JP5614197B2 - Communication device and management system - Google Patents

Description

  The present invention provides a communication device that communicates with a terminal device and a management device that manages the terminal device, the terminal device, the management device, and the communication device (a mediation device that mediates communication between the terminal device and the management device). It relates to a management system provided.

Conventionally, in a management system that manages terminal devices (hereinafter also referred to as “devices”) such as image forming apparatuses (for example, copiers, facsimile apparatuses, printers, multifunction peripherals, or printing machines) having a communication function, scanner apparatuses, etc. It is important to ensure security appropriately.
Therefore, in such a management system, for example, for the purpose of making it difficult to “tamper” by an unauthorized user or “spoofing” to an authorized user, for example, a terminal device (for example, a Linux base (Linux) : A terminal device equipped with a client-specific OS (registered trademark)) and a management device as a server device, mutual authentication using a secure socket layer (SSL) (abbreviated as “SS”) and Encrypted communication is performed.

SSL is a protocol that encrypts and transmits information on the Internet. Data is eavesdropped, “tampered”, and “spoofed” using a combination of security technologies including public key encryption, private key encryption, digital certificates, and hash functions. It is a technology that can prevent
In order to carry out the communication by SSL, both the terminal device and the management device need to hold a certificate in a predetermined format using electronic data.

  Conventionally, the communication terminal transmits the model number information of the terminal device that sets the certificate to the certificate management device together with the certificate issuance request, and the identification information transmitted together with the issuance request is sent in response to the request. Since the certificate management device issues and sends a certificate that includes it, the communication terminal receives it and the image having the same model number as the model number information included in the electronic certificate via the factory terminal There is a management system (see, for example, Patent Document 1) in which a unique certificate is appropriately assigned to each of a plurality of image devices by setting the device (terminal device).

In recent years, in order to increase the security function strength of a management system, it has been studied to increase the key length of a public key of a certificate used for SSL mutual authentication between a terminal device and the management device in the management system.
As described above, in order to increase the strength of the security function, a new certificate that can be issued with a longer public key length is different from the existing CA that issues a certificate with a shorter public key length on the management system. It is necessary to operate a valid certificate authority (also referred to as “Certificate Authority”).

  However, the management system described in Patent Document 1 does not consider the operation of a plurality of CAs that issue certificates of different formats or corresponding to different authentication processes. For example, the management system operates with a certificate with a short key length. When terminal devices and terminal devices that operate with certificates with long keys are mixed, security strength is easily maintained while maintaining backward compatibility for the security of communication between the terminal device and the management device due to the following reasons: There was a problem that it could not be raised.

The cause of the above problem is that the issuer of each certificate held by the terminal device and the intermediary device that manages it is different, so the validity of the certificate sent by the communication partner cannot be confirmed. It is possible that authentication will not be successful.
The present invention has been made in view of the above points, and operates a plurality of CAs that issue certificates of different formats or corresponding to different authentication processes, and security of communication between the terminal device and the management device. The purpose is to make it possible to easily increase the security strength while maintaining backward compatibility.

In order to achieve the above object, the present invention provides a communication device shown in the following (1) to ( 3 ) and a management system shown in ( 4 ) to ( 6 ), respectively.
(1) A communication device, a first storage unit for storing a communication device for communicating with a terminal device and a management device for managing the terminal device, and identification information for uniquely identifying the communication device And a certificate for the communication device to be authenticated by the communication partner device, and confirmation data for confirming the validity of the certificate issued by the specific issuer transmitted from the communication partner device The second storage means for storing the information, the management device address storage means for storing the address information of the management apparatus as the communication destination, and the confirmation data stored in the second storage means are transmitted from the terminal device. If the validity of the certificate cannot be confirmed because it does not correspond to the issuer of the certificate to be issued, the management device address storage means stores the communication destination management device according to the address information. First Of the identification information storage means stores, sends a certificate source information transmitted from the terminal device, the update certificate of the communication device to the management device of the communication destination Of the data transmitted from the management device in response to a request from the certificate update requesting unit requesting acquisition, the certificate update requesting unit issued by the issuer indicated by the information transmitted to the management device The second storage means stores the certificate of the communication device and the confirmation data for confirming the validity of the certificate issued by the issuer as a new certificate and confirmation data used for authentication. In addition, there is provided certificate setting means for storing address information of a management apparatus as a communication destination by communication using the new certificate in the management apparatus address storage means .

( 2 ) A communication device, a first storage unit for storing a terminal device and a communication unit for communicating with a management device that manages the terminal device, and identification information for uniquely identifying the communication device A second storage means for storing identification information of the terminal device as a communication partner and address information of the terminal device, a certificate of the communication device for receiving authentication from the communication partner device, and a communication partner device The third storage means for storing the confirmation data for confirming the validity of the certificate issued by the specific issuer and the management for storing the address information of the management apparatus as the communication destination A device address storage unit, a reception unit that receives an instruction to update the certificate stored in the third storage unit, and a certificate issued by which issuer is acquired as the certificate of the communication device. Indicate Information, and issuing storing means for updating stored and modified, if the reception unit receives the instruction to update the certificate, in accordance with the address information which the management device address storage means for storing, managing communication destination The identification information stored in the first storage means and the issuer information stored in the issuer storage means are transmitted to the apparatus, and the communication apparatus is updated to the communication destination management apparatus. A certificate renewal requesting unit for requesting acquisition of a certificate for use, and an issuer indicated by information transmitted to the management device among data transmitted from the management device in response to a request by the certificate renewal requesting unit The communication device certificate issued by, and the confirmation data for confirming the validity of the certificate issued by the issuer are used as a new certificate and confirmation data used for authentication. A certificate setting unit that stores in the management device address storage unit address information of a management device that is a communication destination by communication using the new certificate , and at least the certificate update request. Before the means requests the management device to obtain a certificate for updating, the terminal device stores the identification information stored in the terminal device from each terminal device whose identification information is registered in the second storage device. Acquire certificate issuer information, and for each update required terminal device, the issuer of which is different from the issuer stored in the issuer storage means , the identification information of the update required terminal device and the above As the publisher information publisher storage means for storing, in accordance with the address information stored in the management device address storage means, and transmits to the communication destination management device, the management device of the communication destination Update requests the acquisition of the update certificate of the terminal device, the request depending on transmitted from the management device of the communication destination, the issuing storage means issued by the publisher to store its main update terminal And a certificate transmission means for transmitting the confirmation data for confirming the validity of the certificate issued by the issuer stored in the issuer storage means to the terminal device requiring update. Is.

( 3 ) A first storage means for storing a communication device for communicating with a terminal device and a management device for managing the terminal device, and identification information for uniquely identifying the communication device. A second storage means for storing identification information of the terminal device as a communication partner and address information of the terminal device, a certificate of the communication device for receiving authentication from the communication partner device, and a communication partner device The third storage means for storing the confirmation data for confirming the validity of the certificate issued by the specific issuer and the management for storing the address information of the management apparatus as the communication destination A device address storage unit, a reception unit that receives an instruction to update the certificate stored in the third storage unit, and a certificate issued by which issuer is acquired as the certificate of the communication device. Indicate Information, and issuing storing means for updating stored and modified, if the reception unit receives the instruction to update the certificate, in accordance with the address information which the management device address storage means for storing, managing communication destination The identification information stored in the first storage means and the issuer information stored in the issuer storage means are transmitted to the apparatus, and the communication apparatus is updated to the communication destination management apparatus. A certificate renewal requesting unit for requesting acquisition of a certificate for use, and an issuer indicated by information transmitted to the management device among data transmitted from the management device in response to a request by the certificate renewal requesting unit The communication device certificate issued by, and the confirmation data for confirming the validity of the certificate issued by the issuer are used as a new certificate and confirmation data used for authentication. A certificate setting unit that stores in the management device address storage unit address information of a management device that is a communication destination by communication using the new certificate , and at least the certificate update request. Before the means requests the management device to obtain a certificate for updating, the terminal device stores the identification information stored in the terminal device from each terminal device whose identification information is registered in the second storage device. Obtain the certificate issuer information and the address information indicating which address is used to authenticate the communication partner's device when it is accessed. for each updatable terminal apparatus acquired the publisher storage means publisher has is included publisher store, address of the updatable terminal device storing in the second storage means Information, is provided with a terminal information updating means for updating the issuer and the corresponding address information that the issuer storage means received from the updatable terminal device stores.

( 4 ) A management system comprising a terminal device, a plurality of management devices for managing the terminal device, and an intermediary device that mediates communication between the terminal device and the management device. A first storage means for storing identification information for uniquely identifying the mediation device in the device, a certificate of the mediation device for receiving authentication from the communication partner device, and a communication partner device. Second storage means for storing confirmation data for confirming the validity of a certificate issued by a specific issuer , and a management apparatus address storage for storing address information of a management apparatus as a communication destination And the verification data stored in the second storage means does not correspond to the issuer of the certificate transmitted from the terminal device, so that the validity of the certificate cannot be confirmed. Management device add In accordance with the address information scan storage means for storing, to the communication destination management device, the first identification information storage means stores, and the terminal certificate issuer information transmitted from the device Is sent from the management apparatus in response to a request from the certificate update requesting means, and a certificate update requesting means for requesting the management apparatus of the communication destination to obtain a certificate for updating the mediation apparatus. Among the data to be received, the certificate of the mediation device issued by the issuer indicated by the information transmitted to the management device, and confirmation data for confirming the validity of the certificate issued by the issuer, A new certificate used for authentication and confirmation data are stored in the second storage means , and the address of the management device as a communication destination by communication using the new certificate is set as the management device address. And a certificate setting means for storing it in a memory storage means, and when at least one of the management devices is requested to obtain the update certificate from the mediation device, the identification information received from the mediation device Is sent to the issuer of the certificate indicated by the issuer information received from the intermediary device, and issuance of a new certificate including the identification information from the issuer, Certificate acquisition means for acquiring a new certificate issued based on a request by the certificate issuing request means, and confirmation for acquiring confirmation data for confirming the validity of the certificate issued by the issuer a data acquisition unit, and a new certificate the certificate obtaining unit has obtained, and the confirmation data which the confirmation data acquisition means has acquired, the management device to the communication destination by communication using the new certificate Ad A scan information provided and certificate transmitting means for transmitting to the intermediary device, to the terminal device, transmitted and certificate of the terminal device for receiving an authentication device of the communication partner, the communication partner device Third storage means for storing confirmation data for confirming the validity of the certificate, and the certificate of the terminal device stored in the third storage means in the intermediary device for authentication. Certificate providing means for transmission is provided.

( 5 ) A management system comprising a terminal device, a plurality of management devices for managing the terminal device, and an intermediary device that mediates communication between the terminal device and the management device. A first storage means for storing identification information for uniquely identifying the mediation apparatus in the apparatus; a second storage means for storing identification information of the terminal apparatus as a communication partner and address information of the terminal apparatus; A certificate of the intermediary device for receiving authentication from the communication partner device, and confirmation data for confirming the validity of the certificate issued by the specific issuer transmitted from the communication partner device; A third storage means for storing the address, a management apparatus address storage means for storing address information of the management apparatus as the communication destination, and an instruction to update the certificate stored in the third storage means Accepting means As a certificate of the intermediary device, information indicating whether to obtain a certificate which issuer issued, the issuing storage means for updatable store, the instruction to the reception unit to update the certificate When accepted, according to the address information stored in the management device address storage unit, the identification information stored in the first storage unit and the issuer storage unit store in the communication destination management device. And a certificate update requesting means for requesting the management apparatus of the communication destination to obtain a certificate for updating the intermediary apparatus, and in response to a request by the certificate update requesting means Among the data transmitted from the management device, for confirming the validity of the certificate of the mediation device issued by the issuer indicated by the information transmitted to the management device and the certificate issued by the issuer The confirmation data is stored in the third storage means as a new certificate and confirmation data to be used for authentication , and the address of the management apparatus as a communication destination by communication using the new certificate is Identification information is registered in the second storage means before the certificate setting means to be stored in the management apparatus address storage means and at least the certificate update request means requests the management apparatus to obtain a certificate for updating. From each terminal device, the information of the issuer of the certificate of the terminal device stored in the terminal device is obtained, and the issuer of the terminal device stores the issuer stored in the issuer storage unit for the original and each different main update terminal device, address information of the publisher of the information identification information and the issuer storage means of the main update terminal device stores, the management device address storage means for storing According, transmits to the communication destination management unit, to request to acquire the certificate for updating the main update terminal device in the management device of the communication destination, it is transmitted from the management device of the communication destination in accordance with the request come, the certificate of the issuing storage means its main update terminals publisher for storing issued, confirmation for confirming the validity of the certificate the issuer storing means issued by publisher store And a certificate transmission means for transmitting the data to the update terminal device that needs to be updated, and when at least one of the management devices is requested to acquire the certificate for updating from the mediation device, A certificate issuance request means for transmitting the identification information received from the mediation device to the issuer of the certificate indicated by the issuer information received from the mediation device, and requesting the issuance of a new certificate including the identification information; From the above publisher, Certificate acquisition means for acquiring a new certificate issued based on a request by the certificate issuing request means, and confirmation for acquiring confirmation data for confirming the validity of the certificate issued by the issuer a data acquisition unit, and a new certificate the certificate obtaining unit has obtained, and the confirmation data which the confirmation data acquisition means has acquired, the management device to the communication destination by communication using the new certificate Certificate transmitting means for transmitting address information to the intermediary device is provided, and the terminal device receives a certificate of the terminal device for receiving authentication from the communication partner device, and is transmitted from the communication partner device. A fourth storage means for storing confirmation data for confirming the validity of the certificate; a fifth storage means for storing identification information for uniquely identifying the terminal apparatus; Upon request In response, the identification information transmitting means for transmitting the identification information of the terminal device stored in the fifth storage means to the mediating device, and the certificate and confirmation of the terminal device transmitted from the mediating device There is provided a second certificate setting means for storing data in the fourth storage means as a new certificate used for accessing the communication partner and confirmation data.

