JP2007219982A - Network printing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve the problem of plaintext data exposure, and the problem of system performance and cost due to the necessity of public key cryptography of slow processing speed. <P>SOLUTION: A network printing system connects a plurality of user terminal devices and an image forming apparatus having at least a network printer function to the same network. The network is provided with a print server device for delivering print job data. The user terminal devices encrypt created print job data by a common key cryptography algorithm before storing it in the print server device. The print server device sends the stored encrypted print job data to the image forming apparatus at a predetermined timing. The image forming apparatus decrypts the encrypted print job data received from the print server device with key data held in advance in address book information, and records and outputs printed matter of the resultant print data. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a network printing system in which a plurality of user terminal devices and an image forming apparatus having at least a network printer function are connected to the same network.

  2. Description of the Related Art Conventionally, a network printer apparatus or a multi-function copying apparatus (MFP: Multi Function Peripheral) having a network printer function is connected to a plurality of user PCs (personal computer apparatuses; the same applies hereinafter) via a network. Often used. Since the printer is shared by a plurality of users, there is a high possibility that the printed matter that has been printed out will be in contact with the eyes of the person other than the person who issued the print instruction.

  For example, as in Japanese Patent Application Laid-Open No. H11-228688, a user PC side that transmits print data adds password information (transfer password information) to the print data, and password information (separately input via a data input device provided on the printer side) ( There is a method in which the input password information) is compared by a password number collation unit inside the printer, and the printing process is executed only when they match.

  In this method, password information is entered when the user issues a print instruction from the PC, or the password information generated by the PC is displayed on the monitor. The print data to which the password information is added is transferred to the printer via the network, but is not printed after the transfer is completed, and is stored in a memory device or a magnetic disk device installed in the printer. The user who has instructed printing moves to the place where the printer is placed, inputs the password information from the data input device, and printing is performed only after the match with the transferred password information is confirmed. Since the printed matter is not printed out unless the personal identification information is leaked, the secret document can be prevented from being touched by others.

  This function is often called confidential printing or confidential printing. However, in this method, there is a threat that the printed material is intercepted and confidential information is leaked if the keyboard input or the monitor screen output at the time of printing is viewed or obtained by leakage electromagnetic wave analysis. There is also a threat that the password information is illegally acquired via the network because the transferred password information flows on the network.

  Further, this Patent Document 1 does not mention encryption processing of communication data flowing on the network and data temporarily stored in a memory device or magnetic disk device in the printer, and not only the transfer password information but also the print data itself. Is an extremely dangerous threat that is illegally obtained from a memory device or magnetic disk device in a network or in a printer.

  The above problem can be dealt with by encrypting communication data on the network.

  Patent Document 2 is also an invention related to confidential printing, and is an invention in which print data is encrypted on the printer side and the encrypted print data is stored without being printed out until the authentication process of the print instruction user is completed.

  Separately, it is described in the specification that print data on the network is encrypted by a secure communication protocol such as SSL (Secure Sockets Layer) or TLS (Transport Layer Security), and the memory device on the network and in the printer. The print data stored in the magnetic disk device is protected against the threat of information leakage by encryption.

Patent Document 3 is an invention that uses technology used for e-mail encryption for confidential printing, and generates a disposable key (session key) for each print data and transfers the session key to the printer together with the print data. Adopted.
JP-A-9-218757 JP 2001-188664 A JP 2001-306273 A

  The function of Patent Document 1 is often called confidential printing or confidential printing. However, in this method, there is a threat that the printed material is intercepted and confidential information is leaked if the keyboard input or the monitor screen output at the time of printing is viewed or obtained by leakage electromagnetic wave analysis. There is also a threat that the password information is illegally acquired via the network because the transferred password information flows on the network.

  Further, this Patent Document 1 does not mention encryption processing of communication data flowing on the network and data temporarily stored in a memory device or magnetic disk device in the printer, and not only the transfer password information but also the print data itself. Is an extremely dangerous threat that is illegally obtained from a memory device or magnetic disk device in a network or in a printer.

  The above problem can be dealt with by encrypting communication data on the network.

  Further, the method of Patent Document 2 has the following problems.

