JP2021082071A - Information processing device, control method thereof, and program - Google Patents

Abstract

To solve the problem in which if a CA certificate used for communication with a server for firmware upgrade provided by a vendor of an information processing device or a transmission destination server of a billing counter is deleted, those services cannot be received.SOLUTION: An information processing device includes communication means for communicating with an opposite party via a network, uses an electronic certificate when performing communication by the communication means to verify the opposite party, and stores the electronic certificate used for the verification. In response to an instruction to delete the stored electronic certificate, the information processing device deletes the corresponding electronic certificate from the storage means, but performs control to prohibit deleting the electronic certificate when information to prohibit deleting the electronic certificate is set to the stored electronic certificate.SELECTED DRAWING: Figure 5

Description

The present invention relates to an information processing device, a control method thereof, and a program.

Personal computers (PCs) connected to networks such as offices and mobile terminals owned by individuals use public key certificates for secure communication and authentication when communicating with external servers. ..

Further, recent multifunction devices not only simply print and transmit images, but also have a function of storing image data in the multifunction device and providing a file service to a PC. Therefore, the multifunction device also plays a role as an information processing device similar to other server devices existing on the network. While these information processing devices are used on the network, in order to maintain a safe and secure office environment, it is required to authenticate and communicate using an electronic certificate. In general, secure network identification and authentication are realized by public key infrastructure (PKI: public key infrastructure) technology using this digital certificate (see Patent Document 1 and Non-Patent Document 1).

For example, when the information processing device becomes a client, the server public key certificate obtained from the server and the CA (Certification Authority) certificate, which is the certificate authority certificate of the certificate authority that issued the server public key certificate, are obtained. The validity of the server can be verified. Communication protocols used in such communication include SSL and TLS.

Japanese Unexamined Patent Publication No. 2005-39790

RFC3647: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (https://www.ipa.go.jp/security/rfc/RFC3647JA.html) This CA certificate is stored in the information processing device. Must be retained. For this reason, conventionally, the user of the information processing device manually stores the digital certificate issued by the certificate authority in the storage of the information processing device, or stores the digital certificate in advance at the time of shipment from the factory of the information processing device. Also, the CA certificate used to verify the server certificate of the other party's server is different. There are various servers such as a server service provided by an information processing device vendor such as a server for firmware update, or a server service such as a cloud storage service selected by a user who uses the information processing device. .. The CA certificate stored in the information processing device can be added or deleted by the administrator of the information processing device. This is so that the administrator can add a CA certificate when he / she wants to use a new server service, and can delete the CA certificate when he / she does not want to connect to an unnecessary server service.

However, if the CA certificate stored in the information processing device is accidentally deleted from the CA certificate used for verifying the server certificate of the server service provided by the vendor, the service provided by the vendor will be used. Can not. For example, when the information processing device is a multifunction device (MFP), the CA certificate used for communication with the server for firmware upgrade provided by the vendor of the multifunction device and the destination server of the billing counter has been deleted. In that case, there is a problem that those services cannot be received.

An object of the present invention is to solve at least one of the problems of the prior art.

An object of the present invention is to provide a technique for preventing erroneous deletion of a digital certificate in an information processing device capable of deleting the digital certificate.

In order to achieve the above object, the information processing apparatus according to one aspect of the present invention has the following configuration. That is,
Communication means to communicate with the other party via the network,
A verification means for verifying the other party by using an electronic certificate when communicating by the communication means,
A storage means for storing the digital certificate used in the verification means and
A deletion means for deleting the corresponding digital certificate from the storage means in response to an instruction to delete the digital certificate stored in the storage means.
When the digital certificate stored in the storage means is set with information prohibiting the deletion of the digital certificate, the digital certificate has a control means for controlling the deletion of the digital certificate. It is characterized by.

According to the present invention, in an information processing device capable of deleting a digital certificate, it is possible to prevent erroneous deletion of the digital certificate.

