JP2008083116A - Client device control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a client device control program capable of preventing leakage of communication information when communication is performed between a server device as an FTP server and a client device as an FTP client via a general-purpose network. <P>SOLUTION: A resident application generates a handle acquisition command and transmits [1] the handle acquisition command to an MFP 1. The handle acquisition command is a command to notify the MFP 1 of the public key (client key: constituted of 16 bytes) of a PC 20 for performing encryption, and to request for the transmission of the handle name of the MFP 1 and the public key of the server. The MFP 1, when it receives the handle acquisition command, transmits [2] the handle name and the server key to the PC 20. The PC 20 and the MFP 1, as described above, communicate with each other via the Internet 50, and HTTP is used as a communication protocol. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a client apparatus control program, and relates to a client apparatus control capable of preventing leakage of information to be communicated when communication is performed via a network using a server apparatus as an FTP server and an apparatus such as a computer as an FTP client. Regarding the program.

  Information such as image data taken by a digital camera and a document created by a computer is often stored in a removable memory card (removable medium). The memory card is mounted on a card reader (removable media device), and information stored in the memory card is read. The card reader is connected to a general-purpose network such as the Internet, and information stored in the memory card is transmitted and received by a computer that is a network device connected to the network.

  There are various protocols for communication via a network. FTP (File Transfer Protocol) is used as a file transfer protocol, and the server only needs to transmit a file. Since the display layout and the like are appropriately determined on the receiving side, there is an advantage that the design of the information processing program in the server is easy.

Japanese Patent Application Laid-Open No. 2004-172842 (Patent Document 1) discloses a direct printer that can directly print an image photographed by a digital camera from a memory card attached to a printer main body, and that is a memory card via a network. Discloses an apparatus for storing image data stored in a storage device of a computer.
JP 2004-172842 A

  However, since the communication protocol called FTP has a specification in which unencrypted data cannot be encrypted during communication and cannot be communicated, if communication protocol is FTP in a general-purpose communication line such as the Internet, communication information There was a problem that there is a risk of leakage.

  The present invention has been made to solve the above-described problem, and a client apparatus control program capable of preventing leakage of communication information when communication is performed via a general-purpose network as an FTP server and an FTP client. The purpose is to provide.

  In order to achieve this object, a client device control program according to claim 1 of the present invention includes a client device including a communication unit that communicates with a server device via a communication line, and includes a browser functioning as an FTP client. A communication step of performing communication via the communication line with a communication protocol of HTTP (Hyper Text Transfer Protocol), an input step of inputting information from the browser, and information input by the input step Accordingly, transmission information to be transmitted is formed by the communication step, an encryption step for encrypting the transmission information, a decryption step for decrypting the information received by the communication step, and decryption by the decryption step An output step of outputting the processed information to the browser.

  The client device control program according to claim 2 includes a public key acquisition step of acquiring a server side public key from a communication partner by the communication step in the client device control program according to claim 1, wherein the encryption step includes: Encryption is performed based on the public key on the server side acquired in the public key acquisition step.

  The client device control program according to claim 3, further comprising a public key notifying step of notifying a communication partner of a public key on the client side by the communication step in the client device control program according to claim 1, wherein the decrypting step Is decrypted based on the public key on the client side notified in the public key notification step.

  The client device control program according to claim 4 is a client device control program according to claim 2, further comprising a login step for logging in to the server device, wherein the public key acquisition step is executed by the login step. Before we get the public key on the server side.

  The client device control program according to claim 5 includes a login step for logging in to the server device in the client device control program according to claim 3, wherein the public key notification step is executed by the login step. Before, notify the client side public key.

  According to the client device control program of claim 1, the client device functions as an FTP client and performs communication via a communication line with the communication protocol being HTTP, and an input step of inputting information from a browser; Forming transmission information to be transmitted by the communication step according to the information input by the input step, encrypting the transmission information, and decrypting step to decrypt the information received by the communication step; And an output step for outputting the information decrypted by the decryption step to the browser, so that it is possible to prevent information communicated through the communication line from leaking. In addition, since the client device functions as an FTP client, detailed settings such as a display layout are not required on the server side, and the server can be easily constructed. In addition, when HTTP is used as a protocol, confidentiality can be maintained and many communication lines can be used, and communication is rarely disabled.

