JP2004118709A - Printing method by print system, print system, server computer, authenticating method with print system, computer program, and storage medium readable with computer - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce the updating and registering operations, for example registering a user authentication file in a plurality of printing devices, and secure a sufficient security to the user authentication information flowing on a network. <P>SOLUTION: One or more printing devices 150 for printing the given job are connected with a job server 130 through a network 170, wherein the job server 130 executes such processes as producing an public/private key for enciphering and deciphering the user authentication information, receiving the user identification information and the user authentication information enciphered by the public key from the printing device(s) 150, deciphering by the private key the user authentication information enciphered by the public key, authenticating the user identification information and the user authentication information using the user authenticating file in which their correspondence is described, and deleting the public key or private key produced. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention provides a printing method using a printing system in which at least one or more printing apparatuses that execute and print a print job and server computers such as a job server that manages the print job and an authentication server that performs authentication are connected via a network. The present invention relates to a printing system, a server computer, an authentication method in a printing system, a computer program, and a computer-readable storage medium.
[0002]
[Prior art]
In today's offices and homes, a network environment is established, and it is possible to perform a printing process by transmitting a print job to a printing device located at a remote location via a network. Since printing in such an environment takes time until the printed matter output from the printing is obtained, there is a possibility that an unintended third party can view the printed matter.
[0003]
Therefore, in a printing system in which a data processing device and a printing device are connected via a network, the printing device has a user authentication file that describes the correspondence between user identification information and user authentication information, and an authorized user identifies the user to the printing device. There has been invented a printing system that outputs for the first time when information and user authentication information are input.
[0004]
User identification information refers to information assigned to each user in order to distinguish one user from another, such as an employee number, student ID number, user name, and the like. User authentication information can only be known by the user himself, such as a password. This information is information that is difficult to forge by other users, such as information that is not present, voiceprint features, and fingerprint features, and that is used to authenticate whether the user is who he claims to be.
[0005]
Also, in a printing system in which a data processing device, a job server, and a printing device are connected via a network, when a printing request is issued from the printing device to the job server, user identification information and user authentication information are input to the printing device. There has also been invented a printing system in which a job server performs an authentication process and transfers a print job when the job server determines that the print instruction is from a legitimate user.
[0006]
For example, Japanese Patent Application Laid-Open No. 2000-35869 discloses a method of inputting a user number and a method of specifying a user number by a memory card storing the user number. Furthermore, in order to confirm whether the input user identification information is the identity of the user, information that can only be known by the user, such as a password, or information that can identify an individual, such as a fingerprint or a fundus retina, can be input to prevent unauthorized use. Has been stated.
[0007]
A method has been invented in which biometric information is used as user authentication information in addition to a password. For example, in Japanese Patent Application Laid-Open No. 2001-51915, fingerprint information is added to a print job from a data processing device and transmitted to a print server, and when the fingerprint information matches the fingerprint information input from the printing device, the print job is transferred to the printing device. And how to start printing.
[0008]
When TCP / IP communication using Ethernet (R), which is widely used in offices and homes, is performed today, data is transmitted to all hosts connected on the same network regardless of the destination.
[0009]
Normally, the network interface of each host is set to discard packets other than the one addressed to the host at the data link layer, but if the network interface is set to the promiscuous mode, only the packet addressed to the host is Instead, all packets can be caught on the local segment, and data flowing on the network can be intercepted.
[0010]
Therefore, when exchanging important information such as user authentication information via a network, its security is an important issue.
[0011]
The public key cryptosystem is a cryptosystem developed by Diffie and Hellman in 1976, and is characterized in that an encryption key and a decryption key are different. The encryption key is made public and the decryption key is kept secret. The sender who sends a message to the creator of the public key and the secret key creates and transmits a cipher text using the public key. A one-way function that can generate a secret key from a public key, but not vice versa, maintains the strength of the encryption, so even if the cryptanalyst knows the public key, it takes a huge amount of computation to decrypt it And it is difficult to decipher.
[0012]
[Problems to be solved by the invention]
However, in a printing system in which a plurality of printing apparatuses are connected to a network and each of the printing apparatuses performs user authentication, each of the printing apparatuses must hold a user authentication file. For example, it is conceivable that a user who uses a printing device is added or deleted, or the user authentication information is changed. However, each time a change occurs in the user authentication file, maintenance of the user authentication file of each of the plurality of printing devices is performed. There must be.
[0013]
In a printing system in which a job server and a plurality of printing apparatuses are connected to a network, when the job server holds a user authentication file, the work of registering the user authentication file in the plurality of printing apparatuses does not occur. It is necessary to exchange user authentication information input from the apparatus through a network and to ensure security when the job server performs user authentication. If the user authentication information is passed on the network as it is, there is a possibility that the printing device outputs the user authentication information by being intercepted by a third party and impersonating a legitimate user. Also, if the user authentication information is encrypted with the same key each time and transmitted over the network, a third party who has intercepted the encrypted user authentication information transmits the intercepted encrypted user authentication information again over the network. By transmitting, there is a possibility that the output can be illegally performed.
[0014]
The present invention has been made in view of the above points, and reduces update / registration work such as registering a user authentication file in a plurality of printing apparatuses and provides sufficient security for user authentication information flowing on a network. The purpose is to ensure.
[0015]
[Means for Solving the Problems]
According to the printing method of the printing system of the present invention, at least one or more printing apparatuses that execute and print a print job and a job server that manages the print job are connected via a network, and the printing apparatus receives a print instruction from the printing apparatus. A printing method by a printing system for transferring a print job stored in the job server to a printing device that has issued the print instruction and performing print processing, wherein the print job in which user identification information is added to the job server And a process of registering a user authentication file describing the correspondence between user identification information and user authentication information, and a process of generating a public key / private key for each user identification information. Processing for inputting user identification information; processing for encrypting the input user authentication information using the public key; Transmitting the user authentication information encrypted with the public key to the job server. The job server provides the user authentication information encrypted with the public key with a key for searching for user identification information. Searching for a private key corresponding to the public key, decrypting the private key with the corresponding private key, authenticating the user identification information and the decrypted user authentication information using the user authentication file, Transmitting the print job list of the user to the printing apparatus according to the authentication result, and selecting the print job to be subjected to the print processing from the print job list transmitted from the job server to the printing apparatus. And causing the job server to execute a process of transmitting a print job corresponding to a print request from the printing device to the printing device. Receiving the print job transmitted from the job server, and causing the printing device to execute a process of printing, and causing the job server to delete a public key and a secret key in accordance with success or failure of the authentication. The feature is that it is executed.
[0016]
Further, the printing system of the present invention is configured such that at least one or more printing apparatuses that print a print job and a job server that manages the print job are connected via a network, and the job server A print system that transfers a print job stored in a print device to the printing device that has issued the print instruction and performs print processing, wherein the job server stores the print job to which user identification information is added; Means for registering a user authentication file describing the correspondence between user identification information and user authentication information, key generation means for generating a public key / private key for each user identification information, and user authentication encrypted with the public key Decoding means for searching for a secret key corresponding to the public key using the user identification information as a search key, and decoding the information with the secret key; An authentication unit for authenticating the user identification information and the decrypted user authentication information using the user authentication file; a unit for transmitting a print job list of a corresponding user to the printing apparatus according to the authentication result; Means for transmitting a print job corresponding to a print request from the apparatus to the printing apparatus, and means for deleting a public key and a secret key according to success or failure of the authentication by the authentication means, wherein the printing apparatus has a user identification Means for inputting information, encryption means for encrypting the input user authentication information with the public key, and transmission for transmitting the user identification information and the user authentication information encrypted with the public key to the job server Means, selecting means for selecting a print job to be subjected to print processing from a print job list transmitted from the job server, and transmission from the job server Is a means for receiving a print job has been, characterized in that it has a printing unit.
