1. Field of the Invention
The present invention relates to a communication device capable of communicating with a software update device via a network, a software update device capable of communicating with a target update device, a software update system including a communication device and a software update device, a software update system including a software update device and a target update device, a software update method, a program to be installed or executed by a computer for controlling a communication device capable of communicating with a software update device via a network, and a program to be installed or executed by a computer for controlling a software update device capable of communicating with a target update device via a network. As for the software to be updated, there are, for example, firmware and application programs.
2. Description of the Related Art
Conventionally, a communication device such as an image processing device having a communication function (e.g. a printer, a facsimile, a scanner, a digital complex apparatus) is subjected to updating of software, for example, firmware used for performing basic control of hardware. In an image forming apparatus management system shown in Japanese Laid-Open Patent Application No. 2002-288066, a service center obtains firmware version information from an image forming apparatus, and transmits firmware to the image forming apparatus via a communication control device when it is determined that the firmware of the image forming apparatus is old and requires updating, thereby performing updating of firmware.
In the image forming apparatus management system shown in Japanese Laid-Open Patent Application No. 2002-28066, communication between the service center and the communication control device is performed by using a public line (PSTN, Public Switched Telephone Network) or a leased line, and communication between the communication control device and the image forming apparatus is performed by using an RS-485 standard communication path.
However, in recent years where importance is placed on versatility and expandability, a management system, in which communication between a management device and a target management device is performed via a network such as the Internet or LAN (Local Area Network), has been proposed. Similar to the management system shown in Japanese Laid-Open Patent Application No. 2002-28066, the proposed management system may perform updating of firmware, for example, by transmittal of firmware from the management device to the target management device.
An exemplary process of updating firmware is shown in FIG. 26. Here, the management device is a firmware update device, and the target management device is a communication device and/or a target update device (target firmware update device).
In the process shown in FIG. 26, the firmware update device 91 and the target update device 92 communicate by using FTP (File Transfer Protocol), wherein an ID and a password for FTP are set to the firmware update device 91 beforehand, and are stored in the firmware update device 91 and the target update device 92.
In this process, the firmware update device 91 performs a version information obtainment process, for example, whenever a prescribed period has elapsed, or when a prescribed event occurs. In this process, first, the firmware update device 91 requests FTP connection by transmitting the ID and password to the target update device 92. The ID and the password are in compliance with the FTP standard. The target update device 92, having been requested for connection, is able to verify the firmware update device 91 from the ID and the password. The target update device 92 compares the ID and the password with those stored therein, and establishes a connection when there is a match of ID and password resulting to successful verification (Step S11). When there is no match, no connection is established, and the process, due to error, is terminated.
After connection is established, the firmware update device 91 requests transmittal of firmware version information to the target update device 92. In response to the request, the target update device 92 transmits the firmware version information (Step S12). Then, the firmware update device 91 disconnects the connection with the target update device 92 (Step S13). Thus, the version information obtainment process is completed.
Next, the firmware update device 91 determines whether update is required based on the obtained firmware version information. No update is required if the latest version of firmware is installed in the target update device 92. If it is determined that no update is required, no further process is performed until there is a triggering for performing the version information obtainment process again. On the other hand, if it is determined that update is required (Step S14), the following firmware transmittal process is executed.
In this process, the firmware update device 91, in a manner similar to Step S11, transmits the ID and the password to the target update device 92, and establishes an FTP connection (Step S15). Then, the firmware update device 92 transmits firmware for updating to the target update device 92 (Step S16). After receiving the firmware, the target update device 92 performs a firmware updating process (Step S17). After the updating is completed, the target update device 92 resets and reboots itself, to thereby validate the new firmware (Step S18). The FTP connection is disconnected by the resetting of the target update device 91. Thus, the firmware transmittal process is completed.
By performing the above-described processes, firmware of the target update device 92 can be updated when necessary. Furthermore, with use of the same password, the version information obtainment process and the firmware transmittal process may be performed again as shown in the bottom portion of FIG. 26 using the same reference numerals (step numerals).
Since the FTP communication is performed without encoding of data, the ID and the password are transferred through the network as plain text without being coded. Therefore, as shown in FIG. 27, the ID and the password can be extracted from transferred data packets by monitoring a communication path between the firmware update device 91 and the target update device 92 with use of a packet monitor 93. Abuse of this system may enable a third person to pretend (spoof) to be the firmware update device 91 and access the target update device 92, thereby fraudulently updating the firmware.
Therefore, repetitive use of the password transmitted by FTP, as shown in FIG. 26, raises a problem from the aspect of security.
This problem applies not only to firmware that is to be updated, but also to, for example, application programs.
It is to be noted that in a case where a communication path such as PSTN, leased line, RS-485shown in Japanese Laid-Open Patent Application No. 2002-28066 is used, communication is performed with use of individual communication protocol(s). Accordingly, communication cannot be monitored unless each device is analyzed (hardware-wise), and unless the protocols are obtained. Therefore, since monitoring of communication is difficult in the aforementioned case, the above-described Japanese Laid-Open Patent Application No. 2002-28066 does not mention the problem of security.
Nevertheless, in a case of establishing a software update system using Internet standard technology such as TCP/IP, solving the above-described problem of security is important.
As a protocol developed and used for solving the problem, there is, for example, SSL (Secure Socket Layer) which is a communication protocol serving to encode the content of communications. In communicating with this protocol, public key encryption and common key encryption are combined for enabling verification of the communication opponent, and encoding of information with the protocol prevents tampering and/or tapping.
By communicating with the SSL, the firmware update device 91 and the target update device 92 can safely exchange common keys and thus communicate safely. Nevertheless, a communication type including an encoding process, such as the above-described communication with the SSL protocol, requires a larger workload for verification and data transfer compared to that of FTP, which requires no encoding process.
This may have an effect, particularly, in a case of transmitting large-sized data files such as software. However, the problem with the amount of process workload is shared not only with FTP or SSL, but with other protocols as well.