JP2003152695A - Encryption communication system, communication management terminal, communication terminal, program for terminal and encryption communication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an encryption communication system suitable for protecting the secrecy of print data in the case of remote printing and further suitable for application to a network environment sharing a global IP address. SOLUTION: An encryption control session is established between a client corresponding to NPSP and an NPSP server 100 and between a printer corresponding to NPSP and the NPSP server 100 and an encryption key is distributed from the NPSP server 100 to the client corresponding to NPSP and the printer corresponding to NPSP via the established encryption control session. In the client corresponding to NPSP and the printer corresponding to NPSP, an encryption data session is established between the client corresponding to NPSP and the printer corresponding to NPSP by using the distributed encryption key and print data are exchanged through the established encryption data session.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system, a terminal, a program, and a method for encrypted communication of print data, and is particularly suitable for protecting the confidentiality of print data in remote printing. Furthermore, the present invention relates to an encrypted communication system, a communication management terminal, a communication terminal and a terminal program, and an encrypted communication method suitable for being applied to a network environment that shares a global IP address.

[0002]

2. Description of the Related Art Conventionally, as a remote printing technique via a network, for example, IPP (Internet Printing) which is an application level protocol that can be used for distributed printing by using Internet tools and techniques.
Protocol is IETF (Internet Engineering Task Fo)
rce) has been specified. Regarding IPP, "Intern" was announced by IETF in May 1999.
et Printing Protocol 1.1: Model and Semantics (dra
ft-ietf-ipp-model-v11-02) ”.

[0003]

[Problems to be Solved by the Invention] However, IPP
In this case, since print data is transmitted and received between a user terminal that requests printing and a printing terminal that performs printing (for example, a network compatible printer) without encryption, confidentiality is maintained. It is not suitable for exchanging high print data.

Further, for example, even if the encrypted communication is performed by the common key method, since a common encryption key is required between the user terminal and the printing terminal, those terminals are prior to the encrypted communication. The encryption key must be delivered between them. When this is realized on the Internet, it cannot be simply performed if either the user terminal or the printing terminal is a terminal sharing a global IP address. That is, terminals that share a global IP address must convert the global IP address into a unique private IP address using a proxy server, router, etc.
Simply called NAT. ) Is used to share the global IP address, but in such a network environment, it is not possible to uniquely identify the terminal when viewed from the outside, so the encryption key is actively distributed from the external terminal. Can't do it. In particular, when both the user terminal and the printing terminal are terminals sharing the global IP, it is extremely difficult to deliver the encryption key because neither of them can actively perform the global IP.

Further, in order to perform encrypted communication, it is necessary to mount a protocol for performing encrypted communication on the user terminal and the printing terminal. Therefore, it is not possible to easily use the existing user terminal and printing terminal with the setting change on the hardware or the software. Therefore, the present invention has been made by paying attention to the unsolved problem of such a conventional technique, and is suitable for protecting the confidentiality of print data when performing remote printing. An object of the present invention is to provide an encrypted communication system, a communication management terminal, a communication terminal and a program for a terminal, and an encrypted communication method suitable for being applied to a network environment that shares an IP address.

[0006]

In order to achieve the above object, in an encrypted communication system according to a first aspect of the present invention, a first communication terminal and a second communication terminal are communicably connected to a communication management terminal. Then, an encrypted connection is established between the first communication terminal and the second communication terminal via the communication management terminal, and the first communication terminal and the second communication terminal transmit data via the encrypted connection. A system for communication, which is a cryptographic control connection that enables encrypted communication between the first communication terminal and the communication management terminal and between the second communication terminal and the communication management terminal An encryption control connection is established, and an encryption key is delivered from the communication management terminal to the first communication terminal and the second communication terminal through the established encryption control connection, and the first communication terminal and the second communication End, using the delivered cryptographic key, between the second communication terminal and the first communication terminal,
An encrypted data connection, which is a connection for data communication capable of encrypted communication, is established, and data communication is performed through the established encrypted data connection.

With such a configuration, an encryption control connection is established between the first communication terminal and the communication management terminal and between the second communication terminal and the communication management terminal, and the established encryption control is established. The encryption key is delivered from the communication management terminal to the first communication terminal and the second communication terminal through the connection. Then, the encrypted data connection is established between the first communication terminal and the second communication terminal using the distributed encryption key by the first communication terminal and the second communication terminal, and the established encrypted data connection is established. Data communication is performed through.

Here, the encrypted data connection may be established between the first communication terminal and the second communication terminal, and is directly established between the first communication terminal and the second communication terminal. Alternatively, it may be established between the first communication terminal and the second communication terminal via the communication management terminal or one or more terminals. This also applies to the encrypted control connection. Hereinafter, the communication management terminal according to claim 16, the terminal program according to claim 23, and claim 3.
The same applies to the encrypted communication method described in 0.

The encrypted data connection is the first
It may be established by active action from the communication terminal or may be established by active action from the second communication terminal. For example, when the first communication terminal uses the service of the second communication terminal, it is generally established by active action from the first communication terminal. Hereinafter, the same applies to the communication management terminal according to claim 16, the terminal program according to claim 23, and the encrypted communication method according to claim 30.

The communication management terminal may be a communication facility connected to one end of a communication path with the first communication terminal or the second communication terminal and has at least a server function,
It may be configured to have both the client function and the server function. Hereinafter, the same applies to the encrypted communication system according to claims 14 and 15, the communication management terminal according to claim 16, the terminal program according to claim 23, and the encrypted communication method according to claim 30.

Further, an encrypted communication system according to a second aspect of the present invention is the encrypted communication system according to the first aspect, wherein a plurality of the second communication terminals are communicatively connected to the communication management terminal, When the communication management terminal receives the connection establishment request from the first communication terminal,
Select a second communication terminal related to the connection establishment request from the plurality of second communication terminals, and transmit the encryption key to the selected second communication terminal and the first communication terminal through the encryption control connection. It has become.

With this configuration, when the communication management terminal receives the connection establishment request from the first communication terminal, the second communication terminal relating to the connection establishment request is selected from the plurality of second communication terminals. Then, the encryption key is transmitted to the selected second communication terminal and first communication terminal through the encryption control connection. Here, the connection establishment request may be transmitted / received through the encrypted control connection, or a connection different from the encrypted control connection may be established and transmitted / received through the connection. Hereinafter, the same applies to the encrypted communication system according to claims 5, 7, 9 and 11.

Further, the encrypted communication system according to a third aspect of the present invention is the encrypted communication system according to the second aspect, wherein the communication management terminal is the second communication terminal for each second communication terminal. A second communication terminal specified by the terminal information of the terminal information storage means, to the first communication terminal, When the connection establishment request is received, the second communication related to the connection establishment request is made from among the second communication terminals specified by the terminal information of the terminal information storage means, in which the encrypted control connection is established. Select your device,
The encryption key is transmitted to the selected second communication terminal and the first communication terminal through the encryption control connection.

With such a configuration, in the communication management terminal, the second information specified by the terminal information in the terminal information storage means is used.
The communication terminal is presented to the first communication terminal. In response to the presentation, when a connection establishment request is received from the first communication terminal, the connection establishment is established from the second communication terminals identified by the terminal information of the terminal information storage means among which the encrypted control connection has been established. The second communication terminal relating to the request is selected, and the encryption key is transmitted to the selected second communication terminal and first communication terminal through the encryption control connection.

Here, the terminal information storage means stores the terminal information by any means at any time, and may store the terminal information in advance, or may store the terminal information in advance. Alternatively, the terminal information may be stored by an external input or the like when the present system operates. Further, claim 4 according to the present invention
The encrypted communication system according to claim 1, in the encrypted communication system according to claim 1, wherein the first communication terminal and the second communication terminal are communicably connected to each other, and the first communication terminal is connected to the first communication terminal. Is assigned a representative address that can be used by the second communication terminal, and a representative address that can be used by the first communication terminal is assigned to the second communication terminal. The first communication terminal and the second communication terminal are the first communication terminal and the second communication terminal between the first communication terminal and the second communication terminal without using the communication management terminal or the communication management terminal. The encrypted data connection is established between the two communication terminals using the encryption key.

With such a configuration, since the representative address is exclusively assigned to the first communication terminal and the second communication terminal, the first communication terminal and the second communication terminal
An encrypted data connection using an encryption key between the first communication terminal and the second communication terminal without passing through the communication management terminal or between the first communication terminal and the second communication terminal through the communication management terminal Is established.

Further, in the encrypted communication system according to claim 5 of the present invention, in the encrypted communication system according to claim 4, one of the first communication terminal and the second communication terminal is: When a connection establishment request is transmitted to the other communication terminal of the first communication terminal and the second communication terminal, and a connection establishment response from the other communication terminal is received by the transmission of the request, the first communication Data communication using the encryption key is started between the terminal and the second communication terminal, and when the other communication terminal receives a connection establishment request from the one communication terminal, , A connection establishment response is transmitted to the one communication terminal, and data communication using the encryption key is started between the first communication terminal and the second communication terminal. .

With such a configuration, one communication terminal transmits a connection establishment request to the other communication terminal. Upon receiving the connection establishment request from one communication terminal, the other communication terminal transmits a connection establishment response to the one communication terminal. In one communication terminal,
When receiving the connection establishment response from the other communication terminal, data communication using the encryption key is started between the first communication terminal and the second communication terminal. Accordingly, the other communication terminal also starts data communication using the encryption key between the first communication terminal and the second communication terminal.

Here, the connection establishment response may be transmitted / received through the encrypted control connection, or a connection different from the encrypted control connection may be established and transmitted / received through the connection. Hereinafter, the same applies to the encrypted communication system according to claims 7, 9 and 11. Furthermore, the encrypted communication system according to claim 6 of the present invention is the encrypted communication system according to any one of claims 1 to 3, wherein the first communication terminal and the second communication terminal can communicate with each other. connection,
A representative address that can be used by the second communication terminal is exclusively assigned to the first communication terminal, and a representative address that can be used by the first communication terminal is another terminal in the second communication terminal. And the first communication terminal and the second communication terminal are shared between the first communication terminal and the second communication terminal without going through the communication management terminal or the communication management terminal. The encrypted data connection is established between the first communication terminal and the second communication terminal by using the encryption key.

With such a configuration, the representative address is exclusively assigned to the first communication terminal and the representative address is commonly assigned to the second communication terminal. , Encrypted data using an encryption key between the first communication terminal and the second communication terminal without going through the communication management terminal or between the first communication terminal and the second communication terminal through the communication management terminal The connection is established.

Further, in the encrypted communication system according to claim 7 of the present invention, in the encrypted communication system according to claim 6, the first communication terminal sends a reverse connection establishment request for transmitting a connection establishment request. When a connection establishment request from the second communication terminal is received by transmitting the request to the communication management terminal, a connection establishment response is sent to the second communication terminal, and the first communication terminal and the first communication terminal Data communication using the encryption key is started between two communication terminals, and when the communication management terminal receives a reverse connection establishment request from the first communication terminal, the reverse connection is established. The establishment request is transmitted to the second communication terminal through the encrypted control connection, and the second communication terminal is When the reverse connection establishment request from the communication management terminal is received through the encrypted control connection, the connection establishment request is transmitted to the first communication terminal, and the transmission of the request causes the connection establishment response from the first communication terminal to be transmitted. When received, data communication using the encryption key is started between the first communication terminal and the second communication terminal.

With such a configuration, the first communication terminal transmits a reverse connection establishment request to the communication management terminal. When the communication management terminal receives the reverse connection establishment request from the first communication terminal, the reverse connection establishment request is transmitted to the second communication terminal through the encrypted control connection. When the second communication terminal receives the reverse connection establishment request from the communication management terminal through the encrypted control connection, the connection establishment request is transmitted to the first communication terminal. When the first communication terminal receives the connection establishment request from the second communication terminal,
The connection establishment response is transmitted to the second communication terminal.

When the second communication terminal receives the connection establishment response from the first communication terminal, the second communication terminal and the second communication terminal
Data communication using the encryption key is started with the communication terminal. Along with this, similarly in the first communication terminal, data communication using the encryption key is started between the first communication terminal and the second communication terminal. Here, the reverse connection establishment request is
Transmission / reception may be performed through the encryption control connection, or a connection different from the encryption control connection may be established and transmission / reception may be performed through the connection.

Further, an encrypted communication system according to claim 8 of the present invention is the encrypted communication system according to any one of claims 1 to 3, wherein the first communication terminal and the second communication terminal are connected to each other. The first communication terminal is communicably connected, and a representative address that can be used by the second communication terminal is shared with another terminal. The second communication terminal includes the first communication terminal. A representative address that can be used is exclusively allocated, and the first communication terminal and the second communication terminal are between the first communication terminal and the second communication terminal without going through the communication management terminal, Alternatively, the encrypted data connection is established between the first communication terminal and the second communication terminal via the communication management terminal using the encryption key.

With such a configuration, since the representative address is commonly assigned to the first communication terminal and the representative address is exclusively assigned to the second communication terminal, the first communication terminal and the second communication terminal can , Encrypted data using an encryption key between the first communication terminal and the second communication terminal without going through the communication management terminal or between the first communication terminal and the second communication terminal through the communication management terminal The connection is established.

Further, in the encrypted communication system according to claim 9 of the present invention, in the encrypted communication system according to claim 8, the first communication terminal transmits a connection establishment request to the second communication terminal. , When the connection establishment response from the second communication terminal is received by the transmission of the request, the data communication using the encryption key is started between the first communication terminal and the second communication terminal. When the second communication terminal receives the connection establishment request from the first communication terminal, the second communication terminal transmits a connection establishment response to the first communication terminal, and the first communication terminal and the second communication terminal. Data communication using the encryption key is started with the terminal.

With this configuration, the first communication terminal sends a connection establishment request to the second communication terminal. When the second communication terminal receives the connection establishment request from the first communication terminal, the connection establishment response indicates the first connection establishment response.
It is transmitted to the communication terminal. When the first communication terminal receives the connection establishment response from the second communication terminal, the data communication using the encryption key is started between the first communication terminal and the second communication terminal. Along with this, similarly in the second communication terminal, data communication using the encryption key is started between the first communication terminal and the second communication terminal.

Furthermore, an encrypted communication system according to a tenth aspect of the present invention is the encrypted communication system according to any one of the first to third aspects, in which the first communication terminal and the second communication terminal are combined. The first communication terminal is communicably connected, and a representative address that can be used by the second communication terminal is shared with the other terminals. The second communication terminal includes the first communication terminal. A representative address that can be used by the first communication terminal is shared with another terminal, and the first communication terminal and the second communication terminal are connected to the first communication terminal and the second communication terminal via the communication management terminal. In the meantime, the encrypted data connection is established using the encryption key.

With such a configuration, since the representative address is shared and assigned to the first communication terminal and the second communication terminal, the first communication terminal and the second communication terminal
An encrypted data connection is established using the encryption key between the first communication terminal and the second communication terminal via the communication management terminal. Further, in the encrypted communication system according to claim 11 of the present invention, in the encrypted communication system according to claim 10, the first communication terminal transmits a connection establishment request to the communication management terminal, and the request When the connection establishment response from the communication management terminal is received by transmission, data communication using the encryption key is started between the first communication terminal and the second communication terminal via the communication management terminal. And the second communication terminal is
When a connection establishment request is transmitted to the communication management terminal and a connection establishment response is received from the communication management terminal due to the transmission of the request, the first communication terminal and the second communication terminal are transmitted via the communication management terminal. Data communication using the encryption key is started between
When the communication management terminal receives a connection establishment request from the first communication terminal and the second communication terminal,
A connection establishment response is transmitted to the first communication terminal and the second communication terminal, and the encryption key is used between the first communication terminal and the terminal and between the second communication terminal and the terminal. It has begun to mediate data communications.

With such a configuration, the first communication terminal and the second communication terminal send a connection establishment request to the communication management terminal. Upon receiving the connection establishment request from the first communication terminal and the second communication terminal, the communication management terminal transmits a connection establishment response to the first communication terminal and the second communication terminal. When the first communication terminal receives the connection establishment response from the communication management terminal, the data communication using the encryption key is started between the first communication terminal and the second communication terminal via the communication management terminal. On the other hand, similarly, when the second communication terminal receives the connection establishment response from the communication management terminal, the second communication terminal and the second communication terminal receive the connection establishment response from the communication management terminal.
Data communication using the encryption key is started with the communication terminal.

Furthermore, an encrypted communication system according to a twelfth aspect of the present invention is the encrypted communication system according to any one of the first to eleventh aspects, wherein the second communication terminal prints based on print data. Is a printing terminal that
The first communication terminal and the printing terminal are adapted to send and receive print data through the encrypted data connection.

With such a configuration, the first communication terminal transmits print data to the printing terminal through the encrypted data connection. When the print terminal receives the print data from the first communication terminal through the encrypted data connection, printing is performed based on the received print data. Furthermore, an encrypted communication system according to a thirteenth aspect of the present invention is the encrypted communication system according to any one of the first to eleventh aspects, wherein the second communication terminal performs printing based on print data. A proxy terminal for proxy communication of the terminal, wherein the first communication terminal is adapted to transmit print data to the proxy terminal through the encrypted data connection, and the proxy terminal is connected through the encrypted data connection. When print data is received from the first communication terminal, the received print data is transmitted to the print terminal.