[0017]
According to another printing method of the present invention, a data processing apparatus, at least one or more printing apparatuses that execute and print a print job, and a job server that manages the print job are connected via a network. A print device that stores a print job to which the user identification information sent from the data processing device is added and stores the print job stored in the job server in response to a print instruction from the print device; A printing method for transferring a print job to the job server, wherein the job server stores a user authentication file and a print job to which a user identification information is added. A process for determining whether a print job to which is added a is already stored, and a public key and a secret , A process of storing the public key and the secret key, a process of inputting user identification information and user authentication information to the printing device, and a process of inputting the public key generated by the job server. Executing an encryption process for encrypting user authentication information, and a process of transferring the input user identification information and the encrypted user authentication information to the job server. A process of decrypting the user authentication information encrypted by the secret key, a process of comparing the user identification information with the user authentication information by using the user authentication file, and according to a result of the comparison, Executing the process of transferring the stored print job, and causing the printing device to execute an output process of the transferred print job. A has a feature in that to execute a process of erasing the public key and the private key to which the user identification information that is the storage is the storage and print jobs that have been added.
[0018]
In another printing system of the present invention, a data processing device, at least one or more printing devices for printing a print job, and a job server for managing a print job are connected via a network, The job server stores the print job added with the user identification information sent from the printer, and transfers the print job stored in the job server to the printing device that issued the print instruction in accordance with the print instruction from the printing device. A printing system for performing a printing process, wherein the job server includes a first storage unit that stores a user authentication file; and a second storage unit that stores a print job to which user identification information is added. Determining means for determining whether the print job to which the identification information has been added is already stored; and, according to the determining means, a public key and a secret key. Key generating means for generating the public key and the private key, a third storing means for storing the public key and the private key, a decrypting means for decrypting the user authentication information encrypted by the public key with the private key, A collating unit for collating the user identification information with the user authentication information by using the user authentication file, and a first unit for transferring a print job stored in the second storage unit according to a result of the collation. A transfer unit, a print job to which the user identification information stored in the second storage unit is added, and an erasing unit that erases the public key and the secret key stored in the third storage unit. Input means for inputting user identification information and user authentication information, encryption means for encrypting user authentication information with a public key generated by the generation means, and A second transfer unit that transfers the user identification information input by the step and the user authentication information encrypted by the encryption unit to the job server; and a transfer unit that transfers the print job transferred by the first transfer unit. It is characterized in that it has output means for performing output processing.
[0019]
A printing method according to another printing system of the present invention is a printing method using a printing system in which at least one or more printing apparatuses that print a print job and an authentication server that performs authentication are connected via a network. Causing the authentication server to execute a process of generating a public key and a secret key, inputting user identification information and user authentication information to the printing device, and encrypting the user authentication information with a public key issued by the authentication server. And transmitting the user identification information and the encrypted user authentication information to the authentication server. The authentication server sends the user identification information transmitted from the printing device and the encrypted user authentication to the authentication server. Receiving information, decrypting the encrypted user authentication information with the secret key, and identifying the user identification information and the decryption. Authenticating using the user authentication file whether or not the obtained user authentication information corresponds, and transmitting the result of the authentication to the printing apparatus, and causing the printing apparatus to perform authentication by the authentication server. A process of displaying a list of print jobs corresponding to the user identification information according to the success or failure of the process, a process of selecting a print job, and a print process, and the authentication server causes the authentication server to execute the public key and the secret key. It is characterized in that a process of deleting is executed.
[0020]
Another printing system of the present invention is a printing system in which at least one or more printing devices that print a print job and an authentication server that performs authentication are connected via a network, wherein the printing device includes: Means for inputting user identification information and user authentication information, encryption means for encrypting the user authentication information with a public key issued by the authentication server, and transmitting the user identification information and the encrypted user authentication information Transmitting means, a display means for displaying a list of print jobs corresponding to the user identification information according to the success or failure of the authentication by the authentication server, a selecting means for selecting a print job, and a print processing means, The authentication server generates a public key and a secret key, and generates the user identification information and the encrypted user authentication information transmitted from the printing apparatus. Receiving means for receiving, the decrypting means for decrypting the encrypted user authentication information with the secret key, and user authentication for determining whether the user identification information and the decrypted user authentication information correspond to each other. It is characterized in that it comprises authentication means for authenticating using a file, transmission means for transmitting the result of the authentication to the printing device, and deletion means for deleting the public key and the secret key.
[0021]
A server computer according to the present invention is a server computer used in a printing system in which at least one or more printing apparatuses for printing a print job are connected to a network, and a public key for encrypting and decrypting user authentication information. Generating means for generating a secret key, receiving means for receiving user identification information and user authentication information encrypted by the public key from the printing apparatus, and generating user authentication information encrypted by the public key. Decryption means for decrypting with the secret key, authentication means for authenticating the user identification information and the decrypted user authentication information using a user authentication file describing the correspondence, and generation means for the generation means And a deletion means for deleting the public key / private key.
[0022]
An authentication method in a printing system according to the present invention is an authentication method in a printing system in which at least one or more printing apparatuses that print a print job are connected to a network, and is used for encrypting and decrypting user authentication information. A generating procedure for generating a key / private key, a receiving procedure for receiving user identification information and user authentication information encrypted by the public key from the printing apparatus, and a user authentication information encrypted by the public key Using the secret key, an authentication procedure for authenticating the user identification information and the decrypted user authentication information using a user authentication file describing the correspondence thereof, and And a deletion procedure for deleting a public key and a secret key.
[0023]
A computer program according to the present invention is a computer program for causing a computer used in a printing system connected to a network to execute at least one or more printing apparatuses for printing a print job, and encrypts and decrypts user authentication information. Generation processing for generating a public key / private key for encryption, reception processing for receiving from the printing apparatus user identification information and user authentication information encrypted with the public key, and encryption processing with the public key. A decryption process of decrypting the user authentication information that has been performed by the secret key, and an authentication process of performing authentication using the user authentication file that describes the correspondence between the user identification information and the decrypted user authentication information. And a deletion process for deleting the generated public key / private key.
[0024]
A computer-readable storage medium of the present invention is characterized in that the above-described computer program of the present invention is stored.
[0025]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of a printing method, a printing system, a server computer, an authentication method in a printing system, a computer program, and a computer-readable storage medium according to the present invention will be described with reference to the drawings.
[0026]
[First Embodiment]
The first embodiment is characterized in that a public key and a secret key are always generated for all users registered in a user authentication file. As a result, there is an effect that when a public key is required, generation time is not required. The public key / private key is generated by transmitting a job list for which a print request has been made, deleting the public key / private key, and immediately generating a new public key / private key.
[0027]
(Configuration of printing system)
FIG. 1 is a diagram showing a configuration of a printing system according to a first embodiment of the present invention. As shown in the figure, the printing system includes data processing devices 110, 121, 122,... Which perform data processing such as document creation and image creation, and printing devices 150, 161, 162 which execute and print a print job. ,... And a job server 130 that manages print jobs, and are each connected to a network 170 such as a LAN (local information communication network).
[0028]
Further, a user authentication information input device 180 is connected to the printing device 150. The user authentication information input device 180 is a device for inputting a fingerprint or a voiceprint, extracting a characteristic amount thereof, and transmitting the extracted characteristic amount to the printing device 150.
[0029]
The data processing device 110 includes a CPU 111 for controlling its operation, a RAM (random access memory) 113 for storing programs and data to be referred to when the CPU 111 executes, and a ROM for storing predetermined programs to be executed by the CPU 111. (Read only memory) 112, a hard disk 117 as auxiliary storage means, an input unit 115 including a keyboard and a mouse, a display unit 116 such as a display, and a network interface 114 for communicating via a network 170. Have.
