JP2019071524A - Program, print control device, printer - Google Patents

Abstract

To provide a print control device capable of securing security without impairing the convenience of a user regarding rewriting of an extended dictionary, and a program of the print control device.SOLUTION: A print control device that converts print data into raster image data includes an instruction recognition unit 24 that refers to and recognizes a content of an instruction included in the print data in the order of priority of a job-specific dictionary 26, an extended dictionary 27, and a standard dictionary 28 and an instruction execution unit 25 that executes the content of the instruction recognized by the instruction recognition unit 24, and when the content of a first instruction recognized by the instruction recognition unit 24 is a rewrite of the extended dictionary 27, the instruction execution unit 25 determines whether the name of the instruction to be rewritten matches the name of any of the instructions registered in the standard dictionary 28, and when the name of the instruction to be rewritten matches the name of any of the instructions registered in the standard dictionary 28, the instruction execution unit 25 rejects execution of the first instruction.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a program of a print control apparatus for developing print data into raster image data, a print control apparatus, and a printer including the same.

  PostScript (registered trademark), which is one of the Page Description Language (PDL), has a standard dictionary that defines the operation of a standard operator, and the interpreter that receives the PostScript job from the user is for the operator described in the job. The process is executed while referring to the standard dictionary. For example, in the case of FIG. 12, the contents of the operator "Stroke" are recognized as "draw a line" by referring to the standard dictionary. In the case of FIG. 12, an operation of printing out the page on which the line and the text are drawn is executed. Although PostScript distinguishes an executable object into an operator (defined from the beginning) and a procedure (created by a program), when these are not distinguished, they are called instructions. .

  In addition to PostScript, there is also a dictionary that allows the user to define the operation. One of them is a dictionary defined by a job. Instructions defined in the job are executed prior to instructions defined in the standard dictionary. It is specified that updating of the job dictionary definition can also be executed for the instructions (operators) defined in the standard dictionary, and each PostScript job can be executed by arbitrarily changing the contents of the standard operator. it can. For example, in the case of FIG. 13, the operator of "stroke" is defined as "draw a dotted line" in the extended dictionary of the job, and the extended dictionary of the job is prioritized over the standard dictionary. Is recognized as "drawing a dotted line". Therefore, in the case of FIG. 13, an operation of printing out a page on which the dotted line and the text are drawn is executed.

  The extended dictionary defined in the job is reset when the job is left, and upon execution of the next job, each dictionary returns to the state at the device startup (referred to as an initial VM (virtual memory)). In PostScript, an extended dictionary can be defined even in the initial VM. That is, in PostScript, these three dictionaries are referred to in the order of priority of the dictionary defined in the job (extended dictionary), the extended dictionary of the initial VM, and the standard dictionary of the initial VM.

  The contents of the extension dictionary of the initial VM can be instructed to update using a startjob instruction and an exit server instruction. The printer interpreter that has received the update instruction updates the definition of the extended dictionary via the def operator.

  Initial VM changes affect all received PostScript jobs, not just specific jobs. Therefore, there is a problem that a malicious attacker can intentionally change the contents of the standard operator defined in the standard dictionary by changing the extension dictionary of the initial VM.

  For example, when an attack as shown in FIG. 14 is received, “showPage” is defined as “do nothing” in the extension dictionary of the initial VM. In this state, even if a job including showPage is received as shown in FIG. 15, the page is not printed out contrary to the user's will. Specifically, although the user intended the job of printing out the page on which the dotted line and the text are drawn, the printing is not performed.

  Each instruction has a name, and an instruction (procedure) with the same name as a standard instruction (standard operator) is added to the expanded dictionary at startjob to search the name in order of the dictionary generated by the job, the extended dictionary, and the standard dictionary. If it is added, the processing corresponding to the instruction of that name is executed with the contents defined in the extension dictionary which is referred to earlier than the standard dictionary, and thus the operation is unexpected.

  As a technology for avoiding an unexpected operation, according to Patent Document 1 below, when different print settings are possible for each page, the print settings for the first page and the print settings for the current page before the start of print processing for each page And a printing apparatus that displays a warning on the display unit if the print settings are different. Further, Patent Document 2 below discloses a printing system in which printing conditions are given names and registered in a printer, and the printing conditions can be called out and executed using the names.

