JP2014150410A - Image forming apparatus and switching method of encryption strength - Google Patents

Abstract

PROBLEM TO BE SOLVED: To effectively suppress a decrease in network communication rate, and appropriately ensure a security level.SOLUTION: An image forming apparatus can be operated in a normal operation mode and in a power saving mode with less power consumption than the normal operation mode, and includes a network interface unit that performs encrypted communication with another device on a network, and an encrypted communication control unit that sets encryption strength in the encrypted communication. The encrypted communication control unit acquires an apparatus state of the image forming apparatus, and when determining that the apparatus is in operation in the power saving mode or a load on a CPU controlling the operation of the apparatus is larger than a predetermined threshold, sets the encryption strength in the encrypted communication to a first value that is lower than a predetermined reference value. The encrypted communication control unit further determines an instruction received from the another device, and changes the encryption strength according to the content of the instruction.

Description

  The present invention relates to an image forming apparatus that performs encrypted communication with a device connected to a network, and a method for switching encryption strength in the encrypted communication.

  Image forming apparatuses such as printers and multi-function peripherals (MFPs) maintain a fixing device that fixes a toner image formed on a sheet at a constant temperature in order to shorten a waiting time until a printed matter is output. The power consumption in the normal operation mode (ready state) is large. In view of this, when a state in which the device is not used for a certain period of time continues, the image forming apparatus is shifted to a power saving mode (sleep state) in which the power consumption is lower than that in the normal operation mode to reduce power consumption.

  Further, in order to reduce the power consumption in the power saving mode, only a part of the CPU (Central Processing Unit) is operated, or the main CPU and the sub CPU are provided in the image forming apparatus, and the main CPU is caused to sleep. Only the sub CPU is operated. When the image forming apparatus is connected to a network and used, a part of the CPU or a sub CPU responds to the network packet, and when the network packet that meets a predetermined condition is received, the entire CPU Alternatively, the main CPU is woken up.

  However, in the power saving mode, only a part of the CPU or a sub CPU is operated, and the calculation performance of the entire CPU is lowered, so that the network communication speed (speed for processing network packets) is lowered. Occur. In particular, when performing encrypted communication with a device connected to a network, the amount of computation of the CPU differs depending on the security level (encryption strength) corresponding to the encryption method, and therefore the security level in encrypted communication is high (encryption). If the strength is high), the network communication speed is greatly reduced.

  With regard to a technique for suppressing such a decrease in network communication speed, for example, Japanese Patent Application Laid-Open No. 2004-151561 is an image processing apparatus that controls image processing in response to external communication, and the image processing apparatus is an image processing apparatus. Main control means for managing the functions of the interface, and interface control means for acting on the main control means in response to the content of data received via a network, the interface control means comprising: A configuration is disclosed in which the operation clock rate related to the data transfer efficiency within the interface control means of the data is variably controlled according to the encryption strength of the data.

JP 2010-246096 A

  The technique of the above-mentioned Patent Document 1 is a technique for adjusting the data transfer efficiency inside the interface control means by changing the operation clock rate. Even if the data transfer efficiency is increased when the encryption strength is high in the encrypted communication, In the power saving mode, since the calculation performance of the entire CPU is low, it is not possible to effectively suppress a decrease in network communication speed.

  The above-described problem of a decrease in network communication speed occurs not only in the power saving mode but also in the normal operation mode. For example, when processing a job, the CPU performs various processes for controlling various parts, and the CPU load is large, so that there is a shortage of resources allocated to network communication processing, resulting in a network communication speed. Will fall.

  SUMMARY An advantage of some aspects of the invention is that it provides an image forming apparatus and a cipher strength switching method capable of effectively suppressing a decrease in network communication speed. is there.

  Another object of the present invention is to provide an image forming apparatus and an encryption strength switching method capable of appropriately ensuring a security level.