[0030]
The job server 130 also has a configuration similar to that of the data processing device 110, and includes a CPU 131 for controlling the entire operation thereof, a ROM 132 for storing programs and data, a RAM 133, a hard disk 137, and the like. The user authentication file describing the correspondence between the user identification information and the user authentication information is stored in the ROM 132 or the hard disk 137. The print job to which the user identification information has been added is stored in the RAM 133 or the hard disk 137. A set of a public key and a secret key corresponding to the user identification information is stored in the RAM 133 or the hard disk 137.
[0031]
The printing apparatus 150 includes a CPU 152 for controlling the operation thereof, a RAM 154 for storing programs and data to be referred to when the CPU 152 executes, a ROM 153 for storing predetermined programs to be executed by the CPU 152, and a hard disk 157 as auxiliary storage means. An operation panel 156 for the user to perform operations while viewing the display, a network interface 151 for communicating via the network 170, a printing unit 158 for printing, and a connection interface for the user authentication information input device. And a face 155. An apparatus having a printing unit is assumed to be a printing apparatus. For example, a multifunction peripheral in which a scanner and a printer are combined is also treated as a type of printing apparatus.
[0032]
(Operation of data processing device)
FIG. 2 is a flowchart illustrating the operation of the CPU 111 incorporated in the data processing device according to the first embodiment. In step S201, the user inputs and operates data from the input unit 115 while viewing the display unit 116 of the data processing device 110 to create a print job.
[0033]
In step S202, user identification information is input from the input unit 115 while viewing the display unit 116 of the data processing device 110, or a list of user identification information stored in the hard disk 117 is displayed on the display unit 116 and selected. Then, the created user identification information is added to the print job created in step S201.
[0034]
In step S203, the print job to which the user identification information created in step S202 has been added is transmitted to the job server 130.
[0035]
(Job server operation)
FIG. 3 is a flowchart illustrating the operation of the CPU 131 incorporated in the job server according to the first embodiment. In step S301, the apparatus is on standby until an event is received. When an event is received, the process proceeds to step S302, and it is determined what the event is.
[0036]
If a print job to which the user identification information has been added is received, the process advances to step S303 to spool the print job to the hard disk 137 or the RAM 133. In step S304, the management information of the spooled print job is added to the print job list corresponding to the added user identification information.
[0037]
If a public key request to which the user identification information has been added is received, the process advances to step S305 to transmit a public key corresponding to the user identification information to the printing device.
[0038]
If the user identification information and the encrypted user authentication information have been received, the process proceeds to step S306, where the encrypted user authentication information is decrypted with the secret key corresponding to the user identification information. In step S307, using the user authentication file, it is determined whether the user user identification information received in step S302 corresponds to the user authentication information decrypted in step S306, and if it is determined that the user is a legitimate user, In step S308, the print job list is transmitted to the printing apparatus.
[0039]
If a print request to which a job name to be printed is added has been received, the process advances to step S309 to transmit the designated print job to the printing device. Here, there may be a plurality of print jobs. In step S310, the transmitted print job is deleted. In step S311, the public key and the secret key are deleted. In step S312, a new public key and secret key are generated and associated with the user identification information.
[0040]
(Operation of printing device)
FIG. 4 is a flowchart illustrating the operation of the CPU 152 built in the printing apparatus 150. In step S401, user identification information is input from the operation panel 156.
[0041]
In step S402, a public key request event is transmitted to the job server 130 together with the user identification information, and a request for issuing a public key is made. In step S403, the user authentication information input from the user authentication information input device 180 is received. In step S404, the user authentication information received in step S403 is encrypted using the public key obtained in step S402.
[0042]
In step S405, the user identification information encrypted in step S404 and the user identification information input in step S401 are transmitted to the job server 130. In step S406, the print job list transmitted from the job server 130 is received. In step S407, the received print job list is displayed on operation panel 156.
[0043]
In step S408, a job to be printed is selected from the displayed print job list. In step S409, a print request for the selected job is transmitted to the job server 130. In step S410, a print job is received from the job server 130. In step S411, the received print job is executed and printed.
[0044]
(Operation of user authentication information input device: when voice is used)
FIG. 5 is a flowchart in which the CPU incorporated in the user authentication information input device 180 extracts a voice feature amount and transmits the extracted voice feature amount to the printing device 150. In step S501, digital audio information is input.
[0045]
In step S502, the input digital audio information is subjected to FFT (fast Fourier transform) with a certain number of sample points. In step S503, the frequency component of the audio signal is analyzed. In step S504, since the voice information called the spectrum subjected to frequency analysis in step S503 includes a pitch which is a fundamental frequency of a human vocal cord, the pitch is detected.
[0046]
In step S505, from the pitch information detected in step S503, a low-frequency component including vocal tract shape information, which is one of human personal information, is extracted. In step S506, the vocal tract information obtained in step S505 is converted into a characteristic parameter called cepstrum, which well represents personal information. A cepstrum, which is an audio feature, is used as user authentication information. In step S507, the cepstrum extracted in step 506 is transmitted to the printing device.
[0047]
(Operation of the user authentication information input device: when a fingerprint is used)
FIG. 6 is a flowchart in which the CPU incorporated in the user authentication information input device 180 extracts a feature amount of the fingerprint image and transmits the extracted feature amount to the printing device 150. In step S601, image information of a fingerprint is input.
[0048]
In step S602, the image information input in step S601 is binarized. In step S603, the image information that has been binarized in step S602 is thinned. In step S604, based on the image information thinned in step S603, feature amounts such as a point at which the fingerprint is cut, the center of the vortex, and the direction of the streamline of the fingerprint are extracted. This feature amount is used as user authentication information. In step S605, the feature amount extracted in step S604 is transmitted to the printing device.
[0049]
(User authentication file)
FIG. 7 shows a user authentication file held by the job server. The user authentication information is described in association with the user identification information.
[0050]
(Print job list)
FIG. 8 shows a print job list displayed on the operation panel of the printing apparatus. In addition to the print job name, information indicating the contents of the print job is displayed, and when the print job is selected, it can be distinguished from the unselected job.
[0051]
(Registration of user authentication file)
FIG. 9 is a diagram for explaining how the user authentication file is registered. A user authentication file can be registered by specifying the user authentication file on the screen for registering the user authentication file. The same applies to updating and deleting the user authentication file.
[0052]
[Second embodiment]
The second embodiment is characterized in that a public key and a secret key are generated only for user identification information having a print job. Thereby, the memory of the area for storing the public key and the secret key can be reduced as compared with the first embodiment.
[0053]
It is also characterized in that a public key and a secret key are generated in advance for user identification information having a print job. Thus, there is an effect that when a public key is requested, no time is required to generate the public key. The public key / private key is generated when the print job corresponding to the user identification information does not exist in the job server, when the job server newly receives the print job, or when the print job is transmitted and the public key / private key is transmitted. This is the case where a print job corresponding to the user identification information still exists after the key is deleted.
[0054]
The configuration of the printing system and the operations of the data processing device, the printing device, and the user authentication information input device are the same as those in the first embodiment.
[0055]
(Job server operation)
FIG. 10 is a flowchart illustrating the operation of the CPU 131 incorporated in the job server according to the second embodiment. In step S1001, the apparatus is in a standby state until an event is received. If an event is received, the process advances to step S1002 to determine what the event is.
[0056]
Upon receiving the print job to which the user identification information has been added, the process advances to step S1003. In step S1003, it is determined whether a print job corresponding to the user identification information added to the received print job already exists in the job server 130. If there is no print job corresponding to the user identification information, the process proceeds to step S1004, a public key and a secret key are generated and associated with the user identification information, and the process proceeds to step S1005. If there is a print job corresponding to the user identification information, the process proceeds directly to step S1005. In step S1005, the print job received in step S1002 is spooled. In step S1006, the information of the spooled print job is added to the print job list corresponding to the user identification information added to the print job.
