JP2006048651A - Network print system and facsimile communication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To secure high safety by dissolving a problem of a stealthy glance of document data, etc. <P>SOLUTION: In a network print system in which a printer 2 receives print data from a PC 1 via a network and performs print, the PC has an encryption processing part 12 which encrypts the print data using predetermined encryption information, the encrypted print data generated by the encryption processing part is transmitted to the printer, on the other hand, the printer has a user authentication part 4 which identifies and verifies that a person who performs an output operation is the said user of a print request origin and a decoding processing part 22 which decodes the encrypted print data received from the PC using required decoding information and when authentication in the user authentication part is successful, the decoding processing part is made to execute decoding. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a network printing system in which print data is received from a user apparatus via a network and printed by a printing apparatus, and facsimile data from a transmission apparatus is received by a receiving apparatus via a communication network and output. The present invention relates to a facsimile communication system.

  In recent years, network printing systems in which printers receive print data from a PC via a network and perform printing have become widespread. However, in such a network printing system, the printer is located away from the PC. When a person who makes a print request for a document has a risk of others seeing it before receiving the printed document, when handling a document that requires high confidentiality, it is desirable to ensure the security against seeing the printed document. It is.

With regard to ensuring the security of such a printed document, a network management system conventionally provided with a fingerprint authentication device in a printer and configured to receive a printed document only when the fingerprint authentication is successful here. Is known (see Patent Document 1).
JP 2001-265739 A

  However, the conventional technology is configured to ensure the safety against the snooping of the printed document by restricting the retrieval of the printed document to the user who requested the printing by the opening / closing mechanism of the ejection port of the paper discharge device. Therefore, the mechanical structure of the apparatus is inevitably complicated, and there is a problem that costs increase. In addition, although it is possible to ensure the safety of the output printed document itself, there is no consideration for the security against the snooping of the document data held in the device, and the document data by taking out the data storage device in the printer etc. Can not be prevented from leaking.

  For this reason, it is necessary to consider a system configuration from the viewpoint of ensuring the safety of the document data itself. As a technique for ensuring the security of such print data, for example, SSL widely used in the field of data communication via a network. It is conceivable to adopt the encryption communication technology based on the above. However, in a general LAN as a network system to which a printer is connected, network management is not so rigorously operated, so it can be said that it is perfect for snooping print data such as man-in-the-middle attacks. However, there are a number of problems in terms of ensuring safety in the network printing system.

  In addition, the facsimile communication system that is frequently used to send documents to remote locations has the same problems as the network printing system described above, and it is necessary to ensure the security against snooping at the document destination. Is desired. In addition, there is a problem of falsification of facsimile data and spoofing of the sender, and it is desired to secure safety against such facsimile communication.

  The present invention has been devised to solve such problems of the prior art, and its main purpose is to solve problems such as document data sneaking, document data tampering and sender spoofing. Another object of the present invention is to provide a network printing system and a facsimile communication system configured to ensure high security.

  In order to solve such a problem, according to the present invention, a predetermined encryption is performed in a network printing system in which a printing apparatus receives printing data from a user apparatus via a network and performs printing. The encryption means for encrypting the print data using the information, the user authentication means for identifying and verifying that the person who performs the output operation is the user of the print request source, and the encrypted print data received from the user device are required. When the user authentication unit and the decryption unit are provided on the printing apparatus side and the authentication by the user authentication unit is successful. It is assumed that printing is performed by causing the decoding means to execute decoding.

  According to this, only the user himself / herself who requested the printing can decrypt the encrypted print data by the user authentication, so that it is possible to ensure high security against the snooping of the print document and the preceding data.

  In this case, the encryption unit may be on either the user device side or the printing device side. The encryption unit is provided on the user device side, and the print data is encrypted and sent to the printing device. By doing so, it is possible to ensure security against snooping on the route, and further store the encrypted print data received from the user device side as it is in the printing device, or provide an encryption means on the printing device side. Thus, if the print data received from the user device side is encrypted and stored, it is possible to ensure high security against snooping of the print data stored on the user device side.

  In the network printing system, as shown in claim 2, the user authentication unit can identify and verify the user by biometrics. According to this, since high authentication accuracy is obtained by biometrics (biometric authentication), high safety can be ensured.

  In this case, biometrics user authentication means include fingerprints, faces, irises, palm prints, etc., but fingerprints are preferred from the viewpoint of manufacturing cost and convenience. In addition, the user authentication means may be configured to authenticate the user with a portable object possessed by the user himself and holding the identification information of the individual user.

  Further, the encryption means performs encryption using the encryption information of the individual user of the print request source, and the decryption means uses decryption information corresponding to the user authenticated by the user authentication means. It is preferable that the decryption is performed. According to this configuration, it is possible that another person cannot easily obtain the encrypted information and the decrypted information, and thus it is possible to secure a higher level of safety.

  In this case, the printing apparatus includes a storage unit that stores the decryption information for each user and a decryption information acquisition unit that extracts the decryption information corresponding to the user authenticated by the user authentication unit from the storage unit. It is possible to quickly process by registering the decryption information for each user in the printing apparatus in advance.

  According to the present invention, as described in claim 3, in a network printing system in which the printing apparatus receives printing data from the user apparatus via the network and performs printing, the printing data is stored using the encryption information of the individual user. Encrypting means for generating encrypted print data by encrypting, a portable object possessed by the user himself / herself and retaining the decryption information of the user corresponding to the encrypted information, and decryption information retained by the portable object Using the decrypting means for decrypting the encrypted print data, and the printing apparatus is provided with an interface means for delivering required information to and from the portable object. At least one of the decoding means is provided.

  According to this, only the user of the print request source who owns the portable object can decrypt the encrypted print data, and the decryption information held by the portable object is managed only by the user himself. A high level of security against document snooping can be ensured.

  In this case, the encryption unit may be on either the user device side or the printing device side. The encryption unit is provided on the user device side, and the print data is encrypted and sent to the printing device. By doing so, it is possible to ensure security against snooping on the route, and further store the encrypted print data received from the user device side as it is in the printing device, or provide an encryption means on the printing device side. Thus, if the print data received from the user device side is encrypted and stored, it is possible to ensure high security against snooping of the print data stored on the user device side.

  In addition to the encryption key and the decryption key that actually encrypt and decrypt the target data, the encryption information and the decryption information include information necessary for generating or acquiring the encryption key and the decryption key, respectively. It may be. In the case of the common key encryption method, the encryption information and the decryption information are the same.

  In addition, the above-mentioned encryption information and decryption information are given for each user, and in principle, differ from other users. However, depending on how these information are generated, the same information is accidentally used by multiple users. It can be. In such a case, if the user is identified in the printing apparatus and only the encrypted print data corresponding to the user is permitted to be decrypted and printed out, the safety can be further improved.

  In the network printing system, as described in claim 4, the printing apparatus includes the decryption unit, and obtains decryption information of the individual user from the portable object via the interface unit, and performs encrypted printing. The data can be decrypted. According to this, since the portable object only has a function of holding information like a memory card, the cost can be reduced.

  In the network printing system, as described in claim 5, the portable object includes the decryption unit, acquires encrypted print data from the printing apparatus via the interface unit, and After decryption using the decryption information, the decrypted print data can be transferred to the printing apparatus via the interface means. According to this, since the decryption information is not output outside the portable object, safety can be improved. In this case, the portable item may be a CPU-mounted IC card or the like. Furthermore, if the structure has a tamper resistant function, the safety can be remarkably enhanced.

  The portable object may be configured to hold both user identification information for user authentication and individual user decryption information.

  In the network printing system, as described in claim 6, the portable object holds the encrypted information together with the decryption information, and the user device delivers required information to and from the portable object. It is possible to provide an interface means for performing, and at least one of the user device and the portable object includes an encryption means for encrypting print data using encryption information held by the portable object. According to this, since the portable object holds the encryption information required for encrypting the print data, it becomes possible to encrypt the print data safely. This configuration is effective, for example, when printing data stored in a personal storage medium using another person's computer.

  In the network printing system, as described in claim 7, the user device includes the encryption unit, acquires the user's personal encryption information from the portable object via the interface unit, and print data It can be set as the structure which encrypts. According to this, since the portable object only has a function of holding information like a memory card, the cost can be reduced.

  In this case, by providing the encryption information from the portable object to the user device, the print data is encrypted by the user device. The provision of the encryption information to the user device is performed by the user device. In addition to performing the instruction, it may be performed in advance prior to the printing instruction. In particular, when a user device is dedicated to a specific user and has high security secured by a function that restricts login by a password or the like, or security is secured by a public key encryption method. In this case, it is possible to hold the encryption information in the user device, thereby eliminating the trouble of connecting the portable object to the user device each time a print instruction is issued.

  In the network printing system, as described in claim 8, the portable object includes the encryption unit, acquires print data from the user device via the interface unit, and encrypts the device in its own device. After encrypting using the encryption information, the encrypted print data can be transferred to the user device via the interface means. According to this, since the encrypted information is not output outside the portable object, safety can be improved. In this case, the portable item may be a CPU-mounted IC card or the like. Furthermore, if the structure has a tamper resistant function, the safety can be remarkably enhanced.

  In the network printing system, as shown in claim 9, the user device delivers information required between the information acquisition means for acquiring the encrypted information and the decrypted information and the portable object. And the decryption information acquired by the information acquisition means is provided to the portable object via the interface means. According to this, since the decryption information held in the portable object can be appropriately changed, safety can be improved and the portable object has a function of simply holding information like a memory card. Therefore, the cost can be reduced.

  In addition, the said information acquisition means can acquire the user's personal encryption information and decryption information from the outside, and the structure which self-generates and acquires is also possible. This also applies to the configuration shown below.

  In addition, in the above-described portable object, when old information acquired before receiving provision of required information such as decryption information is retained, this old information is automatically updated as new information is acquired. It may be processed by an appropriate method such as erasing or erasing in response to a user instruction, but it corresponds to the decryption information from the viewpoint of surely executing the print output of the encrypted print data in the printing apparatus. It is desirable to hold the decryption information until the encrypted print data is output and the encrypted print data is erased from the printing apparatus. This is the same when a device such as a portable object, a user device, and a printing device receives the provision of required information such as encryption information and decryption information with the following configuration.

  In the network printing system, as described in claim 10, an interface for the printing apparatus to transfer required information between the information acquisition unit that acquires the encrypted information and the decryption information and the portable object. And encryption information and decryption information acquired by the information acquisition unit are provided to the portable object via the interface unit in advance of a print request. According to this, since the encryption information and the decryption information held in the portable object can be changed as appropriate, the safety can be improved and the portable object can simply hold information like a memory card. Therefore, the cost can be reduced.

  In the network printing system, as described in claim 11, the printing device decrypts the encrypted print data received from the user device using the decryption information acquired by the information acquisition device. And processing means for performing required processing on the print data obtained thereby, and encrypted information obtained by the information obtaining means for the processed print data obtained or processed print data obtained thereby. And an encryption means for re-encryption using the. According to this, since time-consuming processing such as rasterization processing can be started by the user before the portable object is connected to the printing apparatus, the print document is finally printed after the user starts the operation in front of the printing apparatus. It is possible to greatly reduce the waiting time until acquiring.

  In this case, it is only necessary for the printing apparatus to hold the decryption information acquired in the self apparatus for at least a period until the encrypted print data is received from the user apparatus side. In order to prevent eavesdropping of the encrypted information, the encrypted information and the decrypted information provided by the information acquisition means are provided to the portable object, and when the decryption of the encrypted print data received from the user device ends, the decryption information in the printing device When the encrypted data has been re-encrypted by the encrypting means, the encryption information in the printing apparatus is erased. After that, when the portable object is connected to the printing apparatus, the portable object is decrypted. It is preferable to use decryption information to cause decryption means to decrypt the re-encrypted processed data.

  In the network printing system, as described in claim 12, the encryption unit is provided on the user device side, and the encrypted print data generated here is transmitted to the printing device. Holding transmission request information for instructing the user device to transmit encrypted print data and address information of the user device, and the printing device receives the transmission request information and the address from the portable object via the interface means. Information can be acquired, the transmission request information can be transmitted to the corresponding user device based on the address information, and the encrypted print data can be transmitted from the user device. According to this, it becomes possible to perform encrypted printing without means for storing encrypted print data in the printing apparatus (for example, a large-capacity storage device such as a hard disk device), and to perform printing safely even in a low-cost printing apparatus Is possible.

  The transmission request information instructs the user device to transmit encrypted print data, and includes authentication information and information (identification information) for specifying the encrypted print data. The address information is information (for example, IP address) that identifies the user device on the network.

  According to the present invention, as described in claim 13, in the network system in which the printing apparatus receives print data from the user apparatus via the network and performs printing, the print data is encrypted using the encryption information of the individual user. And encrypting means for generating encrypted print data, storing personal user decryption information corresponding to the encrypted information in association with user personal access information, and attaching the access information from an external device In response to a transmission request to be made, a server device that provides corresponding decryption information to the requesting device, a portable item possessed by the user himself / herself and holding user's personal access information, and the acquired from the portable item Request means for acquiring the decryption information by attaching a transmission request to the server device with access information, and the request Decrypting means for decrypting the encrypted print data using the decryption information acquired by the client means, the request means is provided on the printing apparatus side, and the printing apparatus is connected to the portable object. Interface means for delivering required information between them is provided, and the decryption means is provided in at least one of the portable object and the printing apparatus.

  According to this, the encrypted print data can be decrypted only after the access information is provided from the portable object, and the decryption of the encrypted print data is limited only to the user himself / herself who has the portable object, Moreover, since the access information held by the portable object is managed only by the user himself / herself, it is possible to ensure high security against snooping of the printed document. In addition, the portable object holds the access information and provides it to the information acquisition means, and can have a function of simply holding the information like a memory card or RFID, so that the cost can be reduced. .

  In this case, the encryption unit may be on either the user device side or the printing device side. The encryption unit is provided on the user device side, and the print data is encrypted and sent to the printing device. By doing so, it is possible to ensure security against snooping on the route, and further store the encrypted print data received from the user device side as it is in the printing device, or provide an encryption means on the printing device side. Thus, if the print data is stored after being encrypted, it is possible to ensure high security against snooping of the print data stored on the user device side.

  In addition, the printing apparatus may be configured to re-encrypt the print data using the user's personal encryption information. According to this, it is possible to ensure the safety of storing the print data in the printing apparatus. In addition, since time-consuming processing such as rasterization processing can be performed in advance before re-encryption, there is an advantage that printing can be started with a small waiting time.

  Further, the request unit is provided on the printing apparatus side where the decryption process of the encrypted print data is performed, but is not limited to the configuration provided in the printing apparatus itself, for example, between the printing apparatus and a portable object. An interfacing interface device, for example, a reader / writer device that reads a memory card as a portable object may be provided.