JP, 2015-79326, A JP, 2013-149085, A

  In recent years, security of printers and multifunction devices is regarded as important, and evaluation criteria related to security have been additionally introduced even in a certification organization, and certification conditions have become severe. Under these circumstances, it is considered as a security issue that the contents of the standard operator described above are modified by a malicious attacker.

  On the other hand, if the startjob / exitserver instruction to rewrite the initial VM's extended dictionary is uniformly disabled (not accepted by the interpreter), the security problem is avoided, but this instruction It would impair the convenience of the user to want to use

  The present invention is intended to solve the above problems, and includes a print control device program, a print control device, and a print control device that can ensure security without impairing the user's convenience regarding rewriting of the extended dictionary. The purpose is to provide a printer.

  The subject matter of the present invention for achieving such an object resides in the inventions of the following items.

[1] A program that is executed by an information processing apparatus and develops print data into raster image data,
An instruction recognition step of referring to contents of an instruction contained in print data and referring to them in the priority order of a dictionary for each job, an extended dictionary, and a standard dictionary;
An instruction execution step of executing the contents of the instruction recognized in the instruction recognition step;
Equipped with
In the instruction execution step, when the content of the first instruction recognized in the instruction recognition step is rewriting of the extended dictionary, any instruction whose name of the instruction to be rewritten is registered in the standard dictionary And switching whether or not to refuse execution of the first instruction according to whether or not it matches the name of the program.

  In the above invention and the invention described in the following [7], the first instruction for rewriting the extended dictionary is the same as the first instruction according to whether the name of the instruction to be rewritten is the same as the instruction registered in the standard dictionary. Switch whether or not to reject the command.

[2] In the instruction execution step, when the content of the first instruction is the rewriting of the extended dictionary and the name of the instruction to be rewritten matches the name of any instruction registered in the standard dictionary The program according to [1], which refuses the execution of the first instruction.

  In the above invention and the invention described in the following [8], when the first instruction to rewrite the extended dictionary has the same name as the instruction whose name to be rewritten is the same as the instruction registered in the standard dictionary, the first instruction is Reject

[3] an input step of receiving an input of the rejected command from the administrator on the operation panel of the printer;
The program according to [1] or [2], further comprising: a forced execution step of executing an instruction received in the input step.

  In the above invention and the invention described in the following [9], the administrator inputs an instruction from the operation panel of the printer for an instruction whose execution is rejected based on the determination based on whether or not it is the same as the name of the instruction registered in the standard dictionary. Execution is secured by doing.

[4] a holding step for holding an instruction rejected in the instruction execution step;
An approval receiving step of receiving from the administrator on the operation panel of the printer an execution approval of the held instruction;
A second forced execution step of executing an instruction that has received execution approval in the approval reception step;
The program according to any one of [1] to [3], further comprising:

  In the invention described above and the invention described in the following [10], the instruction refusing the execution based on the determination based on whether or not it is identical to the name of the instruction registered in the standard dictionary is temporarily stored, and the printer operation is performed later. Execute when the administrator accepts the execution on the panel.

[5] In the instruction execution step, the content of the first instruction is the rewriting of the extended dictionary, and the name of the instruction to be rewritten does not match the names of any of the instructions registered in the standard dictionary Even in this case, if the instruction to be rewritten is an instruction that has not been defined in the job in the past, the program according to [2], which refuses the execution of the first instruction.

  In the above invention and the invention described in the following [11], the first instruction is rewritten if the first instruction to rewrite the extended dictionary has the same name as the instruction whose name to be rewritten is the same as the instruction registered in the standard dictionary. In this case, even if the instruction has not been assigned the same name as the instruction registered in the standard dictionary, execution of the first instruction is rejected if the instruction to be rewritten has not been defined in the past.

[6] The method further includes a setting step for receiving a setting as to whether or not to make the instruction to rewrite the extended dictionary effective.
In the instruction execution step, when the setting step receives a setting for making the instruction to rewrite the extended dictionary effective, the rejection is not performed. [1] any one of [1] to [5] The program described in.

  In the above invention and the invention described in the following [12], when the setting unit receives a setting for making the instruction to rewrite the extended dictionary effective, the instruction to rewrite the extended dictionary is not rejected.

