JP2006043931A - Authentication output system, network device, device utilization unit, output control program and authentication program, and authentication output method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication output system suitable for enhancing security while reducing the cost. <P>SOLUTION: A network printer 200 receives print data along with a print request and stores received print data in a storage 82. When an authentication card is inserted, authentication information is read out from the inserted authentication card and transmitted to a host terminal 100, and printing is permitted upon receiving a print permission notice. The host terminal 100 transmits the print data to the network printer 200 along with a print request. When certification information is received, a decision is made whether utilization eligibility of the print data exists or not based on the received certification information, and a print permission notice is transmitted to the network printer 200 if a decision is made that utilization eligibility of the print data exists. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a system, a device, an apparatus, a program, and a method for outputting after authentication, and in particular, an authentication output system, a network device, and a device using apparatus that are suitable for reducing cost and improving security. The present invention relates to an output control program, an authentication program, and an authentication output method.

When printing with a network printer, if the user's host terminal is located away from the network printer, there is a possibility that the contents of the printed matter can be seen by others before the user goes to the network printer. there were. Therefore, network printers are required to be provided with a security function.
Conventionally, as a technique for improving the security of a network printer, for example, a printing system disclosed in Patent Document 1, an image forming system disclosed in Patent Document 2, and an image processing system disclosed in Patent Document 3 was there.

  In the invention described in Patent Document 1, first, when a document is printed from the host terminal, a print command with a password is transmitted to the network printer. In the network printer, the received print command is expanded into a page image on the frame memory, and then compressed and stored. Then, the user actually comes to the installation location of the network printer, inputs the password to the network printer, and starts the printing process using the compressed data accumulated at that time.

The invention described in Patent Document 2 is configured such that image data and its identification code are stored in a storage device, and the image data can be output by collating the image identification code and operating the key of the image forming apparatus.
In the invention described in Patent Document 3, after image data and a password are transmitted from a host terminal to a controller, the image data and the password are associated with each other and stored in a memory of the controller. The network printer inputs a password from the operation unit, and when the passwords match, the image data corresponding to the password is read from the memory, transmitted to the network printer, and printed out.
Japanese Patent Laid-Open No. 11-353137 Japanese Patent Laid-Open No. 9-251358 JP-A-9-65145

As described above, all of the inventions described in Patent Documents 1 to 3 verify the coincidence of the password, the identification code, or the password with the network printer.
However, in many cases, complicated processing is performed for matching the passwords and the like, and if a function for performing such matching processing is incorporated in a network printer, there is a problem that costs increase.

  In addition, if a collation rule such as a personal identification number is analyzed, the network printer may be illegally used. From the viewpoint of improving security, it is desirable to periodically update the collation process. However, if the function for performing the collation process is incorporated in the network printer, the collation process cannot be updated easily. Therefore, there is a problem that security is not sufficient.

Such a problem is not limited to printing with a network printer, but is similarly assumed when a display device such as a projector or LCD is connected to the network and displayed on the display device.
Therefore, the present invention has been made by paying attention to such an unsolved problem of the conventional technology, and is suitable for reducing costs and improving security, a network device, An object of the present invention is to provide a device utilization apparatus, an output control program, an authentication program, and an authentication output method.

[Invention 1] In order to achieve the above object, an authentication output system of Invention 1 comprises:
An authentication output system in which a network device that performs output based on output data and a device using apparatus that uses the network device are connected to be communicable, and the network device performs output through authentication,
The network device includes: output data receiving means for receiving the output data; output means for outputting based on the output data received by the output data receiving means; and certification information for certifying eligibility for use of the output data Certification information acquisition means for acquiring the certification information, certification information transmission means for transmitting the certification information acquired by the certification information acquisition means to the device using device, and output permission notification for receiving output permission notification indicating permission or non-permission of output Receiving means, and output permission means for permitting output by the output means depending on whether the output permission notification received by the output permission notification receiving means or whether the output permission notification is received,
The device utilization apparatus has output data transmission means for transmitting the output data to the network device, certification information reception means for receiving the certification information, and usage eligibility authentication means for authenticating the eligibility for use of the output data. And
The usage eligibility authentication unit determines whether or not the output data is eligible for use based on the certification information received by the certification information reception unit, and notifies the network device of the output permission notification based on the determination result. It is characterized by transmitting.

With such a configuration, in the device using apparatus, output data is transmitted to the network device by the output data transmitting means.
In the network device, the output data is received by the output data receiving means.
When output is performed by the network device, the user gives certification information to the network device.

In the network device, proof information given by the user is acquired by the proof information acquisition means, and the acquired proof information is transmitted to the device using apparatus by the proof information transmission means.
In the device utilization apparatus, when the certification information is received by the certification information receiving means, the usage eligibility authentication means determines whether or not the output data is eligible for use based on the received certification information, and the network is based on the determination result. An output permission notification is sent to the device.

In the network device, the output permission means permits the output by the output means depending on whether the output permission notification received by the output permission notification receiving means or the output permission notification is received. When output is permitted, output is performed by the output means based on the received output data.
As a result, use-qualified authentication is performed by the device using device, so there is no need to provide a function for performing use-qualified authentication processing in the network device, and the cost of the network device can be reduced compared to the conventional case. can get. In addition, it becomes easy to update the usage-eligible authentication process, and the usage-eligible authentication process can be made different for each device using apparatus, so that the effect of improving security can be obtained.

  Here, for example, the following two configurations are conceivable as the use qualified authentication unit and the output permission unit. First, when the output permission notification is an output permission notification indicating permission for output, the use eligibility authentication unit transmits the output permission notification to the network device when determining that the output data is eligible for use, The output permission means permits the output by the output means in accordance with the output permission notification received by the output permission notification reception means. Second, if the output permission notification is an output non-permission notification indicating output non-permission, the use eligibility authentication means sends an output non-permission notification to the network device when it is determined that the output data is not eligible for use. When the output permission unit does not receive the output non-permission notification, the output permission unit permits the output by the output unit. As a determination not to receive the output non-permission notification, for example, when the output non-permission notification is not received within a predetermined time, or when notification is performed in a predetermined sequence, the output non-permission notification is received before the output non-permission notification is received. When a notification to be received next is received, it can be determined that an output non-permission notification is not received. Hereinafter, the same applies to the network device of the invention 7 and the device utilization apparatus of the invention 13.

  Further, the proof information acquisition means may have any configuration as long as the proof information is acquired, for example, the proof information may be input from an input device or the like. The certification information may be acquired or received from the terminal or the like, or the certification information may be read from a storage device or a storage medium. Thus, acquisition includes at least input, acquisition, reception and reading. The same applies to the authentication output system according to the second aspect and the network devices according to the seventh and eighth aspects.

  Further, the output unit may have any configuration as long as output is performed based on the output data. For example, the output unit may include a print unit that performs printing based on the print data, and display data. Display means for performing display based on the sound or sound output means for outputting sound based on the sound data is included. For example, a projector or an LCD (Liquid Crystal Display) corresponds to the display means. The same applies to the authentication output system according to the second aspect and the network devices according to the seventh and eighth aspects.

  The certification information refers to information for certifying eligibility for use of output data, and may be information capable of independently certifying eligibility for use of output data, or based on certification information and corresponding authentication information. When predetermined authentication processing is performed, it may be determined that the output data is eligible for use. As the predetermined authentication process, for example, it is determined whether the certification information and the authentication information satisfy a predetermined relationship. If it is determined that the predetermined relationship is satisfied, it is determined that the output data is eligible for use. Processing. Here, as satisfying the predetermined relationship, for example, the proof information and the authentication information are matched, the result of performing the calculation using the proof information by the predetermined calculation formula is matched with the authentication information, Another example is that the result of calculation using a predetermined calculation formula using authentication information matches the result of calculation using a predetermined calculation formula using authentication information. Hereinafter, the authentication output system of the invention 2, the network device of the inventions 7 and 8, the device utilization device of the inventions 13 and 14, the output control program of the inventions 18 and 19, the authentication program of the inventions 24 and 25, and the authentication of the inventions 29 and 30 The output method is the same.

[Invention 2] Furthermore, the authentication output system of Invention 2 includes:
An authentication output system in which a network device that performs output based on output data and a device using apparatus that uses the network device are connected to be communicable, and the network device performs output through authentication,
The network device includes output data receiving means for receiving the output data, output data storing means for storing output data received by the output data receiving means in output data storage means, and output data of the output data storage means. Output means for performing output based on the certification information, certification information acquisition means for acquiring certification information for certifying eligibility for use of the output data, and certification for transmitting the certification information acquired by the certification information acquisition means to the device using apparatus An information transmission unit, an output permission notification receiving unit that receives an output permission notification indicating permission of output, and an output permission unit that permits output by the output unit in response to the output permission notification received by the output permission notification receiving unit; Have
The device utilization apparatus has output data transmission means for transmitting the output data to the network device, certification information reception means for receiving the certification information, and usage eligibility authentication means for authenticating the eligibility for use of the output data. And
When the use eligibility authentication unit determines that the output data is eligible for use based on the certification information received by the certification information reception unit, the use eligibility authentication unit transmits the output permission notification to the network device. It is characterized by that.

With such a configuration, in the device using apparatus, output data is transmitted to the network device by the output data transmitting means.
In the network device, when the output data is received by the output data receiving means, the received output data is saved in the output data storage means by the output data saving means.
When output is performed by the network device, the user gives certification information to the network device.

In the network device, proof information given by the user is acquired by the proof information acquisition means, and the acquired proof information is transmitted to the device using apparatus by the proof information transmission means.
In the device utilization apparatus, when the proof information is received by the proof information receiving means, the use qualification means determines the use qualification of the output data based on the received proof information. As a result, when it is determined that the output data is eligible for use, an output permission notification is transmitted to the network device.

In the network device, when the output permission notification is received by the output permission notification receiving means, the output permission means permits the output by the output means in accordance with the received output permission notification. When output is permitted, output is performed by the output means based on the output data of the output data storage means.
As a result, use-qualified authentication is performed by the device using device, so there is no need to provide a function for performing use-qualified authentication processing in the network device, and the cost of the network device can be reduced compared to the conventional case. can get. In addition, it becomes easy to update the usage-eligible authentication process, and the usage-eligible authentication process can be made different for each device using apparatus, so that the effect of improving security can be obtained.

  Here, the output data storage means only needs to be provided so that the network device can be used, and may be provided in the network device, or may be provided in the device utilization apparatus or other terminal. Hereinafter, the same applies to the network device of the invention 8, the output control program of the invention 19, and the authentication output method of the invention 30.

[Invention 3] Furthermore, the authentication output system of Invention 3 is the authentication output system of Invention 2,
The device utilization apparatus further includes output data handling setting means for setting the handling of either deletion or suspension for the output data,
When the use eligibility authentication means determines that the output data is eligible for use, the handling instruction information indicating the handling set by the output data handling setting means is transmitted to the network device,
The network device further includes handling instruction information receiving means for receiving the handling instruction information,
The output means deletes or holds the output data of the output data storage means based on the handling instruction information received by the handling instruction information receiving means.

In such a configuration, when the user wants to delete or hold the output data transmitted to the network device, the device using apparatus handles either deletion or hold of the output data by the output data handling setting means. Set.
In the device utilization apparatus, when it is determined that the output data is eligible for use, use instruction authentication means transmits handling instruction information indicating the set handling to the network device.