With such a configuration, the first communication terminal transmits print data to the proxy terminal through the encrypted data connection. When the proxy terminal receives the print data from the first communication terminal through the encrypted data connection, the received print data is transmitted to the print terminal.
Upon receiving the print data, the printing terminal prints based on the received print data.

Further, in the encrypted communication system according to claim 14 of the present invention, the first communication terminal and the second communication terminal are communicatively connected to a communication management terminal, and the first communication terminal and the second communication are connected. A system for establishing an encrypted connection with a terminal via the communication management terminal, wherein the first communication terminal and the second communication terminal perform data communication through the encrypted connection, the first communication An encryption control connection, which is a control connection for encrypted communication, is established between the terminal and the communication management terminal and between the second communication terminal and the communication management terminal, and the established encryption control is established. An encryption key is delivered from the communication management terminal to the second communication terminal through a connection, and the communication management terminal and the second communication terminal use the encryption key to communicate with the communication management terminal and the second communication terminal. An encrypted data connection, which is a connection for data communication capable of encrypted communication, is established with a communication terminal, and the second communication terminal is a printing terminal that performs printing based on print data. When the print data from the first communication terminal is received through the encrypted control connection, the communication management terminal is configured to send the received print data to the print terminal through the encrypted data connection. There is.

With such a configuration, the encryption control connection is established between the first communication terminal and the communication management terminal and between the printing terminal and the communication management terminal, and the encrypted control connection is established through the established encryption control connection. The encryption key is delivered from the communication management terminal to the printing terminal. Then, the communication management terminal and the printing terminal use the encryption key to establish an encrypted data connection between the communication management terminal and the printing terminal.

When the communication management terminal receives the print data from the first communication terminal through the encrypted control connection, the received print data is transmitted to the printing terminal through the encrypted data connection. Upon receiving the print data through the encrypted data connection, the printing terminal prints based on the received print data. here,
The encrypted data connection may be established between the communication management terminal and the second communication terminal, and may be directly established between the communication management terminal and the second communication terminal, or the communication management terminal. Alternatively, it may be established between the communication management terminal and the second communication terminal via one or more terminals. This also applies to the encrypted control connection.

The encrypted data connection may be established by active action from the communication management terminal, or may be established by active action from the second communication terminal. For example, when the communication management terminal uses the service of the second communication terminal, it is generally established by active action from the communication management terminal.

Further, in the encrypted communication system according to claim 15 of the present invention, the first communication terminal and the second communication terminal are communicatively connected to a communication management terminal, and the first communication terminal and the second communication are connected. A system for establishing an encrypted connection with a terminal via the communication management terminal, wherein the first communication terminal and the second communication terminal perform data communication through the encrypted connection, the first communication An encryption control connection, which is a control connection for encrypted communication, is established between the terminal and the communication management terminal, and between the second communication terminal and the communication management terminal, and the established encryption control is established. An encryption key is delivered from the communication management terminal to the second communication terminal through a connection, and the communication management terminal and the second communication terminal use the encryption key to communicate with the communication management terminal and the second communication terminal. An encrypted data connection, which is a connection for data communication capable of encrypted communication, is established with the terminal, and the second communication terminal communicates with a printing terminal that performs printing based on print data. When receiving print data from the first communication terminal through the encryption control connection, the communication management terminal sends the received print data to the proxy terminal through the encrypted data connection. When the proxy terminal receives print data from the communication management terminal through the encrypted data connection, the proxy terminal transmits the received print data to the print terminal.

With such a configuration, the encryption control connection is established between the first communication terminal and the communication management terminal and between the proxy terminal and the communication management terminal, and the encrypted control connection is established through the established encryption control connection. The encryption key is delivered from the communication management terminal to the proxy terminal. Then, the communication management terminal and the proxy terminal use the encryption key to establish an encrypted data connection between the communication management terminal and the proxy terminal.

When the communication management terminal receives the print data from the first communication terminal through the encryption control connection, the received print data is transmitted to the proxy terminal through the encryption control connection. When the proxy terminal receives the print data from the communication management terminal through the encrypted data connection, the received print data is transmitted to the print terminal. At the printing terminal, printing is performed based on the received print data.

Here, the encrypted data connection may be established between the communication management terminal and the proxy terminal, may be directly established between the communication management terminal and the proxy terminal, or may be communicated. It may be established between the communication management terminal and the proxy terminal via the management terminal or one or more terminals. This also applies to the encrypted control connection.

The encrypted data connection may be established by active action from the communication management terminal, or may be established by active action from the proxy terminal. For example, when the communication management terminal uses the service of the proxy terminal, it is generally established by active action from the communication management terminal.

On the other hand, in order to achieve the above object, the communication management terminal according to claim 16 of the present invention can communicate with the first communication terminal and the second communication terminal in the encrypted communication system according to claim 2. A communication management terminal to be connected, and when a connection establishment request from the first communication terminal is received, a second communication terminal relating to the connection establishment request is selected from the plurality of second communication terminals and selected. The encryption key is transmitted to the second communication terminal and the first communication terminal via the encryption control connection.

With this configuration, the same operation as that of the communication management terminal in the encrypted communication system according to the second aspect can be obtained. On the other hand, in order to achieve the above object, the communication terminal according to claim 17 of the present invention is a first communication terminal communicably connected to a second communication terminal in the encrypted communication system according to claim 5. , A connection establishment request is transmitted to the second communication terminal, and when the connection establishment response is received from the second communication terminal by the transmission of the request, the encryption key is transmitted between the terminal and the second communication terminal. The data communication using is started.

With such a configuration, an action equivalent to that of the first communication terminal in the encrypted communication system according to the fifth aspect can be obtained. A communication terminal according to claim 18 according to the present invention is a second communication terminal communicably connected to the first communication terminal in the encrypted communication system according to claim 5, When a connection establishment request is received, a connection establishment response is transmitted to the first communication terminal, and data communication using the encryption key is started between the first communication terminal and the terminal. .

With such a configuration, an action equivalent to that of the second communication terminal in the encrypted communication system according to the fifth aspect can be obtained. Furthermore, a communication terminal according to a nineteenth aspect of the present invention is a first communication terminal communicably connected to a second communication terminal in the encrypted communication system according to the seventh aspect, and the reverse connection establishment request is transmitted to the second communication terminal. When a connection establishment request is transmitted from the second communication terminal by transmitting the request to the communication management terminal, a connection establishment response is transmitted to the second communication terminal, and the terminal and the second communication terminal In between, data communication using the encryption key is started.

With such a configuration, an action equivalent to that of the first communication terminal in the encrypted communication system according to the seventh aspect can be obtained. Further, a communication terminal according to a twentieth aspect of the present invention is a second communication terminal communicably connected to the first communication terminal in the encrypted communication system according to the seventh aspect, and the communication terminal is the second communication terminal through the encryption control connection. When a reverse connection establishment request is received from the communication management terminal, a connection establishment request is transmitted to the first communication terminal, and when a connection establishment response from the first communication terminal is received by the transmission of the request, the connection establishment request is transmitted. Data communication using the encryption key is started between the first communication terminal and the terminal.

With such a configuration, an operation equivalent to that of the second communication terminal in the encrypted communication system according to the seventh aspect can be obtained. Furthermore, a communication terminal according to a twenty-first aspect of the present invention is a first communication terminal communicably connected to a second communication terminal in the encrypted communication system according to the eleventh aspect, and a connection establishment request is made by the communication management. When the connection is transmitted to the terminal and the connection establishment response from the communication management terminal is received by the transmission of the request, the encryption key is used between the terminal and the second communication terminal via the communication management terminal. It is designed to start data communication.

With such a configuration, an action equivalent to that of the first communication terminal in the encrypted communication system according to the eleventh aspect can be obtained. Furthermore, a communication terminal according to a twenty-second aspect of the present invention is a second communication terminal communicably connected to the first communication terminal in the encrypted communication system according to the eleventh aspect, and the connection management request is transmitted by the communication management. When the connection establishment response from the communication management terminal is received by transmitting the request to the terminal, the encryption key is used between the first communication terminal and the terminal via the communication management terminal. It is designed to start data communication.

With such a configuration, an operation equivalent to that of the second communication terminal in the encrypted communication system according to claim 11 can be obtained. On the other hand, in order to achieve the above-mentioned object, a terminal program according to a twenty-third aspect of the present invention is a program for causing the communication management terminal according to the sixteenth aspect to execute, the first communication terminal. From the plurality of second communication terminals, the second communication terminal relating to the connection establishment request is selected from the plurality of second communication terminals and the selected second communication terminal and the first communication terminal are encrypted. It is a program for executing a process of transmitting the encryption key through an encryption control connection.

With such a configuration, the program is read by the communication management terminal, and when the communication management terminal executes processing according to the read program,
An effect equivalent to that of the communication management terminal described in No. 6 is obtained. Further, a terminal program according to a twenty-fourth aspect of the present invention is a program for causing a communication terminal according to the seventeenth aspect to execute the program, the program for transmitting a connection establishment request to the second communication terminal, A program for executing a process of starting data communication using the encryption key between the terminal and the second communication terminal when a connection establishment response is received from the second communication terminal by transmitting the request Is.

With such a configuration, when the program is read by the communication terminal and the communication terminal executes processing in accordance with the read program, the same operation as that of the communication terminal according to claim 17 can be obtained. Further, a terminal program according to a twenty-fifth aspect of the present invention is a program for causing a communication terminal according to the eighteenth aspect of the present invention to be executed by a computer, and when a connection establishment request from the first communication terminal is received. Is a program for transmitting a connection establishment response to the first communication terminal and executing processing for starting data communication using the encryption key between the first communication terminal and the terminal.

With such a configuration, when the program is read by the communication terminal and the communication terminal executes processing in accordance with the read program, the same operation as that of the communication terminal according to claim 18 is obtained. Further, a terminal program according to claim 26 according to the present invention is a program for causing a communication terminal according to claim 19 configured by a computer to transmit the reverse connection establishment request to the communication management terminal, When a connection establishment request from the second communication terminal is received by transmitting the request, a connection establishment response is sent to the second communication terminal, and the encryption key is sent between the terminal and the second communication terminal. It is a program for executing the processing for starting the used data communication.

With such a configuration, when the program is read by the communication terminal and the communication terminal executes processing in accordance with the read program, the same operation as that of the communication terminal according to claim 19 can be obtained. Further, the terminal program according to claim 27 according to the present invention is a program for causing a communication terminal according to claim 20 to be executed by a computer, the reverse connection from the communication management terminal being performed through the encrypted control connection. When a connection establishment request is received, a connection establishment request is transmitted to the first communication terminal, and when a connection establishment response from the first communication terminal is received by the transmission of the request,
It is a program for executing a process of starting data communication using the encryption key between the first communication terminal and the terminal.

With such a configuration, when the program is read by the communication terminal and the communication terminal executes processing in accordance with the read program, the same operation as that of the communication terminal according to claim 20 can be obtained. Further, a terminal program according to a twenty-eighth aspect of the present invention is a program for causing a communication terminal according to the twenty-first aspect to be a computer to execute, which transmits a connection establishment request to the communication management terminal, and the request is sent. When a connection establishment response from the communication management terminal is received by transmitting the message, a process for starting data communication using the encryption key between the terminal and the second communication terminal via the communication management terminal is performed. It is a program to be executed.

With such a configuration, when the program is read by the communication terminal and the communication terminal executes processing in accordance with the read program, the same operation as that of the communication terminal according to claim 21 can be obtained. Further, a terminal program according to a twenty-ninth aspect of the present invention is a program for causing a communication terminal according to the twenty-second aspect of the present invention, which is a computer, to transmit a connection establishment request to the communication management terminal, and to make the request. When the connection establishment response from the communication management terminal is received by the transmission of, a process of starting data communication using the encryption key between the first communication terminal and the terminal via the communication management terminal is performed. It is a program to be executed.

With such a configuration, when the program is read by the communication terminal and the communication terminal executes processing in accordance with the read program, the same operation as that of the communication terminal according to claim 22 can be obtained. On the other hand, in order to achieve the above-mentioned object, an encrypted communication method according to claim 30 of the present invention, wherein the first communication terminal and the second communication terminal are communicably connected to a communication management terminal, and the first communication terminal is connected. And a second communication terminal, an encrypted connection is established through the communication management terminal, and the first communication terminal and the second communication terminal perform data communication through the encrypted connection. An encrypted control connection, which is a control connection for encrypted communication, is established between the first communication terminal and the communication management terminal, and between the second communication terminal and the communication management terminal, An encryption key is delivered from the communication management terminal to the first communication terminal and the second communication terminal through the established encryption control connection, and the delivered encryption key is used to connect the first communication terminal and the second communication terminal. During establishes an encrypted data connection is a connection of the encrypted communication is possible data communication, data communication via the encrypted data connection established.

[0058]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A first embodiment of the present invention will be described below with reference to the drawings. 1 to 8 are diagrams showing a first embodiment of an encrypted communication system, a communication management terminal, a communication terminal and a program for a terminal, and an encrypted communication method according to the present invention. In this embodiment, an encrypted communication system, a communication management terminal, a communication terminal and a terminal program, and an encrypted communication method according to the present invention, as shown in FIG. This is applied when the server 100 is used and the NPSP compatible client performs remote printing with the NPSP compatible printer.

First, the configuration of a network system to which the present invention is applied will be described with reference to FIG. FIG. 1 is a diagram showing the configuration of a network system to which the present invention is applied. On the Internet 199, as shown in FIG.
NPSP server 100, network 200 in which a global IP address is exclusively assigned to an NPSP-compatible client, and network 2 in which a global IP address is commonly assigned to an NPSP-compatible client
20, a network 240 in which a global IP address is exclusively assigned to an NPSP compatible printer, and an NPSP
A network 260 to which a global IP address is shared is connected to the SP compatible printer.

The network 200 is the Internet 1
NPSP compatible client 202 that directly connects to 99
NAT device 204 such as a router, and NAT device 204
And an NPSP compatible client 206 connected to the Internet 199 via the Internet. Where NP
The SP-compatible client 206 is the NAT device 204 and 1
Since the connection is made on a one-to-one basis, the private IP address of the NPSP compatible client 206 and the NAT device 20
The 4 global IP addresses correspond to each other on a one-to-one basis, and the NPSP-compliant client 206 is substantially assigned a global IP address.

The network 220 includes a NAT / PAT device 222 and a NAT / PAT device 222 that perform conversion of TCP or UDP port numbers (hereinafter, simply referred to as PAT) between the inside and the outside in addition to NAT. It is composed of a plurality of NPSP compatible clients 224 connected to the Internet 199. Network 240
Is an NPSP compatible printer 242 directly connected to the Internet 199, a NAT device 244 such as a router, an N
It is composed of an NPSP compatible printer 246 connected to the Internet 199 via the AT device 244. Here, the NPSP compatible printer 246 is the NAT device 24.
4 and the one-to-one connection, the private IP address of the NPSP compatible printer 246 and the NAT device 2
There is a one-to-one correspondence with the global IP address of 44, and the global I
The P address will be assigned exclusively.

Network 260 includes PA in addition to NAT.
NAT / PAT device 262 that performs T and NAT / PAT
It is composed of a plurality of NPSP compatible printers 264 connected to the Internet 199 via the device 262.
The NPSP server 100 includes a network connection service unit 110 that provides a connection service between an NPSP-compatible client and an NPSP-compatible printer, and an NPS.
The network print service unit 150 provides printing-related services between the P-compatible client and the NPSP-compatible printer.

The network connection service unit 110 manages the encryption key generation unit 112 for generating an encryption key and the user authentication information management unit 114 for managing the user authentication information required to authenticate the users of the NPSP compatible client and the NPSP compatible printer. And a user authentication unit 11 for authenticating a user
6 and a user connection management unit 1 that manages the connection status of the user
18, a user group management unit 120 that manages a plurality of communicable users as a group, and a session proxy unit 122 that mediates communication between an NPSP-compatible client and an NPSP-compatible printer.

The encryption key generation unit 112 generates an encryption key (session key) used when communicating with the user group designated by the NPSP compatible client or the NPSP compatible printer. In addition, the user group management unit 120 manages the validity period of the encryption key specified and periodically updates the encryption key. The user authentication information management unit 114, for each user of the NPSP-compatible client and the NPSP-compatible printer, has a user ID, password, email address, authentication method, account expiration date, number of logins, last login time, name or company name, etc. Is managed as user authentication information. As the authentication method, one or both of authentication using a user ID and password and authentication using a digital certificate can be selected.

The user authentication unit 116 is provided between the NPSP compatible client and the NPSP server 100, and between the NPSP server 100 and the NPSP server 100.
A user of an NPSP-compatible client or a user of an NPSP-compatible printer that requests establishment of an encrypted control session when establishing an encrypted control session that is a control session capable of encrypted communication between the compatible printer and the NPSP server 100. Is authenticated based on the user authentication information of the user authentication information management unit 114. Here, in order to establish the encryption control session, for example, SSL (Secure Socket Lat
yer) can be adopted.

Further, the user authentication section 116 uses the user authentication information received from the NPSP compatible client or the NPSP compatible printer and the user authentication information of the user authentication information management section 114 to authenticate the user according to the specified authentication method. If the authentication is successful, the user connection management unit 118 is notified of that fact. For authentication, in addition to SSL server authentication, user ID and password authentication, or SSL client authentication using a digital certificate can be adopted. It is also possible to inquire the expiration date of the user's digital certificate from the Validation Authority and obtain the digital certificate from a certificate repository such as an LADP server. As an extended function, the success or failure of authentication may be stored in the user authentication history storage unit (not shown) in combination with the user ID, time, and option message.