[7] A print control apparatus for expanding print data into raster image data, comprising:
An instruction recognition unit that refers to and recognizes the contents of an instruction included in print data in the order of priority of a dictionary for each job, an extended dictionary, and a standard dictionary;
An instruction execution unit that executes the contents of the instruction recognized by the instruction recognition unit;
Equipped with
If the content of the first command recognized by the command recognition unit is a rewrite of the extended dictionary, the command execution unit is any command whose name of the command to be rewritten is registered in the standard dictionary. The printing control apparatus switches whether to refuse the execution of the first instruction according to whether or not the name matches the name of the document.

[8] When the content of the first instruction is a rewrite of the extended dictionary and the name of the instruction to be rewritten matches the name of any of the instructions registered in the standard dictionary The printing control device according to [7], which refuses the execution of the first command.

[9] The printer further includes an input unit that receives an input of the rejected command from the administrator on the operation panel of the printer,
The print control apparatus according to [7] or [8], wherein the command execution unit executes the command received by the input unit.

[10] A holding unit for holding an instruction rejected for execution by the instruction execution unit;
An approval receiving unit that receives from the administrator on the operation panel of the printer an execution approval of the instruction held in the holding unit;
And have
The print control apparatus according to any one of [7] to [9], wherein the command execution unit executes the command whose execution has been approved by the approval reception unit.

[11] The instruction execution unit determines that the content of the first instruction is a rewrite of the extended dictionary, and the name of the instruction to be rewritten does not match the names of any instructions registered in the standard dictionary Even in the case where the instruction to be rewritten is an instruction that has not been defined in the job in the past, the execution of the first instruction is rejected. [8] apparatus.

[12] The information processing apparatus further includes a setting unit that receives a setting as to whether or not an instruction to rewrite the extended dictionary is valid,
The instruction execution unit does not perform the rejection when the setting unit receives a setting for making the instruction to rewrite the extended dictionary valid, any one of [7] to [11]. The printing control device according to.

[13] A printer comprising the print control device according to any one of [7] to [12].

  According to the program, the print control apparatus, and the printer including the program according to the present invention, security can be ensured without impairing the convenience of the user regarding rewriting of the extended dictionary.

FIG. 1 is a block diagram showing a schematic configuration of a multifunction peripheral provided with the function of a printer according to an embodiment of the present invention. FIG. 18 is an explanatory diagram showing an operation performed by the print control device when a startjob instruction defining an instruction named showpage (an instruction having the same name as a standard instruction) in the extended dictionary is received. FIG. 18 is an explanatory diagram showing an operation performed by the print control device when a startjob instruction to define an instruction named abcd (an instruction having a name different from a standard instruction) in the extended dictionary is received. It is a flowchart which shows the process which concerns on the countermeasure 1 which the control part of a printing control apparatus performs. FIG. 10 is an explanatory view showing an operation according to a countermeasure 2 performed by the control unit of the print control device. FIG. 14 is an explanatory view showing an operation according to a countermeasure 3 performed by the control unit of the print control device. FIG. 14 is an explanatory view showing an operation according to a countermeasure 4 performed by the control unit of the print control device. FIG. 16 is a flowchart showing an operation performed by the print control device when the countermeasure 1, the countermeasure 3, and the countermeasure 4 are adopted. FIG. 16 is an explanatory diagram showing an operation performed by the print control apparatus when a startjob instruction to define an instruction named showpage (an instruction having the same name as a standard instruction) in the extended dictionary is received in the first modification; FIG. 16 is an explanatory view showing an operation performed by the print control apparatus when a startjob instruction to define an instruction named abcd (an instruction having a name different from a standard instruction) in the extended dictionary is received in the first modification; It is a figure which shows an example of a setting screen. FIG. 17 is a diagram showing an operation when a standard operator's job is received in the conventional device. FIG. 17 is a diagram showing an operation in the case where a dictionary is defined by a job in a conventional apparatus. FIG. 17 is a diagram showing an example in which an attacker defines a procedure having the same name as a standard operator in the extended dictionary of the initial VM in the conventional device. FIG. 15 is a diagram showing an operation in the case where the same job as in FIG. 12 is received after the attack in FIG. 14 in the conventional device.

  Hereinafter, embodiments of the present invention will be described based on the drawings.

  FIG. 1 shows an example of a multifunction peripheral 8 provided with the function of a printer according to an embodiment of the present invention. The multifunction device 8 is connected to a network 2 such as a LAN (Local Area Network), and the network 2 is connected to a PC 5 or the like which is an information processing terminal for transmitting print data to the multifunction device 8.

