Patent Application
20240364831
This application claims priority from Japanese Patent Application No. 2023-073354 filed on Apr. 27, 2023. The entire content of the priority application is incorporated herein by reference.
An image processing device configured to scan a document is known. The image processing device scans a document and generates scan data when the image processing device receives a scan start request from a processing terminal. In a case where the scan data is to be sent from the image processing device to a cloud storage service, execution of scan is not restricted when communication between the processing terminal and the image processing device is encrypted, whereas the execution of scan is restricted when such communication is not encrypted. In a case where the scan data is to be sent from the image processing device to the processing terminal, the execution of scan is not restricted irrespective of whether communication between the processing terminal and the image processing device is encrypted or not.
The present disclosure provides an art configured to improve security in a function executing device configured to execute a scan process according to an instruction from an external device and send scan data to the external device.
A function executing device configured to execute a scan function is disclosed herein. The function executing device may comprise: a scan engine; and a controller, wherein the controller may be configured to: receive a related instruction related to execution of a scan from an external device; in a case where the related instruction is received from the external device via a first communication path for executing an encrypted communication, send an authentication information request to the external device; in response to the authentication information request being sent to the external device, receive specific authentication information from the external device via the first communication path; and in a case where a user authentication according to the specific authentication information succeeds, execute a first scan process, wherein the first scan process may comprises: causing the scan engine to scan a document; and sending scan data to the external device via the first communication path, and in a case where the user authentication according to the specific authentication information fails, the first scan process is not executed, wherein in a case where the related instruction is received from the external device via a second communication path for executing an unencrypted communication, the controller may be configured not to send the authentication information request to the external device.
According to the above configuration, the function executing device does not send the authentication information request to the external device when the function executing device receives the related instruction via the second communication path for executing an unencrypted communication. Due to this, a situation in which the specific authentication information is obtained by a third party because the specific authentication information is sent via the second communication path for executing the unencrypted communication can be suppressed from occurring. Accordingly, security can be improved in the function executing device configured to executed a scan process according to an instruction from an external device and send scan data to the external device.
A computer-readable instructions for the function executing device for realizing the above function executing device, a non-transitory computer-readable recording medium storing the computer-readable instructions, and a method for controlling the function executing device are also novel and useful.
As shown in
The terminal 10A is a mobile terminal device such as a cell phone, a smartphone, a PDA, and a tablet PC. In a modification, the terminal 10A may be a stationary PC, a laptop PC. The terminal 10A is a terminal used by a user X of the multi-function peripheral 100. The terminal 10A supports a predetermined encryption protocol. That is, the terminal 10A is configured to communicate encrypted data encrypted by the predetermined encryption protocol with the multi-function peripheral 100. The terminal 10A comprises an operation unit 12, a display unit 14, a communication interface 16, and a controller 30. Each unit 12 to 30 is connected to a bus line. Hereafter, the interface will be referred to as “I/F”.
The operation unit 12 is an I/F that allows a user to input various information to the terminal 10A, and comprises a touchscreen and button(s) for example. The user can input the various information to the terminal 10A via the operation unit 12. The display unit 14 is a display configured to display the various information. The communication I/F 16 is connected to the LAN 4.
The controller 30 comprises a CPU 32 and a memory 34. The memory 34 has an OS program 36 and an application program 38 stored therein. The CPU 32 is configured to execute various processes in accordance with the OS program 36 and the application program 38. The memory 34 is for example a ROM, RAM. Hereafter, an OS program will be simply referred to as “OS”. Also, an application program will be simply referred to as “app”.
The OS 36 controls basic operations of the terminal 10A. The app 38 is a program for causing the multi-function peripheral 100 to execute a scan function, a print function, etc. The app 38 is downloaded from a server on the Internet provided by for example a vendor of the multi-function peripheral 100 and installed on the terminal 10A.
The terminal 10B is a terminal used by a user Y of the multi-function peripheral 100. A configuration of the terminal 10B is the same as the configuration of the terminal 10A except that the terminal 10B does not support the predetermined encryption protocol as above. The terminal 10B cannot communicate encrypted data with the multi-function peripheral 100, but it can communicate unencrypted data (hereafter “cleartext data”) with the multi-function peripheral 100.