The figure explaining the network which concerns on Embodiment 1 of this invention. The block diagram explaining the hardware configuration of the multifunction device which concerns on Embodiment 1. FIG. FIG. 3 is a functional block diagram illustrating a software module included in the multifunction device according to the first embodiment. The figure which shows an example of the CA certificate list screen which displayed the CA certificate held by the multifunction device which concerns on Embodiment 1 on a PC. The flowchart explaining the display processing of the list of CA certificates by the multifunction device which concerns on Embodiment 1. A conceptual diagram of a database of CA certificates managed by the certificate management unit of the multifunction device according to the first embodiment. The figure which shows an example of the connection setting screen of the farm update server to which the multifunction device which concerns on Embodiment 2 is connected. A flowchart illustrating a process of turning on the deletion prohibition flag when the communication destination is a service subject to deletion prohibition of the CA certificate when the multifunction device according to the second embodiment communicates using the CA certificate.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. The following embodiments do not limit the invention according to the claims. Although a plurality of features are described in the embodiment, not all of the plurality of features are essential to the invention, and the plurality of features may be arbitrarily combined. Further, in the attached drawings, the same or similar configurations are designated by the same reference numbers, and duplicate explanations are omitted. A multifunction device (digital multifunction device / MFP / Multifunction Peripheral) will be described as an example as an information processing device for using and managing the digital certificate according to the embodiment. However, the applicable range is not limited to the multifunction device, and any information processing device that can use the digital certificate is sufficient, and the applicable range is not limited to the multifunction device.

[Embodiment 1]
FIG. 1 is a diagram illustrating a network according to the first embodiment of the present invention.

The multifunction device 100 having a printing function can send and receive print data, scanned image data, device management information, and the like to and from other information processing devices via the network 110. Further, the multifunction machine 100 has a function of performing encrypted communication such as TLS, IPsec, and IEEE 802.1X, and a public key pair and an electronic certificate used for the encryption processing, and a CA certificate for verifying the destination server. Holds the book. Here, the multifunction device 100 is an example of an image forming apparatus, and the image forming apparatus is not limited to this, and the image forming apparatus may be a single function of a facsimile machine, a printer, a copier, or a device having a combination of these functions. Good. A multifunction device 101 is also connected to the network 110, and the multifunction device 101 has the same function as the multifunction device 100. Hereinafter, the multifunction device 100 will be mainly described, but it is also possible to exchange CA certificates with a plurality of multifunction devices.

The multifunction device 100 according to the first embodiment has a Web server function, and has a Web page type RUI (Remoto UI) function capable of executing processing for operations such as displaying, adding, and deleting a CA certificate. Is open to the public on the network 110.

The PC 103 is a personal computer, and the PC 103 is equipped with a Web browser function so that an HTML document or a website published by an information processing device connected to the network 110 can be browsed and used.

The multifunction device 100 is connected to the server service 120 and the server service 121 via the network 110. The server service 120 in the first embodiment is, for example, a firmware update server service provided by the vendor of the multifunction device 100, and the server service 121 is, for example, a cloud storage service arbitrarily connected by the user of the multifunction device 100.

Next, the processing outline of the operation of adding and deleting the CA certificate according to the first embodiment will be described.

The administrator of the multifunction device 100 uses the Web browser installed in the PC 103 to connect to the Web page for the operation of the CA certificate published by the multifunction device 100, and adds the CA certificate. Set and instruct to execute the deletion.

Next, the hardware configuration of the multifunction device 100 according to the first embodiment will be described.

FIG. 2 is a block diagram illustrating a hardware configuration of the multifunction device 100 according to the first embodiment.

