JP4485785B2 - Electronic data processing system and electronic data processing method - Google Patents

Description

The present invention relates to electronic data processing systems and electronic data processing how relates child data processing system power for recording electronic data on a recording medium and electronic data processing how.

  In recent years, a display unit, a printing unit, an imaging unit, and the like are provided in one housing, and four types of programs that implement functions such as a printer, a copy, a facsimile, and a scanner are installed. Multifunctional image forming apparatuses (hereinafter referred to as “multifunction machines”) that function as printers, copiers, facsimiles, scanners, and the like are provided.

  In such a multi-function apparatus, not only a preinstalled program but also an application module (hereinafter simply referred to as “module”) provided by a portable recording medium such as an SD card is read. Some can add more functions.

  The ability to easily add functions by using an SD card or the like is particularly advantageous in that the expandability of the compound machine can be enhanced. On the other hand, since an SD card or the like can be easily referred to by other devices such as a PC (Personal Computer), a module stored in the medium is altered by a malicious user and the module is executed. This can also lead to problems with the fusion machine. It is also necessary to prevent unauthorized copying of modules stored in an SD card or the like.

  These problems can be avoided, for example, by recording the module on an SD card with the following configuration. FIG. 1 is a diagram illustrating a configuration example of a module in an SD card. The SD card 510 shown in FIG. 1 stores an SDID 511 and a module 512. The SDID 770 is information (ID) for identifying each SD card.

  The module 512 includes a module file 513, a license file 514, and the like. The module file 513 is a file in which a function realized by the module is mounted, and the license file 514 is a file in which module license information is stored.

  The module file 513 includes program data 515, a module electronic signature 516, and the like. The program data 515 is a module program itself. Therefore, the function of the module is realized by processing the program data 515. The module electronic signature 516 is data used to confirm the validity of the program data 515. That is, when the execution of the module is requested, the multi-function apparatus digitizes the program data 515 by, for example, a message digest, and compares the value with the value of the module electronic signature 516. If the two values are different, the multi-function peripheral rejects the execution of the program data 515 as incorrect data.

  The license file 514 includes license data 517, a license electronic signature 518, and the like. The license data 517 is data in which module license information (for example, an expiration date or the number of times of effective use) is recorded. Therefore, if the license recorded in the license data 517 is expired or the license file 514 does not exist, the program data 515 is not executed.

  The license electronic signature 518 is data for confirming the validity of the license data 517. That is, when the execution of the module is requested, the multi-function apparatus digitizes the license data 517 and the SDID 770 by, for example, a message digest, and compares the value with the value of the license electronic signature 518 to confirm the validity of the license data 517. If it is confirmed that the license data 517 is valid, the validity of the module license is determined based on the license data 517.

  As described above, by authenticating the program data 515 and the license data 517 using the module electronic signature 516 or the license electronic signature 518, it is possible to detect falsification of the program data 515, the license data 517, etc. Can be prevented.

  Further, by using the SDID 511 when authenticating the license data 515, the integrity of the module 512 and the SD card 510 is secured, and unauthorized copying of the module 512 can be prevented. That is, even if the module 512 is copied to another SD card, when the license data 517 is authenticated, a value quantified based on the license data 517 and the SDID of the other SD card is changed to the SD card. This is because it is possible to detect copying by comparing with the license electronic signature 518 based on the SDID 511 of 510.

  However, there is a demand that a bona fide user wants to “move” an arbitrary module from an SD card storing the module to another SD card for the purpose of organizing the medium. For example, there is a case where medium management is facilitated by consolidating modules distributed over a plurality of SD cards into one SD card having a large capacity.

  Here, “move” means that the module that is the source of the move is invalidated or deleted, as in the case of general file move. In other words, unlike copying, moving does not involve generating a new license, so it is difficult to consider the disadvantage of allowing moving.

  Nevertheless, the conventional method described above has a problem that the user cannot move the module between the media. Therefore, it is desired to realize a function that enables the movement of the module while ensuring safety. However, depending on the module provider, there may be a case where the movement is not permitted even if the safety is ensured.

The present invention has been made in view of the above points, and for electronic data that can be used only in a state recorded on a specific recording medium, the electronic data is different from the specific recording medium. thereby limiting the movement of the recording medium and to provide an electronic data processing systems and electronic data processing how capable.

  Accordingly, in order to solve the above problems, the present invention provides an information processing apparatus for recording electronic data on a recording medium as described in claim 1, wherein the medium identification information for identifying the recording medium and the information Signature information generating means for generating signature information of the electronic data based on the electronic data, and recording for recording the generated signature information, the electronic data, and duplication permission / inhibition information indicating whether or not the electronic data can be copied to the recording medium And a validation / invalidation means for validating or invalidating the electronic data.

  In such an information processing apparatus, information indicating whether or not the electronic data can be copied is recorded on the recording medium together with the electronic data. Therefore, a recording medium capable of restricting movement of the electronic data can be generated.

  Moreover, in order to solve the said subject, this invention is good also as the recording medium production | generation method in the said information processing apparatus, or the said recording medium.

According to the present invention, it is possible to limit movement of electronic data that can be used only in a state recorded on a specific recording medium to another recording medium different from the specific recording medium. it is possible to provide an electronic data processing systems and electronic data processing how.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 2 shows a block diagram of an embodiment of a compound machine according to the present invention. In the present embodiment, a specific example of the information processing apparatus will be described using a multifunction machine that is a multifunctional image forming apparatus. The compound machine 1 includes a plotter 11, a scanner 12, other hardware resources 13 such as a facsimile, a software group 20, and a compound machine starting unit 50. The software group 20 includes an application 30 and a platform 40.

  The application 30 performs processing unique to each user service related to image forming processing such as a printer, copy, facsimile, and scanner.

  The application 30 includes a printer application 31 that is a printer application having a page description language (PDL, PCL) and a postscript (PS), a copy application 32 that is a copy application, and a fax application 33 that is a facsimile application. A scanner application 34 that is a scanner application, and a net file application 35 that is a network file application.

  The platform 40 also interprets the processing request from the application 30 and generates a hardware resource acquisition request, and manages one or more hardware resources to arbitrate the acquisition request from the control service. A system resource manager (hereinafter referred to as SRM) 43 and an operating system (hereinafter referred to as OS) 41 are configured.

