JP2021083042A - Information processing device, information processing method, and program - Google Patents

Abstract

To reduce an unnecessary renewal process of a certificate when an automatic certificate renewal function is enabled.SOLUTION: A screen containing a selection area for selecting an update cycle of a certificate for each of a plurality of communication functions that uses a certificate is displayed. The certificate for each of the plurality of communication functions is updated based on the update cycle selected in the selection area.SELECTED DRAWING: Figure 18

Description

The present invention relates to an information processing device, an information processing method and a program.

Personal computers (PCs) connected to networks such as offices and mobile mobile terminals owned by individuals use public key certificates for secure communication and authentication when communicating with external servers.
Further, recent multifunction devices not only simply print and transmit images, but also have a function of storing image data in the multifunction device and providing a file service to a PC. Therefore, the multifunction device also plays a role as an information processing device similar to other server devices existing on the network. While these information processing devices are used on the network, in order to maintain a safe and secure office environment, it is required to authenticate and communicate using an electronic certificate. In general, secure network identification and authentication are realized by public key infrastructure (PKI: public key infrastructure) technology using this digital certificate (see Patent Document 1).

For example, when the information processing device becomes a client, the server public key certificate obtained from the server and the certificate authority certificate of the certificate authority that issued the server public key certificate are obtained to verify the validity of the server. be able to. In addition, by providing the client public key certificate of the information processing device to the server, the server can verify the validity of the client. When the information processing device becomes a server, the client can verify the validity of the information processing device by distributing the server public key certificate of the information processing device to the connecting client. As described above, the digital certificate has been used as an important technology for the information processing devices to authenticate and identify the network communication. For example, communication protocols used in such communication include SSL, TLS, IEEE802.1X, and IPSEC.

Since this digital certificate needs to be stored and held in the information processing device, conventionally, the digital certificate issued by the certificate authority is manually stored by the user of the information processing device. It was stored in the storage. This storage method includes downloading from a certificate authority that issues an electronic certificate, copying from an external storage such as a USB memory, copying an electronic certificate received by E-mail, etc. to a predetermined folder, etc. It is done by the method of.
This digital certificate has an expiration date, and when the expiration date expires, communication using the digital certificate becomes impossible. Therefore, when the expiration date has expired, or just before the expiration date, it is necessary to add a new digital certificate and switch.

When updating such a digital certificate, it has been conventionally possible for the information processing apparatus to send an update request to the certificate management server via the network and receive the digital certificate from the certificate management server. When the information processing device receives a new digital certificate, it switches from the previously used digital certificate to the new digital certificate. The additional acquisition of the digital certificate by such an information processing device is performed periodically.
As this periodic execution method, for example, a condition such as a timer is set in the information processing device, and when the condition is reached, an update request is automatically sent and an electronic certificate is received from the certificate management server. There is also a way to use it. In this specification, a mechanism for automatically executing a certificate renewal request when such a specific condition is reached is referred to as an "automatic certificate renewal function".

The certificate to be renewed may use a separate digital certificate for each information processing device depending on the purpose of communication. For example, it is common to store individual digital certificates for each communication function such as TLS, IEEE802.1X, and IPsec in an information processing device.
Conventionally, it has been possible to uniformly set the same renewal cycle for a certificate of an information processing device such as Patent Document 1.

JP-A-2018-133785

However, in the certificate used by the information processing device, it may be desired to change the update cycle for each communication function in which the certificate is used. For example, regarding the server certificate used by the multifunction device for communication such as remote UI, if the multifunction device itself does not have confidential information, strict operation is not required and the server certificate may be renewed every few years. .. On the other hand, when the operation is to perform IEEE 802.1X authentication when connecting to the in-house network, there is an operation to improve the security by renewing the client certificate used there frequently, such as every month. In such a case, if all the certificates are renewed in a short cycle, the communication between the multifunction device and the certificate issuing server and the renewal process of the multifunction device will increase accordingly.

The present invention is an information processing apparatus, which is a display means for displaying a screen including a selection area for selecting a certificate renewal cycle for each of a plurality of communication functions using a certificate, and a renewal selected in the selection area. It is characterized by having an renewal means for renewing a certificate for each of the plurality of communication functions based on a cycle.

According to the present invention, when the automatic certificate renewal function is enabled, unnecessary renewal processing of the certificate can be reduced.

It is a figure which shows an example of the system configuration of a printing system. It is a figure which shows an example of the hardware composition of a multifunction device. It is a figure which shows an example of the software module configuration of a multifunction device. It is a sequence diagram explaining the flow of the whole processing in a printing system. It is a flowchart which shows S402 etc. of FIG. It is a conceptual diagram of the database of the detailed information of a key pair / digital certificate. It is a figure (the 1) which shows the certificate acquisition request / setting screen. It is a figure (2) which shows the certificate acquisition request / setting screen. It is a figure (3) which shows the certificate acquisition request / setting screen. It is a figure which shows an example of the display screen of the detailed information of a digital certificate. It is a flowchart which shows the generation process of a connection setting screen. It is a figure (4) which shows the certificate acquisition request / setting screen. FIG. 5 is a diagram (No. 5) showing a certificate acquisition request / setting screen. It is a flowchart explaining the CA certificate acquisition / registration process. FIG. 6 is a diagram (No. 6) showing a certificate acquisition request / setting screen. It is a figure (7) which shows the certificate acquisition request / setting screen. It is a flowchart explaining the issue request / acquisition process of the certificate from S419 to S424 of FIG. It is a flowchart explaining the process about the restart of the multifunction device 100 from S424 to S427 of FIG. It is a figure which shows the screen example at the time of displaying the key pair / digital certificate list. It is a figure which shows an example of the certificate renewal reservation setting screen which a multifunction device has. It is a flowchart explaining the process at the time of executing the automatic renewal function of a digital certificate. It is a flowchart which shows the flow of process of setting of a certificate renewal reservation setting.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
In the following, a multifunction device (digital multifunction device / MFP / Multifunction Peripheral) will be described as an example as an information processing device for using and managing the digital certificate according to the embodiment. However, the scope of application is not limited to the multifunction device, and any information processing device that can use an electronic certificate may be used.

