each image forming apparatus 100 to configure a remote management system that centrally manages each image forming apparatus 100 in a centralized manner.

By the way, in this system, the mediation apparatus 101 and the image forming apparatus 100 in each installation environment are connected to each other via a LAN (local area network), and can communicate with each other. In consideration of security, the LAN is connected to the Internet 103 via the firewall 104.
Note that the connection between the mediation apparatus 101 and the image forming apparatus 100 is not limited to the LAN, but is performed by serial connection conforming to the RS-485 standard, parallel connection conforming to the SCSI (Small Computer System Interface) standard, or the like. Also good. For example, in the case of the RS-485 standard, up to five image forming apparatuses 100 can be connected to the intermediary apparatus 101 in series.

Further, the mediating apparatus 101 and the image forming apparatus 100 have various hierarchical structures depending on the usage environment.
For example, in the installation environment A shown in FIG. 22, the mediation apparatus 101a capable of establishing a direct connection with the management apparatus 102 by HTTP has a simple hierarchical structure that follows the image forming apparatuses 100a and 100b. In the illustrated installation environment B, four image forming apparatuses 100 are installed, so that the load increases only by installing one intermediary apparatus 101. Therefore, the mediation apparatus 101b that can establish a direct connection with the management apparatus 102 by HTTP follows not only the image forming apparatuses 100c and 100d but also another mediation apparatus 101c, and the mediation apparatus 101c uses the image forming apparatuses 100e and 100f. Furthermore, a hierarchical structure is formed in which it can be followed. In this case, information issued from the management apparatus 102 to remotely manage the image forming apparatuses 100e and 100f is transmitted to the image forming apparatus 100e or 100f via the mediation apparatus 101b and the mediation apparatus 101c which is a lower node. Will be reached.

Further, as in the installation environment C, image forming apparatuses with an intermediary function (hereinafter also simply referred to as “image forming apparatuses”) 110a and 110b in which the image forming apparatus 100 is also provided with the function of the intermediary apparatus 101 are separately provided as intermediary apparatuses. You may make it connect with the management apparatus 102 by the internet 103 not through.
Although not shown, an image forming apparatus equivalent to the image forming apparatus 100 can be further connected to the lower level of the image forming apparatus 110 with an intermediary function.

  In such a remote management system, the mediation apparatus 101 has an application program for control management of the image forming apparatus 100 connected thereto. The management apparatus 102 is mounted with an application program for performing control management of each mediation apparatus 101, and further control management of the image forming apparatus 100 and other mediation apparatus 101 via the mediation apparatus 101. Each of these nodes in the remote management system, including the image forming apparatus 100, transmits an “operation request” that is a request for processing for a method of the application program to be implemented by RPC (remote procedure call). An “operation response” that is a result of the requested processing can be acquired.

  In other words, the management apparatus 102 can generate an operation request to the image forming apparatus 100 or the mediation apparatus 101 and deliver it to the image forming apparatus 100 or the mediation apparatus 101 to obtain an operation response to the operation request. The apparatus 100 can generate an operation request to the management apparatus 102, deliver it to the management apparatus 102, and acquire an operation response to the operation request. The intermediary device 101 can also generate an operation request to the management device 102 and deliver it to the management device 102 to obtain an operation response to the operation request. Here, it is assumed that the content of the request by the operation request includes a notification without a meaningful execution result.

  In addition, in order to realize such RPC, known protocols (SOAP (Simple Object Access Protocol), HTTP, FTP (File Transfer Protocol), COM (Component Object Model), CORBA (Common Object Request Broker Architecture), etc. Communication standards), technology, specifications, etc. can be used.

A conceptual diagram of FIG. 23 shows a data transmission / reception model for transmission / reception of these operation requests and operation responses.
(A) is a case where an operation request to the management apparatus 102 has occurred in the image forming apparatus 100. In this case, the image forming apparatus 100 generates a managed apparatus side request a, and the management apparatus 102 that has received the request a via the mediation apparatus 101 returns a response a to the request. A case where there are a plurality of mediation apparatuses 101 shown in the figure can be assumed (installation environment B shown in FIG. 22). Note that (A) shows a case in which not only the response a but also a response delay notification a ′ is returned. When the management apparatus 102 receives a managed apparatus side request via the intermediary apparatus 101 and determines that the response to the request cannot be returned immediately, it notifies the response delay notification and temporarily disconnects the connection state. This is because the response to the request is delivered again at the next connection.

  (B) is a case where a request to the image forming apparatus 100 has occurred in the management apparatus 102. In this case, the management apparatus 102 generates a management apparatus-side request b, and the image forming apparatus 100 that has received the request via the mediation apparatus 101 returns a response b to the request. Even in the case of (B), the response delay notification b 'is returned when the response cannot be returned immediately, as in the case of (A).

Next, FIG. 24 illustrates a schematic configuration example of the management apparatus 102.
The management device 102 includes a modem 611, a communication terminal 612, an external connection I / F 613, an operator terminal 614, a control device 615, a file server 616, and the like.
The modem 611 communicates with the mediation apparatus 101 or the image forming apparatus 110 on the device user side (for example, a user destination using the image forming apparatus) via a public line (not shown), and modulates and demodulates data to be transmitted and received. . The communication terminal 612 controls communication by the modem 611. The modem 611 and the communication terminal 612 serve as communication means.

The external connection I / F 613 is an interface for performing communication via a network such as the Internet 103 or a dedicated line. Then, communication is performed with the mediation apparatus 101 or the image forming apparatus 110 on the device user side and the communication terminal 150 at the service base E via this. A proxy server for security management may be provided.
The operator terminal 614 accepts input of various data by operations on an input device such as a keyboard by an operator. The input data includes, for example, customer information such as an IP address and a telephone number (calling destination telephone number) used when communicating with the mediation apparatus 101 or the image forming apparatus 110 on each device user side. .

The control device 615 includes a microcomputer including a CPU, a ROM, a RAM, and the like (not shown) and controls the entire management device 102 in an integrated manner.
The file server 616 includes a storage device such as a hard disk device (not shown), in which the IP addresses and telephone numbers of the mediation device 101 and the image forming device 110 on each device user side, the data received from those devices, the management target Various data such as identification information of the image forming apparatus and data input from the operator terminal 614 are stored as a database (DB).

The physical configuration of the intermediary device 101 will be described. The intermediary device 101 includes a CPU, a ROM, a RAM, a nonvolatile memory, a network interface card (NIC), and the like (not shown).
For the image forming apparatus 110 with an intermediary function, these units may be simply added to the image forming apparatus 100 in order to realize the function of the intermediary apparatus 101. However, the CPU, ROM, RAM, etc. provided in the image forming apparatus 100 The functions of the mediation apparatus 101 can be realized by using hardware resources and causing the CPU to execute appropriate applications and program modules.

  Next, the communication terminal 150, the service base terminal 160, and the certificate issuing device 170 constituting the certificate setting system shown in FIG. 22 will be described. Among these, the communication terminal 150 and the service base terminal 160 correspond to terminal devices installed at the service base.