  The control service includes a system control service (hereinafter referred to as SCS) 42, an engine control service (hereinafter referred to as ECS) 44, a memory control service (hereinafter referred to as MCS) 45, an operation panel control service (hereinafter referred to as OCS) 46, and a fax. It is configured to have one or more service modules such as a control service (hereinafter referred to as FCS) 47 and a network control service (hereinafter referred to as NCS) 48.

  The platform 40 is configured to have an application program interface (hereinafter referred to as API) that can receive a processing request from the application 30 using a predefined function. The OS 41 is UNIX (registered trademark) or the like, and executes the software of the application 30 and the platform 40 in parallel as processes.

  The process of the SRM 43 performs system control and hardware resource management together with the SCS 42. For example, the process of the SRM43 is from an upper layer that uses the hardware resources of the engine, memory, HDD file, and host I / O (centro I / F, network I / F, IEEE 1394 I / F, RS232C I / F, etc.). Arbitrate and control execution according to request.

  Specifically, the SRM 43 determines whether the requested hardware resource is available (whether it is not used by another request), and if it is available, the requested hardware resource can be used. Notify the higher layer. In addition, the SRM 43 performs scheduling for using hardware resources in response to a request from an upper layer, and directly executes the request contents (for example, paper conveyance and image forming operation by the printer engine, memory allocation, file generation, etc.). ing.

  The process of the SCS 42 performs processing such as application management, operation unit control, system screen display, LED display, hardware resource management, and interrupt application control. The process of the ECS 44 controls engines such as the plotter 11, the scanner 12, and other hardware resources 13.

  The MCS 45 process performs memory control such as acquisition and release of image memory, use of HDD, compression and expansion of image data, and the like. The process of the OCS 46 controls an operation panel serving as information transmission means between the operator and the main body control.

  The FCS 47 process performs facsimile transmission / reception using the PSTN or ISDN network from each application layer of the system controller, registration / quotation of various facsimile data managed in the backup memory, facsimile reading, facsimile reception printing, and fusion transmission / reception. API is provided.

  The NCS 48 process provides a service that can be used in common for applications that require network I / O. Data received from each network according to each protocol is distributed to each application, and data from each application. Mediation when sending to the network side.

  For example, the NCS 48 controls data communication with network devices connected via a network by HTTP (HyperText Transfer Protocol Daemon) using HTTP (HyperText Transfer Protocol).

  The multi-function apparatus activation unit 50 is executed first when the multi-function apparatus 1 is powered on, and activates the platform 40 and the application 30.

  The multi-function apparatus 1 can process the processing commonly required for each application by the platform 40 in a centralized manner. Next, a hardware configuration of the multifunction machine 1 will be described.

  FIG. 3 is a hardware configuration diagram of an embodiment of the compound machine according to the present invention. 3 includes a controller 60, an operation panel 80, an FCU 81, and an engine unit 82.

  The controller 60 includes a CPU 61, a system memory 62, a north bridge (NB) 63, a south bridge (SB) 64, an ASIC 66, a local memory 67, an HDD 68, a network interface card (NIC) 69, a USB device 70, an IEEE 1394 device 71, and a Centronics 72. SD slot 75, SD slot 76, and the like.

  The operation panel 80 is connected to the ASIC 66 of the controller 60. Further, the FCU 81 and the engine unit 82 are connected to the ASIC 66 of the controller 60 via the PCI bus 83.

  In the controller 60, the local memory 67, the HDD 68, and the like are connected to the ASIC 66, and the CPU 61 and the ASIC 66 are connected via the NB 63 of the CPU chip set. The controller 60 corresponds to the case where the interface of the CPU 61 is not disclosed by connecting the CPU 61 and the ASIC 66 via the NB 63. The ASIC 66 and the NB 63 are connected via an AGP (Accelerated Graphics Port) 65.

  As described above, in order to control execution of one or more processes forming the application 30 and the platform 40 in FIG. 2, the ASIC 66 and the NB 63 are connected via the AGP 65 instead of the low-speed PCI bus. It is preventing.

  The CPU 61 performs overall control of the compound machine 1. The CPU 61 starts up and executes the SCS 42, SRM 43, ECS 44, MCS 45, OCS 46, FCS 47, and NCS 48 on the OS 41, and at the same time, the printer application 31, the copy application 32, the fax application 33, the scanner application 34, and the net file that form the application 30. The application 35 is activated and executed.

  The NB 63 is a bridge for connecting the CPU 61, system memory 62, SB 64, ASIC 66, NIC 69, USB device 70, IEEE 1394 device 71, and Centronics 72.

  The SB 64, NIC 69, USB device 70, IEEE 1394 device 711, and Centronics 72 are connected to the NB 63 via the PCI bus 73. The SB 64 is a bridge for connecting the PCI bus 73 to the ROM, peripheral devices, and the like.

  The SD slots 75 and 76 are slots for inserting SD cards, which are detachable recording media on which various application modules and the like are recorded. In other words, the multifunction machine 1 can perform function expansion using an application module recorded on the SD card. The user can further expand the function of the multi-function apparatus 1 by inserting an SD card in which an application module that realizes a necessary function is recorded into the SD slot 75 or 76.

  The system memory 62 is a memory used as a drawing memory or the like of the multifunction machine 1. The local memory 67 is a memory used as a copy image buffer and a code buffer.

  The ASIC 66 is an IC for use in image processing having hardware elements for image processing. The HDD 68 is an example of a storage (auxiliary storage device) that stores image data, document data, programs, font data, forms, and the like.

  The NIC 69 is an interface device that connects the MFP 1 to a network. The USB device 70, the IEEE 1394 device 71, and the Centronics 72 are interfaces conforming to the respective standards.

  The operation panel 80 is an operation unit that accepts an input operation from an operator and performs display for the operator. The FCU 81 has a backup memory. The memory of the FCU 81 is used for temporarily storing facsimile data received when the power of the multi-function apparatus 1 is OFF, for example.

  In the present embodiment, the processing (application module movement processing) in the MFP 1 when moving the application module recorded on the SD card inserted into the SD slot 75 to the SD card inserted into the SD slot 76. explain. Note that one or more application modules may be moved in one process.

  FIG. 4 is a diagram for explaining information stored in the SD card. As shown in FIG. 4, the SD card 77 stores an SDID 770, a license invalid flag 771, and one or more application modules such as application modules 772a, 772b, 772c, and 772d.