The terminal 10C is a terminal used by a user Z (a public user) who is not a user of the multi-function peripheral 100. A configuration of the terminal 10C is the same as the configuration of the terminal 10B. That is, the terminal 10C does not support the predetermined encryption protocol as above.
The multi-function peripheral 100 is a peripheral device configured to execute multiple functions such as a scan function, a print function, a copy function, and a facsimile function and is thus a peripheral device for the terminal 10A to 10C for example. The multi-function peripheral 100 supports the predetermined encryption protocol as above.
The multi-function peripheral 100 comprises an operation unit 112, a display unit 114, a communication I/F 116, a scan engine 118, a print engine 120, and a controller 130. Each unit 112 to 130 is connected to a bus line. The operation unit 112 is an I/F that allows a user to input various information to the multi-function peripheral 100, and for example comprises a touchscreen and button(s). The user can input the various information to the multi-function peripheral 100 via the operation unit 112. The display unit 114 is a display configured to display the various information. The scan engine 118 comprises a scan mechanism such as a CCD scheme and a CIS scheme. The print engine 120 comprises a print mechanism such as an inkjet scheme, a laser scheme, and a thermal printing scheme.
The communication I/F 116 is connected to the LAN 4. The communication I/F 116 comprises an encryption port for encrypted data communication and a cleartext port for cleartext data communication. That is, the multi-function peripheral 100 has a communication path for executing an encrypted communication (i.e., communication path directed to the encryption port as its destination) and a communication path for executing an unencrypted communication (i.e., communication path directed to the cleartext port as its destination). While power of the multi-function peripheral 100 is ON, the multi-function peripheral 100 is controlled in a state configured to execute communication via the encryption port. Hereafter, such state will be denoted as “opening the encryption port”. The multi-function peripheral 100 is controlled in either an executable state of being able to communicate via the cleartext port and an inexecutable state of being unable to communicate via the cleartext port depending on a cleartext setting value 140 to be described later. Hereafter, the former state will be denoted as “opening the cleartext port”, while the latter state will be denoted as “closing the cleartext port”. Alternatively in a modification, the encrypted communication and the unencrypted communication may be performed via a same port.
The controller 130 comprises a CPU 132 and a memory 134. The CPU 132 is configured to execute various processes in accordance with a program 136 stored in the memory 134. The memory 134 further stores the cleartext setting value 140, an authentication setting value 142, and an authentication table 144.
The cleartext setting value 140 indicates either “ON” corresponding to opening of the cleartext port and “OFF” corresponding to closing of the cleartext port. The authentication setting value 142 indicates either “ON” corresponding to user authentication for executing a function (e.g., scan function) of the multi-function peripheral 100 being required and “OFF” corresponding to such user authentication being not required.
The authentication table 144 is a table for storing a user ID, a password, and a permission setting value for each function in association with each other. In the present embodiment, for each of the user X of the terminal 10A and the user Y of the terminal 10B, the user ID and the password of the user are registered (i.e., stored) in the authentication table 144. On the other hand, a user ID and a password of the user Z using the terminal 10C are not registered in the authentication table 144. Here, “permission setting value for each function” means a setting value which indicates whether to permit the execution of a function for each of functions that can be executed by the multi-function peripheral 100 (e.g., scan function, print function, copy function) and thus indicates either “Permitted” or “Not Permitted”. In particular, a user ID “Public” is a setting value which indicates whether to permit a public user who is not an individual user of the multi-function peripheral 100 (i.e., individual user registered in the authentication table 144) to execute each function. Accordingly, in the authentication table 144, no password is associated with the user ID “Public”. That is, a permission setting value for each function that is associated with the user ID “Public” can be regarded as information indicating whether to permit the respective function without execution of user authentication. Each of the setting values 140, 142 and the authentication table 144 can be designated by an administrator of the multi-function peripheral 100.
Subsequently, a scan process realized by the CPU 132 of the multi-function peripheral 100 executing the program 136 will be described with reference to
The CPU 132 opens the encryption port in S10. When the multi-function peripheral 100 opens the encryption port, it enters a state of being able to receive a signal via the communication path for executing an encrypted communication according to the predetermined encryption protocol as above. The protocol used by the encryption port is for example Hypertext Transfer Protocol Secure (HTTPS), and its port number is 443.