[0057]
Upon receiving the public key request together with the user identification information in step S1002, the process advances to step S1007 to transmit the public key corresponding to the added user identification information to the printing apparatus.
[0058]
If the user identification information and the encrypted user authentication information are received in step S1002, the process advances to step S1008 to decrypt the encrypted user authentication information with a secret key corresponding to the user identification information. In step S1009, using the user authentication file, it is determined whether or not the user user identification information received in step S1002 and the user authentication information decrypted in step S1008 correspond to each other. In step S1010, the print job list is transmitted to the printing device.
[0059]
If a print request to which a job name to be printed is added in step S1002, the process advances to step S1011 to transmit the designated print job to the printing device. In step S1012, the transmitted print job is deleted. In step S1013, the corresponding public key and secret key are deleted. In step S1014, after deleting the print job in step S1012, it is determined whether there is still a print job corresponding to the corresponding user identification information. If there is more, the process proceeds to step S1015, a new public key / private key is generated, and the process returns to the standby state of step S1001. If there is no more print job, the process returns to the standby state of step S1001.
[0060]
[Third embodiment]
The third embodiment is characterized in that when a public key is requested, a public key and a secret key are generated. Thus, the public key and the secret key for the user who is currently trying to print need only be generated, so that the memory usage can be reduced as compared with the second embodiment.
[0061]
The configuration of the printing system and the operations of the data processing device, the printing device, and the user authentication information input device are the same as those in the first embodiment.
[0062]
(Job server operation)
FIG. 11 is a flowchart illustrating the operation of the CPU 131 incorporated in the job server according to the third embodiment. In step S1101, the apparatus is in a standby state until an event is received. When an event is received, the process advances to step S1102 to determine what the event is.
[0063]
Upon receiving the print job to which the user identification information has been added, the process advances to step S1111. In step S1111, the print job received in step S1102 is spooled. In step S1112, the information of the spooled print job is added to the print job list corresponding to the user identification information added to the print job.
[0064]
If the public key request is received together with the user identification information in step S1102, the process advances to step S1121 to transmit the public key corresponding to the added user identification information to the printing device.
[0065]
If the user identification information and the encrypted user authentication information are received in step S1102, the process proceeds to step S1131, and the encrypted user authentication information is decrypted with the secret key corresponding to the user identification information. In step S1132, it is determined using the user authentication file whether the user user identification information received in step S1102 and the user authentication information decrypted in step S1131 correspond to each other. If the authentication result in step S1132 is not successful, the process proceeds to step S1134, where the corresponding public key and secret key are deleted, and the process returns to the standby state in step S1101. If it is determined that the user is an authorized user, the print job list is transmitted to the printing apparatus in step S1135.
[0066]
If a print request to which a job name to be printed is added is received in step S1102, the process advances to step S1141 to transmit the designated print job to the printing device. In step S1142, the transmitted print job is deleted. In step S1143, the corresponding public key and secret key are deleted.
[0067]
According to the first to third embodiments described above, since the job server 130 has the user authentication file and performs the user authentication on the job server 130 side, the work of updating and registering the user authentication file is performed. Need only be performed for the job server 130, and the update / registration work is reduced.
[0068]
In performing user authentication in the job server 130, user authentication information input from the printing apparatus and flowing on the network 170 is encrypted with a public key generated by the job server 130, and is changed every time user authentication is successful. As a result, sufficient security can be ensured. Even if user authentication information flowing on the network 170 is intercepted by a third party, the contents are unknown because the content is encrypted by the public key, and the public key and the secret key are changed each time the user authentication is successful. Therefore, even if the user authentication information encrypted with the public key is transmitted again, it is not valid, so that the replay attack using the user authentication information encrypted with the public key can be invalidated.
[0069]
Further, by using the public key cryptosystem, key distribution can be performed safely via the network 170. In the public key cryptosystem, since the encryption key and the decryption key are different, it is difficult to decrypt even if the encryption key is intercepted, due to the computation time.
[0070]
Further, when a print job is transmitted from the data processing apparatus to the job server 130, user identification information such as a user ID is specified. If a recipient is specified as the user ID, the print job is transmitted. Even when the user and the user who receives the print job are different, printing using user authentication can be performed.
[0071]
In addition, of the print jobs stored in the job server 130, a list of print jobs that can be printed by the user is displayed, and only the print job that the user wants to print is selected. Can be arbitrarily selected for printing. However, the display of the print job list is performed only for the user who has passed the user authentication, so that the print job list held by other users cannot be viewed.
[0072]
In addition, by using biometric information such as a voiceprint feature amount and a fingerprint feature amount as user authentication information, it is possible to prevent a password from being forgotten or being stolen by a third party. Also, unlike an ID card, it is possible to prevent the user from being stolen or forgetting to carry it. However, the method of inputting a password or a password is simpler than that of a device that inputs voice and extracts its feature amount and a device that inputs a fingerprint and extracts its feature amount. Although the level is lowered, this method may be used.
[0073]
Further, the user authentication can be performed by a new method by separating the printing apparatus from the user authentication information input apparatus and registering a new user authentication file only in the job server 130.
[0074]
In the first to third embodiments, an example in which the printing device 150 and the user authentication information input device 180 are separated has been described. However, as shown in FIG. 12, a user authentication information input unit 159 is integrated with the printing device 150. May be provided. The user authentication information input unit 159 is a device for inputting information used as user authentication information such as a keyboard for inputting a password, a numeric keypad for inputting a password, a microphone for inputting voice, and a fingerprint sensor for reading fingerprints. Good. When inputting a password or a password, the specific user authentication information input unit 159 is unnecessary, and may be input from the operation panel 156.
[0075]
[Fourth embodiment]
In the fourth embodiment, the public key and the private key are changed each time authentication is successful to prevent improper output such as spoofing and replay attacks, and that the job server is made public by a request from the printing apparatus. The method is characterized in that a key is transmitted, a password is used as user authentication information, and the password is input from a print panel of the printing apparatus.
[0076]
(Configuration of printing system)
FIG. 13 is a diagram showing the configuration of the printing system according to the fourth embodiment of the present invention. In the printing system shown in FIG. 1, the user authentication information input device 180 is connected to the printing device 150 via the interface 155, whereas in the printing system shown in FIG. 13, a password is used as the user authentication information. The password is input from the print panel 156 of the printing device 150.
[0077]
(Operation of data processing device)
The operation of the CPU 111 incorporated in the data processing device according to the fourth embodiment is the same as that described with reference to the flowchart of FIG.
[0078]
(Job server operation)
FIG. 14 is a flowchart illustrating the operation of the CPU 131 incorporated in the job server according to the fourth embodiment. In step S1401, a user authentication file describing the correspondence between user identification information such as a name and an employee number and user authentication information such as a password is registered in the job server 130.
[0079]
Subsequently, in step S1402, the process enters a standby state and waits until an event is received. In step S1403, processing is distributed according to the received event.
[0080]
If a print job to which user identification information has been added is received, the process advances to step S1404; if a public key request has been received, the process advances to step S1407; if authentication information has been received, the process advances to step S1411.
[0081]
In step S1404, the print job to which the user identification information is added is received and stored in the RAM 133 or the hard disk 137. In step S1405, is there a print job to which the same user identification information as the user identification information added to the print job received in step S1404 is included in the print jobs already stored in the RAM 133 or the hard disk 137? Search for and determine.
[0082]
If there is a print job to which the same user identification information has been added in step S1405, the public key and secret key corresponding to the user identification information added to the print job received in step S1404 have already been generated. Therefore, the public key and the secret key are not newly generated, and the process returns to the standby state of step S1402.
[0083]
If there is no print job to which the same user identification information is added in step S1405, the public key and secret key corresponding to the user identification information added to the print job received in step S1404 have not been generated yet. Therefore, the process proceeds to step S1406. In step S1406, a public key and a secret key are generated and associated with the user identification information, and the process returns to the standby state in step S1402.