The user connection management unit 118 establishes an encrypted control session with the NPSP server 100 by the NPS.
Information that is periodically transmitted from the P-compatible client or the NPSP-compatible printer, and that includes the global IP address, the port number used to establish the encryption control session, the information indicating the network form, and other information related to the network environment. It is managed as client information for an NPSP compatible client and as printer information for an NPSP compatible printer. Here, the information indicating the network form is the global IP
This is information indicating whether the address is exclusively assigned or shared. Therefore, NPSP
The compatible client or the NPSP compatible printer can grasp the network environment of the communication partner by using the user connection management unit 118.

The user group management unit 120 manages a plurality of communicable NPSP-compatible clients or NPSP-compatible printer users as a group. Others, N
In the encrypted communication between the PSP-compatible client and the NPSP-compatible printer, the encryption algorithm used for encrypting the IP packet, the hash algorithm used for the IP packet authentication, the information about the key length used for the cryptographic calculation, and the encryption key Information regarding the update period and information regarding the protocol permitted to be used between the NPSP compatible client and the NPSP compatible printer are managed.

The session proxy unit 122 uses the NPSP
In encrypted communication between the compatible client and the NPSP compatible printer, the NPSP compatible client and the NPS
When a global IP address is commonly assigned to a P-compatible printer, it mediates communication between these terminals. That is, TCP / IP (Transmission Control P
In the protocol layer higher than the rotocol / Internet Protocol layer, the IP packet from the NPSP compatible client is routed to the NPSP compatible printer and
The IP packet from the SP compatible printer is routed to the NPSP compatible client.

Network print service section 150
Provides an additional function for communication mediated by the print management unit 152 that manages printing by the NPSP compatible printer, the print history management unit 154 that manages the print history performed by the user of the NPSP compatible client, and the session proxy unit 122. The proxy plug-in unit 156 and the user profile management unit 158 that manages the user profile of the user of the NPSP compatible printer.

The print management unit 152 obtains printing-related information such as the remaining toner amount of the printer, the number of remaining sheets, the remaining ink amount, and the corresponding printing sheet size from the NPSP compatible printer through the encryption control session. The print history management unit 154 attaches a print ID to each print request,
As the print history performed by the user of the P-compatible client,
The user ID, the time, the file name of the print data, etc. are recorded in association with the print ID.

The proxy plug-in unit 156 gives an additional function to be executed in the encrypted communication mediated by the session proxy unit 122. The additional functions include, for example, a function of changing the transfer rate by temporarily buffering, and a function of converting print data received from an NPSP-compatible client into an optimum format for an NPSP-compatible printer.

The user profile management unit 158 determines each N
For each PSP compatible printer, the NPSP compatible printer is managed in association with the user ID of the user. Next, the NPSP compatible clients 202, 206, 224
The configuration will be described in detail with reference to FIG. Figure 2
9 is a flowchart showing a process executed by an NPSP compatible client 202, 206, 224.

NPSP compatible clients 202, 20
Reference numerals 6 and 224 have the same function as a general computer in which a CPU, a ROM, a RAM, an I / F, etc. are connected to a bus, and activate a predetermined program stored in a predetermined area of the ROM. , According to that program,
The encrypted remote print request process shown in the flowchart of FIG. 2 is executed.

When the encrypted remote print request process is executed by the CPU, as shown in FIG. 2, first, the process proceeds to step S100. Step S1
At 00, an encrypted control session is established between the NPSP-compatible client and the NPSP server 100, the process proceeds to step S102, it is determined whether the authentication by the NPSP server 100 is obtained, and it is determined that the authentication is obtained. If yes (Yes), the process proceeds to step S104, the client information is transmitted to the NPSP server 100 through the encryption control session, and the process proceeds to step S106, and the printer information from the NPSP server 100 is received through the encryption control session. Then, the process proceeds to step S108.

In step S108, it is determined whether or not the communication partner's NPSP compatible printer is online. If it is determined that the NPSP compatible printer is online (Yes), the process proceeds to step S110 to perform encryption. Upon receiving the encryption key from the NPSP server 100 through the control session, the process proceeds to step S112, and the network environment of the NPSP-compatible client and the NPSP-compatible printer is changed to the NPSP-compatible client and the NPSP based on the client information and the printer information.
It is determined whether or not the global IP address is exclusively assigned to the corresponding printer (hereinafter, such a form is simply referred to as the first form), and the network environment of the NPSP compatible client and the NPSP compatible printer is determined. If it is determined to be the first mode (Yes), the process proceeds to step S114.

In step S114, a session establishment request is transmitted to the NPSP compatible printer based on the printer information, the process proceeds to step S116, it is determined whether a session establishment response is received, and the session establishment response is received. When it is determined (Yes), the process proceeds to step S118, but when it is determined otherwise (No), the process waits at step S116 until the session establishment response is received.

In step S118, the received encryption key is used to establish an encrypted data session, which is a data communication session capable of encrypted communication, between the NPSP compatible client and the NPSP compatible printer. Here, to establish the encrypted data session, for example, IP
Sec (IP security protocol), PPTP (Point-to
-Point Tunneling Protocol, L2TP (Layer Two T)
Unneling Protocol) or SSL can be adopted.

Then, the process proceeds to step S120, the print data is transmitted to the NPSP compatible printer through the encrypted data session, the process proceeds to step S122, it is determined whether or not the print completion notice is received, and the print completion is completed. If it is determined that the notification has been received (Yes), step S12
However, if it is determined that it is not (No), the process waits in step S122 until the print completion notification is received.

In step S124, the print history information is received from the NPSP server 100 through the encryption control session, the process proceeds to step S126, the print history is displayed based on the received print history information, and step S12
Moving to 8, it is determined whether the printer data port used for encrypted communication with the NPSP compatible printer is open, and when it is determined that the printer data port is open (Yes), The process moves to step S130, the printer data port is closed, and the process moves to step S132.

In step S132, the encrypted data session is released, the process proceeds to step S134, the encrypted control session is released, the series of processes is terminated, and the original process is restored. On the other hand, when it is determined in step S128 that the printer data port is not open
(No) moves to step S132.

On the other hand, when it is determined in step S112 that the network environment of the NPSP-compatible client and the NPSP-compatible printer is not the first mode (No), the process proceeds to step S136, and based on the client information and the printer information, NPSP compatible client and NPS
In the network environment of the P-compatible printer, a global IP address is exclusively assigned to the NPSP-compatible client and a global IP address is commonly assigned to the NPSP-compatible printer (hereinafter, such a mode is simply referred to as a second mode). .), NP
When it is determined that the network environment of the SP compatible client and the NPSP compatible printer is the second mode (Yes)
Moves to step S138.

In step S138, the printer data port is opened, and the flow advances to step S140 to send an NP request for establishment of a reverse session including the port number of the printer data port through the encryption control session.
When it is determined that the session establishment request has been received (Yes), it is determined that the session establishment request has been received.
When the process proceeds to step S144, but it is determined otherwise (No), the process waits at step S142 until the session establishment request is received.

In step S144, the session establishment response is transmitted to the NPSP compatible printer, and in step S146.
Then, the encrypted data session is established between the NPSP compatible client and the NPSP compatible printer using the received encryption key, and the process proceeds to step S120.
On the other hand, when it is determined in step S136 that the network environment of the NPSP-compatible client and the NPSP-compatible printer is not the second mode (No), the process proceeds to step S148, and the NPSP-compatible client is based on the client information and the printer information. In the network environment of the NPSP-compatible printer, a global IP address is shared by the NPSP-compatible client and a global IP address is exclusively allocated by the NPSP-compatible printer (hereinafter, such a mode is simply referred to as a third mode). When it is determined that the network environment of the NPSP compatible client and the NPSP compatible printer is the third mode (Yes), the process proceeds to step S150.

In step S150, a session establishment request is transmitted to the NPSP compatible printer based on the printer information, the process proceeds to step S152, it is determined whether or not the session establishment response is received, and the session establishment response is received. When it is determined (Yes), the process proceeds to step S154, but when it is determined otherwise (No), the process waits at step S152 until the session establishment response is received.

In step S154, an encrypted data session is established between the NPSP compatible client and the NPSP compatible printer using the received encryption key, and the process proceeds to step S120. On the other hand, in step S148, N
When it is determined that the network environment of the PSP-compatible client and the NPSP-compatible printer is not the third mode, that is, the network environment of the NPSP-compatible client and the NPSP-compatible printer is the global IP for the NPSP-compatible client and the NPSP-compatible printer.
If it is determined that the address is sharedly assigned (hereinafter, this type is simply referred to as the fourth type) (No), the process proceeds to step S156, and the session is established through the encryption control session. The request is transmitted to the NPSP server 100, and the process proceeds to step S158.

In step S158, it is determined whether a session establishment response has been received. If it is determined that a session establishment response has been received (Yes), the process proceeds to step S160, but if it is not (No). ) Waits in step S158 until it receives a session establishment response. In step S160, the received encryption key is used for the client proxy port specified by the port number included in the received session establishment response,
By establishing an encrypted data session between the NPSP-enabled client and the NPSP server 100, N
An encrypted data session is established between the NPSP compatible client and the NPSP compatible printer via the PSP server 100, and the process proceeds to step S120.

On the other hand, when it is determined in step S108 that the NPSP compatible printer as the communication partner is offline (No), and when it is determined in step S102 that the authentication by the NPSP server 100 cannot be obtained (No), In either case, the series of processes is terminated and the original process is restored.
Next, the configuration of the NPSP server 100 will be described in detail with reference to FIG. FIG. 3 is a flowchart showing the processing executed by the NPSP server 100.

The NPSP server 100 has a CPU, RO
It has the same function as a general computer in which M, RAM, I / F, etc. are connected by a bus, and activates a predetermined program stored in a predetermined area of the ROM.
According to the program, the encrypted communication management process shown in the flowchart of FIG. 3 is executed. When the encrypted communication management process is executed by the CPU, the process shown in FIG.
As shown in, first, the process proceeds to step S200.

In step S200, an encryption control session is established between the NPSP-compatible client and the NPSP server 100, the process proceeds to step S202, and the authentication process is executed for the NPSP-compatible client.
In step S204, it is determined whether or not the authentication is successful. If it is determined that the authentication is successful (Yes), the process proceeds to step S206.

In step S206, an encryption control session is established between the NPSP compatible printer and the NPSP server 100, and the process proceeds to step S208 to set the NPSP.
The authentication process is executed for the SP compatible printer, the process proceeds to step S210, and it is determined whether the authentication is successful.
If it is determined that the authentication is successful (Yes), step S2
Move to 12.

At step S212, the client information is received through the encryption control session, and at step S2
14, the printer information is received through the encryption control session, and the process proceeds to step S216, where the received printer information is NP through the encryption control session.
The client information is transmitted to the SP compatible client, and the process proceeds to step S218. The received client information is transmitted to the NPSP compatible printer through the encryption control session, and the process proceeds to step S220.

In step S220, an encryption key is generated,
In step S222, the generated encryption key is transmitted to the NPSP-compatible client and the NPSP-compatible printer through the encryption control session, and then the process proceeds to step S224 to determine whether the reverse session establishment request is received through the encryption control session. If it is determined that the reverse session establishment request has been received (Yes),
In step S226, the reverse session establishment request is transmitted to the NPSP compatible printer through the encrypted control session, and the process proceeds to step S228.

In step S228, it is determined whether or not the print completion notification is received. If it is determined that the print completion notification is received (Yes), the process proceeds to step S230. (No) waits in step S228 until the print completion notification is received. In step S230, the print history regarding the user of the NPSP compatible client is updated, and the process proceeds to step S232.
The print history information is transmitted to the NPSP-compatible client through the encryption control session, the process proceeds to step S234, and the proxy port used to mediate the encrypted communication between the NPSP-compatible client and the NPSP-compatible printer is opened. If it is determined that the proxy port is open (Yes), the process proceeds to step S236.

In step S236, the printer proxy port used for encrypted communication between the NPSP compatible printer and the NPSP server 100 is closed, and in step S2
Moving to No. 38, NPSP compatible client and NPSP
The client proxy port used for encrypted communication with the server 100 is closed, the process proceeds to step S240, the encrypted data session is released, and step S2
In step 42, the encryption control session is released, the series of processes is terminated, and the original process is resumed.

On the other hand, when it is determined in step S234 that the proxy port is not opened (No), the process proceeds to step S242. On the other hand, in step S224,
When it is determined that the reverse session establishment request has not been received through the encrypted control session (No), step S2
24, through the encryption control session, NP
It is determined whether the session establishment request from the SP compatible client and the NPSP compatible printer is received, and the NPS
When it is determined that the session establishment request is received from the P-compatible client and the NPSP-compatible printer (Yes),
Then, the process proceeds to step S246.

In step S246, the client proxy port is opened, and then the process proceeds to step S248 to send a session establishment response including the port number of the client proxy port to the NPSP compliant client through the encrypted control session, and then in step S250.
Then, the encrypted data session is established between the NPSP compatible client and the NPSP server 100 by using the generated encryption key, and the process proceeds to step S252.

In step S252, the printer proxy port is opened, and the process proceeds to step S254.
NPSP sends a session establishment response including the port number of the proxy port for the printer through the encrypted control session.
Send to a compatible printer, move to step S256,
NPSP compatible printer and NP using the generated encryption key
An encrypted data session is established with the SP server 100, the process proceeds to step S258, and encrypted communication between the NPSP compatible client and the NPSP compatible printer is performed using the proxy port for the client and the proxy port for the printer. The mediating proxy process is executed, and the process proceeds to step S228.

On the other hand, in step S244, the NPSP-compatible client and the NP are connected through the encryption control session.
If it is determined that the session establishment request from the SP compatible printer is not received (No), the process proceeds to step S224. On the other hand, when it is determined in step S210 that the authentication for the NPSP compatible printer has failed (No), and when it is determined in step S204 that the authentication for the NPSP compatible client has failed (No), a series of The process is terminated and the original process is restored.

Next, the NPSP compatible printers 242, 24
The configuration of 6,264 will be described in detail with reference to FIG. FIG. 4 shows printers 242, 246, 2 for NPSP.
16 is a flowchart showing a process executed by 64. NP
The SP compatible printers 242, 246 and 264 are CPUs,
The ROM, the RAM, the I / F, etc. are configured to have the same function as a general computer connected to the bus by the ROM.
A predetermined program stored in the predetermined area is started, and the encrypted remote printing process shown in the flowchart of FIG. 4 is executed according to the program.

When the encrypted remote printing process is executed by the CPU, as shown in FIG.
It is designed to shift to 300. Step S300
Then, an encryption control session is established between the NPSP compatible printer and the NPSP server 100, and step S30
If it is determined that the authentication by the NPSP server 100 has been obtained and the authentication has been obtained (Y
es) shifts to step S304 to send the printer information to the NPSP server 100 through the encryption control session, shifts to step S306 to receive the client information from the NPSP server 100 through the encryption control session, The process proceeds to S308.

In the step S308, the encryption key from the NPSP server 100 is received through the encryption control session, the step S310 is followed, it is judged whether or not the session establishment request is received, and the session establishment request is received. If it is determined that it has been done (Yes), step S312
And sends a session establishment response to the NPSP-compatible client, and then proceeds to step S314 to use the received encryption key and the NPSP-compatible client and NPS.
An encrypted data session is established with the P-compatible printer, and the process proceeds to step S316.

In step S316, the print data from the NPSP compliant client is received through the encrypted data session, the process proceeds to step S318, printing is performed based on the received print data, and the process proceeds to step S320 to perform printing. If it is determined that the printing is completed (Yes), the process proceeds to step S322. If not (No), the process waits in step S320 until the printing is completed. .

In step S322, a print completion notification is transmitted to the NPSP-compatible client and the NPSP server 100, the process proceeds to step S324, the encrypted data session is released, and the process proceeds to step S326 to execute the encryption control session. It is released and a series of processing is finished and the original processing is returned. On the other hand, when it is determined in step S310 that the session establishment request is not received (No), the process proceeds to step S328, it is determined whether the reverse session establishment request is received through the encryption control session, and the reverse session establishment is determined. When request is received (Yes)
Shifts to step S330, the session establishment request is transmitted to the NPSP compatible client based on the client information to the printer data port specified by the port number included in the received reverse session establishment request, and step S332 If it is determined that the session establishment response is received (Yes), the process proceeds to step S3.
However, when it is determined that it is not (No),
It waits in step S332 until it receives a session establishment response.

In step S334, an encrypted data session is established between the NPSP compatible client and the NPSP compatible printer using the received encryption key, and the process proceeds to step S316. On the other hand, when it is determined in step S328 that the reverse session establishment request is not received through the encryption control session (No), step S33 is performed.
6, it is determined whether the network environment of the NPSP compatible client and the NPSP compatible printer is the fourth mode based on the client information and the printer information, and the network environment of the NPSP compatible client and the NPSP compatible printer is determined. When it is determined to be the fourth mode (Yes), the process proceeds to step S338, and the session establishment request is issued through the encryption control session to the NPSP.
It is transmitted to the server 100, and the process proceeds to step S340.

