JP2009048267A - Image forming apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an image forming apparatus for reducing a virus contamination risk in the case of connecting a PC outside a network for performing print. <P>SOLUTION: This image forming apparatus is provided with: a first network interface on which a normal protocol stack is mounted; a second network interface on which a protocol stack exclusive for print is mounted in addition to the normal protocol stack; and a printer controller for processing a print document transmitted to the first and second network interfaces for image formation. When the data transmitted to the second interface are a document for print, the protocol stack exclusive for print transfers the data to the printer controller without using the normal protocol stack, and when the data are not the document for print, cancels the data. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an image forming apparatus that reduces the risk of virus infection from a PC outside the network.

  In recent years, notebook PCs have been carried in many business scenes as a result of the progress of miniaturization and weight reduction of notebook PCs. For this reason, the user connects his / her notebook PC to the local area network (LAN) of the office where he / she is away, and prints using an image forming apparatus such as a printer or MFP (Multi Function Peripheral) on the LAN. It is very convenient if you can.

  However, in many cases, it is often prohibited to connect a visitor's PC to the LAN in this way. This is because the outpatient PC is not subject to security management by the network administrator, and malicious programs such as viruses and bots (hereinafter collectively referred to as “viruses”) form images from the outpatient PC. This is because there is a possibility of entering into the apparatus and another PC on the LAN.

  Moreover, since some viruses infect through a recording medium, even if data stored in an external PC is transferred to a PC on the LAN via a storage medium such as a USB memory, PC may be infected.

  It is also possible to print by connecting an outsider's PC locally to the image forming apparatus after disconnecting the image forming apparatus from the office LAN. However, the image forming apparatus itself has a built-in PC as a printer controller. In some cases, the image forming apparatus itself may be infected with a virus. When an image forming apparatus infected with a virus is connected to the LAN again, the virus may be transmitted to other PCs on the LAN.

Patent Document 1 below discloses an image forming apparatus including a virus protection tool for detecting virus infection. This technique is intended to protect an image forming apparatus that has already been infected with a virus. However, once an MFP is infected with a virus, it takes a long time to recover, which hinders daily operations of the user. Furthermore, there is a possibility of leading to a serious situation such as spread of infection to other devices or leakage of confidential information. Therefore, there is a need for a technique for preventing virus infection that causes great damage to the user.
JP 2005-229611 A

  The present invention has been made in view of the above-described problems of the prior art, and an object of the present invention is to provide an image forming apparatus capable of reducing the risk of virus infection when printing is performed by connecting a PC outside the network. That is.

  The above object of the present invention is achieved by the following means.

  (1) A first network interface in which a normal protocol stack is mounted, a second network interface in which a print-only protocol stack is mounted in addition to the normal protocol stack, and a print document transmitted to the first and second network interfaces A printer controller for processing for image formation, and the print-dedicated protocol stack is configured to process the data when the data transmitted to the second network interface is a document for printing as the normal protocol stack. An image forming apparatus, wherein the image data is transferred to the printer controller without going through the process, and the data is discarded when the document is not a print document.

  (2) The printer controller includes a document reception unit that performs an operation of receiving print data, and an image development unit that converts the received print data into image data. A second document receiving unit that performs a receiving operation is mounted, and the document receiving unit of the print-only protocol stack sequentially delivers received print data to the image developing unit without buffering. The image forming apparatus according to (1).

  According to the present invention, it is possible to reduce the risk of virus infection when printing is performed by connecting a PC outside the network to the image forming apparatus with only a slight change in the configuration of the conventional image forming apparatus.

<First embodiment>
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a block diagram showing the overall configuration of a printing system to which an image forming apparatus according to a first embodiment of the present invention is applied. As shown in FIG. 1, an MFP 2 as an image forming apparatus includes an in-office LAN 3 to which a plurality of PCs 1 are connected and an out-patient LAN 3 to which an out-of-office PC 1 ′ not belonging to the in-office LAN 3 is connected. 'Is connected to both. That is, the MFP 2 has two LAN connection ports. Note that the types and the number of devices connected to the LAN 3 and the LAN 3 ′ are not limited to the example shown in FIG.

  Next, the configuration of each of the above devices will be described. However, each of the above devices may include a component other than the components described below, or may not include some of the components described below. Good. In addition, portions having similar functions in each device are described only for the first time in order to avoid duplication of description, and descriptions thereof are omitted for the second and subsequent times.

  FIG. 2 is a block diagram showing a configuration of the PC 1 shown in FIG. The PC 1 includes a CPU 11, a ROM 12, a RAM 13, a hard disk 14, a display 15, an input device 16 and a network interface 17, which are connected to each other via a bus 18 for exchanging signals. The configuration of the outpatient PC 1 ′ shown in FIG. 1 is the same as the configuration of the PC 1, and a description thereof will be omitted.