  According to the client device control program of the second aspect, in addition to the effect of the client device control program according to the first aspect, a public key acquisition step of acquiring a public key on the server side from a communication partner by a communication step is provided, Since the encryption step performs encryption based on the public key on the server side acquired in the public key acquisition step, the confidentiality of the information to be transmitted can be maintained, and the reception side can decrypt it.

  According to the client device control program of the third aspect, in addition to the effect produced by the client device control program according to the first or second aspect, a public key notifying step of notifying the communication side of the client-side public key by the communication step is provided. In the decryption step, decryption is performed based on the client-side public key notified in the public key notification step, so that the confidentiality of the received information can be maintained and decrypted.

  According to the client device control program according to claim 4, the client device control program according to claim 2, further comprising a login step for logging in to the server device, wherein the public key acquisition step is performed before the login is executed by the login step. In addition, since the public key on the server side is acquired, it is possible to encrypt the password input at the time of login and prevent the password from being leaked.

  According to the client device control program of the fifth aspect, in addition to the effect produced by the client device control program according to the third aspect, the log-in step for logging in to the server device is provided. Since the client-side public key is notified before execution, it is possible to encrypt the password input at the time of login and prevent the password from being leaked.

  Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings. FIG. 1 shows a personal computer (hereinafter referred to as “PC”) connected to a multifunction peripheral device (hereinafter abbreviated as “MFP (Multi Function Peripheral)”) 1 and an Internet 50 according to an embodiment of the present invention. 1 is a block diagram showing a configuration of a communication system consisting of 20.

  The MFP 1 includes various functions such as a photo media capture function, a printer function, a copy function, a scanner function, and a facsimile function. As shown in FIG. 1, the MFP 1 is executed by a CPU 2 that controls the operation of the entire MFP 1, a RAM 3 that is a memory for temporarily storing various data executed by the CPU 2, and the CPU 2. ROM 4 for storing various control programs and fixed value data, communication interface (hereinafter referred to as “I / F”) 5, printer unit 6, scanner unit 7, memory card unit 8, and MFP 1. Facsimile for transmitting and receiving image information via an operation unit 9 including a plurality of operation input keys (buttons, switches, etc.) and a display for executing functions, a flash memory 10 and a telephone line (not shown). Mainly provided with a portion 11.

  The CPU 2 is a processor that executes various programs stored in the ROM 4, and the RAM 3 is a randomly accessible memory having a work area that temporarily stores variables and the like when the CPU 2 executes various programs.

  The operation unit 9 includes a plurality of switches and a display on the operation panel, and the user can give an instruction to the MFP 1 by operating the switches. The switch includes a mode selection key for selecting various functions such as a copy function, a scanner function, and a facsimile function, and a numeric keypad for inputting numerical values and characters. By operating the mode selection key, it is possible to set the photo media capture mode for executing the photo media capture function, the copy mode for executing the copy function, the scanner mode for executing the scanner function, the facsimile mode for executing the facsimile function, etc. it can. Further, by operating the numeric keypad, it is possible to input a facsimile transmission number or a user number for designating identification information. The display displays a setting screen showing various set values.

  The flash memory 10 is a non-volatile memory that can write and read various data. The communication interface I / F 5 is an interface of the Internet 50 that is a general-purpose network, and performs communication by converting communication data into a signal for transmission by a modem or the like.

  When a medium is loaded in the MFP 1, data stored in the memory card 40 loaded in the memory card unit 8 is transmitted / received to / from the PC 20 connected to the Internet 50 via the communication interface I / F 5. be able to.

  At this time, the PC 20 functions as an FTP client, and the MFP 1 functions as an FTP server. However, if the communication protocol of the Internet 50 is FTP, communication information may be leaked. Therefore, communication information is encrypted and communication is performed using HTTP as a communication protocol via the Internet 50. That is, the browser installed on the PC 20 forms communication information using the FTP protocol, but the resident application installed on the PC 20 encrypts the communication information and converts the protocol to HTTP, via the Internet 50. Send to MFP 1. When communication information is received from the MFP 1, it is received by the HTTP protocol, decrypted, converted to the FTP protocol, and passed to the browser.

  The printer unit 6 is composed of an ink jet printer for printing on a recording sheet set at a predetermined paper feed position (not shown) based on an instruction from the CPU 2, and is a recording sheet that conveys the recording sheet A conveyance motor (not shown), a print head (not shown) that discharges ink onto recording paper, and a carriage motor (not shown) that moves a carriage (not shown) on which the print head is mounted are provided. When the photo media capture mode is set, data such as images and documents stored in the memory card 40 mounted on the memory card unit 8 can be printed by the printer unit 6.

