JP2005117321A - Apparatus and method for processing data and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an apparatus for processing data which can perform a cipher communication by transmitting printing data to a destination by a user by informing information being the destination to the user when job data are transmitted by utilizing the cipher communication in response to a request of performing the cipher communication from the user. <P>SOLUTION: The apparatus for processing the data determines whether an encryption communication is required or not in the print request transmitted from a host computer, and transmits a destination identifier showing the destination used for the encryption communication when the encryption communication is requested. If the printing data are transmitted in which the designation identifier of the encryption communication is designated, the encrypted printing data are decoded. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a data processing device, a data processing method, and a program in consideration of prevention of wiretapping, falsification, and impersonation of job data sent via a network.

  When printing data is printed from a device on another network to a conventional network-connected printing apparatus, the data is transmitted to a known specific print port. For example, the port number 515 for LPD is generally used, and similarly, port number 80 is generally used for HTTP. Similarly, when the user wants to transmit the print data encrypted for security reasons, the data is similarly transmitted to a known dedicated print port using a predetermined encryption method. Generally, SSL / TLS is used as an encryption method.

  In addition, there is a technique using a method in which a printer on a network uses a plurality of printing ports and a printing port is assigned to each computer. FIG. 12 shows the exchange of data between the host computer and the printer in this technique. Hereinafter, FIG. 12 will be described.

  First, in step S1201, the printer receives a print request (create job) sent from any computer on the network (hereinafter referred to as host computer A). The process advances to step S1202, and if there is no defect in the print job processing instruction described in the create job received from the host computer A, the printer can use the print port for receiving print data (OPEN). ), And the host computer A transmits a URI (hereinafter referred to as URI1), which is a destination when sending print data, to the host computer A. In this way, the port is designated by the URI. In step S1203, when a create job is received from another computer on the network (hereinafter referred to as host computer B), the URI is similarly transmitted to the host computer B. The URI transmitted at this time is the host computer A. Is a URI 2 that is different from the URI 1 transmitted to (S1204).

  In this way, the URI of the print data transmission destination is changed for each host computer, and the port used correspondingly varies depending on the host computer.

  In step S1205, the host computer A establishes a connection with the port indicated by the URI 1 given in step S1202 in order to transmit print data. The process advances to step S1206 to transmit the print data to the printer and execute printing.

  By using this technology, the user does not need to know the IP address of the printing apparatus and the port number for printing in advance.

Further, there is a technique in which a printing apparatus notifies a computer that has transmitted data of a port number to be used according to the type of data received from the computer, and receives data at the port to perform processing. (For example, see Patent Document 1)
JP 2002-333958 A

  If the user wants to send encrypted print data for security reasons, with a conventional printing device, the user knows in advance what communication method the printing device has and what communication port is used. In many cases, it was necessary to keep in mind, and it was not easy to use.

  Further, in the technique of notifying the computer of the port number to be used according to the type of data received from the computer as in the conventional example, it is not necessary for the user to know the used port in advance. A method for instructing the printing apparatus to perform encrypted communication is not defined. Therefore, it was not possible to perform secure printing by encryption communication considering security.

  The present invention has been made in view of such a problem, and in response to a request from a user to perform encrypted communication, information serving as a destination when transmitting job data using encrypted communication is determined by the user. It is an object of the present invention to provide a data processing apparatus capable of performing encrypted communication by transmitting job data to the destination.

  Furthermore, when job data is sent to a destination for encrypted communication, it is possible to reliably perform encrypted communication, and to provide a data processing device capable of processing a safe job with higher security effect. Objective.

  In order to solve the above problems, a data processing apparatus according to the present invention includes a determination unit that determines whether a communication method for encrypting data is requested in a job processing request transmitted from an information processing apparatus, and an information processing apparatus. In response to the job processing request, a transmission unit that transmits an identifier for identifying the destination of the job data to the information processing apparatus, and when the determination unit determines that encrypted communication is requested, the transmission unit transmits the identifier. The data addressed to the identifier is encrypted when the storage means for storing that encrypted communication is performed and the job data is sent by specifying the identifier stored in the storage means when used for encrypted communication. And decrypting means for decrypting the processed job data.