  One aspect of the present invention is a network interface that performs encrypted communication with other apparatuses on a network in an image forming apparatus that can operate in a normal operation mode and a power saving mode that consumes less power than the normal operation mode. And an encrypted communication control unit that sets encryption strength in the encrypted communication, the encrypted communication control unit acquires a device state of the own device, and the own device is operating in the power saving mode. Or, when it is determined that the load on the CPU that controls the operation of the device is larger than a predetermined threshold, the encryption strength in the encrypted communication is set to a first value lower than a preset reference value. It is characterized by doing.

  One aspect of the present invention is a cipher strength switching method in a system including an image forming apparatus operable in a normal operation mode and a power saving mode in which power consumption is lower than that in the normal operation mode. The device acquires first device processing for receiving a connection instruction from another device on the network, and the device state of the device itself, and the CPU that is operating in the power saving mode or that controls the operation of the device itself Second processing for setting the encryption strength in encrypted communication to a first value lower than a preset reference value when it is determined that the load is greater than a predetermined threshold, and the set encryption strength And a third process for performing encrypted communication with the other device.

  According to the image forming apparatus and the encryption strength switching method of the present invention, it is possible to effectively suppress a decrease in network communication speed and to appropriately ensure a security level.

  The reason is that the encryption communication control unit provided in the image forming apparatus acquires the apparatus state of the own apparatus and the apparatus is operating in the power saving mode, or the load of the CPU that controls the operation of the own apparatus is in advance. This is because, when it is determined that the value is larger than the predetermined threshold value, control is performed to set the encryption strength in the encrypted communication to a first value lower than a preset reference value.

  Further, the encryption communication control unit determines an instruction from another device on the network, and switches the encryption strength according to the content of the instruction (for example, a job execution instruction or a setting information of the own device). This is because in the case of a change instruction, the encryption strength is changed to a second value higher than the first value).

1 is a diagram schematically illustrating a configuration of a printing system according to an embodiment of the present invention. It is a block diagram which shows the structure of the client terminal which concerns on one Example of this invention. 1 is a block diagram illustrating a configuration of an image forming apparatus according to an embodiment of the present invention. FIG. 6 is a diagram illustrating an example of a cryptographic strength setting screen in the image forming apparatus according to an embodiment of the present invention. FIG. 5 is a flowchart illustrating an operation of the image forming apparatus according to an embodiment of the present invention (encryption strength setting operation according to the apparatus state). FIG. 6 is a flowchart illustrating an operation of the image forming apparatus according to an embodiment of the present invention (encryption strength setting operation according to CPU load). FIG. 5 is a flowchart illustrating an operation of the image forming apparatus according to an embodiment of the present invention (encryption strength changing operation according to instruction content).

  As shown in the background art, in a device that consumes a large amount of power in the normal operation mode, such as an image forming device, if the device is not used for a certain period of time, it is shifted to the power saving mode to reduce the power consumption. I am trying. Further, in the power saving mode, part of the CPU is operated or only the sub CPU is operated to reduce power consumption in the power saving mode.

  However, when only a part of the CPU or only the sub CPU is operated, the calculation performance of the entire CPU is lowered, so that the network communication speed is lowered. In particular, when performing encrypted communication, if the security level is high (encryption strength is high), the network communication speed is greatly reduced. Also in the normal operation mode, when the CPU load is large and the resources allocated to the network communication processing are small, the network communication speed similarly decreases. Against this background, there is a demand for a technique that can effectively suppress a decrease in network communication speed in an image forming apparatus that requires power saving.

  Therefore, in one embodiment of the present invention, when the image forming apparatus is in the power saving mode, or when the load on the CPU is larger than a predetermined threshold, control is performed to lower the encryption strength in the encrypted communication. However, since it is difficult to ensure security if the encryption strength is lowered, control is performed to change the encryption strength in accordance with the contents of instructions from the client terminal connected to the network. For example, in the case of a specific instruction such as execution of a job or change of setting information of the image forming apparatus, control for increasing the encryption strength is performed.