In the network device, when the handling instruction information is received by the handling instruction information receiving means, the output means deletes or holds the output data of the output data storage means based on the received handling instruction information.
As a result, if the user loses the certification information, the user can stop the output even after sending the output data to the network device by setting either deletion or hold in the device using device. it can. Therefore, it is possible to reduce the possibility that the output content can be seen by others who have obtained the certification information, and the security can be further improved.

[Invention 4] Furthermore, the authentication output system of Invention 4 is the authentication output system of any one of Inventions 2 and 3,
The network device further includes an encryption key transmission unit that transmits a predetermined encryption key to the device utilization apparatus in response to an acquisition request from the device utilization apparatus,
The output data transmitting means transmits the acquisition request to the network device and receives the encryption key, encrypts the output data with the received encryption key, and encrypts the output data obtained by encryption. To the device,
The output means decrypts the encrypted output data of the output data storage means with a decryption key corresponding to the encryption key, and outputs based on the output data obtained by decryption. And

With such a configuration, the device utilization apparatus transmits an acquisition request to the network device by the output data transmission unit.
In the network device, the encryption key transmitting means transmits the encryption key to the device using apparatus in response to the acquisition request from the device using apparatus.
In the device utilization apparatus, when the encryption key is received, the output data transmitting means encrypts the output data with the received encryption key, and the encrypted output data obtained by the encryption is transmitted to the network device.

  In the network device, when the output data receiving unit receives the encrypted output data, the output data storage unit stores the received encrypted output data in the output data storage unit. When the output is permitted, the output means decrypts the encrypted output data of the output data storage means with the decryption key, and outputs based on the output data obtained by the decryption.

  As a result, the output data is encrypted from when the output data is transmitted by the device using device until it is output by the network device. Therefore, even if the output data is stolen, the output contents can be viewed. The effect that security can be further improved can be obtained.

[Invention 5] Furthermore, the authentication output system of Invention 5 is the authentication output system of any one of Inventions 2 and 3,
The output data transmitting means encrypts the output data with a predetermined encryption key, and transmits the encrypted output data obtained by encryption to the network device.
When the use eligibility authentication unit determines that the output data is eligible for use, it transmits a decryption key corresponding to the encryption key to the network device;
The network device further includes decryption key receiving means for receiving the decryption key,
The output means decrypts the encrypted output data of the output data storage means with the decryption key received by the decryption key reception means, and outputs based on the output data obtained by decryption It is characterized by.

With such a configuration, in the device using apparatus, the output data transmitting means encrypts the output data with the encryption key, and the encrypted output data obtained by the encryption is transmitted to the network device.
In the network device, when the output data receiving unit receives the encrypted output data, the output data storage unit stores the received encrypted output data in the output data storage unit.

Further, when the device utilization apparatus determines that the output data is eligible for use, the decryption key is transmitted to the network device by the use appropriate authentication means.
In the network device, when the decryption key is received by the decryption key receiving means, the output means decrypts the encrypted output data of the output data storage means with the received decryption key, and outputs based on the output data obtained by the decryption Is done.

  As a result, the output data is encrypted from when the output data is transmitted by the device using device until it is output by the network device. Therefore, even if the output data is stolen, the output contents can be viewed. The effect that security can be further improved can be obtained. In addition, since the decryption key is acquired at the time of output in the network device, the use of the decryption key can be limited, and the security can be further improved.

[Invention 6] Further, the authentication output system of the invention 6 is the authentication output system of any one of the inventions 2 to 5,
The certification information acquisition means is adapted to read the certification information from a given authentication storage medium,
The output permission means permits the output by the output means only while the authentication storage medium is provided to the certification information acquisition means.

With such a configuration, when the authentication storage medium storing the certification information is given to the network device, the certification information is read from the given authentication storage medium by the certification information acquisition unit. Then, the output permission means permits the output by the output means only while the authentication storage medium is provided to the certification information acquisition means.
As a result, in the event that the user has to leave the network device during output, the output can be interrupted by removing the authentication storage medium, thus reducing the possibility that the output content can be seen by others. And security can be further improved.

[Invention 7] On the other hand, in order to achieve the above object, a network device of Invention 7 includes:
A network device that performs output based on output data,
Output data receiving means for receiving output data, output means for outputting based on the output data received by the output data receiving means, and certification information acquisition for obtaining certification information for certifying eligibility for use of the output data Means, a proof information transmitting means for transmitting the proof information acquired by the proof information acquiring means to the device using device, an output permission notification receiving means for receiving an output permission notification indicating permission or non-permission, and the output permission Output permission means for permitting the output by the output means in accordance with the presence or absence of the output permission notification received by the notification receiving means or the output permission notification.
With such a configuration, an action equivalent to that of the network device in the authentication output system of aspect 1 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 1 can be obtained.

[Invention 8] Further, the network device of Invention 8 includes:
A network device that performs output based on output data,
Output data receiving means for receiving the output data, output data saving means for saving the output data received by the output data receiving means in output data storage means, and outputting based on the output data of the output data storage means Output means, certification information acquisition means for acquiring certification information for certifying eligibility for use of the output data, certification information transmission means for transmitting certification information acquired by the certification information acquisition means to a device using device, and output Output permission notification receiving means for receiving an output permission notification indicating permission, and output permission means for permitting output by the output means in response to the output permission notification received by the output permission notification receiving means, To do.
With such a configuration, an action equivalent to that of the network device in the authentication output system of aspect 2 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 2 can be obtained.

[Invention 9] Furthermore, the network device of Invention 9 is the network device of Invention 8,
Furthermore, it comprises a handling instruction information receiving means for receiving handling instruction information indicating either deletion or suspension of the output data,
The output means deletes or holds the output data of the output data storage means based on the handling instruction information received by the handling instruction information receiving means.
With such a configuration, an action equivalent to that of the network device in the authentication output system of aspect 3 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 3 can be obtained.

[Invention 10] Furthermore, the network device of Invention 10 is the network device of any one of Inventions 8 and 9,
Furthermore, it comprises an encryption key transmission means for transmitting a predetermined encryption key to the device utilization apparatus in response to an acquisition request from the device utilization apparatus,
The output means decrypts the encrypted output data of the output data storage means with a decryption key corresponding to the encryption key, and outputs based on the output data obtained by decryption. And
With such a configuration, an action equivalent to that of the network device in the authentication output system of aspect 4 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 4 can be obtained.

[Invention 11] Furthermore, the network device of Invention 11 is the network device of any one of Inventions 8 and 9,
Furthermore, a decryption key receiving means for receiving the decryption key is provided,
The output means decrypts the encrypted output data of the output data storage means with the decryption key received by the decryption key reception means, and outputs based on the output data obtained by decryption It is characterized by.
With such a configuration, an action equivalent to that of the network device in the authentication output system of aspect 5 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 5 can be obtained.

[Invention 12] Furthermore, the network device of Invention 12 is the network device of any one of Inventions 8 to 11,
The certification information acquisition means is adapted to read the certification information from a given authentication storage medium,
The output permission means permits the output by the output means only while the authentication storage medium is provided to the certification information acquisition means.
With such a configuration, an action equivalent to that of the network device in the authentication output system of aspect 6 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 6 can be obtained.

[Invention 13] On the other hand, in order to achieve the above object, the device utilization apparatus of Invention 13 includes:
A device utilization device for authenticating the eligibility of output data,
Output data transmitting means for transmitting the output data to a network device, certification information receiving means for receiving certification information for certifying the usage eligibility of the output data, and usage eligibility authentication means for authenticating the eligibility for use of the output data And
The use eligibility authentication unit determines whether or not the output data is eligible for use based on the certification information received by the certification information reception unit, and indicates whether the output is permitted or not based on the determination result. An output permission notification is transmitted to the network device.
With such a configuration, an action equivalent to that of the device utilization apparatus in the authentication output system of aspect 1 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 1 can be obtained.

[Invention 14] Furthermore, the device utilization apparatus of the invention 14 includes:
A device utilization device for authenticating the eligibility of output data,
Output data transmitting means for transmitting the output data to a network device, certification information receiving means for receiving certification information for certifying the usage eligibility of the output data, and usage eligibility authentication means for authenticating the eligibility for use of the output data And
When the use eligibility authentication unit determines that the output data is eligible for use based on the proof information received by the proof information receiving unit, the use eligibility authentication unit transmits an output permission notification indicating permission of output to the network device. It is characterized by becoming.
With such a configuration, an action equivalent to that of the device utilization apparatus in the authentication output system of aspect 2 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 2 can be obtained.

[Invention 15] Furthermore, the device utilization apparatus of the invention 15 is the device utilization apparatus of the invention 14,
Furthermore, it comprises output data handling setting means for setting the handling of either deletion or suspension for the output data,
When the use eligibility authentication means determines that the output data is eligible for use, the use eligibility authentication means transmits handling instruction information indicating the handling set by the output data handling setting means to the network device. Features.
With such a configuration, an action equivalent to that of the device utilization apparatus in the authentication output system of aspect 3 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 3 can be obtained.

[Invention 16] Furthermore, the device utilization apparatus according to Invention 16 is the device utilization apparatus according to any one of Inventions 14 and 15,
The output data transmission means transmits an acquisition request to the network device, receives a predetermined encryption key, encrypts the output data with the received encryption key, and encrypts the output data obtained by encryption. It is characterized by being sent to the device.
With such a configuration, an action equivalent to that of the device utilization apparatus in the authentication output system of aspect 4 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 4 can be obtained.

[Invention 17] Furthermore, the device utilization apparatus according to Invention 17 is the device utilization apparatus according to any one of Inventions 14 and 15,
The output data transmitting means encrypts the output data with a predetermined encryption key, and transmits the encrypted output data obtained by encryption to the network device.
The use eligibility authentication unit is configured to transmit a decryption key corresponding to the encryption key to the network device when it is determined that the output data is eligible for use.
With such a configuration, an action equivalent to that of the device utilization apparatus in the authentication output system of aspect 5 can be obtained. Therefore, an effect equivalent to that of the authentication output system of aspect 5 can be obtained.

[Invention 18] On the other hand, in order to achieve the above object, an output control program according to Invention 18 includes:
An output control program for performing output based on output data,
An output data receiving step for receiving output data, an output step for outputting based on the output data received in the output data receiving step, and certification information acquisition for acquiring certification information for certifying eligibility for use of the output data A certification information transmission step for transmitting the certification information acquired in the certification information acquisition step to the device using device, an output permission notification reception step for receiving an output permission notification indicating permission or non-permission of output, and the output permission / rejection Including a program for causing a computer to execute processing including an output permission notification received in the notification reception step or an output permission step for permitting output of the output step according to whether the output permission notification is received or not. To do.

With such a configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as the network device of the seventh aspect can be obtained.
Here, as the use qualified authentication step and the output permission step, for example, the following two forms are conceivable. First, when the output permission notification is an output permission notification indicating permission of output, the use eligibility authentication step transmits an output permission notification to the network device when it is determined that the output data is eligible for use, The output permission step permits the output of the output step according to the output permission notification received in the output permission notification reception step. Second, if the output permission notification is an output non-permission notification indicating output non-permission, the use eligibility authentication step sends an output non-permission notification to the network device when it is determined that the output data is not eligible for use. When the output permission step does not receive the output non-permission notification, the output permission step permits the output of the output step. As a determination not to receive the output non-permission notification, for example, when the output non-permission notification is not received within a predetermined time or when notification is performed in a predetermined sequence, the output non-permission notification is received before the output non-permission notification is received. When a notification to be received next is received, it can be determined that an output non-permission notification is not received. The same applies to the authentication output method of the invention 29 below.