  In addition, when the request unit is provided in the printing apparatus or the interface apparatus in this way, if the communication between the apparatus provided with the request unit and the server apparatus is secured, the eavesdropper is not known to the authorized user. Even if access information is obtained by obtaining a portable object, it is not possible to eavesdrop and decrypt the encrypted data on the path or in the storage device of the printing apparatus.

  The access information is not particularly limited as long as it can specify the correspondence with the decryption information in the server device, such as user identification information and a password. For example, it is possible to configure the server device as a simple storage device and notify the request source device of folder information (path information) indicating the storage location of the decryption information in the storage device as access information. This also applies to the configuration shown below.

  In addition, the above-mentioned access information is given for each user and is different from other users in principle. However, depending on the method of generating such information, it may happen to be the same for a plurality of users. obtain. On the other hand, the decryption information corresponding to different access information may happen to be the same. In such a case, if the user is identified in the printing apparatus and only the encrypted print data corresponding to the user is permitted to be decrypted and printed out, the safety can be further improved.

  In the network printing system, as described in claim 14, the server device stores encrypted information together with user personal decryption information in association with user personal access information, and stores the access information from an external device. Interface means for providing the corresponding encrypted information to the requesting device in response to a transmission request attached to the user device, and delivering the required information to the user device with the portable object Is provided, and a request means for acquiring the encrypted information by attaching the access information acquired from the portable object and making a transmission request to the server apparatus is provided on the user apparatus side, and the user The encryption means for encrypting print data using encryption information received from the server device on at least one of the apparatus and the portable object It can be provided configurations.

  According to this, the encryption information required for the encryption of the print data is stored in the server device, and the access information for acquiring the encryption information is held in the portable object managed only by the user himself / herself. Encryption can be performed safely. This configuration is effective, for example, when printing data stored in a personal storage medium using another person's computer. In addition, portable items can store access information and provide it to user devices, printing devices, etc., and can simply hold information like memory cards and RFID tags, reducing costs. can do.

  The server device stores the encrypted information together with the decryption information in association with the user's personal access information. However, the access information corresponding to the encryption information and the decryption information needs to be the same as each other. Absent. Furthermore, it is possible to have a configuration in which there are separate server devices that respectively hold the decryption information and the encryption information, and the decryption information and the encryption information are not related to each other and stored independently from each other in the same server device. It is also possible to have a configuration. In this case, the encryption information and the decryption information held by the portable object are self-explanatory such that they are associated with each other, or there is one access information corresponding to each of the encryption information and the decryption information. There is no particular inconvenience as long as the relationship is correct.

  Further, the request unit is provided on the user device side where the print data encryption processing is performed, but is not limited to the configuration provided in the user device itself, for example, interposed between the user device and a portable object. A configuration provided in the interface device is also possible. This also applies to the configuration shown below.

  In the network printing system, as described in claim 15, the server device receives required access information associated with encryption information and decryption information that are paired with each other in response to an issue request from an external device. Issuing the access information and the encrypted information to the requesting device, the user device being provided with interface means for delivering required information to and from the portable object, and the server Request means for obtaining the access information and encryption information by issuing an issuance request to a device is provided on the user device side, and the access information received from the server device by the request means is stored in the portable object. Using at least one of the user device and the portable object using the encrypted information received from the server device. It can be configured to the encryption means for encrypting the printing data is provided. According to this, since the access information stored in the portable object can be appropriately changed, safety can be improved.

  In the network printing system, as described in claim 16, the server device performs a required access associated with the decryption information in response to a registration request made with the decryption information from the external device. Issuing information, storing the access information and the decryption information, and providing the access information to the requesting device, and encrypting information and decryption that are paired with each other to the user device An information acquisition means for acquiring information and an interface means for transferring required information to and from the portable object are provided, and the decryption information acquired by the information acquisition means is attached to the server device. Request means for obtaining the access information by making a registration request is provided on the user device side, and the request means An encryption unit that holds the received access information in the portable object and encrypts print data using the encrypted information acquired by the information acquisition unit is provided in at least one of the user device and the portable object. It can be set as the structure comprised. According to this, since the access information held in the portable object can be changed as appropriate, safety can be improved.

  In the network printing system, as described in claim 17, the server device responds to the access information and the decryption information in response to a registration request made with access information and decryption information from an external device. Information acquisition means for acquiring encrypted information and decryption information that make a pair with each other, and interface means for transferring required information between the portable objects. Request means for making a registration request to the server device with the decryption information acquired by the information acquisition means and the access information acquired from the portable object is provided on the user device side, Encryption that encrypts print data using the encrypted information acquired by the information acquisition unit on at least one of the user device and the portable object It may be configured to means provided. According to this, since the access information held in the portable object can be changed as appropriate, safety can be improved.

  In the network printing system, as shown in claim 18, the access information may be personal identification information given to each user. According to this, since the portable object only has a function of holding information like an RFID tag, the cost can be reduced.

  In the present invention, as described in claim 19, in the network printing system in which the printing apparatus receives printing data from the user apparatus via the network and performs printing, the first encrypted information of the individual user is used. A first encryption unit configured to encrypt the print data to generate encrypted print data; and a first decryption unit configured to decrypt the encrypted print data using first decryption information corresponding to the first encryption information. Decryption means, processing means for performing required processing on the print data obtained thereby, processed print data obtained thereby or unprocessed print data, second encrypted information Second encryption means for re-encrypting and generating re-encrypted print data, and a portable device possessed by the user himself / herself and holding second decryption information corresponding to the second encryption information And second decryption means for decrypting the re-encrypted print data using the second decryption information held by the portable object, and the user device side includes the first encryption The encrypted print data generated here is sent to the printing apparatus, and the first decryption means, the processing means, and the second encryption means are provided on the printing apparatus side. The printing apparatus is provided with interface means for delivering required information to and from the portable object, and at least one of the portable object and the printing apparatus is provided with the second decryption means. It was supposed to be.

  According to this, when performing necessary processing such as rasterization processing on the print data obtained by decryption, the user takes such a time-consuming process to the printing device with a portable object. Since it can be started before it arrives, the waiting time from when the user starts an operation in front of the printing apparatus to finally obtaining the printed document can be greatly reduced.

  Further, by decrypting the encrypted print data received from the user device and storing it immediately after re-encryption, it is possible to ensure high security against snooping of print data due to theft of the storage device. Since the portable object retains the second decryption information but does not retain the first decryption information for encrypted communication, an eavesdropper steals information from the portable object in advance on the route. Even if the encrypted data is eavesdropped, or conversely, the encrypted data on the route is eavesdropped, and even if the portable object is stolen later, the encrypted data cannot be decrypted, so it is highly safe against the snooping of the print data. Sex can be secured.

  In the network printing system, as described in claim 20, the user device includes an interface unit that delivers required information to and from the portable object, and the printing device includes the first encrypted information. And an information acquisition means for acquiring the first decryption information, wherein the portable object retains the second encrypted information together with the second decryption information, and the second cipher that the portable object retains. Prior to a print request, the information is acquired by the printing device via the interface unit, and is used for encryption by the second encryption unit of the printing device. Prior to a print request, the first encrypted information acquired by the information acquisition unit is acquired by the portable object via the interface unit, and the user device and the small number of the portable object are obtained. And also it can be configured as adapted to use the encryption in the first encryption means provided on one.

  According to this, the second encryption information held by the portable object is directly provided to the printing apparatus, and the first encryption information held by the printing apparatus uses this to encrypt the print data. Since it is provided to the apparatus via a portable object and directly provided to the portable object that encrypts print data using the first encryption information, safety can be improved.

  In the network printing system, as described in claim 21, the user device transmits required information to the printing device via an interface unit that delivers required information to and from the portable object. Information transmitting means, and the printing apparatus receives the first encrypted information and the first decryption information, and information for receiving necessary information from the user apparatus via the network Receiving means, wherein the portable object holds the second encrypted information together with the second decryption information, and the first encrypted information obtained by the information obtaining means of the printing apparatus, Prior to the print request, the first cipher provided in at least one of the user device and the portable object is acquired by the portable object via the interface unit in advance. And the second encrypted information held by the portable object is acquired by the user device via the interface unit, and further the information transmitting unit and the print of the user device The printing apparatus can be obtained via the information receiving unit of the apparatus and used for encryption by the second encryption unit of the printing apparatus.

  According to this, it is not necessary for the printing apparatus to store the second encryption information for re-encryption in advance, and the mounting becomes simple. In addition, the first encryption information held by the printing apparatus is provided to the user apparatus that encrypts the print data using the first encryption information via a portable object, and the first encryption information is used to print the print data. Since it is directly provided to a portable object that performs encryption, it is possible to increase security. In particular, when the first encryption information is equivalent to the first decryption information by the common key encryption method, As in the case where the encryption information of 1 is access information for acquiring the encryption key and the decryption key from the server device, the encrypted data and the re-encrypted data are easily decrypted by stealing the information. It is effective in ensuring safety when it is obtained.

  When transmitting the second encryption information from the user device to the printing device, if the second encryption information can be secured by the public key encryption method, the second encryption information is transmitted as it is. However, if sufficient safety cannot be ensured, the second encryption is performed using the third encryption information paired with the third decryption information held by the printing apparatus. The information may be encrypted and transmitted. In this case, for example, the printing apparatus can be configured as an SSL server having third encryption information and decryption information. In addition, when the first encryption information can be secured by the public key encryption method, the second encryption information is encrypted using the first encryption information and transmitted. Is also possible.

  In the network printing system, as described in claim 22, the user apparatus has a required interface between the interface device for delivering required information to and from the portable object and the printing apparatus via the network. An information transmitting unit that transmits and receives information; and an information receiving unit, wherein the printing apparatus obtains information between the information acquiring unit that acquires the first encrypted information and the decrypted information, and the user apparatus via a network. An information transmitting means and an information receiving means for transmitting and receiving required information, wherein the portable object holds the second encrypted information together with the second decryption information, and the portable object holds the second encrypted information. Encrypted information is acquired by the user device via the interface means, and further transmitted via the information transmitting means of the user device and the information receiving means of the printing device. The first encryption information acquired by the information acquisition unit of the printing apparatus is acquired by the printing apparatus and used for encryption by the second encryption unit of the printing apparatus. Encryption by the first encryption means provided in at least one of the user device and the portable object, acquired by the user device via the information transmission unit and the information reception unit of the user device It can be set as the structure used for.

  According to this, since it is not necessary to store the second encryption information for re-encryption in advance in the printing apparatus, the implementation is simplified. In addition, since the user device acquires the first encrypted information for encrypted communication from the printing device via the network, it is not necessary for the user to carry the portable object to the printing device in advance.

  When transmitting the first encrypted information from the printing apparatus to the user apparatus, if the first encrypted information can be secured by the public key encryption method, the first encrypted information is transmitted as it is. However, if sufficient safety cannot be ensured, the first encryption is performed using the third encryption information paired with the third decryption information held by the user apparatus. In this case, for example, the user apparatus can be configured as an SSL server having third encryption information and decryption information. If the second encryption information can be secured by the public key encryption method, the first encryption information can be encrypted and transmitted using the second encryption information. It is.

  Similarly, when transmitting the second encrypted information from the user device to the printing device, if the second encrypted information can be secured by the public key encryption method, the second encrypted information Can be transmitted as it is, but if sufficient safety cannot be ensured, the second encryption information paired with the fourth decryption information held by the printing apparatus is used. In this case, for example, the printing apparatus can be configured as an SSL server having fourth encryption information and decryption information. In addition, when the first encryption information can be secured by the public key encryption method, the second encryption information is encrypted using the first encryption information and transmitted. Is also possible.

  In the network printing system, as described in claim 23, the user device includes information receiving means for receiving necessary information from the printing device via a network, and the printing device includes the first encryption. An information acquisition means for acquiring information and decryption information; and an information transmission means for transmitting information required by the user apparatus via a network, wherein the portable object includes a second cipher together with the second decryption information. The second encryption information held by the portable object is acquired by the printing apparatus via the interface unit in advance of a print request, and the second encryption information held by the portable object is acquired. The first encryption information acquired by the information acquisition unit of the printing apparatus is used for encryption in an encryption unit, and the information transmission unit of the printing apparatus and A configuration in which the user device acquires the information via the information receiving means of the user device and is used for encryption by the first encryption means provided in at least one of the user device and the portable object. It can be.

  According to this, since the second encrypted information held by the portable object is directly provided to the printing apparatus, it is possible to improve safety. In particular, the second encrypted information is converted into the second key by the common key encryption method. If the information is stolen as in the case where it is equivalent to the decryption information or the second encryption information is access information for acquiring the encryption key from the server device, the encrypted data or the re-encryption This is effective in ensuring safety when data can be easily decrypted.

  When transmitting the first encrypted information from the printing apparatus to the user apparatus, if the first encrypted information can be secured by the public key encryption method, the first encrypted information is transmitted as it is. However, if sufficient safety cannot be ensured, the first encryption is performed using the third encryption information paired with the third decryption information held by the user apparatus. In this case, for example, the user apparatus can be configured as an SSL server having third encryption information and decryption information.

  In the network printing system, as described in claim 24, the encrypted print data or the re-encrypted print data is another encryption paired with another decryption information different from the decryption information held by the portable object. Print data encrypted using encrypted information and another encrypted information encrypted using encrypted information paired with the decrypted information held by the portable object can be included. . According to this, the first encryption information and the decryption information related to the encryption and decryption of the print data can be encrypted and decrypted at a relatively high speed, and the first If the second encryption information and decryption information related to encryption and decryption of decryption information require time for encryption and decryption processing, but high security can be secured, the processing time is reduced. Safety can be enhanced while shortening.

  According to the present invention, as described in claim 25, in the network printing system in which the printing apparatus receives printing data from the user apparatus via the network and performs printing, the first encrypted information of the user and the second Encrypting means for encrypting the print data using the encrypted information, generating encrypted print data, storage means for storing the first decryption information corresponding to the first encrypted information, and the user himself / herself A portable object possessed and holding the second decryption information corresponding to the second encryption information, and a user authentication means for identifying and verifying that the person who performs the output operation is a valid user of the print request source; Decryption information acquisition means for retrieving first decryption information corresponding to the user authenticated by the user authentication means from the storage means, and first information obtained by the decryption information acquisition means Decryption means for decrypting encrypted print data received from the user device using the decryption information and the second decryption information held by the portable object, and the user device side The encrypted print data generated here is sent to the printing apparatus, and the storage apparatus, the user authentication means, and the decryption information acquisition means are provided on the printing apparatus side, It is assumed that the printing apparatus is provided with interface means for delivering required information to and from the portable object, and the decryption means is provided in at least one of the portable object and the printing apparatus.