  In this way, by finely controlling the encryption strength according to the state of the device and the content of the instruction, it is possible to effectively suppress the decrease in network communication speed while suppressing the power consumption in the power saving mode, and the security level. Can be secured appropriately.

  Note that encryption schemes in the encrypted communication include a common key cryptosystem that uses a common key for encryption and decryption, and a public key cryptosystem that uses two sets of keys, a public key and a secret key. In addition, the common key encryption method includes a block encryption method in which encryption is performed by dividing every fixed-length bit, and a stream encryption method in which processing is performed for each input bit.

  Examples of each encryption method are: common key encryption method (block encryption method): 3-Way, AES (Advanced Encryption Standard), Blowfish, CAST128, CRAB, DES (Data Encryption Standard), Triple DES, FEAL-N (First Encryption Algorithm-N), FEAL-NX (First Encryption Algorithm-NX), GOST, IDEA (International Data Encryption Algorithm), RC2, RC5, MULTI2, MYSTY, SAFER (Secure And Fast Encryption Routine), SKIPJACK and so on. Common key cryptography (stream encryption) includes A5, CRYPT (1), GCC (Gao's Chaos Cryptosystem), LFSR cipher, RC4, SEAL, ECB (Electronic Code Book Mode, CBC (Cipher Block Chaining Mode) , OFB (Output Feed Back), CFB (Cipher Feedback Mode), etc. Public key encryption methods include El Gamal, ECC (Elliptic Curve Cipher), Diffie-Hellman, Merkle-Hellman napsack, Rabin, RSA, etc. There is.

  When the encryption method is determined, the key used in the encryption method (the encryption key in the common key encryption method and the secret key in the public key encryption method) is determined, and the encryption strength is determined according to the bit length of the key. Therefore, the encryption strength can be set / changed by deciding an arbitrary encryption method from the encryption methods that can be supported by both devices performing network communication and determining the bit length of the key used in the encryption method. Can do.

  In order to describe the above-described embodiment of the present invention in further detail, an image forming apparatus and an encryption strength switching method according to an embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a diagram schematically illustrating a configuration of a printing system according to the present exemplary embodiment, FIG. 2 is a block diagram illustrating a configuration of a client terminal according to the present exemplary embodiment, and FIG. 3 illustrates an image forming apparatus according to the present exemplary embodiment. It is a block diagram which shows a structure. FIG. 4 is a diagram showing an example of the encryption strength setting screen, and FIGS. 5 to 7 are flowcharts showing the operation of the image forming apparatus of this embodiment.

  As illustrated in FIG. 1, the printing system 10 according to the present exemplary embodiment creates one or more client terminals 20 that create a document or the like and gives a print instruction to the image forming apparatus 30, and one or more that performs print processing according to the print instruction. The image forming apparatus 30 includes a LAN (Local Area Network) and a WAN (Wide Area Network) defined by standards such as Ethernet (registered trademark), token ring, and FDDI (Fiber-Distributed Data Interface). Or the like via a communication network. 1 shows a configuration in which the client terminal 20 and the image forming apparatus 30 are directly connected via a communication network. However, the client terminal 20 and the image forming apparatus 30 are connected via a router or the like. It is good also as a structure to be. Hereinafter, each device will be described in detail.

[Client terminal]
The client terminal 20 is a general computer device, and includes a control unit 21, a network interface unit 22, a display unit 23, an operation unit 24, and the like as shown in FIG.

  The control unit 21 includes a CPU (Central Processing Unit), a memory such as a ROM (Read Only Memory) and a RAM (Random Access Memory), and a storage unit such as an HDD (Hard Disk Drive), and controls the operation of the client terminal 20. Programs, an OS (Operating System) 21a, a document creation application 21b, and the like are read from the ROM or HDD, loaded into the RAM, and executed. The control unit 21 also functions as a Web client by reading out a Web application 21c for performing instructions and settings related to printing on a Web browser from the ROM or HDD, and expanding and executing the RAM on the RAM.

