JP2020155842A - Maintenance system and image forming apparatus - Google Patents

Abstract

To make it possible to identify maintenance work according to a customer.SOLUTION: A maintenance system 200 comprises an authentication station apparatus 300, a computer 400, and an image forming apparatus 1. The authentication station apparatus 300 creates a secret key 302 for a specific customer and a route certificate 301 for the specific customer. A signature generation unit 410 of the computer 400 generates a customized signature 402 by using the secret key 302 for the specific customer. When the image forming apparatus 1 is a product for the specific customer, the route certificate 301 for the specific customer is stored in advance in an HDD 92. When a verification unit 103 successfully verifies the customized signature 402 in a USB memory 80, a control unit 100 of the image forming apparatus 1 executes installation of a customized script 401, and when the verification unit fails in signature verification, the control unit does not execute the installation of the customized script 401.SELECTED DRAWING: Figure 1

Description

The present invention relates to a maintenance system and an image forming apparatus, and more particularly to a technique that makes it possible to distinguish maintenance work according to a customer.

In recent years, multifunction devices having various functions such as a copy function, a printer function, a scanner function, and a facsimile function have been introduced into an office environment. In the multifunction device, various functions are described by a computer program and stored as firmware in a non-volatile memory or the like, and various functions are provided by the CPU executing the program to control various hardware devices in the multifunction device. The program.

By the way, the firmware may be updated for the purpose of eliminating defects (bugs) discovered after the fact, improving or expanding the functions, and the like. The multifunction device has a maintenance mode for maintenance personnel for the purpose of maintenance. Maintenance work such as firmware update is performed by putting the multifunction device in maintenance mode.

In the maintenance mode, there are special settings that cannot be used by normal users, and settings that cause abnormal device operation if the user changes them without permission, so ensuring security is the minimum requirement. However, on the other hand, in order to perform efficient and quick maintenance, it is necessary to improve convenience, and it is desirable to provide a safe and convenient mechanism in various maintenance scenes.

For example, in the maintenance management system described in Patent Document 1 below, security is strengthened when performing maintenance by setting an access range and access authority according to the type of maintenance work.

Japanese Unexamined Patent Publication No. 2008-177901

However, in the maintenance management system described in Patent Document 1 above, although it is possible to distinguish the type of maintenance work for each maintenance worker, a certain access right is uniformly given to a certain maintenance worker. Therefore, it is difficult to distinguish maintenance work according to the customer.

In addition, if a maintenance function customized for a specific customer (that is, a maintenance function for a specific customer) is mistakenly or intentionally provided to a target product of a normal customer, the function of the target product of the normal customer becomes available. It may change unexpectedly and cause unexpected problems.

The present invention has been made to solve the above problems, and an object of the present invention is to distinguish maintenance work according to a customer.

The maintenance system according to one aspect of the present invention is a maintenance system including a certificate authority device, an information processing device, and an image forming device, and the certificate authority device is a specific customer based on input specific customer information. The information processing device generates a private key of the specific customer and a root certificate of the specific customer, and the information processing apparatus uses the private key of the specific customer generated by the certificate authority device to generate a customized signature, and the signature generator. The image forming apparatus includes the customized signature generated by the signature generation unit and a storage control unit that stores a customized script for customizing a maintenance function for a specific customer in a storage medium. A storage unit in which the root certificate of the specific customer generated in the station device is stored in advance, a reading unit that reads the customized signature and the customized script from the storage medium, and the customized signature read from the storage medium. The verification unit that verifies using the root certificate of the specific customer stored in the storage unit, and the customization script read from the storage medium when the verification unit succeeds in verifying the customized signature. If the verification unit fails to verify the customized signature, the control unit that does not execute the installation of the customized script read from the storage medium is provided.

Further, the maintenance system according to another aspect of the present invention is a maintenance system including a certificate authority device, an information processing device, and an image forming device, and the certificate authority device is based on input specific customer information. The secret key of the specific customer and the root certificate of the specific customer are generated, and the information processing apparatus uses the private key of the specific customer generated by the certificate authority device to generate a customized signature. The image forming apparatus includes a unit and a storage control unit that stores the customized signature generated by the signature generation unit in a storage medium, and the image forming apparatus is a root certificate of the specific customer generated by the certificate authority apparatus. A storage unit in which a customization script for customizing the maintenance function for the specific customer is stored in advance, a reading unit for reading the customized signature from the storage medium, and the customized signature read from the storage medium. , The verification unit that verifies using the root certificate of the specific customer stored in the storage unit, and the customization script stored in the storage unit when the verification unit succeeds in verifying the customized signature. If the verification unit fails to verify the customized signature, the control unit that does not execute the installation of the customized script read from the storage medium is provided.

Further, the image forming apparatus according to one aspect of the present invention customizes the customized signature generated by using the private key of the specific customer generated based on the information of the specific customer and the maintenance function for the specific customer. From the storage medium in which the customization script for the purpose is stored, the storage unit in which the root certificate of the specific customer generated based on the information of the specific customer is stored in advance, and the storage medium, the customized signature and the said A reading unit that reads the customized script, a verification unit that verifies the customized signature read from the storage medium using the root certificate of the specific customer stored in the storage unit, and the verification unit that verifies the customized signature. If the verification is successful, the customization script read from the storage medium is installed, and if the verification unit fails to verify the customization signature, the customization script read from the storage medium is installed. It includes a control unit that does not execute installation.

