Program, information processing device, information processing system, and information processing method

The program and device use short-range wireless communication to acquire and encrypt data with a printer's digital certificate, ensuring secure communication without user inconvenience.

JP2026109157APending Publication Date: 2026-07-01OKI ELECTRIC INDUSTRY CO LTD

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
OKI ELECTRIC INDUSTRY CO LTD
Filing Date
2024-12-19
Publication Date
2026-07-01

AI Technical Summary

Technical Problem

The inconvenience caused when a reliable digital certificate is not used in a printer, requiring users to confirm its security, which is troublesome.

Method used

A program and information processing device that utilize short-range wireless communication to acquire a digital certificate from a printer as a reference, store it, and encrypt data using the public key from a matching target digital certificate for secure communication over a network.

Benefits of technology

Ensures user convenience by enabling secure encrypted communication without the need for users to install certificates or perform additional security checks, using short-range wireless communication to verify and encrypt data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026109157000001_ABST
    Figure 2026109157000001_ABST
Patent Text Reader

Abstract

Even if a printer does not use a trusted digital certificate, user convenience will not be compromised. [Solution] The information processing device 130 includes a first communication unit 132 that performs short-range wireless communication, a second communication unit 133 that communicates via the network 101, and a print processing unit 139 that obtains a digital certificate from the printer 110 as a reference digital certificate via the first communication unit 132. The print processing unit 139 obtains a digital certificate from the printer 110 as a target digital certificate via the second communication unit 133, and when the target digital certificate matches the reference digital certificate, it encrypts the data using the public key contained in the target digital certificate and sends the encrypted data to the printer 110 via the network 101.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present disclosure relates to a program, an information processing apparatus, an information processing system, and an information processing method.

Background Art

[0002] Conventionally, a digital certificate that proves the security of a public key used for encrypting communication content has been used. For example, Patent Document 1 discloses a technique of using an electronic certificate as a digital certificate in a printer.

Prior Art Documents

Patent Documents

[0003]

Patent Document 1

Summary of the Invention

Problems to be Solved by the Invention

[0004] However, when a reliable digital certificate is not used in a printer, the user needs to confirm its security, which is troublesome.

[0005] Therefore, one or more aspects of the present disclosure aim to prevent the convenience of the user from being impaired even when a reliable digital certificate is not used in a printer.

Means for Solving the Problems

[0006] A program according to one aspect of the present disclosure causes a computer to function as a first communication unit for short-range wireless communication, a second communication unit for communication via a network, a data processing unit for acquiring a digital certificate from a printer as a reference digital certificate via the first communication unit, and a storage unit for storing the reference digital certificate, wherein the data processing unit acquires a digital certificate from the printer as a target digital certificate via the second communication unit, and when the target digital certificate matches the reference digital certificate, it encrypts the data using the public key contained in the target digital certificate and sends the encrypted data to the printer via the network.

[0007] An information processing device according to one aspect of the present disclosure comprises a first communication unit for short-range wireless communication, a second communication unit for communication via a network, a data processing unit for acquiring a digital certificate from a printer as a reference digital certificate via the first communication unit, and a storage unit for storing the reference digital certificate, wherein the data processing unit acquires a digital certificate from the printer as a target digital certificate via the second communication unit, and when the target digital certificate matches the reference digital certificate, it sends encrypted data, obtained by encrypting the data using the public key contained in the target digital certificate, to the printer via the network.

[0008] An information processing system according to one aspect of the present disclosure is an information processing system comprising a printer and an information processing device, wherein the information processing device comprises a first communication unit for performing short-range wireless communication, a second communication unit for communicating via a network, a data processing unit for acquiring a digital certificate from the printer as a reference digital certificate via the first communication unit, and a storage unit for storing the reference digital certificate, wherein the data processing unit acquires a digital certificate from the printer as a target digital certificate via the second communication unit, and when the target digital certificate matches the reference digital certificate, it sends encrypted data, obtained by encrypting the data using the public key contained in the target digital certificate, to the printer via the network.