  In order to solve the above problems, a data processing apparatus according to the present invention includes a determination unit that determines whether a communication method for encrypting data is requested in a job processing request transmitted from an information processing apparatus; In response to the job processing request from the transmission means for transmitting the identifier for identifying the destination of the job data to the information processing apparatus, and when the determination means determines that the encrypted communication is requested, the transmission means transmits the identifier. The data addressed to the identifier is stored in the storage means for storing that encrypted communication is performed, and the identifier stored in the storage means when used for encrypted communication is designated and the job data is sent And decryption means for decrypting the converted job data.

  As described above, according to the present invention, when a user wants to prevent eavesdropping or falsification of data or to prevent impersonation of a communication partner, the client side that transmits data can instruct the printing apparatus to that effect. Accordingly, since the port for encrypted communication in consideration of security is assigned according to the above, it is not necessary to know the communication port used at that time in advance, and the convenience of the user is improved. In addition, by determining whether the encrypted communication is normally performed on the encrypted communication port, the encrypted communication is surely performed on the job data sent to the encrypted communication port, thereby further improving the security effect. This makes it possible to perform safe job processing with improved performance. At the same time, the job data sent to the encrypted communication port by the normal communication method is not processed, so that unnecessary processing is reduced. Further, by not receiving such job data, the load on the network can be reduced.

  Furthermore, since the port number for encrypted communication changes each time by registering the port assigned when encrypted communication is requested by the user as the port for encrypted communication, the port for encrypted communication is given to the user. The number is not known in advance, and the security effect is improved.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In this embodiment, a printing apparatus will be described as an example of a data processing apparatus, but the present invention is not limited to this. The present invention can also be applied to a data processing apparatus such as a copying machine, a FAX, a scanner, a multifunction machine, or a network board. Also, according to the type of the data processing apparatus, the type of job data exchanged may be data other than a print job such as a copy job, a FAX job, a scan job, and the like.

  FIG. 1 is a block diagram illustrating a hardware configuration of a printing apparatus according to an embodiment of the present invention. The CPU 101 executes a software program for the printing apparatus and controls the entire apparatus. A ROM 102 is a read-only memory, and stores a boot program of the apparatus, fixed parameters, and the like. A RAM 103 is a random access memory, and is used for temporary data storage when the CPU 101 controls the apparatus. The HDD 108 is a hard disk drive and is used for storing various data such as print data. The printer I / F control unit 104 is a device that controls the printer 110. The NVRAM 105 is a non-volatile memory for storing various setting values of the printing apparatus. The panel control unit 106 controls the operation panel 109 to display various information and input instructions from the user. The network I / F control unit 107 controls data transmission / reception with the LAN 111. The bus 108 is connected to the CPU 101, the ROM 102, the RAM 103, the HDD 108, the printer I / F control unit 104, the NVRAM 105, the panel control unit 106, and the network I / F control unit 107, and controls signals from the CPU 101 and data signals between the devices. Is a system bus to be transmitted and received.

  FIG. 2 is a block diagram illustrating a software configuration of the printing apparatus 100 according to the embodiment of the present invention. The printer control unit 201 is a module that controls the printer I / F control unit 104 and performs operations such as transmission of image data to the printer 110 and control of a paper discharge position. The image print control unit 202 converts the received print data into data that can be printed by the printer 110, and performs various controls related to printing such as the number of copies and double-sided printing control. The network driver 207 controls the network I / F control unit 107 to control data transmission / reception with the network. The TCP / IP protocol control unit 206 includes a module for controlling the TCP / IP protocol, and performs data transmission / reception control in accordance with the TCP / IP protocol using the network driver 207. The HTTP server control unit is a module that controls the entire protocol called HTTP (HyperText Transfer Protocol), analyzes the HTTP request packet received from the client, performs appropriate processing, and transmits the data to the SOAP control unit 204 or the image In addition to passing to the higher-level application such as the print control unit 202, control is performed to return an HTTP response packet to the client according to an instruction from the higher-level application. The SOAP control unit 204 is a module that controls a protocol called SOAP (Simple Object Access Protocol). The SOAP control unit 204 analyzes data in an XML (extensible Markup Language) format received from the client by using the XML parser 203, and the image print control unit. An appropriate module 204 is called, or data to be returned to the client is converted into XML data and returned to the client via the HTTP server control unit 205. The XML parser 203 is a module that inputs XML format data and outputs an analysis result.