  One is the encryption of data on the network and the encryption of the data stored in the memory device or magnetic disk device. When the decryption is performed before the data is stored in the memory device or magnetic disk device, the plaintext is written. The state is to appear. There is a threat that this plaintext state is illegally acquired by some method.

  Further, in order to perform encryption of network communication data, it is necessary to implement a secure communication protocol such as SSL or TLS, which increases costs on the system development side and system introduction side.

  SSL is a standard protocol used for encrypted communication between a Web server and a client PC, and is said to be highly secure if properly implemented. It is used in a wide range other than Web communication. Yes.

  SSL is a hybrid encryption protocol that uses a common key encryption algorithm for data encryption, and uses a public key encryption algorithm to share key data of a common key between two parties performing communication. In order to guarantee safety, it is necessary to send a server certificate including the public key from the server side to the client, and the key used for data encryption must be changed for each communication unit called a session. It is a complex protocol, and high technology is required for SSL implementation.

  In addition, since it is necessary to execute public key cryptography that is slow in processing for each session, it can be said that the performance on both the server side and the client side is extremely reduced compared to the case where SSL is not used, and it is easy for the user to use. Absent.

  In addition, the SSL protocol is a protocol developed with the intention of safely performing data communication over the Internet. It is assumed that the server and the client are physically located at a long distance and the communication partner cannot be directly confirmed. It has become.

  However, print processing using a network printer or an MFP having a network printer function is mostly performed in a physically closed space connected by a LAN, and in this case, the identity of the other party performing data communication is known to each other. Will be. Therefore, using the SSL protocol for print processing is considered to be an overspec.

  In addition, since the method of Patent Document 3 does not require PKI (public key infrastructure), it is possible to reduce development costs / introduction costs compared to SSL or TLS, but authentication and encryption using public key cryptography are possible. Communication processing is necessary. Since the processing speed of public key cryptography is extremely slow compared to the common key cryptosystem, even in the case of Patent Document 3, problems such as performance degradation of the printing system via the network cannot be avoided.

  The present invention has been made in view of such circumstances, and the problem of plaintext data exposure due to encryption of the network communication path and the storage data of the magnetic disk device by separate processing, and the need for public key cryptography with a slow processing speed are required. It is an object of the present invention to provide a network printing system that can solve the problems of system performance and cost.

  The present invention provides a network printing system in which a plurality of user terminal devices and an image forming apparatus having at least a network printer function are connected to the same network. The network includes a print server device that distributes print job data. The user terminal device encrypts the created print job data using a common key encryption algorithm and then stores the encrypted print job data in the print server device. The print server device stores the stored encrypted print job data in a predetermined format. Transmitted to the image forming apparatus at a timing, the image forming apparatus decrypts the encrypted print job data received from the print server apparatus by applying key data held in advance in the address book information, The printed matter of the print data obtained thereby is recorded and output. One in which the.

  Further, only when the password information is added to the print job data and the password information input by the user operating the image forming apparatus matches the password information added to the print job data designated for printing. The printing operation of the print job data is performed.

  The key data can be set and changed by each user, and each user can set and operate the key data from the user terminal device.

  Further, the image forming apparatus encrypts the address book information by applying a common key encryption algorithm.

  The key data used for the common key encryption algorithm applied when encrypting the address book information can be set and changed only by a predetermined administrator.

  The common key encryption algorithm applied when encrypting the image data and the common key encryption algorithm applied when encrypting the address book information are the same. .

  Therefore, according to the present invention, since the print data is encrypted with the common key algorithm, there is an effect that the communication data is not leaked due to network eavesdropping.

  Further, since the same key data can be set on the image forming apparatus side and the user PC side and is not transmitted / received on the network, the print data can be more highly protected. In addition, since the key data is encrypted and stored, it is possible to prevent the situation where the ciphertext is decrypted when the key data is acquired from the image forming apparatus.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 shows a configuration example of a network system according to an embodiment of the present invention.

  In the figure, a plurality of user terminal devices TM1 to TMn and a print server device MS are connected to the local area network LAN.

  Also, the digital multifunction peripheral MFP is connected to the print server apparatus MS so that the device functions of the digital multifunction peripheral MFP can be used for the user terminal apparatuses TM1 to TMn connected via the local area network LAN. ing.