  The multifunction device 8 has a copy function of optically reading an original and printing a duplicate image on a recording sheet, a scan function of temporarily storing image data of the read original, and transmitting it to an external terminal through a network, user information It has a print function and the like for printing based on print data received from the processing terminal. Hereinafter, the MFP 8 is also referred to as an MFP.

  The multifunction device 8 is configured by connecting a print control device 20 (so-called printer controller) to the main body unit 10. The PC 5 generates print data described in PDL such as PostScript and transmits the print data to the multi-function device 8, and the print control device 20 of the multi-function device 8 rasterizes each page of the received print data to generate raster image data Perform a function. The main unit 10 receives the raster image data generated by the print control device 20 and performs the function of printing based on the raster image data. In the present embodiment, print data is described in PostScript.

  The main body unit 10 of the multifunction peripheral 8 has a control unit 11 that controls the operation of the main body unit 10 in a centralized manner. The control unit 11 has a CPU (Central Processing Unit). A storage unit 12, a reading unit 13, a printer engine unit 14, an operation panel 15, a network communication unit 16, a memory control unit 17 and the like are connected to the control unit 11.

  The print control device 20 includes a control unit 21, a storage unit 22, an image storage unit 23, and the like. The image storage unit 23 temporarily stores rasterized image data.

  The storage unit 12 of the main body unit 10 is configured by a read only memory (ROM), a random access memory (RAM), a non-volatile memory, a hard disk drive, and the like. The storage unit 12 stores various programs, and the control unit 11 executes processing in accordance with these programs, whereby the function as the main unit 10 of the multifunction machine 8 is realized. The storage unit 12 is used as a work memory, a communication buffer, and a temporary storage unit for files and image data.

  The reading unit 13 has a function of optically reading an original and acquiring image data. For example, the reading unit 13 emits a light source that emits light to a document placed on a platen glass, a line image sensor that receives the reflected light and reads the document by one line in the width direction, and the light source emits a light A moving unit for sequentially moving the position and the reading position of the line unit by the line image sensor in the longitudinal direction of the document, and an optical path including a lens and a mirror for guiding reflected light from the document to the line image sensor; It is configured to include a conversion unit that converts an analog image signal output from the line image sensor into digital image data.

  The printer engine unit 14 has a function of forming an image according to image data on a recording sheet. Here, a recording paper conveyance device, a photosensitive drum, a charging device, a laser unit, a developing device, a transfer separation device, a cleaning device, and a fixing device are included, and image formation is performed by an electrophotographic process. It is configured as an engine unit of a so-called laser printer. Other methods may be used for image formation.

  The operation panel 15 is a user interface device including a display unit and an operation unit. The display unit is configured of a liquid crystal display (LCD) or the like, and has a function of displaying various operation screens, setting screens, and the like. The operation unit includes hard keys such as a ten key and a start button, and a touch panel provided on the physical screen of the display unit. The touch panel detects a coordinate position touched by a touch pen or a finger. The operation panel 15 functions as a job setting unit that receives setting of a job.

  The network communication unit 16 performs the function of communicating with the user or the administrator's PC 5 and other external devices through the network 2.

  The memory control unit 17 controls writing of image data to the storage unit 12 and reading of image data from the storage unit 12 in accordance with an instruction from the control unit 11. The memory control unit 17 also has a function of transferring image data (raster image data) between the main unit 10 and the print control apparatus 20. For example, the memory control unit 17 sequentially stores and stores image data sequentially output from the reading unit 13 during reading of a document in the storage unit 12. Further, the image data stored in the storage unit 12 is sequentially read at the timing of the printing operation by the printer engine unit 14 and output to the printer engine unit 14. Further, it has a function of transferring raster image data temporarily stored in the image storage unit 232 of the print control device 20 to the storage unit 12 of the main body unit 10.

  The control unit 21 of the print control device 20 is configured by a CPU, and the storage unit 22 is configured by a RAM, a ROM, a non-volatile memory, and the like. The control unit 21 operates in accordance with the program stored in the storage unit 22 to realize various functions as the print control device 20. The image storage unit 23 is a non-volatile storage device such as a hard disk drive, and is used to store print data and raster image data obtained by rasterizing the print data.