( 6 ) A management system comprising a terminal device, a plurality of management devices for managing the terminal device, and an intermediary device that mediates communication between the terminal device and the management device. A first storage means for storing identification information for uniquely identifying the mediation apparatus in the apparatus; a second storage means for storing identification information of the terminal apparatus as a communication partner and address information of the terminal apparatus; A certificate of the intermediary device for receiving authentication from the communication partner device, and confirmation data for confirming the validity of the certificate issued by the specific issuer transmitted from the communication partner device; A third storage means for storing the address, a management apparatus address storage means for storing address information of the management apparatus as the communication destination, and an instruction to update the certificate stored in the third storage means Accepting means As a certificate of the intermediary device, information indicating whether to obtain a certificate which issuer issued, the issuing storage means for updatable store, the instruction to the reception unit to update the certificate When accepted, according to the address information stored in the management device address storage unit, the identification information stored in the first storage unit and the issuer storage unit store in the communication destination management device. And a certificate update requesting means for requesting the management apparatus of the communication destination to obtain a certificate for updating the intermediary apparatus, and in response to a request by the certificate update requesting means Among the data transmitted from the management device, for confirming the validity of the certificate of the mediation device issued by the issuer indicated by the information transmitted to the management device and the certificate issued by the issuer The confirmation data is stored in the third storage means as a new certificate and confirmation data to be used for authentication , and the address of the management apparatus as a communication destination by communication using the new certificate is Identification information is registered in the second storage means before the certificate setting means to be stored in the management apparatus address storage means and at least the certificate update request means requests the management apparatus to obtain a certificate for updating. The information of the issuer of the certificate of the terminal device stored in the terminal device and the certificate to be authenticated by the communication partner device when accessed by each terminal device obtains the address information indicating whether to use, among the respective terminal devices, each updatable terminal apparatus the issuer that the acquired the publisher storage means contains publisher store Terminals have been, and updates the address information of the second of the updatable terminal device stored in the storage means, the issuer and the corresponding address information that can be updated terminal that issued the original storage means received from the device stores Provided with an information update means, and when at least one of the management devices is requested from the mediation device to obtain the update certificate, the identification information received from the mediation device is received from the mediation device. The certificate issuance request means for requesting the issuance of a new certificate including the identification information is sent to the issuer of the certificate indicated by the issued issuer information, and the certificate issuance request means from the issuer Certificate obtaining means for obtaining a new certificate issued based on the request and confirmation data obtaining means for obtaining confirmation data for confirming the validity of the certificate issued by the issuer , And a new certificate the certificate obtaining unit has obtained, and the confirmation data which the confirmation data acquisition means has acquired, and the address information of the management device to the communication destination by communication using the new certificate A certificate transmitting means for transmitting to the intermediary device, in order for the terminal device to be associated with a plurality of different addresses of the terminal device and to receive authentication from the communication partner device when the address is accessed; A fourth storage means for storing, as data to be used, a certificate of the terminal device issued by each different issuer, and confirmation data for checking the validity of the certificate issued by the issuer; In response to a request from the intermediary device, based on the information stored in the fourth storage means, information on the issuer of the certificate of the terminal device stored in the terminal device and which address Address information transmitting means for transmitting to the intermediary device address information indicating whether the certificate is to be used to authenticate the communication partner device when the device is accessed.

  According to the communication apparatus and the management system including the communication apparatus of the present invention as described above, a plurality of CAs issuing certificates corresponding to different formats or different authentication processes are operated, and the terminal apparatus and the management apparatus are It is possible to easily increase the security strength while maintaining backward compatibility with respect to the security of communication between the two.

1 is a conceptual diagram illustrating a network configuration example of an image forming apparatus management system which is an embodiment of a management system including a mediation apparatus according to the present invention. FIG. 2 is a block diagram illustrating a hardware configuration example of the image forming apparatus 20 in FIG. 1. It is a block diagram which shows each hardware structural example of the 1st management apparatus 30 and the 2nd management apparatus 40 of FIG. It is a block diagram which shows each hardware structural example of 1st CA50 of FIG. 1, and 2nd CA60. It is a block diagram which shows the hardware structural example of the mediation apparatus 80 of FIG. FIG. 3 is a block diagram illustrating a functional configuration example of the image forming apparatus 20 illustrated in FIG. 2. It is a figure which shows the detailed example of the security information map memorize | stored and held by the security information map memory | storage part 255 of FIG. It is a block diagram which shows the function structural example of the 1st management apparatus 30 and the 2nd management apparatus 40 which were shown in FIG. It is a figure which shows the detailed example of the map information memorize | stored and held by the map information storage part 351 of FIG. It is a block diagram which shows the function structural example of 1st CA50 and 2nd CA60 shown in FIG. It is a block diagram which shows the function structural example of the mediation apparatus 80 shown in FIG. It is a figure which shows the detailed example of the map information memorize | stored and hold | maintained at the map information storage part 854 of FIG. FIG. 12 is a diagram illustrating a detailed example of a security information map stored and held in a security information map storage unit 856 in FIG. 11. FIG. 2 is a diagram illustrating a configuration example of an individual certificate package used when each image forming apparatus including the image forming apparatus of FIG. 1 performs authentication processing by SSL with each intermediary apparatus including the intermediary apparatus. FIG. 7 is a sequence diagram for explaining authentication processing by SSL using an individual certificate package between the image forming apparatus 20 and the mediation apparatus 80 in FIG. 1. FIG. 3 is a diagram illustrating an example of an operation sequence of the mediation device 80 and the first management device 30 when updating the security strength information of the mediation device 80 in the image forming apparatus management system illustrated in FIG. 1. 6 is a diagram illustrating an example of an operation sequence of the image forming apparatus 20, the mediating apparatus 80, and the first management apparatus 30 when the security strength information of the image forming apparatus 20 is updated. FIG. It is a figure which similarly shows the 1st Example of the operation | movement sequence of each apparatus at the time of updating a certificate. It is a figure which similarly shows the 2nd Example of the operation | movement sequence. It is a figure which similarly shows the 3rd Example of the operation | movement sequence. It is a figure which similarly shows the 4th Example of the operation | movement sequence. It is a figure which similarly shows the 5th Example of the operation | movement sequence. It is a figure which similarly shows the 6th Example of the operation | movement sequence. FIG. 2 is a diagram illustrating a detailed example of a security information map acquired from the image forming apparatus 20 by the mediation apparatus 80 in FIG. 1.

Hereinafter, embodiments for carrying out the present invention will be specifically described with reference to the drawings.
[Management system network configuration]
First, an outline of an image forming apparatus management system which is an embodiment of a management system including a mediation apparatus according to the present invention will be described.

FIG. 1 is a conceptual diagram illustrating a network configuration example of the image forming apparatus management system.
The image forming apparatus management system includes one or more firewalls 10,..., An intermediary apparatus 80,.・ ・ And The management devices 30, 40,... Can access certificate authorities (CA) 50, 60,.

  The communicable connection between the firewall 10 and the intermediary device 80 and the communicable connection between the intermediary device 80 and the terminal device 20 are a network such as a LAN (Local Area Network) not shown (whether wired or wireless). Or via a communication path such as connection conforming to the USB standard, serial communication conforming to the RS-485 standard, or parallel communication conforming to the SCSI (Small Computer System Interface) standard. . Communication between the firewall 10,..., The management devices 30, 40,... And the certificate authorities 50, 60,... Can be made via a network 70 such as a LAN or the Internet. .

The firewall 10, the intermediary device 80, and the terminal device 20 are installed at a user site such as an office where the terminal device 20 is installed, and a plurality of such user sites may exist. Note that, at a user site where a terminal device having a function of an intermediary device is installed, the terminal device and the firewall 10 are connected so as to be directly communicable.
The terminal device 20 is an image forming apparatus (image processing apparatus) such as a scanner, a copying machine, a printer, a facsimile machine, or a multifunction machine having these functions. It corresponds to what is done.

  This terminal device (hereinafter also referred to as “image forming apparatus” or “apparatus”) 20 stores information to be monitored (information indicating various counter values, operating conditions, etc., hereinafter referred to as “apparatus information”) with its own program. The device 30 collects the device information by encrypted communication (for example, Secure Socket Layer (SSL) communication) through mutual authentication using a certificate issued by the first CA 50 or the second CA 60 or the like. Or forward to 40 etc. The management devices 30 and 40 are also referred to as a first management device 30 and a second management device 40, respectively. In this embodiment, communication between the image forming apparatus 20 and an external device (communication partner device) on the network 70 is often performed via the mediation device 80. However, for convenience of explanation, the mediation device 80 is used. Sometimes omitted.

The mediation device 80 is a device that mediates communication between the terminal device 20 and the first management device 30 or the second management device 40.
The management apparatuses 30 and 40 belong to a monitoring site of the image forming apparatus 20 (for example, a manufacturer of the image forming apparatus 20 or a maintenance service provider of the image forming apparatus 20), and a normal management system including the image forming apparatus 20 It is an information processing apparatus (computer) that provides an image equipment monitoring service for receiving and storing equipment information from the image forming apparatus 20 during operation.
In addition, the management devices 30 and 40 perform processing for ensuring safety such as communication, which is performed from the image forming device 20 to the management device 30 or 40 before the monitoring operation of the image forming device 20 is started. In FIG. 5, mediation between the image forming apparatus 20 and the CA 50 or 60 is performed. CA50 and 60 are also referred to as a first CA50 and a second CA60, respectively.

More specifically, in response to a request from the image forming apparatus 20, a private key (client private key) or a public key certificate (client public key certificate, certificate authority public key certificate) unique to each image forming apparatus 20 Is issued to the CA 50 or 60 and the individual certificate package issued by the CA 50 or CA 60 is returned to the image forming apparatus 20. The individual certificate package is used for mutual authentication and encrypted communication with the management apparatus 30 or 40 when the image forming apparatus 20 transfers device information.
In this embodiment, the individual certificate package is an electronic certificate package based on PKCS (Public Key Cryptography Standards).
The PKCS is a group of various standards based on public key cryptography defined by RSADSI. Some are adopted in RFC (Request for Comments) and become an Internet standard.

CAs 50 and 60 are certificate authorities managed by a so-called certificate authority, and are individual certificates of electronic certificates (generally referred to as “certificates”) that are electronic identification certificates in the management system for the image forming apparatus 20. An information processing apparatus (computer) that issues and manages packages.
In this embodiment, the CAs 50 and 60 ensure the uniqueness of the individual certificate package.

CA50 and CA60 issue certificates of different issuers.
In this embodiment, each management device including the first management device 30 and the second management device 40 is also used for authentication for communicating with each required CA among the CAs including the first CA 50 and the second CA 60, respectively. A certificate is stored and held in advance.

[Hardware configuration of image forming apparatus]
Next, a hardware configuration of the image forming apparatus (terminal apparatus) 20 in FIG. 1 will be described.
FIG. 2 is a block diagram illustrating a hardware configuration example of the image forming apparatus 20.
For example, as shown in FIG. 2, the image forming apparatus 20 includes a CPU 21, a ROM 22, a RAM 23, a nonvolatile memory 24, a communication interface (I / F) 25, a display panel 26, and an engine unit 27. They are connected by a system bus 28.

The CPU 21 is a control unit that performs overall control of the entire image forming apparatus 20, and includes various functions related to the features of the present invention by executing various programs recorded (stored) in the ROM 22 or the nonvolatile memory 24. Implement various functions.
The ROM 22 is a nonvolatile storage unit, and stores data including programs executed by the CPU 21 and fixed parameters. The ROM 22 may be configured as a rewritable storage means so that the program and data including fixed parameters can be updated.

The RAM 23 is a storage means for storing temporarily used data or used as a work memory for the CPU 21.
The nonvolatile memory 24 is a rewritable nonvolatile storage means such as a flash memory or an HDD (hard disk drive), and is retained even after the program executed by the CPU 21 or the image forming apparatus 20 is turned off. Data including parameter values that need to be stored is stored. A certificate that is an individual certificate package of the image forming apparatus 20 may also be stored in the nonvolatile memory 24.

The communication I / F 25 is an interface (communication means) for connecting the image forming apparatus 20 to a communication path such as a network. For example, the communication I / F 25 can be a network interface for performing Ethernet (registered trademark) communication. .
And when communicating with other apparatuses, such as the 1st management apparatus 30 or the 2nd management apparatus 40, 1st CA50, or 2nd CA60, via the said communication path and the mediation apparatus 80, etc., this communication I / F25 and CPU21 are It functions as a communication means. Note that an appropriate communication I / F 25 is prepared according to the communication path standard, the communication protocol to be used, and the like. It is also possible to provide a plurality of communication I / Fs corresponding to a plurality of standards.

  The display panel 26 includes a liquid crystal display (LCD) and a light emitting diode (LED), a graphical user interface (GUI) for inputting user operation information to the image forming apparatus 20, various messages, and images. It is an input display means for displaying the operating state and the like of the forming apparatus 20. Instead of or in addition to the display panel 26, an external display may be used as the display means.

  The engine unit 27 is a means for the image forming apparatus 20 to perform physical input / output other than communication with the outside. For example, if the image forming apparatus 20 is a digital multifunction peripheral (MFP), the engine unit 27 includes an electrophotographic print engine (image forming unit) that forms an image on a medium such as paper, and a document. And a scanner engine (image reading means) that reads the image as image data, and the CPU 21 appropriately controls these operations, whereby the image forming apparatus 20 can execute an appropriate input / output operation. . The MFP is an image forming apparatus having a plurality of functions including a printer, a scanner, a copier, and a FAX, for example. If the image forming apparatus 20 does not perform input / output other than communication, the engine unit 27 is unnecessary.

[Hardware configuration of management device]
Next, each hardware configuration of the first management device 30 and the second management device 40 in FIG. 1 will be described.
FIG. 3 is a block diagram illustrating a hardware configuration example of the first management device 30 and the second management device 40.

For example, as shown in FIG. 3A, the first management device 30 includes a CPU 31, a memory device 32, an HDD 33, an input device 34, a display device 35, and a mutually connected bus 37. The communication I / F 36 is an interface device.
Further, as shown in FIG. 3B, for example, the second management device 40 includes a CPU 41, a memory device 42, an HDD 43, an input device 44, and a display device 45 that are mutually connected by a bus 47. And a communication I / F 46 that is an interface device.

The CPU 31 of the first management device 30 implements various functions including the functions related to the present invention in the first management device 30 according to the program stored in the memory device 32.
The memory device 32 includes a memory such as a RAM. When a program activation instruction is issued, the memory device 32 reads the program from the HDD 33 and stores it in the memory so that the CPU 31 can execute it.
The HDD 33 is a storage device (storage means) that stores a program introduced into the first management device 30 and also stores necessary files, data, and the like, and realizes functions related to the present invention in the first management device 30. For example, the processing program is installed in the HDD 33. The HDD 33 also stores a certificate to be sent to the image forming apparatus 20 and map information to be described later.

The input device 34 includes input means including a keyboard and a mouse, and is used for inputting various operation instructions by the user.
The display device 35 displays various types of information including a GUI based on a program.
The communication I / F 36 is used as an interface (communication means) for connecting to a network.
Note that other nonvolatile storage means such as a flash memory may be used instead of the HDD 33.

Similarly to the first management device 30, the CPU 41 of the second management device 40 has various functions including the functions related to the present invention in the second management device 40 according to the program stored in the memory device 42. Is realized.
The memory device 42 includes a memory such as a RAM. When a program activation instruction is issued, the memory device 42 reads the program from the HDD 43 and stores it in the memory so that the CPU 41 can execute it.
The HDD 43 is a storage device that stores a program introduced into the second management device 40 and also stores necessary files, data, and the like, and a processing program that implements the function according to the present invention in the second management device 40 Is introduced into the HDD 43, for example. The HDD 43 also stores a certificate to be sent to the image forming apparatus 20 and map information described later.

The input device 44 includes input means including a keyboard and a mouse, and is used for inputting various operation instructions by the user.
The display device 45 displays various types of information including a GUI based on a program.
The communication I / F 46 is used as an interface for connecting to a network.
Note that other nonvolatile storage means such as a flash memory may be used instead of the HDD 43.

[CA hardware configuration]
Next, each hardware configuration of the first CA 50 and the second CA 60 in FIG. 1 will be described.
FIG. 4 is a block diagram showing a hardware configuration example of each of the first CA 50 and the second CA 60. As shown in FIG.
The first CA 50 also has the same hardware configuration as the first management device 30 and the second management device 40 described above.

For example, as shown in FIG. 4A, the first CA 50 includes a CPU 51, a memory device 52, an HDD 53, an input device 54, a display device 55, and an interface device, which are mutually connected by a bus 57. It is configured to have a certain communication I / F 56.
Further, as shown in FIG. 4B, for example, the second CA 60 includes a CPU 61, a memory device 62, an HDD 63, an input device 64, a display device 65, and an interface that are mutually connected by a bus 67. It is comprised so that it may have communication I / F66 which is an apparatus.