  The network interface unit 22 includes a NIC (Network Interface Card) or the like, and enables network communication with the image forming apparatus 30. When performing encrypted communication with the image forming apparatus 30, a notification of the encryption strength (encryption method and key bit length) set by the image forming apparatus 30 is received from the image forming apparatus 30 and used in the encryption method. Data is encrypted using an encryption key (or public key) and transmitted.

  The display unit 23 is composed of an LCD (Liquid Crystal Display) or the like, and displays a Web screen (print setting screen, print instruction screen, etc.) for performing instructions and settings regarding printing on a Web browser. The operation unit 24 includes a mouse, a keyboard, and the like, and enables print settings, print instructions, and the like on the Web screen.

[Image forming apparatus]
As shown in FIG. 3, the image forming apparatus 30 includes a control unit (controller) 31, a network interface unit 32, a display / operation unit 33, an encryption communication control unit 34, an image processing unit 35, and a printing process. (Print engine) 36 and the like. Note that the image forming apparatus 30 may be a printer capable of printing output, and may have functions such as a finisher, a scan, and a fax as the printer functions.

  The control unit (controller) 31 includes a CPU, a memory such as a ROM and a RAM, and a storage unit such as an HDD. The control unit 31 reads a program for controlling the operation of the image forming apparatus 30 from the ROM and the HDD, and expands the program on the RAM. And execute. The control unit 31 also functions as a Web server by reading a Web application 31a that provides a Web service that enables instructions and settings related to printing on a Web browser from the ROM and HDD, and expanding and executing them in the RAM. To do.

  The network interface unit 32 is configured by a NIC or the like, and enables network communication with the client terminal 20. When performing encrypted communication with the client terminal 20, the session with the client terminal 20 is disconnected, and the encryption strength (encryption method and bit length of the key) set or changed by the encrypted communication control unit 34 is set to the client terminal. 20 is established and a session is constructed again. When the encrypted data is received from the client terminal 20, the data is decrypted using the encryption key (or secret key) used in the encryption method. When the image forming apparatus 30 periodically performs communication for confirming that the connection is valid on the network (referred to as a keep alive state), the image forming apparatus 30 cancels the keep alive state and then again. Build a session.

  The display / operation unit 33 is a touch panel or the like provided with an operation unit such as a touch sensor made of a grid-like transparent electrode on a display unit such as an LCD, and displays a screen for setting encryption strength, which will be described later. Allows operations such as setting encryption strength above.

  The encrypted communication control unit 34 follows the encryption strength information (referred to as encryption strength setting information) set according to the state of the own device, the degree of CPU load, the content of the instruction from the client terminal 20, and the like. The encryption strength (encryption method and key bit length) applied to the encrypted communication with the terminal 20 is set or changed.

  For example, when the image forming apparatus 30 is operating in the normal operation mode, the encryption strength is set to a predetermined reference value (such as “AES256”), and when operating in the power saving mode, the CPU The encryption strength is set to a value lower than the reference value (such as “AES128”) so that network communication processing can be performed even when the calculation performance is low. Further, the CPU load is determined based on the currently executed process. When the CPU load is relatively small (below a predetermined threshold), the encryption strength is set to a predetermined reference value (such as “AES256”). When the CPU load is relatively large (greater than a predetermined threshold), the cryptographic strength is lower than the reference value so that network communication processing can be performed even if the CPU computing performance is low. Set to a value (such as “AES128”).

  Further, when the instruction content from the client terminal 20 is an instruction to change the setting information in the image forming apparatus 30, the encryption strength is a value higher than a predetermined reference value (such as “DES”) so as to ensure security. (Such as “AES128”) If the instruction content is a job execution instruction, the encryption strength is set to a value higher than a predetermined reference value (such as “AES256”) so that higher security can be secured.

  When the encryption communication control unit 34 sets or changes the encryption strength, the encryption communication control unit 34 displays a Web screen to that effect on the display / operation unit 33 to inquire the user whether the encryption strength can be set or changed. You may do it. Further, when making an inquiry to the user, a web screen for selecting the encryption strength may be displayed on the display / operation unit 33 so that the user can select the encryption strength.