FIG. 25 is a diagram showing the relationship between these devices and the management device 102 in more detail.
First, the communication terminal 150 is a device that communicates with the outside of the service base E, acquires necessary information, and transmits a request. This communication is performed using the Internet 103 here and is not shown, but security is ensured by using a technology such as SSL or VPN (Virtual Private Network) or by providing a firewall. However, communication may be performed using another network such as a dedicated line network or a public line.

Here, the service base E is a facility that sells or delivers members such as the process cartridge 500 used in the image forming apparatuses 100 and 110, and corresponds to, for example, a sales shop or a dispatch base of a customer engineer (CE). .
In the service base E, the communication terminal 150 is installed in the administrator room F in consideration of security. Then, the administrator room F locks the door G so that only a specific administrator can enter, and the communication terminal 150 can be operated only when a specific ID and password are input. Good.

Then, the communication terminal 150 receives from the management device 102 a function for receiving information related to ordering of members such as the process cartridge 500 and the certificate issuing device 170 issues the identification information of the received electronic device together with the information to the certificate issuing device. A function to be transmitted together with the request and a digital certificate issued by the certificate issuing device 170 in response to the request are acquired, and the digital certificate is sent to the member related to the order via the service base terminal 160 and the certificate setting device 161. And a function for setting.
The hardware configuration includes a CPU, ROM, RAM, HDD, communication I / F, input device (input means), and display device (display means), which are connected by a system bus.

The service base terminal 160 is a terminal directly operated by a general CE 162 at the service base E, and can communicate with the communication terminal 150 via a LAN. The communication terminal 150 has a function of transmitting a certificate issuance request to the certificate issuing apparatus 170 and acquiring a digital certificate issued by the certificate issuing apparatus 170 via the communication terminal 150.
The hardware configuration includes a CPU, ROM, RAM, HDD, communication I / F, input device (input means), and display device (display means), which are connected via a system bus. A known PC may be used.
Further, a certificate setting device 161 for storing and setting a digital certificate in the process cartridge 500 is connected to the service base terminal 160, and the NVRAM 504 of the process cartridge 500 is connected to the service base terminal 160 via the certificate setting device 161. A digital certificate can be set.

The certificate setting device 161 is a device having a connection I / F with the socket 81 of the process cartridge 500. Even if the process cartridge 500 is fitted into the certificate setting device 161, it is just like a cable with an I / F. Any configuration may be used. At least a configuration that allows the service base terminal 160 to write data to the NVRAM 504 on the control chip 80 is sufficient.
FIG. 25 shows an example in which three sets of service base terminal 160 and certificate setting device 161 from a to c are provided, but the number is not limited to this. Only one set may be provided. In addition, a plurality of certificate setting devices 161 may be connected to one service base terminal 160, or the communication terminal 150 and the service base terminal 160, or the service base terminal 160 and the certificate setting device 161 are integrally configured. Also good.

  The certificate issuing device 170 is a device that issues, signs, and manages a digital certificate and a private key, and can issue and transmit a digital certificate in response to a request from an external device. In response to a certificate issuance request from the communication terminal 150, the validity is confirmed using the root key certificate stored in the image forming apparatus 100 using the process cartridge 500 based on the received identification information. It has a function of issuing a digital certificate in which identification information of the image forming apparatus 100 is described and transmitting it to the communication terminal 150.

  The image forming apparatus 100 (and the image forming apparatus with mediation function 110) in the system as described above is an embodiment of the electronic apparatus of the present invention. The hardware configuration is substantially the same as that of the image forming apparatus 100 of the first embodiment. Then, an authentication process for the process cartridge 500 and a warning process associated therewith as described in the first embodiment are also performed. In this embodiment, other processes corresponding to remote management are performed.

  Next, as an example of processing unique to remote management performed by the image forming apparatus 100 in the above-described image forming apparatus remote management system 1000 and certificate setting system, processing related to an automatic ordering function when the remaining amount of toner is reduced will be described. To do. Further, as described above, the public key certificate stored in the process cartridge 500 needs to describe information on a device that uses the cartridge. Therefore, a process for supplying the process cartridge 500 in which such a certificate is set according to an order from the image forming apparatus 100 will also be described.

  In the image forming apparatus 100, a predetermined storage area is secured in the NVRAM 504 of the process cartridge 500, and information that needs to be rewritten out of information regarding the process cartridge 500 as shown in FIG. 26 is recorded here. All or part of the information is used as control information when the controller 200 controls the operation of the image forming apparatus 100.

For example, the “number of copies” is the number of images formed after the process cartridge 500 is installed in the image forming apparatus 100, and the photosensitive drum 21 may be worn when this exceeds a predetermined number. It can be judged that there is sex. The “recycle count” is the number of times the used process cartridge 500 has been recycled. If this exceeds the “maximum recycle count” in the cartridge certificate, an image using the process cartridge 500 is controlled by the controller 200. It prevents the formation.
The “toner remaining amount” is the amount of toner in the toner bottle 33, and the operation described here automatically causes the management apparatus 102 to replace the process cartridge when this value becomes a predetermined value or less. This is an operation to place an order.
Of course, similar information may be stored in the NVRAM 504 and used for similar control in the first and second embodiments described above.

Next, FIG. 27 shows processing executed by the CPU 501 of the process cartridge 500 and the CPU 201 of the controller 200 in relation to the cartridge ordering operation.
First, the CPU 501 of the process cartridge 500 starts processing shown in the flowchart on the left side of FIG. 27 at an appropriate timing such as every predetermined timing or every time image formation is performed. First, in step S201, the amount of toner used since the previous execution of this process is detected. This detection can be physically performed using, for example, the P sensor 28 or the T sensor 29 shown in FIG. Further, the remaining amount may be directly detected instead of the usage amount.
In the next step S202, the toner remaining amount parameter stored in the NVRAM 504 of the process cartridge 500 is changed according to the detection result in step S201.

Thereafter, in step S203, the controller 200 is notified of the changed toner remaining amount. This notification may be encrypted using the common key exchanged in the authentication process as shown in FIG. In this way, even if the signal line is monitored, it is impossible to know the content of the notification, so that it is possible to prevent leakage of communication content and accompanying alteration of the data as shown in FIG. .
The common key used for encryption may be used until the authentication process is performed again after the authentication process at the time of starting the image forming apparatus. A new process may be created by performing the process shown in FIG.
The process on the process cartridge 500 side ends after notification of the remaining amount of toner.

On the other hand, when the notification of the remaining amount of toner is received, the controller 200 starts the processing shown in the flowchart on the right side of FIG. This process is realized by the NRS application 315 shown in FIG. If the notification in step S203 is encrypted, this process is a process in which the CPU 201 controls the operation of the image forming apparatus 100 according to the control information received from the process cartridge 500 through the encrypted communication path. .
First, in step S211, it is determined whether or not the remaining amount of toner is equal to or less than a predetermined threshold value. If it is equal to or less than the threshold value, a toner supply call is notified to the management apparatus 102 in step S212, and a replacement toner cartridge is ordered. finish. At this time, confirmation may be requested from the user. If it is not less than or equal to the threshold value in step S211, the process ends as it is. This threshold value is somewhat larger than the threshold value indicating the toner end or near end in consideration of the period from when the replacement toner cartridge is ordered until it reaches the user.