  The control unit 11 of the print control device 20 executes the program to perform the functions of the instruction recognition unit 24 and the instruction execution unit 25. Further, the storage unit 22 stores a job dictionary 26 which is a temporary dictionary defined in the job, an extended dictionary 27 common to all jobs, and a standard dictionary 28. Standard instructions (operators) set in advance are registered in the standard dictionary 27. In the extended dictionary 26, additional instructions (procedures) defined by the program are registered. The extended dictionary 27 and the standard dictionary 28 are stored in an area called an initial VM (virtual memory).

  The instruction recognition unit 24 recognizes the contents of the instruction included in the print data by referring to them in the order of priority of the dictionary for each job, the extended dictionary, and the standard dictionary. The instruction execution unit 25 executes the contents of the instruction recognized by the instruction recognition unit. The instruction execution unit 25 executes various instructions to generate raster image data in the image storage unit 23. When the command is print output, a print output instruction is sent from the print control device 20 to the control unit 11 of the main body unit 10, and the main body unit 10 that received the instruction executes the print processing.

  In PostScript, the expansion dictionary 27 of the initial VM can be rewritten to add an instruction by using the startjob / exitserver instruction. However, when these instructions are made freely available, security problems as described in the background art occur. Therefore, in the print control apparatus 20 according to the present embodiment, the following measures are taken regarding the startjob / exitserver instruction.

<Measure 1>
When defining (updating) an instruction (procedure) in the extended dictionary 27 of the initial VM with the def operator through the startjob / exitserver instruction, the name of the instruction to be defined is the same as the instruction (operator) registered in the standard dictionary 28 If it has the same name, control is performed so as not to add to the extended dictionary 27. That is, it refuses to execute the startjob / exitserver instruction. Thereby, it is possible to secure the operation of the content defined in the standard dictionary 28 at least for the instruction (operator) registered in the standard dictionary 28.

  For example, as shown in FIG. 2, when a startjob instruction to define an instruction named showpage in the extended dictionary is received from an attacker, the control unit 21 (instruction execution unit 25) of the print control apparatus 20 performs showpage Whether or not an instruction (operator) of the same name is registered in the standard dictionary 28 is checked. In this case, since the command named showpage is registered in the standard dictionary 28, the command execution unit 25 does not execute (rejects) the startjob command. That is, an instruction named showpage is not registered in the extended dictionary 27.

  On the other hand, as shown in FIG. 3, when a startjob instruction to define an instruction named abcd in the extended dictionary is received, the instruction named abcd is not registered in the standard dictionary 28, so the instruction execution unit 25 Executes this startjob instruction. That is, an instruction named abcd is additionally defined in the extended dictionary 27.

  FIG. 4 shows a flow of processing relating to <Correction 1> performed by the control unit 21 of the print control apparatus 20. When an update instruction of the extended dictionary 27 on the initial VM is received (step S101), the name of an instruction (procedure) to be updated by the update instruction is acquired (step S102), and the instruction to be updated is The names of all the instructions (operators) are compared (step S103). If an instruction (operator) having the same name as the name of the instruction to be updated (procedure) is registered in the standard dictionary 28 (step S104; Yes), the update instruction received in step S101 is discarded (step S105). End the process.

  If an instruction having the same name as the name of the instruction to be updated is not registered in the standard dictionary 28 (step S104; No), the update instruction received in step S101 is executed to rewrite the extended dictionary 27 (step S106), This process ends.

  In the first measure, the definition of the operator standard-implemented by PostScript can not be updated, but the procedure with other names does not restrict the use of the extended dictionary update operator such as startjob / exitserver. Security can be maintained without loss of quality.

However, in the countermeasure 1, the following problems remain.
(Problem 1) A procedure with the same name as a standard operator can not be defined in the extended dictionary on the initial VM.
(Problem 2) The procedure definition other than the standard operator can be freely rewritten by an attacker.
These issues are addressed as follows.

<Action 2>
When an administrator whose administrator authority is confirmed inputs from the operation panel 15 of the multifunction machine 8, it is possible to define a procedure having the same name as that of the standard operator in the extended dictionary on the initial VM.