In S12, the CPU 132 determines whether the cleartext setting value 140 in the memory 134 indicates “ON” or “OFF”. The CPU 132 proceeds to S14 when the cleartext setting value 140 indicates “ON” (YES to S12), whereas the CPU 132 skips S14 and proceeds to S20 when the cleartext setting value 140 indicates “OFF” (NO to S12).
In S14, the CPU 132 opens the cleartext port. When the multi-function peripheral 100 opens the cleartext port, it enters a state of being able to receive a signal via the communication path for executing an unencrypted communication. The protocol used by the cleartext port is for example Hypertext Transfer Protocol (HTTP), and its port number is 80.
In S20, the CPU 132 monitors receipt of a connection instruction from a terminal (e.g., the terminal 10A). The connection instruction is a command for instructing the multi-function peripheral 100 to establish a communication session for executing various communications for scanning. The CPU 132 determines YES to S20 and proceeds to S22 when the CPU 32 receives the connection instruction from the terminal. Hereafter, the terminal which sent the connection instruction will be referred to as “target terminal”. In the present embodiment, the CPU 132 receives the connection instruction from the target terminal either via the encryption port or via the cleartext port. In particular, the connection instruction via the encryption port includes encrypted information and the connection instruction via the cleartext port includes unencrypted information. The same applies to various communications to be described later.
In S22, the CPU 132 determines whether a scan process is currently in execution. Although details will be described later, when the multi-function peripheral 100 receives the connection instruction from the target terminal and has a communication session established with the target terminal, the multi-function peripheral 100 executes various communications by using the communication session and executes a scan process on a document. Then the multi-function peripheral 100 sends scan data generated by a document scan to the target terminal by using the above communication session. The “scan process” in S22 means a sequence of processes from receiving the connection instruction to sending the scan data. That is, in S22, when the first connection instruction is received earlier than the second connection instruction received in S20 and also the scan data is not sent yet according to the first connection instruction and the subsequent scan executing instruction in S22, the CPU 132 determines that the scan process is currently in execution (YES to S22) and proceeds to S24. Contrary to this, the CPU 132 proceeds to S26 when the CPU 132 determines that the scan process is not currently in execution (NO to S22).
In S24, the CPU 132 sends a busy response indicating that the scan process is in execution to the target terminal. As a result of this, information indicating that the multi-function peripheral 100 is in a busy state is displayed at the target terminal, by which a user of the target terminal can acknowledge that it is impossible to cause the multi-function peripheral 100 to execute a scan due to the multi-function peripheral 100 being in the busy state. When the process of S24 has completed, the CPU 132 returns to the monitoring process of S20 again.
In S26, the CPU 132 determines whether the connection instruction received in S20 was received via the encryption port or the cleartext port. The CPU 132 proceeds to S30 when the connection instruction was received via the encryption port (YES to S26), whereas the CPU 132 proceeds to S40 (NO to S26) when the connection instruction was received via the cleartext port.
In S30, the CPU 132 executes an encrypted scan process. The encrypted scan process is a scan process including encrypted communication. When the process of S30 has completed, the CPU 132 again returns to the monitoring process of S20.
In S40, the CPU 132 executes a cleartext scan process. The cleartext scan process is a scan process which does not include encrypted communication. When the process of S40 has completed, the CPU 132 again returns to the monitoring process of S20.
Subsequently, with reference to
In S112, the CPU 132 receives a capability information request from the target terminal by using the communication session. The capability information request is a signal requesting to send capability information indicating a capability of the multi-function peripheral 100, in particular, a capability regarding the scan function of the multi-function peripheral 100 (e.g., resolution, whether color scan is executable or not, and scannable document size(s)).
In S114, the CPU 132 sends the capability information to the target terminal by using the communication session. As a result of this, as the capability information is displayed at the target terminal, a user of the target terminal can know about the capability of the multi-function peripheral 100, in particular, the capability regarding the scan function of the multi-function peripheral 100. Also, the user can designate scan setting (e.g., resolution, color scan/monochrome scan, and document size).
In S116, the CPU 132 receives a scan executing instruction from the target terminal by using the communication session. The scan executing instruction is a signal requesting the multi-function peripheral 100 to start scanning a document.