  Further, the certification information acquisition step may take any form as long as the certification information is acquired. For example, the certification information may be input from an input device or the like, or the certification information is acquired from an external terminal or the like. The proof information may be read from a storage device or a storage medium. Thus, acquisition includes at least input, acquisition, reception and reading. Hereinafter, the same applies to the output control program of the invention 19 and the authentication output method of the inventions 29 and 30.

  The output step may be in any form as long as output is performed based on the output data. For example, the output step is a print step for performing printing based on the print data, and a display is performed based on the display data. A display step or a sound output step for outputting sound based on the sound data is included. As the display step, for example, displaying by a projector or an LCD corresponds. Hereinafter, the same applies to the output control program of the invention 19 and the authentication output method of the inventions 29 and 30.

[Invention 19] Further, the output control program of the invention 19 includes:
An output control program for performing output based on output data,
An output data receiving step for receiving the output data, an output data storing step for storing the output data received in the output data receiving step in an output data storage means, and an output based on the output data of the output data storage means An output step, a certification information acquisition step for acquiring certification information for certifying eligibility for use of the output data, a certification information transmission step for transmitting the certification information acquired in the certification information acquisition step to a device using device, and an output A process comprising: an output permission notification receiving step for receiving an output permission notification indicating permission of the output; and an output permission step for permitting the output of the output step according to the output permission notification received in the output permission notification receiving step. A program for executing the program is included.

  With such a configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the network device of aspect 8 can be obtained.

[Invention 20] Furthermore, the output control program of Invention 20 is the output control program of Invention 19,
Further, the program includes a program for causing a computer to execute processing including a handling instruction information receiving step for receiving handling instruction information indicating handling of either deletion or suspension of the output data,
In the output step, the output data stored in the output data storage means is deleted or suspended based on the handling instruction information received in the handling instruction information receiving step.

  With such a configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as the network device of the ninth aspect can be obtained.

[Invention 21] Furthermore, the output control program of Invention 21 is the output control program of any one of Inventions 19 and 20,
Furthermore, a program for causing a computer to execute processing including an encryption key transmission step of transmitting a predetermined encryption key to the device utilization apparatus in response to an acquisition request from the device utilization apparatus,
The output step is characterized in that the encrypted output data of the output data storage means is decrypted with a decryption key corresponding to the encryption key, and output is performed based on the output data obtained by decryption.

  With this configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the network device of the tenth aspect can be obtained.

[Invention 22] Furthermore, the output control program of Invention 22 is the output control program of any one of Inventions 19 and 20,
Further, the program includes a program for causing a computer to execute processing including a decryption key receiving step for receiving a decryption key,
In the output step, the encrypted output data of the output data storage means is decrypted with the decryption key received in the decryption key receiving step, and output is performed based on the output data obtained by decryption.

  With this configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the network device of the eleventh aspect can be obtained.

[Invention 23] Furthermore, the output control program of Invention 23 is the output control program of any one of Inventions 19 to 22,
The certification information acquisition step reads the certification information from a given authentication storage medium,
The output permission step permits the output of the output step only while the authentication storage medium is given to the certification information acquisition step.

  With such a configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the network device of the twelfth aspect can be obtained.

[Invention 24] On the other hand, in order to achieve the above object, an authentication program of the invention 24 includes:
An authentication program for verifying eligibility for use of output data,
An output data transmitting step for transmitting the output data to a network device; a certification information receiving step for receiving certification information for proving the eligibility for use of the output data; and a usage eligibility authentication step for authenticating the usage eligibility of the output data. Including a program for causing a computer to execute a process consisting of:
The usage eligibility authentication step determines whether or not the output data is eligible for use based on the certification information received in the certification information reception step, and indicates whether the output is permitted or not based on the determination result. An output permission notification is transmitted to the network device.

  With such a configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the device utilization apparatus of the thirteenth aspect are obtained.

[Invention 25] Further, the authentication program of the invention 25 includes:
An authentication program for verifying eligibility for use of output data,
An output data transmitting step for transmitting the output data to a network device; a certification information receiving step for receiving certification information for proving the eligibility for use of the output data; and a usage eligibility authentication step for authenticating the usage eligibility of the output data. Including a program for causing a computer to execute a process consisting of:
When the use eligibility authentication step determines that the output data is eligible for use based on the certification information received in the certification information reception step, an output permission notification indicating permission of output is transmitted to the network device. It is characterized by.

  With such a configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the device utilization apparatus of the fourteenth aspect can be obtained.

[Invention 26] Further, the authentication program of Invention 26 is the authentication program of Invention 25,
Further, the program includes a program for causing a computer to execute a process including an output data handling setting step for setting whether to delete or hold the output data.
In the usage eligibility authentication step, when it is determined that the output data is eligible for use, handling instruction information indicating the handling set in the output data handling setting step is transmitted to the network device.

  With such a configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the device utilization apparatus of the fifteenth aspect can be obtained.

[Invention 27] Furthermore, the authentication program of Invention 27 is the authentication program of any one of Inventions 25 and 26,
The output data transmission step transmits an acquisition request to the network device, receives a predetermined encryption key, encrypts the output data with the received encryption key, and encrypts the output data obtained by encryption. It is transmitted to a device.

  With this configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the device utilization apparatus of the sixteenth aspect can be obtained.

[Invention 28] Further, the authentication program of Invention 28 is the authentication program of any one of Inventions 25 and 26,
The output data transmission step encrypts the output data with a predetermined encryption key, transmits the encrypted output data obtained by encryption to the network device,
The use eligibility authentication step transmits a decryption key corresponding to the encryption key to the network device when it is determined that the output data is eligible for use.

  With this configuration, when the program is read by the computer and the computer executes processing according to the read program, the same operation and effect as those of the device utilization apparatus of the seventeenth aspect can be obtained.

[Invention 29] On the other hand, in order to achieve the above object, an authentication output method of the invention 29 includes:
An authentication output method in which a network device that performs output based on output data and a device using device that uses the network device are communicably connected, and the network device performs output after authentication,
For the device utilization device,
An output data transmission step of transmitting the output data to the network device;
For the network device:
An output data receiving step for receiving the output data, and an output step for performing output based on the output data received in the output data receiving step,
For the network device,
A certification information acquisition step for acquiring certification information for certifying eligibility for use of the output data, and a certification information transmission step for transmitting the certification information acquired in the certification information acquisition step to the device using device,
For the device utilization device,
A certification information receiving step for receiving the certification information;
It is determined whether or not the output data is eligible for use based on the certification information received in the certification information receiving step, and based on the determination result, an output permission / notification indicating whether output is permitted or not is sent to the network device. Including an eligibility step to send to
For the network device,
An output permission notification receiving step for receiving the output permission notification; an output permission step for permitting output of the output step according to whether the output permission notification received in the output permission notification receiving step or the output permission notification is received; It is characterized by including.
Thereby, the effect equivalent to the authentication output system of the invention 1 is acquired.

[Invention 30] Further, the authentication output method of Invention 30 includes:
An authentication output method in which a network device that performs output based on output data and a device using device that uses the network device are communicably connected, and the network device performs output after authentication,
For the device utilization device,
An output data transmission step of transmitting the output data to the network device;
For the network device:
An output data receiving step for receiving the output data, an output data storing step for storing the output data received in the output data receiving step in an output data storage means, and an output based on the output data of the output data storage means An output step,
For the network device,
A certification information acquisition step for acquiring certification information for certifying eligibility for use of the output data, and a certification information transmission step for transmitting the certification information acquired in the certification information acquisition step to the device using device,
For the device utilization device,
A certification information receiving step for receiving the certification information;
When it is determined that the output data is eligible for use based on the certification information received in the certification information receiving step, the usage eligibility authentication step of transmitting an output permission notification indicating permission of output to the network device,
For the network device,
An output permission notification receiving step for receiving the output permission notification; and an output permission step for permitting the output of the output step in response to the output permission notification received in the output permission notification receiving step.
Thereby, the effect equivalent to the authentication output system of the invention 2 is acquired.

[Invention 31] Furthermore, the authentication output method of the invention 31 is the authentication output method of the invention 30,
For the device utilization device,
An output data handling setting step for setting the handling of either deletion or suspension for the output data,
When the use eligibility authentication step determines that the output data is eligible for use, the handling instruction information indicating the handling set in the output data handling setting step is transmitted to the network device,
For the network device,
A handling instruction information receiving step for receiving the handling instruction information;
In the output step, the output data stored in the output data storage means is deleted or suspended based on the handling instruction information received in the handling instruction information receiving step.
Thereby, the effect equivalent to the authentication output system of the invention 3 is acquired.

[Invention 32] Furthermore, the authentication output method of Invention 32 is the authentication output method of any one of Inventions 30 and 31,
Furthermore, it includes an encryption key transmission step of transmitting a predetermined encryption key to the device utilization apparatus in response to an acquisition request from the device utilization apparatus,
The output step is characterized in that the encrypted output data of the output data storage means is decrypted with a decryption key corresponding to the encryption key, and output is performed based on the output data obtained by decryption.
Thereby, the effect equivalent to the authentication output system of the invention 4 is acquired.

[Invention 33] Further, the authentication output method of Invention 33 is the authentication output method of any one of Inventions 30 and 31,
The output data transmission step encrypts the output data with a predetermined encryption key, transmits the encrypted output data obtained by encryption to the network device,
When the use eligibility authentication step determines that the output data is eligible for use, the decryption key corresponding to the encryption key is transmitted to the network device;
For the network device,
Receiving a decryption key receiving step,
In the output step, the encrypted output data of the output data storage means is decrypted with the decryption key received in the decryption key receiving step, and output is performed based on the output data obtained by decryption.
Thereby, the same effect as that of the authentication output system of aspect 5 can be obtained.

[Invention 34] Furthermore, the authentication output method of the invention 34 is the authentication output method of any one of the inventions 30 to 33,
The certification information acquisition step reads the certification information from a given authentication storage medium,
The output permission step permits the output of the output step only while the authentication storage medium is provided.
Thereby, the same effect as that of the authentication output system of aspect 6 can be obtained.

Hereinafter, a first embodiment of the present invention will be described with reference to the drawings. 1 to 11 are diagrams showing a first embodiment of an authentication output system, a network device, a device using apparatus, an output control program and an authentication program, and an authentication output method according to the present invention.
In the present embodiment, an authentication output system, a network device, a device using apparatus, an output control program and an authentication program, and an authentication output method according to the present invention are shown in FIG. This is applied to the case where printing is performed with the printer.

First, an outline of functions of a network system to which the present invention is applied will be described with reference to FIG.
FIG. 1 is a functional block diagram showing an outline of functions of a network system.
As shown in FIG. 1, a plurality of host terminals 100 and a network printer 200 are connected to the network 199.