  That is, as shown in FIG. 5, regarding the instruction received through the network, the instruction that defines the procedure having the same name as the standard operator in the extended dictionary on the initial VM is rejected. However, the user I / F is prepared so that the administrator whose administrator authority is confirmed can perform the setting of defining the procedure having the same name as the standard operator in the extended dictionary on the initial VM from the operation panel 15 of the print control apparatus 20 Do.

  FIG. 5 shows an example in which the extended dictionary 27 of the initial VM is set on the operation panel so that the instruction "stroke" is drawn not in solid line but in dotted line. In the extended dictionary setting screen 40, enter the procedure name with the same name as the operator registered in the standard dictionary in the procedure designation field, enter the processing content in the setting entry field, and then press the setting change button. The procedure called stroke is set and registered in the extended dictionary 27 of the initial VM.

<Action 3>
Even if the target of the startjob / extiserver instruction has the same name as a standard operator, the instruction is retained in the temporary storage area without immediately discarding it, and when the administrator performs the approval operation on the operation panel 15, the extension of the initial VM The target instruction (procedure) is defined in the dictionary 27.

  In the example of FIG. 6, the startjob instruction for showpage and the startjob instruction for stroke have the same names as the operator whose definition target instruction (procedure) is registered in the standard dictionary 28. The control unit 11 of the print control device 20 holds the command in the temporary storage area without immediately executing the command. Thereafter, the administrator who has been confirmed the administrator authority performs a predetermined operation, whereby the holding instruction acceptance screen 50 is displayed on the operation panel 15 of the multifunction machine 8. In the holding command acceptance screen 50, each command (targeted procedure) held in the temporary storage area is displayed together with a selection field of whether to approve the execution of the command. After the administrator inputs a check mark in the selection field of the instruction for accepting execution, when the setting change button is pressed, the instruction with the check mark (targeted procedure) is defined in the extended dictionary 27.

  Measures 2 and 3 both avoid the risk of access via the network and the risk of unspecified many operations by general users, by limiting the operation to the operation panel 15 or restricting the access only to the administrator doing. Measures 2 and 3 correspond to Problem 1.

<Action 4>
The countermeasure 4 corresponds to the above-mentioned problem 2, and permits only the original procedure that has been received as a job in the past as the update target, and registers the original procedure that has not been received as a job in the past in the extended dictionary Reject orders that

  In the countermeasure 1, the startjob / extiserver instruction which targets instructions other than the same name as the instruction existing in the standard dictionary 28 is unprotected. Therefore, as for the original procedure, the procedure name (procedure name defined in this job) is accumulated from the PostScript job received in the past, and control is performed so that only the one having the reception history is to be updated.

  If the procedure is defined in the received PostScript job (if there is an instruction for defining the procedure in the job dictionary), the print control device 20 of the multifunction machine 8 stores the procedure as history information. In the example of FIG. 7, a PostScript job 1 defining a procedure named abc and a PostScript job 2 defining a procedure named def are received in the past, and they are registered in history information.

  In this state, when the startjob instruction is received, the control unit 21 of the print control device 20 determines whether an instruction (procedure) having the same name as the instruction (procedure) targeted by the startjob instruction is registered in the history information. If there is a registration in the history information, the start job instruction is executed. If there is no registration in the history information, the start job instruction is not executed.

  In the example of FIG. 7, the startjob instruction for the instruction (procedure) named abc is executed because the instruction (procedure) named abc exists in the history information, and is executed as a result to the expanded dictionary 27 of the initial VM. The procedure named is defined. On the other hand, the startjob instruction for the instruction (procedure) named ghi is not executed because the instruction (procedure) ghi does not exist in the history information, and as a result, the extended dictionary 27 of the initial VM is named def Procedures are not defined.

  FIG. 8 is a flow chart showing processing performed by the control unit 21 of the print control apparatus 20 in the case where the measures 1, 3, and 4 are adopted. When an update instruction of the extended dictionary 27 on the initial VM is received (step S201), the name of the instruction (procedure) to be updated by the update instruction is acquired (step S202), and the instruction (procedure) to be updated is The names of all the instructions (operators) in the dictionary 28 are compared (step S203). If an instruction having the same name as the name of the instruction to be updated is registered in the standard dictionary 28 (step S204; Yes), the update instruction is temporarily held (step S206).