  The SDID 770 is information (ID) for identifying each SD card. The license invalid flag 771 is a flag for determining the validity of the application module stored in the SD card 77. That is, when the license invalid flag is ON, the multi-function device 1 rejects the execution of the application module 772a and the like, assuming that the application module in the SD card 77 is invalid.

  One application module includes a module file 773, a license file 774, and the like. The module file 773 is a file in which a function realized by the application module is mounted, and the license file 774 is a file in which license information of the application module is stored.

  The module file 773 includes program data 775, module information 776, a module electronic signature 777, and the like. The program data 775 is the application module program itself. Therefore, the function of the application module is realized by processing the program data 775 by the CPU 61. The module information 776 is attribute information of the application module, and includes a module name 781, a movement impossible flag 782, usable model information 783, electronic signature key information 784, and the like.

  The module name 781 is the name of the application module. The movement impossibility flag 782 is a flag indicating whether or not the application module can be moved to another SD card. The usable model information 783 is information for identifying a model (model of the multi-function apparatus 1) in which the application module can operate normally. The electronic signature key information 784 is key information for decrypting the encrypted module electronic signature 777 and license electronic signature 779.

  The module electronic signature 777 is data used to confirm the validity of the program data 775. That is, when the execution of the application module is requested, the MFP 1 digitizes the program data 775 by, for example, a message digest, decrypts the module electronic signature 777 with the electronic signature key information 784, and compares the values of both. To do. If the two values are different, the multi-function apparatus 1 rejects the execution of the program data 775 as being illegal data.

  The license file 774 includes license data 778, a license electronic signature 779, and the like. The license data 778 is data in which license information (for example, an expiration date or the number of times of effective use) of the application module is recorded.

  The license electronic signature 779 is data for confirming the validity of the license data 778. That is, when the execution of the application module is requested, the MFP 1 digitizes the license data 778 and the SDID 770 by, for example, a message digest or the like, and decrypts the license electronic signature 779 by using the electronic signature key information 784. The validity of the license data 778 is confirmed by comparing the values of. When it is confirmed that the license data 778 is valid, the multi-function apparatus 1 determines the validity of the license of the application module based on the license data 778.

  It is to be noted that when the validity of the license data 778 is confirmed, not only the license data 778 but also the SDID 770 can be taken into account to prevent unauthorized copying of the application module to another SD card. As described in the section.

  Here, the license invalid flag 771 will be described in more detail. In general, the movement of a file means a process of deleting a source file. In that sense, the movement process of the application module in the present embodiment is not strictly “move” but corresponds to “copy”. That is, in the present embodiment, the MFP 1 does not delete the source application module. This is to avoid a situation where the migration source is deleted and the application module is completely lost even if the migration destination is not generated, such as when a failure occurs during migration processing. It is.

  However, it is not desirable that the copy source application module remains usable after copying. As will be described later, the copy destination application module can be used according to the present invention. If the copy source application is still usable, the validity of the license data 778 is determined using the SDID 770. This is because there is no need to promote illegal copying.

  Therefore, after the copy, the license invalid flag 771 of the copy source SD card is turned ON, and the copy source application module is made unusable (invalidated) by software, thereby realizing a migration process in a pseudo manner. However, the present invention can be applied even when the migration source is invalidated by deleting the migration source application module in the same manner as a general migration.

  In FIG. 4, only one license invalid flag 771 is provided for the SD card 77. Such a configuration has the advantage of being a simple configuration when all application modules stored in the SD card 77 are moved simultaneously. However, for example, even when only the application module 772a is moved to another SD card, the license invalid flag 771 is turned ON, and it becomes impossible to execute other application modules that are not targeted for movement. There is an inconvenience.

  In order to avoid such inconvenience, a license invalid flag 771 may be provided for each application module.

  FIG. 5 is a diagram illustrating an example in which a license invalid flag is provided for each application module. In FIG. 5, the same parts as those in FIG. 4 are denoted by the same reference numerals, and the description thereof is omitted. In the SD card 77 in FIG. 5, the license invalid flag 771 does not exist. Instead, a license invalid flag 785 is provided as information constituting the module information 776 of each application module.

  When the license invalid flag 771 is provided for each application module as shown in FIG. 5, it is only necessary to turn on the license invalid flag of the application module to be migrated, and other applications stored in the migration source SD card. Modules can still be used. In the following, description will be made on the assumption of the configuration of FIG.

  FIG. 6 is a diagram illustrating a configuration example of a multi-function peripheral for realizing application migration processing. That is, FIG. 6 shows only components that are closely related to the application migration process extracted from FIG. Therefore, in FIG. 6, the same parts as those in FIG.

  In FIG. 6, an application A 36, an application B 37, an application C 38, and the like are expressed by abstracting various application modules (printer application 31, copy application 32, fax application 33, etc.) included in the application 30 in FIG. . However, the application A 36 and the like are not pre-installed in the multifunction machine 1 but are recorded in the SD slot 75 or the SD card inserted into the SD slot 36.

  In the present embodiment, the SCS 42 performs control of application module migration processing. In addition, the OCS 46 displays various screens related to the movement process of the application module on the operation panel 80 based on a request from the SCS 42.

  Hereinafter, the processing procedure of the multi-function apparatus 1 of FIG. 6 will be described. FIG. 7 is a flowchart for explaining the processing outline of the multi-function apparatus. First, it is selected whether the user moves the application module on the screen displayed on the operation panel or cancels the movement (UNDO) (S100). When the movement is selected, the application module movement process is started.

  That is, the log file confirmation process is executed (S200), and the migration process of the module file 773, the license file 774, and the like of the application module to be transferred is executed (S300).

  The movement cancellation process will be described after the details of the movement process, that is, the details of the log file confirmation process (S200) and the movement process (S300) of the module file 773 and the like are described.

  FIG. 8 is a flowchart for explaining log file confirmation processing.

  First, the SCS 42 obtains file information stored in the SD card that is the migration destination of the application module (here, the SD card inserted into the SD slot 76; hereinafter referred to as “destination SD card 761”). (S201), it is determined whether or not a log file exists in the transfer destination SD card 761.

  Here, the log file is a file generated in the migration destination SD card 761 in the process (S207) described later in order to record the progress of the migration process of the application module.

  FIG. 9 is a diagram illustrating an exemplary data structure of the log file. As shown in FIG. 9, in the log file, an identification number, an uncopied flag, a copying flag, a copied flag, a module name, and the like are recorded for each application module designated as a movement target.