The CPU 51 of the first CA 50 realizes various functions including functions related to the present invention in the first CA 50 according to the program stored in the memory device 52.
The memory device 52 reads the program from the HDD 53 and stores the program so that the CPU 51 can execute it when there is an instruction to start the program.
The HDD 53 is a storage device that stores a program introduced into the first CA 50 and also stores necessary files, data, and the like. To be introduced.

The input device 54 includes input means including a keyboard and a mouse, and is used for inputting various operation instructions by the user.
The display device 55 displays various types of information including a GUI based on a program.
The communication I / F 56 is used as an interface for connecting to a network.
Note that other nonvolatile storage means such as a flash memory may be used in place of the HDD 53.

Similarly to the first CA 50, the CPU 61 of the second CA 60 also implements various functions including the functions related to the present invention in the second CA 60 according to the program stored in the memory device 62.
When there is an instruction to start the program, the memory device 62 reads the program from the HDD 63 and stores it so that the CPU 61 can execute it.
The HDD 63 is a storage device that stores a program introduced into the second CA 60 and also stores necessary files, data, and the like. To be introduced.

The input device 64 includes input means including a keyboard and a mouse, and is used for inputting various operation instructions by the user.
The display device 65 displays various types of information including a GUI based on a program.
The communication I / F 66 is used as an interface for connecting to a network.
Note that other nonvolatile storage means such as a flash memory may be used instead of the HDD 63.

Further, the program according to the present invention is stored in a computer-readable recording medium including an optical disk, and the image forming apparatus 20, the first management apparatus 30, the second management apparatus 40, and the second are recorded via the recording medium. If the installation is performed on the 1CA 50 and the second CA 60, the program according to the present invention can be easily introduced into the device and each device.
Further, the program according to the present invention may be installed from the terminal device on the network 7 into the device and each device.
Note that the first management device 30, the second management device 40, the first CA 50, and the second CA 60 do not necessarily have a display device and an input device (not necessarily connected). Moreover, not only the above structure but a well-known computer can be used.

[Hardware configuration of mediation device]
Next, the hardware configuration of the mediation device 80 in FIG. 1 will be described.
FIG. 5 is a block diagram illustrating a hardware configuration example of the mediation device 80.
For example, as shown in FIG. 5, the intermediary device 80 is configured to include a CPU 81, a memory device 82, an HDD 83, and a communication I / F 84 that is an interface device, which are mutually connected by a bus 85. The

The CPU 81 of the mediation device 80 implements various functions including functions related to the present invention in the mediation device 80 in accordance with a program stored in the memory device 82.
When there is an instruction to start the program, the memory device 82 reads the program from the HDD 83 and stores it so that the CPU 81 can execute it.
The HDD 83 is a storage device that stores a program installed in the first management device 30 and also stores necessary files, data, and the like. For example, it is installed in the HDD 83.
The communication I / F 84 is used as an interface for connecting to a network.

[Functional configuration of image forming apparatus]
Next, the functional configuration of the image forming apparatus 20 shown in FIG. 2 will be described.
FIG. 6 is a block diagram illustrating a functional configuration example of the image forming apparatus 20.
The image forming apparatus 20 is a function related to the present invention realized by the CPU 21 executing the program recorded in the ROM 22 or the non-volatile memory 24 in the control unit 60 constituted by the CPU 21, the ROM 22, and the RAM 23 described with reference to FIG. The functions of the certificate update request unit 201, the certificate update unit 202, the management device URL information update unit 203, the map information update request unit 204, and the security strength information update unit 205 are retained.
The nonvolatile memory 24 also includes a management device URL information storage unit 251, a model number information storage unit 252, a certificate storage unit 253, a security strength information storage unit 254, a security information map storage unit 255, and an intermediary device URL information storage unit. 256 and an intermediary device communication destination information storage unit 257.
The model number information includes identification information indicating the model of the image forming apparatus 20 and a machine number that is identification information indicating an individual, and is identification information for uniquely specifying the image forming apparatus 20.

  The certificate update request unit 201 requests the first management device 30 or the second management device 40 to update to a new certificate. For example, if the first management apparatus 30 is under monitoring based on a certificate issued by the first CA 50, the model number of the image forming apparatus 20 stored in the model number information storage unit 252 is sent to the first management apparatus 30. Send a certificate renewal request with the information. Accordingly, for example, a new certificate issued by the second CA 60 from the first management apparatus 30 and a new management apparatus that newly monitors the image forming apparatus 20 based on the new certificate. Management device URL (Uniform Resource Locator) information indicating an address to be accessed in order to communicate with 40 can be received. The URL may include a port number.

The certificate update unit 202 rewrites and updates the certificate stored in the certificate storage unit 253 with a new certificate acquired by the certificate update request. Thereby, for example, the certificate issued by the first CA 50 stored in the certificate storage unit 253 can be updated to a new certificate issued by the second CA 60.
The management device URL information update unit 203 obtains new management device URL information (new certificate) obtained from the management device URL information stored in the management device URL information storage unit 251 together with a new certificate by the certificate update request. (Including the URL of the management device corresponding to the document). Thereby, for example, the management device URL information of the first management device 30 stored in the management device URL information storage unit 251 can be updated to the management device URL information of the second management device 40.

The map information update request unit 204 requests the first management device 30 or the second management device 40 to update map information. For example, if the first management apparatus 30 is under monitoring based on a certificate issued by the first CA 50, the model number of the image forming apparatus 20 stored in the model number information storage unit 252 is sent to the first management apparatus 30. Information and security strength information stored in the security strength information storage unit 254 (including CA_URL information indicating the URL of the second CA 60 from which the new certificate is issued) and a request for updating the map information of the first management device 30 Send. As a result, the map information of the first management apparatus 30 is newly updated from the first CA 50, which is the certificate issuer corresponding to the model number information of the image forming apparatus 20, to the URL information (access destination address information) of the second CA 60. Can be rewritten.
The security strength information update unit 205 is called, for example, by an operation via the user interface of the display panel 26, and updates the security strength information in the security strength information storage unit 254. According to the update of the security strength information, the map information update request can be transmitted to the management apparatus.

  The certificate update request, the map information update request, and the transmission of the device information described above are transmitted to the mediation device 80 and the first management device 30 or the second management device 40 by SSL. At this time, the image forming apparatus 20 uses a certificate held by itself as a client certificate used in SSL. Further, access is made based on the management device URL information as selection of the management device to be accessed. When the mediation device 80 mediates communication with the management device, access is made based on the mediation device URL information and the mediation device communication destination information.

[Security Information Map for Image Forming Apparatus]
Next, details of the security information map stored and held in the security information map storage unit 255 of FIG. 6 will be described.
FIG. 7 is a diagram showing a detailed example of the security information map.

  The security information map 2550 stored and held by the security information map storage unit 255 in the image forming apparatus 20 is managed as a table in which CA_URL information 2551 and communication destination URL information 2553 are associated with each other as shown in FIG. 7, for example. . In some cases, three pieces of information are associated with communication destination information 2552 indicated by hatching in FIG. In addition, there are cases where two or three pieces of information associated with each other are used as one record, and a plurality of records are used as indicated by broken lines in FIG. In that case, when communicating with any one of a plurality of mediation devices including the mediation device 30 or a management device, the communication destination URL information is switched to use.

The communication destination information 2552 corresponds to, for example, a servlet port number that enables communication using a plurality of certificates with different issuers. When there are a plurality of communication destination information 2552, one is associated with each CA issuer. For example, when communicating using a certificate issued by the first CA 50, the communication destination associated with the certificate may be accessed from the outside.
The communication destination URL information 2553 is the URL of the mediation apparatus that communicates with the management apparatus that holds the certificate issued by the corresponding CA, or information indicating the URL of the management apparatus.

The security information map 2550 is also used when switching the certificate to be used when the image forming apparatus 20 holds a plurality of certificates.
For example, when switching from a certificate issued by the first CA 50 to a certificate issued by the second CA 60, the mediation device 80 may be accessed to the communication destination associated with the URL of the second CA 60. Further, when the image forming apparatus 20 managed by the mediating apparatus 80 is directly managed by the first management apparatus 30 or the second management apparatus 40, the communication destination URL information is obtained from the URL information of the mediation apparatus. It is used by switching to URL information.

[Functional configuration of management device]
Next, functional configurations of the first management device 30 and the second management device 40 illustrated in FIG. 3 will be described.
FIG. 8 is a block diagram illustrating a functional configuration example of the first management device 30 and the second management device 40.
For example, as shown in FIG. 8B, the first management device 30 is recorded in the memory device 32 by the control unit 300 including the CPU 31 and the memory device 32 described with reference to FIG. The functions of the certificate issuance requesting unit 301 and the map information updating unit 302 are held as functions related to the present invention realized by executing the program.

Further, the HDD 33 includes a map information storage unit 351, a certificate storage unit 352, and a certificate corresponding URL information storage unit 353.
When the certificate issuance request unit 301 receives a certificate update request from any one of the mediation devices including the mediation device 80 or each of the image forming devices including the image forming device 20, the model number received along with the certificate update request. A certificate issuance request is transmitted to a certificate authority (first CA 50 or second CA 60 in the example described here) that issues an update certificate based on the information and its own map information, and a new certificate is issued from the certificate authority. When it is received, it is transmitted to the sender of the certificate renewal request together with the URL information of the intermediary device or management device corresponding to the certificate authority that issued the new certificate stored in the certificate corresponding URL information storage unit 353.

  When the map information update unit 302 receives a map information update request from any one of the image forming apparatuses together with its model number information and security strength information (including CA URL information for issuing a certificate), the model number Based on the information and the security strength information, the map information in the map information storage unit 351 is rewritten and updated. Also, when a map information update request is received from any of the intermediary devices together with the model number information and security strength information, the map information in the map information storage unit 351 is rewritten based on the model number information and security strength information. Update.

  The certificate storage unit 352 stores and holds each certificate used for authentication to communicate with necessary CAs including the first CA 50 and the second CA 50. Each certificate (first certificate) can be stored in advance in the certificate storage unit 352 by the CPU 31 by the operation of the administrator using the input device 34 of FIG.

The certificate-corresponding URL information storage unit 353 is a URL indicating an address of an access destination intermediary device or management device to be accessed when the image forming apparatus 20 performs SSL communication using a certificate issued from each certificate authority. Remember. If the CA that issues the certificate changes due to the renewal, the same communication partner as before can no longer verify the validity of the renewed certificate, so authentication cannot be performed. The communication destination to be accessed using the certificate is notified to the certificate issuing device. In the certificate before the update, the communication partner is an intermediary device, but in the certificate after the update, the communication partner may be a management device. Also, the communication destination to be accessed by the image forming apparatus differs depending on the arrangement position of the image forming apparatus, particularly when the communication destination is an intermediary apparatus. Information on the access destination is prepared for each company, department, physical location such as address, building, and room number).
Similarly, the certificate-corresponding URL information storage unit 353 also sets the address of the management apparatus that is the access destination to be accessed when performing SSL communication using the certificate issued by each certificate authority for the mediation apparatus 80. The URL shown is stored. Such information is appropriately set by the manager of the management apparatus.

  On the other hand, the second management device 40 is also similar to the first management device 30, for example, as shown in FIG. 8B, the control unit 400 including the CPU 41 and the memory device 42 described with reference to FIG. The CPU 41 holds the functions of the certificate issuance request unit 401 and the map information update unit 402 as functions related to the present invention realized by executing the program recorded in the memory device 42.

Further, the HDD 43 includes a map information storage unit 451, a certificate storage unit 452, and a certificate corresponding URL information storage unit 453.
When the certificate issuance request unit 401 receives a certificate renewal request from any of the intermediary devices including the intermediary device 80 or each of the image forming devices including the image forming device 20, the model number received together with the certificate renewal request When a certificate issuance request is transmitted to a certificate authority (a third CA not shown in this example) that issues a new certificate based on the information and the self-map information, and a new certificate is received from the certificate authority, The certificate correspondence URL information storage unit 453 transmits the certificate along with the URL information of the mediation device or management device corresponding to the certificate authority that issued the new certificate to the certificate update request transmission source.

  When the map information update unit 402 receives a map information update request from any of the image forming apparatuses together with the model number information and the security strength information, the model information and security strength information (access destination address information). In this example, the map information in the map information storage unit 451 is rewritten and updated based on the third CA URL (not shown). Further, when a map information update request is received from any of the intermediary devices together with the model number information and security strength information, the map information in the map information storage unit 451 is rewritten based on the model number information and security strength information. Update.

The certificate storage unit 452 stores and holds each certificate used for authentication to communicate with necessary CAs including the first CA 50 and the second CA 50. Each certificate can be stored in advance in the certificate storage unit 452 by the CPU 41 by the operation of the administrator using the input device 44 of FIG.
The certificate-corresponding URL information storage unit 453 stores URL information of an intermediary device and a management device that monitor communication of the image forming apparatus and the intermediary apparatus by SSL based on a certificate issued from a certificate authority that issues a new certificate. Stored and held for each image forming apparatus to be managed. The URL information can be stored in advance in the certificate-corresponding URL information storage unit 453 by the CPU 41 by the operation of the administrator using the input device 44 of FIG.

  Note that the certificate issuance request, the map information update request, and the management apparatus URL information described above are transmitted and received by SSL. At this time, the first management device 30 and the second management device 40 use a certificate held by themselves as a server certificate used in SSL. Further, the first management device 30 and the second management device 40 always have the same map information in synchronization with each other.

[Management device map information]
Next, details of the map information stored and held by the map information storage unit 351 of FIG. 8 will be described. Since the map information stored and held by the map information storage unit 451 is the same, detailed description thereof is omitted.
FIG. 9 is a diagram showing a detailed example of map information stored and held by the map information storage unit 351 of FIG.

  The map information 3510 stored and held in the map information storage unit 451 by the first management apparatus 30 is, for example, as shown in FIG. 9 for a plurality of image forming apparatuses including the image forming apparatus 20 and a plurality of mediating apparatuses including the mediating apparatus 80. Model number information 3511 of each image forming apparatus and mediating apparatus, and CA_URL information 3512 of a plurality of certificate authorities including the first CA 50 and the second CA 60 that are issuers of certificates for the respective image forming apparatuses and mediating apparatuses. Corresponding and managed as a table.

  For example, when the first management apparatus 30 receives a certificate renewal request from the image forming apparatus 20, the first management apparatus 30 refers to the map information based on the model number information of the image forming apparatus 20 received together with the certificate update request, and forms an image from the map information. “CA_URL information” corresponding to the model number information of the device 20 is acquired, and an access destination CA (for example, the second CA 60) is selected by the “CA_URL information” (access destination address information), and the CA is accessed. Request a certificate.

[Functional structure of CA]
Next, the functional configuration of the first CA 50 and the second CA 60 shown in FIG. 4 will be described.
FIG. 10 is a block diagram illustrating a functional configuration example of the first CA 50 and the second CA 60.
As shown in FIG. 10A, the first CA 50 is configured to execute a program recorded in the memory device 52 by the CPU 51 in the control unit 500 including the CPU 51 and the memory device 52 described with reference to FIG. The function of the certificate issuing unit 501 is held as a function related to the present invention realized by the above.
When the certificate issuance unit 501 receives a certificate issuance request from the first management apparatus 30 together with the model number information of the image forming apparatus 20, the certificate issuance unit 501 issues a new certificate including the model number information. 30.