[0084]
In step S1407, a public key request is received. In step S1408, it is determined whether there is a print job to which the user identification information of the user who made the public key request is added. The public key is transmitted to the printing apparatus, and the process returns to the standby state of step S1402. If there is no print job, a message notifying that there is no print job to which the user identification information requesting the public key is added is transmitted to the printing apparatus in step S1410.
[0085]
In step S1411, the user identification information and the encrypted user authentication information are received, and in step S1412, the user authentication information encrypted with the public key corresponding to the user identification information is replaced with the secret key corresponding to the user identification information. Decrypt. In step S1413, user authentication is performed using the user authentication information decrypted in step S1412, the user authentication file registered in step S1401, and the user identification information received in step S1411.
[0086]
If the user authentication is successful in step S1412, all print jobs of the successfully authenticated user are transmitted to the printing apparatus in step S1414. In step S1415, the print job whose transmission has been completed, the public key and the secret key corresponding to the user identification information successfully authenticated in step S1413 are deleted, and the same data as the encrypted user authentication information received in step S1411 again. Print job cannot be output even if is received. If the authentication has failed in step S1413, the process advances to step S1416 to transmit a message notifying that the authentication has failed to the printing apparatus.
[0087]
(Operation of printing device)
FIG. 15 is a flowchart illustrating the operation of the CPU 152 built in the printing apparatus 150. In step S1501, the process waits for a user input.
[0088]
In step S1502, the user inputs user identification information and user authentication information from the operation panel 156 of the printing apparatus 150. In step S1503, the printing device 150 transmits a public key request to the job server 130. In step S1504, data is received from the network 170, and depending on whether the received data is a message or a public key, the process proceeds to step S1505 if a message is received, and proceeds to step S1507 if a public key is received.
[0089]
In step S1505, a message is received from the network 170 via the network interface 151. In step S1506, an error notifying the user that the public key has not been generated because there is no print job in response to the public key request on the operation panel 156. Display a message.
[0090]
In step S1507, the public key is received from the network 170 via the network interface 151. In step S1508, the user authentication information is encrypted with the public key. In step S1509, the user identification information and the encrypted user authentication information are transmitted to the job server. Send to 130.
[0091]
In step S1510, the process waits for a response from the job server 130 to return, and in step S1511, receives a response from the job server 130. If the data received from the job server 130 is a message in step S1511, the process advances to step S1512 to receive the message, and a message notifying the user that the authentication has failed is displayed on the operation panel 156 in step S1513. If the data received in step S1511 is a print job, the process advances to step S1515, where printing is performed by the printing unit 158.
[0092]
[Fifth Embodiment]
In the fifth embodiment, the job server notifies the printing device every time a public key is generated or deleted, and the job server sends a list of user identification information and a public key to the printing device in response to a request from the printing device. Transferring the printing device to the operation panel, displaying the user identification information of the user storing the print job in the job server on the operation panel, and being a part of the printing device or being connected to the printing device. User authentication information is input by a voice input device.
[0093]
(Configuration of printing system)
FIG. 16 is a diagram showing the configuration of the printing system according to the fifth embodiment of the present invention. In the printing system shown in FIG. 1, the user authentication information input device 180 is connected to the printing device 150 via the interface 155, whereas in the printing system shown in FIG. A difference is that a voice input device 181 for inputting voice is provided. The process of extracting the feature amount of the voice input from the voice input device 181 is performed by the CPU 152 built in the printing device 150. The feature amount extraction process is the same as that described with reference to the flow of FIG. It is.
[0094]
(Operation of data processing device)
The operation of the CPU 111 incorporated in the data processing device according to the fifth embodiment is the same as that described with reference to the flowchart of FIG.
[0095]
(Job server operation)
FIG. 17 is a flowchart illustrating the operation of the CPU 131 incorporated in the job server according to the fifth embodiment. In step S1701, a user authentication file that describes the correspondence between the user identification information and the audio feature amount that is the user authentication information is registered in the job server 130.
[0096]
Subsequently, in step S1702, the process enters a standby state and waits until an event is received. In step S1703, processing is distributed according to the received event.
[0097]
If a print job to which user identification information has been added is received, the process advances to step S1704; if a public key request has been received, the process advances to step S1708; if authentication information has been received, the process advances to step S1710.
[0098]
In step S1704, the print job to which the user identification information is added is received and stored in the RAM 133 or the hard disk 137. In step S1705, is there a print job to which the same user identification information as the user identification information added to the print job received in step S1704 is included in the print jobs already stored in the RAM 133 or the hard disk 137? Search for and determine.
[0099]
If there is a print job to which the same user identification information has been added in step S1705, the public key and secret key corresponding to the user identification information added to the print job received in step S1704 have already been generated. Therefore, the public key and the secret key are not newly generated, and the process returns to the standby state of step S1702.
[0100]
If there is no print job to which the same user identification information is added in step S1705, the public key and the private key corresponding to the user identification information added to the print job received in step S1704 have not been generated yet. Therefore, the process proceeds to step S1706. In step S1706, a public key and a secret key are generated and associated with the user identification information. In step S1707, the generation of the public key is notified to all the printing apparatuses via the network 170, and the process returns to the standby state in step S1702.
[0101]
In step S1708, the public key request is received. In step S1709, the correspondence list of the public key and the user identification information is transmitted to the printing apparatus, and the process returns to the standby state in step S1702.
[0102]
In step S1710, the user identification information and the encrypted user authentication information are received. In step S1720, a secret key corresponding to the user authentication information is searched. If the secret key exists, the process proceeds to step S611. If the secret key does not exist, the process proceeds to step S1721. Send to
[0103]
In step S1711, the user authentication information encrypted with the public key corresponding to the user identification information is decrypted with the secret key corresponding to the user identification information. In step S1712, user authentication is performed using the user authentication information decrypted in step S1711, the user authentication file registered in step S1701, and the user identification information received in step S1710.
[0104]
If the user authentication is successful in step S1712, all print jobs of the successfully authenticated user are transmitted to the printing apparatus in step S1713. In step S1714, the print job whose transmission has been completed, the public key and the secret key corresponding to the user identification information successfully authenticated in step S1712 are deleted, and the same data as the encrypted user authentication information received again in step S1710 is deleted. Print job cannot be output even if is received. In step S1715, the fact that the public key has been deleted is notified to all printing apparatuses via the network 170, and the process returns to the standby state in step S1702. If the authentication has failed in step S1712, the process advances to step S1716 to transmit a message to the printing apparatus that the authentication has failed, and returns to the standby state in step S1702.
[0105]
(Operation of printing device)
FIG. 18 is a flowchart illustrating an operation of the CPU 152 built in the printing apparatus 150. In step S1801, the process waits until an event occurs.
[0106]
In step S1802, when an event occurs, the process is sorted according to what kind of event it is. If the event is a public key event, the process advances to step S1810; if the event is a message event, the process advances to step S1820; if the event is a print job event, the process advances to step S1830; if the event is a user input event, the process advances to step S1840.
[0107]
In step S1810, when an event related to a public key is received from the job server 130, if the event is related to generation of a public key, the process advances to step S1811 to add the public key to the list of public keys. The process proceeds to step S1812, where the public key is deleted from the public key list. If the event is related to the public key list, the process proceeds to step S1813 to update the public key list.
[0108]
In step S1820, a message about the authentication failure received from job server 130 and a message about the absence of the private key corresponding to the public key are displayed on operation panel 156.
[0109]
In step S1830, the print job is received, and printing is performed in step S1831.