According to the present invention, it is possible to distinguish maintenance work according to the customer.

It is a figure which shows the maintenance system which concerns on 1st Embodiment of this invention. It is a front sectional view which shows the structure of the image forming apparatus which concerns on 1st Embodiment of this invention. It is a functional block diagram which shows schematic the main internal structure of the image forming apparatus which concerns on 1st Embodiment. (A) is a flowchart of the certificate authority process in the certificate authority device according to the first embodiment, and (B) is a flowchart of the signature generation process in the computer according to the first embodiment. It is a flowchart of maintenance function installation processing in the image forming apparatus which concerns on 1st Embodiment. (A) is a diagram showing an example of a display screen of a display unit of an image forming apparatus, and (B) is a diagram showing an example of a display screen for maintenance personnel authentication. It is a figure which shows the maintenance system which concerns on 2nd Embodiment of this invention. It is a flowchart of maintenance function installation process in the image forming apparatus which concerns on 2nd Embodiment. It is a figure which shows the maintenance system which concerns on 3rd Embodiment of this invention. It is a flowchart of maintenance function installation process in the image forming apparatus which concerns on 3rd Embodiment.

Hereinafter, the maintenance system 200 and the image forming apparatus 1 according to the embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a diagram showing a maintenance system according to the first embodiment of the present invention. The maintenance system 200 of the first embodiment includes an image forming apparatus 1, a certificate authority apparatus 300, and a computer 400 which is an example of an information processing apparatus, and includes a customization signature 402 for a specific customer and a customization script 401 for a specific customer. This is a system in which the customization script 401 is installed only in the image forming apparatus 1 for a specific customer via the stored USB memory (storage medium) 80.

The certificate authority device 300 is, for example, a server capable of issuing a digital certificate. The certificate authority device 300 generates the private key 302 of the specific customer and the root certificate 301 of the specific customer based on the input information of the specific customer. Specifically, the certificate authority device 300 includes the private key 302 of the specific customer as a key pair dedicated to the specific customer, the public key 303 of the specific customer, and the public key 303 based on the input information of the specific customer. Generates a root certificate 301 for a specific customer. The root certificate 301 of the specific customer is a root certificate that proves its own legitimacy, and stores the public key 303.

The computer 400 is, for example, a desktop type computer, a notebook type computer, or the like of a manufacturing company (for example, a development base or a sales company) of the image forming apparatus 1. For example, a customization script 401 for a manufacturer of the image forming apparatus 1 (for example, a software engineer of the manufacturing company of the image forming apparatus 1) to customize the maintenance function for a specific customer by using the computer 400. The customized script 401 is created and stored in the computer 400.

The computer 400 includes a signature generation unit 410 and a storage control unit 420. The computer 400 acquires the private key 302 of the specific customer generated by the certificate authority device 300 via a network such as the Internet (not shown). Further, the computer 400 may be acquired from a portable storage device (storage medium) or the like in which the private key 302 of the specific customer is stored.

The signature generation unit 410 generates the customized signature 402 by using the private key 302 of the specific customer generated by the certificate authority device 300. For example, the signature generation unit 410 generates the customized signature 402 by encrypting the customization script 401 with the private key 302 of the specific customer generated by the certificate authority device 300.

The storage control unit 420 stores, for example, the customization script 401 for customizing the maintenance function for a specific customer and the customized signature 402 generated by the signature generation unit 410 in the USB memory 80.

The USB memory 80 is a portable storage device. In the present embodiment, the USB memory 80 is used, but the present invention is not limited to this. For example, it may be a portable HDD, a flash memory, an SSD (solid state drive), or the like.

FIG. 2 is a front sectional view showing the structure of the image forming apparatus according to the first embodiment of the present invention. The image forming apparatus 1 is, for example, a multifunction device having a plurality of functions such as a copy function, a printer function, a scanner function, and a facsimile function.

The image forming apparatus 1 is roughly composed of an apparatus main body 11, a document reading device 20 arranged to face each other above the apparatus main body 11, and a connecting portion 30 provided between the document reading device 20 and the apparatus main body 11. To.

The document reading device 20 is supported by the upper end portion of the connecting portion 30. The document reading device 20 includes a document reading unit 5 and a document transporting unit 6.

The document reading unit 5 includes a contact glass 161 for placing the document, which is attached to the upper surface opening of the document reading unit housing. The contact glass 161 includes a document fixing reading unit (not shown) for reading the placed original, and a document conveying reading unit (not shown) for reading the document conveyed by the document conveying unit 6. The document reading unit 5 further includes an openable and closable document holding cover 162 that holds the document placed on the contact glass 161, a document placed on the document fixing reading unit of the contact glass 161 and a document transfer of the contact glass 161. It is provided with a reading unit 163 that reads each image of the document conveyed to the reading unit. The reading unit 163 optically reads an image of a document using an image sensor such as a CCD (Charge Coupled Device) or a CMOS (Complementary Metal Oxide Semiconductor) to generate image data.