<Embodiment 1>
FIG. 1 is a diagram showing an example of a system configuration of a printing system.
The multifunction device 100 having a printing function can send and receive print data, scanned image data, device management information, and the like to and from other information processing devices via the network 110. Further, the multifunction device 100 has a function of performing encrypted communication such as TLS, IPSEC, and IEEE 802.1X, and holds a public key pair and a digital certificate used for the encryption processing. Here, the multifunction device 100 is an example of an image forming apparatus, and the image forming apparatus is not limited to this, and may be a single function of a facsimile machine, a printer, a copier, or a device having a combined function of these. Good. A multifunction device 101 is also connected to the network 110, and the multifunction device 101 has the same function as the multifunction device 100. Hereinafter, the multifunction device 100 will be mainly described, but the exchange of digital certificates may target a plurality of multifunction devices.

The certificate authority / registrar 102 has a function of a certificate authority CA (Certificate Authority) that issues a digital certificate and a function of a registrar RA (Registration Authority) that accepts a request for issuance of a digital certificate and performs registration processing. That is, the certificate authority / registration authority 102 is a server device having a function of distributing a CA certificate and issuing / registering an electronic certificate via a network 110. In the first embodiment, SCEP (Simple Select Enrollment Protocol) is used as the protocol of the network 110 at this time. An information processing device such as the multifunction device 100 uses this SCEP to make a communication for issuing and acquiring an electronic certificate to a certificate authority / registration authority 102 via a network 110. The multifunction device 100 has a Web server function, and discloses to the network 110 a Web page type RUI (Remoto UI) function capable of executing a process for requesting and acquiring an electronic certificate.

When the certificate authority / registration authority 102 receives an electronic certificate issuance request from another information processing device via the network 110, the certificate authority / registration authority 102 issues and registers the digital certificate based on the issuance request, and issues the digital certificate. Is sent as a response to the issuance request. In the first embodiment, the functions of the certificate authority and the registration authority are realized by the same server device, but the authentication authority and the registration authority may be realized by different server devices, and there is no particular limitation. do not. Further, in the first embodiment, SCEP is used as a protocol for requesting the issuance of a digital certificate and obtaining the digital certificate, but it is not particularly limited as long as it is a protocol having the same function. For example, CMP (Certificate Management Protocol) or EST (Enrollment over Secure Protocol) protocol) may be used.
The PC 103 is a personal computer, and the PC 103 is equipped with a Web browser function so that an HTML document and a website published by an information processing device connected to the network 110 can be browsed and used.

Next, the outline of the process of acquiring / renewing the digital certificate will be described.
The administrator of the multifunction device 100 uses the Web browser installed in the PC 103 to connect to the Web page to request the issuance of the digital certificate published by the multifunction device 100 and to obtain the digital certificate. Make settings and instructions for executing the process for requesting the issuance of a document and obtaining it. The multifunction device 100 requests the certificate authority / registration authority 102 to acquire the CA certificate by SCEP and issue the digital certificate according to the contents set and instructed by the administrator. Further, the multifunction device 100 acquires the digital certificate issued by the certificate authority / registration authority 102 included in the response to the request for issuing the digital certificate, and sets the use of the acquired digital certificate in the multifunction device 100.

Next, the hardware configuration of the multifunction device 100 will be described.
FIG. 2 is a diagram showing an example of the hardware configuration of the multifunction device 100.
The CPU 201 executes the software program of the multifunction device 100 and controls the entire device. The ROM 202 is a read-only memory and stores a boot program, fixed parameters, and the like of the multifunction device 100. The RAM 203 is a random access memory, which is used for storing programs and temporary data when the CPU 201 controls the multifunction device 100. The HDD 204 is a hard disk drive that stores system software, applications, and various data. The CPU 201 controls the operation of the multifunction device 100 by executing the boot program stored in the ROM 202, expanding the program stored in the HDD 204 in the RAM 203, and executing the expanded program.

The network I / F control unit 205 controls the transmission and reception of data to and from the network 110. The scanner I / F control unit 206 controls reading of a document by the scanner 211. The printer I / F control unit 207 controls printing processing and the like by the printer 210. The panel control unit 208 controls the touch panel type operation panel 212 to control the display of various information and the input of instructions from the user.
The bus 209 connects the CPU 201, ROM 202, RAM 203, HDD 204, network I / F control unit 205, scanner I / F control unit 206, printer I / F control unit 207, and panel control unit 208 to each other. A control signal from the CPU 201 and a data signal between the devices are transmitted and received via the bus 209.

FIG. 3 is a diagram showing an example of a software module configuration of the multifunction device 100. The software module shown in FIG. 3 is realized by executing the program expanded in the RAM 203 by the CPU 201.
The network driver 301 controls the network I / F control unit 205 connected to the network 110 to send and receive data to and from the outside via the network 110. The network control unit 302 controls communication below the transport layer in a network communication protocol such as TCP / IP to transmit and receive data. The communication control unit 303 is a module for controlling a plurality of communication protocols supported by the multifunction device 100. In the digital certificate acquisition and renewal process, the communication control unit 303 controls the request for HTTP protocol communication, the generation of response data, the analysis process, and the data transmission / reception, and communicates with the certificate authority / registration authority 102 and the PC 103. To execute. In addition, the communication control unit 303 also executes encrypted communication of TLS, IPSEC, and IEEE 802.1X supported by the multifunction device 100.

The Web page control unit 304 is a module that generates HTML data for displaying a Web page and controls communication, which can execute a request for issuing an electronic certificate and a process for obtaining the digital certificate. The Web page control unit 304 executes processing for a Web page display request, a digital certificate issuance request, and an acquisition execution instruction sent from the network driver 301 via the communication control unit 303. The Web page control unit 304 transmits the HTML data of the default Web page stored in the RAM 203 or the HDD 204, or the HTML data generated according to the content of the display request, as a response to the request from the Web browser.

The key pair / certificate acquisition control unit 305 is a module for executing the digital certificate acquisition process based on the instruction from the Web page control unit 304. The key pair / certificate acquisition control unit 305 generates and analyzes encrypted data required for communication control by SCEP, communication by SCEP such as PKCS # 7, PKCS # 10, and storage and use of the acquired digital certificate. It is a module that performs processing such as settings. The encryption processing unit 306 is a module for executing various encryption processes such as data encryption and decryption processing, electronic signature generation / verification, and hash value generation. The encryption processing unit 306 executes each encryption processing necessary for the generation and analysis processing of the request / response data of SCEP in the acquisition and renewal processing of the digital certificate.