  FIG. 3 is an example of packet data called “CreateJob” transmitted from the client to the printing apparatus using SOAP on HTTP in the present embodiment. This data is described in the XML format. The CreateJob packet is a command for instructing the printing apparatus to start a job (print), and includes information such as a request source user name (requesting-user-name tag) and an instruction related to job processing (job-instruction tag). Is described. The secure-port tag shown in A in FIG. 3 is a tag that indicates how the print data is communicated. In the example of FIG. 3, SSL (Secure Socket Layer) is used for the printing apparatus. It means to direct the communication that was. By reading this tag, the printing apparatus generates a printing port according to the communication method.

  FIG. 4 is another example of the portion A in FIG. The example of FIG. 4 instructs that the print data is transferred by a normal communication method without any processing.

  FIG. 5 is an example of response packet data for the CreateJob packet of FIG. This data is also described in the XML format as in FIG. 3, and is transmitted / received using SOAP on HTTP in this embodiment. The CreateJob response packet includes a result code (result-code tag) for the CreateJob command, an identifier of the generated job (job-id tag), and a URI (data-) of the print port serving as a destination identifier for identifying the destination of the print data. information such as a “sink-uri tag”. The portion indicated by B in FIG. 5 is a portion indicating the URI of the print port. In the example of FIG. 5, the URI “https://123.456.7.8:18000/job001” is shown. This is because “Secure” is indicated in the secure-port tag of the CreateJob command in FIG. 3, so the printing apparatus generates an SSL printing port and stores the URI in the data-sink-uri. Is shown. In this case, since the URI schema part is “https”, the port number 18000 for HTTP SSL / TLS is used. Therefore, the client transmits print data to the TCP port 18000 of the printing apparatus.

  FIG. 6 is a flowchart showing an operation (print request receiving operation) when the printing apparatus according to the present embodiment receives createjob.

  Hereinafter, the print start request operation of the printing apparatus according to the present embodiment will be described with reference to FIG.

  First, when the printing apparatus receives createjob in step S601, the process advances to step S602 to analyze a secureport tag included in the received createjob. If a tag designating SSL encrypted communication is found as a result of the analysis in S603, the process proceeds to S604, and one of the SSL encrypted communication ports is assigned to be open (available state). If no tag designating encrypted communication is found, the process proceeds to S605, and any normal data communication port is assigned to be open (available state). In the printing apparatus according to the present embodiment, each port in the RAM 103 is currently in use (whether assigned to any host computer), and whether each port is a port for SSL encrypted communication. Whether or not is managed in the form of a list shown in FIG. In S604 or S605, a port that is not currently in use is newly assigned by referring to the list. In S606, the port information assigned in S604 or S605 is managed by updating the list of FIG. In step S607, a URI indicating a print port assigned in step S604 or S605 and in an open state is generated as a <data-sink-uri> tag. In step S608, the <data-sink-uri> tag is generated. Is sent to the host computer as a response to createjob.

  FIG. 7A shows an example of a list arranged in the RAM 103 and managing the state of each port in the printing apparatus of this embodiment.

  Managing the status of each port here means whether the port is a port used for SSL communication or a port used for normal communication, and the port is currently in use (any Is assigned to the host computer).

  In FIG. 7A 701, the number of each port is managed. 1000 shown in this column represents TCP port number 1000.

  Reference numeral 702 indicates whether each port is a port for SSL communication or a port for normal communication. In the example of the list of FIG. 7A, it is determined in advance whether each port is a port for SSL communication or a port for normal communication (numbers 1000 to 1002 are ports for normal communication, 1003 to 1005 are determined to be SSL communication ports). A port with “normal” in this column indicates a port for normal communication, and a port with “SSL” indicates a port for SSL communication.

  Reference numeral 703 denotes whether each port is currently in use. A port whose column is “in use” indicates that it is currently in use and is assigned to any host computer. In addition, a port with nothing in this column indicates that it is not currently in use.

  That is, in the case of FIG. 7A, it can be seen that “port 1000 is a port for normal communication and is currently in use”.

  The printing apparatus refers to this list and assigns a normal communication free port to the host computer that has requested normal communication, and assigns an SSL communication free port to the host computer that has requested SSL communication.