  The encrypted communication control unit 34 may be configured as hardware, or may be configured as software that causes the control unit 31 to function as the encrypted communication control unit 34.

  The image processing unit 35 receives document data from the client terminal 20, rasterizes the data of each page of the document, and converts it into print data.

  The print processing unit (print engine) 36 executes print processing based on the print data generated by the image processing unit 35. Specifically, elements necessary for image formation using an image forming process such as an electrophotographic method or an electrostatic recording method, that is, a charging device, a photosensitive drum, an exposure device, a transfer roller, a transfer belt, and a fixing device. Etc. The photosensitive drum charged by the charging device is irradiated with light corresponding to the print data from the exposure device to form an electrostatic latent image, and the charged toner is developed by the developing device and developed. A process of transferring to a paper medium via a primary transfer roller and a secondary transfer belt and fixing with a fixing device is performed.

  In FIG. 3, the image forming apparatus 30 is configured to have a function as a controller, but the function as a controller may be separated. In that case, the network interface unit 32 and the encrypted communication control unit 34 are arranged in a device (printer controller) having a function as a controller, and the printer controller performs encrypted communication with the client terminal 20 via the communication network. What should I do?

  In the present embodiment, the image forming apparatus 30 is configured on the Web browser of the client terminal 20 so that the instruction content of the client terminal 20 can be grasped before receiving the data packet from the client terminal 20. A Web screen that enables instructions and settings regarding printing is displayed (that is, the control unit 31 of the image forming apparatus 30 functions as a Web server, and the control unit 21 of the client terminal 20 functions as a Web client). However, when the instruction content is described in the header information of the data packet or the like, the data transfer permission request is sent by the SYN packet (synchronization packet), and the ACK packet (confirmation response packet) is permitted from the image forming apparatus 30 side. When data packet transmission is performed after the notification is received, the instruction content can be acquired from the header information or the permission request. In this case, the image forming apparatus 30 is displayed on the screen of the printer driver installed in the client terminal 20. An instruction or setting regarding printing may be performed.

  Next, the encryption strength setting method will be described. The encryption strength can be set, for example, on an encryption strength setting screen displayed on the display / operation unit 33 of the image forming apparatus 30 as shown in FIG. This encryption strength setting screen includes, for example, an encryption strength setting field for the device status and an encryption strength setting field for the instruction content, and the user can select a desired encryption strength from among encryption strength options. The encryption strength is set by selecting or directly inputting a desired encryption strength. When the user sets the cipher strength, the control unit 31 creates cipher strength setting information that describes the correspondence between the device status and the cipher strength and the correspondence between the instruction content and the cipher strength, and stores them in the HDD or the like. To do.

  When setting the cipher strength, it is necessary to lower the cipher strength when the device state is the power saving mode or when the CPU load is relatively large compared to when the normal operation mode or the CPU load is relatively small. Once a standard value (such as “AES256”) for the normal operation mode or when the CPU load is relatively small is set, the “power saving / CPU load is large” column has a lower cryptographic strength ( Only "AES128" etc.) can be set. Also, here, the normal operation mode and the power saving mode are illustrated as the device state, but it is also possible to set the encryption strength according to values such as the error state, time, day of the week, etc. of the main body.

  Similarly, when the instruction content is a specific instruction that should ensure security, it is necessary to make the encryption strength higher than that of the normal instruction. Therefore, after setting a reference value (such as “DES”) for the normal instruction, “ It is possible to set only encryption strengths higher than the reference value (such as “AES256” or “AES128”) in specific instruction fields such as “Job execution” and “Change setting information”. In addition, although “execution of job” and “change of setting information” are illustrated as specific instructions here, the encryption strength according to browsing / setting of the address book of the main body, browsing / setting of information related to security, etc. May be set.