  If an instruction having the same name as the name of the instruction to be updated is not registered in the standard dictionary 28 (step S204; No), does the instruction (procedure) having the same name as the name of the instruction to be updated (procedure) exist in the history? It is confirmed whether or not it is (step S205). If an instruction (procedure) of the same name does not exist in the history (step S205; No), the update instruction is temporarily held (step S206).

  If there is an instruction (procedure) of the same name in the history (step S205; Yes), the update instruction received in step S201 is executed to rewrite the extended dictionary 27 (step S209), and this processing is ended.

  If the update instruction is temporarily held in step S206, then the system waits for the administrator to perform an acceptance operation from the operation panel. With regard to an update command not accepted from the administrator on the operation panel even after a predetermined time has elapsed (step S207; No), the update command is discarded (step S208), and the present process is terminated. With regard to the update command that has received an approval for execution from the administrator through the operation panel (step S207; Yes), the update command is executed to rewrite the extended dictionary 27 (step S209), and the present process is ended.

<Modification 1>
In the above-mentioned countermeasure 1, the registration of the instruction (procedure) having the same name as the instruction (operator) registered in the standard dictionary 28 is rejected, but in the modification 1, the standard dictionary 28 Allows the registration of the instruction (procedure) with the same name as the instruction (operator) registered in the extension dictionary 27 and extends the instruction (procedure) not having the same name as the instruction (operator) registered in the standard dictionary 28 Reject registration to Dictionary 27.

  For example, when a startjob instruction to define an instruction (procedure) named showpage in the extended dictionary is received from the user, the control unit 21 (instruction execution unit 25) of the print control apparatus 20 has the same name as showpage. It is confirmed whether or not the instruction (operator) is registered in the standard dictionary 28. Since Showpage is an instruction (operator) registered in the standard dictionary 28, as shown in FIG. 9, the instruction execution unit 25 executes this startjob instruction to define an instruction (procedure) named showpage in the extended dictionary 27. .

  On the other hand, as shown in FIG. 10, when a startjob instruction to define an instruction (procedure) named abcd in the extended dictionary is received, the instruction (operator) named abcd is not registered in the standard dictionary 28. Therefore, the instruction execution unit 25 does not execute this startjob instruction.

<Modification 2>
The setting of whether to make the instruction (startjob / extiserver) for rewriting the extended dictionary 27 effective is accepted from the setting unit (setting screen of the operation panel 15), and the instruction executing unit 25 makes the instruction for rewriting the extended dictionary 27 effective. If the setting is received by the setting unit, the instruction to rewrite the extended dictionary 27 is not rejected.

  For example, the setting screen 60 as shown in FIG. 11 is displayed on the operation panel 15, and the setting as to whether the command (startjob / extiserver) for rewriting the extended dictionary 27 is valid or invalid is accepted from the administrator or the like. When the setting of "valid" is received, the process of countermeasure 1 or the like is not performed, and when an instruction (startjob / extiserver) for rewriting the extended dictionary 27 is received, the processing is unconditionally executed. If an invalid setting has been received, execution of an instruction (startjob / extiserver) for rewriting the extended dictionary 27 is rejected. It should be noted that the item “decision” may be further provided on the setting screen 60, and any of the measures described above may be implemented when the determination is set.

  As described above, according to the present invention, security can be ensured without compromising the convenience of the user with regard to the rewriting of the extended dictionary by the startjob / extiserver instruction.

  The embodiment of the present invention has been described above with reference to the drawings, but the specific configuration is not limited to that shown in the embodiment, and changes and additions may be made without departing from the scope of the present invention. Also included in the present invention.

  In the embodiment, the case where the target PDL is PostScript is described as an example, but the object of the present invention is not limited to PostScript, and includes dictionaries such as the extended dictionary 27 of the initial VM and the standard dictionary 28. Other types of PDL may be used as long as the PDL includes an instruction to update the extended dictionary 27.

  In the embodiment, the multifunction machine 8 is described as an example, but the invention is not limited thereto, and any device having a printer function may be used, and a printing device having only a printer function may be used.

  The present invention may be a program executed by the print control device 20 or may be a print control device 20. Alternatively, the printer may be a multifunction device 8 including the print control device 20.