  The CPU 11 performs control of each part and various arithmetic processes according to the program. The ROM 12 stores various programs and various data. The RAM 13 temporarily stores programs and data as a work area. The hard disk 14 stores various programs including an operating system and various data. In particular, the hard disk 14 stores a device driver (printer driver) that transmits a print document to the MFP 2 to execute printing. The hard disk 14 stores a web client program that connects to the MFP 2 having a function as a web server and browses web pages.

  The display 15 is an LCD, a CRT display, or the like, and is used for displaying various types of information. The input device 16 includes a pointing device such as a mouse and a keyboard, and is used for inputting various information.

  The network interface 17 is an interface for communicating with other devices via the LAN 3, and standards such as Ethernet (registered trademark), token ring, and FDDI are used. The above-described print document is also transmitted to the MFP 2 via the network interface 17.

  FIG. 3 is a block diagram showing the configuration of the MFP 2 shown in FIG. As shown in FIG. 3, the MFP 2 includes a control unit 21, a storage unit 22, an operation unit 23, an image reading unit 24, a printing unit 25, a first network interface 26, and a second network interface 27. Are mutually connected via a bus 28 for exchanging data.

  The control unit 21 is a CPU, and controls the above units and performs various arithmetic processes according to a program.

  The storage unit 22 stores various programs and parameters in advance, a RAM that temporarily stores programs and data as a work area, stores various programs and parameters, or stores image data obtained by image formation, and the like. Consists of a hard disk or the like used for temporary storage. In particular, the storage unit 22 stores a web server application 4 for providing a web service by a web server (not shown) installed in the MFP 2 and a printer controller application 5 for executing a printing function of the MFP 2. In particular, by executing the printer controller application 5, the control unit 21 configures a printer controller.

  The operation unit 23 displays various information or a touch panel for inputting various settings, a numeric keypad for setting the number of copies, a start key for instructing start of operation, a stop key for instructing stop of operation, and various setting conditions at the initial stage. It consists of various fixed keys such as reset keys, display lamps and the like.

  The image reading unit 24 irradiates light from a light source such as a fluorescent lamp onto a document set at a predetermined reading position on a document table or a document conveyed to a predetermined reading position by an ADF (Auto Document Feeder automatic document feeder). The reflected light is photoelectrically converted by an image reading unit such as a CCD image sensor or a CMOS image sensor, and the electric signal is A / D converted to generate a bitmap-format print image.

  The printing unit 25 prints the print image on a sheet by an electrophotographic method including charging, exposure, development, transfer, and fixing steps, and discharges the print image by an electrophotographic method. However, the printing method of the printing unit 25 in the present invention is not limited to this, and other than the electrophotographic method, an impact method, a thermal transfer method, an ink jet method, or the like may be used.

  The first network interface 26 is an interface for communicating with an external device such as the PC 1 connected to the in-house LAN 3, and the second network interface is the PC 1 connected to the LAN 3 ′ for outpatients. This is an interface for communicating with an external device such as'. Note that standards such as Ethernet (registered trademark), token ring, and FDDI are used for communication with external devices via the LAN 3 and 3 '.

  With the above configuration, the MFP 2 functions as a printer that prints out image data as a print document received from an external device, functions as a scanner that reads a document image and transmits the image data to the external device, and reads a document image. It has a function as a copying machine that prints out image data and a function as a facsimile that transmits and receives image data via a telephone line.

  Next, specific configurations of the first network interface 26 and the second network interface 27 will be described with reference to FIGS.

  FIG. 4 is a block diagram showing the configuration of the first network interface 26. Here, the first network interface 26 is a general LAN connection interface, and includes a NIC (Network Interface Card) driver 261 and a protocol stack 262.

  The NIC driver 261 performs communication with a device connected to the LAN 3 such as the PC 1, converts the received message into digital data, and passes it to the protocol stack 262. The protocol stack 262 serves to analyze the digital data received from the NIC driver 261 and pass it to the designated application. This point will be described in detail below.

  In general, a network address called a socket for specifying a communication destination is used for communication with each application installed in a device on a LAN. Protocols such as TCP / IP and UDP / IP communicate with each application via a port that is a logical connection port corresponding to each socket. Such port numbers range from 0 to 65535, of which 0 to 1024 have predetermined uses. For example, the port number for accepting a web service request by a web server application installed in an MFP or the like is “80”. The port number for accepting a print service request to the printer controller application 5 is “92”.

  Here, with reference to FIG. 4 again, a procedure in which the protocol stack 262 communicates with each application installed in the MFP 2 will be described. Here, a case where a web service request is made from the PC 1 to the web server of the MFP 2 will be described as an example.