The key pair / certificate management unit 307 is a module that manages public key pairs and digital certificates held by the multifunction device 100. The key pair / certificate management unit 307 stores the data of the public key pair and the digital certificate in the RAM 203 or the HDD 204 together with various setting values. Further, although not shown in the first embodiment, processes such as detailed display, generation, and deletion of the public key pair and the digital certificate can be executed by a user's instruction via the operation panel 212. The control of the operation panel 212 and the panel control unit 208 is executed by the UI control unit 308. In the encrypted communication processing of TLS, IPsec, IEEE802.1X, etc. executed by the communication control unit 303, the encryption processing is also performed by the encryption processing unit 306 and used by the key pair / certificate management unit 307. It is configured to acquire public key pair and digital certificate data.

The print / read processing unit 309 is a module for executing functions such as printing by the printer 210 and reading a document by the scanner 211. The device control unit 310 is a module for generating control commands and control data of the multifunction device 100 to control the multifunction device 100 in an integrated manner. The device control unit 310 controls the power supply of the multifunction device 100, and executes the restart process of the multifunction device 100 according to the instruction from the Web page control unit 304.

FIG. 4 illustrates the flow of the initial setting regarding the issuance request of the digital certificate, the information display of the digital certificate, the issuance request and reception, the restart, and the entire process until the digital certificate is reflected in the printing system. It is a sequence diagram.
This sequence is started in response to a user inputting instructions for displaying the key pair and the selection certificate list. In the first embodiment, an example of processing for one multifunction device 100 will be described, but a plurality of multifunction devices 100 and 101 may be executed in response to one start instruction. For example, the PC 103 may issue a request to the multifunction device 100 and the multifunction device 101, and each of the multifunction devices may execute the process shown in the flowchart described later. At this time, the process of acquiring the certificate from the multifunction devices 100 and 101, displaying the certificate, and confirming the certificate may be skipped. Then, the expired certificate is automatically detected by the multifunction device, and the bibliographic information (certificate ID and expiration date) is transmitted to the PC103, and the PC103 is about to expire or the expired certificate. The update may be automatically executed by a plurality of multifunction devices. This is a so-called silent installation.

First, when the multifunction device 100 receives the connection from the PC 103 in S401, it receives the key pair / digital certificate list display request transmitted from the multifunction device 100. In the first embodiment, the administrator of the multifunction device 100 uses the Web browser mounted on the PC 103 to request / obtain the issuance of the electronic certificate published by the multifunction device 100. It shall be connected to the format and operations such as instructions shall be performed. This RUI is an abbreviation for a remote user interface, and is a technology that can remotely request operation screen data of the multifunction device 100 and the multifunction device 101 and display them on the PC 103 using the web browser of the PC 103. At this time, the screen can be implemented by HTML, Servlet, or the like.

Next, in S402, the multifunction device 100 acquires data for displaying a list of key pairs / digital certificates held by the multifunction device 100, and executes a Web page screen generation process for displaying the data.
FIG. 5A is a flowchart illustrating a process of acquiring a list of the key pair / digital certificate of S402 of FIG. 4 and creating display data. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.
Further, FIG. 6 is a conceptual diagram of a database of detailed information of the key pair / digital certificate managed by the key pair / certificate management unit 307. This database is stored in HDD 204 of the multifunction device 100.

The flowchart of FIG. 5A will be described. This process is started by receiving a request for obtaining a key pair / digital certificate list. First, in S501, the CPU 201 receives a request for acquiring a key pair / electronic certificate list. Next, proceeding to S502, the CPU 201 acquires detailed information of the key pair / digital certificate managed by the key pair / certificate management unit 307, for example, shown in FIG. 6A. Next, the process proceeds to S503, and the CPU 201 generates HTML data of the Web page screen provided as the RUI by using the detailed information of the key pair / digital certificate acquired in S502.

7 to 8, FIGS. 10 to 11, 13 to 14, and 17 to 18 are diagrams showing an example of a Web page screen of the RUI displayed on the PC 103. In S503 of FIG. 5, it is assumed that the HTML data of the Web page screen shown in FIG. 7A is generated, and this is displayed by the Web browser of the PC 103. As a result, the key pair / electronic certificate list held by the multifunction device 100 can be confirmed on the PC 103.

The digital certificate information displayed in the list of FIG. 7A includes the name of the certificate 1011, the use 1012, the issuer 1013, the expiration date 1014, and the certificate details 1015. The name 1011 is a character string arbitrarily given by an operator such as the administrator of the multifunction device 100 when issuing the key pair / digital certificate. Use 1012 is a set value indicating that the key pair / digital certificate is used for any of TLS, IPSEC, and IEEE 802.1X. Issuer 1013 is the Distinguished Name (DN) of the certificate authority that issued the digital certificate. The expiration date end date 1014 is information on the date on which the expiration date of the digital certificate ends. The detail 1015 is an icon for displaying the detailed information of the digital certificate.

Then, the process proceeds to S504, and the CPU 201 transmits the HTML data generated in S503 to the PC 103 as a response to S501, and ends this process. In this way, S403 of FIG. 4 is executed.
Although not shown in the sequence diagram of FIG. 4, when the administrator of the multifunction device 100 clicks the icon of the detail 1015 of FIG. 7A displayed on the PC 103, a request for displaying the detailed information of the corresponding electronic certificate is made to the PC 103. Is transmitted to the multifunction device 100. Upon receiving the display request, the multifunction device 100 acquires the detailed information of the digital certificate, generates HTML data of the detailed information of the certificate based on the acquired information, and transmits the generated data to the PC 103 as a response. To do.
As a result, the detailed information of the digital certificate, as shown in FIG. 8, is displayed by the Web browser of the PC 103. FIG. 8 is a diagram showing an example of detailed information of the digital certificate displayed on the PC 103.

FIG. 5B is a flowchart illustrating a process when the multifunction device 100 receives a request for displaying the detailed information from the PC 103. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.
First, in S511, the CPU 201 receives a request for acquiring detailed information of the digital certificate from the PC 103. Next, the process proceeds to S512, and the CPU 201 acquires the detailed information of the key pair / digital certificate shown in FIG. 6A managed by the key pair / certificate management unit 307. Next, the process proceeds to S513, and the CPU 201 generates HTML data for the Web page screen using the detailed information of the key pair / digital certificate acquired in S512. Next, the process proceeds to S514, and the CPU 201 transmits it to the PC 103.
FIG. 8 is a diagram showing an example of a display screen for detailed information of the digital certificate. This screen is displayed as a RUI on the PC 103 in the form of a Web page.