  This list also shows whether each port is a port used for SSL communication or a port used for normal communication, and that port is currently in use (assigned to any host computer). Any format can be used, for example, only the ports currently in use are managed in the list, and not when the printer assigns a new port. A port can be arbitrarily assigned from a port.

  Further, FIG. 7A shows a case where each port is a port for normal communication or a port for SSL communication, but it is a port for normal communication or for SSL communication. If the host computer requests SSL communication, it is used for SSL communication when assigning any port that is not currently in use and managing the list. You can also remember that. An example of the list used in this case is shown in FIG.

  In 704, the port number is managed as in 701. 1000 shown in this column represents TCP port number 1000.

  A column 705 indicates whether each port is currently in use. A port whose column is “in use” indicates that it is currently in use and is assigned to any host computer. In addition, a port with nothing in this column indicates that it is not currently in use.

  Reference numeral 706 denotes whether each port is a port for SSL communication or a port for normal communication. A port with “normal” in this column indicates a port for normal communication, and a port with “SSL” indicates a port for SSL communication. In the example of the list shown in FIG. 7B, whether each port is a port for SSL communication or a port for normal communication is not determined in advance. After assigning any port that is not currently in use to the host computer, “SSL” is written in the field 706 to manage that the port is used for SSL communication. Similarly, when there is a request for normal communication from the host computer, “normal” is written in the field 706 to manage that the port is a port used for normal communication.

  A processing flow of the print request receiving operation in the embodiment in which the list shown in FIG. 7B is created will be described with reference to FIG.

  If there is a request to perform SSL communication from the host computer in S603, the process proceeds to S604, and as a process performed here, the list in FIG. 8B is first referred to, and the column 705 is currently “in use”. Look for a missing port and write “in use”. At the same time, “SSL” is written in the field 706. When normal communication is requested in S603, the process proceeds to S605, where “used” is written in a port that is not currently used, and “normal” is written in the field 706. When the list is updated in S606 according to the processes in S604 and S605, the subsequent processes are the same as those described above (when the list in FIG. 7A is used).

  By managing the ports as described above, the present invention can be implemented even when each port is not previously determined for SSL communication or normal communication.

  FIG. 8 is a flowchart showing an operation (data reception operation) when the printing apparatus of the present embodiment receives print data from the host computer. Further, this print data reception operation is not always performed continuously with the print request reception operation shown in FIG. The print request receiving operation may be performed a plurality of times before the printing apparatus performs the print data receiving operation.

  Hereinafter, the print data reception operation will be described with reference to FIG.

  First, in step S801, the host computer waits for TCP connection with the printing apparatus to transmit print data. The host computer that has received a response to the Create job from the printing apparatus analyzes the data sink URI included in the response, and sends the print data to the IP address of the printing apparatus for establishing a connection with the printing apparatus. Get the port number. For example, the host computer that received the response of FIG. 5 from the printing apparatus analyzes the data sink URI “https://123.456.7.8:18000/job001” and the IP address “123.456.7.8”. "18000" port of the printing apparatus of "", and knows that the print data identified by the job ID of job001 should be transmitted to the URI. If there is a TCP connection for transmitting print data from the host computer in S802, the process proceeds to S804. If there is no connection, it is determined in S803 whether or not a timeout has occurred (in this embodiment, after the printing apparatus receives create job, whether or not a predetermined time has elapsed since the URI was returned to the host computer as a response) In the case of timeout, the port is set to an unusable state (close), and the list shown in FIG. 7 is updated accordingly. If it is not a timeout, the host computer waits for a connection. If there is a TCP connection for transmitting print data from the host computer in S802, the process proceeds to S804, the port number to which the connection is made is checked, the process proceeds to S805, and the list shown in FIG. It is determined whether it is a port for communication or a port for SSL communication. If it is determined in S806 that the port is for SSL communication, the process proceeds to S807, and negotiation for establishing an SSL encrypted communication path is started. If it is determined that the port is a normal communication port, the process advances to step S812 to start receiving print data using a normal communication method. An HTTP POST method is used to transmit print data from the host computer. FIG. 9 shows an example of packet data of print data transmitted from the host computer using the POST method. The data sink URI is the destination for this data transmission. The printing apparatus that has received the packet data shown in FIG. 9 checks the URI of the HTTP header. In the example of FIG. 9, it is “/ job001”. From this job ID, the printing apparatus can recognize that the print data whose job ID is 001 has been sent to “https://123.456.7.8:18000/job001”.