  Here, the case where the setting relating to the encryption strength is performed by the display / operation unit 33 is shown, but the setting can also be made on the Web screen of the client terminal 20. When the image forming apparatus 30 is a device that supports SNMP (Simple Network Management Protocol), the client terminal 20 uses an SNMP manager command to store setting information as an object in an MIB (Management Information Base) having a tree structure. You can also set the encryption strength.

  Hereinafter, the operation of the image forming apparatus 30 of this embodiment will be described. First, the operation for setting the cipher strength according to the apparatus state will be described with reference to the flowchart of FIG.

  When the network interface unit 32 of the image forming apparatus 30 receives a connection instruction from the client terminal 20 (S101), the encryption communication control unit 34 checks whether the image forming apparatus 30 is operating in the power saving mode. (S102). If not operating in the power saving mode, the encrypted communication control unit 34 refers to the encryption strength setting information stored in advance and acquires the encryption strength (reference value) corresponding to the normal operation mode (S103). When operating in the power saving mode, the cipher strength corresponding to “power saving” (cipher strength lower than the reference value) is acquired with reference to the cipher strength setting information (S104). Then, the encrypted communication control unit 34 notifies the acquired encryption strength to the client terminal 20 and performs network connection with the encryption strength (S105).

  In the above, when setting the encryption strength, the user may be inquired whether the encryption strength may be set, or when making an inquiry to the user, the user may select the encryption strength. When the user does not permit the encryption strength setting, the conventional encryption strength may be maintained or the network connection may be disconnected. In addition, when a session with the client terminal 20 has already been established at the time of network connection, it is preferable that the session is once disconnected and then the session is established again with the set encryption strength. When the image forming apparatus 30 is in the keep alive state, it is preferable to reestablish the session with the set encryption strength after canceling the keep alive.

  As described above, when the image forming apparatus 30 is operating in the power saving mode, by making the encryption strength lower than the reference value, encrypted communication can be performed even if the CPU has a low computing power. A decrease in communication speed can be effectively suppressed. In addition, when the image forming apparatus 30 is operating in the normal operation mode, the security level can be appropriately ensured by setting the encryption strength to the reference value.

  The above flow is an example in which the encryption strength is set based on whether or not the image forming apparatus 30 is operating in the power saving mode, but the encryption strength can also be set based on the load state of the CPU. The operation of the image forming apparatus 30 in that case will be described with reference to the flowchart of FIG.

  When the network interface unit 32 of the image forming apparatus 30 receives a connection instruction from the client terminal 20 (S201), the encryption communication control unit 34 checks the processing currently being performed, and the CPU load is a predetermined threshold value. It is judged whether it is larger than (S202). When the CPU load is equal to or less than the threshold, the encrypted communication control unit 34 refers to the encryption strength setting information stored in advance to obtain the normal encryption strength (reference value) (S203), and the CPU load is the threshold. If it is larger, the cipher strength corresponding to “high CPU load” (cipher strength lower than the reference value) is obtained by referring to the cipher strength setting information (S204). Then, the encrypted communication control unit 34 notifies the client terminal 20 of the acquired encryption strength, and performs network connection with the encryption strength (S205).

  Also in the above, when setting the cipher strength, the user may be inquired whether the cipher strength may be set, or when the user is inquired, the cipher strength may be selected by the user. When the user does not permit the encryption strength setting, the conventional encryption strength may be maintained or the network connection may be disconnected. In addition, when a session with the client terminal 20 has already been established at the time of network connection, it is preferable that the session is once disconnected and then the session is established again with the set encryption strength. When the image forming apparatus 30 is in the keep alive state, it is preferable to reestablish the session with the set encryption strength after canceling the keep alive.

  Thus, when the load on the CPU is relatively large, the encryption communication can be performed in parallel with the current processing by setting the encryption strength to a value lower than the reference value. Can be effectively suppressed. When the load on the CPU is relatively small, the security level can be appropriately ensured by setting the encryption strength to the reference value.