The document transporting unit 6 includes a document loading table 61 on which a document is placed, a document discharging section 66 on which an image-read document is ejected, and a document transporting mechanism 65. The document transport mechanism 65 includes a paper feed roller, a transport roller, and a paper reversing mechanism (not shown). The document transport mechanism 65, driven by the paper feed roller and the transport roller, feeds out the documents placed on the document mounting table 61 one by one, transports them to the document transport reading unit of the contact glass 161 and reads them by the reading unit 163. After making it possible, the paper is discharged to the document discharging unit 66. Further, in the document transport mechanism 65, the paper reversing mechanism reverses the front and back of the document and retransmits it to the document transport reading unit of the contact glass 161 so that the images on both sides of the document can be read by the reading unit 163.

Further, the document transport unit 6 is rotatably provided with respect to the document reading unit 5 so that the front surface side thereof can be moved upward. By moving the front side of the document transport unit 6 upward to open the upper surface of the contact glass 161 as a platen, a user can place a scanned document, for example, a book in a spread state, on the upper surface of the contact glass 161. It has become like.

The operation unit 47 is arranged on the front surface of the document reading device 20. The operation unit 47 receives instructions such as an image formation operation execution instruction and a document reading operation execution instruction from the operator regarding various operations and processes that can be executed by the image forming apparatus 1. The operation unit 47 includes a display unit 473 that displays operation guidance and the like to the operator.

The apparatus main body 11 includes an image forming unit 12, a fixing unit 13, a paper feeding unit 14, a paper discharging unit 15, and the like.

When the image forming apparatus 1 performs the document reading operation, the document reading unit 5 optically reads the image of the document conveyed by the document conveying unit 6 or the document placed on the contact glass 161 to generate image data. To do. The image data generated by the document reading unit 5 is stored in the built-in HDD, a computer connected to the network, or the like.

When the image forming apparatus 1 performs an image forming operation, it is stored in the image data generated by the document reading operation, the image data received from a user terminal device such as a computer or a smartphone connected to the network, or the built-in HDD. Based on the image data and the like, the image forming unit 12 forms a toner image on the paper P as a recording medium to be fed from the paper feeding unit 14. The image forming units 12M, 12C, 12Y, and 12Bk of the image forming unit 12 include a photoconductor drum, a developing device that supplies toner to the photoconductor drum, a toner cartridge that houses the toner, a charging device, and an exposure device. Each includes a primary transfer roller 126.

When color printing is performed, the image forming unit 12M for magenta, the image forming unit 12C for cyan, the image forming unit 12Y for yellow, and the image forming unit 12Bk for black of the image forming unit 12 each output image data. A toner image is formed on the photoconductor drum 121 by the steps of charging, exposure, and development based on the image composed of each of the constituent color components, and the toner image is transferred by the primary transfer roller 126 to the driving roller 125a and the driven roller 125b. The image is transferred onto the intermediate transfer belt 125 stretched on the.

The intermediate transfer belt 125 has an image-supporting surface on which the toner image is transferred is set on the outer peripheral surface thereof, and is driven by the drive roller 125a in a state of being in contact with the peripheral surface of the photoconductor drum 121. The intermediate transfer belt 125 runs endlessly between the driving roller 125a and the driven roller 125b in synchronization with each photoconductor drum 121.

The toner images of each color transferred on the intermediate transfer belt 125 are superposed on the intermediate transfer belt 125 by adjusting the transfer timing to obtain a color toner image. The secondary transfer roller 210 conveys a color toner image formed on the surface of the intermediate transfer belt 125 from the paper feeding unit 14 to the transfer path 190 at the nip portion N with the drive roller 125a with the intermediate transfer belt 125 sandwiched between them. It is transferred to the paper P that has been used. After that, the fixing unit 13 fixes the toner image on the paper P to the paper P by thermocompression bonding. The color image-formed paper P for which the fixing process has been completed is discharged to the discharge tray 151.

The paper feed unit 14 includes a plurality of paper feed cassettes including the manual feed tray 141. A control unit (not shown) rotates and drives the pickup roller 145 of the paper cassette containing the paper of the size specified by the operator to rotate the paper P stored in each paper cassette to the nip portion N. Transport towards.

Next, the configuration of the image forming apparatus 1 according to the first embodiment will be described with reference to FIG. FIG. 3 is a functional block diagram showing a main internal configuration of the image forming apparatus according to the first embodiment.

The image forming apparatus 1 includes a control unit 10. The control unit 10 is composed of a CPU (Central Processing Unit), a RAM, a ROM, a dedicated hardware circuit, and the like, and controls the overall operation of the image forming apparatus 1.

The document reading unit 5 includes the above-mentioned reading unit 163 (reading mechanism) having a light irradiation unit, a CCD sensor, and the like under the control of the control unit 10. The document reading unit 5 irradiates the document with the light irradiation unit and receives the reflected light with the CCD sensor to read the image from the document.

The image processing unit 31 processes the image data of the image read by the document reading unit 5 as necessary. For example, the image processing unit 31 performs predetermined image processing such as shading correction in order to improve the quality of the image read by the document reading unit 5 after the image is formed by the image forming unit 12.

