JP2005327095A - Control program data authentication method for image forming apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication method for updating a program having high safety for an image forming apparatus. <P>SOLUTION: The authentication method comprises: providing authentication (encryption key) data to a memory housed in a consumable, such as a toner cartridge; enabling a server to recognize the authentication data with try and error; and encrypting program data by means of the authentication data in downloading program data for updating the control program of a main body. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a program data authentication method in a case where a control program for an image forming apparatus is downloaded from a network or the like and updated.

Conventionally, when updating a control program for a device from a network or the like, the program distributing side identifies the device using device-specific data (for example, a serial number) and distributes control program data encrypted with the unique data. On the other hand, the program receiving side is configured to decrypt the received program data with specific data and update the control program (see, for example, Patent Document 1).
JP 2001-21171 A

  However, in the above conventional example, in order to realize that it is guaranteed that the correct software is downloaded by using the unique data specifying the device as a public key, or that the content of the software is not known to a third party. For example, in the case of a typical public encryption key RSA encryption system, the length of the public key is a dozen times the current telephone number. Processing is complicated.

  The object of the present invention is to provide a control program data authentication method for an image forming apparatus capable of performing an authentication procedure by encryption using a relatively simple common key so that software can be downloaded safely. It is to be.

In order to achieve the above object, the invention according to the present application is
A non-volatile consumable memory built into the consumables;
Authentication data stored in the consumables memory,
An external I / F that transmits and receives data to and from an external device;
A control unit for controlling the operation of the device;
A nonvolatile main body memory for storing a control program built in the control unit;
Decryption means for decrypting data acquired via the external I / F with authentication data;
Authentication confirmation means for transmitting the data decrypted by the decryption means to an external device;
Update means for updating control program data in the main body memory with data obtained by acquiring and decrypting the control program data encrypted with the authentication data via the external I / F,
The external device selects one of a plurality of pre-registered authentication data, encrypts the predetermined data, sends confirmation data, and repeatedly compares the return data returned from the authentication confirmation means with the predetermined data, The control program is encrypted using the authentication data when the predetermined data matches the return data as an encryption key, and is sent to the image forming apparatus.

  According to the present invention, since it is possible to exchange data without disclosing the encryption key, the encryption protocol can be simplified.

  In addition, since the authentication data is given to the consumables, the authentication data is periodically changed, so that the safety can be improved.

  The best mode for carrying out the present invention will be described below based on examples.

  An embodiment of the present invention will be described with reference to FIGS. 1 to 4 of the accompanying drawings.

  FIG. 1 is a diagram showing a control block of a printer representing an embodiment of the present invention, in which 1 is a printer body, 2 is a microprocessing unit (hereinafter referred to as MPU) for controlling the operation of the printer 1, Reference numeral 3 denotes a rewritable nonvolatile memory (hereinafter referred to as “FlashROM”), in which a control program and data are written, and the contents are rewritten by a version upgrade process to be described later. 4 is a random access memory (hereinafter referred to as RAM), 5 is an external interface circuit connected to the public line 10, 6 is an input signal for various sensors, 7 is an output signal for driving a solenoid or motor, and 8 is a toner cartridge. The authentication data is stored in a memory (hereinafter referred to as an EEPROM) built in 24. 9 is a memory interface for transmitting and receiving data between the EEPROM 8 and the MPU 2, 10 is a public line such as the Internet, and 11 is a server for distributing an upgrade program.

  FIG. 2 is a cross-sectional view of the printer 1 representing an embodiment of the present invention, in which 12 is a photosensitive drum whose surface is endlessly movable, and 13 is a surface that uniformly charges the surface of the photosensitive drum 12. A charger 14 is a laser emitting means for scanning the photosensitive drum 12, 15 is a developing device for converting an electrostatic latent image into a toner image, 16 is a paper feed cassette, and 17 is a paper set in the paper feed cassette 16. A paper feeding roller 18 for conveying the paper temporarily stops the fed paper and eliminates the skew of the paper, and a registration roller 19 for synchronizing the toner image on the photosensitive drum 12 and the paper conveyance, 19 is a toner image. A transfer charger 20 for transferring to a paper and a fixing device 20 for fixing a toner image on the paper are configured to be removable from the main body. 21 is a paper discharge sensor for detecting the presence or absence of paper discharged from the fixing device 20, 22 is a paper discharge roller, 23 is a paper discharge tray, and 24 is a toner removable from the main body incorporating the photosensitive drum 12 and the developing device 15. It is a cartridge.