  The encryption strength setting may be performed not only when a connection instruction is received, but also when shifting to the power saving mode or when returning from the power saving mode. In addition, other device states such as an error state of the main body, time, day of the week, etc. may be checked, and the encryption strength corresponding to each device state may be acquired. Also, when checking multiple device states, select the one with the highest encryption strength among the encryption strengths specified in each device state, or select the encryption strength according to the priority of each device state. Can be set.

  Although the above control can effectively suppress a decrease in the network communication speed, when the instruction from the client terminal 20 is received when the encryption strength is set to a low value, the image forming apparatus 30 has a low encryption. Since the response is made with strength, there are cases where security cannot be ensured. Therefore, in this embodiment, the image forming apparatus 30 performs control to change the encryption strength in accordance with the instruction content from the client terminal 20. The operation of the image forming apparatus 30 in that case will be described with reference to the flowchart of FIG.

  The network interface unit 32 of the image forming apparatus 30 receives an operation instruction from the client terminal 20 (S301). When an instruction is given using a Web screen, an operation instruction is an access to a URL (Uniform Resource Locator) of the Web screen or a CGI (Common Gateway Interface) request. In the case of other protocols such as FTP (File Transfer Protocol), an operation instruction corresponding to each protocol is accepted.

  Next, the network interface unit 32 determines whether the operation instruction is a disconnection instruction (S302). If the operation instruction is a disconnection instruction, a network disconnection process is performed (S303), and the process is terminated. If the operation instruction is not a disconnection process, the encrypted communication control unit 34 refers to the encryption strength setting information stored in advance and selects the encryption strength corresponding to the instruction content (S304). As an example, when the operation instruction is a transition instruction to a Web screen capable of job transmission, the encryption strength corresponding to “job execution” is changed. When the operation instruction corresponds to a plurality of instruction contents, it is possible to select the one with the highest cipher strength from among the respective cipher strengths, or to set the cipher strength according to the priority order of the instruction contents .

  Next, the encrypted communication control unit 34 compares the encryption strength in the current network connection with the encryption strength selected in the above step (S305). If both encryption strengths are the same, the operation according to the operation instruction is performed without changing the encryption strength (S308). On the other hand, if the encryption strengths of the two are different, the network interface unit 32 reconnects the network with the selected encryption strength (S306). When reconnecting the network, the user may be inquired whether the encryption strength may be changed or the network reconnection may be performed. May be selected. When the user does not permit the change of the encryption strength, the conventional encryption strength may be kept or the network connection may be disconnected.

  And when changing encryption strength, the control part 31 changes an apparatus state according to the selected encryption strength (S307). As an example, when the encryption strength is switched to a certain level or more while the image forming apparatus 30 is operating in the power saving mode, the image forming apparatus 30 is returned from the power saving mode to the normal operation mode. Then, after reconnecting to the network, an operation according to the operation instruction is performed (S308).

  In this way, when a specific instruction such as a job execution instruction or a setting information change instruction is received, the network communication speed decreases with encryption while ensuring the security level by performing control to increase the encryption strength. Can be efficiently suppressed.

  Note that the present invention is not limited to the above-described embodiment, and the configuration of the image forming apparatus 30 and the encryption strength control method can be changed as appropriate without departing from the spirit of the present invention.

  For example, in the above-described embodiment, the normal operation mode and the power saving mode are exemplified as the state of the image forming apparatus 30, and the two cases where the load state of the CPU is relatively small and relatively large are illustrated. However, it can be similarly applied to three or more states. In the above-described embodiment, two examples of the instruction contents from the client terminal 20 are the job execution instruction and the setting information change instruction. However, the contents can be similarly applied to other instructions. .

  In the above embodiment, the image forming apparatus 30 includes one CPU. However, the image forming apparatus 30 may include a plurality of CPUs such as a main CPU and a sub CPU.

  The present invention can be used for an image forming apparatus that performs encrypted communication with a device connected to a network.