[0110]
In step S1840, the input contents of the user are determined, and the process proceeds to step S1842 when the contents of the list are selected, and proceeds to step S1846 when the button for updating the contents of the correspondence list of the user identification information and the public key is pressed. In step S1842, the user selects his or her own user identification information displayed on operation panel 156. In step S1843, the user inputs a voice from the voice input device 181, and extracts the feature amount. In step S1844, the voice feature is encrypted using the public key. In step S1845, the user identification information and the encrypted user authentication information are transmitted to the job server 130. In step S1846, a request for the latest list of public keys is transmitted to job server 130.
[0111]
In the fifth embodiment, when the power of the printing apparatus is turned off, it is not possible to receive a notification from the job server 130. Therefore, the public key list in the job server 130 and the public key The list may not be synchronized. Further, even when the connection with the network 170 is disconnected, the public key list in the job server 130 cannot be synchronized with the public key list in the printing apparatus. Therefore, when the power is turned on or when the printer is connected to the network, the printing apparatus may perform a process of obtaining the public key list from the job server 130.
[0112]
Further, in the fifth embodiment, the configuration in which the voice input device 150 is attached to the printing device 150 is shown. However, as described in the first embodiment, the authentication information input device such as the voice input device can be detached. The connected device configuration may be used. In this case, the process of extracting the characteristic amount from the biological information may be performed by the CPU of the externally connected biological information input device.
[0113]
In the case where the Internet is used as the network 170, transmission and reception are not always performed reliably, so that a public key generation event or a public key deletion event may not reach the printing apparatus from the job server 130. Therefore, the printing apparatus may inquire the job server 130 at regular intervals whether the public key list in the job server 130 and the public key list on the printing apparatus are synchronized.
[0114]
In the fifth embodiment, a voice is used as the user authentication information. However, any information that can be authenticated with the user may be used, such as a fingerprint, an iris, a retinal pattern, a finger blood vessel pattern, and a plurality of randomly displayed pictures. It is possible to use another authentication method such as a method of selecting a picture registered from the above.
[0115]
Also, if there is a user who stores a print job in the job server 130 and does not perform output, the storage capacity of the job server 130 will be squeezed, and the storage time when the print job is stored in the job server 130 is recorded. At regular intervals or every time a new print job is stored, it is checked whether or not the print job stored in the job server 130 has elapsed for a certain period of time. May delete the print job stored for a certain period of time or more.
[0116]
According to the fourth and fifth embodiments described above, since the job server 130 has the user authentication file, even if the user authentication file is changed, only the user authentication file of the job server 130 needs to be changed. It is not necessary to register the user authentication file for the printing device.
[0117]
Also, by encrypting the user authentication information, a third party who intercepts data flowing through the network 170 cannot directly read the user authentication information, and the third party who intercepts the user authentication information impersonates a legitimate user. Therefore, a print job of an authorized user cannot be output.
[0118]
Also, by changing the encryption and decryption keys each time user authentication is successful, a third party who has intercepted data flowing through the network 170 can print the user identification information and the encrypted user authentication information as they are. Even if the print job is resent to the device, the print job of the authorized user cannot be output.
[0119]
Also, by using the public key cryptosystem and providing the job server 130 that performs user authentication with a secret key, the encryption secret key is passed to the printing apparatus via the network 170, but the decryption public key is transmitted to the network 170. There is no need to exchange data via a network, and a private key for decryption is not disclosed to a third party who intercepts the network.
[0120]
Further, when the user identification information and the user authentication information are input to the printing apparatus, the printing apparatus can go to the job server 130 to obtain the public key. It is not necessary to perform management.
[0121]
In addition, every time the job server 130 generates or deletes the public key and the secret key, the printing device notifies the printing device of the public key corresponding to the user identification information. The user can store and manage the list of the stored user identification information and the corresponding public key, so that when the user instructs printing, the user identification information and the list of the public key displayed on the operation panel of the printing apparatus are displayed. The user identification information and the public key can be specified in a selectable manner from among, and the user obtains the public key before inputting the user identification information. The authentication process can be performed faster than when going to obtain
[0122]
Further, if a print job of a user who does not issue a print instruction from the printing apparatus is automatically deleted after a certain period of time while the print job is stored in the job server 130, the print job storage unit can be reduced. It can be used efficiently.
[0123]
Further, by using biometric information as user authentication information, the user authentication information is not lost, forgotten, or falsified.
[0124]
[Sixth Embodiment]
(Configuration of printing system)
FIG. 19 is a diagram showing the configuration of the printing system according to the sixth embodiment of the present invention. As shown in the figure, the printing system includes data processing devices 110, 121, 122,... Which perform data processing such as document creation and image creation, and printing devices 150, 161, 162,. , And an authentication server 230 for performing authentication, and are respectively connected to a network 170 such as a LAN (local information communication network).
[0125]
The configurations of the data processing device 110 and the printing device 150 are the same as those described in the first embodiment. In the printing system shown in FIG. 19, a user authentication information input unit 159 is provided integrally with the printing device 150, as in the printing system shown in FIG. The user authentication information input unit 159 may be a device for inputting information used as user authentication information, such as a keyboard for inputting a password, a numeric keypad for inputting a password, a microphone for inputting voice, a fingerprint sensor for reading a fingerprint, and the like. . When inputting a password or a password, the specific user authentication information input unit 159 is unnecessary, and may be input from the operation panel 156.
[0126]
The authentication server 230 has the same configuration as the data processing device 110 and the like, and has a CPU 231 for controlling the overall operation thereof, a ROM 232 for storing programs and data, a RAM 233, a hard disk 237, and the like. The user authentication file describing the correspondence between the user identification information and the user authentication information is stored in the ROM 232 or the hard disk 237. An example of the user authentication file is as shown in FIG. When a set of a public key and a secret key is generated, it is stored in the RAM 233 or the hard disk 237, and is deleted every time authentication is performed.
[0127]
(Operation of data processing device)
The operation of the CPU 111 incorporated in the data processing device according to the sixth embodiment is the same as that described with reference to the flowchart of FIG.
[0128]
(Operation of printing device)
FIG. 20 is a flowchart illustrating the operation of the CPU 152 built in the printing apparatus 150. A flowchart for printing a print job spooled in a printing apparatus will be described. In step S2001, user identification information is input from the operation panel 156. In step S2002, user recognition information is input from the user authentication information input unit 159.
[0129]
In step S2003, a public key is obtained from the authentication server 230, and the user authentication information input in step S2002 is encrypted using the obtained public key.
[0130]
In step S2004, the user identification information and the encrypted user authentication information are transmitted to the authentication server 230. In step S2005, the process is distributed according to the success or failure of the authentication returned from the authentication server 230.
[0131]
The process proceeds to step S2006 when the authentication is successful, and a print job list corresponding to the user identification information is displayed on the operation panel 156. An example of the display is as shown in FIG. In step S2007, a job to be printed is selected from the displayed print job list. In step S2008, the print job selected in step S2007 is printed.
[0132]
The process proceeds to step S2009 when the authentication has failed, and an error message indicating that the authentication has failed is displayed.
[0133]
(Job server operation)
FIG. 21 is a flowchart illustrating the operation of the CPU 231 incorporated in the authentication server. In step S2101, a public key and a secret key are generated. In step S2102, user identification information and user authentication information encrypted with the public key are received. These are the data sent from the printing device.
[0134]
In step S2103, the encrypted user authentication information is decrypted using the secret key. In step S2104, using the user authentication file stored in the authentication server 230, it is authenticated whether the received user identification information and the user authentication information correctly correspond.
[0135]
In step S2105, the result of the authentication performed in step S2104 is transmitted to the transmission source printing apparatus. In step S2106, the public key and secret key used for a series of authentications are deleted. After that, the process returns to step S2101 and waits until the user identification information and the encrypted user authentication information are received again.