  The scanner unit 7 reads an image from a document set at a predetermined reading position (not shown) based on an instruction from the CPU 2 and generates image data of the image. The image data read by the scanner unit 7 is transmitted to the PC 20 via the Internet 50.

  When the MFP 1 is set to the copy mode, the image data generated by the scanner unit 7 is printed on a recording sheet by the printer unit 6. Further, when the MFP 1 is set to the scanner mode for causing the scanner function in the MFP 1 to function, the image data generated by the scanner unit 7 is stored in a predetermined storage area in the RAM 3.

  The memory card unit 8 has a slot in which various memory cards 40 can be detachably attached, and can read data stored in the memory card 40 attached to the slot or write desired data. is there. When the MFP 1 is set to the photo media capture mode, the data stored in the memory card 40 attached to the memory card unit 8 can be read and printed by the printer unit 6, and the memory card Data read from 40 can be transmitted to the PC 20 via the Internet 50.

  The memory card 40 is constituted by a flash memory that can be rewritten and retains memory even when the power is cut off, and various types (for example, an SD card and an xD card) are provided by various companies.

  The facsimile unit 11 transmits image data read by the scanner unit 7 or data received via the Internet 50 via a telephone line, and prints the data received via the telephone line by the printer unit 6. Or transmitted to the PC 20 via the Internet 50.

  Next, the PC 20 will be described. The PC 20 stores a CPU 21, a RAM 22 that is a memory for temporarily storing data and programs necessary for various processes executed by the CPU 21, and various control programs and fixed value data executed by the CPU 21. ROM 23, a hard disk 24 that is a rewritable and non-volatile memory that stores various programs and various settings, an operation unit 27 that includes a keyboard and a mouse having a plurality of operation input keys for setting various functions, , A display unit 25 constituted by a liquid crystal display for displaying various information, and a LAN I / F 26 which is a LAN interface for connecting to the Internet 50.

  The hard disk 24 includes an OS memory 24a for storing an OS (Operating System), a browser memory 24b, a resident application memory 24c for storing a resident application program (hereinafter abbreviated as a resident application), and an application memory 24d. (The client device control program of the present invention corresponds to this resident application).

  As the OS stored in the OS memory 24a, Windows (registered trademark) is known, and as the browser stored in the browser memory, Internet Explorer is known.

  The resident application stored in the resident application memory 24c is a program that is activated together with the OS when the PC 20 is turned on. When the browser is set as an FTP client and a command is issued, it communicates with the MFP 1 using HTTP as a protocol. At that time, the communication data is encrypted and transmitted, and the received information is decrypted and provided to the browser. The browser displays the information on the display unit 25.

  When a file is transmitted from the MFP 1, an application such as an editing program stored in the application memory 24d corresponding to the extension of the file name of the file is activated to display the file. The editing program or the like can edit a file, and when editing is performed, information for updating is transmitted to the MFP 1 so as to update the file stored in the memory card 40. To do.

  As applications stored in the application memory 24d, so-called word processor software capable of editing a document, image editing software capable of editing an image, and the like are stored.

  Next, communication processing between the MFP 1 and the PC 20 will be described with reference to FIG. FIG. 2 is a schematic diagram illustrating an example of the flow of communication processing between the MFP 1 and the PC 20.

First, when a user activates the browser on the PC 20, a box for entering an address is displayed on a screen displayed by the browser, and an address for specifying the MFP 1 is written in this box. In the box for entering this address, a URL (Uniform Resource Locator) is entered. When the communication protocol is designated as FTP,
ftp: // abc @ def
And so on.

  As a result, the browser functions as an FTP client and displays a screen for entering the user name and password (see FIG. 3). The user inputs a user name and a password registered in advance in each list on the displayed screen. As the user name, the user name stored in the PC 20 may be displayed, and the user may input only the password.

  When the user name and password are input, the browser issues a Get command including the user name and password. Upon receipt of the Get command, the resident application first generates a handle acquisition command and transmits this handle acquisition command to the MFP 1 [1]. This handle acquisition command notifies the MFP 1 of the public key (client key: composed of 16 bytes) of the PC 20 for encryption, and transmits the handle name and the server public key (server key) to the MFP 1. Is a command requesting.