In step S340, it is determined whether a session establishment response has been received. If it is determined that a session establishment response has been received (Yes), the process proceeds to step S342, but if it is not (No). ) Waits in step S340 until it receives a session establishment response. In step S342, the received proxy key for the printer specified by the port number included in the received session establishment response is used for NP by using the received encryption key.
By establishing an encrypted data session between the SP compatible printer and the NPSP server 100, the NPSP compatible client and the NPS can be accessed via the NPSP server 100.
An encrypted data session is established with the P-compatible printer, and the process proceeds to step S316.

On the other hand, when it is determined in step S336 that the network environment of the NPSP-compatible client and the NPSP-compatible printer is not the fourth mode (No), the process proceeds to step S310. On the other hand, in step S302, N
When it is determined that the authentication by the PSP server 100 cannot be obtained (No), the series of processing is ended and the original processing is returned to.

Next, the operation of the first embodiment will be described with reference to the drawings. First, the network 200
NPSP-capable clients are N
A case where remote printing is performed by a PSP compatible printer will be described with reference to FIG. FIG. 5 is a diagram showing a communication procedure when the network environment is the first mode.

Here, the NPSP compatible client 20
2,206 and NPSP compatible printers 242,246
Belong to the same user group, and the NPSP compatible clients 202 and 206 are NPSP compatible printers 242 and 242.
246 is available. In the following, NPSP
The compatible client 202 is an NPSP compatible printer 242.
An example of remote printing will be described. All other combinations are the same as this example.

First, in the NPSP compatible printer 242,
After step S300, as shown in FIG.
An encryption control session is established between the corresponding printer 242 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, step S304.
Through the encrypted control session, the printer information of the NPSP compatible printer 242 is transferred to the NPSP server 100.
Sent to.

On the other hand, in the NPSP-compatible client 202, when the user instructs printing, step S100
After that, as shown in FIG. 5, an encryption control session is established between the NPSP-compatible client 202 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, the client information of the NPSP compatible client 202 is transmitted to the NPSP server 100 through the encryption control session through step S104.

In the NPSP server 100, when the printer information and the client information are received, the received printer information and the client information are stored in the user connection management unit 118. Then, a list of NPSP compatible printers that can be used by the NPSP compatible client 202 among the NPSP compatible printers with which the encryption control session is established is transmitted to the NPSP compatible client 202. This list includes the NPSP compatible printer 242.

In the NPSP compatible client 202, when the user selects the NPSP compatible printer 242 from the printer list, the NPSP compatible printer 2 is selected.
42, a session establishment request for establishing an encrypted data session with 42 is transmitted to the NPSP server 100 through the encrypted control session. Upon receipt of the session establishment request, the NPSP server 100 receives steps S216 and S2.
18, the printer information of the NPSP compatible printer 242 is transferred to the NP through each encryption control session.
The client information of the NPSP compatible client 202 is transmitted to the SP compatible client 202 to the NPSP compatible printer 242. Then, steps S220 and S2
A cryptographic key is generated via 22, and the NPSP compatible client 202 is passed through each cryptographic control session.
And the encryption key is transmitted to the NPSP compatible printer 242.

When the NPSP compatible client 202 receives the printer information and the encryption key, the network environment of the NPSP compatible client 202 and the NPSP compatible printer 242 is the first mode.
A session establishment request is transmitted to the NPSP compatible printer 242 based on the printer information via 112 and S114.

When the NPSP compatible printer 242 receives the session establishment request after receiving the client information and the encryption key, the session establishment response is transmitted to the NPSP compatible client 202 through step S312. When the NPSP-compatible client 202 receives the session establishment response, the encrypted data session is executed between the NPSP-compatible client 202 and the NPSP-compatible printer 242 using the encryption key as shown in FIG. 5 through steps S118 and S120. Is established, and the print data is transmitted to the NPSP compatible printer 242 through the encrypted data session.

Upon receiving the print data, the NPSP compatible printer 242 performs printing based on the received print data through step S318. When the printing is completed, the print completion notification is transmitted to the NPSP server 100 and the NPSP compatible client 202 via step S322. Upon receiving the print completion notification, the NPSP server 100 goes through steps S230 and S232,
The print history for the user of the NPSP compatible client 202 is updated, and the NPS is available through the encrypted control session.
The print history information is transmitted to the P-compatible client 202.

When the print history information is received after receiving the print completion notification, the NPSP compatible client 202 displays the print history based on the received print history information through step S126. This completes the communication between the NPSP compatible client 202 and the NPSP compatible printer 242. When the communication is completed, the encrypted data session between the NPSP compatible client 202 and the NPSP compatible printer 242, the NPSP compatible client 20.
2 and the encryption control session between the NPSP server 100 and the NPSP compatible printer 242 and the NPSP server 100 are released.

Next, a case where the NPSP-compatible client of the network 200 performs remote printing with the NPSP-compatible printer of the network 260 will be described with reference to FIG. FIG. 6 is a diagram showing a communication procedure when the network environment is the second mode. Here, the NPSP compatible clients 202 and 206 and the NPSP compatible printer 264 belong to the same user group, and the NPSP compatible clients 202 and 206 are the NPSP compatible printers 2.
64 are available. In the following, a case where the NPSP compatible client 202 performs remote printing with any of the NPSP compatible printers 264 will be described as an example. All other combinations are the same as this example.

First, in the NPSP compatible printer 264,
After step S300, as shown in FIG.
An encryption control session is established between the corresponding printer 264 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, step S304.
After that, the printer information of the NPSP compatible printer 264 is transferred to the NPSP server 100 through the encrypted control session.
Sent to.

On the other hand, in the NPSP-compatible client 202, when the user instructs printing, step S100
Then, as shown in FIG. 6, an encryption control session is established between the NPSP-compatible client 202 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, the client information of the NPSP compatible client 202 is transmitted to the NPSP server 100 through the encryption control session through step S104.

When the NPSP server 100 receives the printer information and the client information, the received printer information and the client information are stored in the user connection management unit 118. Then, a list of NPSP compatible printers that can be used by the NPSP compatible client 202 among the NPSP compatible printers with which the encryption control session is established is transmitted to the NPSP compatible client 202. The list includes the NPSP compatible printer 264.

In the NPSP compatible client 202, when the user selects the NPSP compatible printer 264 from the printer list, the NPSP compatible printer 2 is selected.
A session establishment request for establishing an encrypted data session with 64 is transmitted to the NPSP server 100 through the encrypted control session. Upon receipt of the session establishment request, the NPSP server 100 receives steps S216 and S2.
18, the printer information of the NPSP compatible printer 264 is transferred to NP through each encryption control session.
The client information of the NPSP compatible client 202 is transmitted to the SP compatible client 202 to the NPSP compatible printer 264. Then, steps S220 and S2
A cryptographic key is generated via 22, and the NPSP compatible client 202 is passed through each cryptographic control session.
And the encryption key is transmitted to the NPSP compatible printer 264.

When the printer information and the encryption key are received by the NPSP-compatible client 202, the network environment of the NPSP-compatible client 202 and the NPSP-compatible printer 264 is the second mode.
Through 136 to S140, the printer data port is opened, and the reverse session establishment request including the port number of the printer data port is transmitted to the NPSP server 100 through the encryption control session.

When the reverse session establishment request is received, the NPSP server 100 sends the reverse session establishment request to the NPSP compatible printer 264 through the encryption control session through step S226.
Upon receiving the reverse session establishment request, the NPSP-compatible printer 264 proceeds to step S330 and requests the session establishment request based on the client information to the printer data port specified by the port number included in the received reverse session establishment request. Is NPS
It is transmitted to the P-compatible client 202.

Upon receiving the session establishment request, the NPSP-compatible client 202 sends a session establishment response to the NPSP-compatible printer 264 through step S144.
Sent to. Upon receiving the session establishment response, the NPSP-compatible printer 264 establishes an encrypted data session between the NPSP-compatible client 202 and the NPSP-compatible printer 264 using the encryption key as shown in FIG. 6 through step S334. To be done.

In the NPSP compatible client 202, when the encrypted data session is established, step S12
After 0, print data is transmitted to the NPSP compatible printer 264 through the encrypted data session. NPSP
When the corresponding printer 264 receives the print data, the printing is performed based on the received print data through step S318. When printing is completed, step S322
Then, the print completion notification is transmitted to the NPSP server 100 and the NPSP compatible client 202.

Upon receiving the print completion notice, the NPSP server 100 goes through steps S230 and S232,
The print history for the user of the NPSP compatible client 202 is updated, and the NPS is available through the encrypted control session.
The print history information is transmitted to the P-compatible client 202. When the print history information is received after receiving the print completion notification, the NPSP compatible client 202 displays the print history based on the received print history information through step S126.

Thus, the communication between the NPSP compatible client 202 and the NPSP compatible printer 264 is completed. When communication is completed, the NPSP compatible client 202 and the NP
The encrypted data session between the SP compatible printer 264, the encrypted control session between the NPSP compatible client 202 and the NPSP server 100, and the encrypted control session between the NPSP compatible printer 264 and the NPSP server 100 are released. It Also, the printer data port is closed.

Next, a case where an NPSP-compatible client of the network 220 performs remote printing with an NPSP-compatible printer of the network 240 will be described with reference to FIG. FIG. 7 is a diagram showing a communication procedure when the network environment is the third mode. Here, the NPSP compatible client 224 and the NPSP compatible printer 242,
246 belongs to the same user group, and the NPSP compatible client 224 is the NPSP compatible printer 242, 2.
46 are available. In the following, a case where any of the NPSP compatible clients 224 performs remote printing with the NPSP compatible printer 242 will be described as an example. All other combinations are the same as this example.

First, in the NPSP compatible printer 242,
After step S300, as shown in FIG.
An encryption control session is established between the corresponding printer 242 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, step S304.
Through the encrypted control session, the printer information of the NPSP compatible printer 242 is transferred to the NPSP server 100.
Sent to.

On the other hand, in the NPSP-compatible client 224, when the user instructs printing, step S100
After that, as shown in FIG. 7, an encryption control session is established between the NPSP-compatible client 224 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, the client information of the NPSP compatible client 224 is transmitted to the NPSP server 100 through the encryption control session through step S104.

When the NPSP server 100 receives the printer information and the client information, the received printer information and the client information are stored in the user connection management unit 118. Then, a list of NPSP compatible printers that can be used by the NPSP compatible client 224 among the NPSP compatible printers with which the encrypted control session is established is transmitted to the NPSP compatible client 224. This list includes the NPSP compatible printer 242.

At the NPSP-compatible client 224, when the user selects the NPSP-compatible printer 242 from the printer list, the NPSP-compatible printer 2
42, a session establishment request for establishing an encrypted data session with 42 is transmitted to the NPSP server 100 through the encrypted control session. Upon receipt of the session establishment request, the NPSP server 100 receives steps S216 and S2.
18, the printer information of the NPSP compatible printer 242 is transferred to the NP through each encryption control session.
The client information of the NPSP compatible client 224 is transmitted to the SP compatible client 224 to the NPSP compatible printer 242. Then, steps S220 and S2
A cryptographic key is generated via 22, and the NPSP compatible client 224 is passed through each encryption control session.
And the encryption key is transmitted to the NPSP compatible printer 242.

When the printer information and the encryption key are received by the NPSP-compatible client 224, the network environment of the NPSP-compatible client 224 and the NPSP-compatible printer 242 is the third mode.
A session establishment request is transmitted to the NPSP compatible printer 242 based on the printer information via 112 and S114.

When the NPSP-compatible printer 242 receives the session establishment request after receiving the client information and the encryption key, the session establishment response is transmitted to the NPSP-compatible client 224 through step S312. When the NPSP-compatible client 224 receives the session establishment response, the encrypted data session is executed between the NPSP-compatible client 224 and the NPSP-compatible printer 242 using the encryption key as shown in FIG. 7 through steps S118 and S120. Is established, and the print data is transmitted to the NPSP compatible printer 242 through the encrypted data session.

When the print data is received, the NPSP compatible printer 242 performs printing based on the received print data through step S318. When the printing is completed, the print completion notification is transmitted to the NPSP server 100 and the NPSP compatible client 224 through step S322. Upon receiving the print completion notification, the NPSP server 100 goes through steps S230 and S232,
The print history for the user of the NPSP compatible client 224 is updated, and the NPS is available through the encrypted control session.
The print history information is transmitted to the P-compatible client 224.

When the NPSP-compatible client 224 receives the print completion information and then receives the print history information, the print history is displayed based on the received print history information through step S126. This completes the communication between the NPSP compatible client 224 and the NPSP compatible printer 242. When the communication is completed, the encrypted data session between the NPSP compatible client 224 and the NPSP compatible printer 242, the NPSP compatible client 22
4 and the encryption control session between the NPSP server 100 and the NPSP compatible printer 242 and the NPSP server 100 are released.

Next, a case where the NPSP-compatible client of the network 220 performs remote printing with the NPSP-compatible printer of the network 260 will be described with reference to FIG. FIG. 8 is a diagram showing a communication procedure when the network environment is the fourth mode. Here, the NPSP compatible client 224 and the NPSP compatible printer 264
Belong to the same user group, and the NPSP compatible client 224 can use the NPSP compatible printer 264. In the following description, any NPSP compatible client 224 will be replaced by any NPSP compatible printer 2
A case where remote printing is performed at 64 will be described as an example.
All other combinations are the same as this example.

First, in the NPSP compatible printer 264,
After step S300, as shown in FIG.
An encryption control session is established between the corresponding printer 264 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, step S304.
After that, the printer information of the NPSP compatible printer 264 is transferred to the NPSP server 100 through the encrypted control session.
Sent to.

On the other hand, in the NPSP compatible client 224, when the user gives an instruction for printing, step S100
After that, as shown in FIG. 8, an encryption control session is established between the NPSP-compatible client 224 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, the client information of the NPSP compatible client 224 is transmitted to the NPSP server 100 through the encryption control session through step S104.

In the NPSP server 100, when the printer information and the client information are received, the received printer information and the client information are stored in the user connection management unit 118. Then, a list of NPSP compatible printers that can be used by the NPSP compatible client 224 among the NPSP compatible printers with which the encrypted control session is established is transmitted to the NPSP compatible client 224. The list includes the NPSP compatible printer 264.

At the NPSP compatible client 224, when the user selects the NPSP compatible printer 264 from the printer list, the NPSP compatible printer 2
A session establishment request for establishing an encrypted data session with 64 is transmitted to the NPSP server 100 through the encrypted control session. Upon receipt of the session establishment request, the NPSP server 100 receives steps S216 and S2.
18, the printer information of the NPSP compatible printer 264 is transferred to NP through each encryption control session.
The client information of the NPSP compatible client 224 is transmitted to the SP compatible client 224 to the NPSP compatible printer 264. Then, steps S220 and S2
A cryptographic key is generated via 22, and the NPSP compatible client 224 is passed through each encryption control session.
And the encryption key is transmitted to the NPSP compatible printer 264.

When the printer information and the encryption key are received by the NPSP compatible client 224, the network environment of the NPSP compatible client 224 and the NPSP compatible printer 264 is in the fourth mode.
A session establishment request is transmitted to the NPSP server 100 through the encrypted control session via 156. On the other hand, when the NPSP compatible printer 264 receives the client information and the encryption key, since the network environment of the NPSP compatible client 224 and the NPSP compatible printer 264 is the fourth mode, the session is passed through the encryption control session through step S338. The establishment request is transmitted to the NPSP server 100.

When the NPSP server 100 receives the session establishment request from the NPSP compatible client 224 and the NPSP compatible printer 264, step S246 is performed.
After passing through S250, the client proxy port is opened, and the session establishment response including the port number of the client proxy port is transmitted to the NPSP compatible client 224 through the encrypted control session. Similarly, through steps S252 to S256, the printer proxy port is opened, and a session establishment response including the port number of the printer proxy port is sent through the encrypted control session to the NPSP compatible printer 2
64 is transmitted. Then, through step S258,
The client proxy port and the printer proxy port are used to mediate encrypted communication between the NPSP-compatible client 224 and the NPSP-compatible printer 264.

Upon receiving the session establishment request, the NPSP-compatible client 224 uses the encryption key for the client proxy port specified by the port number included in the received session establishment response, through step S160. Corresponding client 224
An encrypted data session is established between the NPSP server 100 and the NPSP server 100. Similarly, when the NPSP compatible printer 264 receives the session establishment request, the encryption key is used for the printer proxy port specified by the port number included in the received session establishment response through step S342. NPSP compatible printer 2
An encrypted data session is established between 64 and the NPSP server 100. As a result, an encrypted data session is established between the NPSP compatible client 224 and the NPSP compatible printer 264 via the NPSP server 100, as shown in FIG.

In the NPSP compliant client 224, when the encrypted data session is established, step S12
After 0, print data is transmitted to the NPSP compatible printer 264 through the encrypted data session. NPSP
When the corresponding printer 264 receives the print data, the printing is performed based on the received print data through step S318. When printing is completed, step S322
Then, the print completion notification is transmitted to the NPSP server 100 and the NPSP compatible client 224.

When the NPSP server 100 receives the print completion notification, it goes through steps S230 and S232,
The print history for the user of the NPSP compatible client 224 is updated, and the NPS is available through the encrypted control session.
The print history information is transmitted to the P-compatible client 224. When the print history information is received after receiving the print completion notification, the NPSP compatible client 224 displays the print history based on the received print history information through step S126.