FIG. 28 shows an example of a processing sequence of each unit when performing the processing shown in the flowchart of FIG. Here, an example where the remaining amount of toner is equal to or less than the threshold value is shown.
As shown in this figure, in this process, first, the CPU 501 of the process cartridge 500 detects the amount of toner used at an appropriate timing (S301), accesses the NVRAM 504 to read out the remaining amount of toner (S302), and step S301. The new toner remaining amount is subtracted from the toner usage detected in step S303 (S303). Then, the new toner remaining amount information is encrypted with the common key and notified to the CPU 201 of the controller 200 (S304).

On the other hand, upon receiving this notification, the CPU 201 reads the remaining toner threshold value from the NVRAM 204 and compares it with the received remaining toner value (S305). When it is determined that the remaining amount of toner is equal to or less than the threshold value (S306), a supply call transmission process for ordering a replacement process cartridge is started.
In this process, first, a supply call screen as shown in FIG. 29 is displayed on the operation unit 209 (S307). Then, a supply call is transmitted to the management apparatus 102. Since the image forming apparatus 100 communicates with the management apparatus 102 via the mediation apparatus 101, first, a supply call is transmitted to the mediation apparatus 101 (S308). At this time, mutual authentication processing by SSL is performed with the mediation apparatus 101 using the above-described controller certificate set stored in the NVRAM 204, and transmission is performed after securing a secure communication path. This mutual authentication process is the same as the process shown in the flowchart of FIG.

Next, the mediation apparatus 101 that has received this similarly transfers a supply call to the management apparatus 102 after securing a secure communication path by SSL (S309). An order for the replacement process cartridge is received, and this information is stored in the file server 616 (S310).
The supply call transmitted here is described as a SOAP request, and its format is, for example, as shown in FIG. This message includes information as shown in FIG. 31. From the call type and call details, it can be seen that this call is a call indicating an order for a replacement process cartridge. You can see whether the order is from the device. Therefore, by comparing this with the customer information in the file server 616, the address and telephone number of the installation location of the apparatus can be known. You can instruct them to deliver quickly.

On the other hand, the management apparatus 102 that has received the supply call returns a call OK notification to the image forming apparatus 100 via the mediation apparatus 101 as a response to the call (S311 and 312). The call OK notification is described as a SOAP response, although detailed illustration is omitted.
By receiving this notification, the CPU 201 knows that the order for the replacement process cartridge has been completed normally. Therefore, it is preferable that the same toner supply call is not performed until the process cartridge is replaced thereafter by setting the call completion flag to ON or the like.

  Next, FIG. 32 shows a processing sequence from when the management apparatus 102 receives a supply call in the processing sequence shown in FIG. 28 until a replacement process cartridge 500 in which an appropriate public key certificate is set is prepared. Indicates. The same reference numerals as those attached to the image forming apparatus 100 are used for the replacement process cartridge, but these are naturally different individuals. Further, the processing shown in steps S324 to S332 of FIG. 32 is processing according to the embodiment of the digital certificate acquisition method of the present invention.

In this process, as shown in FIG. 32, first, the management apparatus 102 transmits an e-mail describing the order information related to the received supply call to the CE in charge of the customer (or the customer's location). (S321).
The contents of the e-mail transmitted here are as shown in FIG. 33, for example.
Of the information described in the e-mail, “supplier name” is information indicating the type of the member related to the order, and here, the type of the process cartridge 500 ordered by the supply call is described.

In the “used image IO machine number”, the identification information of the supply source device of the supply call is described as the identification information of the device that uses the process cartridge related to the order. If it is not definite to which device the cartridge is used at the time of order, such as when the cartridge is reused by a plurality of devices at the customer's site, that fact is registered in the management device 102 and the management device 102 The identification information of all the devices that may use the cartridge for ordering may be described as “used image IO machine number”.
“Customer name” and “TEL” are information indicating the contact information of the customer who is using the supply call transmission source device. These items are the customers stored in the file server 606 by the management device 102. Create by referring to the information.
“ID” is the ID number of the order notification by this e-mail.

Such an e-mail from the management apparatus 102 is stored in the CE mail box 150a in the mail server in the service base E via a mail server (not shown). The communication terminal 150 may have this mail server function.
On the other hand, the mail server identifies an e-mail in which the order information is described by performing a filtering process on the e-mail title, and when receiving the e-mail, transfers the e-mail to the conversion device 150b (S322). Then, the conversion device 150b extracts information to be used for the subsequent processing including at least the product name of the member related to the order and the identification information of the device using the member from this e-mail (S323), and places an order together with the data. A reception notification is transmitted to the service base terminal 160 (S324). When there are a plurality of service base terminals 160 in the service base E, the service base terminal 160 is transmitted to the terminal operated by the CE that is the destination of the e-mail related to the order. In terms of hardware, it is preferable that the communication terminal 150 has the function of the conversion device 150b.

  Upon receiving the notification in step S324, the service base terminal 160 displays a confirmation screen as shown in FIG. 34, and causes the responsible CE to confirm whether ordering is possible (S325). The information displayed on this screen is information received from the conversion device 150b. The CE confirms the content of the order on this screen, sets a member related to the order in the certificate setting device 161, and presses the order key 241 to confirm the order. Then, the display of the line is deleted and the display is updated.

When the service base terminal 160 confirms the order, the service base terminal 160 instructs the certificate setting device 161 to read the identification information of the process cartridge 500 (S326). Then, in response to the instruction, the certificate setting device 161 reads identification information that needs to be described in the cartridge public key certificate, such as a lot number and serial number, from the NVRAM 204 of the process cartridge (S327), and the service base terminal 160 Return to (S328).
Here, since it is a stage after leaving the manufacturer's hand after manufacturing, it is unlikely that the data has been falsified or counterfeited, and even if identification information such as storing the ID itself is used, Security can be maintained. However, since the identification information of such a recording mode may be falsified or forged if the cartridge comes out from the manufacturer, it is used for the judgment when performing the control as shown in FIG. do not do.

  When the service base terminal 160 obtains the identification information of the process cartridge 500 in step S328, the service base terminal 160 instructs the communication terminal 150 to send a certificate issuance request and data to be described in the certificate issuance request (for example, read in step S327). Identification information) is transmitted (S329). In response to this instruction, the communication terminal 150 transmits a certificate issuance request to the certificate issuance apparatus 170 (S330). In response to this request, the certificate issuing device 170 issues a public key certificate and a private key to the process cartridge 500 and returns them together with an appropriate root key certificate. Is acquired (S331).

  Here, the certificate issuance request and the certificate transmission from the certificate issuance apparatus 170 are performed by a SOAP message having a format as shown in FIG. The certificate issuance request is transmitted as a SOAP request, and the certificate is transmitted as a SOAP response to the SOAP request. These messages are described in the XML format which is a structured language, and specific examples are shown in FIGS. 36 and 37, respectively.

In this example, in the SOAP request shown in FIG. 36, a “certificate issuance request” tag indicating that it is a certificate issuance request is provided in the SOAP body, and the lower tag should be described in the cartridge public key certificate. The information is listed. In the SOAP response shown in FIG. 37, a “certificate issuance request response” tag indicating a response to the certificate issuance request is provided in the SOAP body, and the lower tag is described in the certificate issuance request. In addition to the serial number of each member, the root key certificate, public key certificate, and private key certificate set issued for that member are described.
This issuance is based on the identification information received together with the certificate issuance request, and the public key certificate to be issued is validated using the root key stored in the electronic device that uses the member to be issued. The identification information of the electronic device that uses the member is described.