  According to this, since two sets of encryption information and decryption information are used, high security can be ensured.

  According to the present invention, as described in claim 26, in the network printing system in which the printing apparatus receives printing data from the user apparatus via the network and performs printing, the first encrypted information of the user and the second And encryption means for encrypting print data using a password input by the user to generate encrypted print data, and first decryption information corresponding to the first encryption information are stored. A storage means, a portable object possessed by the user himself / herself and holding the second decryption information corresponding to the second encryption information, and a person who performs the output operation is a valid user of the print request source User authentication means for identifying and verifying, decryption information acquisition means for retrieving first decryption information corresponding to the user authenticated by the user authentication means from the storage means, and user Using the input means for inputting a password, the first decryption information acquired by the decryption information acquisition means, the second decryption information held by the portable object, and the password input by the input means, Decryption means for decrypting encrypted print data received from the user device, and the encryption device is provided on the user device side, and the generated encrypted print data is sent to the printing device. The printing apparatus is provided with the storage means, the user authentication means, the decryption information acquisition means, and the input means, and transfers necessary information to the portable device with the portable object. It is assumed that an interface means for performing is provided, and at least one of the portable object and the printing apparatus is provided with the decryption means.

  According to this, in addition to the two sets of encryption information and decryption information, a password known only to the user who is the print request source is used, and thus higher security can be ensured.

  In the network printing system, as shown in claim 27, the user device as an information providing destination or the interface unit provided in the printing device displays an image of necessary information held by the portable object. By causing the image reading unit to read the display screen, information held by the portable object can be acquired by the user device or the printing device. According to this, information is transferred from the portable object to the information providing destination device in a non-contact manner, and there is no fear of eavesdropping as in the case of wireless, and safety can be improved.

  The image display means can be configured to be provided in the portable object itself, but is not limited to this, and is configured as an external image display device connected to the portable object via an appropriate interface. It is also possible. Further, the interface unit can be configured to connect a user device or printing device as an information providing destination to an external image reading device, but is not limited to this, and the user device is not limited thereto. In addition, a configuration in which the printing apparatus itself includes an image reading unit is also possible.

  In the network printing system, as described in claim 28, the interface unit provided in the user device or the printing device as an information providing source displays an image of necessary information held by the user device or the printing device. By causing the image reading means to read the display screen of the image display means, the portable device can acquire information held by the user device or the printing device. According to this, information is transferred from the information source device to the portable object in a non-contact manner, and there is no fear of eavesdropping as in the case of wireless, and safety can be improved.

  In this case, the interface means can be configured to connect a user device or printing device as an information providing source to an external image display device, but is not limited to this. A configuration in which the apparatus or the printing apparatus itself includes image display means is also possible. Further, the image display means can be configured to be provided in the portable object itself, but is not limited to this, and is configured as an external image reading apparatus connected to the portable object via an appropriate interface. It is also possible. In particular, the portable object is preferably a mobile phone equipped with a monitor (image display means) and a camera (image reading means).

  Further, it is preferable to use a barcode in order to display required information on the image display means. In addition to a still image, a configuration in which required information is displayed as an image with a moving image (video) is also possible.

  In the network printing system, as described in claim 29, the portable object is an information recording sheet on which an image indicating required information is recorded, and is provided in the user device or the printing device serving as an information providing destination. The interface unit may cause the user apparatus or the printing apparatus to acquire information recorded on the information recording sheet by causing the image reading unit to read the information recording sheet. According to this, since a special portable device such as a USB key, a memory card, an RFID tag, and a smart card is not required, information necessary for the information providing destination device can be provided easily and at low cost.

  The interface unit can be configured to connect a user device or printing device serving as an information providing destination to an external image reading device, but is not limited thereto, and the user device is not limited thereto. In addition, a configuration in which the printing apparatus itself includes an image reading unit is also possible.

  In the network printing system, as described in claim 30, the printing apparatus as an information providing source prints out the information recording sheet on which an image indicating required information held in the storage unit of the own apparatus is recorded. It can be set as the structure to do. According to this, an information recording sheet can be easily obtained and information can be easily updated by recording an image indicating required information on a recording sheet by a printing apparatus.

  In the network printing system, as shown in claim 31, when the encrypted information of the user and the decryption information paired therewith are generated, and when a predetermined update condition is satisfied, the encryption information and It can be set as the structure which has the information generation means which newly produces | generates decoding information. According to this, since the encryption information and the decryption information can be changed frequently, it is possible to ensure high security against snooping of print data.

  In this case, the update condition corresponds to an update instruction from the user, a certain period of time, or the like. It is also possible to update the encryption information and the decryption information each time a print instruction is issued. However, if the encryption information and the decryption information are not changed for the required period, the security level is reduced, but the printing The trouble of acquiring new encrypted information and decrypted information each time can be saved.

  According to the present invention, as described in claim 32, in the facsimile communication system in which the receiving side apparatus receives and outputs the facsimile data from the transmitting side apparatus via the communication network, the transmitting side apparatus outputs the required data. In the case of confidential transmission restricted to the addressee, it is provided with an encryption means for encrypting facsimile data using predetermined encryption information, and the encrypted facsimile data generated by this encryption means is transmitted to the receiving side device, User receiving means for identifying and verifying that the person who performs the output operation is the addressee, and decryption for decrypting the encrypted facsimile data received from the transmitting apparatus using the required decryption information And a decryption unit that causes the decryption unit to perform decryption when authentication by the user authentication unit is successful.

  According to this, since only the addressee can decrypt the encrypted facsimile data by the user authentication, it is possible to ensure high security against the snooping of the print document and the preceding data.

  In the facsimile communication system, as shown in claim 33, the user authentication means can identify and verify the user by biometrics. According to this, since high authentication accuracy is obtained by biometrics (biometric authentication), high safety can be ensured.

  In this case, the encryption means performs encryption using the encryption information of the individual addressee, and the decryption means decrypts using the decryption information corresponding to the user authenticated by the user authentication means. According to this configuration, it is possible that another person cannot easily obtain the encrypted information and the decrypted information, and thus higher safety can be ensured.

  In this case, the receiving side apparatus stores storage information for each user (addressee), decryption information acquisition means for retrieving from the storage means decryption information corresponding to the user authenticated by the user authentication means, The decryption information for each user is registered in advance in the printing apparatus, so that quick processing can be performed.

  According to the present invention, as described in claim 34, in the facsimile communication system in which the receiving side apparatus receives and outputs the facsimile data from the transmitting side apparatus via the communication network, the destination person owns the destination person. In the case of confidential transmission that has a portable object that holds personal decryption information and the transmission side device restricts output to the required addressee, the print data is encrypted using the addressee personal encryption information. An encryption unit that transmits the encrypted facsimile data generated by the encryption unit to the reception-side device, and the reception-side device includes an interface unit that delivers required information to and from the portable object. The encrypted facsimile data received from the transmission side device is decrypted using at least one of the portable item and the receiving side device using the decryption information held by the portable item. It was assumed that the decoding means is provided.

  According to this, only the addressee owning the portable object can decrypt the encrypted facsimile data, and the decryption information in the portable object is managed only by the addressee himself. A high level of security against data snooping in the previous stage can be ensured.

  In the facsimile communication system, as shown in claim 35, the receiving-side apparatus includes the decryption means, and obtains decryption information of the individual addressee from the portable object via the interface means, It can be configured to decrypt the encrypted facsimile data.

  In the facsimile communication system, as described in claim 36, the portable object includes the decryption unit, acquires the encrypted facsimile data from the reception-side device through the interface unit, The decrypted facsimile data can be transferred to the receiving apparatus via the interface means after decryption using the decryption information.

  In the facsimile communication system, as shown in claim 37, the receiving-side device receives a facsimile communication device that receives encrypted facsimile data from the transmitting-side device, and a user for each destination person connected to the facsimile communication device via a network. And the facsimile communication apparatus may include notification processing means for notifying the user apparatus of the corresponding addressee that the encrypted facsimile data has been received from the transmission side apparatus. According to this, the destination person can know the arrival of the confidential facsimile addressed to himself / herself with the user device at his / her seat, and convenience is improved.

  According to the present invention, as shown in claim 38, in the facsimile communication system in which the receiving side apparatus receives and outputs the facsimile data from the transmitting side apparatus via the communication network, the sender himself possesses the sender's personal information. A portable object that holds encrypted information, and the transmission-side apparatus includes interface means for delivering required information to and from the portable object, and at least one of the portable object and the transmission-side apparatus includes: A digital signature generating means for generating a digital signature using encrypted personal information of the sender held by the portable object is provided, and the digital signature generated by the digital signature generating means is added to the facsimile data and transmitted to the receiving apparatus. And the receiving apparatus uses the decryption information corresponding to the encryption information used by the digital signature generation means to generate a digital signature. It was assumed with digital signature judging means for analyzing.

  According to this, by decrypting the digital signature by the digital signature determination means, it is possible to determine whether the document data has been tampered with or the sender is forged, and the safety of facsimile communication can be improved.

  In the facsimile communication system, as shown in claim 39, in addition to the digital signature, the transmitting device adds a digital certificate issued by an external certificate authority to the facsimile data and transmits the facsimile data to the receiving device. The digital signature determination unit can analyze the digital signature based on the digital certificate. According to this, since the authenticity of the digital signature is proved by the digital certificate, it is possible to determine the presence or absence of falsification of the document data or the spoofing of the sender with higher accuracy.

  In addition to the facsimile machine alone, the transmission side apparatus here generates transmission data based on the user apparatus (PC, etc.) for each sender and print data from the user apparatus, and transmits it to the reception side facsimile apparatus. It is also possible to configure with a facsimile communication apparatus. In addition to the facsimile device alone, the receiving side device can also be configured by a user device for each addressee and a facsimile communication device that transfers received data from the sending side facsimile device to the user device of the corresponding addressee. It is. In this case, a configuration in which the encryption unit, the user authentication unit, and the decryption unit are provided on the user device side is also possible.

  In the facsimile communication system, as shown in claims 27 and 28, information is transferred between a user device or a printing device and a portable object using an image display unit and an image reading unit. In addition, as shown in claim 29, it is possible to configure a portable object as an information recording sheet.

  As described above, according to the present invention, in the network printing system, only the print requesting user can decrypt the encrypted print data. High safety can be ensured. Further, in the facsimile communication system, since only the addressee can decrypt the encrypted facsimile data, it is possible to ensure high security against the snooping of the document data on the communication path and at the transmission destination. Furthermore, in the facsimile communication system, it is possible to determine whether the document data has been tampered with or the sender is forged by using a digital signature, so that the safety of facsimile communication can be improved.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram showing an example of a network printing system according to the present invention. In this network printing system, a plurality of PCs (user devices) 1 and printers (printing devices) 2 for each user are connected via a network (LAN), and the printer 2 is shared by a plurality of users. The user who has instructed printing of the document by the PC 1 can receive the required print document by the printer 2.

  The PC 1 includes an encryption information storage unit 11 that stores encryption information of an individual user who is a print request source, and an encryption processing unit (encryption unit) 12 that encrypts print data using the encryption information. When the document data generated by the document data generation unit 15 is instructed by a document creation application or an attached scanner, the print data generation unit 13 responds with a predetermined page description language such as a postscript. The described print data is generated, the print data is encrypted by the encryption processing unit 12, and the generated encrypted print data is transmitted from the network control unit 14 to the printer 2.

  The printer 2 includes a decryption information storage unit (storage unit) 21 that stores decryption information for each user, and a decryption processing unit (decryption unit) 22 that decrypts encrypted print data using the decryption information. When the network control unit 23 receives the encrypted print data from the PC 1, the encrypted print data is stored in the print data storage unit 26 by the data storage processing unit 25, and the decryption processing unit 22 stores the print data storage The required encrypted print data is extracted from the unit 26 and the required decryption information is extracted from the decryption information storage unit 21 to perform the decryption process.

  The printer 2 also includes a user authentication unit (user authentication means) 4. Here, a person who performs an operation for instructing output using the operation panel of the printer 2 is a valid user having an output authority. When the authentication by the user authentication unit 4 is successful, the document is printed. In particular, here, in order to prevent snooping of print documents and print data, the authority of decryption and print output is limited to the user who requested the print request, and the user authentication unit 4 authenticates with the user who requested the print request. Only the decryption unit 22 performs decryption, and the print unit 27 outputs a print document based on the print data obtained thereby.

  FIG. 2 is a block diagram showing another example of decoding in the network printing system according to the present invention. Here, a USB key (portable item) 3 having a decryption information storage unit (storage means) 31 that is owned by the user and stores decryption information of the individual user is used. An interface (interface means) 29 that enables data transfer between the printer 2 and the printer 2 is provided. The printer 2 obtains the decryption information of the individual user from the USB key 3 via the interface 29, and the printer 2 The decryption processing unit 22 decrypts the encrypted print data.

  Here, in the decryption processing of the encrypted print data performed by the decryption processing unit 22 in the printer 2, the USB key 3 is connected to the printer 2 because the decryption information necessary for this is obtained from the USB key 3. In this case, for example, the decryption process can be started in response to a predetermined instruction operation by the user. In particular, the decryption process is automatically started in response to the connection of the USB key 3. Then, the user's operation becomes simple.

  Further, the process of connecting the USB key 3 to the printer 2 and providing the decryption information to the printer 2 can be performed in advance, for example, before instructing the printing by the PC 1. It is not preferable to keep the information for a long time from the viewpoint of preventing eavesdropping on the decrypted information. For this reason, it is desirable to provide the decryption information from the USB key 3 immediately before print output by the printer 2.

  In addition, the interface 29 is configured so that the USB key 3 is mechanically connected to the housing of the printer 2 so that the USB key 3 is directly attached to the printer 2, and the USB key 3 is connected to the interface 29. It is also possible to configure the connected device as an independent device from the printer 2 so that the interface 29 can transfer data to and from the USB key 3 via this connected device. It may be advantageous in terms of cost.

  FIG. 3 is a block diagram showing another example of decoding in the network printing system according to the present invention. Here, the USB key (portable) 3 includes a decryption processing unit (decryption unit) 32 for decrypting the encrypted print data in addition to the decryption information storage unit (storage unit) 31, and After obtaining from the printer 2 via the interface 29 and decrypting using the decryption information stored in the decryption information storage unit 31 in the own apparatus, the decrypted print data is transmitted via the interface 29. The data is transferred to the printer 2.

  FIG. 4 is a block diagram showing another example of decoding in the network printing system according to the present invention. Here, both the printer 2 and the USB key 3 include the decryption processing unit 22 and the decryption processing unit 32, respectively, and a part of the encrypted print data is decrypted by the decryption processing unit 32 in the USB key 3, Using the result, the decryption processing unit 22 in the printer 2 decrypts the remainder of the encrypted print data. This configuration is particularly effective in the configuration shown in FIGS. 13 and 14 described later in detail.