In S120, the CPU 132 determines which “ON” or “OFF” the authentication setting value 142 in the memory 134 indicates. The CPU 132 proceeds to S122 when the authentication setting value 142 indicates “ON” (YES to S120), whereas the CPU 132 skips S122 to S132 and proceeds to S134 when the authentication setting value 142 indicates “OFF” (NO to S120). As such, the multi-function peripheral 100 can switch between executing authentication and not executing authentication depending on the value of the authentication setting value 142.
In S122, the CPU 132 determines which “Permitted” or “Not Permitted” a permission setting value of the scan function which is associated with the user ID “Public” of the authentication table 144 in the memory 134. The CPU 132 skips S124 to S132 and proceeds to S134 when the permission setting value indicates “Permitted” (YES to S122), whereas the CPU 132 proceeds to S124 when the permission setting value indicates “Not Permitted” (NO to S122).
In S124, the CPU 132 sends an authentication information request to the target terminal by using the communication session. The authentication information request is a signal requesting to send authentication information (i.e., user ID and password). As a result of this, an inputting screen for inputting the authentication information is displayed at the target terminal. When the authentication information has been inputted by the user of the target terminal, the scan executing instruction including the inputted authentication information, more precisely, the scan executing instruction including the authentication information obtained by the inputted authentication information being encrypted is sent from the target terminal to the multi-function peripheral 100.
In S126, the CPU 132 determines whether the scan executing instruction including the authentication information has been received from the target terminal. Specifically, the CPU 132 decrypts the information included in the scan executing instruction received from the target terminal and determines whether the decrypted information includes the authentication information or not. The CPU 132 determines YES to S126 and proceeds to S130 when the decrypted information includes the authentication information. Contrary to this, the CPU 132 determines NO to S126 and proceeds to S140 when the decrypted information does not include the authentication information.
In S130, the CPU 132 determines whether the authentication information is successfully authenticated. Specifically, the CPU 132 specifies the authentication information included in the decrypted information (i.e., user ID and password). Hereafter, the user ID and the password specified herein will be denoted “target user ID” and “target password”, respectively. That is, the target user ID and the target password are the user ID and the password of the user of the target terminal, respectively. Next, the CPU 132 determines whether combination of the target user ID and the target password is stored in the authentication table 144. The CPU 132 determines YES to S130 and proceeds to S132 when the combination of the target user ID and the target password is stored in the authentication table 144. Contrary to this, the CPU 132 determines NO to S130 and proceeds to S140 when the combination of the target user ID and the target password is not stored in the authentication table 144. Since the user authentication is performed as such, scan function can be provided only to a legitimate user.
In S132, the CPU 132 determines which “Permitted” or “Not Permitted” the permission setting value for the scan function which is associated with the target user ID in the authentication table 144 in the memory 134 indicates. The CPU 132 proceeds to S134 when the permission setting value indicates “Permitted” (YES to S132), whereas the CPU 132 skips S134 and S136 and ends the process of
In S134, the CPU 132 scans a document, and generates scan data.
In S136, the CPU 132 sends the generated scan data to the target terminal by using the communication session. When the process of S136 has completed, the process of
In S140, the CPU 132 sends information indicating that the authentication has failed to the target terminal. “The authentication has failed” herein includes that the authentication information has not been received from the target terminal (in the case of NO to S126) and that the authentication information has been received from the target terminal but such authentication information is not stored in the authentication table 144 (NO to S130). When the process of S140 has ended, the process of
Subsequently, with reference to
In S240, the CPU 132 sends a connection-NG response to the target terminal. Normally, when YES was determined to S210 and NO was determined to S212, user authentication for executing the scan function is required. However, if authentication information for the user authentication is communicated via the cleartext port, such authentication information might be obtained by a third party. To address this, in the present embodiment, the multi-function peripheral 100 sends the connection-NG response to the target terminal in S240 without communicating the authentication information to prevent unauthorized acquisition of the authentication information. In particular, after the multi-function peripheral 100 has received the connection instruction from the target terminal, the multi-function peripheral 100 sends the connection-NG response to the target terminal without communicating the capability information or the scan executing instruction (see S222 to S226). For this reason, unnecessary communication can be suppressed. When the process of S240 has ended, the processes of
Subsequently, a specific case realized by the processes of
Hereafter, when a process executed by a CPU (e.g., 32, 132) of a device (e.g., the terminal 10A, the multi-function peripheral 100) is described, for easier understanding, the respective device is described as a subject of action without describing the CPU as the subject of action. Further, communication between the respective devices is executed via a communication I/F (e.g., 16, 116). Accordingly, in the following description, a description “via the communication I/F” will be omitted when any communication is described.