  FIG. 2 shows a configuration example of the digital MFP MFP. This digital multi-function peripheral MFP has a scanner function, a printer function, a copying function, and the like.

  In the figure, a system control unit 1 performs various control processes such as a control process for each part of the digital multi-function peripheral MFP, a scanner function control process, and a printer function control process. The control processing program executed by the unit 1 and various data necessary for executing the processing program are stored, and the work area of the system control unit 1 is configured. The parameter memory 3 is a digital composite This is for storing various types of information unique to the MFP, and the clock circuit 4 outputs current time information.

  The color scanner 5 is for reading a document image in full color at a predetermined resolution. The color plotter 6 is for recording and outputting an image in full color at a predetermined resolution. The operation display unit 7 This is for operating the digital multi-function peripheral MFP, and includes various operation keys and various displays.

  The image processing unit 8 is for applying predetermined image processing (for example, scaling processing, color space conversion processing, gamma conversion processing, etc.) to image data obtained by reading with the color scanner 5, The magnetic disk device 9 is for storing image data, various setting data, or various file data such as application program files.

  The host interface circuit 11 is for connecting the digital multi-function peripheral MFP to the print server apparatus MS and exchanging various data with the print server apparatus MS.

  The encryption / decryption processing unit 12 is for encrypting plaintext data and converting it into encrypted data by a predetermined common key encryption algorithm, and for inversely converting the encrypted data into plaintext data.

  The system control unit 1, the system memory 2, the parameter memory 3, the clock circuit 4, the color scanner 5, the color plotter 6, the operation display unit 7, the image processing unit 8, the magnetic disk device 9, the host interface circuit 11, and The encryption / decryption processing unit 12 is connected to the internal bus 13, and data exchange between these elements is mainly performed via the internal bus 13.

  FIG. 3 shows an example of the configuration of the user terminal device TM (TM1 to TMn).

  In the figure, a CPU (Central Processing Unit) 21 controls the operation of the user terminal device TM, and a ROM (Read Only Memory) 22 is a program executed when the CPU 21 starts up, necessary data, etc. RAM (Random Access Memory) 23 is used to configure a work area of the CPU 21 and the like.

  The character generator 24 is for generating graphic character display data, the clock circuit 25 is for outputting current date and time information, and the local area network interface circuit 26 is a user terminal device TM. The local area network transmission control unit 27 is for connecting to a local area network LAN, and the local area network transmission control unit 27 exchanges various data with other data terminal devices via the local area network LAN. This is for executing the suite communication control process.

  The magnetic disk device 28 is for storing various data such as various application programs, work data, file data, image information data, and the CD-ROM device 29 is a CD-ROM 30 which is an exchangeable storage medium. It is for reading the data stored in

  The CRT screen display device 31 is for displaying a screen for operating the user terminal device TM, and the display control unit 32 is for controlling the display contents of the CRT screen display device 31.

  The keyboard device 33 is for performing various key operations on the user terminal device TM, and the screen instruction device 34 is for performing operation operations such as instructing an arbitrary point on the CRT screen display device 31. The input control unit 35 is for capturing input information of the keyboard device 33 and the screen instruction device 34.

  These CPU 21, ROM 22, RAM 23, character generator 24, clock circuit 25, local area network transmission control unit 27, magnetic disk device 28, CD-ROM device 29, display control unit 32, and input control unit 35 are connected to a bus 36. The data exchange between these elements is mainly performed through the bus 36.

  In the present embodiment, in the user terminal device TM (TM1 to TMn), when print data created using a predetermined application is printed by the digital multi-function peripheral MFP, the print job data is transmitted to the printer via the local area network LAN. The data is transmitted to the server apparatus MS and a print request is made to the printer server apparatus MS. The printer server apparatus MS transmits the stored print job data to the digital multi-function peripheral MFP when a predetermined amount of print job data is stored, for example, when a predetermined amount of print job data is stored or when a predetermined print time is reached. To do.

  Then, the digital multi-function peripheral MFP accumulates the received print job data, and records and outputs the printed matter of the print job designated for printing by the user operation.