Returning to the description of FIG. 4 again, in S403, the multifunction device 100 transmits the HTML data of the Web page screen shown in FIG. 7A generated in S402 to the PC 103 as a response.
The processes shown in S401 to S403 of FIG. 4 and S501 to S504 and S511 to S514 of FIG. 5 are for displaying the electronic certificate information in the multifunction device 100 that has received the key pair / electronic certificate list display request. The control process related to the process is shown.
Then, in S404, the multifunction device 100 receives a display request for the connection setting screen of the SCEP server from the PC 103. In the first embodiment, the administrator of the multifunction device 100 sends a display request for the connection setting screen to the multifunction device 100 by clicking the connection setting 1002 in FIG. 7A in order to set the connection with the certificate authority / registration authority 102. It shall be sent to.

Next, in S404-2, the multifunction device 100 executes a Web page screen generation process indicating the connection setting.
FIG. 9A is a flowchart illustrating the process of generating the connection setting screen to the certificate authority / registration authority 102 of S404-2 of FIG. 4 by the multifunction device 100. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.
First, in S611, the CPU 201 receives a connection setting setting request from the PC 103.
Next, the process proceeds to S612, and the CPU 201 acquires the certificate renewal reservation setting from the HDD 204.
Next, in S613, the CPU 201 determines whether the certificate renewal reservation setting is valid.
If the CPU 201 determines in S613 that the certificate renewal reservation setting is invalid, the process proceeds to S614. In S614, the CPU 201 generates HTML data of a Web page screen that accepts the connection setting of FIG. 7B, for example. Then, the process proceeds to S616, and the CPU 201 transmits the HTML data generated in S614 as the response of S611, and ends this process.

The connection setting screen shown in FIG. 7B includes a server name 1016 for inputting the host name and connection destination port number of the SCEP server, an input field for the port number 1017, and a setting button 1018 for instructing the setting of the input setting value. ..
When the CPU 201 determines in S613 that the certificate renewal reservation setting is valid, the CPU 201 proceeds to S615. In S615, the CPU 201 generates HTML data of a Web page screen indicating that the connection setting of FIG. 7C is prohibited, for example. Then, the process proceeds to S616, and the CPU 201 transmits the HTML data generated in S615 as the response of S611, and ends this process.
By the processing of S612 to S615, the multifunction device 100 can change the communication setting which is a setting necessary for the automatic renewal function of the digital certificate only when the certificate renewal reservation setting is invalid. By not changing the setting when the certificate renewal reservation setting is valid, when the certificate acquisition is executed by the automatic renewal function of the digital certificate, an invalid communication destination is set and the certificate renewal fails. It is possible to prevent this from happening.

Next, in S405, the multifunction device 100 transmits the HTML data of the connection setting screen of the default SCEP server shown in FIG. 7B or FIG. 7C as a response to the PC 103 as a response of S404.
Next, in S406, the multifunction device 100 receives a connection setting setting instruction request from the PC 103. The administrator of the multifunction device 100 shall input the server name 1016 and the port number 1017 in FIG. 7B from the PC 103, and send the setting instruction request to the multifunction device 100 by clicking the setting button 1018. ..
Next, in S407, the multifunction device 100 executes a connection setting setting process and a Web page screen generation process showing the setting result. Then, in S408, the multifunction device 100 transmits the HTML data of the Web page screen shown in FIG. 10A generated in S407 to the PC 103 as a response.

FIG. 9B is a flowchart illustrating a process of setting the connection setting to the certificate authority / registration authority 102 of S407 of FIG. 4 by the multifunction device 100. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.

First, in S621, the CPU 201 receives a connection setting setting request from the PC 103. Next, the process proceeds to S622, and the CPU 201 acquires the host name, the port number setting value, and the certificate renewal reservation setting included in the connection setting setting request.
Next, in S623, the CPU 201 determines whether the certificate renewal reservation setting is valid.
If the CPU 201 determines in S623 that the certificate renewal reservation setting is invalid, the process proceeds to S624. In S624, the CPU 201 saves the host name and the set value of the port number included in the setting request of the connection setting in the HDD 204. Then, the CPU 201 shifts to S625.
In S625, the CPU 201 generates HTML data for the Web page screen shown in FIG. 10A, for example. Then, the process proceeds to S627, and the CPU 201 transmits the HTML data generated in S625 as a response to S621, and ends this process.

When the CPU 201 determines in S623 that the certificate renewal reservation setting is valid, the CPU 201 proceeds to S626. In S626, the CPU 201 generates HTML data of a Web page screen indicating that the connection setting of FIG. 7C is prohibited, for example. Then, the process proceeds to S616, and the CPU 201 transmits the HTML data generated in S626 as the response of S621 to end this process.

By the processing of S622 to S626, the multifunction device 100 can reflect the communication setting which is a setting necessary for the automatic renewal function of the digital certificate only when the certificate renewal reservation setting is invalid. By not reflecting the setting when the certificate renewal reservation setting is valid, it is possible to prevent an unauthorized communication destination from being set when the certificate acquisition is executed by the automatic renewal function of the digital certificate. is there.

The difference between the processing up to S613 and S615 in FIG. 9A and the processing up to S623 and S626 in FIG. 9B is that the former does not accept the setting on the setting screen and the latter reflects the setting. It is a process that does not accept reflection in. If there is only one user who uses the multifunction device 100, it is possible to prevent the setting change from being accepted in the processes of FIGS. 9 (A) S613 and S615. However, even if the certificate renewal reservation setting is invalid up to S405 or S406 in FIG. 4, another user logs in to the RUI from another PC between S407 and S622 to enable the certificate renewal reservation setting. In that case, the setting may be reflected. Therefore, after acquiring the set value in FIG. 9B S622, if the certificate renewal reservation setting is valid by the processing of S623 and S626, the process proceeds to S626 and the setting value is not saved. Control not to reflect the value.