  The USB key 3 houses the memory constituting the decryption information storage unit 31 and the CPU constituting the decryption processing unit 32 and the USB controller in the housing, and connects the connector protruding outside the housing to the connector on the printer 2 side. Thus, data transfer conforming to the USB (Universal Serial Bus) standard is performed. Note that the portable object here may be any one that can transfer data to and from the printer using an appropriate wired or wireless communication medium. In particular, it is based on a contact-type or non-contact-type proximity communication interface. For example, a so-called IC card in which a memory or a CPU is embedded in the card is also suitable.

  In the above example, the USB key (portable item) is involved in the decryption by the printer. On the other hand, the USB key (portable item) may be involved in the encryption by the PC (user device). In this case, an encryption information storage unit for storing the encryption information of the individual user is accommodated on the portable object side.

  FIG. 5 is a block diagram showing an example of user authentication in the network printing system according to the present invention. Here, the user authentication unit (user authentication means) 4 of the printer 2 is configured to identify and verify a user based on a biometric method, that is, physical characteristics such as a fingerprint, a face, an iris, and a palm print. A biometric database 41 in which data is registered, a biometric sensor 42 that detects the body characteristics of the user, and the biometric data acquired from the biometric sensor 42 is compared with the data on the database 41 to identify the user. And an authentication processing unit 43.

  When the user performs an operation to instruct print output using the operation panel or the like, the printer 2 performs a display prompting the user to perform an authentication operation for aligning a required body part with the detection position of the biometric sensor 42. In response to this, when the user performs an authentication operation, the authentication processing unit 43 performs user authentication processing. When the user is determined to be registered in the biometrics database 41, the identification information of the user is output. The

  FIG. 6 is a block diagram showing another example of user authentication in the network printing system according to the present invention. Here, as in the example shown in FIG. 2 and the like, the printer 2 includes an interface 29 to which a USB key (portable item) 3 is connected. In particular, the USB key 3 here identifies the user who owns it. The printer 2 includes a user information storage unit 33 for storing information. When the user performs an operation for instructing print output using the operation panel or the like, the printer 2 requests the USB key 3 to transfer user identification information. Thus, the identification information of the user who performs the output operation can be acquired.

  The user authentication unit (user authentication means) 4 can be configured to include both the biometric method shown in FIG. 5 and a portable object such as the USB key 3 shown in FIG. In this case, it is effective to increase the security if the user is specified only when both authentication results match.

  In addition, as shown in FIGS. 2 and 3, in the configuration in which the portable object such as the USB key 3 holds the decryption information of the individual user, a user identification function for specifying the user in the decryption information of the individual user itself The user possessing such a portable object can be identified as the user specified by the decryption information held therein, and in the same manner as in the example shown in FIG. 3 is connected to the printer 2 and obtains the decryption information of the individual user, so that it can be considered that the user authentication processing has been performed.

  FIG. 7 is a block diagram showing an example of encryption and decryption in the network printing system according to the present invention. In the PC 1, user identification information including the user's name and the like and user's personal encryption information are registered in advance, and when the user performs an operation to instruct printing, an encryption key (encryption information) ) Is used to encrypt print document data, and transmission data in which a user name (user identification information) is added to the encrypted data is generated.

  The printer 2 includes a print data call processing unit 51 that extracts print data corresponding to the corresponding user from the print data storage unit 26 based on the user identification information acquired from the user authentication unit 4. The print data storage unit 26 stores the print data to which the user identifier (user name) is added as it is, and can determine which user the print data belongs to based on the user identifier. And the print data may be stored in a storage area for each user.

  Further, the printer 2 is based on the decryption key database 52 in which the decryption key for each user, which is an aspect of the decryption information storage unit 21 illustrated in FIG. 1, and the user identification information acquired from the user authentication unit 4. A decryption key call processing unit 53 for retrieving a decryption key corresponding to the corresponding user from the decryption key database 52.

  When the user identification information is acquired by the user authentication unit 4 by the authentication operation in biometric authentication or the connection of the USB key 3, the encrypted print data of the corresponding user is obtained from the print data storage unit 26 based on the user identification information. The calling process is performed by the print data call processing unit 51, and the decryption key call processing unit 53 calls the decryption key of the corresponding user from the decryption key database 52 based on the user identification information. Then, the decryption processing unit 22 performs a process of decrypting the corresponding encrypted print data of the user with the decryption key of the user, so that the original print data can be acquired.

  FIG. 8 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, unlike the above example, the user identification information is not added to the transmission data, and the PC 1 is encrypted in a state where a mark registered in advance is added to the print document data. The mark is not particularly limited as long as it can be detected by decoding with the printer 2 such as text data.

  The printer 2 includes the decryption key database 52 and the decryption key call processing unit 53 as in the above example, but the print data call processing unit that extracts the print data corresponding to the corresponding user from the print data storage unit 26 is Here, the decryption processing unit 22 sequentially calls the encrypted print data stored in the print data storage unit 26 and uses the decryption key call processing unit 53 to decrypt the decrypted data. Processing is performed to verify whether or not the encrypted print data belongs to the corresponding user, and the print data of the corresponding user is output.

  In the decryption processing unit 22, in the case of the encrypted print data of the corresponding user, a mark appears in the decrypted data, and by detecting this, it is determined that the encrypted print data belongs to the corresponding user. With this configuration, it is not possible to easily determine which user the encrypted print data stored in the print data storage unit 26 of the printer 2 belongs to.

  FIG. 9 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, as in the example shown in FIG. 8, the PC 1 encrypts a mark registered in advance with the print document data added. On the other hand, unlike the example shown in FIG. 8, the printer 2 sequentially calls the decryption keys registered in the decryption key database 52 in the decryption processing unit 22, and prints the same as in the example shown in FIG. 7. The decryption process is performed using the user's encrypted print data acquired by the data call processing unit 51, and it is verified whether or not the decryption key belongs to the corresponding user, and the corresponding user's print data is output. The

  In the decryption processing unit 22, in the case of the decryption key of the corresponding user, a mark appears in the decrypted data of the encrypted print data, and by detecting this, it is found that the decryption key belongs to the corresponding user. To do.

  FIG. 10 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, the user designates the encrypted print data stored in the print data storage unit 26 using the operation panel 28, and the corresponding encrypted print data is taken out by the print data call processing unit 51 that has received the designation. In the decryption processing unit 22, the encrypted print data is decrypted using the decryption key obtained by the decryption key call processing unit 53.

  On the operation panel 28, for example, a list of encrypted print data stored in the print data storage unit 26 is displayed, and the user can select and specify from this list. In addition, the corresponding encrypted print data may be read by the print data call processing unit 51 based on user information acquired by an authentication device different from the user authentication unit 4.

  FIG. 11 is a block diagram showing another example of user authentication and decryption in the network printing system according to the present invention. Here, as in the example shown in FIG. 7, the print data call processing unit 51 specifies print data based on the identification information of the user authenticated by the user authentication unit 4. Since the decryption information is obtained from the USB key 3 and the decryption processing unit 22 decrypts the print data, the decryption key database 52 and the decryption key call processing unit 53 as shown in FIGS. It is unnecessary.

  FIG. 12 is a block diagram showing another example of user authentication and decryption in the network printing system according to the present invention. Here, as in the example shown in FIG. 11, the decryption information is obtained from the USB key 3, the print data is decrypted by the decryption processing unit 22, and the decryption obtained from the USB key 3 is further performed. As in the example shown in FIG. 8, the decryption processing unit 22 verifies whether or not the sequentially called encrypted print data belongs to the corresponding user by using the information, and obtains the encrypted print data of the corresponding user. Since the data is output, the user authentication unit 4 is not particularly necessary.

  FIG. 13 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, in the PC 1, the public key (encrypted information) and the common key (encrypted information) of the user who is the print request source are registered in advance, and the public key (encrypted information) of the user is used among them. The common key randomly generated in the PC 1 is encrypted, and the print data and the hash value thereof are encrypted using the common key and the user's personal common key (encryption information). A user name (user identification information) is added to the generated encrypted print data and transmitted.

  The USB key (portable) 3 possessed by the user himself / herself stores the user's private key (second decryption information), and the printer 2 obtains the user's private key via the interface 29. can do. Further, as shown in FIG. 5, the printer 2 is provided with a user authentication unit (user authentication means) 4 for identifying and verifying that the person who performs the output operation is the print requesting user. In addition, as shown in FIG. 6, the structure which performs user authentication using the user identification information memorize | stored in the USB key 3 is also possible.

  In the decryption key database (storage means) 52 of the printer 2, a common key (first decryption information) paired with the common key registered in the PC 1 is registered for each user, and a decryption key call processing unit ( In the decryption information acquisition means) 53, the common key (first decryption information) corresponding to the user authenticated by the user authentication unit 4 is extracted from the decryption key database 52, and the private key stored in the USB key 3; Using the common key acquired by the decryption key call processing unit 53, processing for decrypting the encrypted print data received from the PC 1 is performed.

  In this case, in addition to the configuration related to the decryption processing shown in FIGS. 2 and 3, a configuration in which a part of the decryption processing is performed by the decryption processing unit 32 in the USB key 3 as shown in FIG. 4 is also possible. is there. For example, decryption processing of the common key encrypted with the public key is performed by the decryption processing unit 32 in the USB key 3, and the common key obtained thereby is transferred to the printer 2, and this common key and decryption key are transferred. It is assumed that the decryption processing unit 22 in the printer 2 performs a process of decrypting the print data and the hash value using the common key acquired by the call processing unit 53.

  FIG. 14 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, in the PC 1, a password is input by the user using a keyboard or the like, and this password, a common key randomly generated in the PC 1, a pre-registered common key (the first key corresponding to the first decryption information). 1), the print data and the hash value are encrypted. The common key that is randomly generated is encrypted with a public key (second encryption information corresponding to the second decryption information) registered in advance, as in the above example.

  In the printer 2, the secret key (second decryption information) and the common key (first decryption information) are acquired in the same procedure as in the above example. In addition, a password is input by the user using the operation panel (input means) 28, and the acquired password, the secret key (second decryption information), and the common key (first decryption information) are used. Thus, the encrypted print data is decrypted.

  The example shown in FIGS. 13 and 14 is an aspect of the configuration in which the user's personal decryption key is held in a portable object such as the USB key 3 as shown in FIGS. In this case, as shown in FIGS. 7 to 10, the decryption key database 52 that holds the decryption key for each user is unnecessary, and the decryption key call processing unit 53 for specifying the decryption key is also unnecessary.

  In addition, as a configuration using a password input by the user, for example, the PC 1 encrypts the password together with the print data with a required encryption key, and the printer 2 decrypts the data with the required decryption key. A configuration in which a determination is made by comparing a certain password with a password input by a user is also possible.

  FIG. 15 is a block diagram showing an example of a facsimile communication system according to the present invention. This facsimile communication system transmits and receives facsimile data between the transmission-side facsimile apparatus 101 and the reception-side facsimile apparatus 102 according to the G3 facsimile communication procedure via the PSTN. Facsimile data is encrypted, and confidential transmission that makes it difficult for the receiving facsimile apparatus 102 to view a printed document or data is possible. Here, the facsimile data is generated by compressing bitmap image data by an encoding method such as MR or JBIG.

  The transmission-side facsimile apparatus 101 includes an addressee database 111 in which encryption information for each addressee is registered, and an encryption processing unit (encryption means) that encrypts transmission document data using the addressee personal encryption information. 112, the facsimile data generated by the facsimile data generation unit 115 in response to the reading of the transmission original by the original reading unit 113 is encrypted by the encryption processing unit 112, and the encrypted facsimile data is transmitted from the network control unit 114. Is transmitted to the receiving facsimile machine 102.

  The receiving-side facsimile apparatus 102 includes a decryption information storage unit (storage means) 121 that stores decryption information for each user (addressee), and a decryption process that decrypts encrypted document data using the decryption information. (Decryption means) 122, and when the network control unit 23 receives the encrypted facsimile data from the transmission-side facsimile apparatus 101, the encrypted facsimile data is stored in the facsimile data storage unit 126 by the data storage processing unit 25. Then, the decryption processing unit 122 extracts the required encrypted facsimile data from the facsimile data storage unit 126 and also extracts the required decryption information from the decryption information storage unit 121 and performs the decryption process.

  In addition, the receiving side facsimile apparatus 102 includes a user authentication unit (user authentication means) 104, and here, it is identified and verified that the person who performs the operation of instructing the output using the operation panel or the like is the addressee. Only when the user authentication unit 104 authenticates the addressee, the decryption unit 122 performs decryption, and the print unit 127 outputs a print document based on the print data obtained thereby. Is done.

  The user authentication unit 104 is based on the biometrics method shown in FIG. 5 or the USB key 3 that the user (destination person) owns and stores personal identification information as shown in FIG. It is possible to use any portable object, and a combination of a biometric method and a portable object is also possible. Further, as shown in FIGS. 2 and 3, it is also possible to perform a process corresponding to user authentication with a portable object possessed by the user (addressee) himself and holding the decryption information of the individual user.

  FIG. 16 is a block diagram showing an example of encryption and decryption in the facsimile communication system according to the present invention. In the addressee database 111 of the transmission side facsimile apparatus 101, identification information such as the name of the addressee to be sent confidentially and the encryption key of the addressee personal are registered in advance, and the user selects the addressee by the operation panel 118. When the designated operation is performed, the addressee encryption key (encryption information) is called by referring to the addressee database 111, and the encryption data is encrypted by the encryption processing unit 112 using the addressee encryption key. Further, transmission data in which the addressee name (addressee identification information) is added to the encrypted facsimile data is generated.

  The reception-side facsimile apparatus 102 includes a facsimile data call processing unit 131 that extracts facsimile data corresponding to the user authenticated by the user authentication unit 4 from the facsimile data storage unit 126. Further, the decryption key database 132 in which the decryption key for each user is registered, and the decryption key corresponding to the user authenticated by the user authentication unit 4, which is an aspect of the decryption information storage unit 121 illustrated in FIG. A decryption key call processing unit 133 that is extracted from the key database 132.

  When the user authentication unit 104 authenticates the user, the facsimile data call processing unit 131 performs a process of calling the corresponding user's encrypted facsimile data from the facsimile data storage unit 126 based on the identification information of the user. The decryption key call processing unit 133 calls the decryption key of the corresponding user from the decryption key database 132 based on the user identification information, and the decryption processing unit is a process for decrypting the encrypted facsimile data with the decryption key obtained thereby. In step 122, facsimile data is generated.

  In this case, a public key cryptosystem in which the encryption key distributed to the transmission source and registered in the transmission-side facsimile apparatus 101 is a public key and the decryption key registered in the reception-side facsimile apparatus 102 is a secret key is suitable.