The CPU 201 executes the software program of the multifunction device 100 and controls the entire device. The ROM 202 is a read-only memory that stores a boot program, fixed parameters, and the like of the multifunction device 100. The RAM 203 is a random access memory, which is used for storing programs and temporary data when the CPU 201 controls the multifunction device 100. HDD 204 is a hard disk drive that stores system software, applications, and various data. The CPU 201 executes the boot program stored in the ROM 202, expands the program stored in the HDD 204 into the RAM 203, and executes the expanded program to control the operation of the multifunction device 100. The network I / F control unit 205 controls the transmission and reception of data to and from the network 110. The scanner I / F control unit 206 controls reading of a document by the scanner 211. The printer I / F control unit 207 controls printing processing and the like by the printer 210. The panel control unit 208 controls the touch panel type operation panel 210 to control the display of various information and the input of instructions from the user. The bus 209 connects the CPU 201, ROM 202, RAM 203, HDD 204, network I / F control unit 205, scanner I / F control unit 206, printer I / F control unit 207, and panel control unit 208 to each other. Control signals from the CPU 201 and data signals between the devices are transmitted and received via the bus 209. Since the hardware configuration of the multifunction device 101 is the same, the description thereof will be omitted.
FIG. 3 is a functional block diagram illustrating a software module included in the multifunction device 100 according to the first embodiment. The software module shown in FIG. 3 is realized by executing the program expanded in the RAM 203 by the CPU 201.

The network driver 301 controls the network I / F control unit 205 connected to the network 110 to send and receive data to and from the outside via the network 110. The network control unit 302 controls communication below the transport layer in a network communication protocol such as TCP / IP to transmit and receive data. The communication control unit 303 controls a plurality of communication protocols supported by the multifunction device 100. In the first embodiment, the communication control unit 303 controls the request for HTTP protocol communication, the generation of response data, the analysis process, and the data transmission / reception. In addition, the communication control unit 303 also executes encrypted communication of TLS, IPSEC, and IEEE 802.1X supported by the multifunction device 100.

The Web page control unit 304 generates HTML data and controls communication for displaying a Web page capable of executing a CA certificate issuance request and a process for obtaining the CA certificate. The Web page control unit 304 executes a process for displaying a Web page sent from the network driver 301 via the communication control unit 304, and for adding or deleting a CA certificate. The Web page control unit 304 transmits the HTML data of the default Web page stored in the RAM 203 or the HDD 204, or the HTML data generated according to the content of the display request, as a response to the request from the Web browser.

The certificate operation control unit 305 adds or deletes a CA certificate based on an instruction from the Web page control unit 304. The certificate operation control unit 305 generates and analyzes necessary encrypted data, saves the added CA certificate, and deletes the CA certificate. The encryption processing unit 306 executes various encryption processes such as data encryption and decryption processing, electronic signature generation and verification, and hash value generation. The certificate management unit 307 manages the CA certificate held by the multifunction device 100. The certificate management unit 307 stores the CA certificate data in the RAM 203 or the HDD 204 together with various setting values. Although not shown in the first embodiment, processes such as detailed display, generation, and deletion of the CA certificate can be executed by a user's instruction via the operation panel 210. The control of the operation panel 210 and the panel control unit 208 is executed by the UI control unit 308. In the encrypted communication processing of TLS, IPsec, 802.1X, etc. executed by the communication control unit 303, the encryption processing is also performed by the encryption processing unit 306, and the public key used by the certificate management unit 307 is used. It is configured to acquire pair / CA certificate data.

The print / read processing unit 309 executes functions such as printing by the printer 210 and reading the original by the scanner 211. The device control unit 310 generates control commands and control data for the multifunction device 100 to control the multifunction device 100 in an integrated manner. The device control unit 306 according to the first embodiment controls the power supply of the multifunction device 100, and executes the restart process of the multifunction device 100 according to the instruction from the Web page control unit 304.

FIG. 4 is a diagram showing an example of a CA certificate list screen in which the CA certificate held by the multifunction device 100 according to the first embodiment is displayed on the PC 103.

In the first embodiment, the administrator of the multifunction device 100 uses a Web browser mounted on the PC 103 to display, add, or delete a Web page for displaying, adding, or deleting a list of CA certificates published by the multifunction device 100. Instruct by RUI via the screen displayed in the format. This RUI is an abbreviation for a remote user interface, and is a technique for remotely requesting operation screen data of a multifunction device 100 or 101 and displaying it on the PC 103 using a web browser of the PC 103. At this time, the screen can be implemented by HTML, Servlet, or the like.

