Patent Application
20100191866
1. Technical Field
The present invention relates to a printer, an information processing device with a built-in printer or the like, a method for controlling the device, and a computer-readable recording medium that stores a computer program.
2. Related Art
Printers as an information processing device, or multifunction peripherals having functions such as printing, scanning, and facsimile functions are usually provided with various security functions. Examples of such security functions include a function that blocks specific inputs and a function that restricts which users can access the machine.
Since, as described above, the information processing devices are usually provided with these functions that block specific inputs and restrict which users can access the machine as security functions, the available functions and users are limited. Therefore, while security was sufficiently secured, the device lacked versatility because of the strong limitations, that was a problem.
Even when the device is subject to the limitations described above, if a print job includes a restricted command such as a command for reading device information or rewriting device settings, those commands are sometimes embedded in a received job, and there is no method to avoid executing the command.
In other words, if the above-mentioned command is received, the printer executes the command, and therefore even though the printer is provided with the above-mentioned security functions, these functions cannot be performed.
An advantage of some aspects of the invention is to provide an information processing device, a control method, and a program which can improve its usability while securing security.
An information processing device, which is connected to external devices, according to an aspect of the invention includes a receiving unit that receives a command from the external devices, a judgment unit, and a command processing unit. The judgment unit determines whether the command received by the receiving unit is a first type command or a second type command other than the first type command. The first type command executes read-out, rewrite, or deletion of data stored in the information processing device. The command processing unit prohibits execution of the command received by the receiving unit when the command is the first type command, and executes the command received by the receiving unit when the command is the second type command, in accordance with determination by the judgment unit.
Thus, as execution of the first type command is prohibited, read-out, rewrite, or deletion of data stored in the information processing device is prohibited, so that the data stored in the information processing device is protected.
It is preferable that the information processing device perform in a first type command prohibit mode in which execution of the first type command is prohibited, and the judgment unit perform determination of the received command when the device is in the first type command prohibit mode.
Thereby, execution of the first type command is prohibited only when the device is in the first type command prohibit mode, while the first type command can be executed when the device is not in the first type command prohibit mode.
It is preferable that the information processing device have a plurality of receiving units and enter the first type command prohibit mode when one of predetermined receiving units received the command.
It is preferable that the information processing device enter the first type command prohibit mode when the receiving unit receives a data file in a predetermined format.
It is preferable that the information processing device enter the first type command prohibit mode when the receiving unit received a command sent from a predetermined source.
It is preferable that the information processing device be a printer, and when the receiving unit received a print job containing a plurality of commands, the judgment unit may perform determination of whether each of the plurality of commands is the first type command or the second type command.
Thereby, when a print job containing a plurality of commands is received, the judgment unit performs determination of whether each command in the printer job is the first type command or the second type command, so that if the print job contains a first type command, execution of the first type command can be prohibited, and the second type command can only be executed.
The invention will be described with reference to the accompanying drawings, wherein like numbers reference like elements.
An embodiment of the invention will be hereinafter described with reference to the drawings.
As shown in the drawing, the printer 101 includes a print engine 111, a control section 112, and an operation panel section 113. The printer 101 is connected to, for example, an external memory device 102, a personal computer 103, and a network 104.
The printer 101 receives external control commands (hereinafter simply referred to as “command”), and executes the received commands or prohibits the execution of the received commands depending on the type of the commands.
The control section 112 is constituted by a computer system that includes a processor and a memory. Functions of individual components of the control section 112 described below can be achieved by executing a computer program.
In the drawing, the control section 112 in the printer 101 includes a network interface 121, a USB (Universal Serial Bus) interface 122 for a USB host controller and the like, a parallel interface 123, a command judgment section 124 having a decision table 125, and a command processing section 126 that executes commands.
In the printer 101, the network interface 121, USB interface 122, parallel interface 123, and operation panel section 113 function as receiving units that receive external commands. For example, the network interface 121, USB interface 122, and parallel interface 123 receive respective commands from external devices such as other computers. The operation panel section 113 receives commands input by a user. For example, the network interface 121, USB interface 122, and parallel interface 123 receive a print job containing a plurality of commands from other computers and the like.
Here, commands received in this embodiment are classified into two types, first type commands and second type commands.