  First, a socket connected to the 80th port is created by the web server application 4. When the NIC driver 261 receives a message transmitted as an electrical signal from the PC 1, the NIC driver 261 converts the message into digital data and passes it to the protocol stack 262. When the protocol stack 262 analyzes the passed digital data and recognizes that the message is a message addressed to the port 80 (ie, a request for a web service), the web server application connected to the port 80 is connected. Pass data to socket 4 If there is no socket connected to the 80th port, the protocol stack 262 discards the message.

  Next, FIG. 5 is a block diagram showing a configuration of the second network interface 27. Here, the second network interface 27 is an interface for connecting to an outpatient LAN 3 ′ provided independently of the LAN 3. The LAN 3 ′ is connected to the LAN 3, which is a non-connected outpatient PC 1 ′.

  As shown in FIG. 5, in addition to the NIC driver 271 and the protocol stack 272, the second network interface 27 includes a print-only protocol stack 273 implemented between them. With this configuration, when the NIC driver 271 receives a message addressed to each application transmitted from the visitor's PC 1 ′, the message is passed to the print-only protocol stack 273.

  Similar to the NIC driver 261, the NIC driver 271 receives a message from the PC 1 ′ or the like via the LAN 3 ′, converts it into digital data, and passes it to the protocol stack. However, the destination to which the NIC driver 271 passes data is not the normal protocol stack 272 but the print-only protocol stack 273.

  The print-only protocol stack 273 analyzes the digital data received from the NIC driver 271 and passes the data to the application 5 only when it is addressed to the 92nd port assigned to the printer controller application 5. If it is addressed to a port other than, the data is discarded. That is, the print-only protocol stack 273 functions as a filter for selectively passing only messages addressed to the printer controller application 5 such as print jobs. The printer controller application 5 is designed so that the socket is connected to the print-only protocol stack 273 for the second network interface. On the other hand, sockets of applications other than the printer controller application (for example, the web server application 221 in FIG. 5), as shown in FIG. 5, each of the normal protocol stack 272, as in the case of the first network interface 26. Since the connection is made to the port, each application is not affected by the installation of the print-only protocol stack 273 (for example, a design change is required).

  Therefore, according to the MFP 2 of the present embodiment, only messages addressed to the printer controller application 5 among the messages received from the visitor PC 1 ′ connected to the LAN 3 ′ are selectively displayed in the normal protocol stack 272. Since it is passed to the application 5 without going through it, an attack against an application other than the printer controller application 5 due to a virus becomes impossible. That is, the second network interface 27 in which the print-only protocol stack 273 is mounted is added to the MFP 2, and the printer controller application socket is designed to be connected to the print-only protocol stack for the second network interface. It is possible to greatly reduce the risk of virus infection when printing is performed by connecting a foreign person's PC 1 ′ to the MFP 2.

<Second embodiment>
Next, a second embodiment of the present invention will be described. According to the MFP 2 of the first embodiment described above, it is possible to limit the virus attack target only to the printer controller application, so that the virus infection risk of the MFP 2 can be greatly reduced. However, the risk remains that the print controller application is subject to virus attack. Therefore, the MFP 2a of the present embodiment also eliminates the risk that the printer controller application becomes a virus attack target.

  Here, before describing a specific configuration of the MFP 2a of the present embodiment, a conventional printer controller application will be described.

  FIG. 6 is a schematic configuration diagram of a conventional printer controller application 5. The printer controller application 5 receives a print document from a client PC, a document reception unit 51, an image development unit 52 that converts the received document into image data suitable for printing, and passes the image data to the printing unit to execute printing. Is provided. Here, when the printer controller application 5 becomes a virus attack target, the operation that may have a vulnerability is considered to be a print document reception operation by the document reception unit 51. The reason is as follows.

  In recent years, many viruses have maliciously overflowed an application buffer area to take over the application and execute the desired operation. This is a so-called buffer overrun attack. Even if an application is taken over by a buffer overrun attack, the system area such as the OS is hardly affected and continues to operate normally, so that the virus can freely execute the operation desired by the virus producer. Therefore, the print document reception operation including the data write operation to the buffer area is vulnerable to a virus attack.

  On the other hand, when a virus targets a system area program such as a device driver or protocol stack as a target of attack, the virus must take over the operation of the program. Generally, the system area program controls the entire system, and thus capacity. Is big. For example, it is known that the weight of the protocol stack is 40960 bytes or more, no matter how compact. For this reason, viruses that take over the operation of programs in the system area inevitably have a large capacity, but it is technically extremely difficult to make an attack with a large capacity virus successful. Therefore, if application-level vulnerabilities can be transferred to programs in the system area, the risk of virus infection can be further reduced.