  Returning to the description of FIG. When receiving the certificate set in step S331, the communication terminal 150 returns the certificate set to the service base terminal 160 in step S332 (S332). Then, the service base terminal 160 instructs the certificate setting device 161 to set the certificate set in the process cartridge 500 (S333), and the certificate setting device 161 writes the certificate set in the NVRAM 204 of the process cartridge 500. (S334).

With the processing shown in FIG. 32, the public key certificate in which the device ID is used can be easily obtained from the certificate issuing device 170 via a secure communication path and stored in the replacement process cartridge 500. .
That is, the communication terminal 150 transmits the used device ID together with the certificate issuance request to the certificate issuing device 170, and the certificate issuing device 170 transmits the used device ID transmitted together with the certificate issuance request in response to the public key. Since the communication terminal 150 receives the certificate set included in the certificate, a public key certificate including the used device ID is set for each process cartridge, and a different certificate set is set for each process cartridge. Even in the case of storing, a certificate set to be set in each process cartridge can be easily obtained and set.
Accordingly, the process cartridge 500 can then be delivered and supplied to the customer as a replacement unit installed in the image forming apparatus 100. And by this, including the above-mentioned 1st and 2nd embodiment, the process cartridge as demonstrated in each embodiment can be easily put on a distribution channel, and the effect by using such a process cartridge is acquired. be able to.

Also, the user can receive a process cartridge for replacement before the toner runs out or is close to the normal state by the function of the supply call, and when such a state is reached, the process cartridge is quickly replaced. be able to. When the CPU 201 of the image forming apparatus 100 detects this exchange, the call completion flag may be turned off to return to the original operation.
By performing the processes shown in FIGS. 27, 28 and 32 as described above, the user of the image forming apparatus 100 does not have to monitor the remaining amount of toner or make an order by telephone or the like. Since the replacement process cartridge can be received before the toner runs out, the labor required for maintenance of the apparatus can be reduced.
Further, from the manufacturer's side, since a genuine cartridge can be ordered almost automatically as a replacement cartridge, so-called customers can be easily enclosed. While the process cartridge needs to be replaced relatively frequently in the image forming apparatus 100, it is a relatively expensive consumable, and non-genuine cartridges using recycling are also available. When this invention is applied to a product, the effect is particularly great.

In the example described here, transmission / reception of information between the process cartridge 500 and the controller 200 other than the authentication process is performed only when the remaining amount of toner is unilaterally notified from the process cartridge 500 to the controller 200. .
However, for example, the information on the number of copies is information that is detected on the controller 200 side, transmitted to the process cartridge 500, and written into the NVRAM 504. The toner usage amount can also be obtained by calculation from the content of image data relating to image formation on the controller 200 side. In such a case, the amount of toner used is also detected by the controller 200 and transmitted to the process cartridge 500 to be written into the NVRAM 504.

Furthermore, for example, in the processing shown in FIG. 27, it may be considered that the supply call is not performed when the number of copies is equal to or less than a predetermined number even when the remaining amount of toner is equal to or less than the threshold. When making a simple determination, the controller 200 requests the process cartridge 500 to acquire information on the number of copies stored in the NVRAM 504.
Further, by using the expiration date information stored in the NVRAM 504, a supply call can be made when the expiration date of the toner cartridge 500 expires or before the predetermined period.

  As described above, various control information stored in or stored in the NVRAM 504 is transmitted / received between the controller 200 and the process cartridge 500 in accordance with the control content in the controller 200. By performing encryption in the same manner as in the case of the remaining amount of toner, the risk of leakage of control information and unauthorized tampering can be reduced. In particular, since information such as the number of times of recycling is information closely related to the quality of the process cartridge 500, the effect of preventing such alteration of information is great.

  Further, control information related to the characteristics of the process cartridge 500 is stored in the process cartridge 500 side, and the controller 200 reads out necessary information from this to perform control, so that the process cartridge 500 can be used while it is being used. Even when the image forming apparatus is moved to the image forming apparatus, it is possible to easily perform the control operation in consideration of the operation history so far in the newly installed apparatus.

Note that, as described above, it is a matter of course that an apparatus having a configuration in which the CPU is not provided in the process cartridge as in the second embodiment can be a managed apparatus of the image forming apparatus management system. .
Further, when processing such as that shown in FIGS. 25 and 26 is to be performed with such a configuration, all accesses to the NVRAM 504 of the process cartridge 500 are performed by the CPU 201 on the controller 200 side, and the process of the controller 200 and the process is performed. The communication with the cartridge 500 is not encrypted. However, in other respects, processing similar to that of the third embodiment described so far can be performed, and thereby the same effect can be obtained.

[Modification of Third Embodiment: FIGS. 38 to 41]
Next, various modifications of the above-described third embodiment will be described.
First, in the third embodiment, an example will be described in which, when an e-mail describing ordering information arrives in the CE mailbox 150a, the conversion device 150b automatically notifies the service base terminal 160 that an order has been placed. However, this may be performed manually by the CE. In this case, the processing sequence shown in FIG. 32 is as shown in FIG. In this case, the converter 150b is naturally unnecessary.

Of the processes shown in FIG. 38, the processes given the same step numbers as those shown in FIG. 32 are the same processes. Therefore, the process shown in FIG. 38 is obtained by replacing the steps S322 to S325 of the process shown in FIG. 32 with manual work (SX) by CE. In this step SX, the CE opens the mail in his / her mail box 150a from the service base terminal 160, and when there is ordering information, sets the member related to the ordering in the certificate setting device 161. Then, necessary information such as the type and identification information of the apparatus that uses the member is input to the service base terminal 160 to perform acquisition and setting of the certificate.
Even in this case, the point that an appropriate replacement process cartridge can be supplied to the user is the same as in the third embodiment.

In order to transmit order information from the management apparatus 102 to the service base E, it is not always necessary to use an e-mail. For example, order information may be described in a SOAP message and transmitted to the service base terminal 160 via the communication terminal 150 using a protocol such as HTTP.
In addition, it is not necessary for the management apparatus 102 to automatically transmit a message related to the order, and it may be transmitted according to an operator instruction or information input by the operator.
Furthermore, the image forming apparatus 100 transmits a supply call or another ordering message directly to the communication terminal 150 or the service base terminal 160 in the appropriate service base E, and causes these apparatuses to execute processing related to the order. Is also possible.

Further, if it is sufficient to simply provide necessary members in accordance with an order, a sales or sales representative receives an order directly from a customer or by telephone, and inputs the information to the service base terminal 160 to enter FIG. It is also possible to perform the same processing as that after step S326. Of course, it is possible to take an order at a store, obtain an appropriate digital certificate, store it in a member, and sell it directly to the customer on the spot.
Furthermore, when using a public key certificate that does not include member identification information as shown in FIG. 19, it is not necessary to perform steps S326 to S328.