  The host terminal 100 includes a print data generation unit 10 that generates print data, a print data transmission unit 11 that encrypts the print data generated by the print data generation unit 10 and transmits the encrypted print data to the network printer 200, and qualifies use of the print data. A certification information receiving unit 12 that receives certification information for certification, a print data handling setting unit 13 that sets whether the print data is deleted or suspended, and a usage eligibility authentication unit that authenticates the usage eligibility of the print data 14.

The print data transmission unit 11 encrypts the print data generated by the print data generation unit 10 with a predetermined encryption key, and transmits the encrypted print data obtained by the encryption to the network printer 200 together with the print request.
The use eligibility authentication unit 14 determines whether or not the print data is eligible for use based on the certification information received by the certification information receiving unit 12. A print permission notification including handling instruction information indicating handling set by the setting unit 13 is transmitted to the network printer 200. When it is determined that the print data is eligible for use, a decryption key is transmitted to the network printer 200 in response to a request from the network printer 200.

The network printer 200 stores the print data storage unit 20, the print data reception unit 21 that receives encrypted print data together with a print request, and the encrypted print data received by the print data reception unit 21 in the print data storage unit 20. The print data storage unit 22 and the print unit 23 that performs printing based on the encrypted print data in the print data storage unit 20 are configured.
The network printer 200 further includes a certification information reading unit 24 that reads certification information from an authentication card such as an IC card, a certification information transmission unit 25 that transmits certification information read by the certification information reading unit 24 to the host terminal 100, The printing permission notification receiving unit 26 that receives the printing permission notification and the printing permission unit 27 that permits printing by the printing unit 23 according to the printing permission notification received by the printing permission notification receiving unit 26 are configured. .

  The printing unit 23 acquires a decryption key from the host terminal 100 in response to the print permission notification received by the print permission notification receiving unit 26, decrypts the encrypted print data in the print data storage unit 20 with the acquired decryption key, and decrypts the decrypted print data. Printing is performed based on the print data obtained by the conversion. Further, based on the handling instruction information included in the print permission notification received by the print permission notification receiving unit 26, the print data in the print data storage unit 20 is deleted or suspended.

Next, the configuration of the host terminal 100 will be described.
FIG. 2 is a block diagram illustrating a hardware configuration of the host terminal 100.
As shown in FIG. 2, the host terminal 100 includes a CPU 50 that controls the operation and the entire system based on a control program, a ROM 52 that stores a control program of the CPU 50 in a predetermined area, and data read from the ROM 52 and the like. And a RAM 54 for storing calculation results required in the calculation process of the CPU 50, and an I / F 58 for mediating input / output of data to / from an external device, which are signals for transferring data The buses 59 are connected to each other so as to be able to exchange data.

  The I / F 58 includes, as external devices, an input device 60 such as a keyboard and a mouse that can input data as a human interface, a storage device 62 that stores data, tables, and the like as files, and a screen based on image signals. , A card writer 66 for writing certification information to the inserted authentication card, and a signal line for connecting to the network 199 are connected.

FIG. 3 is a diagram illustrating the data structure of the print job list 400.
As shown in FIG. 3, the storage device 62 stores a print job list 400 for registering information related to print jobs.
In the print job list 400, one record is registered for each print job. Each record includes a field 402 for registering a job ID assigned to a print job, a field 404 for registering an encryption key used for encrypting print data relating to the print job, and a field for registering a user ID used as certification information. 406 and a field 408 for registering the handling of print data.

  In the example of FIG. 3, “002” as the job ID, “xxxyyy” as the encryption key, “User02” as the user ID, and “hold” as the handling are registered in the second row record. . For print job 2 (which refers to a print job specified by job ID “002”, hereinafter abbreviated in the same manner), the print data is encrypted with an encryption key “xxxyyy”, and “User02” is used as certification information. "Is used. In addition, the print data related to the print job 2 is reserved without being printed by the network printer 200.

The CPU 50 includes a microprocessing unit and the like, starts a predetermined program stored in a predetermined area of the ROM 52, and according to the program, print request processing, print data handling setting processing and use shown in the flowcharts of FIGS. Each qualification process is executed in a time-sharing manner.
First, the print request process will be described in detail with reference to FIG.

FIG. 4 is a flowchart showing the print request process.
The print request process is a process for requesting printing to the network printer 200. When the print request process is executed in the CPU 50, as shown in FIG. 4, first, the process proceeds to step S100.
In step S100, it is determined whether printing is requested from a document creation application or the like. When it is determined that printing is requested (Yes), the process proceeds to step S102, but when it is determined that printing is not required (No). The process waits in step S100 until printing is requested.

In step S102, print data is generated, the process proceeds to step S104, an encryption key of the common key encryption method is generated, the process proceeds to step S106, and the print data is encrypted with the generated encryption key, and the process proceeds to step S108. Transition.
In step S108, a print request is transmitted to the network printer 200, the process proceeds to step S110, the encrypted print data obtained by encryption is transmitted to the network printer 200, and the process proceeds to step S112.

In step S112, it is determined whether or not a job ID has been received. When it is determined that a job ID has been received (Yes), the process proceeds to step S114. When it is determined that this is not the case (No), a job ID is determined. Until it is received in step S112.
In step S114, the user ID of the user currently using the host terminal 100 is acquired, and the received job ID, the generated encryption key, and the acquired user ID are associated with each other and registered in the print job list 400. Field 408 is set to “print”, a series of processing is terminated, and the original processing is restored.

Next, the print data handling setting process will be described in detail with reference to FIG.
FIG. 5 is a flowchart showing the print data handling setting process.
The print data handling setting process is a process for setting the handling of the print data transmitted to the network printer 200 at the network printer 200. When the CPU 50 executes the print data handling process, as shown in FIG. It is supposed to be.

In step S150, it is determined whether or not a change in handling has been requested from the input device 60 for the print data transmitted to the network printer 200. If it is determined that a change in handling has been requested (Yes), the process proceeds to step S152. However, if it is determined that this is not the case (No), the process waits in step S150 until a change in handling is requested.
In step S152, it is displayed on the display device 64 that a job ID should be selected from the print job list 400, the selection of any job ID is input from the input device 60, the process proceeds to step S154, and “print” is displayed. ”,“ Delete ”, or“ hold ”is displayed on the display device 64 to indicate that one of the treatments should be selected, and the selection of one of the treatments is input from the input device 60, and the process proceeds to step S156.

In step S156, the record corresponding to the job ID selected by the user is searched from the print job list 400, the handling selected by the user is set in the field 408 of the searched record, and the series of processing ends. To return to the original process.
Next, the use eligibility authentication process will be described in detail with reference to FIG.
FIG. 6 is a flowchart showing the use eligibility authentication process.

The use eligibility authentication process is a process for authenticating the use eligibility of the print data, and when executed in the CPU 50, first, as shown in FIG. 6, the process proceeds to step S200.
In step S200, it is determined whether or not proof information (hereinafter referred to as password information) encrypted by a predetermined encryption algorithm (for example, Caesar encryption algorithm) is received, and it is determined that the password information is received. If (Yes), the process proceeds to step S202. If not (No), the process waits in step S200 until password information is received.

In step S202, the personal identification information is decrypted by a predetermined decryption algorithm (for example, Caesar decryption algorithm), and the process proceeds to step S204 to print the job ID corresponding to the certification information (user ID) obtained by the decryption. A search is made from the job list 400, and the process proceeds to step S206.
In step S206, it is determined whether or not the corresponding job ID has been searched. If it is determined that the corresponding job ID has been searched (Yes), the process proceeds to step S208 to correspond to the searched job ID. It is determined whether or not the handling is “printing”. When it is determined that the handling is “printing” (Yes), the process proceeds to step S210, and handling instruction information indicating “printing” and the searched job are retrieved. A print permission notification including the ID is transmitted to the network printer 200, and the process proceeds to step S212.

In step S212, it is determined whether or not a decryption key acquisition request has been received. When it is determined that a decryption key acquisition request has been received (Yes), the process proceeds to step S214, but when it is determined that this is not the case (No). Waits in step S212 until a decryption key acquisition request is received.
In step S214, an encryption key corresponding to the retrieved job ID is read from the print job list 400, the process proceeds to step S216, the read encryption key is transmitted to the network printer 200 as a decryption key, and the process proceeds to step S218. Then, the record corresponding to the searched job ID is deleted from the print job list 400, the series of processing is terminated, and the original processing is restored.

  On the other hand, when it is determined in step S208 that the handling corresponding to the retrieved job ID is not “printing” (No), the process proceeds to step S220, and the handling corresponding to the retrieved job ID is “deletion”. When it is determined whether or not the handling is “deletion” (Yes), the process proceeds to step S222, and the print permission notification including the handling instruction information indicating “deletion” and the searched job ID Is transmitted to the network printer 200, a series of processing is terminated, and the original processing is restored.

On the other hand, when it is determined in step S220 that the handling corresponding to the retrieved job ID is not “delete” (No), the process proceeds to step S224, where the handling instruction information indicating “hold” and the retrieved job ID are displayed. Is sent to the network printer 200, and a series of processing is terminated to return to the original processing.
On the other hand, if it is determined in step S206 that the corresponding job ID is not searched (No), the series of processes is terminated and the original process is restored.

Next, the configuration of the network printer 200 will be described.
FIG. 7 is a block diagram illustrating a hardware configuration of the network printer 200.
As shown in FIG. 7, the network printer 200 includes a CPU 70 that controls operations and the entire system based on a control program, a ROM 72 that stores a control program for the CPU 70 in a predetermined area, and data read from the ROM 72 and the like. And a RAM 74 for storing calculation results required in the calculation process of the CPU 70 and an I / F 78 for mediating input / output of data to / from an external device. These signals are signals for transferring data. They are connected to each other via a bus 79 that is a line so that data can be exchanged.

  The I / F 78 includes, as external devices, an operation panel 80 including a touch panel that can input and display data as a human interface, a storage device 82 that stores data, tables, and the like as files, a print head, and a head drive unit. A printer engine 84 having other mechanisms necessary for printing, a card reader 86 that reads certification information from an inserted authentication card, and a signal line for connecting to the network 199 are connected.

FIG. 8 is a diagram illustrating a data structure of the authentication destination list 420.
In addition to configuring the print data storage unit 20, the storage device 82 stores an authentication destination list 420 in which information related to the host terminal 100 that requests authentication is registered, as shown in FIG.
In the authentication destination list 420, one record is registered for each print job. Each record includes a field 422 for registering a job ID and a field 424 for registering the address of the host terminal 100.

In the example of FIG. 8, “001” as the job ID and “192.168.0.1” as the address are registered in the first record. This indicates that the host terminal 100 that is the transmission source of the print job 1 is requested to authenticate the print job 1 and the address is “192.168.0.1”.
The CPU 70 includes a microprocessing unit and the like, and activates a predetermined program stored in a predetermined area of the ROM 72. According to the program, the print request reception process, the authentication card reading process, and the printing shown in the flowcharts of FIGS. Each control process is executed in a time-sharing manner.

First, the print request reception process will be described in detail with reference to FIG.
FIG. 9 is a flowchart showing print request reception processing.
The print request accepting process is a process for accepting a print request from the host terminal 100. When the print request accepting process is executed in the CPU 70, as shown in FIG. 9, first, the process proceeds to step S300.