Thus, the communication between the NPSP compatible client 224 and the NPSP compatible printer 264 is completed. When the communication is completed, the NPSP compatible client 224 and the NP
Encrypted control session and encrypted data session with SP server 100, and NPSP compatible printer 2
The encrypted control session and encrypted data session between 64 and the NPSP server 100 are released. Also,
The client proxy port and printer proxy port are also closed.

Thus, in this embodiment, the NP
Between the SP compatible client and the NPSP server 100,
And an encryption control session is established between the NPSP-compatible printer and the NPSP server 100, and the NPSP server 100 sends the NPS to the NPS through the established encryption control session.
The encryption key is distributed to the P-compatible client and the NPSP-compatible printer, and the NPSP-compatible client and the NPSP-compatible printer use the distributed encryption key to establish an encrypted data session between the NPSP-compatible client and the NPSP-compatible printer. Print data is transmitted and received through the established encrypted data session.

As a result, encrypted communication can be performed between the NPSP-compatible client and the NPSP-compatible printer, and the possibility that print data will be known to a third party due to eavesdropping or leakage can be reduced. it can. Moreover, since the encryption key is delivered through the encryption control session, it is possible to reduce the possibility that the encryption key will be known to a third party due to eavesdropping, leakage, or the like. Therefore, it is possible to protect the confidentiality of print data when performing remote printing, as compared with the related art. In addition, an NPSP compatible client and N
Communication with the PSP compatible printer is performed by the NPSP server 10.
Since it is mediated by 0, even in a network environment in which a global IP address is commonly assigned to NPSP compatible clients or NPSP compatible printers,
Encrypted communication can be realized relatively easily.

Further, in the present embodiment, when the NPSP server 100 receives the session establishment request from the NPSP compatible client, the NPSP compatible client among the NPSP compatible printers with which the encryption control session is established can be used. NPSP compliant printers, the NPSP compliant printer relating to the session establishment request is selected from the NPSP compliant printers, and the selected NPSP compliant printer and NPS are selected.
The encryption key is transmitted to the P-compatible client through the encryption control session.

As a result, the NPSP compatible client can select the communication target from the NPSP compatible printers under the control of the NPSP server 100.
Further, in the present embodiment, when the network environment of the NPSP compatible client and the NPSP compatible printer is the first mode, the NPSP compatible client and the NPSP compatible printer are
The SP compatible printer establishes an encrypted data session by using an encryption key between the NPSP compatible client and the NPSP compatible printer without going through the NPSP server 100.

Thus, even if the network environment of the NPSP compatible client and the NPSP compatible printer is the first mode, the encrypted communication can be realized relatively easily. Further, in the present embodiment, when the network environment of the NPSP compatible client and the NPSP compatible printer is the second mode, the NPSP compatible client and the NPSP compatible printer are the NPSP server 100.
The encrypted data session is established between the NPSP-compatible client and the NPSP-compatible printer without using the encryption key.

As a result, even if the network environment of the NPSP-compatible client and the NPSP-compatible printer is the second mode, encrypted communication can be realized relatively easily. Further, in the present embodiment, when the network environment of the NPSP compatible client and the NPSP compatible printer is the second mode, the NPSP compatible client sends a reverse session establishment request to the NPSP server 1.
00, and when the session establishment request from the NPSP compatible printer is received by the transmission of the request, the session establishment response is transmitted to the NPSP compatible printer,
Data communication using an encryption key is started between the SP compatible client and the NPSP compatible printer, and when the NPSP server 100 receives a reverse session establishment request from the NPSP compatible client, it establishes a reverse session. The request is transmitted to the NPSP compatible printer. When the NPSP compatible printer receives the reverse session establishment request from the NPSP server 100, the NPSP compatible printer sends the session establishment request to the NPS.
Sent to the P-compatible client and sent the request to send N
When the session establishment response from the PSP compatible client is received, the data communication using the encryption key is started between the NPSP compatible client and the NPSP compatible printer.

As a result, even if the network environment of the NPSP compatible client and the NPSP compatible printer is the second mode, the encrypted data session can be established by the active action from the NPSP compatible client. Further, in the present embodiment, when the network environment of the NPSP compatible client and the NPSP compatible printer is the third mode, the NPSP compatible client and the NPSP compatible printer are the NPSP server 10
An encrypted data session is established between the NPSP-compatible client and the NPSP-compatible printer without using 0.

Thus, even if the network environment of the NPSP compatible client and the NPSP compatible printer is the third mode, the encrypted communication can be realized relatively easily. Further, in the present embodiment, when the network environment of the NPSP compatible client and the NPSP compatible printer is the fourth mode, the NPSP compatible client and the NPSP compatible printer are the NPSP server 100.
The encrypted data session is established between the NPSP-compatible client and the NPSP-compatible printer via the encryption key.

As a result, even if the network environment of the NPSP-compatible client and the NPSP-compatible printer is the fourth mode, the encrypted communication can be realized relatively easily. Further, in the present embodiment, the network print service unit 150 is provided which provides a service regarding printing between the NPSP compatible client and the NPSP compatible printer.

As a result, although the network print service unit 150 has a function dependent on the network connection service unit 110, the network print service unit 1
Since 50 manages only information related to printing,
In addition to the encrypted print service as described above, a support service based on printer information and an information distribution service by printing can be provided to an NPSP compatible client, an NPSP compatible printer, and other terminals.

Further, in the present embodiment, the user authentication information management unit 114 uses the NPSP compatible client and NPSP.
The authentication method is managed as user authentication information for each user of the SP compatible printer. Thus, different authentication methods can be set for each user of the NPSP-compatible client and the NPSP-compatible printer, and thus the confidentiality of print data can be further protected when performing remote printing. Also, by using different authentication methods, different security levels can be set according to the print contents and applications.

Further, in the present embodiment, the user group management unit 120 uses, for each user group, an encryption algorithm used for IP packet encryption, a hash algorithm used for IP packet authentication, and a cryptographic calculation. Information about the key length, information about the update period of the encryption key, and information about the protocol permitted to be used between the NPSP compatible client and the NPSP compatible printer are managed.

As a result, different encryption algorithms and the like can be set for each user group, so that the confidentiality of print data can be further protected when performing remote printing. Further, in the present embodiment, the NP that has established the encryption control session with the NPSP server 100.
From SP compatible client or NPSP compatible printer,
The client information and the printer information are regularly acquired and managed.

As a result, the NPSP-compatible client or the NPSP-compatible printer will notify the communication partner of the NPSP.
The network environment such as whether the SP server 100 is connected can be grasped. Moreover, since the information is periodically acquired, the NPSP compatible client or the NPSP
The SP compatible printer can grasp the relatively latest network environment of the communication partner. For example, it becomes easy to deal with the change of the global IP address.

Further, in the present embodiment, the NPSP server 100 sends the printer information to the NPSP compatible client and the client information to the NPSP compatible printer, respectively. As a result, the NPSP-compatible client or the NPSP-compatible printer can adopt an appropriate communication method according to the network environment of itself and the communication partner. In particular, if the network environment of the self and the communication partner is the fourth mode, communication can be performed via the NPSP server 100.

Further, in the present embodiment, the proxy plug-in unit 156 is designed to give an additional function to be executed in the encrypted communication mediated by the session proxy unit 122. This facilitates service extension in encrypted communication mediated by the session proxy unit 122.

Further, in the present embodiment, the proxy plug-in unit 156 is adapted to provide an additional function of temporarily buffering the encrypted communication mediated by the session proxy unit 122 to change the transfer rate. . By changing the transfer rate, N
Since the transfer rate with the PSP compatible printer can be adjusted, it is possible to use NPSP compatible printers having different transfer rates.

Further, in the present embodiment, the NPSP compatible printer sends a print completion notification to the NPSP compatible client and the NPSP server 100. As a result, the NPSP compatible printer does not need to store the log information in the local memory or disk. In the first embodiment, the global IP address corresponds to the representative address described in claim 4, 6, 8 or 10, and the encrypted control session is defined in any one of claims 1 to 3, 7.
Corresponding to the encrypted control connection according to claim 16, 20, 23, 27 or 30, the encrypted data session corresponds to the encrypted data connection according to claim 1, 4, 6, 8, 10, 12 or 30. There is. Further, the session establishment request is made according to claim 2, 3, 5, 7, 9, 11, 16 or 2.
9. The session establishment response corresponds to the connection establishment request according to claim 9, and the session establishment response is defined in claims 5, 7, 9, 11, 17 to 22, and 2.
The reverse session establishment request corresponds to the connection establishment response according to any one of claims 4 to 29, and the reverse session establishment request is claimed in any one of claims 7, 19, 20, and 2.
It corresponds to the reverse connection establishment request described in 6 or 27.

In the first embodiment, N
The PSP server 100 has claims 1 to 4, 6 to 8, and 1.
The first communication terminal according to any one of claims 1 to 12, 16 to 23, 25, 27, 29, or 30, which corresponds to the communication management terminal described in 0, 11, 16, 19 to 23, and 26 to 30, and the NPSP-compatible client is It corresponds to. Also, NPS
P-compatible printers are claims 1 to 12, 16 to 24,
The user connection management unit 11 corresponds to the second communication terminal described in 26, 28, or 30 or the printing terminal described in claim 12.
Reference numeral 8 corresponds to the terminal information storage means according to claim 3.

Next, a second embodiment of the present invention will be described with reference to the drawings. 9 to 12 are diagrams showing a second embodiment of an encrypted communication system, a communication management terminal, a communication terminal and a terminal program, and an encrypted communication method according to the present invention. Hereinafter, only the parts different from those of the first embodiment will be described, and the overlapping parts will be denoted by the same reference numerals and the description thereof will be omitted.

This embodiment shows an encrypted communication system, a communication management terminal, a communication terminal and a program for a terminal, and an encrypted communication method according to the present invention, as shown in FIG.
This is applied to a case where an NPSP non-compliant client performs remote printing with a NPSP non-compliant printer using the SP server 100. First, the configuration of a network system to which the present invention is applied will be described with reference to FIG. FIG. 9 is a diagram showing the configuration of a network system to which the present invention is applied.

On the Internet 199, as shown in FIG. 9, the NPSP server 100, the network 200,
220, 240, 260 are connected. The network 200 is directly connected to the Internet 199.
PSP compatible proxy 210 and NPSP compatible proxy 2
NPSP connecting to Internet 199 via 10
Non-compliant client 203, NAT device 204, N
It is composed of an NPSP compatible proxy 212 connected to the Internet 199 via the AT device 204 and an NPSP non-compatible client 207 connected to the Internet 199 via the NAT device 204 and the NPSP compatible proxy 212.

The network 220 includes a NAT / PAT device 222 and an NPSP compatible proxy 230 connected to the Internet 199 via the NAT / PAT device 222.
And a plurality of NPSP non-compliant clients 225 connected to the Internet 199 via the NAT / PAT device 222 and the NPSP compliant proxy 230.

The network 240 is the Internet 1
Npsp-compatible proxy 250 that directly connects to 99
Internet 19 via PSP compatible proxy 250
9, NPSP non-compliant printer 243 connected to
A device 244, an NPSP-compatible proxy 252 connecting to the Internet 199 via the NAT device 244, N
It is composed of an AT device 244 and an NPSP non-compatible printer 247 connected to the Internet 199 via an NPSP compatible proxy 252.

The network 260 includes a NAT / PAT device 262 and an NPSP-compatible proxy 270 connected to the Internet 199 via the NAT / PAT device 262.
And a plurality of NPSP non-compatible printers 265 connected to the Internet 199 via the NAT / PAT device 262 and the NPSP compatible proxy 270.

For convenience of explanation, the NPSP-compatible proxies 210, 212, and 230 will be generically referred to as “client proxies” because they accommodate NPSP-incompatible clients, and the NPSP-compatible proxies 250 and 25 will be referred to below.
2, 270 are collectively referred to as "printer proxies" because they accommodate NPSP non-compliant printers. Next, the configuration of the client proxy will be described in detail with reference to FIG. FIG. 10 is a flowchart showing the processing executed by the client proxy.

The client proxy is the CPU, RO
It has the same function as a general computer in which M, RAM, I / F, etc. are connected by a bus, and activates a predetermined program stored in a predetermined area of the ROM.
According to the program, the encrypted remote print request process shown in the flowchart of FIG. 10 is executed. It should be noted that the client proxy is preregistered with the client information of the NPSP-incompatible client, and the client information also includes information regarding the network environment of the client proxy.

When the encrypted remote print request process is executed by the CPU, as shown in FIG. 10, first, the process proceeds to step S400. Step S
In 400, it is determined whether or not a print request from the NPSP non-compliant client is received, and when it is determined that the print request is received (Yes), the process proceeds to step S402.
If not (No), the process waits in step S400 until a print request is received.

In step S402, an encryption control session is established between the client proxy and the NPSP server 100, and the process proceeds to step S404, where NPSP
When it is determined whether the authentication by the server 100 has been obtained or not (Yes), the step S40 is performed.
6, the client information is transmitted to the NPSP server 100 through the encrypted control session, and step S
408, and NP through the encrypted control session
The printer information is received from the SP server 100, and the process proceeds to step S410.

In step S410, the received printer information is transmitted to the NPSP non-compliant client, the process proceeds to step S412, the print data from the NPSP non-compliant client is received, and the process proceeds to step S414.
The encryption key from the NPSP server 100 is received through the encryption control session, and the process proceeds to step S416. In step S416, a session establishment request is transmitted to the printer proxy based on the printer information, and step S4
When it is determined that the session establishment response has been received (Yes), the process proceeds to step S420, but when it is determined that the session establishment response has not been received (No) Waits in step S418 until it receives a session establishment response.

In step S420, an encrypted data session is established between the client proxy and the printer proxy using the received encryption key, and step S42
2, the print data is transmitted to the printer proxy through the encrypted data session, the process proceeds to step S424, and it is determined whether or not the print completion notification is received.
If it is determined that the print completion notification is received (Yes), the process proceeds to step S426. If it is determined that the print completion notification is not received (No), step S4 is performed until the print completion notification is received.
Wait at 24.

In step S426, the print history information from the NPSP server 100 is received through the encryption control session, the process proceeds to step S428, the received print history information is transmitted to the NPSP non-compliant client, and the process proceeds to step S430. Then, the encrypted data session is released, the process proceeds to step S432, the encrypted control session is released, the series of processes is terminated, and the original process is resumed.

On the other hand, when it is determined in step S404 that the authentication by the NPSP server 100 cannot be obtained (No).
Terminates a series of processes and returns to the original process. Although the case where encrypted communication is performed with the printer proxy has been described above, when encrypted communication is performed with the NPSP compatible printer as in the first embodiment, the encryption shown in the flowchart of FIG. 2 is performed. This can be realized by executing a process corresponding to the customized remote print request process.

Next, the configuration of the printer proxy will be described in detail with reference to FIG. FIG. 11 is a flowchart showing the processing executed by the printer proxy. The printer proxy is configured to have the same function as a general computer in which a CPU, a ROM, a RAM, an I / F, etc. are connected to a bus, and activates a predetermined program stored in a predetermined area of the ROM. According to the program, the encrypted remote printing process shown in the flowchart of FIG. 11 is executed. Note that the printer proxy has printer information registered in advance for NPSP-incompatible printers, and the printer information also includes information on the network environment of the printer proxy.

When the encrypted remote printing process is executed by the CPU, as shown in FIG. 11, first, the process proceeds to step S500. Step S50
0, an encryption control session is established between the printer proxy and the NPSP server 100, and step S502
When it is determined that the authentication by the NPSP server 100 is obtained, the process proceeds to (Ye
s) shifts to step S504 to send the printer information to the NPSP server 100 through the encryption control session, shifts to step S506 to receive the client information from the NPSP server 100 through the encryption control session, and The process moves to S508.

At the step S508, the encryption key from the NPSP server 100 is received through the encryption control session, then the step goes to a step S510, it is judged whether or not the session establishment request is received, and the session establishment request is received. If it is determined that it has been done (Yes), step S512
However, if it is determined that it is not (No), the process waits in step S510 until the session establishment request is received.

In step S512, the session establishment response is transmitted to the client proxy, and in step S514
Then, the encrypted data session is established between the client proxy and the printer proxy using the received encryption key, and the process proceeds to step S516. In step S516, the print data from the client proxy is received through the encrypted data session, and
In step 518, the received print data is transmitted to the NPSP non-compliant printer, and in step S520, it is determined whether a print completion notification has been received, and it is determined that a print completion notification has been received. If yes, step S52.
If the determination result is No (No), the process proceeds to step S520 until a print completion notification is received.

In step S522, a print completion notification is sent to the client proxy and the NPSP server 100, the process proceeds to step S524, the encrypted data session is released, and the process proceeds to step S526 to release the encrypted control session. Then, the series of processing is terminated and the original processing is restored. On the other hand, when it is determined in step S502 that the authentication by the NPSP server 100 cannot be obtained (No)
Terminates a series of processes and returns to the original process.

The case where encrypted communication is performed with the client proxy has been described above. However, when encrypted communication is performed with the NPSP-compatible client as in the first embodiment, the flowchart of FIG. This can be realized by executing a process corresponding to the encrypted remote printing process shown in. Next, the operation of the second embodiment will be described with reference to the drawings.