  32, information indicating whether or not a supply call mediation operation for mediating the order of the process cartridge 500 from the image forming apparatus 100 to the service base E may be performed in response to the supply call. Are stored in the management apparatus 102 for each ID of the image forming apparatus 100, and when a supply call is received from the image forming apparatus 100 in the process related to the supply call as shown in FIG. 28, an operation based on the information is performed. You may make it make the management apparatus 102 perform.

FIG. 39 shows an example of the processing sequence in this case. This processing sequence corresponds to the sequence after step S306 in FIG. 28. In this portion, only the CPU 201 of the controller 200 appears as a component on the image forming apparatus 100 side. Therefore, in FIG. 39, the controller 200 is representative. Show.
Also in this sequence, when the CPU 201 of the controller 200 determines that the remaining amount of toner in the process cartridge 500 is equal to or less than the threshold (S306), first, a supply call screen as shown in FIG. 29 is displayed on the operation unit 209 (S307). ).

After that, the supply call is transmitted. When this supply call is generated, its own ID is extracted from the controller public key certificate stored in the NVRAM 204 (S401), and the extracted ID is the model number. A supply call described as information is generated (S402). At this time, it is preferable to confirm using the root key certificate that the controller public key certificate is not damaged or altered. Further, the information described in the supply call may be as shown in FIG. 31 as in the case of the process shown in FIG.
Thereafter, after securing a secure communication path by SSL, a supply call is transmitted to the management apparatus 102 via the mediation apparatus 101 (S403, S404).
On the other hand, when receiving a supply call from the image forming apparatus 100, the management apparatus 102 confirms that the machine number information described in the supply call is that of an apparatus that can mediate the order of the process cartridge ( S405).

FIG. 40 shows an example of information used for this confirmation.
In this example, for each image forming apparatus that can be an appropriate communication partner (mainly a management target) for the management apparatus 102, the validity / invalidity of the above-described supply call mediation function is stored in a table format. Such information can be stored in, for example, the file server 616 shown in FIG.
In step S405, this table is searched using the received machine number information in the supply call as a key. If the supply call mediation function is “valid” for the machine number, the order of the process cartridge 500 is mediated. You can confirm that Conversely, if it is “invalid” or the machine number is not registered in the table, it is understood that the order should not be mediated.

  The information as shown in FIG. 40 may be stored as one item of a table for managing the information on the user of the management target device and the information on the operation state. The information is preferably treated as valid / invalid information, and is preferably different from information indicating whether or not a specific device is a management target. For example, when the administrator of the management apparatus 102 obtains information that an illegal product of the process cartridge 500 has been circulated, the information in the table shown in FIG. Although it is conceivable to stop the automatic ordering of the process cartridge in this case, it is preferable to separately handle whether or not the image forming apparatus is excluded from the management target by the management apparatus 102 even in such a case.

Returning to the description of FIG. 39, the processing after step S406 is the same as the processing after step S310 of FIG. 28. When the confirmation of step S405 can be performed, the management apparatus 102 determines that the replacement process cartridge related to the call. And the call OK notification is returned to the image forming apparatus 100 via the mediation apparatus 101 (S406 to S408).
Also, the management apparatus 102 performs the processing shown in the sequence diagram of FIG. 32 after receiving the supply call, as in the above-described embodiment.
Although illustration is omitted, if it is confirmed that the order should not be mediated in step S405, the response that the order cannot be accepted in steps S407 and S408 without the acceptance in step S406. Should be returned. It is also conceivable to notify the operator of the management apparatus 102 to that effect so that the operator or service person can contact the user of the target apparatus.

By performing the processing as described above, the management apparatus 102 can relay only the supply call from the appropriate image forming apparatus 100 to the service base E. Accordingly, even when all image forming apparatuses 100 are provided with an automatic ordering function, the operation is easily managed by the management apparatus 102, and the cartridge public key certificate is illegally acquired by the user of the image forming apparatus 100. Risk can be reduced.
In addition, it is not essential for the image forming apparatus 100 to extract the machine number information from the controller public key certificate and describe it. However, if this is done, the machine number information can be changed illegally to make a supply call. Since it becomes impossible to transmit, the management reliability in the management apparatus 102 can be further improved.

When the image forming apparatus 100 communicates directly with the management apparatus 102, the identification information of the image forming apparatus 100 described in the supply call can be added on the management apparatus 102 side.
FIG. 41 shows a processing sequence in such a case. This processing sequence also corresponds to the sequence after step S306 in FIG. However, the point that the mediation apparatus 101 does not appear is different.
In this process, the CPU 201 of the controller 200 determines that the remaining amount of toner in the process cartridge 500 is equal to or less than the threshold (S306), displays the supply call screen on the operation unit 209 (S307), and then stores the machine number information. A supply call that is not described is generated (S501).

  Thereafter, an authentication process using SSL is performed to secure a secure communication path (S502), and then a supply call is transmitted to the management apparatus 102 (S503). The processing in step S502 is omitted in FIGS. 28 and 39, but in this authentication processing, when mutual authentication is performed, the image forming apparatus 100 and the management apparatus 102 disclose each other. A key certificate is transmitted and received (see FIG. 15). Even when the management apparatus 102 only authenticates the image forming apparatus 100, the image forming apparatus 100 can transmit its own public key certificate to the management apparatus 102. The controller public key certificate used for the authentication process by the image forming apparatus 100 includes the ID of the image forming apparatus 100 as shown in FIG.

Therefore, the management apparatus 102 extracts the ID of the image forming apparatus 100 as identification information from the public key certificate received from the image forming apparatus 100 during the authentication process in step S502 when securing a communication path (S504). As in step S405 in FIG. 39, it is confirmed that the image forming apparatus 100 is an apparatus that can mediate the order of the process cartridge 500 (S505).
If this can be confirmed, an order related to the call is accepted with the ID extracted in step S504 and the supply call received in step S503 as a set. At this time, the extracted ID may be added to the supply call as identification information of the supply source device of the supply call.

Thereafter, a call OK notification is returned to the image forming apparatus 100 (S507). If it is confirmed in step S505 that the order should not be mediated, a response indicating that the order cannot be accepted may be returned in step S507 without accepting the order in step S506.
Further, the management apparatus 102 performing the processing shown in the sequence diagram of FIG. 32 after receiving the supply call is the same as in the above-described embodiment, and the image forming apparatus 100 is sent to the e-mail transmitted in step S321 of FIG. If the ordering information including the identification information is described, it does not matter where the identification information is obtained in the subsequent processing.
Even in such a process, the management apparatus 102 can relay only a supply call from the appropriate image forming apparatus 100 to the service base E, as in the case of performing the process shown in FIG. Further, the processing on the image forming apparatus 100 side can be simplified, and the design and development can be facilitated.

[Modifications of Embodiments: FIGS. 42 and 43]
Hereinafter, further modifications that can be applied to the above-described embodiments and modifications will be described.
In each of the embodiments described above, an example in which the electronic device is an image forming apparatus and the member is a process cartridge has been described, but it goes without saying that the present invention is not limited to this. For example, the photosensitive drum, the charging unit, the developing unit, the toner bottle, the cleaning unit, the optical unit, the transfer unit, the paper feeding unit, the fixing unit, and the like can be replaced independently and can be handled as one unit member. The specific shape and arrangement of each device or unit are not limited to those described above.