  Upon receiving this handle acquisition command, the MFP 1 transmits a 16-byte handle name and a 16-byte server key of the MFP 1 to the PC 20 [2]. As described above, the PC 20 and the MFP 1 communicate with each other via the Internet 50, and HTTP is used as a communication protocol. Hereinafter, all communication between the PC 20 and the MFP 1 is performed using HTTP as a protocol.

  Note that when the handle name and the server key are transmitted, the MFP 1 accepts only a login from the transmission destination (other than the login is not accepted). Also, if the login fails for this handle name three times, the handle name is invalidated. The handle name is also invalidated if it is left without being logged in for 10 minutes after the handle name is transmitted. Further, even after login is performed, if it is left for 10 minutes, it is invalidated. The PC 20 periodically transmits a no operation command to the MFP 1 in order to maintain the handle.

  The PC 20 receives the client key and the secret key. Next, using this server key, the user name and password are encrypted, and a login command is generated. Next, this login command is transmitted to the MFP 1 [3]. The MFP 1 decrypts the received information, detects an error using a checksum, and if there is no error, authenticates the user name and password.

  Thus, since the public key is exchanged using the handle command before the client transmits the user name and password to the server, the user name and password can be encrypted and transmitted. Can be prevented from leaking.

  Next, if the MFP 1 determines that the user is a valid user as a result of the authentication, the MFP 1 returns an approval message to the PC 20, and if the MFP 1 determines that the user is not valid, returns NG [4]. .

  When receiving the approval, the PC 20 transmits a command requesting transmission of the directory list [5]. The parameter of this command is encrypted with the server key and transmitted. Also in the following processing, the parameter of the command transmitted from the PC 20 to the MFP 1 is transmitted after being encrypted with the server key, but the description of the following processing is omitted.

  When the MFP 1 receives the command, the MFP 1 combines the parameter and the like with the server key and the secret key, performs error detection with a checksum or the like, and confirms whether it has been received correctly. Even in the following processing, when the MFP 1 receives the command, the MFP 1 decrypts the parameter with the server key and the secret key, and performs error detection using a checksum or the like to check whether the command is received correctly. Description is omitted.

  When the MFP 1 correctly receives the command requesting the file list, the MFP 1 reads the file list in the directory stored in the memory card 40 attached to the memory card unit 8 and uses the client key to read the file list. Encrypt and send to PC 20 [6].

  The PC 20 combines the received file list using a client key and a secret key, and performs error detection using a checksum or the like. Also in the following processing, when receiving data, the PC 20 decrypts the data with the server key and the secret key, and performs error detection using a checksum or the like to confirm whether the data has been received correctly. Omitted.

  If no error is detected, the PC 20 displays a file list on the display unit 25. As a result, the user can select one of the files listed in the list. When the user selects one of the files, the PC 20 transmits a command requesting transmission of the selected file to the MFP 1 [7].

  Upon receiving this command, the MFP 1 encrypts the specified file using the client key and transmits it to the PC 20 [8].

  The PC 20 decrypts the file received by the resident application, starts an application corresponding to the extension of the file name, and displays the file by the application.

  When the file displayed by the application is edited by the user and overwriting is instructed, the edited file is encrypted and transmitted to the MFP 1 [9], and the MFP 1 performs overwriting.

  Next, a login screen displayed on the display unit 25 of the PC 20 will be described with reference to FIG. FIG. 3 is a screen diagram showing the login screen 61, which is displayed when a URL is set in the browser on the PC 20 as described above. The login screen 61 displays a box 61a for inputting a user name, a box 61b for inputting a password, and a login button 61c for instructing login processing.

  Usually, a user name set in advance is automatically set in the box 61a for inputting a user name. If necessary, the mouse can be operated to move the cursor to this box and change it. In the password input box 61b, the cursor is moved and the password is input using a keyboard or the like. Here, “123xyz”, which is a combination of numbers and alphabets, is used as an example, but the characters displayed in the box 61b are displayed as “****” so that others cannot discriminate. As described above, when the user name and password are input and the login button 61c is clicked, the resident application first performs a handle acquisition process and then performs a login process.

  Next, login processing executed by the PC 20 will be described. FIG. 4 is a flowchart showing the login process. This process is started when a login input is performed and a Get command is issued in the browser.