First, a case in which an NPSP non-compliant client of the network 200 performs remote printing with an NPSP non-compliant printer of the network 240 will be described with reference to FIG. FIG. 12 is a diagram showing a communication procedure when the network environment is the first mode. Where N
PSP non-compliant clients 203, 207 and NPSP
The non-compliant printers 243 and 247 belong to the same user group, and the NPSP non-compliant clients 203 and 207.
Can use the printers 243 and 247 which do not support NPSP. In the following, a case where the NPSP non-compliant client 203 performs remote printing with the NPSP non-compliant printer 243 will be described as an example. All other combinations are the same as this example.

First, in the printer proxy, step S
As shown in FIG. 12, an encryption control session is established between the printer proxy and the NPSP server 100 via 500. At that time, when the authentication by the NPSP server 100 is obtained, the printer information of the non-NPSP printer 243 is transmitted to the NPSP server 100 through the encryption control session through step S504.

On the other hand, the client 203 not supporting NPSP
At, when the user instructs printing, a print request is sent to the client proxy. The print request can be transmitted by using an existing WWW (World Wide Web) browser, for example. The same applies to the communication with the client proxy hereinafter. When the client proxy receives the print request, it goes through step S402, and as shown in FIG.
An encryption control session is established with the SP server 100. At that time, when the authentication by the NPSP server 100 is obtained, the client information of the NPSP non-compliant client 203 is transmitted to the NPSP server 100 through the encryption control session through step S406.

Upon receiving the printer information and the client information, the NPSP server 100 stores the received printer information and client information in the user connection management unit 118. Then, among the NPSP non-compliant printers under the management of the printer proxy with which the encryption control session is established, a list of NPSP non-compliant printers available to the NPSP non-compliant client 203 is transmitted to the client proxy. This list includes printers 243 not compatible with NPSP.

Upon receiving the printer list, the client proxy sends the received printer list to the NPSP non-compliant client 203. In the NPSP non-compliant client 203, when the user selects the NPSP non-compliant printer 243 from the printer list, the fact and print data are transmitted to the client proxy.

When the client proxy receives the selection of the printer 243 not supporting NPSP and the print data,
A session establishment request for establishing an encrypted data session with the printer proxy is transmitted through the encrypted control session.
It is transmitted to the PSP server 100. NPSP server 10
0, when the session establishment request is received, step S
Through 216 and S218, the printer information of the non-NPSP printer 243 and the client information of the non-NPSP client 203 are transmitted to the client proxy and the printer proxy through the respective encryption control sessions. Then, through steps S220 and S222, an encryption key is generated, and the encryption key is transmitted to the client proxy and the printer proxy through each encryption control session.

Upon receiving the printer information and the encryption key, the client proxy sends a session establishment request to the printer proxy based on the printer information, through step S416. When the printer proxy receives the session establishment request after receiving the client information and the encryption key, the session establishment response is transmitted to the client proxy through step S512.

When the client proxy receives the session establishment response, the encrypted data session is established between the client proxy and the printer proxy by using the encryption key as shown in FIG. 12 through steps S420 and S422. The print data is transmitted to the printer proxy through the encrypted data session. When the print data is received by the printer proxy, step S5 is performed.
The received print data is transmitted via 18 to the NPSP non-compliant printer 243.

When the print data is received, the printer 243 not compatible with NPSP prints based on the received print data. When printing is completed, a print completion notification is sent to the printer proxy. In printer proxy,
Upon receiving the print completion notification, the print completion notification is transmitted to the NPSP server 100 and the client proxy via step S522.

Upon receiving the print completion notification, the NPSP server 100 goes through steps S230 and S232,
The print history for the user of the client proxy is updated and the print history information is sent to the client proxy through the encrypted control session. When the client proxy receives the print history information after receiving the print completion notification, the received print history information is transmitted to the NPSP non-compliant client 203 through step S428.

In the NPSP non-compliant client 203,
When the print history information is received, the print history is displayed based on the received print history information. This completes the communication between the NPSP non-compliant client 203 and the NPSP non-compliant printer 243. When the communication is completed, the encrypted data session between the client proxy and the printer proxy, the encrypted control session between the client proxy and the NPSP server 100, and the printer proxy and the N
The encrypted control session with the PSP server 100 is released.

Next, a case where the NPSP non-compliant client of the network 200 performs remote printing with the NPSP non-compliant printer of the network 260 will be described. In this case, the network environment of the NPSP non-supporting client and the NPSP non-supporting printer is the second mode, but the network environment of the client proxy and the printer proxy which actually communicates is the first mode, and therefore the same procedure as described above is used. Done in. The encryption control session and the encryption data session are established as shown in FIG.

Next, a case will be described in which an NPSP non-compliant client of the network 220 performs remote printing with an NPSP non-compliant printer of the network 240. In this case, the network environment of the NPSP non-supporting client and the NPSP non-supporting printer is the third mode, but the network environment of the client proxy and the printer proxy which actually communicates is the first mode, and therefore the same procedure as described above is used. Done in. The encryption control session and the encryption data session are established as shown in FIG.

Next, a case will be described in which a NPSP non-compliant client of the network 220 performs remote printing with a NPSP non-compliant printer of the network 260. In this case, the network environment of the NPSP non-supporting client and the NPSP non-supporting printer is the second mode, but the network environment of the client proxy and the printer proxy which actually communicates is the fourth mode, and therefore the same procedure as above is applied. Done in. The encryption control session and the encryption data session are established as shown in FIG.

When a non-NPSP compatible client performs remote printing with an NPSP compatible printer via the client proxy, the client proxy and N
According to the network environment of the PSP compatible printer, the client proxy is set to N in the first embodiment.
By operating in the same manner as the PSP compatible client, encrypted communication can be performed.

Further, when the NPSP-compatible client performs remote printing with the NPSP-incompatible printer via the printer proxy, the printer proxy is configured to execute the remote printing according to the network environment of the NPSP-compatible client and the printer proxy. The encrypted communication can be performed by operating in the same manner as the NPSP compatible printer in the embodiment.

As described above, in this embodiment, the encryption control session is established between the client proxy and the NPSP server 100 and between the printer proxy and the NPSP server 100, and the encrypted control session is established through the established encryption control session. The encryption key is delivered from the NPSP server 100 to the client proxy and the printer proxy, and the client proxy and the printer proxy use the delivered encryption key to establish an encrypted data session between the client proxy and the printer proxy and establish it. Print data is transmitted and received through the encrypted data session.

As a result, since encrypted communication can be performed between the client proxy and the printer proxy, it is possible to reduce the possibility that the print data will be known to a third party due to eavesdropping or leakage. Moreover, since the encryption key is delivered through the encryption control session, it is possible to reduce the possibility that the encryption key will be known to a third party due to eavesdropping, leakage, or the like. Therefore, it is possible to protect the confidentiality of print data when performing remote printing, as compared with the related art. Furthermore, since it is not necessary to implement a special protocol for establishing an encrypted data session in the NPSP non-compliant client and the NPSP non-compliant printer, the existing NPSP non-compliant client and the NPSP non-compliant printer are used relatively easily. be able to.

Further, in the present embodiment, when the NPSP server 100 receives the session establishment request from the client proxy, the NPSP server 100 of the NPSP non-compliant printer under the control of the printer proxy with which the encryption control session is established. Among them, the NPSP non-compliant printer is selected from the NPSP non-compliant printers available to the NPSP non-compliant client 203, and the encryption key is transmitted to the printer proxy and the client proxy through the encryption control session. ing.

Accordingly, the client proxy is
The communication target can be selected from the NPSP non-compliant printers managed by the PSP server 100. Further, in the present embodiment, when the network environment of the NPSP non-compliant client and the NPSP non-compliant printer is the first form, the second form, the third form or the fourth form, the client proxy and the printer proxy are used. Is
An encrypted data session is established by using an encryption key between the client proxy and the printer proxy without going through the NPSP server 100.

Thus, the network environment of the NPSP non-compliant client and the NPSP non-compliant printer becomes the first.
The encrypted communication can be realized relatively easily in any of the above modes, the second mode, the third mode, and the fourth mode. In the second embodiment, the global IP address corresponds to the representative address described in claim 4, 6, 8 or 10, and the encrypted control session is defined in any one of claims 1 to 3, 7, 16, 20, 23. , 27 or 30 corresponding to the encrypted control connection, and the encrypted data session corresponds to the encrypted data connection according to claim 1, 4, 6, 8, 10, 13 or 30. Further, the session establishment request is made in any one of claims 2, 3, 5, 7, 9, 11,
16 to 29, the session establishment response corresponds to the connection establishment response described in claims 5, 7, 9, 11, 17 to 22, 24 to 29, and the reverse session establishment request corresponds to the connection establishment request. Item 7, 1
It corresponds to the reverse connection establishment request described in 9, 20, 26 or 27.

Further, in the above second embodiment, N
The PSP server 100 has claims 1 to 4, 6 to 8, and 1.
Corresponding to the communication management terminal described in 0, 11, 16, 19 to 23, 26 to 30, the client proxy is the first communication according to claim 1 to 11, 13, 16 to 23, 25, 27, 29 or 30. It corresponds to the terminal. The printer proxy is defined in any one of claims 1 to 11, 13, 16 and 2.
It corresponds to the second communication terminal described in 4, 26, 28 or 30, or the proxy terminal described in claim 13, the NPSP non-compliant printer corresponds to the printing terminal described in claim 13, and the user connection management unit 118 This corresponds to the terminal information storage means described in claim 3.

Next, a third embodiment of the present invention will be described with reference to the drawings. FIG. 13 is a diagram showing a third embodiment of an encrypted communication system, a communication management terminal, a communication terminal and a terminal program, and an encrypted communication method according to the present invention. Hereinafter, only the parts different from those of the first embodiment will be described, and the overlapping parts will be denoted by the same reference numerals and the description thereof will be omitted.

In this embodiment, the encrypted communication system, the communication management terminal, the communication terminal and the program for the terminal, and the encrypted communication method according to the present invention are used by the NPSP server 100, and the NPSP non-compliant client uses the NPSP. This is applied when remote printing is performed by a compatible printer. The network configuration of this embodiment differs from that of the first embodiment described above with reference to FIG.
In that, the NPSP compatible client is a non-NPSP compatible client.

First, the configuration of the NPSP server 100 is shown in FIG.
It will be described in detail with reference to FIG. Figure 13 shows NPSP
6 is a flowchart showing a process executed by the server 100. The NPSP server 100 activates a predetermined program stored in a predetermined area of the ROM and executes the encrypted communication management process shown in the flowchart of FIG. 13 in accordance with the program.

When the encrypted communication management process is executed by the CPU, as shown in FIG. 13, first, step S6 is performed.
It is designed to shift to 00. In step S600, the NPSP non-compliant client and the NPSP server 10
Establish an encrypted control session with 0, and execute step S
In step 602, the authentication process is executed for the NPSP non-compliant client, the process proceeds to step S604, it is determined whether or not the authentication is successful, and if it is determined that the authentication is successful (Yes), the step is The process moves to S606.

[0214] In step S606, an encryption control session is established between the NPSP compatible printer and the NPSP server 100, and the process proceeds to step S608.
The authentication process is executed for the SP compatible printer, the process proceeds to step S610, it is determined whether the authentication is successful,
If it is determined that the authentication is successful (Yes), step S6
Move to 12.

[0215] In step S612, the printer information is received through the encrypted control session, and in step S614.
And send the received printer information to the NPSP non-compliant client through the encrypted control session,
In step S616, the print data from the NPSP-incompatible client is received through the encrypted control session, and then the process proceeds to step S618.

At step S618, an encryption key is generated,
In step S620, the generated encryption key is transmitted to the NPSP compatible printer through the encryption control session. In step S622, the network environment of the NPSP server 100 and the NPSP compatible printer is determined based on the printer information. When it is determined that the network environment of the NPSP server 100 and the NPSP compatible printer is the first mode (Y
es) moves to step S624.

In step S624, a session establishment request is transmitted to the NPSP compatible printer based on the printer information, the process proceeds to step S626, it is determined whether a session establishment response is received, and the session establishment response is received. When it is determined (Yes), the process proceeds to step S628, but when it is determined otherwise (No), the process waits at step S626 until the session establishment response is received.

[0218] In step S628, an encrypted data session is established between the NPSP server 100 and the NPSP compatible printer by using the generated encryption key.
630 to transfer N through the encrypted data session.
Send the print data to the PSP compatible printer, and step S
632. In step S632, it is determined whether or not the print completion notification is received, and when it is determined that the print completion notification is received (Yes), the process proceeds to step S634, but when it is determined that it is not (No) Waits in step S632 until it receives the print completion notification.

In step S634, the print history regarding the user of the NPSP non-compliant client is updated, and the process proceeds to step S636 to transmit the print history information to the NPSP non-compliant client through the encryption control session,
In step S638, it is determined whether or not the printer data port used for encrypted communication with the NPSP compatible printer is open. When it is determined that the printer data port is open (Yes), , Goes to step S640, closes the printer data port, and goes to step S642.

In step S642, the encrypted data session is released, the process proceeds to step S644, the encrypted control session is released, and the series of processes is terminated and the original process is resumed. On the other hand, when it is determined in step S638 that the printer data port is not opened
(No) moves to step S642.

On the other hand, when it is determined in step S622 that the network environment of the NPSP server 100 and the NPSP compatible printer is not the first mode (No), step S622 is selected.
646, and based on the printer information, NPSP
When it is determined whether the network environment of the server 100 and the NPSP compatible printer is the second mode, and it is determined that the network environment of the NPSP server 100 and the NPSP compatible printer is the second mode (Yes), The process moves to S648.

In step S648, the printer data port is opened, and the flow advances to step S650 to send an NP request for establishment of a reverse session including the port number of the printer data port through the encryption control session.
When it is determined that the session establishment request has been received (Yes), the process proceeds to step S652, the session establishment request is received, and the process proceeds to step S652.
If the process proceeds to step S654, but it is determined otherwise (No), the process stands by in step S652 until the session establishment request is received.

[0223] In step S654, a session establishment response is transmitted to the NPSP compatible printer, and in step S656.
Then, the encrypted data session is established between the NPSP server 100 and the NPSP compatible printer using the generated encryption key, and the process proceeds to step S630. On the other hand, in step S646, the NPSP server 100 and N
When it is determined that the network environment of the PSP compatible printer is not the second mode (No), the process proceeds to step S644.

On the other hand, when it is determined in step S610 that the authentication of the NPSP compatible printer has failed (N
o) and when it is determined in step S604 that the authentication of the NPSP non-compliant client has failed (No), the series of processes is ended and the original process is returned to.
Next, the operation of the third embodiment will be described.

First, N of the networks 200 and 220
A PSP-incompatible client is an NP on the network 240.
A case of performing remote printing with an SP compatible printer will be described. Here, the NPSP non-compliant client and the NPSP
The compatible printers 242 and 246 belong to the same user group, and the non-NPSP compatible clients can use the NPSP compatible printers 242 and 246. In addition,
Hereinafter, a case will be described as an example in which an NPSP non-compliant client performs remote printing with the NPSP compliant printer 242. All other combinations are the same as this example.

First, in the NPSP compatible printer 242,
Through step S300, NPSP compatible printer 242
An encryption control session is established between the NPSP server 100 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, the printer information of the NPSP compatible printer 242 is transmitted to the NPSP server 100 through the encryption control session through step S304.

On the other hand, in the NPSP non-compliant client, when the user instructs printing, an encryption control session is established between the NPSP non-compliant client and the NPSP server 100. The encryption control session can be established using, for example, an existing WWW browser. Hereinafter, the same applies to communication with the NPSP server 100.

Upon receiving the printer information, the NPSP server 100 stores the received printer information in the user connection management unit 118. Then, a list of NPSP-compatible printers that can be used by the NPSP-incompatible client among the NPSP-compatible printers with which the encrypted control session is established is transmitted to the NPSP-incompatible client. This list includes the NPSP compatible printer 242.

In the NPSP non-compliant client, when the user selects the NPSP compliant printer 242 from the list of printers, a message to that effect and print data indicate NPSP.
It is transmitted to the SP server 100. NPSP server 100
Then, when the selection of the NPSP compatible printer 242 and the print data are received, through steps S618 and S620,
An encryption key is generated and NP is sent through the encryption control session.
The encryption key is transmitted to the SP compatible printer 242. Then, the NPSP server 100 and the NPSP compatible printer 2
Since the 42 network environment is the first form,
After steps S622 and S624, the session establishment request is sent to the NPSP compatible printer 24 based on the printer information.
2 is sent.

When the NPSP printer 242 receives the session establishment request after receiving the encryption key, the session establishment response is transmitted to the NPSP server 100 through step S312. In the NPSP server 100,
When the session establishment response is received, step S628,
Through S630, using the encryption key, the NPSP server 10
0 and the NPSP compatible printer 242 establish an encrypted data session, and print data is transmitted to the NPSP compatible printer 242 through the encrypted data session.

Upon receiving the print data, the NPSP compatible printer 242 performs printing based on the received print data through step S318. When printing is completed, a notification of printing completion is transmitted to the NPSP server 100 via step S322. Upon receiving the print completion notification, the NPSP server 100 receives the notification in step S634.
Through S636, the print history regarding the user of the NPSP non-compliant client is updated, and the print history information is transmitted to the NPSP non-compliant client through the encryption control session.

[0232] When the print history information is received, the NPSP non-compliant client displays the print history based on the received print history information. This completes the communication between the NPSP-incompatible client and the NPSP-compatible printer 242. When the communication is completed, an encryption control session between the NPSP non-compliant client and the NPSP server 100,
Also, the NPSP compatible printer 242 and the NPSP server 1
The encrypted control session with 00 and the encrypted data session are released.