  The identification number is a number for identifying each record. The copying flag and the copied flag are flags for identifying the status of the migration process of the application module, and that the copying of the module file 773 or the like has not started yet, that the module file 773 or the like is being copied, This is for identifying that copying of the module file 773 or the like has been completed. The module name is the name of the application module (module name 781).

  Note that the log file is deleted at the timing when the migration processing of all application modules that are migration targets is completed. Therefore, if the log file exists in the transfer destination SD card 761, the process proceeds to step S203, and the SCS 42 has terminated abnormally due to the cause of the previous application transfer process, for example, a power down during the process. Judge.

  Proceeding to step S204 following step S203, the SCS 42 determines whether or not the process can be continued (automatic recovery) from the time of abnormal termination, that is, from the state in which the process ends in the middle.

  If it is determined that automatic recovery is impossible, the process proceeds to step S205, and the SCS 42 uses the log file to store the application module copied to the destination SD card 761 until the process ends abnormally in the previous movement process. Judgment is made, and the module file 773 at the copy destination of the application module is deleted.

  If it is determined that automatic recovery is possible, the process advances to step S206, and the SCS 42 moves to the source SD card (here, the SD card inserted into the SD slot 75. Hereinafter, referred to as “source SD card 751”). ), The application module that was being copied or not copied at the time when the previous move process ended abnormally is searched based on the log file, and the move process of the module file 773 and the like is performed for the searched application module. Execute (S300).

  If it is determined in step S202 that the log file does not exist, the process proceeds to step S207, and the SCS 42 newly generates a log file in the transfer destination SD card 761.

  FIG. 10 is a diagram illustrating an initial state of the generated log file. FIG. 10 shows an example in which application modules having module names “C”, “D”, and “E” stored in the migration source SD card 751 are targeted for migration. Since all the application modules have not been copied yet, the value of the uncopied flag of each application module is “0” in the log file in the initial state.

  Progressing to step S300 following step S207, the SCS 42 executes a migration process of the module file 773 and the like.

  Note that in the migration process of the application module, the contents of the log file change as follows.

  FIG. 11 is a diagram illustrating a state of a log file when copying of one application module is started. FIG. 11 shows the state of the log file when the copy of the application module whose module name is “C” is started. As shown in FIG. 11, when copying is started, the value of the copying flag for the target application module becomes “0”.

  FIG. 12 is a diagram showing the state of the log file when copying of one application module is completed. FIG. 12 shows the state of the log file when the copy of the application module whose module name is “C” is completed. As shown in FIG. 12, when the copying is completed, the value of the copied flag for the target application module becomes “0”.

  Further, FIG. 13 is a diagram showing the state of the log file when copying of all application modules is completed. As shown in FIG. 13, the value of the copied flag for all application modules is “0”.

  Next, details of the migration process (S300) of the module file 773 and the like will be described. FIG. 14 is a sequence diagram for explaining the process of moving a module file or the like.

  First, based on a request from the SCS 42, the OCS 46 displays a screen for displaying a list of application modules stored in the movement source SD card 751 and the movement destination SD card 761 on the operation panel 80 (hereinafter referred to as “module list screen”). Is displayed (S301).

  FIG. 15 is a diagram illustrating a display example of the module list screen. In the module list screen 810 shown in FIG. 15, the types of application modules stored in the migration source SD card 751 or the migration destination SD card 761 are displayed in an area 811 and an area 812, respectively. From the areas 811 and 812, it can be seen that the application modules stored in the migration source SD card 751 and the migration destination SD card 761 are related to the printer function or the FAX function.

  In areas 813 and 814, a list of module names of application modules stored in the migration source SD card 751 and the migration destination SD card 761 is displayed. An area 815 displays the progress status (step) of the application module migration process.

  The user can grasp the approximate states of the movement source SD card 751 and the movement destination SD card 761 by referring to the module list screen 810.

  When the user selects the next button 816 to proceed with the migration process, the SCS 42 acquires the respective SDIDs 770 from the migration source SD card 751 and the migration destination SD card 761 (S302, S303).

  Progressing to step S304 following step S303, the SCS 42 determines the validity of the migration source SD card 751 by acquiring the value of the license invalid flag from the migration source SD card 751. If the value of the license invalid flag is ON, the SCS 42 interrupts the movement process. If the value of the license invalid flag is ON, it means that it has been a transfer process target as a transfer source in the past. This is because the application module is copied.

  In steps S305 and S306 following step S304, the SCS 42 acquires module information 776 of all application modules included in the migration source SD card 751 and migration destination SD card 761, respectively.

  Proceeding to step S307 following step S306, the SCS 42 calculates the capacity required for moving the application module and checks the value of the unmovable flag 782 of each application module to determine whether or not the move process is possible.

  Proceeding to step S 308 following step S 307, the SCS 42 acquires an empty area of the destination SD card 761 from the destination SD card 761. Progressing to step S309 following step S308, based on a request from the SCS 42, the OCS 46 displays detailed information such as application modules stored in the migration source SD card 751 and the migration destination SD card 761 on the operation panel 80. Screen (hereinafter referred to as “module detail screen”).

  FIG. 16 is a diagram illustrating a display example of the module detail screen. In the module details screen 820 shown in FIG. 16, the area 821 and the area 822 include areas used by the migration source SD card 751 in addition to the types of application modules stored in the migration source SD card 751 and the migration destination SD card 761. Alternatively, the unused area of the destination SD card 761 is displayed.

  In areas 823 and 824, a list of module names of application modules stored in the migration source SD card 751 and migration destination SD card 761 is displayed, and the status of each application module is further displayed for the migration source. Has been. For example, it is indicated that the module D is duplicated with the destination, and the module F is indicated that the license invalid flag 785 is ON. Further, it is indicated that the module G cannot be moved because the movement impossible flag 782 is ON.

  The user can grasp the detailed information of the migration source SD card 751 and the migration destination SD card 761 by referring to the module detail screen 820.

  When the user selects the next button 825 to proceed with the movement process, a screen (hereinafter referred to as “module selection screen”) for allowing the user to select an application module to be moved by the OCS 46 is displayed on the operation panel 80. (S310).

  FIG. 17 is a diagram illustrating a display example of the module selection screen. In the area 831 of the module selection screen 830 shown in FIG. 17, the user can select an application module to be moved. In the area 831, an application module with “×” in front of the module name cannot be made a transfer target because of duplication, a non-transferable flag is ON, or a license invalid flag is ON. Show.