[0009] An information processing method according to one aspect of this disclosure is characterized by obtaining a digital certificate from a printer as a reference digital certificate using short-range wireless communication, storing the reference digital certificate, obtaining a digital certificate from the printer as a target digital certificate using communication over a network, and when the target digital certificate matches the reference digital certificate, sending encrypted data, obtained by encrypting the data using the public key contained in the target digital certificate, to the printer over the network. [Effects of the Invention]

[0010] According to one or more aspects of this disclosure, user convenience can be ensured even when a trusted digital certificate is not used in the printer. [Brief explanation of the drawing]

[0011] [Figure 1] This is a block diagram that schematically shows the configuration of the printing system according to the embodiment. [Figure 2] This is a block diagram that shows the general configuration of a computer. [Figure 3] This is a flowchart showing the process of registering a printer with an information processing device. [Figure 4] This is the first flowchart illustrating the operation of sending print data from the print processing unit to a registered printer using encrypted communication. [Figure 5] This is the second flowchart illustrating the operation of sending print data from the print processing unit to a registered printer using encrypted communication. [Modes for carrying out the invention]

[0012] Embodiment. Figure 1 is a block diagram schematically showing the configuration of the printing system 100 as an information processing system according to the embodiment. The printing system 100 comprises a printer 110 and an information processing device 130.

[0013] The printer 110 comprises a communication unit 111, a storage unit 114, a printer body 115, and a control unit 116. The communication unit 111 communicates with other devices. In this case, the communication unit 111 communicates with the information processing device 130. The communication unit 111 comprises a first communication unit 112 and a second communication unit 113.

[0014] The first communication unit 112 performs short-range wireless communication. The second communication unit 113 communicates via a network 101 such as a LAN (Local Area Network). In this embodiment, the second communication unit 113 performs encrypted communication via the network 101 in accordance with TLS (Transport Layer Security).

[0015] The memory unit 114 stores the information and programs necessary for processing by the printer 110. In this embodiment, the storage unit 114 stores the private key used by the printer 110 and a digital certificate that proves the security of the public key paired with that private key. The digital certificate may be a digital certificate issued by a certification authority (CA), which is a trusted third-party institution, or a self-signed certificate issued by the printer 110.

[0016] The printer main body 115 is a mechanism for executing printing. The printing method may be any method such as an inkjet method, an electrophotographic method, a thermal method, and a thermal transfer method. In this embodiment, it is assumed that the printer main body 115 is an image forming main body that forms an image on a medium by an electrophotographic method. Therefore, the printer 110 is assumed to be an image forming apparatus.

[0017] The control unit 116 controls the processing in the printer 110. For example, when the control unit 116 receives an instruction to transmit a digital certificate from the information processing apparatus 130 via the first communication unit 112, it sends the digital certificate stored in the storage unit 114 to the information processing apparatus 130 via the first communication unit 112.

[0018] Also, the control unit 116 receives print data (image forming data) via the communication unit 111, and causes the printer main body 115 to execute printing (image formation) according to the print data. At this time, when the print data is encrypted data encrypted with the public key of the printer 110, the control unit 116 decrypts the encrypted data with the private key stored in the storage unit 114.

[0019] The information processing apparatus 130 includes a communication unit 131, a storage unit 134, an input unit 136, a display unit 137, and a control unit 138.

[0020] The communication unit 131 communicates with other devices. Here, the communication unit 131 communicates with the printer 110. The communication unit 131 includes a first communication unit 132 and a second communication unit 133.

[0021] The first communication unit 132 performs short-range wireless communication. The second communication unit 133 communicates via a network 101 such as a LAN. In this embodiment, the second communication unit 133 performs encrypted communication via the network 101 in accordance with TLS.

[0022] The memory unit 134 stores information and programs necessary for processing by the information processing device 130. The storage unit 134 includes a dedicated storage unit 135 for print processing.

[0023] The print processing-dedicated storage unit 135 is a storage area exclusively used by the print processing unit 139 of the control unit 138, which will be described later. In other words, the print processing-dedicated storage unit 135 is a storage area used by a program that functions as the print processing unit 139 when executed, and is not used by a program that performs a different function from the print processing unit 139 when executed. In this embodiment, the print processing dedicated storage unit 135 is configured as a sandbox. In other words, the reference digital certificate is stored in the sandbox of the print processing unit 139. Furthermore, the print processing-dedicated storage unit 135 is a dedicated storage area for the print processing unit 139, which acts as a data processing unit, and is therefore also called a data processing-dedicated storage unit.