In addition, for a plurality of types of members, it is possible to confirm the validity using the root key certificate stored in the image forming apparatus that uses the members, and the identification information of the electronic device that uses the members is described. The public key certificate being stored may be stored, and the processing described in the above embodiments may be performed for each type of member or installation location. If it does in this way, the effect similar to the case of each embodiment mentioned above can be acquired about each of the member.
In this case, for example, if it is only necessary to confirm that a member is genuine, it is not essential to store a separate public key certificate for each type of member. For example, it is conceivable to store a certificate as shown in FIG. 19 in common for all members.
In this case, it is also conceivable that the contents of warnings performed in processes such as steps S4 and S5 and steps S7 and S8 shown in FIG.

  Of course, the electronic apparatus of the present invention is not limited to the image forming apparatus as described above. In addition to image processing devices such as printers, fax machines, digital copiers, scanners, and digital multifunction devices, network home appliances, vending machines, medical equipment, power supply devices, air conditioning systems, gas, water, and electricity metering systems The present invention can be applied to various electronic devices such as general-purpose computers, automobiles, and aircraft.

For example, in the remote management system shown in FIG. 22, each of these devices may be managed devices to constitute a remote management system and a certificate setting system as shown in FIG. In this figure, network appliances such as a television receiver 12a and a refrigerator 12b, a medical device 12c, a vending machine 12d, a weighing system 12e, and an air conditioning system 12f are given as examples of managed devices that are separately provided with the mediation device 101. . As an example of a managed device that also has the function of the intermediary device 101, an automobile 13a and an aircraft 13b are cited. In addition, in a device that moves over a wide range, such as an automobile 13a or an aircraft 13b, it is preferable to have a function of a firewall (FW) 104 as well.
Of course, the present invention can also be applied to each device to be managed in such a remote management system, members used in the device, and the like.

  Further, in this case, the content of the warning performed in the processes such as steps S4, S5 and steps S7, S8 shown in FIG. 12 should be determined according to the application and characteristics of the device and member to be applied. Good. For example, as in steps S4 and S5, a warning that permits the user to release, and a warning that does not allow the user to release as in steps S7 and S8, the usage and characteristics of the device or member to be applied, and authentication It can be considered to use them according to the authentication result. It is also conceivable to change the content of the warning according to the function that is enabled in the apparatus.

Furthermore, an information reproducing device such as a computer, a home game machine, a CD player or a DVD player, software for operating the computer used in such a device, music or video to be watched, or other The present invention can also be applied to a member such as a recording medium on which the useful data is recorded.
Regarding such a recording medium, there is a demand on the manufacturer side that it is not desired to use the recording medium other than a specific device even when it is handed over to the customer. By applying the present invention, it becomes possible to give a warning or prohibit such use when used in a device other than the device described in the certificate in advance. Can be met.
For example, when applied to a recording medium such as a CD or a DVD, a configuration in which a CPU is not provided on the member side, similar to the second embodiment described above, may be employed. The configuration corresponding to FIG. 20 of the second embodiment in this case is shown in FIG. 43, but the public key certificate for the recording medium in which the certificate storage area 711 is provided on the recording medium 710 side and the used device ID is described. It is recommended to store the certificate set that contains it. Then, when trying to read the contents of the recording medium 710, the CPU 701 of the recording medium reading device 700 reads the certificate set from the certificate storage area 711 and performs the authentication process as described in the second embodiment. It is good to do so.

And when the remote management system like 3rd Embodiment is not considered, the communication means for communicating with an external device is not essential. On the other hand, if the electronic device as described above is provided with a communication unit for communicating with an external device such as a management device or an intermediary device, the communication device is as described in the third embodiment. It can be a managed device in a remote management system.
In this case, the managed devices do not have to be unified with a specific type or function. Further, communication between each node constituting such a remote management system can be performed using various communication paths capable of constructing a network regardless of wired or wireless.

Furthermore, communication between the consumables and the control means of the electronic apparatus main body is not limited to wired communication, and may be performed wirelessly. In addition, if a digital certificate is stored in a small and non-contact device capable of exchanging information, the digital certificate can be stored in a member of a very wide range of usage modes. The present invention can be applied to an electronic device using the above.
Further, it is of course possible to apply the present invention to parts that do not necessarily require periodic replacement, and use them to manage the origin and usage history of parts.
Of course, the techniques described in the above embodiments and modifications may be used in combination.

  Further, the program according to the present invention is a program for causing a computer to control an electronic device, and causing the computer to perform processing as described in each of the above-described embodiments and modifications, and by causing the computer to execute such a program. The effects as described above can be obtained.

Such a program may be stored in a storage means such as a ROM or HDD provided in the computer from the beginning, but a non-volatile recording such as a CD-ROM or flexible disk, SRAM, EEPROM, memory card or the like as a recording medium. It can also be recorded on a medium (memory) and provided. Each procedure described above can be executed by installing a program recorded in the memory in a computer and causing the CPU to execute the program, or causing the CPU to read and execute the program from the memory.
Furthermore, it is also possible to download and execute an external device that is connected to a network and includes a recording medium that records the program, or an external device that stores the program in the storage unit.

As described above, according to the electronic apparatus, the image forming apparatus, the electronic apparatus control method, the image forming apparatus management system, the member storing the digital certificate, the program, and the recording medium of the present invention, the non-genuine member is Even in a distributed environment, it is possible to prevent a decrease in trust in the apparatus due to a defect of a non-genuine member, and to use a genuine member as much as possible. It is possible to control the use of a genuine member in an unintended device on the supply side.
In addition, according to the digital certificate acquisition method and the digital certificate setting system of the present invention, the member storing the digital certificate can be easily supplied.
Therefore, by applying the present invention, it is possible to provide an electronic device in which the supplier can easily manage the quality and a member in which the supplier can easily manage the use.

1 is a schematic cross-sectional view illustrating an overall configuration of an image forming apparatus that is a first embodiment of an electronic apparatus according to the present invention. FIG. 2 is a cross-sectional view illustrating a configuration of a process cartridge installed in the image forming apparatus illustrated in FIG. 1 in a new state. FIG. 3 is a schematic cross-sectional view showing a peripheral state when the process cartridge is installed in the image forming apparatus. FIG. 2 is a block diagram illustrating the configuration of the image forming apparatus illustrated in FIG. 1 with a focus on hardware related to control and communication. 2 is a block diagram illustrating an example of a software configuration of the image forming apparatus. FIG. FIG. 6 is a functional block diagram illustrating a configuration example of the NRS application illustrated in FIG. 5. FIG. 2 is a block diagram illustrating a configuration of each unit related to authentication processing and warning processing performed between a controller and a process cartridge in the image forming apparatus illustrated in FIG. 1. FIG. 8 is a block diagram simply showing the configuration shown in FIG. 7. It is a figure which shows the kind of certificate and key which are memorize | stored in each NVRAM shown in FIG. It is a figure for demonstrating the relationship between the public key certificate used for an authentication process, a private key, and a root key certificate.