On the other hand, in the second CA 60 as well as the first CA 50, as shown in FIG. 10B, in the control unit 83 including the CPU 61 and the memory device 62 described with reference to FIG. The function of the certificate issuing unit 601 is held as a function related to the present invention realized by executing the program recorded in the above.
When the certificate issuing unit 601 receives a certificate issuance request from the first management apparatus 30 together with the model number information of the image forming apparatus 20, the certificate issuance unit 601 issues a new certificate including the model number information, and the second management apparatus. 40.
Here, since the security strength is determined for each issuing CA, the security strength information will be described as CA_URL information hereinafter.

[Functional configuration of mediation device]
Next, the functional configuration of the intermediary device 80 shown in FIG. 5 will be described.
FIG. 11 is a block diagram illustrating a functional configuration example of the mediation device 80.
For example, as shown in FIG. 11, the intermediary device 80 is realized by the CPU 81 executing the program recorded in the memory device 82 in the control unit 800 including the CPU 81 and the memory device 82 described with reference to FIG. As functions related to the invention, a certificate update request unit 801, a certificate update unit 802, a management device URL information update unit 803, a map information update request unit 804, a security strength information update unit 805, a communication error detection unit 806, and a certificate transmission The functions of the unit 807 and the security information acquisition request unit 808 are retained.

In addition, the HDD 83 includes a management device URL information storage unit 851, a model number information storage unit 852, a certificate storage unit 853, a map information storage unit 854, a security strength information storage unit 855, and a security information map storage unit 856.
The certificate update request unit 801 requests the first management device 30 or the second management device 40 to update to a new certificate. For example, when the first management apparatus 30 is under monitoring based on a certificate issued by the first CA 50, the intermediary apparatus 80 stored in the model number information storage unit 852 is uniquely identified to the first management apparatus 30. The certificate renewal request is transmitted together with the model number information of the intermediary device 80, which is identification information for this purpose. Accordingly, for example, a new certificate issued by the second CA 60 from the first management apparatus 30 and a new management apparatus that newly monitors the image forming apparatus 20 based on the new certificate. 40 management device URL information can be received.

The certificate update unit 802 rewrites and updates the certificate stored in the certificate storage unit 853 with a new certificate acquired by the certificate update request. Thereby, for example, the certificate issued by the first CA 50 stored in the certificate storage unit 853 can be updated to a new certificate issued by the second CA 60.
The management device URL information update unit 803 obtains new management device URL information (new proof) obtained from the management device URL information stored in the management device URL information storage unit 851 together with a new certificate by the certificate update request. (Including the URL of the management device corresponding to the document). Thereby, for example, the management device URL information of the first management device 30 stored in the management device URL information storage unit 851 can be updated to the management device URL information of the second management device 40.

  The map information update request unit 804 requests the first management device 30 or the second management device 40 to update map information. For example, if the first management apparatus 30 is under monitoring based on a certificate issued by the first CA 50, the model number information of the mediation apparatus 80 stored in the model number information storage unit 852 is sent to the first management apparatus 30. Together with the security strength information stored in the security strength information storage unit 855 (including the URL of the second CA 60 that is the issuer of the new certificate), a request for updating the map information of the first management device 30 is transmitted. As a result, the map information of the first management apparatus 30 may be newly rewritten from the first CA 50, which is the certificate issuer corresponding to the model number information of the intermediary apparatus 80, to CA_URL information indicating the URL of the second CA 60. it can.

The security strength information update unit 805 is called by a user operation via a user interface such as a GUI displayed on a web browser in a terminal device such as an external personal computer (not shown), for example, and the security strength information storage unit 855 Update information. According to the update of the security strength information, the map information update request can be transmitted to the management apparatus.
The communication error detection unit 806 detects a communication error when communication with the image forming apparatus 20 cannot be performed and a communication error occurs.

The certificate sending unit 807 can send the certificate received from the first management apparatus 30 or the second management apparatus 40 and CA_URL information indicating the CA that issued the certificate to the image forming apparatus 20 as certificate delivery. .
The security information acquisition request unit 808 can transmit a security information acquisition request to the image forming apparatus 20. The security information map can be updated using security information acquired from the image forming apparatus 20 as a response.

  The certificate update request, the map information update request, and the transmission of the device information described above are transmitted to the first management device 30 or the second management device 40 by SSL. At this time, the intermediary device 80 uses a certificate held by itself as a client certificate used in SSL. Further, access is made based on the management device URL information as selection of the management device to be accessed.

[Map information of mediation device]
Next, details of the map information stored and held in the map information storage unit 854 of FIG. 11 will be described.
FIG. 12 is a diagram showing a detailed example of map information stored and held in the map information storage unit 854.

  The map information 8540 stored and held by the mediation device 80 in the map information storage unit 854 is, for example, as shown in FIG. 12, for a plurality of image forming devices including the image forming device 20 and a plurality of mediation devices including the mediation device 80. The model number information 8541 of each image forming apparatus and intermediary apparatus is associated with the CA_URL information 8542 of a plurality of certificate authorities including the first CA 50 and the second CA 60 that are the certificate issuers for the respective image forming apparatuses and intermediary apparatuses. And managed as a table. In some cases, three pieces of information are associated with communication destination information 8543 indicated by hatching in FIG.

The CA_URL information 8542 is used when comparing the security strength of the image forming apparatus 20 with its own security strength.
The communication destination information 8543 indicates a servlet port number (address information of the image forming apparatus 20) used when accessing the image forming apparatus 20. This communication destination information 8543 is updated when the image forming apparatus 20 stores and holds a plurality of certificates and switches the certificates to be used.

[Intermediary device security information map]
Next, the security information map stored and held in the security information map storage unit 856 in FIG. 11 will be described.
FIG. 13 is a diagram showing a detailed example of the security information map.

  The security information map 8560 stored and held in the security information map storage unit 856 by the mediation device 80 is associated with CA_URL information 8561 and communication destination (management device) URL information 8563, for example, as shown in FIG. Has been. Note that there may be three pieces of information associated with communication destination information 8562 indicated by hatching in FIG. In addition, there are cases where two or three pieces of information associated with each other are used as one record, and a plurality of records are used as indicated by a broken line in FIG. This security information map 8560 has the same contents as the security information map 2550 stored and held in the image forming apparatus 20 described with reference to FIG. Further, when there are a plurality of image forming apparatuses managed by the intermediary apparatus 80, the security information map 8560 is required for the number of the image forming apparatuses.

[SSL authentication processing]
Next, SSL authentication processing in this image forming apparatus management system will be described.
FIG. 14 is a diagram illustrating a configuration example of an individual certificate package used when each image forming apparatus including the image forming apparatus 20 of FIG. 1 performs authentication processing by SSL with each apparatus including the mediation apparatus 80. It is. Such an individual certificate package is also used when each intermediary device including the intermediary device 80 performs an authentication process using SSL with each management device including the first management device 30 and the second management device 40. used.

For example, the individual certificate package 90 that is a certificate held by the image forming apparatus 20 includes a client public key certificate 91, a certificate authority public key certificate 92, and a client private key certificate 93.
The client public key certificate 91 and the client private key certificate 93 are a public key certificate on the image forming apparatus 20 side in mutual authentication and encrypted communication with other apparatuses such as the intermediary apparatus 80. Used as a private key certificate.

  The certificate authority public key certificate 92 confirms the signature of the certificate authority attached to the public key certificate transmitted from the communication partner, and confirms that the contents described in the public key certificate are not falsified. This is the public key certificate of the certificate authority and the confirmation data. The CA public key certificate 92 is a public key certificate of the CA that issued the client public key certificate 91, that is, signed the client public key certificate 91, and uses the CA public key certificate 92. Thus, it can also be confirmed that the client public key certificate 91 has not been tampered with.

  The connection destination information 94 is identification information of a communication destination that is prepared in correspondence with the individual certificate package 90 and to be accessed when performing encrypted communication using the individual certificate package 90. Is stored and held in the image forming apparatus 20, the URL of the mediation apparatus 80, the first management apparatus 30, or the second management apparatus 40 corresponds.

FIG. 15 is a sequence diagram for explaining authentication processing by SSL using an individual certificate package between the image forming apparatus 20 and the mediation apparatus 80 of FIG. In addition, including the following figures, “S” is an abbreviation for “step”.
This authentication process is based on the premise that the intermediary device 80 also holds an individual certificate package issued by the same certificate authority as that held by the image forming apparatus 20. That is, the intermediary device 80 holds a unique individual certificate package in advance. This individual certificate package includes a public key certificate (server public key certificate) unique to each mediation device, a private key (server secret key) unique to each mediation device, and a CA public key certificate. ing.

At the start of communication, the control unit 200 of the image forming apparatus 20 serving as a communication client first transmits various information including an SSL version number, a supported encryption set, and a random number to the mediation apparatus 80 in step 301.
On the other hand, when receiving the various information, the control unit 800 of the mediation apparatus 80 transmits various information including the SSL version number, the encryption set to be used, and the random number to the image forming apparatus 20 in step 302, and the next step 303. , The server public key certificate is transmitted to the image forming apparatus 20, and in the next step 304, after requesting the image forming apparatus 20 to present the certificate, a response from the image forming apparatus 20 is awaited.

When receiving the server public key certificate from the intermediary device 80, the control unit 200 of the image forming apparatus 20 uses the certificate authority public key certificate of its own device as the validity of the received server public key certificate in step 305. To verify.
If the validity of the server public key certificate is confirmed, the process proceeds to step 306, where the client public key certificate is transmitted to the mediation device 80.

Next, the control unit 200 of the image forming apparatus 20 proceeds to step 307, creates a premaster secret (random number) calculated from the hash value of the data exchanged so far with the mediating apparatus 80, and encrypts it with the server public key. Then, the process proceeds to step 308, and the encrypted premaster secret is transmitted to the intermediary device 80.
In step 309, the random number data calculated using the data exchanged so far with the intermediary device 80 is signed with the client secret key. In step 310, the signed random number data (signed data) is signed. After sending to 80, a session key is created in step 311 based on the two seeds and the premaster secret.

  Upon receiving the client public key certificate, premaster secret, and signed data from the image forming apparatus 20 in response to the certificate presentation request to the image forming apparatus 20, the control unit 800 of the mediation apparatus 80 receives step 312. The validity of the received client public key certificate is verified using the certificate authority public key certificate held by itself. The validity of the received signed data is verified using the client public key certificate received earlier. Further, the received premaster secret is decrypted with a server private key held by the own apparatus, and a session key is created by the decrypted premaster secret and two seeds.

After creating the session key, the control unit 200 of the image forming apparatus 20 transmits a message “A data will be transmitted with this common key in the future” and an SSL authentication end message to the intermediary device 80 in Step 313.
When the control unit 800 of the mediation device 80 creates a session key and receives these messages, in step 314, the control unit 800 sends a message that “data will be transmitted with this common key in the future” and an SSL authentication end message to the image forming apparatus. 20 is transmitted.
Thereafter, encrypted communication using the session key is started between the image forming apparatus 20 and the mediating apparatus 80, and the image forming apparatus 20 transmits device information and the like to the mediating apparatus 80.
Therefore, if an appropriate individual certificate package is not introduced for the image forming apparatus 20 and the mediating apparatus 80, the above-described authentication cannot be passed and subsequent communication cannot be performed.

In other words, the transfer of device information from the image forming apparatus 20 to the mediating apparatus 80 is conditional on the introduction of an individual certificate package.
Note that the above-described processing cannot decrypt the premaster secret transmitted from the image forming apparatus 20 because the mediation apparatus 80 does not have a secret key if it is a counterfeit server other than the certificate owner. Mutual authentication is achieved from the theory that if the image forming apparatus 20 is a forged client other than the certificate owner, the signature from the client cannot be confirmed. The same authentication process can be performed between the image forming apparatus 20 and the first management apparatus 30 or the second management apparatus 40.

[Operation sequence when updating security information of mediation device]
Next, an operation sequence of the mediation device 80 and the first management device 30 when updating the security strength information of the mediation device 80 in the image forming apparatus management system illustrated in FIG. 1 will be described.
FIG. 16 is a diagram showing an example of the operation sequence.

  The control unit 800 (FIG. 11) of the intermediary device 80 is stored and held in the HDD 83 in response to a user operation via a user interface such as a GUI displayed on a web browser in an external terminal device or a request from some external device. When the security strength information is updated (for example, the CA_URL information is updated to the URL information of the CA that is the issuer of a new certificate for increasing the security strength), for example, as shown in FIG. In S <b> 1, a map information update request is transmitted to the first management apparatus 30 together with the model number information of the own apparatus stored in the HDD 83 and the updated security strength information.

When the control unit 300 (FIG. 8) of the first management device 30 receives the map information update request from the mediation device 80, in step S2, the control unit 300 (FIG. 8) displays the model number information and security strength information of the mediation device 80 received together with the request. Based on this, the map information stored in the HDD 33 is rewritten and updated. That is, the security strength information corresponding to the model number information of the mediation device 80 in the map information is rewritten and updated with the content notified in step S1.
Note that the map information of the second management device 40 can be updated by a similar operation.
[Operation Sequence when Updating Security Information of Image Forming Apparatus]
Next, an operation sequence of the image forming apparatus 20, the mediating apparatus 80, and the first management apparatus 30 when the security strength information of the image forming apparatus 20 in the image forming apparatus management system shown in FIG. 1 is updated will be described.
FIG. 17 is a diagram showing an example of the operation sequence.

The control unit 200 (FIG. 6) of the image forming apparatus 20 updates the security strength information in the security strength information storage unit 254 in accordance with a user operation or the like via the display panel 26 (for example, the CA_URL information is increased in security strength). For example, as shown in FIG. 17, first, in step S11, the model number information of the own apparatus stored in the nonvolatile memory 24 is updated. A map information update request is transmitted to the intermediary device 80 together with the updated security strength information.
When receiving the map information update request from the image forming apparatus 20 together with the model number information and the security strength information of the image forming apparatus 20, the control unit 800 (FIG. 11) of the mediating apparatus 80 receives the map information update request in step S12. Accordingly, a map information update request is transmitted to the first management apparatus 30 together with the model number information and security strength information of the image forming apparatus 20.

When the control unit 300 (FIG. 8) of the first management apparatus 30 receives the map information update request from the mediation apparatus 80, in step S13, the model number information and security strength information of the image forming apparatus 20 received together with the request. Based on (including the URL information of CA which is access destination address information), the map information stored and held in the HDD 33 is rewritten and updated.
Note that the map information of the second management device 40 can be updated by a similar operation.

[First embodiment of certificate update operation sequence]
Next, a description will be given of a first embodiment of an operation sequence of each apparatus when updating a certificate in the image forming apparatus management system shown in FIG.
FIG. 18 is a diagram showing the first embodiment.

  Here, for convenience of explanation, the update destination of the certificate is the image forming apparatus 20 and the intermediary apparatus 80, the issuer of the certificate before increasing the security strength is the first CA 50, and a new certificate is issued for increasing the security strength. The original is the second CA60. As a precondition, it is assumed that the first management device 30 and the mediation device 80, and the mediation device 80 and the image forming device 20 can perform SSL using a certificate issued by the first CA 50. As post-conditions, it is assumed that the second management device 40 and the mediation device 80, and the mediation device 80 and the image forming device 20 can perform SSL using a certificate issued by the second CA60.

  Then, by the certificate update sequence, the certificate issued by the first CA 50 stored in the image forming apparatus 20 is updated to a new certificate issued by the second CA 60, and the management apparatus URL information is also updated by the first management apparatus 30. To the URL of the second management device 40, and after the processing, the image forming device 20 and the second management device 40 carry out SSL communication using a new certificate issued by the second CA 60.