In the example of FIG. 4, three CA certificates are displayed, and information on each issuer, expiration date, issue destination, and the like is displayed. The delete buttons 421 to 423 are buttons instructing to delete the corresponding CA certificate. In FIG. 4, the delete button 421 is grayed out and cannot be pressed. The add button 424 is a button instructing to add a new CA certificate.

FIG. 5 is a flowchart illustrating a process of displaying a list of CA certificates by the multifunction device 100 according to the first embodiment. The process shown in this flowchart is achieved by executing the program expanded in the RAM 203 by the CPU 201.

Further, FIG. 6 is a conceptual diagram of a database of CA certificates managed by the certificate management unit 307 of the multifunction device 100 according to the first embodiment, and this database is stored in the HDD 204 of the multifunction device 100. The process shown in the flowchart of FIG. 5 will be described. This process is started when the CPU 201 receives a request to display the CA certificate list.

First, in S501, the CPU 201 accepts a request to acquire the CA certificate list. Next, proceeding to S502, the CPU 201 acquires detailed information of the CA certificate database shown in FIG. 6 managed by the certificate management unit 307 from the HDD 204.

The database of detailed information of the CA certificate shown in FIG. 6 includes the name 601 of the CA certificate, the issuer 602 defined in the file of the CA certificate itself, the expiration date start date 603, the expiration date end date 604, and so on. The CA certificate issuance destination 605, the signature algorithm 606, the key length 607, and the deletion prohibition flag 608 are stored. The deletion prohibition flag 608 is a flag indicating whether or not to prohibit the deletion of the CA certificate for each CA certificate. ON indicates that deletion is prohibited, and OFF indicates that deletion is possible.

In the first embodiment, it is assumed that some CA certificates are stored in advance in the multifunction device 100 at the time of factory shipment of the multifunction device 100. Further, it is assumed that it is known in advance whether or not the CA certificate is for using the server certificate of the server service of the vendor such as the firmware update server provided by the multifunction device 100 for verification. Then, the deletion prohibition flag is ON for the CA certificate. In FIG. 6, CACertA corresponds to this. The information of the deletion prohibition flag 608 of the CA certificate may be stored in the HDD 204 in advance when the CA certificate is stored at the time of shipment from the factory, or the CA certificate may be stored in the multifunction device 100. When adding, the administrator may set whether to prohibit deletion.

In the first embodiment, when adding the CA certificate, the add button 424 of FIG. 4 is instructed by the operation unit of the web browser of the PC 103, so that the CA certificate stored in the storage of the PC 103 is transmitted via the network 110. It is assumed that the data is transmitted to the multifunction device 100 and stored in the multifunction device 100.

Next, the process proceeds to S503, and the CPU 201 determines whether or not the deletion prohibition flag 608 is valid (ON) in the CA certificate information acquired from the HDD 204 in S502. If the CPU 201 determines in S503 that the deletion prohibition flag 608 is valid, it proceeds to S504, and proceeds to S506 with the CA certificate as the deletion prohibition target. On the other hand, if the CPU 201 determines in S503 that the deletion prohibition flag 608 is invalid (OFF), the process proceeds to S505, the CA certificate can be deleted, and the process proceeds to S506. In S506, the CPU 201 determines whether there is another CA certificate for confirming the certificate information to be displayed, and if so, proceeds to S502 to repeatedly execute the above-mentioned process, and if it is determined that there is no CA certificate. Proceed to S507. In S507, the CPU 201 generates HTML data for the Web page screen provided as the RUI, and displays it on the screen of the PC 103, for example, as shown in FIG.

In the screen of FIG. 4 in the embodiment, CACertA411 is a deletion prohibition target, and the deletion button 421 is grayed out so that it cannot be instructed. The other CACert B412 and CACert C413 can be deleted, and the delete buttons 422 and 423 are all displayed so that they can be pressed.

As described above, according to the first embodiment, it is possible to prevent the CA certificate to be prohibited from being deleted from being deleted in the multifunction device capable of deleting the CA certificate. As a result, for example, it is possible to prevent the CA certificate used for verifying the server certificate of the server provided by the vendor from being deleted, and it is possible to delete other CA certificates.