  When the user selects the decision button 832 to proceed with the movement process, the SCS 42 recognizes an application module (hereinafter referred to as “target module”) to be moved based on the module selection screen 830 (S311), and the target module. The module file 773 and the license file 774 are copied from the migration source SD card 751 to the migration destination SD card 761 (S312 and S313).

  When the copying of all the target modules is completed, the process proceeds to step S315, and the SCS 42 disables the target module by turning on the license invalid flag 785 of the transfer target module. Here, in order to indicate that the license invalid flag 785 is ON, the value of the license invalid flag 785 may be the SDID value of the transfer destination SD card 761. This makes it possible to easily track the destination later.

  Progressing to step S315 following step S314, the SCS 42 writes the SDID 770 of the source SD card 751 into the destination SD card 761. Although details will be described later, the application module copied to the migration destination can be executed by writing the SDID 770 of the migration source SD card 751 to the migration destination SD card 761.

  Progressing to step S316 following step S315, the SCS 42 deletes the log file generated in the transfer destination SD card 761, and ends the transfer process.

  FIG. 18 is an image diagram showing the state of the application module moving process. In FIG. 18, the module file 773 and license file 774 of the migration source application module are copied to the migration destination SD card 761, the SDID 770 (SDIS # 1) of the migration source SD card 751 is written to the migration destination SD card 761, and The state where the license invalidation flag 785 is turned on is shown.

  In the above description, an example in which the module list screen 810, the module detail screen 820, the module selection screen 830, and the like are displayed to allow the user to select an application module to be moved has been described. When all application modules in the original SD card 751 are to be moved, it is not necessary for the user to select an application module to be moved, so that a simpler screen may be displayed.

  FIG. 19 is a diagram illustrating a simple screen example. First, an initial screen 840 for instructing the user to start the movement process is displayed. When the movement execution button 841 is selected, a confirmation screen 850 is displayed. When the execution button 851 is selected on the confirmation screen 850, a notification screen 860 for notifying that the movement processing is in progress is displayed, and when the processing ends, an end screen 870 is displayed. If an error occurs during processing, an error screen 880 is displayed.

  By the way, when executing the migration destination application module generated in the migration destination SD card 761 by the processing described with reference to FIG. 14, the MFP 1 performs the same authentication process on the license data 778 as in the past, that is, the migration destination SD card. If the authentication process using the SDID 770 of 761 is executed, the license data 778 is not authenticated and the transfer destination application module cannot be used. However, it does not make sense to move the application module.

  Then, the authentication process of the license data 778 by the multifunction machine 1 will be described next. FIG. 20 is a flowchart for explaining the license data authentication process.

  First, the SCS 42 performs electronic authentication of the license data 778 using the original SDID 770 of the SD card (hereinafter, referred to as “current SD card”) in which the application module to be authenticated is stored, as before ( S351). That is, the original SDID 770 and the license data 778 are digitized by, for example, a message digest, and the value is compared with the value of the license electronic signature 779.

  Proceeding to step S352 following step S351, the SCS 42 determines whether the authentication has succeeded (whether the compared values match). If it is determined that the authentication is successful, the SCS 42 ends the authentication process of the license data 778 normally. This is the case when the application module related to the authentication target is not transferred from another SD card to the current SD card.

  On the other hand, if it is determined in step S352 that the authentication has failed, the process proceeds to step S353, and the SCS 42 determines whether or not the SDID 770 (hereinafter referred to as “other SDID”) of another SD card is written in the current SD card. To check. If no other SDID is written, the SCS 42 abnormally terminates the authentication process by assuming that the license data 778 is invalid. Such a case corresponds to a case where the application module related to the authentication target is not moved but has been tampered with.

  If another SDID is written in the current SD card, the process proceeds to step S354, and the SCS 42 authenticates the license data 778 based on the other SDID. If it is determined that the authentication is successful, the SCS 42 normally ends the authentication process of the license data 778. A case where the application module related to the authentication target is moved from another SD card corresponds to such a case.

  If it is determined that the authentication has failed, the SCS 42 repeats the authentication process based on another “other SDID”, and if the authentication is successful, terminates normally. If the authentication is not performed by “SDID”, the process ends abnormally.

  As described above, according to the MFP 1 in the present embodiment, the application module that is authenticated based on the SDID 770 can be moved to another SD card in a state where it can be used at the destination, and moved. Application modules can be used.

  Further, since the migration source application module is invalidated and authentication is performed based on the SDID 770 when the migration destination application is used, unauthorized copying can be prevented as usual.

  In the above description, for example, the MFP 1 executes the movement process and authenticates the moved application module (license data 778) for the sake of convenience. However, the MFP 1 is moved with the device that executes the movement of the application module. The device that uses the application module need not be the same device. For example, it may take a form in which a migration process is executed in an information processing apparatus in which an application migration function is installed, and a destination application module is used in the multi-function apparatus 1.

  By the way, the SDID 770 of the migration source SD card 751 does not necessarily need to be written in the migration destination SDID 761, but may be written at least in a location (storage area) that can be referred to by the MFP 1 that executes the migration destination application module.

  For example, FIG. 21 is a diagram illustrating an example in which the source SDID is written to the hard disk of the multifunction peripheral. FIG. 21 shows an example in which the module file 773 and license file 774 of the application module to be moved are copied to the migration destination SD card 761 and the migration source SDID 770 is written to the HDD 68 of the MFP 1. .

  FIG. 22 is a diagram showing an example in which the source SDID is written in the NVRAM of the multifunction machine. FIG. 22 shows an example in which the module file 773 and the license file 774 of the application module to be moved are moved to the movement destination SD card 761, and the movement source SDID 770 is written in the NVRAM 910 of the MFP 1. .

  FIG. 23 is a diagram showing an example of writing the movement source SDID into the flash ROM of the multi-function peripheral. FIG. 23 shows an example in which the module file 773 and the license file 774 of the application module to be moved are moved to the movement destination SD card 761, and the movement source SDID 770 is written in the flash ROM 920 of the MFP 1. Yes.

  In the case shown in FIGS. 21 to 23, the multi-function apparatus 1 may execute the authentication process of the license data 778 using the SDID 770 written in the HDD 68, NVRAM 910 or flash ROM 920.

  Furthermore, the present invention is also applicable when the application module itself is moved to a storage area other than the SD card.