  The configuration of the receiving side facsimile apparatus 102 here is the same as the example shown in FIG. 7, but in addition to this, the same configuration as the example shown in FIG. The encrypted facsimile data stored in the facsimile data storage unit 126 is sequentially called, and the user's decryption key acquired by the decryption key call processing unit 133 is used to verify whether the encrypted facsimile data belongs to the corresponding user. As a result, the facsimile data of the corresponding user may be output.

  The receiving facsimile apparatus 102 has the same configuration as the example shown in FIG. 9, that is, the decryption processing unit 22 sequentially calls the decryption keys registered in the decryption key database 132, and the example shown in FIG. It is assumed that the decryption key is that of the corresponding user while decrypting the encrypted facsimile data acquired by the same facsimile data call processing unit 131 and that the corresponding user's facsimile data is output. Also good.

  Further, the receiving side facsimile apparatus 102 has the same configuration as the example shown in FIG. 10, that is, the user designates the encrypted facsimile data stored in the facsimile data storage unit 126 using the operation panel, and accepts the designation. The corresponding encrypted print data is called by the facsimile data call processing unit 131, and the decryption processing unit 122 decrypts the encrypted print data by using the decryption key obtained by the decryption key call processing unit 53. good.

  In addition, the receiving-side facsimile apparatus 102 here has a configuration for performing decryption processing therein, but in addition to this, a configuration similar to the example shown in FIG. An interface to which the key (portable) 3 can be connected may be provided, and decryption processing in the USB key 3 may be performed using the decryption information stored in the USB key 3. Also, the same configuration as the example shown in FIG. 4, that is, a part of the encrypted facsimile data is decrypted by the decryption processing unit in the USB key 3, and the decryption processing in the receiving side facsimile apparatus 102 using the result The remaining part of the encrypted facsimile data may be decrypted by the part.

  FIG. 17 is a block diagram showing another example of a facsimile communication system according to the present invention. Here, when the receiving facsimile apparatus 102 is connected to a PC (user apparatus) 103 for each user (addressee) via a network (LAN) and receives encrypted facsimile data from the transmitting facsimile apparatus 101, A notification processing unit (notification processing unit) 141 that performs notification to that effect on the PC 103 of the corresponding user (addressee) is provided, and notification information generated by the notification processing unit 141 is transmitted from the network control unit 142 to the PC 103. Sent to.

  When the notification information from the receiving facsimile apparatus 102 is received, the PC 103 displays a message to the effect that the confidential facsimile has arrived on the monitor, and the user (destination person) himself / herself at the PC 103 located away from the receiving facsimile apparatus 102. You can know the arrival of a confidential facsimile addressed to you.

  FIG. 18 is a block diagram showing another example of a facsimile communication system according to the present invention. This facsimile communication system transmits and receives facsimile data between the transmission-side facsimile apparatus 105 and the reception-side facsimile apparatus 106 according to the G3 facsimile communication procedure via the PSTN. Facsimile data with a digital signature is created so that the receiving facsimile machine 102 can determine whether the data has been tampered with or the sender is forged.

  Here, a USB key (portable item) 103 that is owned by the user (sender) and stores the encryption information of the individual user is used, and data transmission to and from the USB key 103 is performed on the transmitting-side facsimile apparatus 105. And an interface (interface means) 151 for enabling a digital signature generation section (digital signature generation means) 152 for generating a digital signature using the encryption information of the user (sender) personal stored in the USB key 103. Yes.

  When the user (sender) selects the signature transmission on the operation panel 153 and performs an operation for instructing the transmission, the facsimile data generated by the facsimile data generation unit 155 in response to the reading of the transmission document by the document reading unit 154 is a digital signature. A digital signature is generated by being sent to the generation unit 152, and facsimile data with a digital signature obtained by adding the digital signature to the facsimile data is transmitted from the network control unit 156 to the receiving side facsimile apparatus 106.

  The receiving side facsimile apparatus 106 is provided with a digital signature determination processing unit (digital signature determination unit) 161 that verifies data falsification and spoofing based on the digital signature, and the network control unit 162 is connected to the transmission side facsimile apparatus 105. When the facsimile data with a digital signature is received, verification by the digital signature is performed by the digital signature determination processing unit 161. If successful, the print data is sent to the printing unit 163 for printing. At this time, for example, a sender's name and a word proving its authenticity may be printed in the margin. As another application using the printing of the sender's name, if the sender sends print data with a digital signature to him and prints his / her name together, it is printed out. When a printed document or the like is left unattended, it can be used to specify who the output is for. In addition, when verification by the digital signature is unsuccessful, a message indicating that the authenticity is doubtful may be printed in the margin together with the sender name.

  The digital signature generation unit that generates a digital signature using the sender's personal encryption information is provided inside a portable object such as the USB key 103 that is owned by the sender and stores the sender's personal encryption information. Is also possible. Moreover, the structure which acquires user identification information by user authentication and specifies the encryption information in a database based on the user identification information is also possible.

  FIG. 19 is a block diagram showing an example of encryption and decryption in the facsimile communication system according to the present invention. The USB key 103 connected to the transmission-side facsimile apparatus 105 holds the private key of the user (sender), and a digital signature is created by the digital signature generation unit 152 using this private key. The digital signature generation unit 152 obtains a hash value of the facsimile data and encrypts the hash value using the private key of the user (sender) to generate a simple digital signature.

  The receiving-side facsimile apparatus 106 is provided with a public key database 164 in which a public key for each sender is registered. The digital signature determination processing unit (digital signature determination means) 161 is a sender of the received facsimile data with a digital signature. Obtains the sender's public key from the public key database 164 based on the name (sender identification information), decrypts the digital signature with the public key, obtains the hash value, and compares it with the hash value obtained from the received facsimile data And verify whether the data has been tampered with.

  FIG. 20 is a block diagram showing another example of encryption and decryption in the facsimile communication system according to the present invention. Here, in the transmission side facsimile apparatus 105, in addition to the digital signature, transmission data in which a digital certificate issued by an external certificate authority (CA station) is added to the facsimile data is created, thereby further enhancing the authenticity of the digital signature. It is what I did.

  In the certificate authority (CA station) 107, a digital certificate is created by encrypting the public key of the user (sender) corresponding to the secret key held in the USB key 103 with the secret key of the certificate authority 107. In 105, the digital certificate received from the certificate authority 107 and the digital signature created in the same procedure as described above are added to the facsimile data and transmitted to the receiving facsimile apparatus 106. The receiving facsimile apparatus 106 In the digital signature determination processing unit 161, the digital certificate is decrypted using the public key of the certificate authority 107, and the digital signature is decrypted using the public key of the user (sender) obtained thereby to obtain the hash value. To do.

FIG. 21 is a block diagram showing another example of a facsimile communication system according to the present invention.
Here, a PC (user device) 108 for each user (sender) is connected to the transmission-side facsimile device 109 via the LAN, and a print instruction for document data generated by the document data generation unit 181 by a document creation application or the like on the PC 108. Then, the print data is transmitted to the reception side facsimile apparatus 106 via the transmission side facsimile apparatus 109.

  The PC 108 is provided with a user authentication unit 104 and a digital signature generation unit 152 in the same manner as the transmission-side facsimile apparatus 105 shown in FIG. 18, and a signature facsimile transmission is designated by the input operation unit 182 of the PC 108. When printing is instructed, the print data generated by the print data generation unit 183 is sent to the digital signature generation unit 152 to generate a digital signature, and the print data with the digital signature added to the print data is the network control unit. The data is transmitted from 184 toward the transmitting facsimile apparatus 109. The transmission side facsimile apparatus 109 transmits facsimile data to the reception side facsimile apparatus 106 via the PSTN according to a normal G3 facsimile communication procedure, and the reception side facsimile apparatus 106 performs verification using a digital signature in the same procedure as described above. .

  In the example of the facsimile communication system using the digital signature, the sender encryption information is provided by the USB key. However, the user identification information is obtained by user authentication, and the database is based on the user identification information. A configuration for specifying the encryption information in the inside is also possible.

  In the example of the facsimile communication system described above, the facsimile data is transmitted / received via the PSTN according to the G3 facsimile communication procedure. A so-called Internet facsimile which is stored in a mail and transmitted / received via the Internet is also possible.

  FIG. 22 shows another example of the network printing system according to the present invention. Here, as in the example of FIG. 1, the printer 2 receives the encrypted print data generated on the PC 1 side using the encryption information of the individual user from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. Is decrypted using the decryption information corresponding to the encrypted information, and the printer 2 performs printing, and the memory card 201 is carried as a portable object possessed by the user himself and storing the decryption information of the individual user. Is used.

  The memory card 201 is a non-contact type that complies with, for example, the ISO14443Type-A standard, and enhances safety by performing data protection with a key file for each data area in the card.

  Further, here, the printer 2 is provided with a reader / writer (interface means) 202 that enables data transfer to and from the memory card 201, and from the PC 1 using the decryption information stored in the memory card 201. A process for decrypting the received encrypted print data is performed in the decryption processing unit 22.

  In particular, here, the PC 1 generates an encryption / decryption information generation unit (information acquisition unit) 205 that generates and acquires the encryption information of the user for encrypting the print data and the decryption information paired therewith, A reader / writer (interface means) 206 that enables data transfer to and from the memory card 201 is provided, and the PC 1 provides decryption information to the memory card 201 via the reader / writer 206.

  In this configuration, when the memory card 201 is connected to the PC 1, the encryption / decryption information generation unit 205 of the PC 1 generates encryption information for encrypting print data and decryption information paired therewith. Then, the information storage unit 207 stores the decrypted information in the memory card 201. When printing is instructed by the PC 1, the process of encrypting the print data generated by the print data generation unit 13 using the encryption information generated by the encryption / decryption information generation unit 205 of the PC 1 is encrypted. The encrypted print data obtained by this processing is transmitted to the printer 2, and the printer 2 stores the received encrypted print data in the print data storage unit 26, and enters a standby state.

  When the print document is output by the printer 2, when the memory card 201 is connected to the printer 2, the information reading unit 203 of the printer 2 performs a process of reading the decrypted information from the memory card 201. Using the information, the decryption processing unit 22 performs a process of decrypting the encrypted print data, and the print data obtained thereby is sent to the printing unit 27.

  In the configuration shown in FIG. 22, the method for generating the encryption information and the decryption information in the encryption / decryption information generation unit 205 of the PC 1 is not particularly limited. For example, according to a predetermined program In addition to automatic generation, it is also possible to input directly by the user. The same applies to the examples shown below.

  Further, in the example shown in FIG. 22, the generation process of the encryption information and the decryption information performed in the encryption / decryption information generation unit 205 of the PC 1 is performed after the memory card 201 is connected to the PC 1. However, unlike this, the memory card 201 may be performed in advance prior to being connected to the PC 1.

  In addition, since the encryption information and decryption information generation processing can be performed in advance prior to the connection of the memory card 201 to the PC 1, the print data is encrypted according to the print instruction in the PC 1. The temporal relationship between each process of transmission to the printer 2 and the process of storing the decryption information in the memory card 201 is not particularly limited.

  In addition, the process of storing the decryption information in the memory card 201 may be performed at least before the print document is output by the printer 2, but the PC 1 is dedicated to a specific user, and login is restricted by a password or the like. It is not desirable for safety to keep the decryption information in the PC 1 for a long time unless high security is ensured by the function to be performed, etc. From this point of view, the memory card 201 is connected to the PC 1 At this point, the encryption / decryption information generation unit 205 generates encryption information and decryption information, immediately stores the decryption information in the memory card 201, and immediately after that, erases the decryption information in the PC 1 And good. On the other hand, if the security of the encrypted information can be ensured by the public key encryption method even if the PC 1 itself cannot secure high security, only the encrypted information is held in the PC 1 for a long time. In this way, it is possible to save the trouble of connecting the memory card 201 to the PC 1 when instructing printing on the PC 1 next time.

  Further, the memory card 201 may be configured to store the encryption information together with the decryption information. In this case, for example, after the decryption information and the encryption information are stored in the memory card 201, the encryption information and the decryption information in the PC 1 are deleted, and the memory card 201 is connected to the PC 1 for encryption. The encryption information in the memory card 201 is provided to the PC 1, and when the encryption is completed, the encryption information in the PC 1 may be deleted.

  Further, in the configuration shown in FIG. 22, instead of the memory card 201 as a portable object, a so-called IC card in which a CPU is embedded in the card is adopted, and print data is encrypted in the IC card. That is, the portable object may be configured to include an encryption processing unit (encryption unit) that encrypts print data.

  FIG. 23 shows another example of a network printing system according to the present invention. Here, as in the above example, the printer 2 receives the encrypted print data generated from the personal information of the user on the PC 1 side via the network, and the encrypted print data is encrypted on the printer 2 side. The printer 2 performs printing using the decryption information corresponding to the decryption information, but unlike the above example, the printer 2 stores the user's personal encryption information and decryption information. An encryption / decryption information generation unit (information acquisition unit) 211 for generation and acquisition is provided, and the printer 2 provides the encryption information and the decryption information to the memory card 201 via the reader / writer 202. .

  In this system, first, when the memory card 201 is connected to the printer 2 prior to a print request at the PC 1, the process of generating encryption information and decryption information for encrypted communication of print data is performed by the encryption of the printer 2. The information storage unit 212 performs processing for storing the encrypted information and the decryption information obtained by the decryption information generation unit 211 in the memory card 201. When the storage of the encrypted information and the decrypted information in the memory card 201 is completed, the encrypted information and the decrypted information are deleted from the printer 2.

  When the memory card 201 is connected to the PC 1 at the time of a print request in the PC 1, the information reading unit 213 reads the encrypted information from the memory card 201 by the information reading unit 213 of the PC 1, and then performs this encryption. The encryption processing unit 12 performs processing for encrypting print data using information, and the encrypted print data obtained thereby is transmitted to the printer 2. In the printer 2, the received encrypted print data is stored in the print data storage unit. 26, and it is in a standby state.

  When the print document is output by the printer 2, when the memory card 201 is connected to the printer 2, a process for reading the decryption information from the memory card 201 is performed by the information reading unit 203. Using the information, the decryption processing unit 22 performs processing for decrypting the encrypted print data.

  FIG. 24 shows another example of the network printing system according to the present invention. Here, the printer 2 performs a required rasterization process on the print data obtained by decrypting the encrypted print data received from the PC 1 side, and the processed data obtained thereby is processed. When storing in the raster data storage unit (storage unit) 225, an encryption processing unit (encryption unit) 223 that re-encrypts using necessary encryption information is provided. In particular, here, encryption information and decryption information for encrypting print data are the same as encryption information and decryption information for encrypting raster data.