DESCRIPTION OF SYMBOLS 10 Printing system 20 Client terminal 21 Control part 21a OS
21b Document creation application 21c Web application (Web client)
22 Network Interface Unit 23 Display Unit 24 Operation Unit 30 Image Forming Apparatus 31 Control Unit (Controller)
31a Web application (Web server)
32 Network Interface Unit 33 Display / Operation Unit 34 Encrypted Communication Control Unit 35 Image Processing Unit 36 Print Processing Unit (Print Engine)

Claims (14)

In an image forming apparatus operable in a normal operation mode and a power saving mode in which power consumption is smaller than the normal operation mode,
A network interface unit that performs encrypted communication with other devices on the network;
An encryption communication control unit for setting encryption strength in the encrypted communication,
The encrypted communication control unit acquires the device state of the own device and determines that the own device is operating in the power saving mode or that the CPU load for controlling the operation of the own device is greater than a predetermined threshold. The encryption strength in the encrypted communication is set to a first value lower than a preset reference value,
An image forming apparatus. The encrypted communication control unit further determines an instruction received from the other device, and changes the encryption strength according to the content of the instruction.
The image forming apparatus according to claim 1. The encrypted communication control unit changes the encryption strength to a second value higher than the first value when receiving an instruction to execute a job or an instruction to change setting information of the own device.
The image forming apparatus according to claim 2. The image forming apparatus has a Web server function that provides a Web screen that allows an instruction to the apparatus.
The encrypted communication control unit sets the encryption strength to the first when the other device accesses a Web screen for instructing execution of a job or a Web screen for instructing change of setting information of the own device. Change to a second value higher than the value,
The image forming apparatus according to claim 2. When the encrypted communication control unit sets or changes the encryption strength, the network interface unit cancels keep alive or disconnects the session with the other device, and again with the set or changed encryption strength. Build a session,
The image forming apparatus according to claim 1, wherein the image forming apparatus is an image forming apparatus. The encrypted communication control unit, when setting or changing the encryption strength, inquires of the user whether the encryption strength can be set or changed,
The image forming apparatus according to claim 1, wherein the image forming apparatus is an image forming apparatus. The encrypted communication control unit allows the user to select the encryption strength when the user permits the setting or change of the encryption strength.
The image forming apparatus according to claim 6. A method for switching encryption strength in a system including an image forming apparatus operable in a normal operation mode and a power saving mode in which power consumption is lower than that of the normal operation mode,
The image forming apparatus includes:
A first process for receiving a connection instruction from another device on the network;
When the device status of the device itself is acquired and the device is operating in the power saving mode, or when it is determined that the load on the CPU that controls the operation of the device is greater than a predetermined threshold, A second process for setting the cryptographic strength to a first value lower than a preset reference value;
Performing a third process for performing encrypted communication with the other device at the set encryption strength;
The encryption strength switching method characterized by the above. A fourth process for receiving an operation instruction from the other device;
A fifth process of determining the instruction and changing the encryption strength according to the content of the instruction;
A sixth process of performing encrypted communication with the other device with the changed encryption strength;
The method for switching encryption strength according to claim 8. In the fifth process, when the job execution instruction or the setting information change instruction of the own apparatus is received, the encryption strength is changed to a second value higher than the first value.
The method for switching encryption strength according to claim 9. The image forming apparatus has a Web server function that provides a Web screen that allows an instruction to the apparatus.
In the fifth process, when the other device accesses a Web screen for instructing execution of a job or a Web screen for instructing change of setting information of the own device, the encryption strength is set from the first value. To a higher second value,
The method for switching encryption strength according to claim 9. In the third process or the sixth process, the keep alive is canceled or the session with the other device is disconnected, and a session is constructed again with the set or changed cipher strength.
12. The encryption strength switching method according to claim 8, wherein the encryption strength is switched. In the second process or the fifth process, when setting or changing the encryption strength, the user is inquired whether the encryption strength can be set or changed.
The image forming apparatus according to claim 8, wherein the image forming apparatus is an image forming apparatus. In the second process or the fifth process, when the user permits the setting or change of the encryption strength, the user is allowed to select the encryption strength.
The image forming apparatus according to claim 13.

Images