The image memory 32 is an area for temporarily storing the data of the original image obtained by scanning by the document reading unit 5 and temporarily storing the data to be printed by the image forming unit 12.

The image forming unit 12 forms an image such as print data read by the document reading unit 5.

The operation unit 47 receives instructions from the operator regarding various operations and processes that can be executed by the image forming apparatus 1. The operation unit 47 includes a touch panel type display unit 473. The display unit 473 is a touch panel type display device including a liquid crystal display and a touch panel arranged in front of the liquid crystal display.

The facsimile communication unit 71 includes an encoding / decoding unit, a modulation / demodulation unit, and an NCU (Network Control Unit) (not shown), and transmits a facsimile using a public telephone network.

The HDD (hard disk drive) 92 is a large-capacity storage device that stores a document image or the like read by the document reading unit 5. Further, in the HDD 92, the root certificate 301 of the specific customer generated by the certificate authority device 300 is stored in advance at the time of factory shipment, manufacturing, or the like of the image forming device 1.

The drive motor 70 is a drive source that applies a rotational drive force to each of the rotating members of the image forming unit 12 and the conveyor rollers on an equal footing.

The control unit 10 is composed of a processor, a RAM (Random Access Memory), a ROM (Read Only Memory), and the like. The processor is a CPU (Central Processing Unit), an MPU (Micro-Processing Unit), an ASIC (Application Specific Integrated Circuit), or the like.

The control unit 10 functions as a control unit 100, an authentication unit 101, a reading unit 102, and a verification unit 103 when the maintenance control program stored in the HDD 92 is executed by the processor. It should be noted that each of the above-mentioned components of the control unit 10 may be configured by a hard circuit, not depending on the operation based on the above-mentioned maintenance control program.

The control unit 100 is connected to a document reading unit 5, a document transport unit 6, an image processing unit 31, an image memory 32, an image forming unit 12, an operation unit 47, a facsimile communication unit 71, a USB memory 80, an HDD 92, and the like. Regarding the USB memory 80, the image forming apparatus 1 is provided with a USB port (not shown), and the control unit 100 is in a state of being connected to the USB memory 80 inserted into the USB port.

The HDD 92 includes an authentication information storage unit 92A that stores authentication information of a predetermined maintenance worker (for example, a maintenance worker on the manufacturing company side). The authentication information storage unit 92A stores, for example, authentication information including a maintenance member name and a password in advance. The authentication information storage unit 92A may store authentication information including a maintenance staff name and a password for each maintenance staff, but when the number of maintenance staff to be managed becomes large (for example, 10 or more), an image is formed. Since the management of maintenance personnel information becomes a burden in the device 1, it is preferable to use only a predetermined number of people.

The authentication unit 101 determines whether or not the input information input to the operation unit 47 by the operator matches the predetermined maintenance worker authentication information stored in the authentication information storage unit 92A, and the match is determined. If it is determined, it is determined that the login is by a maintenance person.

The reading unit 102 reads the customized signature 402 and the customized script 401 from the USB memory 80. Specifically, the reading unit 102 reads the customized signature 402 and the customized script 401 from the USB memory 80 when the authentication unit 101 determines that the login is performed by a maintenance person. On the other hand, the reading unit 102 does not read the customization signature 402 and the customization script 401 from the USB memory 80 when the authentication unit 101 determines that the login is not performed by the maintenance staff.

The verification unit 103 verifies the customized signature 402 read from the USB memory 80 by using the root certificate 301 of the specific customer stored in the HDD 92. Specifically, the verification unit 103 decrypts the customized signature 402 read from the USB memory 80 with the public key 303 stored in the root certificate 301 of the specific customer stored in the HDD 92, and takes out the value. Compare whether or not the value calculated by hash calculation of the customization script 401 (for example, the hash value of the customization script 401) matches, and if they match, it is assumed that the verification of the customization signature 402 is successful, and if they do not match. It is assumed that the verification of the customized signature 402 fails. As the hash value, MD5, SHA-1, etc. can be used.

When the verification unit 103 succeeds in verifying the customized signature 402, the control unit 100 executes the installation of the customization script 401 read from the USB memory 80, and when the verification unit 103 fails to verify the customized signature 402. Does not install the customization script 401 read from the USB memory 80.

When the installation of the customization script 401 is completed by the control unit 100, the maintenance staff can use the maintenance function customized for a specific customer.

Next, the maintenance function setting process for a specific customer in the maintenance system 200 of the first embodiment shown in FIG. 1 will be described with reference to the flowcharts shown in FIGS. 4A, 4B, and 5. .. The maintenance function setting process for a specific customer includes each process shown in FIGS. 4 (A), 4 (B), and FIG. FIG. 4A is a flowchart of the certificate authority process in the certificate authority device according to the first embodiment. FIG. 4B is a flowchart of the signature generation process in the computer according to the first embodiment. FIG. 5 is a flowchart of the maintenance function installation process in the image forming apparatus according to the first embodiment.