  In the first embodiment, the certificate issued by the first CA 50 is a certificate with a short key length, the certificate issued by the second CA 60 is a certificate with a long key length, and the certificate of the image forming apparatus 20 is used. By updating from the one issued by the first CA 50 to the one issued by the second CA 60, the image forming apparatus 20 and the first management apparatus 30 perform image formation rather than performing SSL communication using the certificate issued by the first CA 50. When the device 20 and the second management device 40 perform SSL communication using a new certificate issued by the second CA 60, the security strength can be increased.

Before the operation sequence shown in FIG. 18 is executed, the first management apparatus 30 causes the model information of the image forming apparatus 20 in the map information shown in FIG. It is assumed that “testCA2.xxx.co.jp” indicating the URL of the second CA 60 is registered as CA_URL information corresponding to the information.
When a certificate update is requested by a user operation or the like from the display panel 26, the control unit 200 (FIG. 6) of the image forming apparatus 20 first requests a certificate update in step S21 as shown in FIG. At the same time, the model number information of the image forming apparatus 20 is transmitted to the mediating apparatus 80.

When receiving the certificate update request from the image forming apparatus 20 together with the model number information of the image forming apparatus 20, the control unit 800 (FIG. 11) of the mediation apparatus 80 follows the certificate update request in accordance with the certificate update request in step S 22. A certificate update request is transmitted to the first management apparatus 30 together with the model number information of the forming apparatus 20. At this time, by referring to the management device URL information in the management device URL information storage unit 851 in FIG. 8, the URL of the first management device 30 that is the certificate update request destination can be recognized.

  When receiving the certificate update request from the intermediary device 80, the control unit 300 (FIG. 8) of the first management device 30 stores and holds it in the HDD 33 in step S23 based on the model number information received together with the request. Referring to the map information shown in FIG. 9, “CA_URL information (URL of the second CA 60 in this example)” corresponding to the model number information of the image forming apparatus 20 is confirmed, and the confirmed “CA_URL information” is confirmed. Based on this, the second CA 60 is accessed, and a certificate issuance request is transmitted to the second CA 60 together with the model number information of the image forming apparatus 20.

  When receiving the certificate issuance request from the first management apparatus 30, the control unit 600 (FIG. 10) of the second CA 60 obtains a new certificate including the model number information received together with the certificate issuance request in step S24. The new certificate is issued, and the new certificate is transmitted to the first management apparatus 30 that is the certificate issuance request source. At this time, in the certificate, the private key corresponding to the public key included in the certificate is naturally set, and the certificate authority which is confirmation data for confirming the validity of the certificate issued by the second CA 60 is used. The public key certificate is also transmitted as a set in the form of an individual certificate package 90 shown in FIG.

When receiving the new certificate from the second CA 60, the control unit 300 of the first management apparatus 30 receives the new certificate and the above-confirmed “CA_URL information (in this example, the information indicating the URL of the second CA 60) in step S25. ) "Is transmitted to the intermediary device 80.
When receiving the new certificate and CA_URL information from the first management apparatus 30, the control unit 800 of the mediation apparatus 80 receives the new certificate and CA_URL received to the image forming apparatus 20 as the certificate update request source in step S <b> 26. Send information.

When receiving a new certificate and CA_URL information from the intermediary device 80, the control unit 200 of the image forming apparatus 20 uses the received new certificate (certificate issued by the second CA 60) in FIG. 6 in step S27. In the certificate storage unit 253, the received CA_URL information is overwritten in the corresponding location in the security information map storage unit 255 to update the certificate of its own device. A response indicating that it has been received is returned to the intermediary device 80.
Thereafter, although illustration is omitted, the new certificate setting is completed by automatically restarting the image forming apparatus 20. After updating the certificate of the own apparatus, message information for prompting the image forming apparatus 20 to restart is displayed on the display panel 26 in FIG. 2, and the image forming apparatus 20 is restarted by turning the power off / on by a user operation. Activation may be performed.

  When the certificate is set by restarting the image forming apparatus 20, the certificate issuing source of the image forming apparatus 20 is the second CA 60, but the certificate issuing source of the mediating apparatus 80 is the first CA 50. Therefore, the certificate issuer of the mediation apparatus 80 and the image forming apparatus 20 are different from each other, and the certificate (client public key) and the certificate authority public key certificate do not correspond to each other. The forming apparatuses 20 cannot perform SSL authentication processes using certificates.

Therefore, after the certificate is set, the control unit 200 of the image forming apparatus 20 tries to communicate with the mediating apparatus 80, or the control unit 800 of the mediating apparatus 80 tries to communicate with the image forming apparatus 20. Also, the certificate authority public key certificate (confirmation data) in the certificate of the intermediary device 80 stored in the certificate storage unit 853 in FIG. Since the validity of the certificate cannot be confirmed because it does not correspond, authentication becomes NG and a communication error occurs.
Since the control unit 200 of the image forming apparatus 20 transmits the certificate stored in the certificate storage unit 853 to the mediation device 80 for authentication, the function relating to the processing is a certificate providing unit according to the present invention. It corresponds to the function as.

The controller 800 of the intermediary device 80 does not have a problem until communication with the image forming apparatus 20 is completed after the certificate is set. Therefore, when the communication error occurs, the communication error is displayed in step S29. Detects it and uses it as a trigger to start the following process.
That is, first, in step S30, as in step S1 of FIG. 16, the model number information and security strength information of the own device stored in the HDD 83 (the URL information of the second CA 60, which is the issuer of the new certificate). And a map information update request is transmitted to the first management apparatus 30.

When the control unit 300 (FIG. 8) of the first management device 30 receives the map information update request from the mediation device 80, in step S31, the controller 300 (FIG. 8) displays the model number information and security strength information of the mediation device 80 received together with the request. Based on this, the map information stored in the HDD 33 is rewritten and updated.
After performing the process of step S30, the control unit 800 of the mediation apparatus 80 proceeds to step S32 and transmits a certificate update request to the first management apparatus 30 together with the model number information of the own apparatus.
The functions related to the processes of steps S29, S30, and S32 correspond to the function as the certificate update request unit according to the present invention.

When receiving the certificate update request, the control unit 300 of the first management apparatus 30 stores the map shown in FIG. 9 stored in the HDD 33 based on the model number information received together with the request in step S33. The information is checked, “CA_URL information (URL of the second CA 60 in this example)” corresponding to the model number information of the intermediary device 80 is confirmed, and the second CA 60 is accessed based on the confirmed “CA_URL information”. Then, a certificate issuance request is transmitted to the second CA 60 together with the model number information of the intermediary device 80.
The function related to the processing in step S33 corresponds to the function as the certificate issuance requesting means related to the present invention.

  When receiving the certificate issuance request from the first management apparatus 30, the control unit 600 of the second CA 60 issues a new certificate including the model number information received together with the certificate issuance request in step S34. A new certificate is transmitted to the first management apparatus 30 that is the certificate issuance request source. At this time, in the certificate, the private key corresponding to the public key included in the certificate is naturally set, and the certificate authority which is confirmation data for confirming the validity of the certificate issued by the second CA 60 is used. The public key certificate is also transmitted as a set in the form of an individual certificate package 90 shown in FIG. This is the same as in the case where the certificate of the image forming apparatus 20 is issued in step S24.

The control unit 300 of the first management apparatus 30 receives (acquires) a new certificate from the second CA 60, and stores the new certificate and the certificate corresponding URL information storage unit 353 in step S35. Then, using the certificate issued by the second CA 60, the management device URL information indicating the URL of the second management device 40 indicating the address to be accessed by the mediation device 80 is transmitted to the mediation device 80.
The function relating to the processing of step S35 corresponds to the function as the certificate acquisition means, the confirmation data acquisition means, and the certificate transmission means according to the present invention.
When receiving a new certificate and CA_URL information from the first management apparatus 30, the control unit 800 of the mediation apparatus 80 receives the received new certificate (certificate issued by the second CA 60) in FIG. In the certificate storage unit 853, the received management device URL information corresponds to the management device URL information storage unit 851, and the CA_URL information included in the security strength information of the own device corresponds to the security information map storage unit 855. Update the certificate of the local device by overwriting each location.
The function related to the process of step S36 corresponds to the function as the certificate setting means according to the present invention.
As described above, the second management device 40 and the mediation device 80 can perform SSL using the certificate issued by the second CA 60, respectively, and the mediation device 80 and the image forming device 20.

  According to the first embodiment, the mediation device 80 stores a storage unit (first storage unit) that stores identification information (model number information) for uniquely identifying the mediation device 80, and a communication partner. A storage unit (second storage unit) that stores a certificate of the intermediary device 80 for receiving authentication by the device and confirmation data for checking the validity of the certificate transmitted from the communication partner device ) And the confirmation data (the certificate authority public key certificate) stored in the second storage unit does not correspond to the second CA 60 that is the issuer of the certificate transmitted from the image forming apparatus 20 When the validity of the certificate cannot be confirmed, the identification information stored in the first storage unit and the certificate transmitted from the image forming apparatus 20 are issued to the first management apparatus 30. The original second CA 60 information and the first The management apparatus 30 is requested to obtain a certificate for updating the intermediary apparatus 80 (new certificate), and transmitted to the first management apparatus 30 transmitted from the first management apparatus 30 in response to the request. In order to confirm the validity of the certificate (server public key certificate, server private key certificate) of the intermediary device 80 issued by the second CA 60, which is the issuer indicated by the information, and the certificate issued by the issuer Is stored in the second storage unit as a new certificate and confirmation data used for authentication, so that the intermediary device 80 and the image forming device 20 use the certificate issued by the second CA 60. Since authentication can be performed, the second management apparatus 40 and the image forming apparatus 20 each holding a certificate issued by the second CA 60 can communicate with each other via the mediation apparatus 80.

If a plurality of image forming apparatuses including the image forming apparatus 20 are installed as image forming apparatuses managed by the mediating apparatus 80, the mediating apparatus 80 updates its own certificate to the first managing apparatus 30. Before requesting, the image forming apparatus that needs to be updated is determined from the security information map associated with the model number information of each image forming apparatus, and the certificate update request corresponding to the image forming apparatus that needs to be updated Is performed on the first management apparatus 30 so that the self-certificate can be renewed after the necessary renewal of the certificate of the image forming apparatus is performed. The same applies to each of the second and subsequent embodiments.
Further, the mediation device other than the mediation device 80 performs the same processing as the mediation device 80, the management device other than the second management device 40 performs the same processing as the second management device 40, and the image forming devices other than the image forming device 20 also. The same processing as that of the image forming apparatus 20 can be performed. The same applies to the second and subsequent embodiments.

[Second embodiment of certificate update operation sequence]
Next, a description will be given of a second embodiment of an operation sequence of each apparatus when updating a certificate in the image forming apparatus management system shown in FIG. The second embodiment corresponds to the case where a plurality of mediation devices are used.
FIG. 19 is a diagram showing the second embodiment.

  Here, for convenience of explanation, in addition to the mediation device 80 (referred to as “first mediation device 80a” in the second embodiment) as a mediation device that directly manages the image forming apparatus 20, a second mediation device 80b is installed. It shall be. It is assumed that the first mediating apparatus 80a holds a certificate whose issuer is the first CA50, and the second mediating apparatus 80b holds a certificate whose issuer is the second CA60. Also, the certificate update destination is the image forming apparatus 20, the certificate issuer before increasing the security strength is the first CA50, and the new certificate issuer for increasing the security strength is the second CA60. As a precondition, it is assumed that the first management device 30 and the first mediation device 80, and the mediation device 80 and the image forming device 20 can perform SSL using a certificate issued by the first CA50. As post-conditions, it is assumed that the second management device 40 and the second mediation device 80b, and the second mediation device 80b and the image forming device 20 can perform SSL using a certificate issued by the second CA60.

  The second embodiment is an example in which a first mediation device 80a and a second mediation device 80b, which are mediation devices storing certificates with different issuers, are prepared, and the certificate of the image forming apparatus 20 is updated (first When the certificate is updated from 1CA50 to the certificate of the second CA60), the second mediating apparatus 80b having the same certificate as the updated certificate is switched so as to manage the image forming apparatus 20. That is, when the first mediating apparatus 80a updates the certificate of the image forming apparatus 20, the communication destination information (URL information) indicating the address of the second mediating apparatus 80b is transmitted together with the certificate issued by the second CA 60. As a result, the access destination of the image forming apparatus 20 is switched to the second mediating apparatus 80b. Specifically, it is as shown below.

  In this example as well, before the operation sequence shown in FIG. 19 is executed, the first management device 30 uses the image information shown in FIG. Assume that “testCA2.xxx.co.jp” indicating the URL of the second CA 60 is registered as CA_URL information corresponding to the 20 model number information.

When a certificate update is requested by a user operation or the like from the display panel 26, the control unit 200 (FIG. 6) of the image forming apparatus 20 first requests a certificate update in step S41 as shown in FIG. At the same time, the model number information of the image forming apparatus 20 is transmitted to the first mediating apparatus 80a.
The function related to the process of step S41 corresponds to the function as the first mediation request means according to the present invention.
When receiving the certificate update request from the image forming apparatus 20 together with the model number information of the image forming apparatus 20, the control unit 800 (FIG. 11) of the first mediating apparatus 80a follows the certificate update request in step S42. A certificate update request is transmitted to the first management apparatus 30 together with the model number information of the image forming apparatus 20.

  When receiving the certificate update request from the intermediary device 80, the control unit 300 (FIG. 8) of the first management device 30 stores and holds it in the HDD 33 based on the model number information received together with the request in step S43. Referring to the map information shown in FIG. 9, “CA_URL information (URL of the second CA 60 in this example)” corresponding to the model number information of the image forming apparatus 20 is confirmed, and the confirmed “CA_URL information” is confirmed. Based on this, the second CA 60 is accessed, and a certificate issuance request is transmitted to the second CA 60 together with the model number information of the image forming apparatus 20.

When receiving the certificate issuance request from the first management apparatus 30, the control unit 600 (FIG. 10) of the second CA 60 obtains a new certificate including the model number information received together with the certificate issuance request in step S44. The new certificate is issued, and the new certificate is transmitted to the first management apparatus 30 that is the certificate issuance request source.
When receiving the new certificate from the second CA 60, the control unit 300 of the first management apparatus 30 stores the new certificate and the second CA 60 stored in the certificate corresponding URL information storage unit 353 in step S45. The mediation device URL indicating the address to be accessed by the image forming apparatus 20 of the model number information transmitted in step S42 using the certificate issued by the client (in this example, the first holding the certificate issued by the second CA 60). 2) (information indicating the URL of the intermediate device 80b) is transmitted to the first intermediate device 80a.

When the control unit 800 of the first mediation device 80a receives the new certificate and mediation device URL information from the first management device 30, in step S46, the control unit 800 receives the new certificate received from the image forming device 20 that is the certificate update request source. The certificate and the intermediary device URL information are transmitted to the image forming apparatus 20.
When the control unit 200 of the image forming apparatus 20 receives a new certificate and mediation apparatus URL information from the first mediation apparatus 80a, in step S47, the received new certificate (certificate issued by the second CA 60) is received. In the certificate storage unit 253 of FIG. 6, the received mediation device URL information is overwritten in corresponding portions in the mediation device URL information storage unit 256 and the security information map storage unit 255, respectively, and the certificate of the own device is updated. In step S48, a response indicating that a new certificate has been received is returned to the first mediating apparatus 80a.