2 ... Network 5 ... PC
DESCRIPTION OF SYMBOLS 8 ... Multi-function machine 10 ... Body part 11 ... Control part 12 ... Storage part 13 ... Reading part 14 ... Printer engine part 15 ... Operation panel 16 ... Network communication part 17 ... Memory control part 20 ... Print control device (printer controller)
21: Control unit 22: Storage unit 23: Image storage unit 24: Instruction recognition unit 25: Instruction execution unit 26: Job dictionary 27: Extended dictionary 28: Standard dictionary 40: Extended dictionary setting screen 50: Holding instruction acceptance screen 60: Setting screen

Claims (13)

A program for developing print data into raster image data, which is executed by an information processing apparatus, comprising:
An instruction recognition step of referring to contents of an instruction contained in print data and referring to them in the priority order of a dictionary for each job, an extended dictionary, and a standard dictionary;
An instruction execution step of executing the contents of the instruction recognized in the instruction recognition step;
Equipped with
In the instruction execution step, when the content of the first instruction recognized in the instruction recognition step is rewriting of the extended dictionary, any instruction whose name of the instruction to be rewritten is registered in the standard dictionary And switching whether or not to refuse execution of the first instruction according to whether or not it matches the name of the program. In the instruction execution step, when the content of the first instruction is the rewriting of the extended dictionary and the name of the instruction to be rewritten matches the name of any instruction registered in the standard dictionary, The program according to claim 1, wherein execution of the first instruction is rejected. An input step of receiving an input of the rejected instruction from the administrator on the printer operation panel;
The program according to claim 1, further comprising: a forced execution step of executing the instruction received in the input step. A holding step for holding an instruction rejected in the instruction execution step;
An approval receiving step of receiving from the administrator on the operation panel of the printer an execution approval of the held instruction;
A second forced execution step of executing an instruction that has received execution approval in the approval reception step;
The program according to any one of claims 1 to 3, further comprising: In the instruction execution step, the content of the first instruction is the rewriting of the extended dictionary, and the name of the instruction to be rewritten does not match the names of any of the instructions registered in the standard dictionary. 3. The program according to claim 2, wherein even if the instruction to be rewritten is an instruction that has not been defined in the job in the past, execution of the first instruction is refused. The method further includes a setting step for receiving a setting as to whether or not to make the instruction to rewrite the extended dictionary effective.
The method according to any one of claims 1 to 5, wherein, in the instruction execution step, when the setting step receives a setting for making the instruction to rewrite the extended dictionary effective, the rejection is not performed. Programs. A print control apparatus for expanding print data into raster image data, comprising:
An instruction recognition unit that refers to and recognizes the contents of an instruction included in print data in the order of priority of a dictionary for each job, an extended dictionary, and a standard dictionary;
An instruction execution unit that executes the contents of the instruction recognized by the instruction recognition unit;
Equipped with
If the content of the first command recognized by the command recognition unit is a rewrite of the extended dictionary, the command execution unit is any command whose name of the command to be rewritten is registered in the standard dictionary. The printing control apparatus switches whether to refuse the execution of the first instruction according to whether or not the name matches the name of the document. If the content of the first instruction is a rewrite of the extended dictionary and the name of the instruction to be rewritten matches the name of any instruction registered in the standard dictionary, the instruction execution unit may The print control apparatus according to claim 7, wherein execution of the first instruction is rejected. The printer further includes an input unit that receives an input of the rejected command from the administrator on the operation panel of the printer,
The print control apparatus according to claim 7, wherein the command execution unit executes the command received by the input unit. A holding unit for holding an instruction rejected for execution by the instruction execution unit;
An approval receiving unit that receives from the administrator on the operation panel of the printer an execution approval of the instruction held in the holding unit;
And have
The print control apparatus according to any one of claims 7 to 9, wherein the instruction execution unit executes an instruction that has been approved for execution by the approval reception unit. In the instruction execution unit, the content of the first instruction is the rewriting of the extended dictionary, and the name of the instruction to be rewritten does not match the names of any of the instructions registered in the standard dictionary. 9. The print control apparatus according to claim 8, wherein, if the instruction to be rewritten is an instruction that has not been defined in the job in the past, execution of the first instruction is rejected. The apparatus further includes a setting unit that receives a setting as to whether or not an instruction to rewrite the extended dictionary is enabled.
12. The instruction execution unit according to any one of claims 7 to 11, wherein the rejection is not performed when the setting unit receives a setting for making an instruction to rewrite the extended dictionary valid. Print control device.   A printer comprising the print control device according to any one of claims 7 to 12.