In step S300, it is determined whether or not a print request has been received. If it is determined that a print request has been received (Yes), the process proceeds to step S302. If not (No), a print request is received. Until it is received in step S300.
In step S302, encrypted print data is received, the process proceeds to step S304, a job ID is issued for the received encrypted print data, and the process proceeds to step S306, where the issued job ID is assigned to the requesting host. The data is transmitted to the terminal 100, and the process proceeds to step S308.

In step S308, the received encrypted print data is stored in the storage device 82 in association with the issued job ID, and the process proceeds to step S310 where the address of the requesting host terminal 100 is extracted from the print request and issued. The job ID and the extracted address are associated with each other and registered in the authentication destination list 420, and a series of processes is terminated and the original process is restored.
Next, the authentication card reading process will be described in detail with reference to FIG.

FIG. 10 is a flowchart showing the authentication card reading process.
The authentication card reading process is a process of reading the certification information from the authentication card by the card reader 86. When the authentication card reading process is executed by the CPU 70, as shown in FIG. 10, first, the process proceeds to step S350.
In step S350, it is determined whether or not an authentication card has been inserted into the card reader 86. If it is determined that an authentication card has been inserted (Yes), the process proceeds to step S352, and insertion indicating whether or not the authentication card has been inserted. The flag is set, and the process proceeds to step S354.

In step S354, the password information is read from the authentication card by the card reader 86, the process proceeds to step S356, and the read password information is transmitted to the host terminal 100 based on the authentication destination list 420, and the process proceeds to step S358.
In step S358, it is determined whether or not the authentication card has been removed from the card reader 86. When it is determined that the authentication card has been removed (Yes), the process proceeds to step S360, but when it is determined that it is not (No). Waits at step S358 until the authentication card is removed.

In step S360, the insertion flag is reset, the series of processes is terminated, and the original process is restored.
On the other hand, when it is determined in step S350 that the authentication card is not inserted into the card reader 86 (No), the process proceeds to step S362, the insertion flag is reset, the series of processes is terminated, and the original process is started. Return.

Next, the print control process will be described in detail with reference to FIG.
FIG. 11 is a flowchart showing the print control process.
The print control process is a process of performing printing after waiting for a print permission notification from the host terminal 100. When the print control process is executed in the CPU 70, as shown in FIG. 11, first, the process proceeds to step S400. .

In step S400, it is determined whether or not a print permission notification has been received. When it is determined that the print permission notification has been received (Yes), the process proceeds to step S402. The process waits in step S400 until a print permission notification is received.
In step S402, it is determined whether or not the handling is “printing” based on the handling instruction information included in the received print permission notification. If it is determined that the handling is “printing” (Yes), step S404 is performed. Migrate to

  In step S404, the encrypted print data corresponding to the job ID included in the received print permission notification is read from the storage device 82, and the process proceeds to step S406 to perform encryption corresponding to the job ID included in the received print permission notification. The print data is deleted from the storage device 82, the process proceeds to step S408, a decryption key acquisition request is transmitted to the notification source host terminal 100 based on the authentication destination list 420, and the process proceeds to step S410.

In step S410, it is determined whether or not a decryption key has been received. If it is determined that a decryption key has been received (Yes), the process proceeds to step S412. If not (No), the decryption key is determined. Until it is received in step S410.
In step S412, the read encrypted print data is decrypted with the received decryption key, the process proceeds to step S414, the printer engine 84 performs printing based on the print data obtained by the decryption, and the process proceeds to step S416. To do.

  In step S416, it is determined whether or not the insertion flag is set. If it is determined that the insertion flag is set (Yes), the process proceeds to step S418 to determine whether or not printing is completed. When it is determined that the printing is completed (Yes), the process proceeds to step S420, the record corresponding to the job ID included in the received print permission notification is deleted from the authentication destination list 420, and the series of processes is terminated. To return to the original process.

On the other hand, when it is determined in step S418 that printing has not been completed (No), the process proceeds to step S414.
On the other hand, when it is determined in step S416 that the insertion flag is reset (No), the process proceeds to step S422, the printing is interrupted, and the process proceeds to step S420.
On the other hand, when it is determined in step S402 that the handling is not “printing” (No), the process proceeds to step S424, and whether the handling is “deletion” based on the handling instruction information included in the received print permission notification. If it is determined whether or not the handling is “delete” (Yes), the process proceeds to step S426, and the encrypted print data corresponding to the job ID included in the received print permission notification is stored in the storage device 82. Is deleted, and a series of processing is terminated and the original processing is restored.

On the other hand, when it is determined in step S424 that the handling is not “deletion” (No), the process proceeds to step S428 to hold the encrypted print data corresponding to the job ID included in the received print permission notification, and The process is terminated and the original process is restored.
Next, the operation of the present embodiment will be described.
First, a case where printing is performed by the network printer 200 will be described.

The user requests printing using the document creation application or the like at the host terminal 100.
In the host terminal 100, when printing is requested, print data and an encryption key are generated through steps S102 to S110, the print data is encrypted with the generated encryption key, and encrypted printing obtained by encryption is performed. Data is transmitted to the network printer 200 together with the print request.

  When receiving the print request, the network printer 200 receives the encrypted print data through steps S302 to S306, issues a job ID to the received encrypted print data, and the issued job ID is the host terminal 100. Sent to. Further, the encrypted print data is stored in the storage device 82 in association with the issued job ID through step S308. Then, through step S310, the address of the host terminal 100 is extracted from the print request, and the issued job ID and the extracted address are associated with each other and registered in the authentication destination list 420.

When the host terminal 100 receives the job ID, the user ID of the user currently using the host terminal 100 is acquired through step S114, the received job ID, the generated encryption key, and the acquired user ID. Are registered in the print job list 400, and the field 408 of the record is set to “print”.
Next, at the host terminal 100, the user encrypts his / her user ID with a predetermined encryption algorithm, inserts an authentication card into the card writer 66, and writes the encryption information obtained by the encryption into the card writer 66. The password information may be written in advance on the authentication card.

Next, the user goes to the network printer 200 and inserts the authentication card in which the password information is recorded into the card reader 86.
In the network printer 200, when an authentication card is inserted into the card reader 86, an insertion flag is set through steps S352 to S356, and the password information is read from the authentication card by the card reader 86. The read password information is transmitted to the host terminal 100.

  In the host terminal 100, when the password information is received, the password information is decrypted through steps S202 and S204, and a job ID corresponding to the user ID obtained by the decryption is searched from the print job list 400. As a result, when the corresponding job ID is retrieved, it is determined through step S208 whether or not the handling corresponding to the retrieved job ID is “printing”. At this time, since the handling of the print data is not changed, it is determined that the handling is “printing”. Therefore, through step S210, a print permission notification including handling instruction information indicating “print” and the retrieved job ID is transmitted to the network printer 200.

  When receiving the print permission notification, the network printer 200 determines whether the handling is “printing” based on the handling instruction information included in the received printing permission notification through step S402. At this time, since the handling of the handling instruction information is set to “print”, it is determined that the handling is “print”. Therefore, the encrypted print data corresponding to the job ID included in the received print permission notification is read from the storage device 82 through steps S404 to S408, the print data is deleted from the storage device 82, and the authentication destination list 420 Based on the above, a decryption key acquisition request is transmitted to the host terminal 100.

  When the host terminal 100 receives the decryption key acquisition request, the encryption key corresponding to the retrieved job ID is read from the print job list 400 through steps S214 and S216, and the read encryption key is the decryption key. To the network printer 200. Further, the record corresponding to the searched job ID is deleted from the print job list 400 through step S218.

  When the network printer 200 receives the decryption key, the encrypted print data is decrypted with the received decryption key through steps S412 and S414, and printing is performed by the printer engine 84 based on the print data obtained by the decryption. Is called. When printing is completed, the record corresponding to the job ID included in the received print permission notification is deleted from the authentication destination list 420 through step S420.

Next, a case where the handling of print data is changed will be described.
When the authentication card is lost or the like, the user selects the job ID of the corresponding print job at the host terminal 100 and selects, for example, “delete” for handling the corresponding print job.
In the host terminal 100, when “delete” is selected as the job ID and handling, a record corresponding to the selected job ID is searched from the print job list 400 through step S156, and the retrieved record is searched. “Delete” is set in the field 408.

  When the host terminal 100 receives the password information related to the print job whose handling is set to “delete”, the password information is decrypted, and the job ID corresponding to the user ID obtained by the decryption is in the print job list 400. Retrieved from As a result, when the corresponding job ID is retrieved, it is determined through step S220 whether or not the handling corresponding to the retrieved job ID is “delete”. At this time, since the handling is set to “delete”, it is determined that the handling is “deleted”. Therefore, a print permission notification including handling instruction information indicating “delete” and the searched job ID is transmitted to the network printer 200 through step S222.

  In the network printer 200, when the print permission notification is received, it is determined through step S424 whether or not the handling is “deletion” based on the handling instruction information included in the received printing permission notification. At this time, since the handling of the handling instruction information is set to “delete”, it is determined that the handling is “deleted”. Therefore, the encrypted print data corresponding to the job ID included in the received print permission notification is deleted from the storage device 82 through step S426.

In addition, the user can select, for example, “hold” for handling the corresponding print job at the host terminal 100.
In the host terminal 100, when “hold” is selected as the handling, a record corresponding to the selected job ID is searched from the print job list 400, and “hold” is set in the field 408 of the searched record. Is done.

  When the host terminal 100 receives the password information related to the print job whose handling is set to “hold”, the password information is decrypted, and the job ID corresponding to the user ID obtained by the decryption is stored in the print job list 400. Retrieved from As a result, when the corresponding job ID is searched, it is determined whether or not the handling corresponding to the searched job ID is “delete”. At this time, since the handling is set to “hold”, it is determined that the handling is not “delete”. Therefore, through step S224, a print permission notification including handling instruction information indicating “hold” and the retrieved job ID is transmitted to the network printer 200.

  When receiving the print permission notification, the network printer 200 determines whether or not the handling is “delete” based on the handling instruction information included in the received printing permission notification. At this time, since the handling of the handling instruction information is set to “hold”, it is determined that the handling is not “deletion”. Therefore, the encrypted print data corresponding to the job ID included in the received print permission notification is suspended through step S428.

Next, a case where printing is interrupted will be described.
When a situation occurs in which the user needs to leave the network printer 200 during printing, the user removes the authentication card from the card reader 86 in the network printer 200.
In the network printer 200, when the authentication card is removed, the insertion flag is reset through step S360. If printing is in progress, printing is interrupted through steps S416 and S422.

  In this way, in the present embodiment, the network printer 200 receives the print data together with the print request, saves the received print data in the storage device 82, and when the authentication card is inserted, the inserted authentication is inserted. When the certification information is read from the card, the read certification information is transmitted to the host terminal 100, and the print permission notification is received, printing is permitted. The host terminal 100 transmits the print data together with the print request to the network. When it is transmitted to the printer 200 and the certification information is received, it is determined whether or not the print data is eligible for use based on the received certification information, and when it is judged that the print data is eligible for use, the network printer A print permission notification is transmitted to 200.

  Accordingly, since the host terminal 100 performs use-qualification authentication, it is not necessary to provide the network printer 200 with a function for performing use-qualification authentication processing, and the cost of the network printer 200 can be reduced as compared with the conventional case. In addition, it becomes easy to update the usage-eligible authentication process, and the usage-eligible authentication process can be made different for each host terminal 100, so that security can be improved.