  At this time, first, the user terminal device TM encrypts the print job data, adds the password information specified when instructing printing, and transmits it to the print server device MS. For this purpose, the user terminal device TM includes software capable of executing a common key encryption algorithm (encryption algorithm P) for encrypting print data. The means for setting the key of the encryption algorithm P is implemented in a driver installed in the user terminal device TM in order to use the printer function and scan function of the digital multi-function peripheral MFP, and the user can use the GUI screen of the driver. It can be input.

  The digital multi-function peripheral MFP decrypts the print data transmitted from the user terminal device TM by using the function of the encryption / decryption processing unit 12.

  The digital multi-function peripheral MFP has a user address book including information (user name, user ID, mail address, etc.) corresponding to a plurality of users on a one-to-one basis and encryption key information used for a common key encryption algorithm. (See FIGS. 4A and 4B).

  This user address book is stored in an encrypted state by a common key encryption algorithm (encryption algorithm Q).

  Also, the digital MFP MFP has one administrator who can perform administrative operations such as device settings / interface settings / address book creation, and a plurality of functions that use various functions (copy / print / scan / fax) of the digital MFP. The range that can be operated or set by the authentication mechanism and the access control mechanism is strictly limited.

  The encryption key information included in the user address book can be input from the operation panel of the digital multi-function peripheral MFP by a user or administrator having specific authority, but the authentication function implemented in the digital multi-function peripheral MFP allows It is protected from unauthorized access.

  The key data of the encryption algorithm Q used for encryption of the user address book can be input by the administrator from the operation panel of the digital multi-function peripheral MFP. It is stored in an inaccessible area. Further, a print job instructed to be confidentially printed cannot be accessed from the operation panel by a user other than the user instructed to print by the user authentication mechanism.

  The operation from the generation of print data generated by the user terminal device TM in the above-described configuration until printing is performed by the digital multifunction peripheral via the print server will be described next.

  First, as shown in FIG. 5, the user creates appropriate print data using the user terminal device TM (process 101), and executes a print instruction on the printer driver GUI screen (process 102). Also, the password information used for the confidential printing is input at this time. For security reasons, the password information uses numbers of 4 to 8 digits or alphanumeric characters.

  Next, print job data in which predetermined header information is added to the print data is created (process 103). Further, the password information input in the process 102 is included in the header information.

  Next, the print job data is encrypted by a common key encryption algorithm (encryption algorithm P) and transmitted to the print server apparatus MS via the local area network LAN (process 104).

  In this way, the encrypted print job data is temporarily stored in the print server apparatus MS. In the print server apparatus MS, data decryption processing is not performed. The print job data including other user terminal devices TM are transferred to the digital multi-function peripheral MFP in the order received.

  An example of processing of this print server apparatus MS is shown in FIG.

  Wait until a print request is received from any of the user terminal devices TM or until a print job data transfer condition is satisfied (NO loop of determinations 201 and 202), the print request is received, and the result of determination 201 is YES Then, the encrypted print job data is received and stored (process 203). When the transfer condition is satisfied, the stored print job data is transmitted to the digital multi-function peripheral MFP (process 204).

  The print job data transferred to the digital multi-function peripheral MFP is temporarily stored in the magnetic disk device 9 built in the digital multi-function peripheral MFP.

  An example of print processing of print job data stored in the digital multi-function peripheral MFP is shown in FIG.

  First, the user who has instructed printing operates the operation display unit 7 of the MFP, and inputs user authentication information (processing 301). As a result, the confidential print job list instructed by the user to be printed is displayed on the operation display unit 7 (process 302).

  Next, the user selects a confidential print job to be printed (process 303), and inputs password information (process 304). Here, the input password information is compared with the password information added to the header information of the print job data of the selected print job, and it is determined whether or not they match (determination 305). When the result of determination 305 is NO, a predetermined error is displayed (process 306), and the printing operation at this time is terminated.

  When the result of determination 305 is YES, the encrypted address book information is decrypted (process 307), and encryption key information corresponding to the user is acquired based on the authentication information (process 308).

  Then, using the obtained encryption key information, the encrypted print job data is decrypted by the encryption / decryption processing unit 12, and the printed matter corresponding to the print data of the plain text data obtained thereby is converted into a color Recording is output from the plotter 6 (process 309).