  First, a Get command storing information related to login is input from the browser (S1). Next, the public key is exchanged before sending the login command. First, a handle acquisition command describing the handle name and client key of the PC 20 is generated (S2) and transmitted to the MFP 1 (S3). Next, a handle name and a server key are received from the MFP 1 (S4). Next, using the received handle name and server key, a login command in which the user name and password are encrypted is generated (S5) and transmitted to the MFP 1 (S6).

  Next, it is monitored whether or not a notification indicating whether or not the authentication as a response to the login command has been received from the MFP 1 (S7). When a notification indicating whether or not the authentication is successful is received (S7: Yes), a notification indicating whether or not the authentication is successful is received (S8), and the notification is decrypted using the client key and the secret key. (S9), error detection is performed by a checksum (S10).

  If there is an error in the checksum (S10: No), an NG response is returned to the server, a response transmission is requested again (S11), and the process returns to S7.

  If there is no error in the checksum (S10: Yes), it is determined whether or not the authentication is successful (S12). If the authentication fails (S12: No), the process returns to S5 and generates a login command again. To send.

  If the authentication is successful (S12: Yes), the login process is terminated, the directory list is requested, the file is selected, and the file is requested.

  As described above with reference to the embodiment, the browser in the PC 20 functions as an FTP server, and communication with the MFP 1 is performed using HTTP as a communication protocol. When logging in, first, a mutual public key is exchanged using a handle acquisition command. In subsequent communications, communication is performed using the public key encrypted. Therefore, communication between the FTP client and the FTP server can be performed with encryption, and leakage of passwords and communication contents can be prevented.

  Note that the communication step described in the claims corresponds to the processes of S3, S4, S6, and S8 in the flowchart shown in FIG. 4, and the input step corresponds to the process of S1 in the flowchart shown in FIG. The encryption step corresponds to the process of S2 in the flowchart shown in FIG. 4, the decryption step corresponds to the process of S9 in the flowchart shown in FIG. 4, and the public key notification step is described in FIG. 4 corresponds to the process of S3 in the flowchart, and the public key acquisition step corresponds to the process of S4 in the flowchart shown in FIG.

  Although the present invention has been described based on the above embodiments, the present invention is not limited to the above embodiments, and various modifications can be easily made without departing from the spirit of the present invention. It can be done.

  For example, in the above embodiment, the file stored in the card reader (writer) of the MFP 1 is transmitted to the PC 20. However, the information read by the scanner or the information received by the facsimile may be transmitted to the PC 20. Good.

  In the above embodiment, the card reader is controlled by the CPU that is the configuration of the MFP 1. However, the card reader is connected to a computer via an interface such as a USB, and the computer is connected to another computer. And via the Internet 50.

1 is a block diagram showing an electrical configuration of a communication system including a PC and an MFP in an embodiment of the present invention. FIG. 3 is a diagram illustrating a flow of communication processing performed between a PC and an MFP. It is a login screen figure displayed by a browser. It is a flowchart which shows the login process performed by a resident application.

Explanation of symbols

1 Multifunctional peripheral device (MFP: server device)
8 Memory card unit 20 Personal computer (client device)
21 CPU
24 HDD
24c Resident application memory 25 Display unit 26 Communication interface (communication means)
40 Memory card 50 Internet

Claims (5)

In a client device control program for controlling a client device equipped with a browser that functions as an FTP client, comprising communication means for communicating with a server device via a communication line,
A communication step of performing communication via the communication line with a communication protocol as HTTP;
An input step of inputting information from the browser;
An encryption step of forming transmission information to be transmitted by the communication step according to the information input by the input step, and encrypting the transmission information;
A decoding step of decoding the information received by the communication step;
A client device control program comprising: an output step of outputting information decrypted by the decryption step to the browser. A public key acquisition step of acquiring a server-side public key from a communication partner by the communication step;
2. The client device control program according to claim 1, wherein the encryption step performs encryption based on the public key on the server side acquired by the public key acquisition step. A public key notifying step of notifying the communication partner of the public key on the client side by the communication step;
3. The client device control program according to claim 1, wherein the decrypting step decrypts based on the client-side public key notified in the public key notifying step.   3. The client according to claim 2, further comprising a login step of logging in to the server device, wherein the public key acquisition step acquires a server-side public key before login is executed by the login step. Device control program.   4. The client according to claim 3, further comprising a login step of logging in to the server device, wherein the public key notifying step notifies a client-side public key before the login is executed by the login step. Device control program.

Images