  The negotiation for establishing the SSL encrypted communication path will be described in detail with reference to FIG. 9. At the time of this negotiation, it is determined whether or not SSL communication is actually performed on the port for SSL communication. As a result, if it is not determined in step S808 that SSL communication has been performed, the process proceeds to step S816 to immediately disconnect the connection so that print data is not received. If it is determined that SSL communication is being performed, the process proceeds to S809, where negotiation is established, and when an SSL encrypted communication path is established, print data is received in S810.

  By determining whether SSL communication is actually performed on the SSL communication port in this way, it is possible to avoid sending data to the SSL communication port by a normal communication method. Can solve these problems. For example, after confirming that a connection is established to a port for SSL communication when a connection is accidentally made to a port for SSL communication when print data is to be transmitted by a normal communication method. If the SSL communication is automatically performed, an extra load is applied to the network against the user's intention. Furthermore, if the printing device automatically decrypts the print data that has not been encrypted by SSL communication sent to the SSL communication port, an error will occur in the printing device or output will not be performed. If this happens, there will be a cost due to useless paper discharge. In order to avoid such an inconvenience, it is determined whether SSL communication is actually performed during negotiation for establishing the SSL encrypted communication path, and processing according to the determination result is performed.

  After the connection is disconnected in S816, the process returns to S801 and waits for a normal connection again. In step S810, print data transmitted from the host computer is received by SSL communication using the above-described POST method. At that time, the print data encrypted using the key information determined at the time of negotiation is decrypted (S811). Thereafter, the process proceeds to S813, and a response indicating that the print data has been normally received is transmitted to the host computer using the HTTP POST method in the same manner as the transmission of the print data from the host computer. The process proceeds to S814, and the port currently used. Is closed (unusable state, that is, not assigned to any host computer), the list of FIG. 7 is updated to that effect in S815, and the print data receiving operation is terminated.

  A process flow when it is determined in S806 that the port is not an SSL communication port will be described.

  If it is determined in S806 that the port is not a port for SSL communication, that is, if a normal communication port is used, the process proceeds to S812 to start receiving print data. In step S813, a response indicating that the print data has been normally received is transmitted to the host computer. The subsequent operation is the same as that during SSL communication, the used port is closed, the list to that effect is updated, and the print data receiving operation is terminated.

  As described above, when the port connected to transmit print data by the host computer is a port for SSL communication, it is determined whether SSL communication is actually performed on the port. SSL encrypted communication is surely performed at the SSL communication port, and the above-described effects can be obtained.

  FIG. 10 shows a negotiation for establishing an SSL encrypted communication path between the host computer and the printing apparatus, which is executed when a connection is made from the host computer to the SSL communication port in the printing apparatus of this embodiment. It is the figure which showed the flow of the process typically.

  Hereinafter, the flow of negotiation processing for establishing an SSL encrypted communication path between the host computer and the printing apparatus will be described with reference to FIG.

  When the host computer is connected to the SSL communication port, first, the printing apparatus transmits a Hello Request to the host computer in order to prompt the start of negotiation for determining the encryption specification (S1001). On the other hand, the host computer transmits a client hello message that notifies the printing apparatus of the start of communication. At this time, the client hello message includes a list of encryption and compression algorithms that can be used by the host computer. Is included (S1002). The printing apparatus that has received the Client Hello message confirms that the host computer intends to perform SSL communication there. In other words, when there is no response from the host computer to the Hello Request from the printing device, or when a normal Client Hello message is not sent, the host computer determines that there is no intention to perform SSL communication. The connection is immediately disconnected without performing subsequent processing, that is, receiving print data. In this manner, when the printing apparatus is connected to the SSL communication port, the printing apparatus determines whether or not the host computer intends to perform SSL communication by determining a response to Hello Request (S1003). The subsequent processing is determined. The process of S1003 corresponds to the process of S808 of FIG.

  The printing apparatus that has received the Client Hello message from the host computer determines the encryption and compression algorithm to be used from the list transmitted from the host computer, stores it in the Server Hello message, and transmits it to the host computer (S1004). Further, the certificate is stored in a Server Certificate message and transmitted in order to securely send a premaster secret (a parameter that is a source of a common key shared by the printing apparatus and the host computer) (S1005). At this time, when there is no certificate, a temporary RSA key or a DH key may be transmitted using a Server Key Exchange message.