[0136]
According to the above-described sixth embodiment, by performing user authentication by one authentication server 230, complicated operations such as registration, update, and deletion of a user authentication file need not be performed for each of a plurality of printing apparatuses. Better and maintainability is improved. Conventionally, when a printing apparatus and an authentication server are connected via a network, there is a security problem when a user authentication file is transmitted over the network. The security problem is solved by encrypting the user authentication information and exchanging it on the network, and deleting and regenerating the public key and the secret key every time the authentication server 230 performs authentication.
[0137]
By placing a user authentication file, which is a correspondence table between user identification information and user authentication information, in the authentication server 230, it is possible to cope with a case where the sender of a print job and the output person of a print job are to be different. For example, when a certain person A transmits a print job, if the user identification information of the person B is designated as the user identification information of the person who is permitted to output the print job to be transmitted, the person B is designated. Can be output.
[0138]
Further, a list of print jobs that can be output is displayed, a print job to be printed is selected from the displayed print job list, and a command is issued, whereby only the print job to be output can be output.
[0139]
Further, by using biometric information as user authentication information, it is impossible to easily forge user authentication information. In addition, since authentication using fingerprints and voiceprints is associated with humans, management is easy without being stolen or left behind.
[0140]
(Other embodiments)
A software program for realizing the functions of the above-described embodiments is provided to an apparatus connected to the various devices or a computer in the system so that the various devices operate to realize the functions of the above-described embodiments. The present invention also includes a code that is supplied and executed by operating the various devices according to a program stored in a computer (CPU or MPU) of the system or the apparatus.
[0141]
In this case, the software program code itself implements the functions of the above-described embodiment, and the program code itself constitutes the present invention. As a transmission medium of the program code, a communication medium (a wired line or a wireless line such as an optical fiber) in a computer network (WAN such as a LAN or the Internet, a wireless communication network, etc.) system for transmitting and supplying the program information as a carrier wave. Etc.) can be used.
[0142]
Further, means for supplying the program code to a computer, for example, a recording medium storing the program code constitutes the present invention. As a recording medium for storing such a program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a magnetic tape, a nonvolatile memory card, a ROM, and the like can be used.
[0143]
When the computer executes the supplied program code, not only the functions of the above-described embodiments are realized, but also the OS (Operating System) or other application software running on the computer. Needless to say, such a program code is also included in the embodiment of the present invention when the functions of the above-described embodiment are realized in cooperation with the above.
[0144]
Further, after the supplied program code is stored in a memory provided in a function expansion board of a computer or a function expansion unit connected to the computer, a CPU provided in the function expansion board or the function expansion unit based on the instruction of the program code. It is needless to say that the present invention also includes a case where the functions of the above-described embodiments are implemented by performing part or all of the actual processing.
[0145]
It should be noted that the shapes and structures of the respective parts shown in the above-described embodiments are merely examples of the specific embodiments for carrying out the present invention, and the technical scope of the present invention is limited by these. It must not be interpreted. That is, the present invention can be embodied in various forms without departing from the spirit or main features thereof.
[0146]
【The invention's effect】
As described above, according to the present invention, the user authentication file is registered in the server computer on the network such as the job server or the authentication server, so that the work of updating and registering the authentication file can be reduced, and A public key / private key for encrypting / decrypting user authentication information is generated and deleted at an appropriate timing, so that sufficient security can be ensured for the user authentication information flowing on the network. .
[Brief description of the drawings]
FIG. 1 is a diagram illustrating a configuration of a printing system according to a first embodiment of the present invention.
FIG. 2 is a flowchart illustrating an operation of a CPU incorporated in the data processing device according to the first embodiment.
FIG. 3 is a flowchart illustrating an operation of a CPU incorporated in a job server according to the first embodiment.
FIG. 4 is a flowchart illustrating an operation of a CPU incorporated in the printing apparatus according to the first embodiment.
FIG. 5 is a flowchart illustrating a process of extracting a feature amount of an input voice.
FIG. 6 is a flowchart illustrating a process of extracting a feature amount of an input fingerprint image.
FIG. 7 is a diagram illustrating an example of a user authentication file.
FIG. 8 is a diagram illustrating an example of a print job list displayed on an operation panel of the printing apparatus.
FIG. 9 is a diagram illustrating an example of a user authentication file registration screen.
FIG. 10 is a flowchart illustrating an operation of a CPU incorporated in a job server according to the second embodiment.
FIG. 11 is a flowchart illustrating an operation of a CPU incorporated in a job server according to the third embodiment.
FIG. 12 is a diagram illustrating another configuration of the printing system.
FIG. 13 is a diagram illustrating a configuration of a printing system according to a fourth embodiment of the present invention.
FIG. 14 is a flowchart illustrating an operation of a CPU incorporated in a job server according to a fourth embodiment.
FIG. 15 is a flowchart illustrating an operation of a CPU incorporated in a printing apparatus according to a fourth embodiment.
FIG. 16 is a diagram illustrating a configuration of a printing system according to a fifth embodiment of the present invention.
FIG. 17 is a flowchart illustrating an operation of a CPU incorporated in a job server according to the fifth embodiment.
FIG. 18 is a flowchart illustrating an operation of a CPU incorporated in a printing apparatus according to a fifth embodiment.
FIG. 19 is a diagram illustrating a configuration of a printing system according to a sixth embodiment of the present invention.
FIG. 20 is a flowchart illustrating an operation of a CPU incorporated in a printing apparatus according to a sixth embodiment.
FIG. 21 is a flowchart illustrating an operation of a CPU incorporated in a job server according to the sixth embodiment.
[Explanation of symbols]
110, 121, 122 Data processing device
130 Job Server
150, 161, 162 printing device
170 Network
180 User authentication information input device
230 Authentication server

Claims (20)

At least one or more printing devices that execute and print a print job, and a job server that manages the print job are connected via a network, and the print job stored in the job server according to a print instruction from the printing device Is transferred to the printing device that issued the print instruction, a printing method by a printing system that performs a printing process,
A process of storing a print job to which the user identification information is added in the job server, a process of registering a user authentication file in which a correspondence between the user identification information and the user authentication information is recorded, and a process of storing a public key and a secret for each user identification information. And a process for generating a key.
A process of inputting user identification information to the printing device, a process of encrypting the input user authentication information with the public key, and a process of transmitting the user identification information and the user authentication information encrypted with the public key to the job. And send it to the server.