FIG. 10 is a diagram illustrating information described in the cartridge public key certificate and the controller public key certificate shown in FIG. 9 in more detail. 2 is a flowchart illustrating processing performed by a CPU of a controller at the time of activation in the image forming apparatus illustrated in FIG. 1. It is a figure which shows the example of the warning display performed by step S4 of FIG. It is a figure which shows the example of the warning display performed by step S7 of FIG. It is a flowchart which shows the detail of the authentication process performed by step S2 of FIG. It is a flowchart which shows the modification of the authentication process shown in FIG. FIG. 10 is a diagram illustrating a modified example of the cartridge public key certificate. FIG. 18 is a diagram showing the types of certificates and keys stored in the NVRAMs shown in FIG. 8 when performing authentication processing using the cartridge public key certificate shown in FIG. 17. FIG. 10 is a diagram showing still another modified example of the cartridge public key certificate. FIG. 9 is a block diagram corresponding to FIG. 8 and showing the configuration of an image forming apparatus as a second embodiment of the electronic apparatus of the present invention.

13 is a flowchart showing details of an authentication process performed in the process corresponding to step S2 of FIG. 12 in the image forming apparatus. It is a block diagram which shows the structure of embodiment of the image forming apparatus management system of this invention which used the image forming apparatus which is 3rd Embodiment of the electronic device of this invention as a to-be-managed apparatus. It is a figure which shows the data transmission / reception model of transmission / reception of the operation request in the image forming apparatus management system shown in FIG. 22, and an operation response. It is a figure which shows the example of schematic structure of the management apparatus shown in FIG. It is a figure which shows in more detail the relationship between the management apparatus shown in FIG. 22, a communication terminal, a service base terminal, and a certificate issuing apparatus. FIG. 23 is a diagram showing a part of the type and format of data stored in the NVRAM of the process cartridge in the image forming apparatus shown in FIG. 22. FIG. 24 is a flowchart showing processing executed by the CPU of the process cartridge and the CPU of the controller in association with automatic ordering of replacement toner cartridges in the image forming apparatus shown in FIG. 22. FIG. 28 is a sequence diagram illustrating an example of a processing sequence of each unit when performing the processing illustrated in the flowchart of FIG. 27. It is a figure which shows the example of a display of the supply call screen displayed by step S307 of FIG. It is a figure which shows the example of a description of the SOAP request which concerns on the supply call transmitted similarly by step S308.

It is a figure which shows the structure of the data contained in the body part of the SOAP request shown in FIG. FIG. 11 is a sequence diagram showing a processing sequence from when a management device receives a supply call until a replacement process cartridge in which an appropriate public key certificate is set is prepared. It is a figure which shows the example of the electronic mail which a management apparatus transmits in step S321 of FIG. Similarly, it is a figure which shows the example of the confirmation screen displayed when the service base terminal receives the notification of step S324. It is a figure which similarly shows the example of a format of the message concerning transmission of the certificate issuance request and certificate set in steps S330 and S331. FIG. 36 is a diagram showing a specific example of a SOAP request related to the certificate issuance request shown in FIG. It is a figure which shows the specific example of the SOAP response which similarly concerns on transmission of a certificate set. FIG. 33 is a diagram showing a modification of the processing sequence shown in FIG. 32. It is a figure which shows the modification of the process sequence after step S306 of FIG. It is a figure which shows the example of the information used for the confirmation in step S405 of FIG. It is a figure which shows another modification of the process sequence after step S306 of FIG. It is a figure which shows another structural example of the remote management system shown in FIG. It is a block diagram corresponding to FIG. 20 which shows the structure of the modification of 2nd Embodiment of this invention.

Explanation of symbols

2: Optical part 3: Polygon mirror 4, 5: Lens 6-15: Mirror 21: Photosensitive drum 22: Charging part 23: Developing part 24: Transfer roller 25: Cleaning part 26: Case 28: P sensor 29: T sensor 32: Toner supply unit 33: Toner bottle 80: Control chip 81: Socket 100: Image forming apparatus 101: Mediation apparatus 102: Management apparatus 103: Internet 104: Firewall 110: Image forming apparatus with mediation function 150: Communication terminal 160: Service Base terminal 161: Certificate setting device 170: Certificate issuing device 200: Controller 201, 401, 501: CPU
202: ASIC 203: SDRAM
204, 404, 504: NVRAM
205: NRS memory 206: PHY
209: Operation unit 211: Modem 212: PI 218: PCI bus 220, 405, 505: I / O port 230: Serial bus 300: OCS
301: ECS 302: MCS
303: NCS 304: FCS
305: CSS 306: SCS
307: SRM 308: IMH
309: Copy application 310: Fax application 311: Printer application 312: Scanner application 313: Net file application 314: Web application 315: NRS application 400: Engine control unit 402, 502: ROM 403, 503: RAM
406, 506: Internal bus 410: Engine unit 500: Process cartridge

Claims (36)