As shown in FIG. 4A, the certificate authority device 300 has a specific customer's private key 302 and a specific customer's public key as a key pair dedicated to the specific customer based on the specific customer's information input from the computer 400. A root certificate 301 of a specific customer including the 303 and the public key 303 is generated (S11).

The certificate authority device 300 provides the image forming device 1 with the root certificate 301 of the specific customer including the public key 303 (S12). The root certificate 301 of the specific customer provided by the certificate authority device 300 is stored in advance in the HDD 92 of the image forming apparatus 1 at the time of factory shipment, manufacturing, etc. of the image forming apparatus 1 for the specific customer. On the other hand, since the root certificate 301 of the specific customer is not provided to the image forming device 1 (that is, the image forming device 1 of the customer other than the specific customer) that is not for the specific customer, the image forming that is not for the specific customer It is not stored in the device 1.

The certificate authority device 300 may provide the root certificate 301 of the specific customer to the image forming device 1 for the specific customer via a portable storage device, a network such as a LAN or the Internet, or a computer 400.

The certificate authority device 300 provides the computer 400 with the private key 302 of the specific customer (S13). The certificate authority device 300 may provide the private key 302 of the specific customer to the computer 400 via a portable storage device, LAN, the Internet, or the like. Then, the certificate authority device 300 ends this process after S13.

As shown in FIG. 4B, the computer 400 acquires the private key 302 of the specific customer provided by the certificate authority device 300 (S21). A manufacturer of the image forming apparatus 1 (for example, a software engineer of a manufacturing company of the image forming apparatus 1) generates a customization script 401 for customizing a maintenance function for a specific customer by using, for example, a computer 400. To do. The computer 400 acquires the generated customization script 401 (S22). For example, the computer 400 stores the generated customization script 401 in a storage device (not shown) of the computer 400.

The signature generation unit 410 of the computer 400 generates the customized signature 402 by encrypting the customization script 401 with the private key 302 of the specific customer generated by the certificate authority device 300 (S23).

The storage control unit 420 of the computer 400 stores, for example, the customization script 401 for customizing the maintenance function for a specific customer and the customized signature 402 generated by the signature generation unit 410 in the USB memory 80 (S24). , Computer 400 terminates this process.

As shown in FIG. 5, the control unit 100 of the image forming apparatus 1 determines whether or not the maintenance mode button is pressed (S31). Specifically, when the maintenance worker presses the key K1 indicating the "maintenance mode button" while the display screen shown in FIG. 6A is displayed on the display unit 473 of the image forming apparatus 1 (YES in S31). The operation unit 47 receives an instruction to change the image forming apparatus 1 to the maintenance mode, and the control unit 100 performs the maintenance worker authentication process by the authentication unit 101 based on the change instruction signal from the operation unit 47 to the maintenance mode. Start (S32).

With the maintenance staff name input field K12 on the maintenance staff authentication screen shown in FIG. 6B displayed on the display unit 473 selected, the maintenance staff touches the alphanumeric button group K14 to perform the maintenance staff name. (For example, "N001") is input. Subsequently, the maintenance staff inputs the password (for example, "ABC") by touch-operating the alphanumeric button group K14 with the password input field K13 selected. Then, the maintenance staff touch-operates the OK button K15. By the touch function by the touch panel of the display unit 473, each input information of the maintenance staff name input field K12 and the password input field K13 and the detection signal indicating the touch operation of the OK button K15 are output to the control unit 100, and the control unit 100 outputs the detection signal. Based on the detection signal, each input information of the maintenance staff name input field K12 and the password input field K13 is output to the authentication unit 101.

The authentication unit 101 accepts the maintenance person name (for example, "N001") and the password (for example, "ABC") entered by the maintenance person on the display unit 473 of the operation unit 47. The authentication unit 101 determines whether or not the input information input by the maintenance personnel to the display unit 473 of the operation unit 47 and the authentication information of the maintenance personnel stored in advance in the authentication information storage unit 92A match (S32). If it is determined that they match, it is determined that the login is legitimate by the maintenance staff (YES in S32). If the authentication unit 101 determines that they do not match (NO in S32), the control unit 100 ends this process.

When the control unit 100 determines that the login is legitimate by the maintenance personnel (YES in S32), the USB memory 80 in which the customization script 401 and the customization signature 402 are stored is stored in the USB port (not shown) of the image forming apparatus 1. It is determined whether or not it is inserted (S33).

When the authentication unit 101 determines that the login is performed by a maintenance person (YES in S32), and the USB memory 80 in which the customization script 401 and the customization signature 402 are stored is inserted in the reading unit 102 (YES in S33). , Read the customized signature 402 and the customized script 401 from the USB memory 80 (S34). That is, the reading unit 102 downloads the customized signature 402 and the customized script 401 from the USB memory 80.

On the other hand, when the authentication unit 101 determines that the login is not performed by the maintenance staff (NO in S32), the reading unit 102 determines that the USB memory 80 is inserted into a USB port (not shown) of the image forming apparatus 1. The customization signature 402 and the customization script 401 are not read from the memory 80. When the authentication unit 101 determines that the login is not performed by the maintenance staff (NO in S32), the control unit 100 ends this process.