  The Server Hello Done message notifies that a series of messages starting from Server Hello has been completed (S1006).

  The host computer verifies the certificate sent from the printing apparatus, generates a premaster secret, encrypts it, and sends it to the printing apparatus. For encryption of the premaster secret, a public key included in the certificate received from the printing apparatus is used (S1007).

  The host computer creates a master secret from the premaster secret, and further generates a session key from the master secret. The printer is notified that the encryption algorithm to be used is ready (S1008).

  Furthermore, the host computer encrypts and transmits information known to both the host computer and the printing apparatus to the Finished message (S1009).

  The printing apparatus decrypts the encrypted premaster secret received from the host computer using its own secret key. Next, a master secret is generated from the decrypted pre-master secret, and a session key (common key) is generated from the master secret. This session key is the same as the session key generated by the host computer. Then, the host computer is notified that the encryption algorithm to be used is ready (S1010).

  Further, the printing apparatus encrypts and transmits information known to both the host computer and the printing apparatus to the Finished message (S1011). When the data sent by the Finished message is decrypted with the session key and it is confirmed that the information can be obtained accurately, the encrypted communication has been operated normally, and the negotiation is terminated.

  The print data sent thereafter is encrypted with the session key generated by this negotiation in the host computer, and is decrypted with the session key generated by this negotiation in the printing apparatus.

  FIG. 11 is a diagram illustrating data exchange between the host computer and the printing apparatus according to the present embodiment.

  Hereinafter, the exchange of data between the host computer and the printing apparatus will be described with reference to FIG.

  In step S <b> 1101, the printing apparatus that has received create job from the host computer A determines whether the host computer A wants to transmit print data by SSL encrypted communication by analyzing the create job. If it is determined that the host computer A is requesting SSL communication, the printing apparatus assigns a port for SSL communication to the host computer A in S1102, and the host computer A uses URI1 as the destination of the print data as a response to the create job. Send to.

  S1103 is a create job from the host computer B, which is a case where the host computer requests a normal communication method without requesting SSL encrypted communication. In this case, in step S1104, the printing apparatus assigns a port for normal communication to the host computer B, and transmits the URI 2 that is the destination of the print data to the host computer B as a response to the create job. Here, the URI 2 transmitted to the host computer B is a different URI from the URI 1 transmitted to the host computer A.

  In step S1105, when a connection for transmitting print data is made from the host computer A, the printing apparatus determines whether the connected port is a port for SSL communication. When connection is made to the SSL communication port, negotiation for performing SSL communication is started in S1106, and an SSL communication path is established. In step S1107, print data transmitted from the host computer A by SSL communication is received, the print data is decrypted using the key determined as a result of the negotiation, and printing is executed.

  S1108 is a connection for print data transmission from the host computer B that does not require SSL communication. The printing apparatus determines whether the connected port is a port for SSL communication. When the connection is made to the port for normal communication, the print transmitted from the host computer B by the normal communication method in S1109. Receives data and executes printing.

  In the above embodiment, HTTP is adopted as a transport protocol for transmitting and receiving CreateJob. However, other transport protocols such as SMTP may be used.

  2 and 3, a tag “secure-port” is used as a means for instructing a transfer method of print data. However, other character strings that change based on an agreement between the client and the printing apparatus are used. May be adopted as a tag.

1 is a block diagram illustrating a hardware configuration of a printing apparatus according to an embodiment of the present invention. FIG. 2 is a block diagram illustrating a software configuration of a printing apparatus according to an embodiment of the present invention. FIG. 3 is a diagram illustrating XML format packet data transmitted from a host computer to a printing apparatus according to an embodiment of the present invention. It is a figure which shows the example of the other description format of the A section of FIG. 3 in embodiment of this invention. FIG. 4 is a diagram illustrating XML format packet data transmitted from the printing apparatus to the host computer according to the embodiment of the present invention. 6 is a flowchart illustrating a print request reception operation of the printing apparatus according to the embodiment of the present invention. FIG. 5 is a list showing a port status managed by the printing apparatus according to the embodiment of the present invention. 6 is a flowchart illustrating print data reception operation of the printing apparatus according to the embodiment of the present invention. It is a figure which shows the print data transmission packet in embodiment of this invention. FIG. 3 is a schematic diagram illustrating negotiation processing for performing SSL communication between a printing apparatus and a host computer according to an embodiment of the present invention. FIG. 3 is a diagram illustrating data exchange between a host computer and a printing apparatus according to an embodiment of the present invention. It is the figure which showed the exchange of the data between a host computer and a printing apparatus in a prior art.