  In this system, first, when the memory card 201 is connected to the printer 2 prior to a print request at the PC 1, the process of generating encryption information and decryption information for encrypted communication of print data is performed by the encryption of the printer 2. A process that is performed by the decryption information generation unit 211 and the obtained encryption information and decryption information are stored in the information storage unit 227, and that the encryption information and the decryption information are stored in the memory card 201. This is performed by the information storage unit 212.

  When the memory card 201 is connected to the PC 1 at the time of a print request in the PC 1, the information reading unit 213 of the PC 1 performs a process of reading the encrypted information from the memory card 201, and then uses this encrypted information. Processing for encrypting the print data is performed by the encryption processing unit 12, and the encrypted print data obtained thereby is transmitted to the printer 2, and the received encrypted print data is decrypted in the information storage unit 227 by the printer 2. The decryption processing unit 221 performs a decryption process using the information, and then the decryption information in the information storage unit 227 is deleted.

  Next, rasterization of the print data obtained by the decryption processing unit 221 is performed by the rasterizer 222, and then processing for re-encrypting the raster data using the encryption information of the information storage unit 227 is performed by the encryption processing unit 223. Thereafter, the encrypted information in the information storage unit 227 is erased. A process of saving the re-encrypted raster data in the print data storage unit 26 is performed by the data storage unit 224, thereby entering a standby state.

  When the print document is output by the printer 2, when the memory card 201 is connected to the printer 2, the information reading unit 203 of the printer 2 performs a process of reading the decrypted information from the memory card 201. Using the information, the decryption processing unit (decryption unit) 226 performs a process of decrypting the encrypted raster data extracted from the print data storage unit 26, and the obtained raster data is sent to the printing unit 27. It is done.

  FIG. 25 shows another example of a network printing system according to the present invention. Here, as in the previous examples, the printer 2 receives the encrypted print data generated by using the personal user's encryption information on the PC 1 side from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. The printer 2 is configured to perform decryption using decryption information corresponding to the encrypted information, and in particular, here, a server device connected to the PC 1 and the printer 2 via an appropriate communication medium. This server device 241 stores decryption information in association with individual user access information, and in response to a transmission request made with access information from the printer 2, the corresponding decryption information is stored. Information is provided to the printer 2.

  Further, in this system, an RFID tag (portable item) 242 that is owned by the user and stores the access information of the individual user is used, and the printer 2 can transfer data to and from the RFID tag 242. A receiving device (interface means) 244 that performs the request, and a request unit that acquires decryption information by making a transmission request to the server device 241 with the access information acquired from the RFID tag 242 via the receiving device 244 Request means) 245 is provided, and the decryption information acquired by the request unit 245 is used to decrypt the encrypted print data.

  Further, the server device 241 stores the encrypted information together with the decryption information in association with the user's personal access information, and in response to the transmission request made with the access information from the PC 1, the corresponding encrypted information is stored. The PC 1 is provided with a receiving device (interface means) 246 that enables data transfer to and from the RFID tag 242, and the RFID tag 242 is obtained via the receiving device 246. A request unit (request means) 247 for acquiring encrypted information by making a transmission request to the server apparatus 241 with access information is provided, and the encrypted information acquired by the request unit 247 is used. The print data is encrypted.

  The access information is personal identification information given to each user and is stored in advance in the RFID tag 242.

  In this system, when the RFID tag 242 is connected to the PC 1 at the time when the user instructs printing on the PC 1, or before that, the PC 1 automatically or in response to a predetermined instruction by the user. The information reading unit 248 performs processing for reading access information from the RFID tag 242, and then the request unit 247 makes a transmission request to the server device 241 with the access information acquired from the RFID tag 242. In the device 241, the access execution unit 249 retrieves the encrypted information from the information storage unit 250 according to the access information and transmits it to the PC 1, and the PC 1 acquires the encrypted information from the server device 241.

  When the user issues a print instruction on the PC 1, the encryption processing unit 12 performs a process of encrypting the print data using the encryption information, and the encrypted print data obtained thereby is transmitted to the printer 2. The printer 2 stores the received encrypted print data in the print data storage unit 26, and enters a standby state.

  When the user goes to the printer 2 with the RFID tag 242 and the RFID tag 242 is connected to the printer 2, the information reading unit 251 automatically or in response to a predetermined instruction from the user. Then, the access information is read from the RFID tag 242, and then the request information is sent to the server device 241 by attaching the access information, and the access execution unit 249 accesses the server device 241. The decryption information is extracted from the information storage unit 250 according to the information and transmitted to the printer 2, and the decryption information is acquired by the request unit 245 of the printer 2. When the user instructs the printer 2 to output a print document, the decryption processing unit 22 performs a process of decrypting the encrypted print data using the decryption information, and the print data obtained thereby is used. Printing is performed in the printing unit 27.

  Note that, unlike the example shown in FIG. 25, a configuration in which a request unit 245 that acquires decryption information by a transmission request to the server device 241 is provided in the receiving device 244 on the printer 2 side. It is. Further, on the PC 1 side, a configuration in which a request unit 247 that acquires encrypted information in response to a transmission request to the server device 241 is provided in the receiving device 246 may be adopted. In addition, the print data storage unit 26 on the printer 2 side can be configured as a storage device that exists independently outside the printer 2. Further, the server device 241 can be configured by a plurality of server devices.

  In the configuration shown in FIG. 25, when the encrypted print data is extracted from the print data storage unit 26 and decrypted, it is necessary to specify the encrypted print data to be decrypted by some method. In this case, for example, Based on the user's personal identification information added to the print data, it can be automatically performed by a method such as determining whether or not the encrypted print data is to be decrypted, and can be encrypted by an instruction operation by the user. A configuration may be adopted in which print data is designated.

  In addition, when PC1 is dedicated to a specific user and has a high level of security secured by a function that restricts login by a password or the like, or the security of encrypted information is secured by public key cryptography. In the case where the access information or the encryption information is stored in the PC 1, it is possible to save the trouble of connecting the RFID tag 242 to the PC 1 for each print instruction.

  In addition, in the configuration shown in FIG. 25, instead of the RFID tag 242 as a portable object, a so-called IC card in which a CPU is embedded in a card is adopted, and print data is encrypted or decrypted in the IC card. In other words, the portable object may include an encryption processing unit (encryption unit) that encrypts print data and a decryption processing unit (decryption unit) that decrypts encrypted print data. Is possible. In this case, by providing the encryption information and the decryption information to the IC card before the encryption and decryption processes, the encryption and decryption processes in the IC card can be performed.

  Further, in the configuration shown in FIG. 25, it is necessary to register necessary information in the server device 241 in advance prior to a transmission request from the PC 1 and the printer 2 to the server device 241. In the process of information registration, the following configuration is possible.

  That is, the printer 2 issues an access information issuance request to the server device 241, and in response to this, the server device 241 issues required access information associated with the encryption information and the decryption information that are paired with each other. The access information, the encrypted information, and the decrypted information are stored, the access information is provided to the printer 2, and the printer 2 provides the access information to the RFID tag 242 when the RFID tag 242 is connected. Is possible.

  Also, the printer 2 generates encryption information and decryption information that are paired with each other, requests the server device 241 to register the encryption information and decryption information, and the server device 241 responds accordingly to the encryption information and the decryption information. When necessary access information associated with the decryption information is issued, the access information, the encryption information, and the decryption information are stored, the access information is provided to the printer 2, and the RFID tag 242 is connected. In addition, the printer 2 may be configured to provide access information to the RFID tag 242. The server device 241 does not issue access information, but the printer 2 designates access information such as a data storage location and requests the server device 241 to register encryption information and decryption information. Is also possible.

  Further, the printer 2 generates encryption information and decryption information that make a pair with each other, and when the RFID tag 242 is connected, the access information is acquired from the RFID tag 242, and this access information is sent to the server device 241. The server device 241 can store the access information, the encrypted information, and the decrypted information by requesting registration of the encrypted information and the decrypted information.

  FIG. 26 shows another example of the network printing system according to the present invention. Here, as in the above example, the server device 241 connected to the PC 1 and the printer 2 stores the decryption information in association with the access information of the individual user, and adds the access information from the printer 2. In response to the transmission request, the corresponding decryption information is provided. However, unlike the above example, the server device 241 responds to the issuance request from the PC 1 with the encryption information paired with each other. The required access information associated with the decryption information is issued, and the access information and encryption information are provided to the PC 1. The PC 1 can transfer data to and from the memory card (portable item) 201. The access information received from the server device 241 is stored in the memory card 201 via the reader / writer 206, and from the server device 241. And performs encryption of the print data in only took encrypted information.

  In this system, when the memory card 201 is connected to the PC 1 at the time when the user instructs printing on the PC 1 or before that, the PC 1 automatically or in response to a predetermined instruction by the user. The request unit (request unit) 247 issues a request to the server apparatus 241 to issue encryption information and access information for acquiring the decryption information paired therewith, and the server apparatus is responded accordingly. The access execution unit 249 of 241 selects access information for acquiring one piece of existing encrypted information and decryption information paired with the existing encrypted information from the information storage unit 250 and transmits the selected information to the PC 1.

  In the PC 1, the information storage unit 252 performs processing for causing the request unit 247 to store the access information acquired from the server device 241 in the memory card 201. When the printing instruction is given by the PC 1, the encryption processing unit 12 performs processing for encrypting the print data using the encryption information acquired from the server device 241 by the request unit 247. The encrypted print data is transmitted to the printer 2, and the printer 2 stores the received encrypted print data in the print data storage unit 26, and enters a standby state.

  When the memory card 201 is connected to the printer 2, a process for reading access information from the memory card 201 is performed automatically or in response to a predetermined instruction from the user by the information reading unit 251 of the printer 2. Next, the request unit 245 performs processing for sending a transmission request to the server device 241 with the access information. In the server device 241, the access execution unit 249 receives the decryption information from the information storage unit 250 according to the access information. The data is taken out and transmitted to the printer 2, and decryption information is acquired by the request unit 245 of the printer 2. When the printer 2 outputs a print document, the decryption processing unit 22 performs a process of decrypting the encrypted print data using the decryption information, and printing is performed using the print data obtained thereby. Printing is performed in the unit 27.

  In the configuration shown in FIG. 26, the server apparatus 241 selects one piece of existing encryption information and access information for acquiring the decryption information paired therewith. As the previous stage, it is necessary to store encryption information and decryption information and corresponding access information in the information storage unit 250 of the server device 241 in advance. A configuration in which the data is stored in the storage unit 250 is possible.

  FIG. 27 shows another example of a network printing system according to the present invention. Here, as in the above example, the server device 241 connected to the PC 1 and the printer 2 stores the decryption information in association with the user's personal access information, and adds the access information from the printer 2. In response to the transmission request, corresponding decryption information is provided. However, unlike the above example, the server device 241 responds to a registration request made with decryption information from the PC 1, The required access information is issued and registered in association with the decryption information, and the access information is provided to the PC 1. The PC 1 generates encryption information and decryption information that make a pair with each other. An encryption / decryption information generation unit (information acquisition unit) 261 and a reader / writer 206 that enables data transfer between the memory card 201 and the encryption / decryption information generation unit 261 are provided. The access information acquired from the server apparatus 241 in response to the registration request made with the generated decryption information is stored in the memory card 201 via the reader / writer 206, and the encryption / decryption information of the own apparatus is stored. The print data is encrypted with the encryption information generated by the generation unit 261.

  In this system, when the memory card 201 is first connected to the PC 1 before or when the user instructs printing on the PC 1, the encryption / decryption information generation unit 261 of the PC 1 A process for generating paired decryption information is performed, and then a request for registering decryption information is made to the server device 241 by the request unit (request means) 247, and the server device 241 executes access according to this request. The unit 249 issues access information for obtaining the decryption information obtained from the PC1, stores the access information and the decryption information in the information storage unit 250, and transmits the access information to the PC1.

  In the PC 1, the information storage unit 252 performs processing for storing the access information acquired by the request unit 247 from the server device 241 in the memory card 201, and when the user instructs printing in the PC 1, the encryption / decryption information is stored. Using the encryption information generated by the generation unit 261, processing for encrypting print data is performed by the encryption processing unit 12, and the encrypted print data obtained thereby is transmitted to the printer 2, and the printer 2 receives it. The encrypted print data is stored in the print data storage unit 26, and a standby state is entered.

  When the print document is output by the printer 2, when the memory card 201 is connected to the printer 2, the information reading unit 251 of the printer 2 reads access information from the memory card 201 in the same procedure as in the above example. Next, the request unit 245 performs a process of sending a transmission request to the server device 241 with the access information. In the server device 241, the access execution unit 249 decrypts the information from the information storage unit 250 according to the access information. Information is extracted and transmitted to the printer 2. When the decryption information is acquired by the request unit 245 of the printer 2, the decryption processing unit 22 performs a process of decrypting the encrypted print data using the decryption information, and the print obtained thereby. Printing is performed in the printing unit 27 using the data.

  In the example shown in FIG. 27, the encryption information and the decryption information are generated in response to the memory card 201 being connected to the PC 1, and then the decryption information registration request to the server device 241 is generated. Although predetermined processing is executed, the predetermined processing such as a registration request to the server device 241 may be performed in advance prior to the connection of the memory card 201 to the PC 1. is there.

  Further, the processing until the server device 241 issues access information to the PC 1 can be performed in advance prior to the connection of the memory card 201 to the PC 1, and the print data can be encrypted according to the print instruction in the PC 1. The temporal relationship between each process of transmission to the printer 2 and the process of storing the access information in the memory card 201 is not particularly limited.

  The storage process of the access information to the memory card 201 may be performed at least before the print document is output by the printer 2, but the PC 1 is dedicated to a specific user, and login is restricted by a password or the like. Except for the case where high safety is ensured by functions or the like, it is not desirable for safety to keep the access information in the PC 1 for a long time. From this point of view, the time when the memory card 201 is connected to the PC 1 Thus, it is preferable that the access information issued by the server device 241 is immediately stored in the memory card 201 and the access information in the PC 1 is erased immediately after that. On the other hand, if the security of the encrypted information can be ensured by the public key encryption method even if the PC 1 itself cannot secure high security, only the encrypted information is held in the PC 1 for a long time. In this way, it is possible to save the trouble of connecting the memory card 201 to the PC 1 when instructing printing on the PC 1 next time.

  Also, unlike the example shown in FIG. 27, the server device 241 may be configured to issue access information for acquiring encrypted information together with access information for acquiring decrypted information. Furthermore, the access information for obtaining the encrypted information can be stored in the memory card 201. In this case, when encrypting the print data, the server apparatus 241 is requested to send the encrypted information with the access information and the print data is encrypted using the acquired encryption information. Done.