The verification unit 103 verifies the customized signature 402 read from the USB memory 80 by using the root certificate 301 of the specific customer stored in the HDD 92 (S35). Specifically, the verification unit 103 decrypts the customized signature 402 read from the USB memory 80 with the public key 303 stored in the root certificate 301 of the specific customer stored in the HDD 92, and takes out the value. A comparison is made as to whether or not the value calculated by hashing the customization script 401 (for example, the hash value of the customization script 401) matches (S35).

The verification unit 103 considers that the verification of the customized signature 402 is successful when the above two values match (YES in S36), and fails to verify the customized signature 402 when the above two values do not match (NO in S36). Suppose you did.

When the verification unit 103 succeeds in verifying the customization signature 402 (YES in S36), the control unit 100 executes the installation of the customization script 401 read from the USB memory 80 (S37).

When the control unit 100 completes the installation of the customization script 401, the image forming apparatus 1 is ready to use the maintenance function customized for a specific customer (S38). That is, the maintenance staff can use the maintenance function customized for a specific customer.

The maintenance functions added for specific customers (that is, maintenance functions provided only to specific customers) include the following functions (1) to (3).
(1) Change of special equipment adjustment value: Normally, it is not changed, but it may be changed according to the customer's special environment. In addition, it may be changed to suit the environment of the local country.
(2) Setting of various counter values: Normally, even maintenance personnel cannot change the counter values. However, for specific customers, there are cases where some changes or clears are required for management. There is a change in the trial execution count setting of optional functions.
(3) Value added at the request of a specific customer: This is a setting change function to be newly added, although there is usually no function to change it at the request of a customer matter.
Since the functions (1) to (3) above may lead to problems when used by ordinary customers, it is very important to limit them to specific customers.

When the maintenance function setting by the maintenance staff is completed, the control unit 100 ends this process (YES in S39). If the maintenance function setting by the maintenance staff is not completed (NO in S39), the control unit 100 continues the maintenance mode.

In S36, when the verification unit 103 fails to verify the customization signature 402 (NO in S36), the control unit 100 ends this process without executing the installation of the customization script 401 read from the USB memory 80.

According to the first embodiment described above, the certificate authority device 300 generates the private key 302 of the specific customer and the root certificate 301 of the specific customer in advance. In the computer 400, the signature generation unit 410 generates the customized signature 402 using the private key 302 of the specific customer, and the storage control unit 420 customizes the customized signature 402 and the maintenance function for the specific customer. The script 401 and the script 401 are stored in the USB memory 80. In the image forming apparatus 1, the reading unit 102 reads the customized signature 402 and the customized script 401 from the USB memory 80. When the image forming apparatus 1 is a product of a specific customer, the root certificate 301 of the specific customer is stored in advance in the HDD 92 of the image forming apparatus 1, and when it is not a product of the specific customer, it is not stored. .. The verification unit 103 of the image forming apparatus 1 verifies the customized signature 402 read from the USB memory 80 by using the root certificate 301 of the specific customer stored in advance in the HDD 92. If the verification unit 103 succeeds in signature verification, the control unit 100 executes the installation of the customization script 401, and if the verification unit 103 fails in the signature verification, the control unit 100 does not execute the installation of the customization script 401.

That is, the customization script 401 can be installed only on the image forming apparatus 1 (target product) of the specific customer in which the root certificate 301 is stored, and the image forming apparatus 1 other than the specific customer in which the root certificate 301 is not stored (target product). Customization script 401 is not installed on non-target products). In addition, it is possible to provide customization without having to manage the products of specific customers individually. That is, maintenance work can be distinguished according to the customer, and it is possible to provide the maintenance function for the specific customer only to the specific customer. As a result, it is possible to safely provide maintenance functions for specific customers while responding to various maintenance scenes for each customer, and a maintenance system that prevents unauthorized use or misuse of maintenance functions for specific customers. 200 can be provided.

Here, as an effect of using the root certificate 301, for example, when there are a plurality of image forming devices 1 (target products), it is possible to save the trouble of management and development. As a configuration for specifying the image forming apparatus 1 (target product), it is common to specify the serial number of the product, but in this case, a specific customer who uses a large number of products manages a large number of serial numbers. It is very annoying because it is difficult and it is necessary to specify those serial numbers in the customization script 401 to be installed. In particular, customers who require customization of maintenance functions often use hundreds of machines, and product management is an unavoidable problem. On the other hand, if the root certificate 301 is used, the range of maintenance functions can be easily managed as long as the same one is installed in the image forming apparatus 1 (target product) in advance. In addition, as a feature of signature verification, the validity of the target program (or firmware) called the customization script 401 can be guaranteed. If the customization script 401 has been tampered with and the functions that were not originally expected are executed, it will be a problem. However, in the present embodiment, if the customization script 401 has been tampered with, the customization signature 402 is verified. It also has the effect of being able to detect tampering with the customization script 401 because it fails.