[0024] The input unit 136 accepts instruction input. The display unit 137 displays various information.

[0025] The control unit 138 controls the processing in the information processing device. The control unit 138 comprises a print processing unit 139 and an authentication unit 140.

[0026] The print processing unit 139 is a data processing unit that sends data to other devices using encrypted communication. Here, the print processing unit 139 sends print data to the printer 110 via encrypted communication, instructing the printer 110 to perform printing.

[0027] For example, the print processing unit 139 registers the digital certificate of the recipient to whom data is sent via encrypted communication. Here, the print processing unit 139 obtains the digital certificate from the printer 110 via short-range wireless communication through the first communication unit 132. The print processing unit 139 then stores the obtained digital certificate in the print processing dedicated storage unit 135. Furthermore, the digital certificate obtained in this manner and stored in the print processing dedicated storage unit 135 is also called the reference digital certificate.

[0028] Furthermore, when the print processing unit 139 sends data to the destination using encrypted communication, it obtains a digital certificate from the destination via the second communication unit 133. The digital certificate obtained in this manner is also called the target digital certificate.

[0029] The print processing unit 139 then instructs the authentication unit 140 to authenticate the target digital certificate.

[0030] If the authentication of the target digital certificate is successful, the print processing unit 139 determines whether the target digital certificate is a trusted digital certificate. If the target digital certificate is a trusted digital certificate, the print processing unit 139 generates encrypted data by encrypting the data with the public key contained in the target digital certificate. Then, the print processing unit 139 sends the encrypted data to the printer 110 via the second communication unit 133.

[0031] On the other hand, if the target digital certificate is not a trusted digital certificate, the print processing unit 139 determines whether a reference digital certificate matching the target digital certificate is stored in the print processing dedicated storage unit 135. If a reference digital certificate matching the target digital certificate is stored, the print processing unit 139 generates encrypted data by encrypting the data with the public key contained in the target digital certificate. Then, the print processing unit 139 sends the encrypted data to the printer 110 via the second communication unit 133.

[0032] In other words, if the target digital certificate is a trusted digital certificate, the print processing unit 139 sends the encrypted data to the printer 110 via the network 101 without determining whether the target digital certificate matches the reference digital certificate. On the other hand, if the target digital certificate is not a trusted digital certificate, the print processing unit 139 sends the encrypted data to the printer 110 via the network 101 if the target digital certificate matches the reference digital certificate.

[0033] Here, the print processing unit 139 only needs to determine that the target digital certificate is a trusted digital certificate if it is a digital certificate issued by a certification authority, a digital certificate that has been previously determined to be trusted by the user, or a digital certificate that has been pre-installed on the information processing device 130. Digital certificates that have been previously determined to be trusted by the user or digital certificates that have been pre-installed on the information processing device 130 are stored in the storage unit 134 other than the dedicated print processing storage unit 135. Furthermore, a trustworthy digital certificate contains specific identification information, which allows us to determine its trustworthiness, for example, by confirming that it has been authenticated by a certification authority.

[0034] The authentication unit 140 performs authentication of the target digital certificate. For authentication, any publicly known authentication method is acceptable, such as verifying the authenticity of the attached digital signature and checking its expiration date.

[0035] The information processing device 130 described above can be implemented, for example, by the computer 10 shown in Figure 2. The computer 10 includes memory 11, a processor 12 such as a CPU (Central Processing Unit), a wireless communication interface 13 for short-range wireless communication, a network communication interface 14 for communication via the network 101, and a touch panel 15 that functions as an input interface and display.

[0036] For example, the storage unit 134 can be realized by the memory 11. The control unit 138 can be realized by the processor 12 executing a program stored in the memory 11. The first communication unit 132 can be implemented by the wireless communication interface 13. The second communication unit 133 can be implemented by the network communication interface 14. The input unit 136 and the display unit 137 can be implemented using the touch panel 15.