Upon receiving the response, the control unit 800 of the first mediation device 80a can confirm that the image forming device 20 has received a new certificate and mediation device URL information, and in step S49, the map information storage unit of its own device. The map information record including the model number information of the image forming apparatus 20 is deleted from the map information table stored in 854, and the map information record is updated. Since the image forming apparatus 20 can no longer communicate with the first mediating apparatus 80a, the image forming apparatus 20 is excluded from the mediation by the first mediating apparatus 80a by this process.
The control unit 200 of the image forming apparatus 20 restarts the image forming apparatus 20 in the same manner as in the first embodiment, although illustration is omitted after performing the process of step S48.
Then, after the setting of the certificate is completed, the process proceeds to step S50, and the second mediating apparatus 80b is accessed according to the mediating apparatus URL set in step S47. Since the second mediating apparatus 80b stores the certificate issued by the second CA 60, the authentication with the image forming apparatus 20 should be successful. When the authentication is successful, the management start request is transmitted together with the model number information of the own apparatus.

  The control unit of the second mediating apparatus 80b issues a certificate in which the CA public key certificate in its own certificate stored in the certificate storage unit 853 in FIG. 11 is transmitted from the image forming apparatus 20. When the validity of the certificate can be confirmed to correspond to the original and a management start request is received from the image forming apparatus 20, a map information table stored in the map information storage unit 854 of the own apparatus is received in step S51. In addition, a record of map information in which the model number information of the image forming apparatus 20 received together with the management start request is associated with the CA_URL information of the second CA 60 that is the issuing source of the certificate stored in the apparatus is added. To update the map information record. This indicates that the image forming apparatus 20 is newly targeted for mediation by the second mediation device 80b.

Thereafter, in step S52, a management start request is transmitted to the second management device 40 having the URL indicated by the management device URL information stored in the management device URL information storage unit of the own device.
As described above, the second management device 40 and the second mediation device 80b can perform SSL using the certificate issued by the second CA 60, and the second mediation device 80b and the image forming device 20, respectively.

  According to the second embodiment, the first mediating apparatus 80a includes a storage unit that stores identification information (model number information) of the image forming apparatus 20 that is a communication partner, and an image in which the identification information is registered. In response to a request from the forming apparatus 20, a first mediation process is performed to transmit the identification information transmitted from the image forming apparatus 20 and the information of the second CA 60 that is the certificate issuer to the first management apparatus 30. The identification information transmitted from the image forming apparatus 20 is transmitted to the first management apparatus 30 in response to a request from the image forming apparatus 20 in which identification information is registered in the first mediating apparatus 80a. A first mediation process is performed in which a second mediation process for requesting the management apparatus 30 to obtain a certificate for updating the image forming apparatus 20 is performed, and transmitted from the first management apparatus 30 in response to the request. By the first tube The certificate of the image forming apparatus 20 issued by the second CA 60 that is the issue source indicated by the information transmitted to the apparatus 30 and the second mediation apparatus that is the access destination that the image forming apparatus 20 should access using the certificate The address information 80b and the confirmation data for confirming the validity of the certificate issued by the issuer are transmitted to the image forming apparatus 20 that is the transmission source of the request received by the second mediation process. 3 is performed, and when it is confirmed that the certificate, address information, and confirmation data transmitted by the processing are received by the image forming apparatus 20, the identification information of the image forming apparatus 20 is deleted from the storage unit. As a result, the first mediating apparatus 80a holding the certificate issued by the first CA 50 and the image forming apparatus 20 holding the certificate issued by the second CA 60 use the certificate. Although not performed authentication, it is possible the second intermediary device 80b and the image forming apparatus 20 for holding a certificate No. 2CA60 issued respectively performs authentication using certificates.

  Further, when the second mediating apparatus 80b receives an access from the image forming apparatus 20 whose identification information is not registered in the second mediating apparatus 80b and authenticates the image forming apparatus 20 with the certificate of the image forming apparatus 20 In addition, by receiving the identification information from the image forming apparatus 20 and storing and holding it, the second management apparatus 40 and the image forming apparatus 20 can communicate with each other via the second mediating apparatus 80b.

[Third Example of Certificate Update Operation Sequence]
Next, a description will be given of a third embodiment of an operation sequence of each apparatus when updating a certificate in the image forming apparatus management system shown in FIG. The third embodiment corresponds to the case where the mediation apparatus holds a plurality of certificates.
FIG. 20 is a diagram showing the third embodiment.

  Here, for convenience of explanation, the update destination of the certificate is the image forming apparatus 20 and the intermediary apparatus 80, the issuer of the certificate before increasing the security strength is the first CA 50, and a new certificate is issued for increasing the security strength. The original is the second CA60. In addition, it is assumed that the first management device 30 and the mediation device 80 store and hold the certificates of the first CA 50 and the second CA 60, which are a plurality of certificates having different issuers. Therefore, in the security information map stored and held by the mediation device 80 by the security information map storage unit 856, the CA_URL information 8561 and the communication destination URL information 8563 for two records corresponding to the first CA 50 and the second CA 60 shown in FIG. It becomes an attached table. However, the record corresponding to the first CA 50 is set to be usable.

In the third embodiment, when the mediation device 80 has a plurality of certificates from different issuers, when the certificate of the image forming device 20 is updated, communication to the mediation device 80 of the image forming device 20 is performed. By updating the previous information, communication between the mediation device 80 and the image forming device 20 can be enabled. For example, the intermediary device 80 holds two certificates whose issue sources are the first CA 50 and the second CA 60, respectively. The certificate of the image forming apparatus 20 managed by the own device is issued from the first CA 50 of the issue source. When updating to the certificate of the second CA 60, the issuer transmits the communication destination information of the intermediary device 80 (servlet port number enabling communication with the certificate issued by the second CA 60) together with the certificate of the second CA 60. As a result, the image forming apparatus 20 can communicate with the mediation apparatus 80 using the certificate issued by the second CA 60. Specifically, it is as shown below.
Also in this example, before the operation sequence shown in FIG. 20 is executed, the management device 30 uses the map information shown in FIG. Assume that “testCA2.xxx.co.jp” indicating the URL of the second CA 60 is registered as CA_URL information corresponding to the model number information.

When a certificate update is requested by a user operation or the like from the display panel 26 in step S61, the control unit 200 (FIG. 6) of the image forming apparatus 20 first, in step S61, for example, as shown in FIG. The model number information of the image forming apparatus 20 is transmitted to the mediation apparatus 80 together with the certificate update request.
Thereafter, the control unit 200 of the image forming apparatus 20, the control unit 300 of the first management apparatus 30, and the control unit 600 of the second CA 60 perform the same processing as steps S22 to S25 of FIG. 18 in steps S62 to S65.

  When receiving the new certificate and the CA_URL information indicating the second CA 60 from the first management apparatus 30, the control unit 800 of the mediation apparatus 80 refers to the security information map table shown in FIG. The intermediary device communication destination information (servlet port number) that enables communication is extracted with the certificate issued by the second CA 60 corresponding to the CA_URL information. In step S 66, the mediation device communication destination information extracted together with the update certificate received in step S 65 is transmitted to the image forming apparatus 20.

  When the control unit 200 of the image forming apparatus 20 receives a new certificate and intermediary apparatus communication destination information from the intermediary apparatus 80, in step S67, the control unit 200 displays the received new certificate (certificate issued by the second CA 60). 6, the received mediation device communication destination information is overwritten in the corresponding locations in the management device communication destination information storage unit 257 and the security information map storage unit 255, respectively, in the certificate storage unit 253. After the update, in step S68, a response indicating that a new certificate has been received is returned to the mediation device 80.

  Upon receiving the response, the control unit 800 of the first mediating apparatus 80 can confirm that the image forming apparatus 20 has received a new certificate and communication destination information. In step S69, the map information storage unit 854 of its own apparatus. In the map information table stored in the table, the CA_URL information and the communication destination information of the record including the model number information of the image forming apparatus 20 are changed to the CA_URL information received earlier and the communication destination information extracted earlier, respectively. Then, the map information table is updated. This indicates that communication with the image forming apparatus 20 is performed using a certificate issued by the second CA 60 thereafter.

The control unit 200 of the image forming apparatus 20 performs the process of step S68, but the illustration is omitted, but the certificate setting is completed by restarting the image forming apparatus 20 as in the first embodiment. Thereafter, the process proceeds to step S70, and the communication destination (servlet port) of the mediation apparatus 80 holding the certificate issued by the second CA 60 is accessed.
The control unit 800 of the intermediary device 80 uses the certificate issued by the second CA 60 corresponding to the accessed communication destination (servlet port) for authentication with the image forming apparatus 20 and is not shown in the figure. By transmitting a management start request to the second management apparatus 40, the certificate issued by the second CA 60 can also be used for authentication with the second management apparatus 40.

As described above, SSL using the certificate issued by the second CA 60 can be performed between the first management device 30 and the mediation device 80 and between the mediation device 80 and the image forming device 20, respectively.
In the third embodiment, the first management apparatus 30 stores and holds the certificates of the first CA 50 and the second CA 60, which are a plurality of certificates with different issuers. However, the first and second embodiments As described above, the first management apparatus 30 may hold the first CA 50 and the second management apparatus 40 may hold the second CA 60 certificate.

  According to the third embodiment, the intermediary device 80 is associated with a plurality of different addresses (communication destination information) of the intermediary device 80, and each of the addresses receives an access to that address and serves as a communication partner. A storage unit (first storage unit) that stores identification information (model number information) and a plurality of different addresses of the intermediary device 80 are associated with each other, and when the address is accessed, authentication of the communication partner device And a storage unit (second storage unit) that stores confirmation data for confirming the validity of a certificate issued by the issuer for each different issuer. In response to a request from the image forming apparatus 20 in which the identification information is registered in the storage unit, the identification information and certificate issuer of the image forming apparatus 20 transmitted from the image forming apparatus 20 are issued. In response to a request from the image forming apparatus 20 in which identification information is registered in the first storage unit, a first mediation process for transmitting the information of 2CA60 to the first management apparatus 30 is performed. The transmitted identification information is transmitted to the first management apparatus 30 and a second mediation process is performed to request the first management apparatus 30 to obtain a certificate for updating the image forming apparatus 20. In response, the certificate of the image forming apparatus 20 issued by the second CA 60 that is the issue source indicated by the information transmitted to the first management apparatus 30 by the first mediation process, which is transmitted from the first management apparatus 30, and the certificate Transmission of the request received by the second mediation process together with the confirmation data for confirming the validity of the certificate issued by the issuer together with address information indicating the address of the mediation device 80 corresponding to the issuer When the third mediation process transmitted to the image forming apparatus 20 is performed and it is confirmed that the image forming apparatus 20 has received the certificate, the address information, and the confirmation data transmitted by the third mediation process, By changing the registration of the identification information of the image forming apparatus 20 in one storage unit to the registration associated with the address corresponding to the second CA 60 that is the issuing source of the transmitted certificate, Since the apparatus 20 can perform authentication using the certificate issued by the second CA 60, the first management apparatus 30 and the image forming apparatus 20 can communicate again via the mediation apparatus 80.

[Fourth Example of Certificate Update Operation Sequence]
Next, a description will be given of a fourth embodiment of an operation sequence of each apparatus when updating a certificate in the image forming apparatus management system shown in FIG. The fourth embodiment corresponds to the case where the image forming apparatus is managed by the management apparatus.
FIG. 21 is a diagram showing the fourth embodiment.

  Here, for convenience of explanation, the update destination of the certificate is the image forming apparatus 20 and the intermediary apparatus 80, the issuer of the certificate before increasing the security strength is the first CA 50, and a new certificate is issued for increasing the security strength. The original is the second CA60. As a precondition, it is assumed that the first management device 30 and the mediation device 80, and the mediation device 80 and the image forming device 20 can perform SSL using a certificate issued by the first CA 50. As a post-condition, it is assumed that the second management apparatus 40 and the image forming apparatus 20 can perform SSL using a certificate issued by the second CA 60.

If the certificate of the mediation apparatus 80 cannot be updated for some reason, communication using the certificate cannot be performed even if the certificate of the image forming apparatus 20 is updated. This is because the intermediary device 80 cannot hold the same issuer certificate as the image forming device 20.
Therefore, in the fourth embodiment, when the certificate is updated, the management apparatus 80 can manage the image forming apparatus 20 by sending the management apparatus URL information to the image forming apparatus 20. Specifically, it is as shown below.
Also in this example, before the operation sequence shown in FIG. 21 is executed, the first management apparatus 30 uses the image information shown in FIG. Assume that “testCA2.xxx.co.jp” indicating the URL of the second CA 60 is registered as CA_URL information corresponding to the 20 model number information.

When a certificate update is requested by a user operation or the like from the display panel 26, the control unit 200 (FIG. 6) of the image forming apparatus 20 first requests a certificate update in step S71 as shown in FIG. At the same time, the model number information of the image forming apparatus 20 is transmitted to the mediating apparatus 80.
Thereafter, the control unit 200 of the image forming apparatus 20, the control unit 300 of the first management apparatus 30, and the control unit 600 of the second CA 60 perform the same processing as steps S22 to S24 in FIG. 18 in steps S72 to S74.

When receiving the new certificate from the second CA 60, the control unit 300 of the first management apparatus 30 stores the new certificate and the second CA 60 stored in the certificate corresponding URL information storage unit 353 in step S75. The management apparatus URL indicating the address to be accessed by the image forming apparatus 20 of the model number information transmitted in step S72 using the certificate issued by the client (in this example, the first certificate holding the certificate issued by the second CA 60). 2) (information indicating the URL of the management device 40) is transmitted to the first mediating device 80a.
Upon receiving the new certificate and management device URL information from the first management device 30, the control unit 800 of the mediation device 80 receives the new certificate received by the certificate update request source image forming device 20 in step S <b> 76. The management apparatus URL information is transmitted to the image forming apparatus 20.

When the control unit 200 of the image forming apparatus 20 receives the new certificate and the management apparatus URL information from the intermediary apparatus 80, in step S77, the control unit 200 displays the received new certificate (the certificate issued by the second CA 60) in FIG. In the certificate storage unit 253, the received management device URL information is overwritten in the corresponding locations in the management device URL information storage unit 251 and the security information map storage unit 255, respectively, and the certificate of the own device is updated. After that, in step S78, a response indicating that a new certificate has been received is returned to the mediation device 80.
Upon receiving the response, the control unit 800 of the mediation device 80 can confirm that the image forming apparatus 20 has received a new certificate and management device URL information. In step S79, the control unit 800 stores in the map information storage unit 854 of the own device. The record including the model number information of the image forming apparatus 20 is deleted (erased) from the stored map information table, and the map information table is updated. Since the image forming apparatus 20 can no longer communicate with the first mediating apparatus 80a, the image forming apparatus 20 is excluded from the mediation by the first mediating apparatus 80a by this process.

  The control unit 200 of the image forming apparatus 20 performs the process of step S78, but the illustration is omitted, but the certificate setting is completed by restarting the image forming apparatus 20 as in the first embodiment. Thereafter, the process proceeds to step S80, and the second management apparatus 40 is accessed according to the management apparatus URL set in step S77. Since the second management apparatus 40 stores the certificate issued by the second CA 60, the authentication with the image forming apparatus 20 should be successful. When the authentication is successful, the management start request is transmitted together with the model number information of the own apparatus.

The control unit 400 of the second management apparatus 40 uses the certificate authority public key certificate stored in the certificate storage unit 352 of FIG. When the validity of the certificate can be confirmed to correspond to the issuer and a management start request from the image forming apparatus 20 is received, the map information table stored in the map information storage unit 451 of the own apparatus stores A map information record in which the model number information of the image forming apparatus 20 received together with the management start request is associated with the CA_URL information of the second CA 60 that is the issuing source of the certificate held in the own apparatus is added to the map Update information records. This indicates that the image forming apparatus 20 is newly managed by the second management apparatus 40.
As described above, the second management apparatus 40 and the image forming apparatus 20 can perform SSL using the certificate issued by the second CA 60.