In the first embodiment, an example of displaying the delete button 421 so that it cannot be pressed from the operation unit is shown, but a message indicating that the button can be pressed and cannot be deleted by a pop-up or the like in the UI when the button is pressed. May be displayed, and the operation is not particularly limited.

Further, in the first embodiment, all CA certificates are stored in one database, and it is determined whether or not the certificate is to be deleted by the deletion prohibition flag. However, the CA certificate may be stored separately in a database that can be deleted and a database that cannot be deleted, and the storage form thereof is not particularly limited.

[Embodiment 2]
Next, Embodiment 2 of the present invention will be described. In the above-described first embodiment, the CA certificate held by the multifunction device 100 and the deletion prohibition flag associated with the CA certificate are designated in advance at the time of factory shipment or when the CA certificate is added. However, if you do not know which CA certificate is used by the server service of the vendor of the multifunction device 100 that should not be deleted, or the server certificate of the vendor's server service is switched, the CA certificate to be used is changed. May be.

Therefore, in the second embodiment, whether or not to prohibit the deletion of the used CA certificate according to the server service selected by the user in the information processing device having the function of displaying or deleting the CA certificate list as in the first embodiment. An example of switching between the two will be described. Since the network configuration according to the second embodiment, the hardware configuration of the multifunction device 100 which is the information processing device, the software configuration, the CA certificate list display processing, and the like are the same as those in the first embodiment. , The description is omitted.

In the second embodiment, as an example of the server service of the vendor of the multifunction device 100, it is assumed that the server is connected to the firmware update server. This is just an example, and there are also servers that send billing counters and servers that monitor the status of devices, and are not particularly limited.

FIG. 7 is a diagram showing an example of a connection setting screen of the firmware update server to which the multifunction device 100 according to the second embodiment is connected.

In the second embodiment, the firmware update server connection setting screen is displayed via the operation unit 210 of the multifunction device 100, and this screen is operated only by the administrator. This firmware update server connection setting screen has a server address 701, a port number 702, and a server connection test button 703.

FIG. 8 is a flowchart illustrating a process of turning on the deletion prohibition flag when the communication destination is a service subject to deletion prohibition of the CA certificate when the multifunction device 100 according to the second embodiment communicates using the CA certificate. is there. The process shown in this flowchart is achieved by executing the program expanded in the RAM 203 by the CPU 201.

First, in S801, the CPU 201 verifies the server certificate by using the CA certificate stored in the HDD 204. In the second embodiment, for example, when the connection test button 703 of FIG. 7 is pressed via the operation unit 210 to connect to the server specified by the server address 701, the server certificate is verified. However, even when another communication function is used or when the application itself stored in the HDD 204 of the multifunction device 100 communicates, the server certification is transmitted from the other party server by connecting to the other party server via the network 110. The document may be verified with the CA certificate of the multifunction device 100, and is not particularly limited.

Next, the process proceeds to S802, and the CPU 201 determines whether or not the verification of the CA certificate is successful. If the CPU 201 determines that the verification of the CA certificate has failed, the communication cannot be established, and the process ends. If the CPU 201 determines in S802 that the verification of the CA certificate is successful, the process proceeds to S803, and the CPU 201 determines whether or not the server service of the communication destination is a server that should not delete the CA certificate. This is determined based on the information on the screen for communication as shown in FIG. 7, for example, the firmware update server connection screen, or the information on the application. If the CPU 201 determines in S803 that the server should not delete the CA certificate, it proceeds to S804 and turns on the deletion prohibition flag 608 of the used CA certificate. For example, the deletion prohibition flag 608 of CACertA of the database of FIG. 6 is turned ON. On the other hand, if the CPU 201 determines in S803 that the server may delete the CA certificate, the CPU 201 ends the process as it is. That is, the deletion prohibition flag 608 is not changed as it is. The reason why the deletion prohibition flag 608 is not invalidated (OFF) here is that the same CA certificate may be used for other servers, and the server of the vendor who does not want to delete the CA certificate. This is because it may be a service.