[0037] The program may be downloaded to memory 11 via wireless communication interface 13 or network communication interface 14, and then executed by processor 12. In other words, the program may be provided by a computer program product.

[0038] Figure 3 is a flowchart showing the operation when registering the printer 110 with the information processing device 130. Here, the information processing device 130 is assumed to be a smartphone, and the short-range wireless communication performed by the first communication unit 112 and the first communication unit 132 is assumed to be NFC (Near Field Communication).

[0039] First, the user starts processing in the print processing unit 139 (S10). Specifically, the user starts processing in the print processing unit 139 by launching the application program corresponding to the print processing unit 139, which is installed on the information processing device 130.

[0040] Next, the user instructs the print processing unit 139 via the input unit 136 to set the information processing device 130 to NFC registration mode (S11).

[0041] With the information processing device 130 set to NFC registration mode, NFC is performed when the user brings the first communication unit 132 of the information processing device 130 close to the first communication unit 112 of the printer 110 (S12).

[0042] Using the NFC performed in step S12, the print processing unit 139 obtains connection information and a digital certificate from the printer 110 (S13). The connection information is information for connecting to the printer 110 via the network 101, and in this case, it is assumed to be an IP address.

[0043] Next, the print processing unit 139 connects to the printer 110 from the network 101 via the second communication unit 133 according to the connection information obtained in step S13 (S14).

[0044] Then, after the print processing unit 139 successfully connects to the printer 110 via the second communication unit 133, it obtains device information, which is information necessary for registration, from the printer 110 via the second communication unit 133 (S15). The device information includes, for example, the printer's name, which is the identification information of the printer 110, and the printer 110's hardware configuration.

[0045] Then, the print processing unit 139 stores the connection information and digital certificate acquired in step S13, as well as the device information acquired in step S15, in the print processing dedicated storage unit 135 (S16). As a result, the digital certificate is registered in the information processing device 130. The digital certificate registered in this manner is also called the reference digital certificate.

[0046] In most cases, the information processing device 130 has a storage location in the memory unit 134 for digital certificates referenced by the operating system. However, the print processing-dedicated memory unit 135 is assumed to be a sandbox for the print processing unit 139. By storing digital certificates within the sandbox of the print processing unit 139, digital certificates referenced by other functional units, which are separate applications from the print processing unit 139, during communication are not affected.

[0047] After registration is complete, the print processing unit 139 notifies the user that registration is complete by displaying a message on the display unit 137 indicating that registration is complete (S17).

[0048] Figures 4 and 5 are flowcharts showing the operation in which the print processing unit 139 sends print data to the registered printer 110 using encrypted communication. First, the user starts processing in the print processing unit 139 (S20). However, if the user continues processing in the print processing unit 139 from step S17 in Figure 3, in other words, if the user starts the flowchart shown in Figures 4 and 5 after step S17 in Figure 3 without terminating the application program corresponding to the print processing unit 139, the processing in step S20 may be omitted.

[0049] Next, the user selects the file they want to print to the print processing unit 139 via the input unit 136 and the display unit 137 (S21).

[0050] Next, the user specifies the destination for the file to be sent to the print processing unit 139 via the input unit 136 and the display unit 137 (S23). Here, it is assumed that the printer 110 registered in the flowchart shown in Figure 3 is specified. If the processing in the print processing unit 139 continues from step S17 in Figure 3, the printer 110 whose connection information was registered in step S16 may be automatically specified as the destination. In this case, the processing in step S23 may be omitted.

[0051] Next, the user specifies print settings such as paper size, whether to use color, and whether to use double-sided printing to the print processing unit 139 via the input unit 136 and the display unit 137 (S23).

[0052] The user then issues a print command to the print processing unit 139 via the input unit 136 and the display unit 137 (S24).

[0053] Upon receiving a print command from the user, the print processing unit 139 generates print data based on the specified file and print settings (S25).

[0054] Next, the print processing unit 139 connects to the printer 110 via the second communication unit 133 according to the connection information stored in the print processing dedicated storage unit 135 (S26). The processing in this step is the same as the processing in step S14 in Figure 3.

[0055] After the connection is completed in step S26, the print processing unit 139 obtains a digital certificate from the printer 110 using HTTPS (Hypertext Transfer Protocol Secure) (S27). The digital certificate obtained in this way is also called the target digital certificate.