  Next, the operation of the laser beam printer according to this embodiment will be described.

  When the power is turned on, the MPU 2 drives the heat source in the fixing device 20 and increases the temperature until the temperature of the fixing device 20 reaches the standby temperature. In addition, it is checked whether or not paper is loaded in the paper feed cassette 16 and whether or not image formation (hereinafter referred to as printing) is possible. When the print is ready, the charger 13 and the transfer charger 19 are turned on. In this state, the surface potential of the photosensitive drum 12 is initialized.

  At this time, the rotation of the horizon mirror is also started, and the MPU 2 controls the heat source to raise the temperature of the fixing device 20 to the fixing required temperature. Then, when the rotation of the polygon mirror is stabilized and the temperature of the fixing device 20 reaches a feed permission temperature, that is, a temperature at which the fed paper reaches the fixing device 20 and can reach the fixing required temperature. The paper is conveyed from the paper cassette 16 by the paper feed roller 17 until it reaches the registration roller 18.

  When the leading edge of the paper reaches the registration roller 18, the conveyance of the paper is once stopped, and the paper feeding from the registration roller 18 is resumed. At the same time, the laser emission means 14 is statically placed on the photosensitive drum 12 according to the image signal. An electrostatic latent image is formed. The electrostatic latent image is developed into a toner image by the developing unit 15 and transferred to the fed paper by the transfer charger 19. The paper to which the toner image has been transferred reaches the fixing device 20.

  At this time, the temperature in the fixing device 20 is a fixing required temperature, and the toner image is sufficiently fixed on the paper by heating and pressurizing while holding and conveying the paper.

  In the fixing operation, the image formation for one page is completed, and the charger 13 performs a process for making the surface potential of the photosensitive drum 12 uniform for the next image formation. After the sheet is discharged, the process is terminated when the next printing operation is not generated during this process. Thereafter, the temperature of the fixing device 20 is controlled at the standby temperature in order to avoid excessive temperature rise.

  After the fixing operation is completed, for example, about 10 seconds, the process of making the surface potential of the photosensitive drum 12 uniform is continued so that the next image can be formed immediately. At this time, the transfer charger 19 and the charger 13 are sequentially turned off, and the rotation of the photosensitive drum 12 is stopped (this process is referred to as post-rotation processing).

  When the post-rotation processing is completed, a series of printing operations is completed, and thereafter, the standby state is entered.

  Next, processing when the printer 1 upgrades the control program will be described with reference to FIGS.

  FIG. 3 is a flowchart showing the processing of the server 11. Step S101 is a step for determining whether there is a program upgrade request from the printer 1 via the public line 10. If there is a version upgrade request, the process proceeds to step S102. In step S102, 1 is set to a variable i indicating the number of loops of the authorization process, and the start of the authentication procedure is transmitted to the printer 1. In step S103, the transmission data X for authentication procedure is encrypted with the temporary authentication data N [i]. The temporary authentication data is a set of data obtained by collecting the authentication data written in the EEPROM 8. In this embodiment, one of the four authentication data is temporarily written in the EEPROM 8 and is stored in an arbitrary toner cartridge 24. It is assumed that they are attached and shipped. The transmission data X may be encrypted by any method as long as it is an encryption method using a common key. In step S104, confirmation data D [i] obtained by encrypting transmission data X with temporary authentication data N [i] is transmitted to printer 1. In step S105, data F [i] obtained by decoding the confirmation data D [i] is received from the printer 1. In step S106, the data F [i] and the transmission data X are compared. If they match, the process proceeds to step S107, and if they do not match, the process proceeds to step S108. In step S107, data F [i] is registered as formal authentication data A. In step S108, 1 is added to the variable i representing the number of loops. In step S109, it is determined whether or not the number of loops has reached 5. When i is less than 5, temporary authentication data to be confirmed remains, so the process returns to step S103, and when i is 5, Since the confirmation of the temporary authentication data is completed, the process proceeds to step S110. In step S110, the end of the authentication procedure is transmitted to the printer 1. In step S111, authentication data A is used to encrypt program data for upgrading. In step S112, the encrypted program data is transmitted to the printer 1.