The job server, the user authentication information encrypted by the public key, searching for a secret key corresponding to the public key using the user identification information as a search key, a process of decoding with the corresponding secret key, A process of authenticating the user identification information and the decrypted user authentication information using the user authentication file, and a process of transmitting a print job list of the corresponding user to the printing apparatus according to the authentication result,
Causing the printing device to execute a process of selecting a print job to be subjected to print processing from a print job list transmitted from the job server;
Causing the job server to execute a process of transmitting a print job corresponding to a print request from the printing device to the printing device;
The printing device receives a print job transmitted from the job server and executes a process of printing,
A printing method by a printing system, wherein the job server executes a process of deleting a public key and a secret key in accordance with success or failure of the authentication. A user authentication information input device is connected to the printing device, and the user authentication information input device transmits a user authentication information input by the user authentication information input device to the printing device. The printing method according to claim 1, further comprising: The printing method according to claim 1, wherein the printing apparatus has a user authentication information input unit. The printing method according to claim 1, wherein any one of a voiceprint feature amount, a fingerprint feature amount, a password, and a password is used as the user authentication information. At least one or more printing devices that execute and print a print job, and a job server that manages the print job are connected via a network, and the print job stored in the job server according to a print instruction from the printing device Is transferred to the printing device that issued the print instruction, a printing system that performs a printing process,
A means for storing the print job to which the user identification information is added; a means for registering a user authentication file in which the correspondence between the user identification information and the user authentication information is recorded; and a public key / private key for each user identification information. Key generating means for generating a key, and searching for a secret key corresponding to the public key using the user identification information as a search key and decrypting the user authentication information encrypted by the public key with the corresponding secret key. A decryption unit, an authentication unit that authenticates the user identification information and the decrypted user authentication information using the user authentication file, and transmits a print job list of the user to the printing apparatus according to the authentication result. Means for transmitting a print job corresponding to a print request from the printing apparatus to the printing apparatus, and releasing the print job according to the success or failure of the authentication by the authentication means. And have the means to delete the secret key,
Means for inputting user identification information, encryption means for encrypting the input user authentication information with the public key, and a method for transmitting the user identification information and the user authentication information encrypted with the public key. Transmitting means for transmitting to the job server, selecting means for selecting a print job to be subjected to print processing from a print job list transmitted from the job server, and means for receiving a print job transmitted from the job server And a print processing unit. A data processing device, at least one or more printing devices that execute and print a print job, and a job server that manages the print job are connected via a network, and the user identification information sent from the data processing device is added. A printing method in which the job server stores the print job, and transfers the print job stored in the job server to the printing device that has issued the print instruction in accordance with a print instruction from the printing device, and performs a printing process. And
In the job server, a process of storing a user authentication file, a process of storing a print job to which user identification information is added, and determining whether a print job to which the same user identification information is added is already stored Processing, in response to the determination, a process of generating a public key and a secret key, and a process of storing the public key and the secret key,
A process of inputting user identification information and user authentication information to the printing device; an encryption process of encrypting user authentication information with a public key generated by the job server; Transferring the encrypted user authentication information to the job server,
In the job server, a process of decrypting the user authentication information encrypted by the public key by the secret key, a process of comparing the user identification information and the user authentication information using the user authentication file, Transferring the stored print job in accordance with the result of the collation.
Causing the printing device to execute output processing of the transferred print job,
A printing system, wherein the job server executes a print job to which the stored user identification information is added, and a process of deleting the stored public key and the secret key. Printing method. Causing the printing device to execute a process of requesting a public key corresponding to the user identification information, and determining whether the job server has a public key corresponding to the user identification information; 7. The printing method according to claim 6, further comprising: transmitting a public key. The job server, a process of notifying the printing device of the public key corresponding to the user identification information every time the key is generated, and a process of notifying the printing device of the user identification information each time the key is deleted. Causing the printing device to execute a process of notifying the corresponding public key and a process of notifying the printing device of user identification information and a list of public keys in response to a request from the printing device, The printing method according to claim 6, wherein a process of storing a public key corresponding to the printing system is executed. After executing a process of storing the print job to which the user identification information is added, the job server executes a process of deleting the print job to which the user identification information is added after a lapse of a predetermined time. A printing method using the printing system according to claim 6. 7. The method according to claim 6, wherein biometric information is used as the user authentication information, and a process of inputting biometric information to the printing device and a process of extracting a feature amount from the input information on the living body are executed. Printing method by the printing system. A data processing device, at least one or more printing devices that execute and print a print job, and a job server that manages the print job are connected via a network, and the user identification information sent from the data processing device is added. A print job stored in the job server by the job server, and the print job stored in the job server is transferred to the printing device that issued the print instruction by a print instruction from the printing device to perform a printing process. ,
The job server includes a first storage unit that stores a user authentication file, a second storage unit that stores a print job to which user identification information is added, and a print job to which the same user identification information is added. Determining means for determining whether the key is already stored, key generating means for generating a public key and a secret key according to the determining means, third storing means for storing the public key and the secret key, Decryption means for decrypting the user authentication information encrypted by the public key with the secret key; collation means for collating user identification information with user authentication information using the user authentication file; According to the result, the first transfer unit for transferring the print job stored in the second storage unit and the user identification information stored in the second storage unit are added. Has erasing means for erasing the public key and the private key stored in the print job and the third storage means that,
An input unit that inputs user identification information and user authentication information, an encryption unit that encrypts user authentication information with a public key generated by the generation unit, and the printing device that is input by the input unit. Second transfer means for transferring user identification information and user authentication information encrypted by the encryption means to the job server; and output means for performing output processing of the print job transferred by the first transfer means And a printing system comprising: A printing method by a printing system in which at least one or more printing apparatuses that print a print job and an authentication server that performs authentication are connected via a network,
Causing the authentication server to execute a process of generating a public key and a secret key,
A process of inputting user identification information and user authentication information to the printing apparatus; a process of encrypting the user authentication information with a public key issued by the authentication server; a process of encrypting the user identification information and the encrypted user authentication And transmitting information, and
A process of receiving the user identification information and the encrypted user authentication information transmitted from the printing device to the authentication server, and a process of decrypting the encrypted user authentication information with the secret key; A process of authenticating whether or not the user identification information and the decrypted user authentication information correspond to each other using a user authentication file, and a process of transmitting a result of the authentication to the printing device,
The printing device, a process of displaying a list of print jobs corresponding to the user identification information according to the success or failure of authentication by the authentication server, a process of selecting a print job, and a printing process,
A printing method by a printing system, wherein the authentication server executes a process of deleting the public key and the secret key. 13. The printing method according to claim 12, wherein the printing apparatus is configured to execute a process of displaying a result of the success or failure according to the success or failure of the authentication. 13. The printing method according to claim 12, wherein the authentication server executes processing for registering, deleting, and updating a user authentication file. 13. The printing method according to claim 12, wherein biometric information is used as the user authentication information. A printing system in which at least one or more printing devices that print a print job and an authentication server that performs authentication are connected via a network,
A means for inputting user identification information and user authentication information, an encryption means for encrypting the user authentication information with a public key issued by the authentication server, and a means for encrypting the user identification information and the encrypted Transmission means for transmitting user authentication information, display means for displaying a list of print jobs corresponding to the user identification information according to the success or failure of authentication by the authentication server, selection means for selecting a print job, and print processing means And having
Generating means for generating a public key and a secret key, receiving means for receiving user identification information and encrypted user authentication information transmitted from the printing apparatus, and wherein the encrypted user Decryption means for decrypting authentication information with the secret key; authentication means for authenticating whether the user identification information corresponds to the decrypted user authentication information using a user authentication file; A printing system comprising: a transmitting unit that transmits a result to the printing apparatus; and a deleting unit that deletes the public key and the secret key. A server computer used in a printing system in which at least one or more printing devices that execute and print a print job are connected to a network,
Generating means for generating a public key / private key for encrypting / decrypting the user authentication information;
Receiving means for receiving, from the printing apparatus, user identification information and user authentication information encrypted by the public key,
Decryption means for decrypting the user authentication information encrypted by the public key by the secret key,
Authentication means for authenticating the user identification information and the decrypted user authentication information using a user authentication file describing the correspondence,
A server computer comprising: a deletion unit configured to delete the public key / private key generated by the generation unit. An authentication method in a printing system in which at least one or more printing apparatuses that execute and print a print job are connected to a network,
A generation procedure for generating a public key / private key for encrypting / decrypting user authentication information,
A receiving step of receiving user identification information and user authentication information encrypted by the public key from the printing apparatus;
A decryption procedure for decrypting the user authentication information encrypted by the public key by the secret key,
An authentication procedure for authenticating the user identification information and the decrypted user authentication information using a user authentication file describing the correspondence thereof,
A method for deleting the generated public key and secret key. A computer program for causing a computer used in a printing system connected to a network to execute at least one or more printing apparatuses that execute and print a print job, comprising:
A generation process of generating a public key / private key for encrypting / decrypting user authentication information,
A receiving process of receiving user identification information and user authentication information encrypted by the public key from the printing apparatus;
A decryption process of decrypting the user authentication information encrypted by the public key by the secret key,
An authentication process of performing authentication using the user authentication file describing the correspondence between the user identification information and the decrypted user authentication information,
And a deletion process for deleting the generated public key / private key. A computer-readable storage medium storing the computer program according to claim 19.

Images