  FIG. 28 shows another example of the network printing system according to the present invention. Here, as in the above example, the server device 241 connected to the PC 1 and the printer 2 via an appropriate communication medium stores the decryption information in association with the access information of the individual user, and accesses from the printer 2. The corresponding decryption information is provided in response to the transmission request made with the information attached. Unlike the above example, the server device 241 adds the access information and decryption information from the PC 1. In response to the registration request made, the access information and the decryption information are registered in association with each other, and the PC 1 generates the encryption information and the decryption information that are paired with each other. A decryption information generated by the encryption / decryption information generation unit 261, and a reception device 244 that enables data transfer between the encryption information generation unit 261 and the RFID tag 242. A registration request is made to the server device 241 with the access information acquired from the RFID tag 242 via the device 244, and the encrypted information generated by the encryption / decryption information generation unit 261 of the own device is printed. Data encryption is performed.

  In this system, when the RFID tag 242 is first connected to the PC 1 at the time of a print request on the PC 1, the information reading unit 248 of the PC 1 performs a process of reading access information from the RFID tag 242, and encryption is performed. The decryption information generation unit 261 performs processing for generating encryption information and decryption information that is paired with the encryption information, and then the access information acquired from the RFID tag 242 by the request unit (request means) 247; A request for registering the decryption information generated by the encryption / decryption information generation unit 261 is made to the server device 241. In response to this, the access execution unit 249 of the server device 241 obtains the access acquired from the PC1. A registration process for storing the decrypted information in the information storage unit 250 in association with the information is performed.

  In the PC 1, the encryption processing unit 12 performs processing for encrypting print data using the encryption information generated by the encryption / decryption information generation unit 261, and the encrypted print data obtained thereby is stored in the printer. 2, the printer 2 stores the received encrypted print data in the print data storage unit 26 and enters a standby state.

  When the print document is output by the printer 2, when the RFID tag 242 is connected to the printer 2, the information reading unit 251 performs a process of reading access information from the RFID tag 242 as in the above example. Next, processing for sending a transmission request to the server device 241 with this access information is performed by the request unit 245. In the server device 241, the access execution unit 249 extracts the decryption information from the information storage unit 250 according to the access information. To the printer 2. When the decryption information is acquired by the request unit 245 of the printer 2, the decryption processing unit 22 performs a process of decrypting the encrypted print data using the decryption information, and the print obtained thereby. Printing is performed in the printing unit 27 using the data.

  Unlike the example shown in FIG. 28, the server device 241 can store the encrypted information together with the decrypted information in association with the access information. In this case, when encrypting the print data, the server apparatus 241 is requested to send the encrypted information with the access information and the print data is encrypted using the acquired encryption information. Done.

  FIG. 29 shows another example of the network printing system according to the present invention. Here, the PC 1 is provided with an encryption processing unit (first encryption unit) 281 that generates encrypted print data by encrypting print data using the first encryption information of the individual user. The encrypted print data is transmitted from the PC 1 to the printer 2 via the network.

  The printer 2 includes a decryption processing unit (first decryption unit) 282 that decrypts the encrypted print data received from the PC 1 using the first decryption information corresponding to the first encryption information. The rasterizer (processing means) 283 that performs rasterization processing on the decrypted print data obtained by the above-described processing, and the raster data (processed print data) obtained thereby by using the second encryption information An encryption processing unit (second encryption unit) 284 that re-encrypts and generates encrypted raster data (re-encrypted print data) is provided, and the encrypted raster data obtained by the encryption processing unit 284 is data The data is stored in the print data storage unit (storage unit) 26 by the storage processing unit 25.

  Further, here, a smart card (portable) 291 possessed by the user and storing necessary information is used, and a reader / writer (interface) that enables data transfer to and from the smart card 291 is used for the printer 2. Means) 292 is provided.

  The smart card 291 holds the second decryption information corresponding to the second encrypted information in the information storage unit 293, and the smart card 291 includes the second decryption information in the information storage unit 293. Is used, a decryption processing unit (second decryption means) 294 for decrypting the encrypted raster data (re-encrypted print data) stored in the print data storage unit 26 is provided.

  Further, here, the PC 1 is also provided with a reader / writer (interface means) 295 that enables data transfer with the smart card 291. The printer 2 is provided with a first encryption / decryption information generation unit (information acquisition unit) 285 that generates and acquires first encryption information and decryption information. The smart card 291 holds the second encrypted information together with the second decryption information in the information storage unit 293.

  The second encryption information held by the smart card 291 is acquired by the printer 2 via the reader / writer 292 when the smart card 291 is connected to the printer 2 prior to the print request, and the encryption of the printer 2 is stored. The encryption processing unit (second encryption means) 284 is used for encryption.

  The first encryption information generated by the first encryption / decryption information generation unit (information acquisition unit) 285 of the printer 2 is also stored when the smart card 291 is connected to the printer 2 in advance prior to the print request. Then, the data is acquired by the smart card 291 via the reader / writer 292 and used for encryption by the encryption processing unit (first encryption means) 281 provided in the PC 1.

  In this system, first, when the smart card 291 is connected to the printer 2 prior to a printing instruction on the PC 1, the first encryption / decryption is automatically performed according to this or according to a predetermined instruction by the user. The encrypted information generation unit 285 generates first encrypted information and decryption information, and the information storage unit 286 performs processing for storing the first encrypted information in the information storage unit 293 of the smart card 291. In addition, the second encrypted information is read from the information storage unit 293 of the smart card 291 by the information reading unit 287 of the printer 2, and the second encrypted information is stored in the information storage unit 288.

  Next, when the smart card 291 is connected to the PC 1, the first encryption is automatically performed from the information storage unit 293 of the smart card 291 by the information reading unit 300 of the PC 1 automatically or in response to a predetermined instruction from the user. Information is read. When the user issues a print instruction on the PC 1, the encryption processing unit 281 performs processing for encrypting the print data using the first encrypted information acquired by the information reading unit 300. The encrypted print data is transmitted to the printer 2.

  In the printer 2, the decryption processing unit 282 performs processing for decrypting the received encrypted print data using the first decryption information in the information storage unit 288, and then the decrypted print data is transmitted by the rasterizer 283. The encryption processing unit 284 performs a process of re-encrypting the raster data obtained by the rasterization process using the second encryption information in the information storage unit 288. A process of saving the re-encrypted raster data in the print data storage unit 26 is performed by the data storage processing unit 25, and a standby state is entered.

  When the smart card 291 is connected to the printer 2 so that the printer 2 can output a print document, the decryption processing control unit 289 of the printer 2 automatically or in response to a predetermined instruction from the user. The encrypted raster data is read from the print data storage unit 26, transmitted to the smart card 291, and the decryption processing unit 294 uses the second decryption information in the information storage unit 293 to convert the encrypted raster data. When the decoding process control unit 289 obtains the decoded raster data from the smart card 291 by performing the decoding process, printing is performed in the printing unit 27 using the raster data.

  In the configuration shown in FIG. 29, a decryption processing unit (for decrypting encrypted raster data (re-encrypted data) extracted from the print data storage unit 26 of the printer 2 using the second decryption information ( A configuration in which the second decoding unit) is provided in the printer 2 is also possible. In addition, a configuration in which an encryption processing unit (first encryption unit) that encrypts the print data generated by the print data generation unit 13 using the first encryption information is provided in the smart card 291 is also possible. . In this case, it is not necessary to send the first encrypted information to the outside of the smart card 291, so that safety can be improved. This can be similarly applied to the configuration described below.

  The encryption information and the decryption information are information necessary for generating or acquiring the encryption key and the decryption key, respectively, in addition to the encryption key and the decryption key that actually encrypt and decrypt the target data. For example, when there is a server device that holds an encryption key and a decryption key, the access information for acquiring the encryption key and the decryption key from the server device can be used as the encryption information and the decryption information. It is. This is similarly applicable to configurations shown in the drawings other than FIG.

  Further, when the encrypted raster data (re-encrypted data) is extracted from the print data storage unit 26 and decrypted, it is necessary to identify the encrypted raster data to be decrypted by some method. By adding the identification information of the individual user, it can be automatically performed by a method such as determining whether or not the encrypted print data is to be decrypted. It may be configured to specify data.

  In the example shown in FIG. 29, the encryption information and the decryption information are generated after the smart card 291 is connected to the printer 2. However, the generation process of the encryption information and the decryption information is as follows. It is also possible to adopt a configuration that is performed in advance prior to connection of the smart card 291 to the printer 2.

  In addition, the first encryption information exchange between the printer 2 and the smart card 291 according to the above procedure, the first encryption information exchange between the smart card 291 and the PC 1, and the printer. 2 and the smart card 291, once each process of the exchange of the second encrypted information is performed, the first encrypted information and the second encrypted information will be stored for a certain period thereafter. If it is held in the device of the provision destination, connection operation for exchanging information becomes unnecessary, and it is possible to save the user's trouble. In this case, since it is not desirable for safety to hold the information providing apparatus for a long time, it is preferable to delete the information when a predetermined instruction operation or a certain condition is established by the user.

  FIG. 30 shows another example of the network printing system according to the present invention. Here, unlike the example shown in FIG. 29, the PC 1 is provided with an information transmission unit (information transmission unit) 301 for transmitting required information to the printer 2 via the network. In addition, the printer 2 is provided with an information receiving unit (information receiving unit) 302 that receives necessary information from the PC 1 via the network.

  The first encryption information generated by the first encryption / decryption information generation unit (information acquisition unit) 285 of the printer 2 is smart in advance prior to the print request, as in the example shown in FIG. When the card 291 is connected to the printer 2, it is acquired by the smart card 291 via the reader / writer 292 and used for encryption in the encryption processing unit (first encryption means) provided in the PC 1. I have to.

  On the other hand, unlike the example shown in FIG. 29, the second encrypted information held by the smart card 291 is acquired by the PC 1 via the reader / writer 295 on the PC 1 side, and further the information transmitting unit 301 of the PC 1 and The data is acquired by the printer 2 via the information receiving unit 302 of the printer 2 and used for encryption by the encryption processing unit (second encryption unit) 284 of the printer 2.

  In this system, first, when the smart card 291 is connected to the printer 2 prior to a printing instruction on the PC 1, the first encryption / decryption is automatically performed according to this or according to a predetermined instruction by the user. The encrypted information generation unit 285 generates first encrypted information and decryption information, and the information storage unit 286 performs processing for storing the first encrypted information in the information storage unit 293 of the smart card 291. Is called.

  Next, when the smart card 291 is connected to the PC 1, the second encryption is automatically performed from the information storage unit 293 of the smart card 291 by the information reading unit 300 of the PC 1 automatically or in response to a predetermined instruction from the user. The encrypted information is read out, and then the second encrypted information is transmitted to the printer 2 by the information transmitting unit 301. In the printer 2, the second encrypted information from the PC 1 is received by the information receiving unit 302, and this second encrypted information is stored in the information storage unit 288.

  In the PC 1, when the information reading unit 300 reads the first encrypted information from the information storage unit 293 of the smart card 291, and the PC 1 issues a print instruction, the first reading acquired by the information reading unit 300 is performed. The encryption processing unit 281 performs processing for encrypting the print data using the encryption information, and the encrypted print data obtained thereby is transmitted to the printer 2.

  Thereafter, similar to the example shown in FIG. 29, the printer 2 performs processes of decrypting the encrypted print data, rasterizing the print data, encrypting the raster data, and storing the encrypted raster data. When the smart card 291 is connected to the printer 2 when the printer 2 enters the standby state and outputs a print document, the printing unit 27 performs printing after decrypting the encrypted raster data.

  FIG. 31 shows another example of the network printing system according to the present invention. Here, unlike the example shown in FIG. 30, the PC 1 is provided with an information receiving unit (information receiving means) 303 for receiving necessary information from the printer 2 via the network. In addition, the printer 2 is provided with an information transmission unit (information transmission unit) 304 that transmits necessary information to the PC 1 via the network.

  Similarly to the example shown in FIG. 30, the second encrypted information held by the smart card 291 is acquired by the PC 1 via the reader / writer 295 on the PC 1 side, and further the information transmission unit 301 of the PC 1 and the printer 2 The information is acquired by the printer 2 via the information receiving unit 302 and used for encryption in the encryption processing unit (second encryption unit) 284 of the printer 2.

  On the other hand, the first encryption information generated by the first encryption / decryption information generation unit (information acquisition unit) 285 of the printer 2 is different from the above example, and the information transmission unit 304 of the printer 2 and the PC 1 The data is acquired by the PC 1 via the information receiving unit 303 and used for encryption in the encryption processing unit (first encryption unit) 281 of the PC 1.

  Further, here, the printer 2 is provided with an encryption processing unit 305 that encrypts the first encrypted information using the second encrypted information when the first encrypted information is transmitted to the PC 1. The encrypted first encrypted information thus obtained is transmitted to the PC 1 by the information transmitting unit 304, and the encrypted first encrypted information received by the information receiving unit 303 is transmitted to the PC 1. A decryption processing control unit 306 is provided that causes the decryption processing unit 294 of the smart card 291 to perform a process of decrypting the data using the second decryption information.

  In this system, when the smart card 291 is first connected to the PC 1, the information storage unit 293 of the smart card 291 is automatically or according to a predetermined instruction from the user by the information reading unit 300 of the PC 1. The second encryption information stored in the information is read out, and the process of transmitting the second encryption information to the printer 2 is performed by the information transmission unit 301. The printer 2 receives the second encryption information received by the information reception unit 302. Two pieces of encrypted information are stored in the information storage unit 288. The first encryption / decryption information generation unit 285 of the printer 2 generates first encryption information and decryption information, and these pieces of information are stored in the information storage unit 288. Then, the encryption processing unit 305 performs processing for encrypting the first encrypted information in the information storage unit 288 using the second encrypted information in the information storage unit 288, and the information transmission unit 304 performs the first processing. A process of transmitting the first encrypted information encrypted with the encrypted information 2 to the PC 1 is performed.

  In the PC 1, when the encrypted first encrypted information from the printer 2 is received by the information receiving unit 303, the decrypted processing control unit 306 of the PC 1 smartly converts the encrypted first encrypted information. The decryption processing unit 294 causes the decryption processing unit 294 to decrypt the encrypted data using the second decryption information in the information storage unit 293, so that the decryption processing control unit 306 receives the decryption processing from the smart card 291. The first encrypted information that has been decrypted is acquired, and the first encrypted information is stored in the information storage unit 308. When the user issues a print instruction on the PC 1, the encryption processing unit 12 performs a process of encrypting the print data using the first encryption information in the information storage unit 308. Print data is transmitted to the printer 2.

  Thereafter, similar to the example shown in FIG. 29, the printer 2 performs processes of decrypting the encrypted print data, rasterizing the print data, encrypting the raster data, and storing the encrypted raster data. When the smart card 291 is connected to the printer 2 when the printer 2 enters the standby state and outputs a print document, the printing unit 27 performs printing after decrypting the encrypted raster data.