In T100, when the multi-function peripheral 100 receives an operation for turning on power from the user X (trigger for
In T110, the user X performs a scan operation on the terminal 10A for causing the multi-function peripheral 100 to execute a scan. In this case, in T112, the terminal 10A sends a connection instruction to the multi-function peripheral 100. Since the terminal 10A supports the predetermined encryption protocol as above, the connection instruction of T110 is sent with the encryption port as its destination.
When the multi-function peripheral 100 has received the connection instruction via the encryption port from the terminal 10A in T112 (YES to S20 in
In T114, the terminal 10A receives a connection-OK response from the multi-function peripheral 100. As a result of this, a communication session for executing an encrypted communication according to the predetermined encryption protocol as above is established between the terminal 10A and the multi-function peripheral 100. Due to this, the following various communications are executed by using the communication session. In T116, the terminal 10A sends the capability information request to the multi-function peripheral 100.
When the multi-function peripheral 100 receives the capability information request (S112) from the terminal 10A in T116, in T118 the multi-function peripheral 100 sends a capability information as a response to the terminal 10A (S114).
In T118, the terminal 10A receives the capability information as a response from the multi-function peripheral 100. Thereafter, when the terminal 10A receives the user X's designation of the scan setting according to the capability information, in T120 the terminal 10A sends the scan executing instruction according to the designated scan setting to the multi-function peripheral 100.
In T120, the multi-function peripheral 100 receives the scan executing instruction from the terminal 10A (S116). In the present case, the authentication setting value 142 indicates “ON” (YES to S120) and the permission setting value for the scan function associated with the user ID “Public” in the authentication table 144 indicates “Not Permitted” (NO to S122). In this case, in T122 the multi-function peripheral 100 sends the authentication information request to the terminal 10A (S124).
When in T122, the terminal 10A receives the authentication information request from the multi-function peripheral 100, in T124 the terminal 10A displays an authentication information inputting screen SC1. The authentication information inputting screen SC1 includes a user ID inputting field, a password inputting field, and an OK button. In T126 the terminal 10A receives input of the user ID “AAA” to the user ID inputting field and input of the password “XXX” to the password inputting field, and then receives selection of the OK button from the user X. In this case, in T130 the terminal 10A sends the scan executing instruction including information which is obtained by the inputted user ID “AAA” and password “XXX” being encrypted to the multi-function peripheral 100 by using the communication session.
When in T130 the multi-function peripheral 100 receives the scan executing instruction from the terminal 10A, the multi-function peripheral 100 decrypts the information included in the scan executing instruction and obtains the user ID “AAA” and password “XXX” (YES to S126). Because the combination of the obtained user ID “AAA” and password “XXX” is stored in the authentication table 144, in T132 the multi-function peripheral 100 determines that the authentication has succeeded (YES to S130). Also, because the permission setting value corresponding to the scan function and associated with the obtained user ID “AAA” indicates “Permitted” in the authentication table 144 (YES to S132), the multi-function peripheral 100 starts scanning a document in T134.
When in T140 the terminal 10C receives a scan operation for causing the multi-function peripheral 100 to execute a scan from the user Z while the multi-function peripheral 100 is scanning the document, in T142 the terminal 10C sends a connection instruction to the multi-function peripheral 100.
When in T142 the multi-function peripheral 100 receives the connection instruction from the terminal 10C (YES to S20 in
Thereafter, when in T150 the scan of the document has completed and thus has scan data generated, in T152 the multi-function peripheral 100 sends the scan data to the terminal 10A. As such, the user X of the terminal 10A can obtain the scan data representing the document. As described above, the scan data is sent by using the communication session for executing an encrypted communication (i.e., sent in encrypted form). Due to this, a content of the original document of the scan data can be suppressed from being leaked.