[0056] Next, the authentication unit 140 of the control unit 138 of the information processing device 130 performs authentication on the target digital certificate and notifies the print processing unit 139, which is the source of the communication request, of the authentication result (S28). Then, the process proceeds to step S29 in Figure 5.

[0057] In step S29 of Figure 5, the print processing unit 139 determines whether or not the authentication of the target digital certificate was successful. If the authentication of the target digital certificate is successful (Yes in S29), the process proceeds to step S30; if the authentication fails (No in S29), the process terminates.

[0058] In step S30, the print processing unit 139 determines whether the target digital certificate is a trusted digital certificate. If the target digital certificate is not a trusted digital certificate (No in S30), the process proceeds to step S31. If the target digital certificate is a trusted digital certificate (Yes in S30), the process proceeds to step S33.

[0059] In step S31, since the target digital certificate is not a trusted digital certificate, the print processing unit 139 compares the target digital certificate with the reference digital certificate.

[0060] The print processing unit 139 then determines whether the target digital certificate matches the reference digital certificate (S32). If the target digital certificate matches the reference digital certificate (Yes in S32), the process proceeds to step S33; if the target digital certificate does not match the reference digital certificate (No in S32), the process terminates.

[0061] In step S33, the print processing unit 139 generates encrypted data by encrypting the print data generated in step S25 of Figure 4 using a randomly generated common key.

[0062] Next, the print processing unit 139 generates an encrypted shared key (S34) by encrypting the shared key necessary for decryption with the public key extracted from the target digital certificate.

[0063] Then, the print processing unit 139 sends the encrypted data and the encryption common key to the printer 110 via the second communication unit 133 (S35).

[0064] The control unit 116 of the printer 110, upon receiving the encrypted data and the encryption key, decrypts the encryption key using the private key that is paired with the public key used for encryption. Then, the control unit 116 uses the decrypted key to decrypt the encrypted data. The control unit 116 causes the decoded print data to be printed by the printer body 115.

[0065] As described above, according to this embodiment, by using short-range wireless communication to ensure the reliability of the printer 110's self-signed certificate, secure encrypted communication using TLS can be provided without the user having to perform the following operations 1 to 3. Operation 1: The user installs a digital certificate on the information processing device 130. Operation 2: The user changes the digital certificate for printer 110. Operation 3: The user performs a check for potential risks during communication.

[0066] Specifically, in conventional technology, in step S30 of Figure 5, the user needs to install a self-signed certificate on the information processing device 130 so that the target digital certificate is not determined to be a trusted digital certificate. Furthermore, with conventional technology, if the target digital certificate is determined not to be a trusted digital certificate in step S30 of Figure 5, the user needs to confirm whether it is okay to continue the communication. According to this embodiment, encrypted communication can be performed without the user having to perform the above-mentioned processing by comparing a reference digital certificate obtained in advance using short-range wireless communication with the target digital certificate. Therefore, user convenience is not compromised.

[0067] Furthermore, as shown in step S16 of Figure 3, the reference digital certificate obtained via short-range wireless communication is stored in the print processing dedicated storage unit 135, which is a sandbox for the print processing unit 139. This allows users to be informed of the risks of using self-signed certificates when encrypted communication is performed by applications other than the print processing unit 139.

[0068] In the embodiments described above, NFC is used for short-range wireless communication between the first communication unit 112 and the first communication unit 132, but these embodiments are not limited to this example. If the physical distance between the printer 110 and the information processing device 130 is short, other wireless communication standards such as Bluetooth® may be used.

[0069] Furthermore, while the information processing device 130 is assumed to be a smartphone in the embodiments described above, these embodiments are not limited to such examples. The information processing device 130 may be a tablet PC (Personal Computer) or a notebook PC, etc.

[0070] Furthermore, in the embodiments described above, encrypted communication is performed in the steps S33 to S35 shown in Figure 5, but these embodiments are not limited to this example. For example, in the case of TLS communication, encrypted communication may be performed in a different processing procedure. Specifically, the order of processing may be changed, the processing may be divided, or additional processing may be performed.