An electronic device using a member storing a digital certificate,
Obtaining means for obtaining a digital certificate stored in the member;
Authentication means for authenticating the member using the digital certificate;
Means for controlling the operation of the electronic device based on the authentication result by the authentication means;
The digital certificate is a digital certificate in which identification information of an electronic device that uses the member is described,
An electronic apparatus comprising: a means for determining an authentication result based on identification information of the electronic apparatus described in the digital certificate. The electronic device according to claim 1,
An electronic apparatus comprising means for notifying an authentication result by the authentication means. An electronic device according to claim 1 or 2,
The electronic apparatus according to claim 1, wherein the digital certificate is a digital certificate in which information relating to the member and information that does not need to be rewritten is described. The electronic device according to claim 3,
The information that does not need to be rewritten is information on the type of member, serial number, manufacturer, or the upper limit of the number of recycling times. An electronic device according to any one of claims 1 to 4,
Having communication means for communicating with the member in use in the electronic device;
The communication means is means for transmitting / receiving information that needs to be rewritten out of information stored by the member or stored in the member through a communication path whose contents are encrypted using the digital certificate. Electronic device characterized. The electronic device according to claim 5,
An electronic apparatus comprising control means for controlling the operation of the electronic apparatus according to control information received from the member via the encrypted communication path. The electronic device according to claim 6,
The member is a toner supply member;
Image forming means for forming an image on a sheet using toner supplied from the toner supply member;
A second communication means for communicating with an external management device;
Information on the remaining amount of toner is acquired from the toner supply member as the control information to the control means, and when the remaining amount of toner becomes a predetermined value or less, replacement toner is sent to the management device by the second communication means. An image forming apparatus comprising means for placing an order for a supply member. The electronic device according to any one of claims 1 to 6,
An electronic apparatus characterized in that the digital certificate stored in the member is a certificate whose validity can be confirmed using a certification key dedicated to member authentication. An electronic device according to any one of claims 1 to 6 and 8,
The member is provided with computing means and communication means for communicating with the main body side of the electronic device,
A storage means for storing a digital certificate is provided on the main body side of the electronic device,
An electronic device characterized in that the computing means and the authentication means perform mutual authentication between the member and the main body side of the electronic device using digital certificates stored in the other party. apparatus. A method for controlling an electronic device using a member storing a digital certificate,
The identification information of the electronic device that uses the member is described in the digital certificate,
An acquisition procedure for acquiring a digital certificate stored in the member;
Causing the electronic device to execute an authentication procedure for authenticating the member using the digital certificate;
In the authentication procedure, a procedure for determining an authentication result based on identification information of the electronic device described in the digital certificate is provided.
A method of controlling an electronic device, wherein operation of the electronic device is controlled based on an authentication result in the authentication procedure. A method for controlling an electronic device according to claim 10, comprising:
A control method for an electronic device, characterized in that the electronic device is notified of an authentication result in the authentication procedure. A method for controlling an electronic device according to claim 10 or 11,
The method for controlling an electronic device according to claim 1, wherein the digital certificate is a digital certificate in which information relating to the member and information that does not need to be rewritten is described. A method for controlling an electronic device according to any one of claims 10 to 12,
Causing the electronic device to execute a communication procedure for communicating with the member in use in the electronic device;
In the communication procedure, among the information stored by the member or stored in the member, information that needs to be rewritten is transmitted / received through a communication path whose contents are encrypted using the digital certificate. A method for controlling an electronic device. 14. A method for controlling an electronic device according to claim 13, comprising:
A method for controlling an electronic device, comprising: causing the electronic device to control its own operation according to control information received from the member through the encrypted communication path. A method for controlling an electronic device according to any one of claims 10 to 14,
A digital certificate is also stored on the main body side of the electronic device,
In the authentication procedure, a mutual authentication using a digital certificate stored by the other party is performed between the member and the main body side of the electronic device. . In a computer that controls an electronic device that uses a member that stores a digital certificate,
An acquisition procedure for acquiring a digital certificate stored in the member;
And performing an authentication procedure for authenticating the member using the digital certificate,
A program for realizing a function of controlling the operation of the electronic device based on an authentication result in the authentication procedure,
The digital certificate is a digital certificate in which identification information of an electronic device that uses the member is described,
A program characterized in that a procedure for determining an authentication result based on identification information of an electronic device described in the digital certificate is provided in the authentication procedure. The program according to claim 16, wherein
A program for causing the computer to execute a procedure for notifying an authentication result in the authentication procedure. The program according to claim 16 or 17,
The digital certificate is a digital certificate in which information relating to the member and information that does not need to be rewritten are described. A program according to any one of claims 16 to 18, wherein
A program for causing the computer to further execute a communication procedure for communicating with the member in use in the electronic device;
In the communication procedure, among the information stored by the member or stored in the member, information that needs to be rewritten is transmitted / received through a communication path whose contents are encrypted using the digital certificate. A featured program. The program according to claim 19, wherein
A program for causing the computer to control the operation of the electronic device according to control information received from the member via the encrypted communication path. A program according to any one of claims 16 to 20,
The computer is a computer having storage means for storing a digital certificate,
A program for causing the computer to perform mutual authentication with the member using a digital certificate stored in the other party in the authentication procedure.   A computer-readable recording medium on which the program according to any one of claims 16 to 21 is recorded. An image forming apparatus according to claim 7, and a management device capable of communicating with the image forming apparatus and managing the image forming apparatus,
An image forming apparatus management system, wherein the management apparatus includes means for receiving an order for the replacement toner supply member from the image forming apparatus.   Validity can be confirmed using the certification key stored in the electronic device using the member, and a digital certificate storing the identification information of the electronic device using the member is stored. A member that stores a digital certificate. A member storing the digital certificate according to claim 24,
The member storing a digital certificate, wherein the digital certificate is information related to the member and includes information that does not need to be rewritten. A member storing the digital certificate according to claim 25,
A member storing a digital certificate, wherein the information that does not need to be rewritten is information on a type of the member, a serial number, a manufacturer, or an upper limit of the number of recycling times. A member storing the digital certificate according to any one of claims 24 to 26,
Having communication means for communicating with the electronic device using the member;
The digital certificate is characterized in that the communication means is means for transmitting / receiving information that needs to be rewritten out of the information stored in the member through a communication path in which the content is encrypted using the digital certificate. The member that memorized. A member storing the digital certificate according to any one of claims 24 to 27,
A member storing a digital certificate, wherein the digital certificate stored in the member is a certificate whose validity can be confirmed using a certification key dedicated to member authentication. A member storing the digital certificate according to any one of claims 24 to 28,
A communication means for communicating with an electronic device using the member;
A member storing a digital certificate, wherein an authentication unit is provided for acquiring a digital certificate from the electronic device and authenticating the electronic device using the digital certificate. A digital certificate acquisition method for acquiring a digital certificate to be stored in a member used in an electronic device,
While receiving the input of identification information of the electronic device that uses the member by a predetermined terminal device, the identification information input together with the certificate issuance request is transmitted to the certificate issuing device,
The certificate issuing device can confirm the validity using the certification key stored in the electronic device using the member based on the received identification information in response to the certificate issuing request, Issuing a digital certificate in which identification information of an electronic device that uses the member is described and transmitting it to the terminal device,
A digital certificate acquisition method, wherein the terminal device acquires the digital certificate. A digital certificate setting system for setting a digital certificate to be stored in a member used in an electronic device,
A terminal device and a certificate issuing device for issuing the digital certificate;
In the terminal device,
Means for receiving input of identification information of an electronic device using the member;
Means for transmitting the inputted identification information together with a certificate issuing request to the certificate issuing device;
Obtaining a digital certificate issued by the certificate issuing device in response to the request, and setting the digital certificate in the member;
In the certificate issuing device,
In response to the certificate issuance request, based on the received identification information, the validity can be confirmed using the certification key stored in the electronic device using the member, and the electronic device using the member A digital certificate setting system comprising means for issuing a digital certificate in which the identification information is described and transmitting the digital certificate to the terminal device. A digital certificate setting system according to claim 31, wherein
An electronic device that uses the member;
A digital certificate setting system, characterized in that the electronic device is provided with means for transmitting information relating to the ordering of the member to the terminal device together with identification information of the electronic device. A digital certificate setting system for setting a digital certificate to a member used in an electronic device,
A management device that receives an order for the member; a terminal device installed at a service base that ships the member to a customer; and a certificate issuing device that issues the digital certificate;
In the management device,
Means for receiving information on ordering of the member together with identification information of an electronic device using the member;
A means for transmitting the received information to a terminal device installed at a service base that ships the ordered member to a customer; and
In the terminal device,
Means for transmitting the identification information of the electronic device received together with the information together with the certificate issuance request to the certificate issuing device when the information on the ordering of the member is received from the management device;
Obtaining a digital certificate issued by the certificate issuing device in response to the request, and setting the digital certificate to the member related to the order,
In the certificate issuing device,
In response to the certificate issuance request, based on the received identification information, the validity can be confirmed using the certification key stored in the electronic device using the member, and the electronic device using the member A digital certificate setting system comprising means for issuing a digital certificate in which the identification information is described and transmitting the digital certificate to the terminal device. A digital certificate setting system according to claim 33, wherein
An electronic device that uses the member;
A certificate setting system, characterized in that the electronic device is provided with means for transmitting information relating to the ordering of the members together with identification information of the electronic device to the management device. A digital certificate setting system according to claim 33, wherein
A certificate setting system, characterized in that the management device is provided with means for confirming whether or not the received identification information of an electronic device is that of a device that may mediate the ordering of members. A digital certificate setting system according to claim 33, wherein
Identification information described in the digital certificate received from the electronic device at the time of communication as the identification information of the electronic device as the identification information of the electronic device is received by the management device from the electronic device that uses the member A certificate setting system characterized by accepting.

Images