  FIG. 24 is a diagram illustrating an example of moving an application module to the hard disk of the multi-function peripheral. FIG. 24 shows an example in which the migration source SDID 770 is written in the HDD 68 of the MFP 1 and the module file 773 and license file 774 of the migration source are also moved to the HDD 68 of the MFP 1.

  FIG. 25 is a diagram showing an example of moving the application module to the flash ROM of the multi-function peripheral. FIG. 25 shows an example in which the migration source SDID 770 is written in the flash ROM 920 of the compound machine 1, and the module file 773 and license file 774 of the migration source are also moved to the flash ROM 920 of the compound machine 1. .

  By the way, if the application module is moved by mistake, or if the moved application module is to be used by the original SD card (source SD card 751) for some reason, the above-described movement processing is canceled. It is convenient if there is a function for this purpose (UNDO function). Then, the cancellation process of a movement process is demonstrated next. Before executing the cancellation process, it is necessary that the source SD card 751 is inserted into one of the SD slot 75 and the SD slot 76 and the destination SD card 761 is inserted into the other.

  First, the outline of the cancellation process will be described with reference to FIG. If execution of the cancellation process is selected by the user (S100, S150), the process proceeds to step S400, and the source SD card 751 and the transfer are performed in order to confirm whether the two SD cards have been subjected to the transfer process. Processing for acquiring each state from the previous SD card 761 is executed. Subsequently, the module file 773 and the license file of the application module copied to the migration destination SD card 761 in the migration process are deleted (S500). Further, the SDID 770 of the source SD card 751 written in the destination SD card 761 or another recording medium is deleted (S600).

  Details of the SD card status acquisition process (S400) and the application module deletion process (S500) at the migration destination will be described below.

  FIG. 26 is a sequence diagram for explaining the SD card status acquisition process.

  In step S401, the SCS 42 refers to the destination SD card 761, and determines whether the cancellation process has already been executed in the past, and at this time, the cancellation process has not been terminated halfway due to some trouble. Details of the determination method here will be described later.

  Progressing to step S402 following step S401, the SCS 42 checks whether the SDID 770 of the source SD card 751 is written in the destination SD card 761. As described above, in the migration process in the present embodiment, the SDID 770 of the migration source SD card 751 is written to the migration destination SD card 761. Therefore, when the SDID 770 of the migration source SD card 751 is not written in the migration destination SD card 761, the SCS 42 terminates the cancellation process on the assumption that the migration destination SD card 761 is not the migration destination for the migration source SD card 751.

  However, as described in FIGS. 21 and 22, when the migration source SDID 770 is written on a recording medium other than the migration destination SD card 761, it is confirmed whether the migration source SDID 770 exists on the recording medium. Good.

  Progressing to step S403 following step S402, the SCS 42 refers to the license invalid flag 785 of the application module in the migration source SD card 751 and confirms whether or not the migration source application module is invalidated. If not invalidated, the SCS 42 terminates the cancellation process on the assumption that the source SD card 751 is not the SD card that is the source.

  Subsequently, the SCS 42 acquires list information of module names of application modules stored in the migration destination SD card 761 and the migration source SD card 751 (S404, S405), and stores them in the migration destination SD card 761. It is confirmed whether there is an application module (hereinafter referred to as “duplicate module”) stored in the source SD card 751 among the application modules. That is, if the migration source SD card 751 is the migration source of the migration destination SD card 761, the migration source SD card 751 should store the same application module as the migration destination SD card 761.

  If the presence of the duplicate module cannot be confirmed, the SCS 42 terminates the cancellation process on the assumption that both SD cards have no correspondence in the movement process. If the presence of the duplicate module can be confirmed, the deletion process of the application module at the destination is executed assuming that the correspondence relationship between the two SD cards has been confirmed (S500).

  FIG. 27 is a flowchart for explaining application module deletion processing at the migration destination.

  In step S <b> 501, the SCS 42 acquires the SDID 770 (hereinafter referred to as “movement source SDID”) of the movement source SD card 751 from the movement source SD card 751.

  Progressing to step S502 following step S501, the duplicate module whose existence was confirmed in step S406 (FIG. 26) is set as a deletion candidate from the movement destination SD card 751, and the module name list information (hereinafter referred to as “deletion candidate list”). Is written in the destination SD card 761.

  In the following, processing is performed for application modules whose module names are included in the deletion candidate list, but only application modules included in the deletion candidate list are processed, which improves processing efficiency. Figured.

  Progressing to step S503 following step S502, the SCS 42 determines whether or not the module name exists in the deletion candidate list. If the module name exists, the process advances to step S504 to extract the module name existing at the head of the list from the deletion candidate list (hereinafter, the module name extracted here is referred to as “current module name”, and the current module name is This application module is referred to as a “current module”.)

  Proceeding to step S505 following step S504, the SCS 42 authenticates the license data 778 of the current module based on the migration source SDID, thereby confirming that the migration source of the current module is indeed the migration source SD card 751. To do.

  That is, an application module having the same module name as the application module existing in the movement source SD card 751 exists in the movement destination SD card 761 from the beginning (not moved), or another SD card. This is to prevent accidental deletion of such application modules.

  Proceeding to step S506 following step S505, the SCS 42 determines whether the current module is successfully authenticated. If it is determined that the authentication has succeeded, the process advances to step S507, and the SCS 42 assumes that the current module has been moved from the transfer source SD card 751, and the module file 703 and license file of the current module in the transfer destination SD card 761. 704 is deleted, and the license invalidation flag of the corresponding application module in the migration source SD card 751 is cleared (S508). The source application module can be used by clearing the license invalidation flag of the source application module.

  On the other hand, if it is determined in step 506 that the authentication has failed, the current module is not moved from the movement source SD card 751, and deletion of the current module is not executed.

  Progressing to step S509 following step S508 or step S506, the SCS 42 deletes the current module name from the deletion candidate list, and performs the processing from step S503 on all remaining application modules included in the deletion candidate list.

  Thereafter, the migration source SDID is deleted from the recording medium in which the migration source SDID is written, such as the migration destination SD card 761 (S600), and the cancellation process is completed. If the license invalidation flag is provided for each SD card instead of for each application module, the license invalidation flag 771 of the migration source SD card 751 may be cleared at the timing of step S600.