After the processing of S407, it shifts to S408 in this way.
As a result, as shown in FIG. 10A, the PC 103 displays the character string 1101 indicating that the settings have been reflected.
The processes shown in S406 to S408 and S600 to 604 described above are controls related to the process of connection setting in the multifunction device 100.
Next, in S409 of FIG. 4, the multifunction device 100 receives the display request of the CA certificate acquisition screen transmitted from the browser of the PC 103. In the first embodiment, since the administrator of the multifunction device 100 acquires the CA certificate issued by the certificate authority / registration authority 102, the CA certificate acquisition screen is displayed by clicking the CA certificate acquisition 1003 in FIG. 7A. It is assumed that the display request of is transmitted to the multifunction device 100.
As a result, in S410, the multifunction device 100 transmits the HTML data of the default CA certificate acquisition screen shown in FIG. 10B as a response in response to S409.
The connection setting screen of FIG. 10B includes an execution button 1102 instructing the acquisition of the CA certificate.

Next, in S411, the multifunction device 100 receives the CA certificate acquisition request transmitted from the browser of the PC 103 by clicking the execution button 1102 in FIG. 10 (B). In the first embodiment, it is assumed that the administrator of the multifunction device 100 clicks the execution button 1102 in FIG. 10B to transmit the CA certificate acquisition request to the multifunction device 100.
Next, in S412, the multifunction device 100 executes a process of generating CA certificate acquisition request data. Then, the process proceeds to S413, and the multifunction device 100 transmits the CA certificate acquisition request data generated in S412 to the certificate authority / registration authority 102, which is the SCEP server, based on the information set in S407. Then, the process proceeds to S414, and the multifunction device 100 receives the response to the CA certificate acquisition request transmitted from the certificate authority / registration authority 102. As a result, the process proceeds to S415, the multifunction device 100 analyzes the acquisition response of the received CA certificate, acquires the CA certificate included in the response, and the multifunction device 100 trusts the acquired CA certificate. Perform the process of registering as. Then, the process proceeds to S416, and the multifunction device 100 transmits the HTML data of the Web page screen shown in FIG. 11 (A) or FIG. 11 (B) generated in S415 to the PC 103. FIG. 11A shows an example of a screen displayed when the CA certificate is successfully acquired and registered as the CA certificate. On the other hand, FIG. 11B shows an example of a screen displayed when the acquisition of the CA certificate fails.

FIG. 12 is a flowchart illustrating the CA certificate acquisition / registration process shown in S412 to S416 of FIG. 4 by the multifunction device 100. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.
First, in S701, the CPU 201 receives a CA certificate acquisition request from the PC 103. Next, the process proceeds to S702, and the CPU 201 generates a CA certificate acquisition request message based on the connection setting information to the certificate authority / registration authority 102 acquired in S407. The following is an example of the acquisition request message that is generated. In the first embodiment, SCEP is used as a communication protocol, and this is a request message for using this protocol.
xxxxxx / yyyy? operation = GetCAXyz & message = CAIdentifer

Next, the process proceeds to S703, and the CPU 201 connects to the certificate authority / registration authority 102, which is the SCEP server, by the TCP / IP protocol based on the connection setting to the certificate authority / registration authority 102 acquired in S407 of FIG. .. Next, the process proceeds to S704, and the CPU 201 determines whether the connection in S703 is successful. The CPU 201 proceeds to S705 if it succeeds, and proceeds to S714 if it fails.

In S705, the CPU 201 transmits the acquisition message of the CA certificate generated in S702 to the certificate authority / registration authority 102 by the GET or POST method of the HTTP protocol. Next, the process proceeds to S706, and the CPU 201 determines whether the connection in S704 is successful. The CPU 201 proceeds to S707 if it succeeds, and proceeds to S714 if it fails. In S707, the CPU 201 receives the response data from the certificate authority / registration authority 102 in response to the CA certificate acquisition request. Then, the process proceeds to S708, and the CPU 201 determines whether or not the reception of the response data in S707 is successful. The CPU 201 proceeds to S709 if it succeeds, and proceeds to S714 if it fails. In S709, the CPU 201 analyzes the response data received in S708 and acquires the CA certificate data included in the response data. The analysis processing of the response data and the acquisition processing of the CA certificate are performed by the encryption processing unit 306.
The response data is X.I. Binary data in the form of 509 (RFC5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile). However, for example, PKCS # 7 (RFC5652: Cryptographic Message Syntax) format data may be transmitted as a response, and the data format is not limited.

Next, the process proceeds to S710, and the CPU 201 determines whether or not the acquisition of the CA certificate in S709 has been successful. The CPU 201 proceeds to S711 if it succeeds, and proceeds to S714 if it fails. In S711, the CPU 201 registers the CA certificate acquired in S709 as a CA certificate trusted by the multifunction device 100. At this time, the CPU 201 holds the acquired CA certificate in the RAM 203, and stores the acquired CA certificate in a predetermined directory for storing the CA certificate trusted by the multifunction device 100 of the HDD 204 by the key pair / certificate management unit 307. Then, the process proceeds to S712, and the CPU 201 determines whether or not the CA certificate registration process in S710 is successful. If the CPU 201 determines that it succeeds, it proceeds to S713, and if it fails, it proceeds to S714.

In S713, the CPU 201 generates a thumbprint (hash value by the SHA1 algorithm) of the CA certificate to be displayed in 1201 of FIG. 11A when the acquisition of the CA certificate is successful. The generation of the thumbprint is executed by the encryption processing unit 306. Then, proceeding to S715, the CPU 201 generates HTML data of the display data of the acquisition results of the CA certificates of FIGS. 11 (A) and 11 (A) from the processing results of S703 to S714. Then, the process proceeds to S716, and the CPU 201 transmits the HTML data generated in S715 to the PC 103 as a response of S701, and ends this process. Then, the process proceeds to S417 in FIG. In the first embodiment, the character string 1201 of FIG. 11A is displayed according to the acquisition result of the CA certificate. Or, when the error processing is executed in S714, the character string 1202 of FIG. 11B is displayed. Next, the explanation returns to FIG.

In S417, the multifunction device 100 receives the display request of the certificate issuance request screen transmitted from the browser of the PC 103. In the first embodiment, the administrator of the multifunction device 100 clicks the certificate issuance request 1004 in FIG. 7A to request / obtain the certificate issuance to the certificate authority / registration authority 102.
Next, in S418, the multifunction device 100 transmits the HTML data of the default certificate issuance request screen shown in FIG. 13A as a response to the PC 103 as a response of S417. As a result, the PC 103 controls the display to display the screen shown in FIG. 13 (A).