Further, the certificate authority device 300 includes the private key 302 and the public key 303 of the specific customer as a key pair, and the root certificate 301 of the specific customer including the public key 303, based on the input information of the specific customer. To generate. The signature generation unit 410 generates the customized signature 402 by encrypting the customization script 401 with the private key 302 of the specific customer. The verification unit 103 hashes the value obtained by decrypting the customized signature 402 read from the USB memory 80 with the public key 303 stored in the root certificate 301 of the specific customer stored in the HDD 92 and the customized script 401. It is assumed that the calculated and calculated values are compared to see if they match, and if they match, the verification of the customized signature 402 is successful, and if they do not match, the verification of the customized signature 402 fails. Therefore, the verification of the customized signature 402 can be preferably performed.

Further, when the reading unit 102 reads the customized signature 402 from the USB memory 80 when the authentication unit 101 determines that the login is performed by the maintenance staff, and when the authentication unit 101 determines that the login is not performed by the maintenance staff. , Do not read the customized signature 402 from the USB memory 80. As a result, the customization script 401 can be installed only when the maintenance staff has logged in. That is, only the maintenance staff can install the customization script 401, and an unauthorized worker who illegally obtains the USB memory 80 cannot install the customization script 401. Therefore, it is possible to further enhance the safety of providing the maintenance function for a specific customer.

Next, the maintenance system 200 of the second embodiment will be described with reference to FIGS. 7 and 8. FIG. 7 is a diagram showing a maintenance system according to a second embodiment of the present invention. FIG. 8 is a flowchart of the maintenance function installation process in the image forming apparatus according to the second embodiment.

In the maintenance system 200 of the first embodiment described above, as shown in FIG. 1, the customization signature 402 and the customization script 401 are stored in the USB memory 80, but in the maintenance system 200 of the second embodiment, FIG. As shown in the above, the USB memory 80 stores only the customization signature 402, and the HDD 92 stores the customization script 401 generated by the computer 400 in advance, which is different from the case of the first embodiment described above. ing. The customization script 401 may be stored in the HDD 92 in advance at the time of factory shipment or manufacturing of the image forming apparatus 1, and may be stored at least before the USB memory 80 is inserted.

As shown in FIG. 8, the reading unit 102 reads the customized signature 402 from the USB memory 80 and the customized script 401 from the HDD 92 in S34A (S34A).

The maintenance system 200 of the second embodiment also has the same effect as that of the first embodiment described above.

Next, the maintenance system 200 of the third embodiment will be described with reference to FIGS. 9 and 10. FIG. 9 is a diagram showing a maintenance system according to a third embodiment of the present invention. FIG. 10 is a flowchart of the maintenance function installation process in the image forming apparatus according to the third embodiment.

In the maintenance system 200 of the third embodiment, as shown in FIG. 9, the customization script 401 includes the time limit information 401A indicating the installation limit period, and the control unit 100 has the control unit 100 as shown in FIG. If the verification unit 103 succeeds in verifying the customization signature 402 (YES in S36), the time limit information 401A included in the customization script 401 is acquired, and within the installation restriction period indicated by the acquired time limit information 401A. If it is determined whether or not it exists and it is determined that it is within the installation restriction period (YES in S40), the installation of the customization script 401 is executed (S37) and it is determined that it is outside the installation restriction period (in S40). NO), even if the verification of the customized signature 402 is successful (YES in S36), the installation of the customized script 401 (S37) is not executed, which is different from the case of the first embodiment described above.

According to the maintenance system 200 of the third embodiment described above, the installable expiration date can be limited, and the period for providing the maintenance function for a specific customer can be further limited. Therefore, the security of the maintenance function can be strengthened.

Although the embodiments of the present invention have been described above, the present invention is not limited to the configuration of each of the above embodiments and can be modified in various ways. For example, in each of the above embodiments, a multifunction device is described as an embodiment of the image forming apparatus according to the present invention, but this is only an example, and other electronic devices such as a printer, a copier, and the like. Other image forming devices such as a facsimile device may be used.

In the first embodiment described above, the reading unit 102 reads the customized signature 402 and the customized script 401 from the USB memory 80 when the authentication unit 101 determines that the login is performed by a maintenance person (YES in S32). , When the authentication unit 101 determines that the login is not performed by the maintenance staff (NO in S32), the customization signature 402 and the customization script 401 are not read from the USB memory 80, but the following modifications are not limited to this. It may be the configuration of an example. In the maintenance system 200 of the modified example, when the verification unit 103 determines that the login is performed by the maintenance staff by the authentication unit 101 (YES in S32), the verification unit 103 uses the root certificate 301 of the specific customer to attach the customized signature 402. After verification (S35), if the authentication unit 101 determines that the login is not performed by the maintenance staff (NO in S32), the customized signature 402 is not verified.

As a result, the customized signature can be verified only when the maintenance staff has logged in (YES in S32). That is, only the maintenance staff can install the customization script 401, and an unauthorized worker who illegally obtains the USB memory 80 cannot install the customization script 401. Therefore, it is possible to further enhance the safety of providing the maintenance function for a specific customer.

Further, in each of the above-described embodiments, the configuration and processing shown in the above-described embodiment with reference to FIGS. 1 to 10 are merely one embodiment of the present invention, and the present invention is not intended to be limited to the configuration and processing. ..