The first type commands are commands that read out, rewrite, or delete certain data which are necessarily protected and stored in the printer 101. The second type commands are commands other than the first type commands. Methods of Reading out protected data include displaying the protected data to the operation panel section 113, printing out the data with the print engine 111, and outputting data externally through the network interface 121, USB interface 122, and parallel interface 123. The protected data also include MIB (Management Information Base) data, firmware, and information for various printer settings.
The command judgment section 124 is a judgment unit that determines whether the command received by the receiving unit is a first type command or a second type command. When a print job includes a plurality of commands, the command judgment section 124 determines whether each of the commands is a first type command or a second type command.
The command processing section 126 is a command processing unit, that prohibits or executes commands in accordance with the determination by the judgment unit. When the command received by the receiving unit is a first type command, the command processing section prohibits execution of that command, when the command received by the receiving unit is a second type command, the command processing section executes the command. That is, the command processing section 126 executes only second type commands and does not execute (i.e., ignores) first type commands.
The printer 101 may perform in a first type command prohibit mode for prohibiting execution of first type commands. That is, when the printer 101 is in the first type command prohibit mode, the command processing section 126 prohibits execution of the first type commands as described above. When the printer 101 is not in the first type command prohibit mode, the command processing section 126 allows execution of the above-described first type commands.
The printer 101 may also be configured such that it enters the first type command prohibit mode when the operation panel section 113 is operated using a predetermined a specific operation button and the like by a user (administrator). Alternatively, the printer may be configured such that the printer 101 enters the first type command prohibit mode when one of predetermined receiving units received a command. For example, the printer may enter the first type command prohibit mode when any of the network interface 121, USB interface 122, and parallel interface 123 receive(s) a command.
The decision table 125 is a table used for determining whether or not it is necessary to judge whether the command is the first type command or the second type command, depending respectively on file format, IP address, and connection format.
For example, in the case of
Similarly, referring to
The drawing further shows that “unconditional authorization” is given when the connection format (receiving unit) is a USB interface. This allows print jobs input from a USB interface to be executed unconditionally.
The content of the decision table 125 may be suitably set. For example, specific file formats, command sources, and connection formats may be designated as falling under the “unconditional authorization” category while those other than the specified parameters are set under “command judgment necessary”. Conversely, specific file formats, command sources, and connection formats may be designated as falling under the “command judgment necessary” category while those other than the specified parameters are set under “unconditional authorization”.
The above processing procedures are summarized as a flowchart in
Referring to
If the printer is in the first type command prohibit mode (S102: Yes), the command judgment section 124 determines whether or not command judgment is necessary (S103) on the basis of the decision table 125 of
When the input received at process S101 has any of the file format, IP address, and connection format classified under the category of “command judgment necessary” in the decision table 125 of
When the command judgment section 124 determines that the command is a first type command (S104: first type command), the command processing section 126 does not execute that command and instead indicates to the administrator (S105), for example, by displaying an alert in the operation panel section 113.
In the cases when the printer 101 is not in the first type command prohibit mode at process 5102 (S102: No); when it is determined that no command judgment is necessary at process S103 (S103: No); and when the command judgment section 124 determines that the command is a second type command at process S104 (S104: second type command), the flow goes to process S106, where the command processing section 126 executes the command received at process S101 (S106).
Following processes S105 and S106, the above-described processes of S102 to S106 are repeated until these processes are all complete with respect to all of the commands received at process S101 (S107). The flowchart ends when the processes S102 to S106 are all complete with respect to all of the received commands.
According to this embodiment, execution or prohibition of first type commands that are for accessing the protected data can be controlled. This allows the printer according to this embodiment to be improved in usability while security is secured.
The above-described embodiment of the invention is shown for illustration purpose only of the invention and should not be understood as limiting the scope of the invention to the specific embodiment. It will be apparent for those skilled in the art that the invention may be embodied in various other manners without departing from the subject matter of the invention.
For example, though a printer is described as an example of the information processing device in the above described embodiment, the embodiment of the invention may be applied to other equipment with a built-in information processing device such as facsimile machines, scanners, multifunction machines, digital cameras, mobile phones other than printers.
The entire disclosure of Japanese Patent Application No. 2009-014074, filed Jan. 26, 2009 is expressly incorporated by reference herein.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2009-014074 | Jan 2009 | JP | national |