Claims (10)

A determination unit that determines whether a communication method for encrypting data is requested in the job processing request transmitted from the information processing apparatus;
Transmitting means for transmitting an identifier for identifying a destination of job data to the information processing apparatus in response to a job processing request from the information processing apparatus;
Storage means for storing that the data addressed to the identifier transmitted by the transmission means is encrypted when the determination means determines that encrypted communication is requested;
A decryption means for decrypting the encrypted job data when the stored identifier is designated to be used for encrypted communication in the storage means and the job data is sent;
A data processing apparatus comprising: A determination unit that determines whether a communication method for encrypting data is requested in the job processing request transmitted from the information processing apparatus;
A transmission unit that transmits, to the information processing apparatus, an identifier that identifies an encrypted communication destination among job data destinations when the determination unit determines that encrypted communication is requested;
Decryption means for decrypting encrypted job data when an identifier for identifying the destination for encrypted communication is designated and job data is sent;
A data processing apparatus comprising: When a connection from the information processing apparatus is made to an identifier for identifying a destination where encrypted communication is performed, there is further provided processing means for performing processing for determining key information for decrypting the encrypted job data. And
The data processing apparatus according to claim 1 or 2, wherein the encrypted job data is decrypted using the key information determined by the processing means.   The job data is not received when a connection is made from an information processing apparatus to an identifier for identifying a destination in which encrypted communication is performed, if the processing unit does not perform processing. Item 4. A data processing apparatus according to Item 3. A second determination unit configured to determine whether encrypted communication is being performed when job data specifying an identifier for identifying a destination to which encrypted communication is performed is sent;
3. The data processing apparatus according to claim 1, wherein job processing is executed only when it is determined by the second determination means that encrypted communication is being performed.   6. The data processing apparatus according to claim 5, wherein when the second determination unit determines that encrypted communication is not being performed, job processing is not executed. A determination step of determining whether a communication method for encrypting data is requested in the job processing request transmitted from the information processing apparatus;
A transmission step of transmitting an identifier for identifying a destination of print data to the information processing apparatus in response to a job processing request from the information processing apparatus;
When it is determined that encrypted communication is requested in the determination step, the storage step for storing that the data addressed to the identifier transmitted in the transmission step is encrypted communication;
A decrypting step for decrypting the encrypted job data when the stored data is designated and used to be used for encrypted communication in the storing step and the job data is sent;
A data processing method characterized by comprising: A determination step of determining whether a communication method for encrypting data is requested in the job processing request transmitted from the information processing apparatus;
A transmission step of transmitting, to the information processing apparatus, an identifier for identifying a destination for encrypted communication among destinations of job data when it is determined in the determination step that encrypted communication is requested;
A decrypting step for decrypting the encrypted job data when an identifier for identifying the destination for encrypted communication is specified and the job data is sent;
A data processing method characterized by comprising: A determination function for determining whether a communication method for encrypting data is requested in the job processing request transmitted from the information processing apparatus;
A transmission function for transmitting an identifier for identifying a destination of print data to the information processing apparatus in response to a job processing request from the information processing apparatus;
When it is determined that encrypted communication is requested in the determination function, a storage function for storing that the data addressed to the identifier transmitted by the transmission function is encrypted communication;
A decryption function for decrypting the encrypted job data when the stored data is specified and an identifier stored when used for encrypted communication is sent in the storage function;
A program for realizing a computer. A determination function for determining whether a communication method for encrypting data is requested in the job processing request transmitted from the information processing apparatus;
A transmission function for transmitting, to the information processing apparatus, an identifier for identifying a destination for encrypted communication among destinations of job data when it is determined that encrypted communication is requested in the determination function;
A decryption function for decrypting encrypted print data when job data is sent with an identifier for identifying the destination for encrypted communication;
A program for realizing a computer.

Images