  In this way, the address book information is encrypted again after printing is completed. Also, the encryption key information key data used for the decryption in the process 309 is erased from the memory (process 310).

  As described above, according to the present invention, since the print data information transmitted from the user terminal device TM is transferred in an encrypted state, information leakage due to network eavesdropping can be prevented. Also, since the encryption algorithm uses a common key encryption algorithm with a high processing speed, performance degradation due to encryption processing is very small.

  The key data (encryption key information) used for encrypting the print data is set from the operation panel in the digital multi-function peripheral, and the user himself / herself is the same from the GUI screen of the driver installed for the digital multi-function peripheral in the user terminal TM. Since the configuration is such that a public key encryption algorithm necessary for key exchange is not required, the implementation cost can be reduced.

  Further, since the key data does not flow on the network and the address book including the key data is encrypted and stored in the digital multifunction peripheral, it is possible to prevent the key data itself from being illegally acquired.

  Further, since the address book information including the key data is protected by the authentication mechanism and the access control mechanism installed in the digital multi-function peripheral, it is possible to prevent the key data and the delivery destination from being illegally changed.

  In addition, since a print job instructed to perform confidential printing is protected by user authentication and personal identification information, only a user who has instructed printing can output print data.

  Further, the implementation can be simplified by unifying the common key encryption algorithm used for the scan distribution data and the encryption algorithm used for the address book of the digital copying machine.

  In the above-described embodiment, printing is performed via a print server connected to the network. However, if the printer or the digital multi-function peripheral has a large-capacity hard disk device, printing can be performed without providing a print server. Processing may be performed.

  Further, it is preferable in terms of implementation and operation that the common key encryption algorithm used for encrypting print data and the common key encryption algorithm used for encrypting the address book of the digital multi-function peripheral use the same encryption algorithm.

  In addition, digital MFPs are often equipped with a hard disk for rotating or consolidating copied or scanned documents, or temporarily storing print data, and this hard disk may be used as a document storage server. .

  In this case, a digital multifunction machine on which encryption of hard disk data is implemented is also sold for the purpose of preventing leakage due to unauthorized access to information in the hard disk. By making this encryption algorithm and the above encryption algorithm the same, the implementation can be further simplified. As the common key encryption algorithm to be used, for example, it is possible to use those listed in the recommended encryption list of CRYPTREC such as AES and Triple-DES.

1 is a block diagram showing a configuration example of a network system according to an embodiment of the present invention. FIG. 3 is a block diagram illustrating a configuration example of a network multifunction peripheral MX. The block diagram which showed the structural example of user terminal device TM (TM1-TMn). Schematic which showed an example of address book information and address information. The flowchart for demonstrating an example of operation | movement of the user terminal device TM. The flowchart which showed an example of the process of print server apparatus MS. 5 is a flowchart showing an example of print processing of print job data stored in the digital multi-function peripheral MFP.

Explanation of symbols

MFP Digital MFP MS Print server device TM, TM1 to TMn User terminal device

Claims (6)

In a network printing system in which a plurality of user terminal devices and at least an image forming apparatus having a network printer function are connected to the same network,
The network is provided with a print server device that distributes print job data,
The user terminal device stores the created print job data in the print server device after encrypting it using a common key encryption algorithm,
The print server device transmits the stored encrypted print job data to the image forming device at a predetermined timing;
The image forming apparatus decrypts the encrypted print job data received from the print server apparatus by applying key data stored in the address book information in advance, and records the print data obtained thereby A network printing system characterized by output. Password information is added to the print job data,
The print job data is printed only when the password information input by the user operating the image forming apparatus matches the password information added to the print job data designated for printing. The network printing system according to claim 1.   3. The network according to claim 1, wherein each user can set and change the key data, and each user can set and operate the key data from the user terminal device. Printing system.   The network printing system according to claim 1, wherein the image forming apparatus encrypts the address book information by applying a common key encryption algorithm.   6. The network printing system according to claim 5, wherein key data used in a common key encryption algorithm applied when encrypting the address book information can be set and changed only by a predetermined administrator.   6. The common key encryption algorithm applied when encrypting the image data and the common key encryption algorithm applied when encrypting the address book information are the same. The network printing system according to claim 6.

Images