  Further, in the present embodiment, when the host terminal 100 sets the handling of either deletion or suspension for the print data and determines that the print data is eligible for use, the host terminal 100 displays handling instruction information indicating the set handling. The print permission notification including the print permission notification is transmitted to the network printer 200. When the network printer 200 receives the print permission notification, the network printer 200 stores the print permission notification in the storage device 82 based on the handling instruction information included in the received print permission notification. The print data is deleted or suspended.

  As a result, when the user loses the authentication card or the like, if the user sets either handling of deletion or suspension in the host terminal 100, printing is stopped even after print data is transmitted to the network printer 200. Can do. Therefore, it is possible to reduce the possibility that the printed content is seen by others who have obtained the certification information, and the security can be further improved.

  Furthermore, in the present embodiment, the host terminal 100 encrypts print data with a predetermined encryption key, transmits the encrypted print data obtained by the encryption to the network printer 200, and is eligible for use of the print data. When the determination is made, the same encryption key is transmitted as a decryption key to the network printer 200. When the network printer 200 receives the decryption key, the encrypted print data in the storage device 82 is received by the received decryption key. Is decoded, and printing is performed based on the print data obtained by decoding.

  As a result, since the print data is encrypted after the print data is transmitted from the host terminal 100 until printing is performed by the network printer 200, the print contents may be viewed even if the print data is stolen. Can be reduced, and security can be further improved. Further, since the network printer 200 acquires the decryption key at the time of printing, the use of the decryption key can be limited, and the security can be further improved.

Further, in the present embodiment, the network printer 200 permits printing only while the authentication card is inserted.
As a result, if a situation occurs in which the user must leave the network printer 200 during printing, the printing can be interrupted by removing the authentication card. Security can be further improved.

  In the first embodiment, the host terminal 100 corresponds to the device utilization apparatus of inventions 1 to 3, 7, 8, 13 to 15, 17 to 19, 29 to 31, and the print data transmission unit 11, I / O F58 and step S110 correspond to the output data transmission means of the invention 1, 2, 5, 13, 14 or 17. Step S110 corresponds to the output data transmission step of the invention 24, 25, 28 to 30 or 33, and the certification information receiving unit 12, I / F 58 and step S200 are the certification information of the invention 1, 2, 13 or 14. Corresponding to the receiving means, step S200 corresponds to the certification information receiving step of the invention 24, 25, 29 or 30.

  In the first embodiment, the print data handling setting unit 13 and steps S152 to S156 correspond to the output data handling setting means of the invention 3 or 15, and steps S152 to S156 are the outputs of the invention 26 or 31. Corresponding to the data handling setting step, the usage eligibility authentication unit 14 and steps S204 and S206 correspond to the usage eligibility authentication means of inventions 1 to 3, 5, 13 to 15 or 17. Steps S204 and S206 correspond to the use eligibility authentication steps of inventions 24 to 26, 28 to 31 or 33, and the network printer 200 is provided with inventions 1 to 3, 5, 7 to 9, 11 to 15, 17, 24. To 26, 28 to 31 or 33 network devices.

  In the first embodiment, the print data storage unit 20 and the storage device 82 store the output data of the invention 2, 3, 5, 8, 9, 11, 19, 20, 22, 30, 31, or 33. The print data receiving unit 21, I / F 78 and step S302 correspond to the output data receiving means of the invention 1, 2, 7 or 8. Step S302 corresponds to the output data receiving step of the invention 18, 19, 29 or 30, the print data storage unit 22 and step S308 correspond to the output data storage means of the invention 2 or 8, and step S308 includes This corresponds to the output data storing step of the invention 19 or 30.

  In the first embodiment, the printing unit 23, the printer engine 84, and steps S410 to S414, S424 to S428 correspond to the output means of inventions 1 to 3, 5 to 9, 11 or 12, and step S410. ˜S414, S424 to S428 correspond to the output steps of Inventions 18 to 20, 22, 23, 29 to 31, 33, or 34. Further, the proof information reading unit 24, the card reader 86, and step S354 correspond to the proof information obtaining means of the invention 1, 2, 6 to 8 or 12, and the step S354 is the invention 18, 19, 23, 29, 30 or This corresponds to 34 certification information acquisition steps.

  In the first embodiment, the proof information transmitting unit 25, I / F 78, and step S356 correspond to the proof information transmitting means of the invention 1, 2, 7, or 8, and the step S356 is the invention 18, 19 29 or 30, the print permission notification receiving unit 26, the I / F 78, and step S400 are output permission notification reception means of the invention 1 or 7, output permission notification reception means of the invention 2 or 8, Or it corresponds to the handling instruction information receiving means of the invention 3 or 9. Step S400 corresponds to the output permission notification reception step of the invention 18 or 29, the output permission notification reception step of the invention 19 or 30, or the handling instruction information reception step of the invention 20 or 31, and the print permission unit 27 and the step S400. , S416, S418, and S422 correspond to the output permission means of the invention 1, 2, 6 to 8 or 12.

  In the first embodiment, steps S400, S416, S418, and S422 correspond to the output permission step of the invention 18, 19, 23, 29, 30, or 34, and the I / F 78 and step S410 are the invention. Corresponding to the decryption key receiving means 5 or 11, step S410 corresponds to the decryption key receiving step of the invention 22 or 33. The print data corresponds to the output data of inventions 1 to 3, 5, 7 to 9, 11, 13 to 15, 17 to 20, 22, 24 to 26, 28 to 31 or 33. This corresponds to the output permission notification of the invention 1, 7, 13, 18, 24 or 29 or the output permission notification of the invention 2, 8, 14, 19, 25 or 30.

In the first embodiment, the authentication card corresponds to the authentication storage medium of the invention 6, 12, 23, or 34.
Next, a second embodiment of the present invention will be described with reference to the drawings. 12 to 15 are diagrams showing a second embodiment of the authentication output system, the network device, the device using apparatus, the output control program and the authentication program, and the authentication output method according to the present invention.

  The present embodiment is applied to the case where the authentication output system, the network device, the device using apparatus, the output control program and the authentication program, and the authentication output method according to the present invention are printed by the network printer 200 using the authentication card. However, the difference from the first embodiment is that an encryption key is provided in the network printer 200 instead of the host terminal 100.

First, the configuration of the host terminal 100 will be described.
The CPU 50 activates a predetermined program stored in a predetermined area of the ROM 52, and prints as shown in the flowcharts of FIGS. Request processing and usage eligibility authentication processing are performed.

First, the print request process will be described in detail with reference to FIG.
FIG. 12 is a flowchart showing the print request process.
When the print request process is executed by the CPU 50, first, as shown in FIG. 12, the process proceeds to step S500.
In step S500, it is determined whether printing is requested from a document creation application or the like. When it is determined that printing is requested (Yes), the process proceeds to step S502. The process waits in step S500 until printing is requested.

In step S502, print data is generated, the process proceeds to step S504, a print request is transmitted to the network printer 200, and the process proceeds to step S506.
In step S506, it is determined whether or not an encryption key has been received. If it is determined that an encryption key has been received (Yes), the process proceeds to step S508. Is waited in step S506 until it is received.

In step S508, the print data is encrypted with the received decryption key, the process proceeds to step S510, the encrypted print data obtained by the encryption is transmitted to the network printer 200, and the process proceeds to step S512.
In step S512, it is determined whether a job ID has been received. If it is determined that the job ID has been received (Yes), the process proceeds to step S514. Is waited for in step S512.

In step S514, the user ID of the user currently using the host terminal 100 is acquired, and the received job ID, the generated encryption key, and the acquired user ID are associated with each other and registered in the print job list 400, and the record is recorded. Field 408 is set to “print”, a series of processing is terminated, and the original processing is restored.
Next, the use eligibility authentication process will be described in detail with reference to FIG.

FIG. 13 is a flowchart showing the use-qualification authentication process.
When the use eligibility authentication process is executed in the CPU 50, as shown in FIG. 13, first, the process proceeds to step S550.
In step S550, it is determined whether the password information has been received. When it is determined that the password information has been received (Yes), the process proceeds to step S552. Is waited in step S550 until it is received.

In step S552, the personal identification information is decrypted by a predetermined decryption algorithm, and the process proceeds to step S554 to search the print job list 400 for a job ID corresponding to the certification information (user ID) obtained by the decryption. Then, the process proceeds to step S556.
In step S556, it is determined whether or not the corresponding job ID has been searched. If it is determined that the corresponding job ID has been searched (Yes), the process proceeds to step S558 and corresponds to the searched job ID. It is determined whether or not the handling is “printing”, and when it is determined that the handling is “printing” (Yes), the process proceeds to step S560.

In step S560, the print permission notification including the handling instruction information indicating “print” and the searched job ID is transmitted to the network printer 200, and the process proceeds to step S562, and the record corresponding to the searched job ID is printed. It deletes from the list 400, terminates a series of processes, and returns to the original process.
On the other hand, when it is determined in step S558 that the handling corresponding to the retrieved job ID is not “printing” (No), the process proceeds to step S564, and the handling corresponding to the retrieved job ID is “deletion”. If it is determined whether or not the handling is “deletion” (Yes), the process proceeds to step S 566, and the print permission notification including the handling instruction information indicating “deletion” and the searched job ID is obtained. Is transmitted to the network printer 200, a series of processing is terminated, and the original processing is restored.

On the other hand, when it is determined in step S564 that the handling corresponding to the searched job ID is not “delete” (No), the process proceeds to step S568, and the handling instruction information indicating “hold” and the searched job ID are obtained. Is sent to the network printer 200, and a series of processing is terminated to return to the original processing.
On the other hand, if it is determined in step S556 that the corresponding job ID is not searched (No), the series of processes is terminated and the original process is restored.

Next, the configuration of the network printer 200 will be described.
The CPU 70 activates a predetermined program stored in a predetermined area of the ROM 72, and instead of the print request reception process and the print control process shown in the flowcharts of FIGS. 9 and 11, the print shown in the flowcharts of FIGS. A request reception process and a print control process are executed.

First, the print request reception process will be described in detail with reference to FIG.
FIG. 14 is a flowchart showing print request reception processing.
When the print request acceptance process is executed by the CPU 70, first, as shown in FIG. 14, the process proceeds to step S600.
In step S600, it is determined whether or not a print request has been received. If it is determined that a print request has been received (Yes), the process proceeds to step S602. If not (No), a print request is received. Until it is received in step S600.

  In step S602, a predetermined encryption key held in advance is transmitted to the requesting host terminal 100, the process proceeds to step S604, the encrypted print data is received, the process proceeds to step S606, and the received encryption key is received. A job ID is issued for the print data, the process proceeds to step S608, the issued job ID is transmitted to the requesting host terminal 100, and the process proceeds to step S610.

In step S610, the received encrypted print data is stored in the storage device 82 in association with the issued job ID, the process proceeds to step S612, and the address of the requesting host terminal 100 is extracted from the print request and issued. The job ID and the extracted address are associated with each other and registered in the authentication destination list 420, and a series of processes is terminated and the original process is restored.
Next, the print control process will be described in detail with reference to FIG.