  According to the fourth embodiment, the mediating apparatus 80 includes a storage unit that stores identification information (model number information) of the image forming apparatus 20 that is a communication partner, and the identification information is registered in the storage unit. In response to a request from the image forming apparatus 20, first mediation processing for transmitting the identification information transmitted from the image forming apparatus 20 and the information of the second CA 60 that is the certificate issuer to the first management apparatus 30. In response to a request from the image forming apparatus 20 in which the identification information is registered in the storage unit, the identification information transmitted from the image forming apparatus 20 is transmitted to the first management apparatus 30 and the first management apparatus 30 performs a second mediation process for requesting acquisition of a certificate for updating the image forming apparatus 20, and the first mediation process transmitted from the first management apparatus 30 in response to the request performs the first mediation process. Sent to management device 30 The certificate of the image forming apparatus 20 issued by the second CA 60 that is the issue source indicated by the information and the address information of the second management apparatus 40 that is the access destination that the image forming apparatus 20 should access using the certificate And the third mediation process for transmitting the confirmation data for confirming the validity of the certificate issued by the issuer to the image forming apparatus 20 that is the transmission source of the request received by the second mediation process And confirming that the image forming apparatus 20 has received the certificate, the address information, and the confirmation data transmitted by the processing, the identification information of the image forming apparatus 20 is deleted from the storage unit. The intermediary device 80 that holds the certificate issued by the 1CA 50 and the image forming device 20 that holds the certificate issued by the second CA 60 cannot perform authentication using the certificate. It is possible to the second control apparatus 40 and the image forming apparatus 20 for holding a certificate No. 2CA60 issued respectively performs authentication using certificates.

[Fifth embodiment of certificate update operation sequence]
Next, a description will be given of a fifth embodiment of an operation sequence of each apparatus when updating a certificate in the image forming apparatus management system shown in FIG. The fifth embodiment corresponds to the case where the certificate of the mediation device is first updated (the mediation device serves as a trigger).
FIG. 22 is a diagram showing the fifth embodiment.

  Here, for convenience of explanation, the update destination of the certificate is the image forming apparatus 20 and the intermediary apparatus 80, the issuer of the certificate before increasing the security strength is the first CA 50, and a new certificate is issued for increasing the security strength. The original is the second CA60. The map information stored and held in the map information storage unit 854 by the mediation device 80 is the model number information 8541 of the image forming apparatus 20 shown in FIG. 12 and the issuer of the certificate for the image forming apparatus 20. This is a table in which CA_URL information 8542 of the first CA 50 and the second CA 60 is associated with communication destination information (address information of the image forming apparatus 20) 8543. As a precondition, it is assumed that the first management device 30 and the mediation device 80, and the mediation device 80 and the image forming device 20 can perform SSL using a certificate issued by the first CA 50. As post-conditions, it is assumed that the second management device 40 and the mediation device 80, and the mediation device 80 and the image forming device 20 can perform SSL using a certificate issued by the second CA60.

  The control unit 800 of the intermediary device 80 receives a certificate from the first management device 30 by a user interface such as a GUI displayed on a web browser in an external terminal device such as a personal computer (not shown) by a user operation or an operation of an administrator. When the renewal request is received (it may be detected that the certificate has just expired), the certificate is renewed. In practice, for example, as shown in FIG. If the certificate is received, the process proceeds to step S92 before updating its own certificate, and the model number information and security strength information of the own apparatus stored in the HDD 83 (CA_URL information indicating the URL of the second CA 60 in this example). At the same time, a map information update request is transmitted to the first management apparatus 30.

When the controller 300 of the first management device 30 receives the map information update request from the mediation device 80, in step S93, based on the model number information and security strength information of the mediation device 80 received together with the request, the HDD 33 The map information stored and held in is rewritten and updated.
After performing the process of step S92, the control unit 800 of the mediation apparatus 80 requests the image forming apparatus 20 managed by the self apparatus to acquire security information in step S94.

When the control unit 200 of the image forming apparatus 20 receives the request, in step S95, the security information map (CA_URL information as security strength information) stored in the security information map storage unit 255 of FIG. Are transmitted to the requesting intermediary device 80.
When receiving the security information map from the image forming apparatus 20, the control unit 800 of the mediating apparatus 80 extracts the security strength information (CA_URL information) in the security information map in step S96, and the security strength information of the own device. The extracted security strength information of the image forming apparatus 20 is compared, and if the two security strength information matches, the image forming apparatus 20 corresponds to the security strength scheduled to be updated by the own apparatus, and so on. Do not perform the process.

If the two security strength information does not match, the image forming apparatus 20 does not correspond to the security strength to be updated by the own apparatus. A map information update request is transmitted to the first management device 30 together with the security strength information of the own device .

When receiving the map information update request from the mediation device 80, the control unit 300 of the first management device 30, based on the model number information and security strength information of the image forming apparatus 20 received together with the request in step S98. The map information stored and held in the HDD 33 is rewritten and updated.
The control unit 800 of the mediation device 80 proceeds to step S99 after performing the process of step S97.
Then, the control units of the intermediary device 80, the first management device 30, the second CA 60, and the image forming device 20 perform the same processing as steps S22 to S29 in FIG. 18 in steps S99 to S106 to prove the image forming device 20. After the certificate is updated, each control unit of the mediation device 80, the first management device 30, and the second CA 60 performs the same processing as steps S32 to S36 in FIG. To update.

  In the fifth embodiment, the image forming apparatus managed by the mediating apparatus 80 is only the image forming apparatus 20. However, when managing a plurality of image forming apparatuses including the image forming apparatus 20, the mediating apparatus is used. In step S94, the control unit 800 requests security information acquisition from all the image forming apparatuses to be managed, and the control unit of each image forming apparatus performs corresponding processing in step S95. In step S103, the control unit 800 of the mediating apparatus 80 transmits a new certificate or the like from the first management apparatus 30 to all the image forming apparatuses to be managed to the image forming apparatus 20, and each of the image forming apparatuses. Each control unit performs corresponding processing in step S104.

  According to the fifth embodiment, the mediation device 80 stores a storage unit (first storage unit) that stores identification information for uniquely identifying the mediation device 80, the image forming apparatus 20 that is a communication partner, and the like. A storage unit (second storage unit) for storing identification information (model number information) of the image forming apparatus and address information (communication destination information) of the image forming apparatus, and for receiving authentication by the communication partner apparatus A storage unit (third storage unit) for storing the certificate of the mediating device 80 and confirmation data for confirming the validity of the certificate transmitted from the communication partner device; When receiving an update request (instruction to update a certificate stored in the third storage unit to a certificate issued by the second CA 60, which is a different new issuer), the first management device 30, the identification stored in the first storage unit Information and the information of the new issuer are sent, and the first management device 30 is requested to obtain a certificate for updating the mediation device 80, and sent from the first management device 30 in response to the request. In order to confirm the validity of the certificate of the intermediary device 80 issued by the second CA 60, which is the issuer indicated by the information transmitted to the first management device 30, and the certificate issued by the issuer Is stored in the third storage unit as a new certificate and confirmation data to be used for authentication, but at least before requesting the first management apparatus 30 to obtain an update certificate, The information of the issuer of the certificate of the image forming apparatus stored in the image forming apparatus is acquired from each image forming apparatus in which the identification information is registered in the storage unit 2, and the image forming apparatus The publisher is new For each update-needed image forming apparatus different from the row source, the identification information of the update-needed image forming apparatus and the new issuer information are transmitted to the first management apparatus 30 and the update-necessary image is sent to the first management apparatus 30 A request is made to obtain a certificate for updating the forming apparatus, and the certificate of the image forming apparatus requiring update issued by the new issuer that is transmitted from the first management apparatus 30 in response to the request; Even when an attempt is made to update the certificate of the intermediary device 80 first by transmitting confirmation data for confirming the validity of the certificate issued by the new issuer to the image forming apparatus requiring update. Thus, it is possible to avoid a situation in which the mediation apparatus 80 and each image forming apparatus cannot perform authentication using a new certificate.

[Sixth Embodiment of Certificate Renewal Operation Sequence]
Next, a description will be given of a sixth embodiment of the operation sequence of each apparatus when updating a certificate in the image forming apparatus management system shown in FIG. The sixth embodiment corresponds to the case where the image forming apparatus holds a plurality of certificates.
FIG. 23 is a diagram showing the sixth embodiment.

  Here, for convenience of explanation, the certificate update destination is the intermediary device 80, the certificate issuer before increasing the security strength is the first CA50, and the new certificate issuer for increasing the security strength is the second CA60. To do. The map information stored and held in the map information storage unit 854 by the mediation device 80 is the model number information 8541 of the image forming apparatus 20 shown in FIG. 12 and the issuer of the certificate for the image forming apparatus 20. This is a table in which CA_URL information 8542 of the first CA 50 and the second CA 60 is associated with communication destination information (address information of the image forming apparatus 20) 8543. Furthermore, it is assumed that the security information map stored and held in the security information map storage unit 856 by the mediation device 80 is composed of a plurality of two records each including the CA_URL information of the first CA 50 and the second CA 60. As a precondition, it is assumed that the first management device 30 and the mediation device 80, and the mediation device 80 and the image forming device 20 can perform SSL using a certificate issued by the first CA 50. As a post-condition, it is assumed that the second management apparatus 40 and the image forming apparatus 20 can perform SSL using a certificate issued by the second CA 60.

The control unit 800 of the intermediary device 80 starts the operation sequence shown in FIG. 23, for example, at the same timing as in the fifth embodiment, and first receives a certificate renewal request in step S111, before renewing its own certificate. In step S112, the image forming apparatus 20 managed by the self apparatus requests acquisition of security information.
When the control unit 200 of the image forming apparatus 20 receives the request, in step S112, the security information map (CA_URL information as security strength information) stored in the security information map storage unit 255 of FIG. Are transmitted to the requesting intermediary device 80.

  The control unit 800 of the mediation apparatus 80 acquires (receives) the security information map transmitted from the image forming apparatus 20 in step S113, and the security information map includes CA_URL information as security strength information. Here, since two certificates are stored and held in the image forming apparatus 20, the acquired security information map is as shown in FIG.

  Therefore, in step S114, the security strength information (the CA_URL information of the first CA50 and the second CA50) in the obtained security information map is extracted and compared with the security strength information of the own device (the CA_URL information of the second CA50). If the extracted security strength information matches the security strength information of the own device (CA_URL information of the second CA 50), that is, the image forming apparatus 20 corresponds to the security strength scheduled to be updated by the own device. Then, it is determined that the certificate update of the image forming apparatus 20 is unnecessary.

In this case, by updating the communication destination information when accessing the image forming apparatus 20 and performing communication, communication with a newly updated certificate becomes possible.
Therefore, in step S115, the CA_URL information and the communication destination information (image forming apparatus) in the record including the model number information of the image forming apparatus 20 in the map information table of the own apparatus stored and held in the map information storage unit 854. The information used when accessing 20) is updated as follows. That is, the CA_URL information is updated from the first CA50 to the CA_URL information of the second CA60, and the communication destination information is updated from “port 7443” to “port 8443”. That is, the communication destination information is updated to information on an address (port) used for authentication of the certificate issued by the second CA 60 notified from the image forming apparatus 20.

Thereafter, the control units of the mediation device 80, the first management device 30, and the second CA 60 perform the same processing as steps S30 to S36 in FIG. 18 in steps S116 to S122 to update the certificate of the mediation device 80.
Thereafter, the control unit 800 of the intermediary device 80 refers to the communication destination information included in the map information of the own device when communicating with the image forming device 20 after completing the certificate update of the own device. Then, the image forming apparatus 20 is accessed (S125). If this address is accessed, authentication with the image forming apparatus 20 can be performed using a certificate issued by the second CA 60.

According to the sixth embodiment, the mediation device 80 stores a storage unit (first storage unit) that stores identification information for uniquely identifying the mediation device 80, the image forming apparatus 20 that is a communication partner, and the like. A storage unit (second storage unit) for storing identification information (model number information) of the image forming apparatus and address information (communication destination information) of the image forming apparatus, and for receiving authentication by the communication partner apparatus A storage unit (third storage unit) for storing the certificate of the mediating device 80 and confirmation data for confirming the validity of the certificate transmitted from the communication partner device; When receiving an update request (instruction to update a certificate stored in the third storage unit to a certificate issued by the second CA 60, which is a different new issuer), the first management device 30, the identification stored in the first storage unit Information and the information of the new issuer are sent, and the first management device 30 is requested to obtain a certificate for updating the mediation device 80, and sent from the first management device 30 in response to the request. In order to confirm the validity of the certificate of the intermediary device 80 issued by the second CA 60 that is the issuer indicated by the information transmitted to the first management device 30 and the certificate issued by the issuer. Is stored in the third storage unit as a new certificate and confirmation data to be used for authentication, but at least before requesting the first management apparatus 30 to obtain an update certificate, Communication from each image forming apparatus in which the identification information is registered in the storage unit 2 is accessed when the image forming apparatus certificate issuer information stored in the image forming apparatus is accessed. To the other device Address information indicating whether to use the certificate to receive the certificate, and among the image forming apparatuses, the updatable image forming apparatuses in which the acquired issuer includes the new issuer The address information of the updatable image forming apparatus stored in the second storage unit is updated to the address information corresponding to the new issuer received from the updatable image forming apparatus. Even when the apparatus holds a plurality of certificates, it is possible to avoid a situation where the mediation apparatus 80 and the image forming apparatus cannot perform authentication using a new certificate.
Accordingly, in any of the first to sixth embodiments, when operating a plurality of CAs that issue different certificates, the security of communication between the image forming apparatus and the management apparatus is maintained while maintaining backward compatibility. The strength can be easily increased.

In the first to sixth embodiments, the mediation process 80 interprets a request (command) addressed from the image forming apparatus to the management apparatus, and then transmits a request having the same content as the request to the management apparatus. However, a request addressed to the management apparatus can be received once, pooled, and transmitted to the management apparatus.
In the first, fifth, and sixth embodiments, the map information update request and the certificate update request are made separately, but it is not necessary to make each request separately. That is, the certificate renewal request is sent together with information indicating which CA issued the certificate to be renewed. Based on this information, the CA that requests the issuance of the renewal certificate is selected and the map information May be updated.

This is the end of the description of the embodiment. However, the combination of devices constituting the system, the configuration of each device, the data configuration, specific processing contents, and the like are not limited to those described in the above embodiment. Of course.
In the above embodiment, an example in which the present invention is applied to an intermediary device (communication device) having a communication function and an image forming apparatus management system including an image forming apparatus has been described, but the present invention is not limited to this, Includes various terminal devices such as network home appliances, vending machines, medical equipment, power supply devices, air conditioning systems, metering systems such as gas, water and electricity, embedded devices such as AV equipment and game machines, and computers that can be connected to a network It is also applicable to management systems.

  As is apparent from the above description, according to the present invention, the communication device and the management system operate a plurality of CAs that issue certificates of different formats or corresponding to different authentication processes, and the terminal device and the management device It is possible to easily increase the security strength while maintaining backward compatibility with respect to the security of communication between the two. Therefore, when operating a plurality of CAs that issue certificates of different formats or corresponding to different authentication processes, it is easy to maintain security while maintaining backward compatibility for the security of communication between the image forming apparatus and the management apparatus. It is possible to provide a communication device and a management system that can be improved.