  Next, a specific configuration of the MFP 2a according to the present embodiment will be described. The MFP 2a of this embodiment is different from the MFP 2 of the first embodiment described above only in the configuration of the second network interface 27a. Therefore, below, it demonstrates centering on difference with 1st embodiment.

  FIG. 7 is a block diagram showing a configuration of the second network interface 27a in the present embodiment. The second network interface 27 is an interface for connecting to a LAN 3 ′ for outside persons provided independently of the office LAN 3. Like the first embodiment, the second network interface 27 is a NIC driver 271, a normal protocol. A stack 272 and a print-only protocol stack 273 mounted therebetween are provided. Here, the difference from the first embodiment is that the document receiving unit 51 of the printer controller application 5 is mounted on the print-only protocol stack 273. Furthermore, in the present embodiment, the document reception unit 51 passes the received print document to the image development unit 52 every time it is received without buffering it on the memory.

  With the above configuration, the print document reception operation which is a vulnerability of the printer controller application 5 is executed by the protocol stack which is a program in the system area. Therefore, in order for the virus to succeed in the attack, the virus must include a program that takes over the operation of the protocol stack. Here, since the data capacity that can be received at a time in a protocol such as TCP / IP is generally only about 1500 bytes corresponding to one IP frame size, the virus must be completed with a capacity of 1500 bytes or less. . However, since the capacity of the protocol stack is at least 40960 bytes as described above, it is practically impossible to produce a virus capable of taking over the operation with a capacity of 1500 bytes or less. As an exception, large-volume data reception using jumbo frames and fragment packets can be realized. However, in this embodiment, reception using jumbo frames and fragment packets is prohibited.

  Therefore, according to the MFP 2a of the present embodiment, since the vulnerability of the printer controller application 222 is moved to the protocol stack side that is a program in the system area, even a virus attack on the printer controller application cannot be realized. That is, it is possible to completely eliminate the risk of virus infection when printing is performed by connecting a non-resident PC 1 '.

  Note that the printer controller application 5 of this embodiment also needs to receive a print document from the first network interface 26 on the in-house LAN 3 side. Therefore, this application actually has a configuration as shown in FIG. 6, that is, a configuration including a print document receiving unit 51. When a print document is received from the print dedicated protocol stack 273 of the second network interface 27, the data received from the print document receiving unit 51 mounted in the print dedicated protocol stack as described above is sent to the image developing unit 52. You will receive it.

  The present invention is not limited to the above-described embodiments, and various modifications can be made within the scope of the claims. For example, in each of the above embodiments, the image processing apparatus of the present invention has been described as an MFP having a scan function, a print function, a copy function, and the like, but the image forming apparatus of the present invention is not limited to this. As another aspect of the image forming apparatus of the present invention, a single unit such as a scanner, a printer, a digital copying machine, a facsimile machine, an electronic mail printer, or an MFP having two or more of these functions can be cited.

1 is a block diagram showing an overall configuration of a printing system to which an MFP according to a first embodiment of the present invention is applied. It is a block diagram which shows the structure of PC in FIG. FIG. 2 is a block diagram illustrating a configuration of the MFP in FIG. 1. It is a block diagram which shows the structure of the 1st network interface in FIG. It is a block diagram which shows the structure of the 2nd network interface in FIG. It is a block diagram which shows the structure of the conventional printer controller application. It is a block diagram which shows the structure of the 2nd network interface concerning 2nd embodiment of this invention.

Explanation of symbols

1 PC,
11 CPU,
12 ROM,
13 RAM,
14 hard disk,
15 display,
16 input devices,
17 network interface,
18 Bus,
1 'PC
2 MFP,
21 control unit,
22 storage unit,
23 Operation part,
24 image reading unit,
25 printing section,
26 first network interface;
261 NIC driver,
262 protocol stack,
27 second network interface,
271 NIC driver,
272 protocol stack,
273 print-only protocol stack,
28 Bus,
2a MFP,
27a second network interface,
3 LAN,
3 'LAN,
4 Web server application,
5 Printer controller application,
51 Print document receiver,
52 Image development department,
53 Print instruction section.

Claims (2)

A first network interface implementing a normal protocol stack;
A second network interface that implements a print-only protocol stack in addition to the normal protocol stack;
A printer controller for processing a print document transmitted to the first and second network interfaces for image formation;
With
When the data transmitted to the second network interface is a print document, the print-only protocol stack passes the data to the printer controller without passing through the normal protocol stack, and is not a print document. In this case, the image forming apparatus discards the data. The printer controller includes a document reception unit that performs an operation of receiving print data, and an image development unit that converts the received print data into image data.
The print-only protocol stack includes a second document receiving unit that performs print data receiving operation.
The image forming apparatus according to claim 1, wherein the document receiving unit of the print-only protocol stack sequentially transfers received print data to the image developing unit without buffering.