The certificate issuance request screen of FIG. 13A includes the certificate name 1301, the algorithm for setting the key length of the key pair to be generated, the corresponding key length 1302, and the issue destination information input 1303. .. In addition, the certificate issuance request screen shows the signature verification 1304 for whether or not to verify the signature given to the response of the certificate issuance request sent from the certificate authority / registration authority 102, and the usage setting of the issued certificate. 1305 of the key for executing the certificate issuance request, the password 1306 to be included in the certificate issuance request, and the execute button 1307 for executing the certificate issuance request. Use 1305 is a check box, indicating that a plurality of uses can be set for one key.

Next, in S419, the multifunction device 100 receives a certificate issuance request including each input / setting information from 1301 to 1306 transmitted from the browser of the PC 103 when the execution button 1307 on the screen of FIG. 13A is clicked. To do. In the first embodiment, the administrator of the multifunction device 100 performs each input / setting of 1301 to 1306 in FIG. 13A, and clicks the execution button 1307 to transmit a certificate issuance request from the PC 103.
Next, in S420, the multifunction device 100 executes a certificate issuance request data generation process. Then, in S421, the multifunction device 100 transmits the certificate issuance request data generated in S420 to the certificate authority / registration authority 102, which is the SCEP server, based on the information set in S407. Then, in S422, the multifunction device 100 receives a response to the certificate issuance request transmitted from the certificate authority / registration authority 102. Next, in S423, the multifunction device 100 analyzes the response to the certificate issuance request received in S422 (executes signature verification according to the settings, acquires the certificate included in the response, and uses the acquired certificate for the specified purpose. Set to) Perform processing. Then, the process of generating the Web page screen showing the result of the certificate issuance request is executed.

If the issuance / acquisition of the certificate is successful, the digital certificate data is saved and the usage is set by the process of S423. Here, the usage setting is a communication function using an electronic certificate, and in the first embodiment, encrypted communication such as TLS, IPsec, and IEEE 802.1X can be set. Further, the multifunction device 100 can have a plurality of digital certificates, and the usage is set for each of the digital certificates. For example, when the digital certificate used by the multifunction device 100 to provide a server service for performing TLS communication as a Web server and the digital certificate used by the multifunction device 100 to perform client communication using IEEE 802.1X are different from each other. It can be set. However, one digital certificate may be automatically applied to all communication purposes.

Then, in S424, the multifunction device 100 transmits the HTML data of the Web page screen shown in FIG. 13 (B) or FIG. 14 (A) generated in S423 to the PC 103. The character string of the setting result is displayed as shown in 1308 of FIG. 13 (B) and 1401 of FIG. 14 (A) according to the result of the certificate issuance request. FIG. 13B shows an example of a screen when the issuance and acquisition of the certificate are successful. FIG. 14A shows an example of a screen when the issuance and acquisition of the certificate fails.
When the issuance / acquisition of the certificate is successful in this way, the digital certificate data is saved and the usage is set by the process of S423. Since the communication control unit 303 acquires the data of the digital certificate used for the encrypted communication of TLS, IPSEC, and IEEE 802.1X at the time of starting the multifunction device 100, when the usage is changed, the multifunction device 100 is restarted. You will need it.

FIG. 15 is a flowchart illustrating a certificate issuance request / acquisition process from S419 to S424 of FIG. 4 by the multifunction device 100. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.
First, in S801, the CPU 201 receives a certificate issuance request from the PC 103. Next, proceeding to S802, the CPU 201 inputs the information of the certificate name 1301, the key length 1302, the issue destination information input 1303, the signature verification 1304, and the key usage 1305 included in the certificate issuance request received in S801. get. Next, the process proceeds to S803, and the CPU 201 acquires the CA certificate acquired in S415 from S412 in FIG. Then, proceeding to S804, the CPU 201 generates a key pair based on the information of the name 1301 and the key length 1302 acquired in S802, and PKSC # 10 (RFC2896: PKCS) based on the information of the issue destination information input 1303 and the password 1306. # 10: The encryption processing unit 306 generates the certificate signing request (CSR) data in the Certificate Request System (Sytax Specialization) format.

Next, the process proceeds to S805, and the CPU 201 determines whether or not the key pair / certificate signing request in S804 has been successfully generated. If the CPU 201 determines that it succeeds, it proceeds to S806, and if it fails, it proceeds to S823. In S806, the CPU 201 generates certificate issuance request data. The acquisition request data generated in S806 is PKCS # 7 format data defined in SCEP based on the connection settings to the certificate authority / registration authority 102 acquired in S407 of FIG.

Next, the process proceeds to S808, and the CPU 201 connects to the certificate authority / registration station 102, which is the SCEP server, by the TCP / IP protocol based on the connection setting to the certificate authority / registration station 102 acquired in S407 of FIG. Next, the process proceeds to S809, and the CPU 201 determines whether the connection in S808 is successful. The CPU 201 proceeds to S810 if it succeeds, and proceeds to S823 if it fails. In S810, the CPU 201 transmits the certificate issuance request data generated in S806 by the GET or POST method of the HTTP protocol. Then, in S811, the CPU 201 determines whether or not the transmission in S810 was successful. The CPU 201 proceeds to S812 if it succeeds, and proceeds to S823 if it fails. In S812, the CPU 201 receives the response data for the certificate issuance request from the certificate authority / registration authority 102. As for the response data defined in SCEP, PKCS # 7 format data is transmitted as a response.

Next, the process proceeds to S813, and the CPU 201 determines whether or not the response data in S812 has been successfully received. The CPU 201 proceeds to S814 if it succeeds, and proceeds to S823 if it fails. In S814, the CPU 201 determines whether or not the setting is for signature verification based on the setting of signature verification 1304 acquired in S802. The CPU 201 proceeds to S815 in the case of the setting for signature verification, and proceeds to S817 in the case of the setting not to verify the signature. In S815, the CPU 201 verifies the signature data attached to the data received in S812 using the public key included in the CA certificate acquired in S803. Then, the process proceeds to S816, and the CPU 201 determines whether or not the result of the signature verification in S815 is successful. The CPU 201 proceeds to S817 if it succeeds, and proceeds to S823 if it fails.