1 Image forming device 80 USB memory (storage medium)
92 HDD (storage unit)
100 Control unit 101 Authentication unit 102 Reading unit 103 Verification unit 200 Maintenance system 300 Certificate authority device 301 Root certificate 302 Private key 303 Public key 400 Computer (information processing device)
410 Signature generation unit 420 Memory control unit

Claims (7)

It is a maintenance system equipped with a certificate authority device, an information processing device, and an image forming device.
The certificate authority device generates a specific customer's private key and a specific customer's root certificate based on the input specific customer's information.
The information processing device includes a signature generator that generates a customized signature using the private key of the specific customer generated by the certificate authority device.
A storage control unit that stores the customized signature generated by the signature generation unit and a customization script for customizing a maintenance function for the specific customer in a storage medium is provided.
The image forming apparatus includes a storage unit in which the root certificate of the specific customer generated by the certificate authority apparatus is stored in advance.
A reading unit that reads the customized signature and the customized script from the storage medium,
A verification unit that verifies the customized signature read from the storage medium using the root certificate of the specific customer stored in the storage unit.
If the verification unit succeeds in verifying the customized signature, the customization script read from the storage medium is installed, and if the verification unit fails to verify the customized signature, the storage medium is installed. A maintenance system including a control unit that does not execute the installation of the customization script read from. It is a maintenance system equipped with a certificate authority device, an information processing device, and an image forming device.
The certificate authority device generates a specific customer's private key and a specific customer's root certificate based on the input specific customer's information.
The information processing device includes a signature generator that generates a customized signature using the private key of the specific customer generated by the certificate authority device.
A storage control unit for storing the customized signature generated by the signature generation unit in a storage medium is provided.
The image forming apparatus includes a storage unit in which a root certificate of the specific customer generated by the certificate authority apparatus and a customization script for customizing a maintenance function for the specific customer are stored in advance.
A reading unit that reads the customized signature from the storage medium,
A verification unit that verifies the customized signature read from the storage medium using the root certificate of the specific customer stored in the storage unit.
If the verification unit succeeds in verifying the customized signature, the customization script stored in the storage unit is installed, and if the verification unit fails to verify the customized signature, the storage unit stores the customized script. A maintenance system including a control unit that does not execute the installation of the customized script read from the medium. The certificate authority device generates a private key and a public key of the specific customer as a key pair and a root certificate of the specific customer including the public key based on the input information of the specific customer.
The signature generation unit generates the customized signature by encrypting the customized script with the private key of the specific customer generated by the certificate authority device.
The verification unit decrypts and retrieves the customized signature read from the storage medium with the public key stored in the root certificate of the specific customer stored in the storage unit, and the customization script. Claim 1 that compares whether or not the values calculated by hash calculation match, and if they match, the verification of the customized signature is successful, and if they do not match, the verification of the customized signature fails. Or the maintenance system according to claim 2. The customization script contains time limit information indicating the installation time limit.
When the verification unit succeeds in verifying the customization signature, the control unit acquires the time limit information included in the customization script, and whether or not it is within the installation restriction period indicated by the acquired time limit information. If it is determined that it is within the installation restriction period, the customization script is installed, and if it is determined that it is outside the installation restriction period, even if the verification of the customization signature is successful, The maintenance system according to any one of claims 1 to 3, which does not execute the installation of the customization script. The image forming apparatus includes an operation unit operated by an operator and an operation unit.
An authentication information storage unit that stores predetermined maintenance personnel authentication information,
When it is determined whether or not the input information input by the operator in the operation unit and the authentication information of the predetermined maintenance worker stored in the authentication information storage unit match, and the match is determined. Also equipped with an authentication department that determines that the login is by a maintenance person.
The reading unit reads the customized signature from the storage medium when the authentication unit determines that the login is performed by the maintenance staff, and when the authentication unit determines that the login is not performed by the maintenance staff, the reading unit reads the customized signature. The maintenance system according to any one of claims 1 to 4, wherein the customized signature is not read from the storage medium. The image forming apparatus includes an operation unit operated by an operator and an operation unit.
An authentication information storage unit that stores predetermined maintenance personnel authentication information,
When it is determined whether or not the input information input by the operator in the operation unit and the authentication information of the predetermined maintenance worker stored in the authentication information storage unit match, and the match is determined. Also equipped with an authentication department that determines that the login is by a maintenance person.
When the verification unit determines that the login is performed by the maintenance staff, the verification unit verifies the customized signature using the root certificate of the specific customer, and the authentication unit does not log in by the maintenance staff. The maintenance system according to any one of claims 1 to 4, which does not verify the customized signature when it is determined. A storage medium that stores a customized signature generated using a specific customer's private key generated based on specific customer information, and a customization script for customizing maintenance functions for the specific customer.
A storage unit in which the root certificate of the specific customer generated based on the information of the specific customer is stored in advance, and
A reading unit that reads the customized signature and the customized script from the storage medium,
A verification unit that verifies the customized signature read from the storage medium using the root certificate of the specific customer stored in the storage unit.
If the verification unit succeeds in verifying the customized signature, the customization script read from the storage medium is installed, and if the verification unit fails to verify the customized signature, the storage medium is installed. An image forming apparatus including a control unit that does not execute the installation of the customization script read from.