FIG. 15 is a flowchart showing the print control process.
When the print control process is executed by the CPU 70, first, as shown in FIG. 15, the process proceeds to step S650.
In step S650, it is determined whether a print permission notification has been received. If it is determined that the print permission notification has been received (Yes), the process proceeds to step S652, but if not (No), The process waits in step S650 until a print permission notification is received.

In step S652, whether or not the handling is “printing” is determined based on the handling instruction information included in the received print permission notification. If it is determined that the handling is “printing” (Yes), step S654 is performed. Migrate to
In step S654, the encrypted print data corresponding to the job ID included in the received print permission notification is read from the storage device 82, and the process proceeds to step S656 to encrypt the job ID included in the received print permission notification. The print data is deleted from the storage device 82, and the process proceeds to step S658.

In step S658, the read encrypted print data is decrypted with a predetermined encryption key held in advance, the process proceeds to step S660, and printing is performed by the printer engine 84 based on the print data obtained by the decryption. The process proceeds to step S662.
In step S662, it is determined whether or not the insertion flag is set. When it is determined that the insertion flag is set (Yes), the process proceeds to step S664 to determine whether or not printing is completed. If it is determined that printing has been completed (Yes), the process proceeds to step S666, the record corresponding to the job ID included in the received print permission notification is deleted from the authentication destination list 420, and the series of processing ends. To return to the original process.

On the other hand, when it is determined in step S664 that printing has not been completed (No), the process proceeds to step S660.
On the other hand, when it is determined in step S662 that the insertion flag has been reset (No), the process proceeds to step S668, printing is interrupted, and the process proceeds to step S666.
On the other hand, when it is determined in step S652 that the handling is not “printing” (No), the process proceeds to step S670, and whether the handling is “deletion” based on the handling instruction information included in the received print permission notification. If it is determined whether or not the handling is “delete” (Yes), the process proceeds to step S672, and the encrypted print data corresponding to the job ID included in the received print permission notification is stored in the storage device 82. Is deleted, and a series of processing is terminated and the original processing is restored.

On the other hand, when it is determined in step S670 that the handling is not “deletion” (No), the process proceeds to step S674, the encrypted print data corresponding to the job ID included in the received print permission notification is suspended, The process is terminated and the original process is restored.
Next, the operation of the present embodiment will be described.
The user requests printing using the document creation application or the like at the host terminal 100.

In the host terminal 100, when printing is requested, print data is generated through steps S502 and S504, and the print request is transmitted to the network printer 200.
In the network printer 200, when a print request is received, a predetermined encryption key held in advance is transmitted to the host terminal 100 through step S602.
When the host terminal 100 receives the encryption key, the print data is encrypted with the received encryption key through steps S508 and S510, and the encrypted print data obtained by the encryption is transmitted to the network printer 200.

  When the network printer 200 receives the encrypted print data, the job ID is issued to the received encrypted print data through steps S606 and S608, and the issued job ID is transmitted to the host terminal 100. The encrypted print data is stored in the storage device 82 in association with the issued job ID through step S610. In step S612, the address of the host terminal 100 is extracted from the print request, and the issued job ID and the extracted address are associated with each other and registered in the authentication destination list 420.

Upon receiving the job ID, the host terminal 100 acquires the user ID of the user currently using the host terminal 100 through step S514, and prints the received job ID and the acquired user ID in association with each other. Registered in the job list 400, the field 408 of the record is set to “print”.
Next, the user goes to the network printer 200 and inserts the authentication card in which the password information is recorded into the card reader 86.

In the network printer 200, when an authentication card is inserted into the card reader 86, an insertion flag is set through steps S352 to S356, and the password information is read from the authentication card by the card reader 86. The read password information is transmitted to the host terminal 100.
In the host terminal 100, when the password information is received, the password information is decrypted through steps S552 and S554, and a job ID corresponding to the user ID obtained by the decryption is searched from the print job list 400. As a result, when the corresponding job ID is retrieved, it is determined through step S558 whether or not the handling corresponding to the retrieved job ID is “printing”. At this time, since the handling of the print data is not changed, it is determined that the handling is “printing”. Therefore, through step S560, a print permission notification including handling instruction information indicating “print” and the searched job ID is transmitted to the network printer 200.

  In the network printer 200, when the print permission notification is received, it is determined through step S652 whether or not the handling is “printing” based on the handling instruction information included in the received print permission notification. At this time, since the handling of the handling instruction information is set to “print”, it is determined that the handling is “print”. Therefore, the encrypted print data corresponding to the job ID included in the received print permission notification is read from the storage device 82 through steps S654 and S656, and the print data is deleted from the storage device 82. The read encrypted print data is decrypted with a predetermined encryption key held in advance through steps S658 and S660, and printing is performed by the printer engine 84 based on the print data obtained by the decryption. Is called.

  In this way, in the present embodiment, the host terminal 100 encrypts the print data with the encryption key acquired from the network printer 200, and transmits the encrypted print data obtained by the encryption to the network printer 200. The network printer 200 stores the received encrypted print data in the storage device 82. When the network printer 200 receives a print permission notification, the network printer 200 decrypts the encrypted print data in the storage device 82 with the same encryption key. Printing is performed based on the print data obtained in this way.

As a result, since the print data is encrypted from when the print data is transmitted by the host terminal 100 to when the print is performed by the network printer 200, the print contents can be viewed even if the print data is stolen. Can be reduced, and security can be further improved.
In the second embodiment, the print data transmission unit 11, I / F 58 and steps S504 to S510 correspond to the output data transmission means of the invention 1, 2, 4, 13, 14 or 16, and steps S504 to S510. Corresponds to the output data transmission step of the invention 24, 25, 27, 29 or 30. The proof information receiving unit 12, I / F 58 and step S550 correspond to the proof information receiving means of the invention 1, 2, 13 or 14, and step S550 is the proof information receiving step of the invention 24, 25, 29 or 30. The use qualified authentication unit 14 and steps S554 and S556 correspond to use qualified authentication means of inventions 1 to 3, 13 to 15.

  In the second embodiment, steps S554 and S556 correspond to the usage eligibility authentication steps of inventions 24 to 26 and 29 to 31, and I / F 78 and step S602 are the encryption key transmissions of invention 4 or 10. Corresponding to the means, step S602 corresponds to the encryption key transmission step of the invention 21 or 32. The print data receiving unit 21, I / F 78 and step S604 correspond to the output data receiving means of the invention 1, 2, 7 or 8, and step S604 is the output data receiving step of the invention 18, 19, 29 or 30. The print data storage unit 22 and step S610 correspond to the output data storage means of the invention 2 or 8.

  In the second embodiment, step S610 corresponds to the output data storage step of the invention 19 or 30, and the printing unit 23, printer engine 84, and steps S658, S660, S670 to S674 are inventions 1 to 4. , 6 to 10 or 12 output means. Steps S658, S660, S670 to S674 correspond to the output steps of Inventions 18 to 21, 23, 29 to 32 or 34, and the print permission notification receiver 26, I / F 78 and Step S650 are those of Invention 1 or 7. Output permission notification receiving means, invention 2 or 8 output permission notification receiving means, or handling instruction information receiving means of invention 3 or 9.

  In the second embodiment, step S650 corresponds to the output permission notification reception step of the invention 18 or 29, the output permission notification reception step of the invention 19 or 30, or the handling instruction information reception step of the invention 20 or 31. The print permission unit 27 and steps S650, S662, S664, and S668 correspond to the output permission means of the first, second, sixth to eighth, or twelfth aspects. Steps S650, S662, S664 and S668 correspond to the output permission step of the invention 18, 19, 23, 29, 30 or 34.

  In the first and second embodiments, the encryption and decryption are performed by the common key encryption method. However, the present invention is not limited to this, and the encryption and decryption are performed by the public key encryption method. Can also be configured. In this case, in the first embodiment, the network printer 200 does not need to acquire the encryption key from the host terminal 100, and can decrypt the encrypted print data using its own secret key.

In the second embodiment, the print data is encrypted with a fixed encryption key. However, the present invention is not limited to this, and an encryption key is generated every time print data is received. The print data can be encrypted with a key.
In the first and second embodiments, the network printer 200 is configured to receive the print permission notification at any time. However, the present invention is not limited to this, and the print permission notification is performed only while the authentication card is inserted. Can also be configured to receive.

This makes it possible to limit the period for receiving the print permission notification, thereby making it easier to avoid unauthorized access such as a DoS (Denial of Service attack) attack.
In the first and second embodiments, the storage device 82 is not particularly described. However, a recording method with high reliability and high speed such as striping and mirroring is adopted as the recording method of the storage device 82. You can also.

  In the first and second embodiments, the network printer 200 is configured to read the password information from an authentication card such as an IC card. However, the present invention is not limited to this. For example, a magnetic card or RFID (Radio) is used. (Frequency IDentification) The password information may be read from the device, or the password information may be input from the portable terminal by wireless communication such as IrDA or Bluetooth. Further, for example, the password information may be input by bar code input or manual input via a panel, or the password information is input from another terminal communicably connected to the network printer 200. You may comprise as follows.

  In the first and second embodiments, the host terminal 100 may authenticate with a password corresponding to each print job, or with a password unique to the user and the organization to which the user belongs. Authentication may be performed. Further, in addition to the password information, authentication based on additional information such as a user usage history and a time history may be performed. The authentication based on the usage history is, for example, that the number of printable sheets (for example, 100 sheets / month) is set and the authentication is rejected when it is determined that the number of printable sheets by the user exceeds the number of printable sheets. The authentication based on the time history is, for example, that an available time zone (for example, 9 to 11:00) is set, authentication is performed in the available time zone, but authentication is refused outside the available time zone. It is.

In the first and second embodiments, the proof information is encrypted. However, the present invention is not limited to this, and the proof information may be used in plain text without being encrypted. .
In the first and second embodiments, the print data storage unit 20 is provided in the network printer 200. However, the present invention is not limited to this, and the print data storage unit 20 is provided in the host terminal 100 and other terminals. It can also be provided.

  In the first and second embodiments, the control programs stored in advance in the ROMs 52 and 72 in executing the processing shown in the flowcharts of FIGS. 4 to 6 and FIGS. 9 to 15. However, the present invention is not limited to this, and the program may be read into the RAMs 54 and 74 from the storage medium storing the program showing these procedures and executed.

  Here, the storage medium is a semiconductor storage medium such as RAM or ROM, a magnetic storage type storage medium such as FD or HD, an optical reading type storage medium such as CD, CDV, LD, or DVD, or a magnetic storage type such as MO. / Optical reading type storage media, including any storage media that can be read by a computer regardless of electronic, magnetic, optical, or other reading methods.

  In the first and second embodiments, the authentication output system, the network device, the device using apparatus, the output control program and the authentication program, and the authentication output method according to the present invention are connected to the network using the authentication card. Although the present invention is applied to the case where printing is performed by the printer 200, the present invention is not limited to this, and can be applied to other cases without departing from the gist of the present invention. For example, projector, home gateway, personal computer, PDA (Personal Digital Assistant), network storage, audio equipment, mobile phone, PHS (registered trademark) (Personal Handyphone System), watch type PDA, STB (Set Top Box), POS (Point Of Sale) It can be applied to terminals, FAX machines, telephones (including IP telephones), and other output devices.