In S817, the CPU 201 analyzes the data received in S812 and acquires the certificate data included in the response data. At this time, the encryption processing unit 306 analyzes the response data and acquires the certificate. Next, the process proceeds to S818, and the CPU 201 determines whether or not the acquisition of the certificate in S817 has been successful. The CPU 201 proceeds to S819 if it succeeds, and proceeds to S823 if it fails. In S819, the CPU 201 registers the certificate acquired in S818 as an electronic certificate corresponding to the key pair generated in S804. At this time, the CPU 201 saves the public key pair generated in S804 and the acquired digital certificate in a predetermined directory for storing the key pair / digital certificate of the HDD 204 by the key pair / certificate management unit 307. At this time, the key pair / certificate management unit 307 adds the information of the public key pair generated in S804 and the acquired digital certificate to the list of detailed information of the key pair / certificate as shown in FIG. 6 (B). .. In FIG. 6B, a key pair / certificate Xyz4 is newly added.

Next, the process proceeds to S820, and the CPU 201 determines whether the CA certificate registration process in S819 has succeeded. The CPU 201 proceeds to S821 if it succeeds, and proceeds to S823 if it fails. In S821, the CPU 201 sets the usage of the certificate based on the information of the usage 1305 of the key acquired in S802. At this time, the key pair / certificate management unit 307 updates the usage information in the list of detailed information of the key pair / certificate as shown in FIG. 6C, for example. In FIG. 6C, the key pair certificate used in TLS is changed from Xyz1 to Xyz4.

Next, the process proceeds to S824, and the CPU 201 generates HTML data of the certificate issuance request result shown in FIG. 13B according to the processing results from S801 to S823. Then, in S825, the CPU 201 transmits the HTML data generated in S824 to the PC 103 as a response to the certificate issuance request of S801, and ends this process. Then, the process proceeds to S425 of FIG.

The above-mentioned processes S419 to S424 and S801 to S825 control the issuance request and reception process of the digital certificate in the multifunction device 100, and the setting of the communication use. In the first embodiment, the issuance request, the reception process, and the process up to the setting of the communication use are collectively referred to as the "automatic renewal function of the digital certificate".
With this automatic renewal function of the digital certificate, the multifunction device 100 can automatically request the issuance of the digital certificate and receive the digital certificate via the network, and can also set the usage of the received digital certificate. It is possible to reduce the labor of work. Returning to the description of FIG.

In S425, the multifunction device 100 receives a request for restarting the multifunction device 100. In the first embodiment, the administrator of the multifunction device 100 clicks the restart button 1309 of FIG. 13B in order to restart the multifunction device 100.
Next, the process proceeds to S426, and the multifunction device 100 transmits the HTML data of the default restart execution screen shown in FIG. 14B as a response as a response of S425. Next, the process proceeds to S427, and the multifunction device 100 executes the restart process of the multifunction device 100.

It is assumed that the multifunction device 100 cannot reflect the received electronic certificate unless it is restarted when the purpose of communication such as IEEE 802.1X is set. This is because, for example, an electronic certificate such as IEEE 802.1X is expanded in the RAM 203 and continues to be used when the multifunction device 100 is started, and therefore may not be replaced with the received electronic certificate stored in the HDD 204. However, if the multifunction device 100 can switch the digital certificate used for the purpose of communication without requiring a restart, the restart may not be necessary. For example, when it is set for TLS use, it may be unnecessary to restart. For example, the necessity of restarting may be set in advance for each of a plurality of uses, and the multifunction device 100 may automatically determine whether or not to restart according to the information on whether or not restarting is necessary.

FIG. 16 is a flowchart illustrating a process related to restarting the multifunction device 100 from S424 to S427 of FIG. 4 by the multifunction device 100. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.
First, in S901, the CPU 201 receives a restart request for the multifunction device 100 from the PC 103. Next, the process proceeds to S902, and the CPU 201 transmits the HTML data of the default restart request of the multifunction device 100 shown in FIG. 14 (B) to the PC 103 as a response to S501. Next, the process proceeds to S903, and the CPU 201 instructs the device control unit 310 to start the restart process, and ends this process.
By the above series of operations, the multifunction device 100 after restarting uses the digital certificate obtained from the certificate authority / registration authority 102.

FIG. 17 is a diagram showing a screen example when the key pair / digital certificate list is displayed again by the process of S401 when the issuance / acquisition of the certificate is successful. Information 1501 of the certificate (Xyz4) issued by the certificate authority / registration authority 102 is added.
FIG. 18 is a diagram showing an example of a certificate renewal reservation setting screen included in the multifunction device 100. It is displayed by a Web page type RUI like other screens. The certificate renewal date can be set via the certificate renewal reservation setting screen.
It has a certificate renewal reservation setting screen and an automatic renewal setting (1801) of the present embodiment. The automatic update setting (1801) can be set to enable the automatic update setting (18011), the acquisition request start date and time (18012), and the acquisition request start time (18013). When the current date and time becomes the date and time of the acquisition request start date and time (18012) and the acquisition request start time (18013), the automatic certificate renewal function is executed. When these certificate renewal reservation settings are updated, the CPU 201 saves them in the HDD 204.

Further, FIG. 18 has a renewal target certificate usage destination setting (1802) used for a certificate to be automatically renewed. In this embodiment, TLS (18021), IEEE 802.1X (18022), and IPsec (18023) can be selected as examples of communication functions to be used, but communication functions having other communication protocols are also acceptable and are not particularly limited. .. If multiple selections are made in this renewal target certificate usage setting, the number of certificates is automatically renewed. FIG. 18 shows an example in which TLS and 802.1X are selected as the communication function of the destination. When these update target certificate usage destination settings are updated, the CPU 201 saves them in the HDD 204.

When a plurality of usage destinations are set in the renewal target certificate usage destination setting, the renewal cycle target setting 1803 of FIG. 18 can be set. The update cycle target setting 1803 is an example of a selection area. The update cycle target setting 1803 has the options of "setting the update cycle collectively (18031)" and "setting the update cycle for each user (18032)". When "Set renewal cycle collectively" is set, the same renewal cycle (18033) is set for each usage destination selected in the renewal target certificate usage destination setting. When "Set renewal cycle for each usage destination" is set, the renewal cycle is set for each communication destination selected in the renewal target certificate usage destination setting. FIG. 18 shows an example of a case in which individual settings are made in TLS (18034) and IEEE 802.1X (18035). The CPU 201 also stores these set values in the HDD 204.
Further, in the present embodiment, the certificate renewal reservation setting screen of FIG. 18 has "setting to renew based on the expiration date of the certificate (1804)". If "Set renewal cycle for each user" is valid and "Renewal based on certificate expiration date" is valid, the expiration date of the certificate to be renewed is acquired, and the current date and time and validity are obtained. The renewal cycle is calculated from the difference in deadlines, and is automatically input to the renewal cycle (18034 to 18036) of each user.