[0071] Furthermore, although the embodiments described above show examples of sending print data to the printer 110, these embodiments are not limited to such examples. For example, it may be a device other than the printer 110, or it may be data other than print data. Other data may include firmware used by the printer 110.

[0072] In the embodiments described above, if the target digital certificate is not a trusted digital certificate (No in S30) in step S30 of Figure 5, the process proceeds to step S31. However, the embodiments are not limited to this example. For example, the process in step S30 may be omitted, and the process may proceed to step S31 if authentication is successful in step S29 (S29). This allows the print data to be encrypted using a shared key when the target digital certificate and the reference digital certificate match, regardless of whether the target digital certificate is a trusted digital certificate or not. [Explanation of Symbols]

[0073] 100 Printing system, 101 Network, 110 Printer, 111 Communication unit, 112 First communication unit, 113 Second communication unit, 114 Storage unit, 115 Printer body, 116 Control unit, 130 Information processing unit, 131 Communication unit, 132 First communication unit, 133 Second communication unit, 134 Storage unit, 135 Dedicated storage unit for print processing, 136 Input unit, 137 Display unit, 138 Control unit, 139 Print processing unit, 140 Authentication unit.

Claims

1. Computers, The first communications unit for short-range wireless communication, A second communication unit that communicates via the network. A data processing unit that obtains a digital certificate from a printer as a reference digital certificate via the first communication unit, and It functions as a storage unit for storing the aforementioned standard digital certificate, The aforementioned data processing unit The digital certificate is obtained from the printer as the target digital certificate via the second communication unit. When the target digital certificate matches the standard digital certificate, encrypted data, obtained by encrypting the data using the public key contained in the target digital certificate, is sent to the printer via the network. A program characterized by the following.

2. If the target digital certificate is a trusted digital certificate, the data processing unit sends the encrypted data to the printer via the network without determining whether the target digital certificate matches the reference digital certificate. The program according to claim 1, characterized by the following:

3. The storage unit stores the reference digital certificate in a sandbox of the application that functions as the data processing unit. The program according to claim 1, characterized by the following:

4. The data processing unit determines that the target digital certificate is a trustworthy digital certificate if the target digital certificate is a digital certificate issued by a certification authority, has been previously determined to be a trustworthy digital certificate by the user, or is a digital certificate that is pre-installed on the computer. The program according to claim 2, characterized by the following:

5. The aforementioned data processing unit Through the first communication unit, connection information for connecting to the printer via the network is obtained. In accordance with the connection information, connect to the printer via the second communication unit and obtain the target digital certificate. A program according to any one of claims 1 to 4, characterized by the following:

6. A first communication unit for short-range wireless communication, A second communication unit that communicates via a network, A data processing unit that obtains a digital certificate from a printer as a reference digital certificate via the first communication unit, The system comprises a storage unit for storing the aforementioned standard digital certificate, The aforementioned data processing unit The digital certificate is obtained from the printer as the target digital certificate via the second communication unit. When the target digital certificate matches the standard digital certificate, encrypted data, obtained by encrypting the data using the public key contained in the target digital certificate, is sent to the printer via the network. An information processing device characterized by the following.

7. An information processing system comprising a printer and an information processing device, The aforementioned information processing device is A first communication unit for short-range wireless communication, A second communication unit that communicates via a network, A data processing unit that obtains a digital certificate from the printer as a reference digital certificate via the first communication unit, The system comprises a storage unit for storing the aforementioned standard digital certificate, The aforementioned data processing unit The digital certificate is obtained from the printer as the target digital certificate via the second communication unit. When the target digital certificate matches the standard digital certificate, encrypted data, obtained by encrypting the data using the public key contained in the target digital certificate, is sent to the printer via the network. An information processing system characterized by the following.

8. Using short-range wireless communication, a digital certificate is obtained from a printer and used as the reference digital certificate. The aforementioned standard digital certificate is stored, Using communication over the network, the digital certificate is obtained from the printer as the target digital certificate. When the target digital certificate matches the standard digital certificate, encrypted data, obtained by encrypting the data using the public key contained in the target digital certificate, is sent to the printer via the network. An information processing method characterized by the following.