  In step S403, the deletion candidate list is used as a criterion for determining the success or failure of the previous cancellation process. That is, if there is a deletion candidate list remaining in the destination SD card 761, the SCS 42 assumes that the previous cancellation process has failed during the process, and executes the processing from step S503 onward based on the deletion candidate list.

  As described above, according to the MFP 1 in the present embodiment, after executing the application migration process, the migration source SD card 751 and the migration destination SD card 761 are returned to the state before the migration process is executed. be able to.

  Next, a method for generating the above-described SD card, that is, an SD card 77 in which information is recorded as shown in FIG. 5 (method for registering an application module in the SD card) will be described. The SD card 77 may be generated by the multifunction machine 1 or an information processing apparatus such as a PC. Hereinafter, an apparatus for generating the SD card 77 will be described as a medium generation apparatus.

  FIG. 28 is a diagram illustrating a functional configuration example of the medium generation device. As shown in FIG. 28, the medium generation device 200 includes a UI unit 201, an electronic signature generation unit 202, an encryption unit 203, a recording unit 204, and the like. A storage device such as a hard disk includes program data 775, a license, and the like. Data 778, a secret key 211, and the like are stored. The medium generating apparatus 200 has an SD slot, and an SD card 77 is inserted into the SD slot.

  The UI unit 201 is for displaying a screen for accepting input from the user. The electronic signature generation unit 202 is for generating a module electronic signature 777 and a license electronic signature 778 based on the program data 775 and license data 778. The encryption unit 203 is for encrypting the module electronic signature 777 and the license electronic signature 778 generated by the electronic signature generation unit 202 with the private key 211.

  The recording unit 204 uses the program data 775, information input by the user on the screen displayed by the UI unit 201, and information including the encrypted module electronic signature 777 as a module file 773. The license data 778 and the encrypted license electronic signature 778 are recorded on the SD card 77 as a license file 774.

  The program data 775 and license data 778 are as described in FIG. Here, it is assumed that what is generated in advance by the developer is stored in the hard disk of the medium generation device 200.

  FIG. 29 is a flowchart for explaining SD card generation processing by the medium generation device.

  In step S801, the UI unit 201 displays a screen (hereinafter referred to as “module information setting screen”) for allowing the user to input various attribute information constituting the module information 776 (FIG. 5) of the application module.

  FIG. 30 is a display example of the module information setting screen. In the module information setting screen 300 shown in FIG. 30, the type of application module registered in the SD card 77 can be input in the area 301. In the area 302, an application module to be registered can be designated, and values such as a migration impossibility flag 782, a license invalid flag 785, and usable model information 783 can be set for each application module.

  That is, by inputting the module name of the application module to be registered in the first column of the area 302, the application module to be registered is specified. In FIG. 30, it can be seen that the four application modules of modules A, B, C, and D are targeted.

  When the user inputs necessary items on the module setting screen 300 and selects the determination button 303, the process proceeds to step S802.

  In step S <b> 802, the digital signature generation unit 202 reads the SDID 770 from the SD card 77. Progressing to step S803 following step S802, the electronic signature generation unit 202 digitizes the license ID by quantifying the SDID 770 and the license data 778 of the application module specified as a registration target on the module information setting screen 300 by a message digest or the like. When the signature 779 is generated, the encryption unit 203 encrypts the generated license electronic signature 779 using the private key 211.

  Progressing to step S804 following step S803, the recording unit 204 records the license data 778 and the license electronic signature 779 on the SD card 77 as one file (license file 774).

  Proceeding to step S805 following step S804, the digital signature generation unit 202 digitizes the program data 775 of the application module specified as the registration target on the module information setting screen 300 by using a message digest or the like, thereby obtaining the module electronic signature 777. When generated, the encryption unit 203 encrypts the module electronic signature 777 using the private key 211.

  Progressing to step S806 following step S805, the recording unit 204 records the program data 775 and the module electronic signature 777 on the SD card 77 as one file (module file 773).

  Progressing to step S807 following step S806, the recording unit 204 adds an immovable flag 782 and usable model information 783 to the module file 773 recorded on the SD card 77 based on the information input on the module information setting screen 300. The license invalid flag 785 and the like are registered, and a public key (not shown) for decrypting the module electronic signature 777 and the like is registered in the module file 773 as the electronic signature key information 784.

  As described above, according to the medium generation device 200 in the present embodiment, the SD card 77 as shown in FIG. 4 or 5 can be generated. Here, since the module file 773 of the application module recorded on the SD card 77 includes a migration impossibility flag 782, the SD card 77 is a fusion that executes the migration of the application module recorded on the SD card 77. Execution of the movement of the application module can be restricted to the machine 1.

  In the above description, the SD card is mainly described as a specific example of the recording medium. However, the present invention can be applied to various recording media other than the SD card.

  Further, electronic data to be moved is not limited to a program such as an application module. For example, the present invention can be applied to various data such as image data, audio data, and moving image data that need to be protected from unauthorized copying.

  The preferred embodiments of the present invention have been described in detail above, but the present invention is not limited to such specific embodiments, and various modifications can be made within the scope of the gist of the present invention described in the claims.・ Change is possible.