Next, the NP of the networks 200 and 220
SP non-compliant client is NPS of network 260
A case where remote printing is performed by a P-compatible printer will be described.
Here, the NPSP non-compliant client and the NPSP compliant printer 264 belong to the same user group,
The SP non-compliant client is the NPSP compatible printer 264.
Are available. It should be noted that in the following, any NPSP compatible printer 264 will be used as a NPSP non-compatible client.
An example of remote printing will be described. All other combinations are the same as this example.

First, in the NPSP compatible printer 264,
Through step S300, NPSP compatible printer 264
An encryption control session is established between the NPSP server 100 and the NPSP server 100. At that time, when the authentication by the NPSP server 100 is obtained, the printer information of the NPSP compatible printer 264 is transmitted to the NPSP server 100 through the encryption control session through step S304.

On the other hand, in the NPSP non-compliant client, when the user instructs the printing, the encryption control session is established between the NPSP non-compliant client and the NPSP server 100. The encryption control session can be established using, for example, an existing WWW browser. Hereinafter, the same applies to communication with the NPSP server 100.

Upon receiving the printer information, the NPSP server 100 stores the received printer information in the user connection management unit 118. Then, a list of NPSP-compatible printers that can be used by the NPSP-incompatible client among the NPSP-compatible printers with which the encrypted control session is established is transmitted to the NPSP-incompatible client. The list includes the NPSP compatible printer 264.

In the NPSP non-compliant client, when the user selects the NPSP compliant printer 264 from the printer list, that fact and the print data are NP
It is transmitted to the SP server 100. NPSP server 100
Then, when the selection of the NPSP compatible printer 264 and the print data are received, through steps S618 and S620,
An encryption key is generated and NP is sent through the encryption control session.
The encryption key is transmitted to the SP compatible printer 264. Then, the NPSP server 100 and the NPSP compatible printer 2
Since the 64 network environment is the second form,
Through steps S646 and S648, the printer data port is opened, and a reverse session establishment request including the port number of the printer data port is transmitted to the NPSP compatible printer 264 through the encryption control session.

Upon receiving the reverse session establishment request, the NPSP compatible printer 264 proceeds to step S330.
After that, the session establishment request is sent to the printer data port specified by the port number included in the received reverse session establishment request.
Sent to. When the NPSP server 100 receives the session establishment request, the session establishment response is transmitted to the NPSP compatible printer 264 through step S654.

Upon receiving the session establishment response, the NPSP compatible printer 264 goes through step S334 and
An encryption data session is established between the NPSP server 100 and the NPSP compatible printer 264 using the encryption key. In the NPSP server 100, when the encrypted data session is established, the NPSP compatible printer 26 is passed through the encrypted data session through step S630.
The print data is transmitted to No. 4.

When the NPSP compatible printer 264 receives the print data, printing is performed based on the received print data through step S318. When printing is completed, a notification of printing completion is transmitted to the NPSP server 100 via step S322. NPSP compatible printer 2
In 64, when the print data is received, step S318
After that, printing is performed based on the received print data. When printing is completed, the process proceeds to step S322 and then NP
A print completion notification is sent to the SP server 100.

When the NPSP server 100 receives the print completion notification, it goes through steps S634 and S636.
The print history regarding the user of the NPSP non-compliant client is updated, and the print history information is transmitted to the NPSP non-compliant client through the encryption control session. NPS
When the P-incompatible client receives the print history information, the print history is displayed based on the received print history information.

As described above, NPSP non-compliant client and NP
Communication with the SP compatible printer 264 is completed. When the communication is completed, the encryption control session between the NPSP non-compliant client and the NPSP server 100, and the NPS
The encrypted control session and encrypted data session between the P-compatible printer 264 and the NPSP server 100 are released.

Thus, in this embodiment, the NP
Between the SP non-compliant client and the NPSP server 100, and between the NPSP compatible printer and the NPSP server 100
An encryption control session is established between the NPSP server and the NPSP server 100, and the print data is transmitted from the NPSP non-compliant client to the NPSP server 100 and the encryption key is transmitted from the NPSP server 100 to the NPSP compatible printer through the established encryption control session. The server 100 and the NPSP compatible printer use the encryption key to make the NPSP server 100
An encrypted data session is established between the printer and the NPSP compatible printer, and print data is transmitted and received from the NPSP non-compatible client through the established encrypted data session.

As a result, the NPSP server 100 and the NP
Since encrypted communication can be performed with the SP compatible printer, it is possible to reduce the possibility that print data will be known to a third party due to eavesdropping or leakage. Moreover, since the encryption key is delivered through the encryption control session, it is possible to reduce the possibility that the encryption key will be known to a third party due to eavesdropping, leakage, or the like. Therefore, it is possible to protect the confidentiality of print data when performing remote printing, as compared with the related art. Furthermore, since it is not necessary to install a special protocol for establishing an encrypted data session in the NPSP non-compliant client, the existing NPSP non-compliant client can be used relatively easily.

Furthermore, in the present embodiment, when the NPSP server 100 receives a session establishment request from an NPSP non-compliant client, the NPSP non-compliant client among the NPSP compliant printers with which the encryption control session has been established. The NPSP compatible printer relating to the session establishment request is selected from the available NPSP compatible printers, and the encryption key is transmitted to the selected NPSP compatible printer through the encryption control session.

Thus, the NPSP non-compliant client can select a communication target from the NPSP compliant printers under the control of the NPSP server 100.
In the third embodiment, the encrypted control session corresponds to the encrypted control connection according to claim 14, and the encrypted data session corresponds to the encrypted data connection according to claim 14, and does not support NPSP. The client corresponds to the first communication terminal according to claim 14, and N
The PSP compatible printer corresponds to the second communication terminal according to claim 14 or the printing terminal according to claim 14. Further, the NPSP server 100 corresponds to the communication management terminal according to claim 14.

Incidentally, in the first embodiment described above,
When the network environment of the NPSP compatible client and the NPSP compatible printer is the first form, the second form or the third form, the NPSP compatible client and the NP
Although the SP compatible printer is configured to establish an encrypted data session between the NPSP compatible client and the NPSP compatible printer without using the NPSP server 100, the SP compatible printer is not limited to this, but is not limited to this.
The encrypted data session may be established using the encryption key between the NPSP compatible client and the NPSP compatible printer via 00.

Further, in the third embodiment described above,
The case where the NPSP non-compliant client performs remote printing with the NPSP compliant printer has been described.
When the NPSP non-compliant client performs remote printing with the NPSP non-compliant printer, the NPSP non-compliant printer is connected via the printer proxy, and the printer proxy is set to the above-mentioned first according to the network environment of the NPSP server 100 and the printer proxy. Encrypted communication can be performed by operating similarly to the NPSP compatible printer in the first embodiment.

As a result, it is not necessary to mount a special protocol for establishing an encrypted data session on the NPSP non-compliant client and the NPSP non-compliant printer, so that the existing NPSP non-compliant client and NPS are not supported.
A P non-compliant printer can be used relatively easily. In this case, the encrypted control session corresponds to the encrypted control connection according to claim 15, the encrypted data session corresponds to the encrypted data connection according to claim 15, and the NPSP non-compliant client,
The first communication terminal according to claim 15 is supported, and the NPSP non-compliant printer is compatible with the printing terminal according to claim 15. The printer proxy is the second one according to claim 15.
Corresponding to the communication terminal or the proxy terminal according to claim 15, N
The PSP server 100 corresponds to the communication management terminal according to claim 15.

Further, although the network connection service unit 110 and the network print service unit 150 are mounted on the NPSP server 100 in the first, second, and third embodiments, the present invention is not limited to this. Alternatively, they may be mounted on different servers, and the servers may be communicably connected to each other. By dividing the functions in this way, the network connection service unit 110 can be used as a basic network service for providing secure communication between the client and the printer.

In addition, in the second embodiment described above,
Although the NPSP non-compliant client is configured to connect to the NPSP non-compliant printer via the NPSP compliant proxy, the present invention is not limited to this, and the NPSP compliant client may directly connect the NPSP compliant printer and the NPSP compliant proxy depending on the network environment. If the route via the route can be selected, the encrypted data session may be directly established with the NPSP compatible printer to send / receive the print data, or the NPSP compatible printer and the encrypted data may be transmitted via the NPSP compatible proxy. A session may be established to send / receive print data.

In the first, second and third embodiments, the NPSP compatible client or NPSP is used.
Although the configuration is provided by providing the encryption key generation unit 112 that generates the encryption key used when the compatible printer performs communication with the specified user group, the present invention is not limited to this, and the encryption key is not limited to the protocol for establishing the encryption control session. In the case where the function of generating and distributing is included, the function of the protocol may be used instead of the encryption key generating unit 112. For example, if the client and printer are NPSP
When the print request is received by SSL without passing through the server 100, the encryption key (session key) is generated and distributed by the SSL negotiation, so that it is not necessary to use the encryption key generation unit 112 of the NPSP server 100. . Further, in the case of IPSec, a key exchange protocol called IKE is specified, and when IKE is used, the encryption key is generated and delivered by the function of IKE. However, IPSec
Since the use of IKE is not essential for the encrypted communication by c, another key exchange protocol may be used. In this case, the encryption key generation unit 112 of the NPSP server 100 is used to generate and deliver the encryption key, and the encrypted communication is performed using IPSec.

In the first, second and third embodiments, the encryption control session and the encrypted data session are respectively established, and the print data is transmitted and received through the encrypted data session. However, the configuration is not limited to this, and only the encryption control session may be established, and the print request or the print data may be transmitted and received through the encryption control session. In this case, be sure to NP
Since it passes through the SP server 100, the NPSP server 10
0 determines the destination and sends the print request or print data to NPSP
Data is transmitted to the corresponding client or the NPSP compatible proxy through the encrypted control session. Note that only the encrypted data session may be established, and the print request or the print data may be transmitted / received through the encrypted data session.

Further, in the above-mentioned first, second and third embodiments, the encryption control session is established when performing the encrypted communication, but the present invention is not limited to this, and the encrypted communication is performed. Regardless of whether or not the encryption control session is always established, the encryption control session may be maintained, or may be established periodically.

In addition, in the above-mentioned first, second and third embodiments, FIG. 2 to FIG. 4, FIG. 10, FIG. 11 and FIG.
In all of the processes shown in the flowchart of FIG. 5, the case where the control program stored in the ROM in advance is executed has been described, but the present invention is not limited to this, and the control program stored in the storage medium storing the program showing these procedures is not limited to this. Alternatively, the program may be read into the RAM and executed.

Here, the storage medium is a semiconductor storage medium such as RAM or ROM, a magnetic storage type storage medium such as FD or HD, an optical reading type storage medium such as CD, CDV, LD or DVD, or MO. The magnetic storage type / optical reading type storage medium includes any storage medium as long as it is a computer-readable storage medium regardless of a reading method such as electronic, magnetic, or optical.

In the first, second and third embodiments, the encrypted communication system, the communication management terminal, the communication terminal and the program for the terminal, and the encrypted communication method according to the present invention are provided on the Internet 199. However, the present invention is not limited to this and may be applied to, for example, a so-called intranet that communicates by the same method as the Internet 199. Of course, the present invention can be applied to not only a network that communicates in the same manner as the Internet 199 but also a normal network.

Further, in the first embodiment described above,
An encrypted communication system, a communication management terminal, a communication terminal and a terminal program, and an encrypted communication method according to the present invention,
As shown in FIG. 1, using the NPSP server 100,
The present invention is applied to the case where the NPSP-compatible client performs remote printing with the NPSP-compatible printer, but the present invention is not limited to this and can be applied to other cases without departing from the gist of the present invention.

In addition, in the second embodiment described above,
An encrypted communication system, a communication management terminal, a communication terminal and a terminal program, and an encrypted communication method according to the present invention,
As shown in FIG. 9, using the NPSP server 100,
The present invention has been applied to the case where the NPSP non-compliant client performs remote printing with the NPSP non-compliant printer, but the present invention is not limited to this and can be applied to other cases without departing from the spirit of the present invention.

In addition, in the third embodiment described above,
An encrypted communication system, a communication management terminal, a communication terminal and a terminal program, and an encrypted communication method according to the present invention,
The present invention has been applied to the case where the NPSP server 100 uses the NPSP non-compliant client to perform remote printing with the NPSP compliant printer. However, the present invention is not limited to this and can be applied to other cases without departing from the gist of the present invention. .

[0261]

As described above, according to the encrypted communication system of claims 1 to 13 of the present invention,
Since encrypted communication can be performed between the communication terminal and the second communication terminal, it is possible to reduce the possibility that communication data will be known to a third party due to eavesdropping, leakage, or the like. Also, since the encryption key is delivered through the encryption control connection,
It is possible to reduce the possibility that the encryption key will be known to a third party due to eavesdropping or leakage. Therefore, compared to the conventional
The effect of being able to protect the confidentiality of communication data when performing remote processing is obtained. Furthermore, the first
Since communication between the communication terminal and the second communication terminal is mediated by the communication management terminal, encryption is performed even in a network environment in which a representative address is commonly assigned to the first communication terminal or the second communication terminal. The effect that communication can be realized relatively easily is also obtained.

Further, according to the encrypted communication system of the second or third aspect of the present invention, the first communication terminal selects the communication target from the second communication terminals under the control of the communication management terminal. The effect that can be obtained is also obtained. Further, according to the encrypted communication system according to claim 4 or 5 of the present invention, even in a network environment in which representative addresses are exclusively assigned to the first communication terminal and the second communication terminal, the encrypted communication is performed. It is also possible to obtain the effect that can be realized relatively easily.

Further, according to the encrypted communication system of the sixth or seventh aspect of the present invention, a network in which the representative address is exclusively assigned to the first communication terminal and the representative address is commonly assigned to the second communication terminal. Even in the environment, the effect that the encrypted communication can be realized relatively easily can be obtained. Further, according to the encrypted communication system of claim 7 of the present invention, even in a network environment in which the representative address is exclusively assigned to the first communication terminal and the representative address is commonly assigned to the second communication terminal. The effect that the encrypted data connection can be established by the active action from the first communication terminal is also obtained.

Further, according to the encrypted communication system of the eighth or ninth aspect of the present invention, a network in which the representative address is shared by the first communication terminal and the representative address is exclusively allocated by the second communication terminal. Even in the environment, the effect that the encrypted communication can be realized relatively easily can be obtained. Furthermore, claim 10 or 11 according to the present invention
According to the described encrypted communication system, encrypted communication can be realized relatively easily even in a network environment in which representative addresses are shared and assigned to the first communication terminal and the second communication terminal. The effect is also obtained.

Further, according to the encrypted communication system of the twelfth aspect of the present invention, it is possible to obtain an effect that the confidentiality of the print data can be protected when performing remote printing, as compared with the conventional case. Further, according to the encrypted communication system of the thirteenth aspect of the present invention, it is possible to obtain an effect that the confidentiality of print data can be protected when performing remote printing, as compared with the related art. Further, since it is not necessary to mount a special protocol for establishing the encrypted data connection on the printing terminal, it is possible to use the existing printing terminal relatively easily.

Furthermore, according to the encrypted communication system of the fourteenth aspect of the present invention, since encrypted communication can be performed between the first communication terminal and the printing terminal, the print data can be stolen or leaked. Can be less likely to be known to a third party. Further, since the encryption key is delivered through the encryption control connection, it is possible to reduce the possibility that the encryption key will be known to a third party due to eavesdropping or leakage.
Therefore, as compared with the related art, it is possible to protect the confidentiality of the print data when performing remote printing. Furthermore, since it is not necessary to mount a special protocol for establishing the encrypted data connection on the first communication terminal, it is possible to use the existing first communication terminal relatively easily.

Furthermore, according to the encrypted communication system of the fifteenth aspect of the present invention, since encrypted communication can be performed between the communication management terminal and the proxy terminal, the print data cannot be transmitted due to eavesdropping or leakage. It is possible to reduce the possibility of being known to a third party. Further, since the encryption key is delivered through the encryption control connection, it is possible to reduce the possibility that the encryption key will be known to a third party due to eavesdropping or leakage.
Therefore, as compared with the related art, it is possible to protect the confidentiality of the print data when performing remote printing. Further, since it is not necessary to mount a special protocol for establishing the encrypted data connection on the printing terminal and the first communication terminal, the existing printing terminal and the first communication terminal can be used relatively easily. The effect is also obtained.

On the other hand, according to the communication management terminal of the sixteenth aspect of the present invention, the same effect as that of the encrypted communication system of the second aspect can be obtained. On the other hand, claim 1 according to the present invention
According to the communication terminal of item 7, the same effect as that of the encrypted communication system of item 5 can be obtained. Further, according to the communication terminal of the eighteenth aspect of the present invention, an effect equivalent to that of the encrypted communication system of the fifth aspect can be obtained.

Further, according to the communication terminal of claim 19 of the present invention, the same effect as that of the encrypted communication system of claim 7 can be obtained. Further, claim 2 according to the present invention
According to the communication terminal described in 0, the same effect as the encrypted communication system described in claim 7 can be obtained. Further, according to the communication terminal of claim 21 of the present invention, the same effect as that of the encrypted communication system of claim 11 can be obtained.