Subsequently, with reference to
In T210, the user Y performs the scan operation on the terminal 10B for causing the multi-function peripheral 100 to execute a scan. In this case, in T212, the terminal 10B sends a connection instruction to the multi-function peripheral 100. Since the terminal 10B does not support the predetermined encryption protocol as above, the connection instruction of T210 is sent with the cleartext port as its destination.
In T212, the multi-function peripheral 100 receives the connection instruction via the cleartext port from the terminal 10B (YES to S20, NO to S22, NO to S26 in
Subsequently, with reference to
In T310, the user Z performs the scan operation on the terminal 10C for causing the multi-function peripheral 100 to execute a scan. In this case, in T312, the terminal 10C sends a connection instruction to the multi-function peripheral 100. Since the terminal 10C does not support the predetermined encryption protocol as above, the connection instruction of T310 is sent with the cleartext port as its destination.
In T312, the multi-function peripheral 100 receives the connection instruction via the cleartext port from the terminal 10C (YES to S20, NO to S22, NO to S26 in
Processes of T316 to T320 are the same as the processes of T116 to T120 in
Subsequently, with reference to
A process of T410 is the same as the process of T210 in
According to the above configuration, when the multi-function peripheral 100 receives the connection instruction sent with the cleartext port as its destination from the terminal 10B (T212 in
Each of the terminals 10A to 10C is an example of “external device”. The terminal 10C is an example of “another external device”. The multi-function peripheral 100 is an example of “function executing device”. The communication path for executing an encrypted communication and the communication path for executing an unencrypted communication are examples of “first communication path” and “second communication path”, respectively. “ON” and “OFF” of the authentication setting value 142 are examples of “first value” and “second value”, respectively. The permission setting value for scan function associated with the user ID “Public” in the authentication table 144 is an example of “permission setting value”. The combination of a user ID and a password is an example of “user authentication information”. The information obtained by encrypting the user ID “AAA” and the password “XXX” is an example of “specific authentication information”. The connection instruction is an example of “related instruction”. The processes executed in S134 and S136 in
The process of S20 in
While the invention has been described in conjunction with various example structures outlined above and illustrated in the figures, various alternatives, modifications, variations, improvements, and/or substantial equivalents, whether known or that may be presently unforeseen, may become apparent to those having at least ordinary skill in the art. Accordingly, the example embodiments of the disclosure, as set forth above, are intended to be illustrative of the invention, and not limiting the invention. Various changes may be made without departing from the spirit and scope of the disclosure. Therefore, the disclosure is intended to embrace all known or later developed alternatives, modifications, variations, improvements, and/or substantial equivalents. Some specific examples of potential alternatives, modifications, or variations in the described invention are provided below:
(Modification 1) When the scan executing instruction is received in S116 in
(Modification 2) The multi-function peripheral 100 may not store the authentication table 144, but for example an external authentication server, an external storage may store the authentication table 144. In this case when the scan executing instruction including the authentication information is received in S126 in
(Modification 3) The multi-function peripheral 100 may not store the authentication setting value 142. In this case, the multi-function peripheral 100 may omit the processes of S120 and S122 and may execute the process of S124 in
(Modification 4) The authentication table 144 may not store the user ID “Public”. That is, the multi-function peripheral 100 may not be configured to permit a function (e.g., scan function) for a public user.
(Modification 5) The multi-function peripheral 100 may omit the processes of S22 and S24 in
(Modification 6) Timing when the processes of S210 and S212 in
(Modification 7) The multi-function peripheral 100 may omit the processes of S112 and S114 in
(Modification 8) The multi-function peripheral 100 may not store the cleartext setting value 140. In this case, the multi-function peripheral 100 may omit the process of S12 in
(Modification 9) The multi-function peripheral 100 may open the cleartext port in a state where the power of the multi-function peripheral 100 is ON. The cleartext setting value 140 indicating “ON” in such a situation may mean being in a state of executing a process in accordance with a signal received via the cleartext port. Also, the cleartext setting value 140 indicating “OFF” may mean being in a state of not executing a process in accordance with a signal even when the signal is received via the cleartext port.
(Modification 10) In the above embodiments, each process of the respective steps in
| Number | Date | Country | Kind |
|---|---|---|---|
| 2023-073354 | Apr 2023 | JP | national |