As described above, according to the second embodiment, the determination and the deletion prohibition flag are automatically set even if the information on whether or not to prohibit the deletion of the CA certificate is not specified according to the connected server service. It becomes possible to do.

The present invention is not limited to the above embodiments, and various modifications and modifications can be made without departing from the spirit and scope of the present invention. Therefore, in order to make the scope of the present invention public, the following claims are attached.

(Other embodiments)
The present invention supplies a program that realizes one or more functions of the above-described embodiment to a system or device via a network or storage medium, and one or more processors in the computer of the system or device reads and executes the program. It can also be realized by the processing to be performed. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

The present invention is not limited to the above embodiments, and various modifications and modifications can be made without departing from the spirit and scope of the present invention. Therefore, in order to make the scope of the present invention public, the following claims are attached.

100, 101 ... Multifunction device, 103 ... PC, 120, 121 ... Server service, 201 ... CPU, 202 ... ROM, 203 ... RAM, 210 ... Operation panel, 304 ... Web page control unit, 305 ... Certificate operation control unit, 307 ... Certificate Management Department

Claims (12)

Communication means to communicate with the other party via the network,
A verification means for verifying the other party by using an electronic certificate when communicating by the communication means,
A storage means for storing the digital certificate used in the verification means and
A deletion means for deleting the corresponding digital certificate from the storage means in response to an instruction to delete the digital certificate stored in the storage means.
When the information for prohibiting the deletion of the digital certificate is set in the digital certificate stored in the storage means, the control means for controlling the deletion of the digital certificate is prohibited.
An information processing device characterized by having. The control means prohibits the deletion of the digital certificate by displaying the information corresponding to the digital certificate in which the information is set in a format in which the button for instructing the deletion of the digital certificate cannot be pressed. The information processing apparatus according to claim 1, wherein the information processing apparatus is controlled so as to perform the information processing. Claim 1 is characterized in that, when the control means is instructed to delete a digital certificate in which the information for which deletion is prohibited is set, a message indicating that the digital certificate cannot be deleted is displayed in a pop-up. The information processing device described in. The information for which deletion is prohibited is an electronic certificate used for verification of the other party in communication by the communication means, and when the deletion of the other party's electronic certificate is prohibited, the other party is used. The information processing apparatus according to claim 1, wherein the information processing device is set in the digital certificate to be verified. The information processing according to claim 4, wherein the case where the deletion of the digital certificate of the other party is prohibited includes the case where the other party is a service provided by the vendor of the information processing apparatus. apparatus. Claims 1 to 1, wherein the information prohibiting deletion is set in an electronic certificate for verifying the other party when the corresponding other party is a service provided by the vendor of the information processing device. The information processing apparatus according to any one of 3. The claim is characterized in that the information prohibiting deletion is set in an electronic certificate for verifying the other party when the corresponding other party is a service selected by a user who uses the information processing device. The information processing apparatus according to any one of 1 to 3. Claims 1 to 7, wherein the instruction for deleting the digital certificate stored in the storage means is input via a screen for displaying a list of the digital certificates stored in the storage means. The information processing apparatus according to any one of the above items. The information processing apparatus according to any one of claims 1 to 8, wherein the information for prohibiting the deletion of the digital certificate is set according to the storage means for storing the digital certificate. The information processing device according to any one of claims 1 to 9, wherein the digital certificate is a CA certificate. A control method for controlling an information processing device having a communication means for communicating with a destination via a network.
A verification process that verifies the other party using an electronic certificate when communicating by the communication means, and
A storage process for storing the digital certificate used in the verification process in memory, and
A deletion step of deleting the corresponding digital certificate from the storage step in response to an instruction to delete the digital certificate stored in the memory,
When the information for prohibiting the deletion of the digital certificate is set in the digital certificate stored in the memory, a control step for controlling the deletion of the digital certificate and a control step for prohibiting the deletion of the digital certificate.
A control method characterized by having. A program for causing a computer to execute each step of the control method according to claim 11.

Images