Further, according to the communication terminal of claim 22 of the present invention, the same effect as that of the encrypted communication system of claim 11 can be obtained. On the other hand, claim 2 according to the present invention
According to the terminal program of item 3, the same effect as that of the communication management terminal of item 16 can be obtained. Further, according to the terminal program of the twenty-fourth aspect of the present invention, an effect equivalent to that of the communication terminal of the seventeenth aspect can be obtained.

Further, according to the terminal program of the twenty-fifth aspect of the present invention, an effect equivalent to that of the communication terminal of the eighteenth aspect can be obtained. Further, claim 2 according to the present invention
According to the terminal program of item 6, the same effect as that of the communication terminal of item 19 can be obtained. Further, according to the terminal program of claim 27 of the present invention, an effect equivalent to that of the communication terminal of claim 20 can be obtained.

Further, according to the terminal program of the twenty-eighth aspect of the present invention, an effect equivalent to that of the communication terminal of the twenty-first aspect can be obtained. Further, claim 2 according to the present invention
According to the terminal program of Item 9, the same effect as that of the communication terminal of Item 22 can be obtained. On the other hand, according to the encrypted communication method of the thirtieth aspect of the present invention, the same effect as that of the encrypted communication system of the first aspect can be obtained.

[Brief description of drawings]

FIG. 1 is a diagram showing a configuration of a network system to which the present invention is applied.

FIG. 2 shows NPSP compatible clients 202, 206,
It is a flowchart which shows the process which 224 performs.

FIG. 3 is a flowchart showing processing executed by the NPSP server 100.

FIG. 4 is an NPSP compatible printer 242, 246, 26.
4 is a flowchart showing a process executed by No. 4.

FIG. 5 is a diagram showing a communication procedure when the network environment is the first mode.

FIG. 6 is a diagram showing a communication procedure when the network environment is the second mode.

FIG. 7 is a diagram showing a communication procedure when the network environment is the third mode.

FIG. 8 is a diagram showing a communication procedure when the network environment is the fourth mode.

FIG. 9 is a diagram showing a configuration of a network system to which the present invention is applied.

FIG. 10 is a flowchart showing processing executed by a client proxy.

FIG. 11 is a flowchart showing processing executed by a printer proxy.

FIG. 12 is a diagram showing a communication procedure when the network environment is the first mode.

FIG. 13 is a flowchart showing processing executed by the NPSP server 100.

[Explanation of symbols]

100 NPSP server 110 Network connection service unit 112 Cryptographic key generation unit 114 User authentication information management unit 116 User authentication unit 118 User connection management unit 120 User group management unit 122 Session proxy unit 150 Network print service unit 152 Print management unit 154 Print history management 156 Proxy plug-in unit 158 User profile management unit 200, 220, 240, 260 Network 204, 244 NAT device 222, 244 NAT / PAT device 202, 206, 224 NPSP compatible client 203, 207, 225 NPSP non-compatible client 242 246,264 NPSP compatible printers 243,247,265 NPSP non-compatible printers

Claims (30)

[Claims] 1. A first communication terminal and a second communication terminal are communicably connected to a communication management terminal, and an encrypted connection is mediated by the communication management terminal between the first communication terminal and the second communication terminal. A system for establishing data communication between the first communication terminal and the second communication terminal through an encrypted connection between the first communication terminal and the communication management terminal, and the second communication. An encryption control connection, which is a control connection for encrypted communication, is established between the terminal and the communication management terminal, and the communication management terminal connects the first communication terminal and the first communication terminal through the established encryption control connection. Two
An encryption key is delivered to a communication terminal, and the first communication terminal and the second communication terminal use the delivered encryption key to perform encrypted communication between the first communication terminal and the second communication terminal. An encrypted communication system characterized in that an encrypted data connection, which is a possible connection for data communication, is established and data communication is performed through the established encrypted data connection. 2. The communication system according to claim 1, wherein a plurality of the second communication terminals are communicatively connected to the communication management terminal, and the communication management terminal receives a connection establishment request from the first communication terminal. , Selecting a second communication terminal related to the connection establishment request from the plurality of second communication terminals, and transmitting the encryption key to the selected second communication terminal and the first communication terminal through the encryption control connection An encrypted communication system characterized by the following. 3. The communication management terminal according to claim 2, further comprising terminal information storage means for registering terminal information about the second communication terminal for each of the second communication terminals, and the terminal information storage means. When the second communication terminal specified by the terminal information is presented to the first communication terminal and the connection establishment request from the first communication terminal is received, the second communication terminal is specified by the terminal information of the terminal information storage means. From among the second communication terminals that have established the encrypted control connection, the second communication terminal relating to the connection establishment request is selected, and the selected second communication terminal and the first communication terminal are encrypted. An encrypted communication system, wherein the encryption key is transmitted through a control connection. 4. The first communication terminal according to claim 1, wherein the first communication terminal and the second communication terminal are communicably connected, and the second communication terminal can be used as the first communication terminal. A representative address that can be used by the first communication terminal is exclusively assigned to the second communication terminal, and the first communication terminal and the second communication terminal are The encryption between the first communication terminal and the second communication terminal without going through the communication management terminal, or between the first communication terminal and the second communication terminal through the communication management terminal An encrypted communication system, characterized in that the encrypted data connection is established using a key. 5. The connection establishment request according to claim 4, wherein one of the first communication terminal and the second communication terminal requests the other communication terminal of the first communication terminal and the second communication terminal to establish a connection. And the connection establishment response from the other communication terminal is received by transmitting the request, data communication using the encryption key is started between the first communication terminal and the second communication terminal. The other communication terminal, when receiving the connection establishment request from the one communication terminal, transmits a connection establishment response to the one communication terminal, and the first communication terminal and the An encrypted communication system, wherein data communication using the encryption key is started with a second communication terminal. 6. The first communication terminal according to claim 1, wherein the first communication terminal and the second communication terminal are communicably connected, and the second communication terminal can be used as the first communication terminal. A representative address is exclusively assigned, and the second communication terminal is assigned a representative address that can be used by the first communication terminal in common with another terminal. Two communication terminals are between the first communication terminal and the second communication terminal without going through the communication management terminal, or between the first communication terminal and the second communication terminal through the communication management terminal. The encrypted communication system is characterized in that the encrypted data connection is established by using the encryption key. 7. The connection according to claim 6, wherein the first communication terminal transmits a reverse connection establishment request to which a connection establishment request should be transmitted to the communication management terminal, and the transmission of the request causes connection from the second communication terminal. When the establishment request is received, a connection establishment response is transmitted to the second communication terminal, and data communication using the encryption key is started between the first communication terminal and the second communication terminal. When the communication management terminal receives a reverse connection establishment request from the first communication terminal, it sends the reverse connection establishment request to the second communication terminal through the encryption control connection. And the second communication terminal establishes a reverse connection from the communication management terminal through the encrypted control connection. When a request is received, a connection establishment request is transmitted to the first communication terminal, and when a connection establishment response from the first communication terminal is received by the transmission of the request,
An encrypted communication system, wherein data communication using the encryption key is started between the first communication terminal and the second communication terminal. 8. The first communication terminal according to claim 1, wherein the first communication terminal and the second communication terminal are communicably connected, and the second communication terminal can be used as the first communication terminal. Representative address is shared with other terminals, a representative address that can be used by the first communication terminal is exclusively allocated to the second communication terminal, and the first communication terminal and the first communication terminal Two communication terminals are between the first communication terminal and the second communication terminal without going through the communication management terminal, or between the first communication terminal and the second communication terminal through the communication management terminal. The encrypted communication system is characterized in that the encrypted data connection is established by using the encryption key. 9. The method according to claim 8, wherein the first communication terminal issues a connection establishment request to the second communication terminal.
Data communication using the encryption key between the first communication terminal and the second communication terminal when the connection establishment response is received from the second communication terminal by transmitting the request to the communication terminal. When the second communication terminal receives the connection establishment request from the first communication terminal, the second communication terminal transmits a connection establishment response to the first communication terminal, and the first communication terminal A data communication using the encryption key is started between the second communication terminal and the second communication terminal. 10. The first communication terminal according to claim 1, wherein the first communication terminal and the second communication terminal are communicably connected, and the second communication terminal can be used as the first communication terminal. Representative address is shared with another terminal, and the second communication terminal is commonly assigned with a representative address that can be used by the first communication terminal. The terminal and the second communication terminal are adapted to establish the encrypted data connection using the encryption key between the first communication terminal and the second communication terminal via the communication management terminal. An encrypted communication system characterized in that 11. The communication system according to claim 10, wherein the first communication terminal transmits a connection establishment request to the communication management terminal, and when the connection establishment response is received from the communication management terminal by the transmission of the request, Data communication using the encryption key is started between the first communication terminal and the second communication terminal via a communication management terminal, and the second communication terminal issues a connection establishment request to the connection establishment request. When a connection establishment response from the communication management terminal is received by transmitting the request to the communication management terminal, the connection between the first communication terminal and the second communication terminal is transmitted via the communication management terminal. Data communication using an encryption key is started, and the communication management terminal receives a connection establishment request from the first communication terminal and the second communication terminal. When
A connection establishment response is transmitted to the first communication terminal and the second communication terminal, and the encryption key is used between the first communication terminal and the terminal and between the second communication terminal and the terminal. An encrypted communication system, characterized in that it starts to mediate data communication. 12. The first communication terminal according to claim 1, wherein the second communication terminal is a printing terminal that performs printing based on print data, and the first communication terminal and the printing terminal are the encrypted data. An encrypted communication system characterized in that print data is transmitted and received through a connection. 13. The first communication terminal according to claim 1, wherein the second communication terminal is a proxy terminal that acts as a proxy for communication of a printing terminal that performs printing based on print data. The print data is transmitted to the proxy terminal through the encrypted data connection, and when the proxy terminal receives the print data from the first communication terminal through the encrypted data connection, the received print data Is transmitted to the printing terminal. 14. A first communication terminal and a second communication terminal are communicatively connected to a communication management terminal, and an encrypted connection is mediated by the communication management terminal between the first communication terminal and the second communication terminal. And is established by the first communication terminal and the second communication terminal.
A system for performing data communication with a communication terminal through an encrypted connection, wherein encrypted communication is performed between the first communication terminal and the communication management terminal and between the second communication terminal and the communication management terminal. An encrypted control connection which is a possible control connection is established, and an encryption key is delivered from the communication management terminal to the second communication terminal through the established encryption control connection, and the communication management terminal and the second communication terminal Uses the encryption key to establish an encrypted data connection, which is a connection for data communication capable of encrypted communication, between the communication management terminal and the second communication terminal, The second communication terminal is a printing terminal that performs printing based on print data, and the communication management terminal is the first communication through the encryption control connection. An encrypted communication system, characterized in that, when print data is received from a terminal, the received print data is transmitted to the print terminal through the encrypted data connection. 15. The first communication terminal and the second communication terminal are communicatively connected to a communication management terminal, and an encrypted connection is mediated between the first communication terminal and the second communication terminal through the communication management terminal. And is established by the first communication terminal and the second communication terminal.
A system for performing data communication with a communication terminal through an encrypted connection, wherein encrypted communication is performed between the first communication terminal and the communication management terminal and between the second communication terminal and the communication management terminal. An encrypted control connection which is a possible control connection is established, and an encryption key is delivered from the communication management terminal to the second communication terminal through the established encryption control connection, and the communication management terminal and the second communication terminal Using an encryption key between the communication management terminal and the second communication terminal,
An encrypted data connection, which is a connection for data communication capable of encrypted communication, is established, and the second communication terminal is a proxy terminal that acts as a proxy for communication of a print terminal that performs printing based on print data. Yes, the communication management terminal, when receiving the print data from the first communication terminal through the encryption control connection, transmits the received print data to the proxy terminal through the encrypted data connection. When the proxy terminal receives print data from the communication management terminal through the encrypted data connection, the proxy terminal transmits the received print data to the print terminal. Communications system. 16. A communication management terminal communicably connected to the first communication terminal and the second communication terminal in the encrypted communication system according to claim 2, wherein a connection establishment request from the first communication terminal is received. In this case, the second communication terminal relating to the connection establishment request is selected from the plurality of second communication terminals, and the encryption key is supplied to the selected second communication terminal and the first communication terminal through the encryption control connection. A communication management terminal characterized by being adapted to transmit. 17. A first communication terminal communicatively connected to a second communication terminal in the encrypted communication system according to claim 5, which transmits a connection establishment request to the second communication terminal and transmits the request. When the connection establishment response is received from the second communication terminal, the data communication using the encryption key is started between the terminal and the second communication terminal. Communication terminal. 18. A second communication terminal communicatively connected to the first communication terminal in the encrypted communication system according to claim 5, wherein a connection is established when a connection establishment request is received from the first communication terminal. A communication terminal configured to transmit an establishment response to the first communication terminal and start data communication using the encryption key between the first communication terminal and the terminal. 19. A first communication terminal communicatively connected to a second communication terminal in the encrypted communication system according to claim 7, wherein the reverse connection establishment request is transmitted to the communication management terminal, and the request is transmitted. When a connection establishment request from the second communication terminal is received by transmission, a connection establishment response is sent to the second communication terminal, and data using the encryption key is sent between the terminal and the second communication terminal. A communication terminal, which is adapted to start communication. 20. A second communication terminal communicably connected to the first communication terminal in the encrypted communication system according to claim 7, wherein a reverse connection establishment request from the communication management terminal is sent through the encrypted control connection. When received, a connection establishment request is transmitted to the first communication terminal, and when a connection establishment response from the first communication terminal is received by the transmission of the request, between the first communication terminal and the terminal. The communication terminal is configured to start data communication using the encryption key. 21. A first communication terminal communicatively connected to a second communication terminal in the encrypted communication system according to claim 11, wherein a connection establishment request is transmitted to the communication management terminal, and the request is transmitted. When a connection establishment response is received from the communication management terminal, data communication using the encryption key is started between the terminal and the second communication terminal via the communication management terminal. A communication terminal characterized by the above. 22. A second communication terminal communicably connected to the first communication terminal in the encrypted communication system according to claim 11, wherein a connection establishment request is transmitted to the communication management terminal, and the request is transmitted. When a connection establishment response is received from the communication management terminal, data communication using the encryption key is started between the first communication terminal and the terminal via the communication management terminal. A communication terminal characterized by the above. 23. A program to be executed by the communication management terminal according to claim 16, which comprises a computer, wherein when the connection establishment request is received from the first communication terminal, the plurality of second communication terminals It is a program for selecting the second communication terminal relating to the connection establishment request from among them and causing the selected second communication terminal and the first communication terminal to execute the process of transmitting the encryption key through the encryption control connection. A terminal program characterized by the above. 24. A program to be executed by the communication terminal according to claim 17, which comprises a computer, wherein a connection establishment request is transmitted to the second communication terminal, and the request is transmitted from the second communication terminal. A terminal program, which is a program for executing processing for starting data communication using the encryption key between the terminal and the second communication terminal when a connection establishment response is received. 25. A program to be executed by the communication terminal according to claim 18, which comprises a computer, wherein when a connection establishment request is received from the first communication terminal, a connection establishment response is sent to the first communication terminal. And a program for executing a process of starting data communication using the encryption key between the first communication terminal and the terminal. 26. A program to be executed by a communication terminal according to claim 19, which comprises a computer, the reverse connection establishment request being transmitted to the communication management terminal, and the second communication terminal transmitting the request. When the connection establishment request is received, a connection establishment response is transmitted to the second communication terminal, and processing for starting data communication using the encryption key is executed between the terminal and the second communication terminal. A program for a terminal, which is a program for 27. A program to be executed by a communication terminal according to claim 20, which comprises a computer, wherein a connection establishment request is received when a reverse connection establishment request is received from the communication management terminal through the encrypted control connection. To the first communication terminal, and when the connection establishment response from the first communication terminal is received by the transmission of the request, the data using the encryption key is transmitted between the first communication terminal and the terminal. A terminal program, which is a program for executing processing for starting communication. 28. A program to be executed by the communication terminal according to claim 21, which comprises a computer, wherein a connection establishment request is transmitted to the communication management terminal, and the connection is established from the communication management terminal by transmitting the request. When a response is received, the program is a program for executing processing for starting data communication using the encryption key between the terminal and the second communication terminal via the communication management terminal. The program for the terminal to do. 29. A program to be executed by the communication terminal according to claim 22, which comprises a computer, wherein a connection establishment request is transmitted to the communication management terminal, and the connection is established from the communication management terminal by transmitting the request. When a response is received, the program is a program for executing processing for starting data communication using the encryption key between the first communication terminal and the terminal via the communication management terminal. The program for the terminal to do. 30. A first communication terminal and a second communication terminal are communicatively connected to a communication management terminal, and an encrypted connection is provided between the first communication terminal and the second communication terminal through the communication management terminal. And is established by the first communication terminal and the second communication terminal.
A method for performing data communication with a communication terminal through an encrypted connection, wherein encrypted communication is performed between the first communication terminal and the communication management terminal and between the second communication terminal and the communication management terminal. An encrypted control connection, which is a possible control connection, is established, and the first communication terminal and the second communication terminal are connected from the communication management terminal through the established encrypted control connection.
The encryption key is delivered to the communication terminal, and the delivered encryption key is used to send the first communication terminal and the second communication terminal.
Establish an encrypted data connection, which is a connection for encrypted data communication, with a communication terminal,
An encrypted communication method characterized by performing data communication through an established encrypted data connection.