It is a figure which shows the structural example of the module in an SD card. The block diagram of one Example of the compound machine by this invention is shown. The hardware block diagram of one Example of the compound machine by this invention is shown. It is a figure for demonstrating the information stored in SD card. It is a figure which shows the example which provided the license invalid flag for every application module. It is a figure which shows the structural example of the compound machine for implement | achieving the movement process of an application module. It is a flowchart for demonstrating the process outline | summary of a compound machine. It is a flowchart for demonstrating the confirmation process of a log file. It is a figure which shows the data structure example of a log file. It is a figure which shows the initial state of the produced | generated log file. It is a figure which shows the state of the log file when the copy of one application module is started. It is a figure which shows the state of the log file when the copy of one application module is completed. It is a figure which shows the state of the log file when the copy of all the application modules is completed. It is a sequence diagram for demonstrating movement processing, such as a module file. It is a figure which shows the example of a display of a module list screen. It is a figure which shows the example of a display of a module detailed screen. It is a figure which shows the example of a display of a module selection screen. It is an image figure which shows the mode of the movement process of an application module. It is a figure which shows the example of a simple screen. It is a flowchart for demonstrating the authentication process of license data. It is a figure which shows the example which writes SDID of a movement origin in the hard disk of a multi-functional machine. It is a figure which shows the example which writes the SDID of a movement origin in NVRAM of a multi-functional machine. It is a figure which shows the example which writes the SDID of a movement origin in the flash ROM of a multi-functional machine. It is a figure which shows the example which moves an application module to the hard disk of a compound machine. It is a figure which shows the example which moves an application module to the flash ROM of a compound machine. It is a sequence diagram for demonstrating the status acquisition process of SD card. It is a flowchart for demonstrating the deletion process of the application module in a movement destination. It is a figure which shows the function structural example of a medium production | generation apparatus. It is a flowchart for demonstrating the production | generation process of the SD card by a medium production | generation apparatus. It is a display example of a module information setting screen.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Compound machine 11 Plotter 12 Scanner 13 Hardware resource 20 Software group 30 Application 31 Printer application 32 Copy application 33 Fax application 34 Scanner application 35 Net file application 40 Platform 41 Operating system (OS)
42 System Control Service (SCS)
43 System Resource Manager (SRM)
44 Engine Control Service (ECS)
45 Memory Control Service (MCS)
46 Operation Panel Control Service (OCS)
47 Fax Control Service (FCS)
48 Network Control Service (NCS)
50 Fusion machine start-up unit 60 Controller 61 CPU
62 System memory 63 North Bridge (NB)
64 South Bridge (SB)
65 AGP (Accelerated Graphics Port)
66 ASIC
67 Local memory 68 Hard disk drive (HDD)
75, 76 SD slot 77 SD card 80 Operation panel 81 Fax control unit (FCU)
82 Engine Unit 121 HDD Check Program 122 File System 123 HDD Status Monitor Driver 124 HDD Access Driver 125 HDD
510 SD card 511 SDID
512 Application module 513 Module file 514 License file 515 Program data 516 Module digital signature 517 License data 518 License digital signature 751 Source SD card 761 Target SD card 770 SDID
771 License invalid flag 772a, 772b, 772c, 772d Application module 773 Module file 774 License file 775 Program data 776 Module information 777 Module electronic signature 778 License data 779 License electronic signature 781 Module name 782 Non-movable flag 783 Usable model information 784 Electronic Signature key information 785 License invalid flag 910 NVRAM
920 flash ROM

Claims (10)

An electronic data processing system having an electronic data recording device and an electronic data moving device,
The electronic data recording device comprises:
Display control means for displaying on the display means a screen for setting whether or not movement is possible for electronic data to be recorded on the first recording medium;
A signature for acquiring medium identification information for identifying each first recording medium from the first recording medium, and digitizing the medium identification information and the electronic data by a message digest to generate an electronic signature of the electronic data Generating means;
Recording means for recording, on the first recording medium, movement availability information indicating whether the electronic data can be moved based on the electronic data, the electronic signature, and the setting content of the screen;
The electronic data mover is
A second copy of the electronic data and electronic signature recorded on the first recording medium is provided when the movement permission / inhibition information recorded on the first recording medium indicates that movement is possible. Copying means to be generated on the recording medium of
Medium identification information recording means for acquiring the medium identification information of the first recording medium from the first recording medium and recording it in the storage means of the second recording medium or the electronic data moving device ;
Invalidating means for recording invalid flag information indicating that the electronic data is invalid on the first recording medium;
When the electronic signature generated based on the medium identification information of the second recording medium and the electronic data matches the electronic signature copied to the second recording medium, or the second An electronic signature generated on the basis of the medium identification information of the first recording medium and the electronic data recorded on the recording medium or the storage means , and the electronic signature copied on the second recording medium; An electronic data processing system comprising authentication means for determining that the electronic data can be used when the two match. The electronic data recording apparatus further includes an encryption unit for encrypting the electronic signature,
2. The recording unit records the electronic signature encrypted by the encryption unit, key information for decrypting the electronic signature, the electronic data, and the moveability information on the first recording medium. Electronic data processing system. It said recording means, according to claim 1 or 2 Symbol mounting electronic data processing system characterized in that it further record the model information indicating the type of equipment available to the electronic data to the first recording medium. The pre-authentication unit determines that the electronic data of the first recording medium is not usable when the electronic data is invalidated when the electronic data is invalidated. An electronic data processing system according to claim 1. 5. The electronic data processing system according to claim 1, wherein the first and second recording media are detachable recording media. An electronic data processing method executed by an electronic data processing system having an electronic data recording device and an electronic data moving device,
The electronic data recording device is
A display control procedure for displaying on the display means a screen for setting whether or not movement is possible for electronic data to be recorded on the first recording medium;
A signature for acquiring medium identification information for identifying each first recording medium from the first recording medium, and digitizing the medium identification information and the electronic data by a message digest to generate an electronic signature of the electronic data Generation procedure,
Executing a recording procedure for recording on the first recording medium movement allowance information indicating whether the electronic data can be moved based on the electronic data, the electronic signature, and the setting content of the screen;
The electronic data moving device is
A second copy of the electronic data and electronic signature recorded on the first recording medium is provided when the movement permission / inhibition information recorded on the first recording medium indicates that movement is possible. Duplication procedure to be generated on the recording medium of
A medium identification information recording procedure for acquiring the medium identification information of the first recording medium from the first recording medium and recording it in the storage means of the second recording medium or the electronic data moving device ;
An invalidation procedure for recording invalid flag information indicating that the electronic data is invalid on the first recording medium;
When the electronic signature generated based on the medium identification information of the second recording medium and the electronic data matches the electronic signature copied to the second recording medium, or the second An electronic signature generated on the basis of the medium identification information of the first recording medium and the electronic data recorded on the recording medium or the storage means , and the electronic signature copied on the second recording medium; An electronic data processing method for executing an authentication procedure for determining that the electronic data can be used when the two match. The electronic data recording device further executes an encryption procedure for encrypting the electronic signature,
The recording procedure is the encryption procedure electronic signature encrypted in the key information for decrypting the electronic signature, the electronic data, and according to claim 6 for recording the movement permission information to said first recording medium Electronic data processing method. The recording procedure is further claim 6 or 7 Symbol mounting electronic data processing method of the model information indicating the type of equipment available electronic data to and recording the first recording medium. Before the authentication procedure, when the electronic data of the first recording medium is a usage target, if the electronic data is disabled utilized and determines one of claims 6 to 8 is not possible An electronic data processing method according to claim 1. It said first and second recording media, electronic data processing method as claimed in any one of claims 6-9, characterized in that it is insertable recording medium.

Images