10: firewall 20: terminal device 30: first management device 40: second management device 50: first CA 60: second CA 70: network 80: mediation device 21, 31, 41, 51, 61, 81: CPU
22: ROM 23: RAM 24: Non-volatile memory 25, 36, 46, 56, 66, 84: Communication I / F 26: Display panel 27: Engine unit 28, 37, 47, 57, 67, 85: Bus 32, 42, 52, 62, 82: Memory device 33, 43, 53, 63, 83: HDD
34, 44, 54, 64: input device 35, 45, 55, 65: display device 200, 300, 400, 500, 600, 800: control unit 201, 801: certificate update request unit 202, 802: certificate update Units 203 and 803: Management device URL information update unit 204 and 804: Map information update request unit 205 and 805: Security strength information update units 251 and 851: Management device URL information storage unit 252 and 852: Model number information storage unit 253 , 352, 853: Certificate storage unit 254, 855: Security strength information storage unit 255, 856: Security information map storage unit 256: Mediation device URL information storage unit 257: Mediation device communication destination information storage unit 301, 401: Certificate Issuing request unit 302, 402: map information update unit 351, 451, 854: map information storage unit 3 52, 452, 853: Certificate storage unit 353, 453: Certificate-corresponding URL information storage unit 501, 601 :: Certificate issuing unit

JP 2004-320715 A

Claims (6)

A communication device,
A communication device for communicating with a terminal device and a management device that manages the terminal device;
First storage means for storing identification information for uniquely identifying the communication device;
A certificate of the communication device for receiving authentication from the device of the communication partner, and confirmation data for checking the validity of the certificate issued by the specific issuer transmitted from the device of the communication partner. Second storage means for storing;
Management device address storage means for storing address information of a management device as a communication destination;
When the validity of the certificate cannot be confirmed because the confirmation data stored in the second storage means does not correspond to the issuer of the certificate transmitted from the terminal device, the management device According to the address information stored in the address storage means, the identification information stored in the first storage means and the information on the issuer of the certificate transmitted from the terminal device are sent to the communication destination management device. A certificate update requesting means for requesting the communication destination management device to obtain a certificate for updating the communication device;
Of the data transmitted from the management device in response to a request from the certificate update request means, the certificate of the communication device issued by the issuer indicated by the information transmitted to the management device, and the issuer Confirmation data for confirming the validity of the issued certificate is stored in the second storage means as a new certificate and confirmation data to be used for authentication , and communication using the new certificate is performed. And a certificate setting means for storing address information of a management apparatus as a communication destination by the management apparatus address storage means . A communication device,
A communication device for communicating with a terminal device and a management device that manages the terminal device;
First storage means for storing identification information for uniquely identifying the communication device;
Second storage means for storing identification information of the terminal device as a communication partner and address information of the terminal device;
A certificate of the communication device for receiving authentication from the device of the communication partner, and confirmation data for checking the validity of the certificate issued by the specific issuer transmitted from the device of the communication partner. Third storage means for storing;
Management device address storage means for storing address information of a management device as a communication destination;
Receiving means for receiving an instruction to update the certificate stored in the third storage means;
An issuer storage means for storing information indicating which issuer obtains a certificate issued by the issuer as a certificate of the communication device;
When the receiving unit receives the instruction to update the certificate, the first storage unit stores the communication destination management device in accordance with the address information stored in the management device address storage unit. and the identification information is, together with the issuing storage means transmits the issuer of information stored, the certificate update request means for requesting the acquisition of the update certificate of the communication device to the management device of the communication destination When,
Of the data transmitted from the management device in response to a request from the certificate update request means, the certificate of the communication device issued by the issuer indicated by the information transmitted to the management device, and the issuer Confirmation data for confirming the validity of the issued certificate is stored in the third storage means as a new certificate and confirmation data used for authentication , and communication using the new certificate is performed. Certificate setting means for storing address information of a management apparatus as a communication destination by the management apparatus address storage means ;
Before at least the certificate update requesting unit requests the management device to obtain a certificate for updating, the terminal device stores the identification information from each terminal device in which the identification information is registered in the second storage unit. Information about the issuer of the certificate of the terminal device is obtained, and for each update required terminal device that is different from the issuer stored in the issuer storage unit among the respective terminal devices, the update required terminal The device identification information and the issuer information stored in the issuer storage unit are transmitted to the management device of the communication destination in accordance with the address information stored in the management device address storage unit , and are transmitted to the management device of the communication destination. The update request issued by the issuer stored in the issuer storage unit is transmitted from the management device at the communication destination in response to the request to obtain a certificate for updating the update required terminal device. Terminal device certificate , And wherein the issuing source storage means and a confirmation data for publisher store to verify the validity of the issued certificate, provided the certificate transmitting means for transmitting the該要update terminal Communication device. A communication device,
A communication device for communicating with a terminal device and a management device that manages the terminal device;
First storage means for storing identification information for uniquely identifying the communication device;
Second storage means for storing identification information of the terminal device as a communication partner and address information of the terminal device;
A certificate of the communication device for receiving authentication from the device of the communication partner, and confirmation data for checking the validity of the certificate issued by the specific issuer transmitted from the device of the communication partner. Third storage means for storing;
Management device address storage means for storing address information of a management device as a communication destination;
Receiving means for receiving an instruction to update the certificate stored in the third storage means;
An issuer storage means for storing information indicating which issuer obtains a certificate issued by the issuer as a certificate of the communication device;
When the receiving unit receives the instruction to update the certificate, the first storage unit stores the communication destination management device in accordance with the address information stored in the management device address storage unit. and the identification information is, together with the issuing storage means transmits the issuer of information stored, the certificate update request means for requesting the acquisition of the update certificate of the communication device to the management device of the communication destination When,
Of the data transmitted from the management device in response to a request from the certificate update request means, the certificate of the communication device issued by the issuer indicated by the information transmitted to the management device, and the issuer Confirmation data for confirming the validity of the issued certificate is stored in the third storage means as a new certificate and confirmation data used for authentication , and communication using the new certificate is performed. Certificate setting means for storing address information of a management apparatus as a communication destination by the management apparatus address storage means ;
Before at least the certificate update requesting unit requests the management device to obtain a certificate for updating, the terminal device stores the identification information from each terminal device in which the identification information is registered in the second storage unit. Obtains the information of the issuer of the certificate of the terminal device and the address information indicating which address is used to authenticate the communication partner device when accessed. Of each terminal device, the updatable terminal device stored in the second storage means for each updatable terminal device in which the issuer stored by the issuer storage means is included in the acquired issuer. A communication apparatus comprising terminal information update means for updating address information to address information corresponding to an issuer stored in the issuer storage means received from the updatable terminal apparatus. A management system comprising a terminal device, a plurality of management devices for managing the terminal device, and an intermediary device that mediates communication between the terminal device and the management device,
In the mediating device,
First storage means for storing identification information for uniquely identifying the intermediary device;
A certificate of the intermediary device for receiving authentication from the communication partner device, and confirmation data for confirming the validity of the certificate issued by the specific issuer transmitted from the communication partner device. Second storage means for storing;
Management device address storage means for storing address information of a management device as a communication destination;
When the validity of the certificate cannot be confirmed because the confirmation data stored in the second storage means does not correspond to the issuer of the certificate transmitted from the terminal device, the management device According to the address information stored in the address storage means, the identification information stored in the first storage means and the information on the issuer of the certificate transmitted from the terminal device are sent to the communication destination management device. And a certificate update requesting means for requesting the management device of the communication destination to obtain a certificate for updating the mediation device;
Of the data transmitted from the management device in response to a request by the certificate update request means, the certificate of the mediation device issued by the issuer indicated by the information transmitted to the management device, and the issuer Confirmation data for confirming the validity of the issued certificate is stored in the second storage means as a new certificate and confirmation data to be used for authentication , and communication using the new certificate is performed. Provided with certificate setting means for storing address information of the management apparatus as a communication destination by the management apparatus address storage means ,
At least one of the management devices includes
When the intermediary device is requested to obtain the certificate for update, the identification information received from the intermediary device is transmitted to the issuer of the certificate indicated by the issuer information received from the intermediary device, A certificate issuance request means for requesting issuance of a new certificate including the identification information;
Certificate acquisition means for acquiring a new certificate issued based on a request by the certificate issue request means from the issuer;
Confirmation data acquisition means for acquiring confirmation data for confirming the validity of the certificate issued by the issuer;
The new certificate acquired by the certificate acquisition means , the confirmation data acquired by the confirmation data acquisition means , and the address of the management apparatus as a communication destination by communication using the new certificate A certificate sending means for sending to the device,
In the terminal device,
Third storage means for storing a certificate of the terminal device for receiving authentication by the communication partner device and confirmation data for checking the validity of the certificate transmitted from the communication partner device; ,
A management system comprising: a certificate providing unit that transmits the certificate of the terminal device stored in the third storage unit to the mediating device in order to receive authentication. A management system comprising a terminal device, a plurality of management devices for managing the terminal device, and an intermediary device that mediates communication between the terminal device and the management device,
In the mediating device,
First storage means for storing identification information for uniquely identifying the intermediary device;
Second storage means for storing identification information of the terminal device as a communication partner and address information of the terminal device;
A certificate of the intermediary device for receiving authentication from the communication partner device, and confirmation data for confirming the validity of the certificate issued by the specific issuer transmitted from the communication partner device. Third storage means for storing;
Management device address storage means for storing address information of a management device as a communication destination;
Receiving means for receiving an instruction to update the certificate stored in the third storage means;
An issuer storage means for storing information indicating which issuer obtains a certificate issued by the issuer as a certificate of the mediation apparatus;
When the receiving unit receives the instruction to update the certificate, the first storage unit stores the communication destination management device in accordance with the address information stored in the management device address storage unit. Certificate update requesting means for requesting acquisition of a certificate for updating the intermediary device to the communication destination management device, and transmitting the identification information stored in the issuer storage unit and the issuer information stored in the issuer storage unit When,
Of the data transmitted from the management device in response to a request by the certificate update request means, the certificate of the mediation device issued by the issuer indicated by the information transmitted to the management device, and the issuer Confirmation data for confirming the validity of the issued certificate is stored in the third storage means as a new certificate and confirmation data used for authentication , and communication using the new certificate is performed. Certificate setting means for storing address information of a management apparatus as a communication destination by the management apparatus address storage means ;
Before at least the certificate update requesting unit requests the management device to obtain a certificate for updating, the terminal device stores the identification information from each terminal device in which the identification information is registered in the second storage unit. Information about the issuer of the certificate of the terminal device is obtained, and for each update required terminal device that is different from the issuer stored in the issuer storage unit among the respective terminal devices, the update required terminal The device identification information and the issuer information stored in the issuer storage unit are transmitted to the communication destination management device in accordance with the address information stored in the management device address storage unit , and are transmitted to the communication destination management device. The update-required terminal issued by the issuer stored in the issuer storage unit, which is requested to obtain a certificate for update of the update-required terminal device and is transmitted from the communication destination management device in response to the request A device certificate, Serial issuing the original storage means confirmation data for publisher to verify the validity of certificates issued to store, and a certificate transmitting means for transmitting the該要update terminal provided,
At least one of the management devices includes
When the intermediary device is requested to obtain the certificate for update, the identification information received from the intermediary device is transmitted to the issuer of the certificate indicated by the issuer information received from the intermediary device, A certificate issuance request means for requesting issuance of a new certificate including the identification information;
Certificate acquisition means for acquiring a new certificate issued based on a request by the certificate issue request means from the issuer;
Confirmation data acquisition means for acquiring confirmation data for confirming the validity of the certificate issued by the issuer;
The new certificate acquired by the certificate acquisition means , the confirmation data acquired by the confirmation data acquisition means , and the address of the management apparatus as a communication destination by communication using the new certificate A certificate sending means for sending to the device,
In the terminal device,
Fourth storage means for storing a certificate of the terminal device for receiving authentication from the communication partner device and confirmation data for checking the validity of the certificate transmitted from the communication partner device; ,
Fifth storage means for storing identification information for uniquely identifying the terminal device;
In response to a request from the intermediary device, identification information transmission means for transmitting the identification information of the terminal device stored in the fifth storage means to the mediation device;
A second proof that stores the certificate and confirmation data of the terminal device transmitted from the intermediary device in the fourth storage means as a new certificate and confirmation data used for access to the communication partner. A management system comprising a document setting means. A management system comprising a terminal device, a plurality of management devices for managing the terminal device, and an intermediary device that mediates communication between the terminal device and the management device,
In the mediating device,
First storage means for storing identification information for uniquely identifying the intermediary device;
Second storage means for storing identification information of the terminal device as a communication partner and address information of the terminal device;
A certificate of the intermediary device for receiving authentication from the communication partner device, and confirmation data for confirming the validity of the certificate issued by the specific issuer transmitted from the communication partner device. Third storage means for storing;
Management device address storage means for storing address information of a management device as a communication destination;
Receiving means for receiving an instruction to update the certificate stored in the third storage means;
An issuer storage means for storing information indicating which issuer obtains a certificate issued by the issuer as a certificate of the mediation apparatus;
When the receiving unit receives the instruction to update the certificate, the first storage unit stores the communication destination management device in accordance with the address information stored in the management device address storage unit. Certificate update requesting means for requesting acquisition of a certificate for updating the intermediary device to the communication destination management device, and transmitting the identification information stored in the issuer storage unit and the issuer information stored in the issuer storage unit When,
Of the data transmitted from the management device in response to a request by the certificate update request means, the certificate of the mediation device issued by the issuer indicated by the information transmitted to the management device, and the issuer Confirmation data for confirming the validity of the issued certificate is stored in the third storage means as a new certificate and confirmation data used for authentication , and communication using the new certificate is performed. Certificate setting means for storing address information of a management apparatus as a communication destination by the management apparatus address storage means ;
Before at least the certificate update requesting unit requests the management device to obtain a certificate for updating, the terminal device stores the identification information from each terminal device in which the identification information is registered in the second storage unit. Obtains the information of the issuer of the certificate of the terminal device and the address information indicating which address is used to authenticate the communication partner device when accessed. Of each terminal device, the updatable terminal device stored in the second storage means for each updatable terminal device in which the issuer stored by the issuer storage means is included in the acquired issuer. Terminal information update means for updating address information to address information corresponding to the issuer stored in the issuer storage means received from the updatable terminal device;
At least one of the management devices includes
When the intermediary device is requested to obtain the certificate for update, the identification information received from the intermediary device is transmitted to the issuer of the certificate indicated by the issuer information received from the intermediary device, a certificate issuing request means for requesting a new certificate containing the identification information,
Certificate acquisition means for acquiring a new certificate issued based on a request by the certificate issue request means from the issuer;
Confirmation data acquisition means for acquiring confirmation data for confirming the validity of the certificate issued by the issuer;
The new certificate acquired by the certificate acquisition means, the confirmation data acquired by the confirmation data acquisition means , and the address of the management apparatus as a communication destination by communication using the new certificate A certificate transmission means for transmitting to the device,
In the terminal device,
Corresponding to a plurality of different addresses of the terminal device, the data of the terminal device issued by different issuers as data used to authenticate the communication partner device when the address is accessed A fourth storage means for storing confirmation data for confirming the validity of the certificate issued by the issuer;
In response to a request from the intermediary device, based on the information stored in the fourth storage means, access information of the certificate issuer of the terminal device stored in the terminal device and which address is accessed A management system comprising: address information transmitting means for transmitting to the intermediary device address information indicating whether or not to use the certificate to receive authentication from the communication partner device.

Images