  FIG. 4 is a flowchart showing the processing of the printer 1. Step S201 is a step of making a request for upgrading to the server 11 and determining whether or not the start of the authentication procedure is received from the server 11. When the authentication procedure is started, step S202 is performed. Move on. In step S202, confirmation data D [i] is received. In step S203, the authentication data A is read from the EEPROM 8. In step S204, the confirmation data D [i] is decrypted using the authentication data A. In step S205, the decrypted data F [i] is transmitted to the server 11. Step S206 is a step of determining whether or not the end of the authentication procedure is transmitted from the server. If the end of the authentication procedure is not transmitted, the process proceeds to step S202. If the end of the authentication procedure is transmitted, the process proceeds to step S207. In step 207, the encrypted program data is received from the server 11. In step S208, the encrypted program data is decrypted with the authentication data A. In step S209, the data in the FlashROM 3 is rewritten with the decrypted program data.

  As described above, by performing an authentication procedure using a plurality of temporary authentication data, the program data for version upgrade can be encrypted and received from the server 11 without receiving an encryption key. In addition, since the number of authentication procedures and success / failure are only known on the server 11 side, the encryption key (authentication) data cannot be known from the outside.

  Another embodiment of the present invention will be described with reference to FIG. 5 of the accompanying drawings.

  The configuration of the second embodiment is the same as that of the printer 1 of the first embodiment except for the parts described below, and the same reference numerals are given to the components having the same functions, and detailed description thereof is omitted.

  FIG. 5 is a flowchart showing the processing of the printer 1. In step S301, it is determined whether or not the variable j representing the position of the array A [j] of a plurality of authentication data is 4 or more. If so, the process proceeds to step S302. A step S302 sets a variable j to 1. In the present embodiment, there are three pieces of authentication data stored in the EEPROM 9 built in the toner cartridge 24, and the arrays are represented by (A [1], A [2], A [3]), respectively. Stored. In step S303, the authentication data A [j] is read from the EEPROM 8. In step S304, the server 11 is requested to upgrade and it is determined whether or not the start of the authentication procedure is received from the server 11. When the authentication procedure is started, the process proceeds to step S305. In step S305, confirmation data D [i] is received. In step S306, the authentication data A [j] is used to decrypt the confirmation data D [i]. In step S307, the decrypted data F [i] is transmitted to the server 11. Step S308 determines whether or not the end of the authentication procedure is transmitted from the server 11. If the end of the authentication procedure is not transmitted, the process proceeds to step S305. If the end of the authentication procedure is transmitted, the process proceeds to step S309. In step 309, the encrypted program data is received from the server 11. In step S310, the encrypted program data is decrypted with the authentication data A [j]. In step S311, the data in the FlashROM 3 is rewritten with the decrypted program data. In step S312, 1 is added to the variable j, and the process returns to step S301.

  As described above, since the EEPROM 8 has a plurality of authentication data and performs the authentication procedure while switching the authentication data, the same encryption key (authentication) data is not always used. It can be done from outside.

It is a figure explaining the control block which concerns on 1st Example of this invention. 1 is a diagram illustrating a cross section of a printer according to a first embodiment of the invention. FIG. It is a flowchart explaining the control which concerns on 1st Example of this invention. It is a flowchart explaining the control which concerns on 1st Example of this invention. It is a flowchart explaining the control which concerns on 2nd Example of this invention.

Explanation of symbols

1 Printer 2 MPU
3 FlashROM
4 RAM
5 External interface 6 Input signal 7 Output signal 8 EEPROM
9 Memory Interface 10 Public Line 11 Server 12 Photosensitive Drum 13 Charger 14 Laser Emitting Unit 15 Developer 16 Paper Feed Cassette 17 Paper Feed Roller 18 Registration Roller 19 Transfer Charger 20 Fixing Device 21 Paper Discharge Sensor 22 Paper Discharge Roller 23 Ejection Paper tray 24 Toner cartridge

Claims (1)

A nonvolatile first storage means built into the consumables;
Authentication information stored in the first storage means;
An external communication means for transmitting / receiving data to / from an external device;
Control means for controlling the operation of the device;
Second storage means for storing a control program incorporated in the control means;
Decryption means for decrypting the information acquired via the external communication means with the authentication information;
Authentication confirmation means for transmitting the information decrypted by the decryption means to an external device;
Update means for updating the control program data in the second storage means with data obtained by acquiring and decrypting the control program data encrypted with the authentication information through the external communication means,
The external device selects one of a plurality of pre-registered authentication information, encrypts the predetermined data and sends out the authentication information, and repeatedly compares the return data returned from the authentication confirmation means with the predetermined data, A control program data authentication method for an image forming apparatus, wherein the control program is encrypted using authentication information when the predetermined data and the return data match with each other as an encryption key, and the control program is sent to the image forming apparatus.

Images