FIG. 19 is a flowchart illustrating a process when the multifunction device 100 executes the automatic certificate renewal function based on the certificate renewal reservation setting. In this figure, it is set for the multifunction device 100, but by first specifying a plurality of multifunction devices (different time settings can be set for each multifunction device), the input is input to the plurality of multifunction devices in FIG. You can also execute the instructions that you can. In that case, the process of FIG. 19 is executed in parallel on a plurality of multifunction devices. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.
First, in S1901, the CPU 201 acquires the certificate renewal reservation setting set in FIG. 18 from the HDD 204. The flow of processing at the time of setting the certificate renewal reservation setting will be described with reference to FIG. 20 described later.

Next, the process proceeds to S1902, and the CPU 201 acquires the information of the currently used digital certificate. A typical example of this information is the information held in FIG. Next, the process proceeds to S1903, and the CPU 201 acquires the current date and time managed by the multifunction device 100. Then, proceeding to S1904, the CPU 201 compares the certificate renewal reservation setting with the information of the digital certificate, and determines whether or not the digital certificate currently in use needs to be renewed. If it is determined that the digital certificate does not need to be renewed here, the CPU 201 returns to S1901.
On the other hand, when it is determined that the digital certificate needs to be renewed, the CPU 201 proceeds to S1905 and shifts to the control of the "certificate issuance request processing" of FIG. Then, when the process of FIG. 15 is completed, the CPU 201 shifts to S1906. In S1906, the CPU 201 determines whether the multifunction device restarts to reflect the setting. When the CPU 201 determines that it is unnecessary, the CPU 201 ends this process. If it is determined in S1906 that it is necessary, the process proceeds to S1907, and the CPU 201 restarts and performs setting reflection processing. Then, the CPU 201 ends this process.

FIG. 20 is a flowchart showing a processing flow of setting the certificate renewal reservation setting of FIG. This process is achieved by executing the program expanded in the RAM 203 by the CPU 201.
First, in S2001, the CPU 201 receives a setting request for the certificate renewal reservation setting of the multifunction device 100 from the PC 103. Next, the process proceeds to S2002, and the CPU 201 acquires the current set value from the HDD 204, displays the screen of FIG. 18, and accepts the input from the PC 103.
In S2003, the CPU 201 determines whether the automatic update setting 18011 is valid. If it is determined in S2003 that the automatic update setting is not valid, the CPU 201 ends this process.
When it is determined in S2003 that the automatic renewal setting is valid, the CPU 201 shifts to S2004 and acquires the setting values of the certificate renewal target usage settings 18021 to 18023 from the HDD 204.

Next, in S2005, the CPU 201 determines whether there are a plurality of certificates to be renewed, that is, whether two or more are selected in the certificate renewal target usage settings 18021 to 18023.
When it is determined in S2005 that there is only one certificate to be renewed, the process proceeds to S2008, and the CPU 201 sets the start date and time of 18012 and 18013 as the automatic renewal setting in the target certificate.
When the CPU 201 determines in S2005 that there are a plurality of certificates to be renewed, the CPU 201 acquires the renewal cycle target setting 1803 from the HDD 204. Then, the CPU 201 shifts to S2007.

In S2007, the CPU 201 determines whether the update setting for each usage destination is valid.
When it is determined in S2007 that the update setting for each use destination is invalid, that is, the setting is 18031 in FIG. 18, the CPU 201 shifts to S2008.
When it is determined in S2007 that the renewal setting for each user is valid, that is, the setting in 18032 in FIG. 18 is determined, the CPU 201 acquires the settings in 18034 to 18306 in FIG. 18 and automatically renews the certificate for each user. Set the update cycle of.
Then, the CPU 201 ends this process.

The above is the process of changing the renewal cycle according to the usage destination of the communication function of the certificate when the automatic certificate renewal function is enabled in the multifunction device having the automatic renewal function of the digital certificate. By the processing of S2003 to 2009, the certificate can be automatically renewed at a required renewal cycle, and unnecessary renewal processing of the certificate can be reduced.

<Other Embodiments>
The present invention supplies a system or device with a program that realizes one or more of the functions of the above-described embodiment via a network or a storage medium. It can also be realized by a process in which one or more processors in the computer of the system or apparatus reads and executes a program. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

Although an example of the embodiment of the present invention has been described in detail above, the present invention is not limited to the specific embodiment.

As described above, according to each of the above-described embodiments, unnecessary renewal processing of the certificate can be reduced when the automatic certificate renewal function is enabled.

100 Multifunction device 103 PC
201 CPU

Claims (10)

A display means that displays a screen that includes a selection area for selecting the certificate renewal cycle for each of the multiple communication functions that use the certificate.
An renewal means for renewing the certificate for each of the plurality of communication functions based on the renewal cycle selected in the selected area, and
An information processing device characterized by having. The information processing apparatus according to claim 1, wherein the screen includes an option of selecting to set an renewal cycle based on the expiration date of the certificate. The second aspect of the present invention, wherein when the option is selected, the certificate renewal cycle for each of the plurality of communication functions is obtained based on the expiration date of the certificate and is set in the selected area. Information processing device. The information processing device according to any one of claims 1 to 3, further comprising a restarting means for restarting the information processing device after the certificate is renewed by the renewal means. The information processing device according to any one of claims 1 to 4, wherein one of the plurality of communication functions is TLS. The information processing device according to any one of claims 1 to 5, wherein one of the plurality of communication functions is IEEE 802.1X. The information processing device according to any one of claims 1 to 6, wherein one of the plurality of communication functions is IPsec. The information processing device according to any one of claims 1 to 7, wherein the information processing device is a multifunction device. It is an information processing method executed by an information processing device.
A display process that displays a screen that includes a selection area for selecting the certificate renewal cycle for each of the multiple communication functions that use the certificate.
The renewal process of renewing the certificate for each of the plurality of communication functions based on the renewal cycle selected in the selected area, and
An information processing method characterized by including. A program for causing a computer to function as each means of the information processing apparatus according to any one of claims 1 to 8.

Images