It is a functional block diagram which shows the function outline | summary of a network system. 2 is a block diagram illustrating a hardware configuration of a host terminal 100. FIG. 6 is a diagram illustrating a data structure of a print job list 400. FIG. 6 is a flowchart illustrating print request processing. 6 is a flowchart illustrating print data handling setting processing. It is a flowchart which shows a use eligibility authentication process. 2 is a block diagram illustrating a hardware configuration of a network printer 200. FIG. 6 is a diagram showing a data structure of an authentication destination list 420. FIG. It is a flowchart which shows a print request reception process. It is a flowchart which shows an authentication card reading process. 6 is a flowchart illustrating print control processing. 6 is a flowchart illustrating print request processing. It is a flowchart which shows a use eligibility authentication process. It is a flowchart which shows a print request reception process. 6 is a flowchart illustrating print control processing.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Host terminal, 10 ... Print data generation part, 11 ... Print data transmission part, 12 ... Certification information reception part, 13 ... Print data handling setting part, 14 ... Use eligibility authentication part, 200 ... Network printer, 20 ... Print data Storage unit 21 ... Print data receiving unit 22 ... Print data storing unit 23 ... Printing unit 24 ... Certificate information reading unit 25 ... Certificate information transmitting unit 26 ... Print permission notification receiving unit 27 ... Print permission unit, 50, 70 ... CPU, 52, 72 ... ROM, 54, 74 ... RAM, 58, 78 ... I / F, 59, 79 ... bus, 60 ... input device, 62, 82 ... storage device, 64 ... display device, 66 , Card writer, 80, operation panel, 84, printer engine, 86, card reader, 400, print job list, 420, authentication destination list, 1 99 ... Network

Claims (16)

An authentication output system in which a network device that performs output based on output data and a device using apparatus that uses the network device are connected to be communicable, and the network device performs output through authentication,
The network device includes: output data receiving means for receiving the output data; output means for outputting based on the output data received by the output data receiving means; and certification information for certifying eligibility for use of the output data Certification information acquisition means for acquiring the certification information, certification information transmission means for transmitting the certification information acquired by the certification information acquisition means to the device using device, and output permission notification for receiving output permission notification indicating permission or non-permission of output Receiving means, and output permission means for permitting output by the output means depending on whether the output permission notification received by the output permission notification receiving means or whether the output permission notification is received,
The device utilization apparatus has output data transmission means for transmitting the output data to the network device, certification information reception means for receiving the certification information, and usage eligibility authentication means for authenticating the eligibility for use of the output data. And
The usage eligibility authentication unit determines whether or not the output data is eligible for use based on the certification information received by the certification information reception unit, and notifies the network device of the output permission notification based on the determination result. An authentication output system characterized by being configured to transmit. An authentication output system in which a network device that performs output based on output data and a device using apparatus that uses the network device are connected to be communicable, and the network device performs output through authentication,
The network device includes output data receiving means for receiving the output data, output data storing means for storing output data received by the output data receiving means in output data storage means, and output data of the output data storage means. Output means for performing output based on the certification information, certification information acquisition means for acquiring certification information for certifying eligibility for use of the output data, and certification for transmitting the certification information acquired by the certification information acquisition means to the device using apparatus An information transmission unit, an output permission notification receiving unit that receives an output permission notification indicating permission of output, and an output permission unit that permits output by the output unit in response to the output permission notification received by the output permission notification receiving unit; Have
The device utilization apparatus has output data transmission means for transmitting the output data to the network device, certification information reception means for receiving the certification information, and usage eligibility authentication means for authenticating the eligibility for use of the output data. And
When the use eligibility authentication unit determines that the output data is eligible for use based on the certification information received by the certification information reception unit, the use eligibility authentication unit transmits the output permission notification to the network device. An authentication output system characterized by that. In claim 2,
The device utilization apparatus further includes output data handling setting means for setting the handling of either deletion or suspension for the output data,
When the use eligibility authentication means determines that the output data is eligible for use, the handling instruction information indicating the handling set by the output data handling setting means is transmitted to the network device,
The network device further includes handling instruction information receiving means for receiving the handling instruction information,
The authentication output system characterized in that the output means deletes or holds the output data of the output data storage means based on the handling instruction information received by the handling instruction information receiving means. In any one of Claim 2 and 3,
The network device further includes an encryption key transmission unit that transmits a predetermined encryption key to the device utilization apparatus in response to an acquisition request from the device utilization apparatus,
The output data transmitting means transmits the acquisition request to the network device and receives the encryption key, encrypts the output data with the received encryption key, and encrypts the output data obtained by encryption. To the device,
The output means decrypts the encrypted output data of the output data storage means with a decryption key corresponding to the encryption key, and outputs based on the output data obtained by decryption. Authentication output system. In any one of Claim 2 and 3,
The output data transmitting means encrypts the output data with a predetermined encryption key, and transmits the encrypted output data obtained by encryption to the network device.
When the use eligibility authentication unit determines that the output data is eligible for use, it transmits a decryption key corresponding to the encryption key to the network device;
The network device further includes decryption key receiving means for receiving the decryption key,
The output means decrypts the encrypted output data of the output data storage means with the decryption key received by the decryption key reception means, and outputs based on the output data obtained by decryption Authentication output system characterized by In any one of Claims 2 thru | or 5,
The certification information acquisition means is adapted to read the certification information from a given authentication storage medium,
The authentication output system, wherein the output permission means permits the output by the output means only while the authentication storage medium is provided to the certification information acquisition means. A network device that performs output based on output data,
Output data receiving means for receiving output data, output means for outputting based on the output data received by the output data receiving means, and certification information acquisition for obtaining certification information for certifying eligibility for use of the output data Means, a proof information transmitting means for transmitting the proof information acquired by the proof information acquiring means to the device using device, an output permission notification receiving means for receiving an output permission notification indicating permission or non-permission of output, and the output permission / rejection A network device comprising: an output permission unit that permits output by the output unit according to whether or not an output permission notification is received by the notification receiving unit or whether the output permission notification is received. A network device that performs output based on output data,
Output data receiving means for receiving the output data, output data saving means for saving the output data received by the output data receiving means in output data storage means, and outputting based on the output data of the output data storage means Output means, certification information acquisition means for acquiring certification information for certifying eligibility for use of the output data, certification information transmission means for transmitting certification information acquired by the certification information acquisition means to a device using device, and output Output permission notification receiving means for receiving an output permission notification indicating permission, and output permission means for permitting output by the output means in response to the output permission notification received by the output permission notification receiving means, Network device to use. A device utilization device for authenticating the eligibility of output data,
Output data transmitting means for transmitting the output data to a network device, certification information receiving means for receiving certification information for certifying the usage eligibility of the output data, and usage eligibility authentication means for authenticating the eligibility for use of the output data And
The usage eligibility authentication unit determines whether or not the output data is eligible for use based on the certification information received by the certification information reception unit, and indicates whether the output is permitted or not based on the determination result. A device utilization apparatus configured to transmit an output permission notification to the network device. A device utilization device for authenticating the eligibility of output data,
Output data transmitting means for transmitting the output data to a network device, certification information receiving means for receiving certification information for certifying the usage eligibility of the output data, and usage eligibility authentication means for authenticating the eligibility for use of the output data And
When the use eligibility authentication unit determines that the output data is eligible for use based on the certification information received by the certification information reception unit, the use eligibility authentication unit transmits an output permission notification indicating permission of output to the network device. A device utilization apparatus, characterized in that An output control program for performing output based on output data,
An output data receiving step for receiving output data, an output step for outputting based on the output data received in the output data receiving step, and certification information acquisition for acquiring certification information for certifying eligibility for use of the output data A certification information transmission step for transmitting the certification information acquired in the certification information acquisition step to the device using device, an output permission notification reception step for receiving an output permission notification indicating permission or non-permission of output, and the output permission / rejection Including a program for causing a computer to execute processing including an output permission notification received in the notification reception step or an output permission step for permitting output of the output step according to whether the output permission notification is received or not. Output control program. An output control program for performing output based on output data,
An output data receiving step for receiving the output data, an output data storing step for storing the output data received in the output data receiving step in an output data storage means, and an output based on the output data of the output data storage means An output step, a certification information acquisition step for acquiring certification information for certifying eligibility for use of the output data, a certification information transmission step for transmitting the certification information acquired in the certification information acquisition step to a device using device, and an output A process comprising: an output permission notification receiving step for receiving an output permission notification indicating permission of the output; and an output permission step for permitting the output of the output step according to the output permission notification received in the output permission notification receiving step. An output control program characterized by including a program for execution An authentication program for verifying eligibility for use of output data,
An output data transmitting step for transmitting the output data to a network device; a certification information receiving step for receiving certification information for proving the eligibility for use of the output data; and a usage eligibility authentication step for authenticating the usage eligibility of the output data. Including a program for causing a computer to execute a process consisting of:
The usage eligibility authentication step determines whether or not the output data is eligible for use based on the certification information received in the certification information reception step, and indicates whether the output is permitted or not based on the determination result. An authentication program that transmits an output permission notification to the network device. An authentication program for verifying eligibility for use of output data,
An output data transmitting step for transmitting the output data to a network device; a certification information receiving step for receiving certification information for proving the eligibility for use of the output data; and a usage eligibility authentication step for authenticating the usage eligibility of the output data. Including a program for causing a computer to execute a process consisting of:
When the use eligibility authentication step determines that the output data is eligible for use based on the certification information received in the certification information reception step, an output permission notification indicating permission of output is transmitted to the network device. An authentication program characterized by An authentication output method in which a network device that performs output based on output data and a device using device that uses the network device are communicably connected, and the network device performs output after authentication,
For the device utilization device,
An output data transmission step of transmitting the output data to the network device;
For the network device:
An output data receiving step for receiving the output data, and an output step for performing output based on the output data received in the output data receiving step,
For the network device,
A certification information acquisition step for acquiring certification information for certifying eligibility for use of the output data, and a certification information transmission step for transmitting the certification information acquired in the certification information acquisition step to the device using device,
For the device utilization device,
A certification information receiving step for receiving the certification information;
It is determined whether or not the output data is eligible for use based on the certification information received in the certification information receiving step, and based on the determination result, an output permission / notification indicating whether output is permitted or not is sent to the network device. Including an eligibility step to send to
For the network device,
An output permission notification receiving step for receiving the output permission notification; an output permission step for permitting output of the output step according to whether the output permission notification received in the output permission notification receiving step or the output permission notification is received; An authentication output method comprising: An authentication output method in which a network device that performs output based on output data and a device using device that uses the network device are communicably connected, and the network device performs output after authentication,
For the device utilization device,
An output data transmission step of transmitting the output data to the network device;
For the network device:
An output data receiving step for receiving the output data, an output data storing step for storing the output data received in the output data receiving step in an output data storage means, and an output based on the output data of the output data storage means An output step,
For the network device,
A certification information acquisition step for acquiring certification information for certifying eligibility for use of the output data, and a certification information transmission step for transmitting the certification information acquired in the certification information acquisition step to the device using device,
For the device utilization device,
A certification information receiving step for receiving the certification information;
When it is determined that the output data is eligible for use based on the certification information received in the certification information receiving step, the usage eligibility authentication step of transmitting an output permission notification indicating permission of output to the network device,
For the network device,
An authentication output comprising: an output permission notification receiving step for receiving the output permission notification; and an output permission step for permitting output of the output step according to the output permission notification received in the output permission notification receiving step. Method.

Images