  FIG. 32 shows another example of the network printing system according to the present invention. Here, similarly to the example shown in FIG. 31, the second encryption information held by the smart card 291 is acquired by the PC 1 via the reader / writer 295, and the information transmission unit 301 and the printer 2 of the PC 1 are further acquired. The information is acquired by the printer 2 via the information receiving unit 302 and used for encryption by the encryption processing unit (second encryption unit) 284 of the printer 2, and the first encryption / decryption of the printer 2 is used. The first encryption information generated by the conversion information generation unit (information acquisition unit) 286 is acquired by the PC 1 via the information transmission unit 304 of the printer 2 and the information reception unit 303 of the PC 1, and the encryption process of the printer 2 is performed. (Second encryption means) 284 is used for encryption.

  Further, here, unlike the example shown in FIG. 31, the PC 1 is provided with a third encryption / decryption information generation unit 311 that generates the third encryption information and the third decryption information. The third encrypted information generated here is acquired together with the second encrypted information by the printer 2 via the information transmitting unit 301 of the PC 1 and the information receiving unit 302 of the printer 2 to encrypt the printer 2. The processing unit 305 is used for encrypting the first encrypted information.

  In this system, first, in the PC 1, the third encryption / decryption information generation unit 311 generates third encryption information and third decryption information, and these information are stored in the information storage unit 308. The When the smart card 291 is connected to the PC 1, the information read unit 300 of the PC 1 reads the second encrypted information stored in the smart card 291, and the third encrypted information is read from the information storage unit 308. Information is read out, and the information transmitting unit 301 performs a process of transmitting the second encrypted information and the third encrypted information to the printer 2.

  In the printer 2, the second encrypted information and the third encrypted information received by the information receiving unit 302 are stored in the information storage unit 288. The first encryption / decryption information generation unit 285 of the printer 2 generates first encryption information and decryption information, and these information are stored in the information storage unit 288. Then, the encryption processing unit 305 performs processing for encrypting the first encrypted information read from the information storage unit 288 using the third encrypted information read from the information storage unit 288, and the information transmission unit By 304, the process which transmits the 1st encryption information encrypted with the 3rd encryption information to PC1 is performed.

  In the PC 1, when the encrypted first encrypted information from the printer 2 is received by the information reception unit 303, the third decryption information read from the information storage unit 308 by the decryption processing unit 312 of the PC 1. Is used to decrypt the encrypted first encrypted information, and the obtained first encrypted information is stored in the information storage unit 308. When the user issues a print instruction on the PC 1, the encryption processing unit 281 performs processing for encrypting the print data using the first encryption information in the information storage unit 308, and the encrypted print obtained thereby. Data is transmitted to the printer 2.

  Thereafter, as in the above example, the printer 2 performs a process of decrypting the encrypted print data, rasterizing the print data, encrypting the raster data, and storing the encrypted raster data, and enters a standby state. When the smart card 291 is connected to the printer 2 when the print document is output by the printer 2, printing is performed in the printing unit 27 through the process of decrypting the encrypted raster data.

  FIG. 33 shows another example of a network printing system according to the present invention. Here, as in the example shown in FIG. 29, the second encryption information held by the smart card 291 is stored in the reader / writer 292 when the smart card 291 is connected to the printer 2 in advance of the print request. The data is acquired by the printer 2 and used for encryption by the encryption processing unit (second encryption means) 284 of the printer 2.

  On the other hand, the first encryption information generated by the first encryption / decryption information generation unit (information acquisition unit) 286 of the printer 2 is the information transmission unit of the printer 2 as in the example shown in FIG. 304 and the information receiving unit 303 of the PC 1 are acquired by the PC 1 and used for encryption by the encryption processing unit (first encryption unit) 281 of the PC 1.

  In this system, first, when the smart card 291 is connected to the printer 2 prior to a printing instruction on the PC 1, the information reading unit 287 of the printer 2 automatically or in response to a predetermined instruction by the user. Thus, the second encrypted information is read from the information storage unit 293 of the smart card 291 and the second encrypted information is stored in the information storage unit 288.

  The first encryption / decryption information generation unit 285 generates first encryption information and decryption information, and these pieces of information are stored in the information storage unit 288. Then, the encryption processing unit 305 performs processing for encrypting the first encrypted information in the information storage unit 288 using the second encrypted information in the information storage unit 288, and the information transmission unit 304 performs the first processing. The first encrypted information encrypted with the encrypted information 2 is transmitted to the PC 1. In the PC 1, the information receiving unit 303 receives the encrypted first encrypted information from the printer 2. Is done.

  Next, when the smart card 291 is connected to the PC 1, the first encrypted information encrypted in the decryption processing control unit 306 of the PC 1 automatically or in response to a predetermined instruction from the user. Is sent to the smart card 291, and the decryption processing unit 294 performs a process of decrypting the encrypted data using the second decryption information in the information storage unit 293, so that the decryption process control unit 306 performs the smart card The decrypted first encrypted information is acquired from 291, and the first encrypted information is stored in the information storage unit 308. When the user issues a print instruction on the PC 1, the encryption processing unit 281 performs processing for encrypting the print data using the first encryption information in the information storage unit 308, and the encryption obtained thereby. Print data is transmitted to the printer 2.

  Thereafter, similar to the example shown in FIG. 29, the printer 2 performs processes of decrypting the encrypted print data, rasterizing the print data, encrypting the raster data, and storing the encrypted raster data. When the smart card 291 is connected to the printer 2 when the printer 2 enters the standby state and outputs a print document, the printing unit 27 performs printing after decrypting the encrypted raster data.

  FIG. 34 shows another example of the network printing system according to the present invention. Here, as in the previous examples, the printer 2 receives the encrypted print data generated by using the personal user's encryption information on the PC 1 side from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. The printer 2 performs printing by using the decryption information corresponding to the encrypted information, and in particular, here, a data storage unit (in this case, which is owned by the user and stores necessary information) A mobile phone (portable item) 323 including a storage unit) 321 and a monitor (image display unit) 322 for displaying required information as an image is used. The mobile phone 323 includes at least encrypted information and decrypted information. Either one is stored in the data storage unit 321, and the information stored in the data storage unit 321 is displayed as an image on the monitor 322 of its own device, and this is displayed on the PC 1 or the information providing destination. By to read the camera (image reading means) 324 provided in the printer 2 side, so as to provide the necessary information to the device of the information providing destination.

  Further, here, the mobile phone 323 is further provided with a camera (image reading means) 325 that reads an image indicating required information, and is provided on the information providing apparatus side that holds at least one of the encrypted information and the decrypted information. The information displayed on the monitor (image display means) 326 is read by the camera 325 of its own device, so that necessary information is acquired from the information source device.

  In this example, in the PC 1, the encryption information used for the encrypted communication of the print data and the decryption information paired therewith are stored in the information storage unit 327, and when the user makes a print request in the PC 1. Then, the decoding processing of the information storage unit 327 is read and converted into image data by bar code in the image processing unit 328, and the obtained image data is output to the monitor 326 of the PC1. The captured image data is stored in the data storage unit 321 by photographing the screen of the monitor 326 with the camera 325 of the mobile phone 323.

  When the printer 2 outputs a print document, the image data is read from the data storage unit 321 of the mobile phone 323 and displayed on the monitor 322, and the camera 324 provided in the printer 2 captures the screen of the monitor 322. The captured image data thus obtained is converted into decryption information by the image processing unit 329, and the decryption processing unit 22 performs a process of decrypting the encrypted data using the decryption information acquired thereby.

  Here, as in the example shown in FIG. 22, the portable object obtains the decryption information from the PC and provides it to the printer. On the contrary, the example shown in FIG. Similarly to the above, it is possible to adopt a configuration in which the portable object acquires the encryption information from the printer and provides it to the PC. In this case, the information providing source printer 2 is provided with a monitor (image display means), and the information providing destination PC is provided with a camera (image reading means).

  In addition, the mobile phone 323 holds the image data obtained by photographing the barcode image displayed on the monitor of the information providing apparatus, and converts the image data into encrypted information or decrypted information. When the information is provided to the information providing apparatus, it may be converted into a barcode image and displayed on the screen.

  FIG. 35 shows another example of the network printing system according to the present invention. Here, as in the previous examples, the printer 2 receives the encrypted print data generated by using the personal user's encryption information on the PC 1 side from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. The printer 2 performs printing by using the decryption information corresponding to the encryption information, and in particular, here, at least one of the encryption information and the decryption information is indicated by a barcode or the like. An information recording sheet 331 on which an image is recorded is read by a scanner (image reading unit) 332 provided on the PC 1 or printer 2 side as an information providing destination, thereby providing necessary information to the information providing destination device. Like to do.

  Further, here, the printer 2 prints out an information recording sheet 331 on which an image indicating encrypted information held in the information storage unit 333 of the own apparatus is recorded, and the information recording sheet 331 is provided on the PC 1 side. By making the scanner 332 read, the encryption information is provided to the PC 1.

  In this example, the encrypted information used for the encrypted communication of the print data in the printer 2 is stored in the information storage unit 333 together with the decryption information paired therewith, and the user records the information recording sheet 331 in the printer 2. When printing output is instructed, the decrypted information in the information storage unit 333 is read out and converted into image data by the image processing unit 334, and this image data is output to recording paper by the printing unit 27 and is recorded on the information recording sheet 331. Is obtained.

  When the user makes a print request on the PC 1, the information recording sheet 331 is read by the scanner 332 provided on the PC 1, and the read image data obtained thereby is converted into encrypted information by the image processing unit 335. The encryption processing unit 12 performs processing for encrypting the print data using the acquired encryption information.

  Here, as in the example shown in FIG. 23, the encryption information held in the printer 2 is provided to the PC 1, but conversely, the same as the example shown in FIG. In addition, the decryption information held in the PC 1 can be provided to the printer 2. In this case, if the information providing destination apparatus is a multi-function machine having printer and scanner functions, the information recording sheet may be read by the scanner unit of the multi-function machine.

  In addition, a printing apparatus that prints and outputs an information recording sheet on which an image indicating encryption information or decryption information is recorded is not limited to a printing apparatus that is an output destination of encrypted printing. An information recording sheet may be printed out.

  FIG. 36 shows another example of a network printing system according to the present invention. Here, as in the previous examples, the printer 2 receives the encrypted print data generated by using the personal user's encryption information on the PC 1 side from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. The printer 2 performs printing using decryption information corresponding to the encrypted information, but unlike the above example, a smart card (portable) 291 equipped with a CPU is encrypted. The data processing section (encryption means) 342 is provided, the print data is acquired from the PC 1 via the reader / writer (interface means) 295, encrypted using the encryption information in the own apparatus, and then encrypted. The print data is transferred to the PC 1 via the reader / writer 295.

  When the smart card 291 is connected to the PC 1 at the time of a print request in the PC 1, the print data generated by the print data generation unit 13 is transmitted to the smart card 291 in the encryption processing control unit 346 of the PC 1, and the smart card The encryption processing unit 342 in the 291 performs processing for encrypting the print data using the encryption information in the information storage unit 344, whereby the encryption processing control unit 346 performs the encrypted printing from the smart card 291. Data is acquired, and the encrypted print data is transmitted to the printer 2.

  This configuration can be applied to the systems shown in FIGS. The decryption of the encrypted data on the printer 2 side is also performed by the decryption processing unit (decryption means) 345 in the smart card 291 as in the examples of FIGS. 3 and 4 and FIGS. It is also good.

  FIG. 37 shows another example of the network printing system according to the present invention. Here, as in the example of FIG. 22, the printer 2 receives the encrypted print data generated from the personal information of the user on the PC 1 side via the network, and the encrypted print data is received on the printer 2 side. Is decrypted using decryption information corresponding to the encrypted information, and the printer 2 performs printing. The PC 1 provides the decryption information to the memory card 201 via the reader / writer 206, and the printer 2. The decryption information stored in the memory card 201 is provided to the printer 2 via the reader / writer 202, and the encrypted print data is decrypted.

  In particular, here, the memory card 201 holds transmission request information for instructing the PC 1 to transmit encrypted print data and address information indicating the address of the PC 1 on the network, and the memory card 201 is connected to the printer 2. When this is done, the printer 2 acquires the transmission request information and the address information from the memory card 201 via the reader / writer 202, and sends the transmission request information to the corresponding PC 1 based on this address information. In response to receiving the transmission request information from the printer 2, a process of transmitting the encrypted print data to the printer 2 is performed. Thus, the printer 2 receives the encrypted print data from the PC 1 and immediately receives the decryption processing unit 22. The encrypted print data is decrypted and a print document is output by the printing unit 27. For this reason, the memory | storage part which memorize | stores the encryption print data shown in each said example is unnecessary.

  In this configuration, when the memory card 201 is connected to the PC 1, the information storage unit 207 performs processing for storing the decryption information generated by the encryption / decryption information generation unit 205 in the memory card 201, and print control. The information storage unit 207 performs processing for storing the transmission request information and the address information generated by the unit 351 in the memory card 201. When printing is instructed by the PC 1, processing for encrypting the print data generated by the print data generating unit 13 is performed by the encryption processing unit 12.

  When the memory card 201 is connected to the printer 2 in order to output a print document by the printer 2, the information reading unit 203 of the printer 2 performs a process of reading transmission request information and address information from the memory card 201, and then this address. A process of transmitting the transmission request information to the PC 1 according to the information is performed by the information transmission unit 352. When the information reception unit 353 of the PC 1 receives the transmission request information from the printer 2, the print control unit 351 instructs the print data transmission unit 354 to transmit the encrypted print data generated by the encryption processing unit 12. The encrypted print data is transmitted from the print data transmission unit 354 to the printer 2.

  In the printer 2, when the encrypted print data from the PC 1 is received by the print data receiving unit 355, the information reading unit 203 performs a process of reading the decryption information from the memory card 201, and then decrypts using the decryption information. The processing unit 22 performs a process of decrypting the encrypted print data, and the print data obtained thereby is sent to the printing unit 27.

  In the above system, when a predetermined update condition is satisfied, the encryption / decryption information generation unit can newly generate encryption information and decryption information. In this case, the update condition corresponds to an update instruction from the user, a certain period of time (for example, one day), a case where the number of prints reaches a predetermined value, etc. It is good to be able to specify. It is possible to update the encryption information and the decryption information each time a print instruction is issued.

  Note that the network printing system and the facsimile communication system according to the present invention are not limited to the illustrated examples, and can be configured by appropriately combining these examples, and in particular, the examples shown in the network printing system. Can be applied to a facsimile communication system by replacing a PC (user device) with a transmitting device and a printing device with a receiving device.

  In addition, the network printing system and the facsimile communication system according to the present invention may adopt either a common key encryption method or a public key encryption method as appropriate. For example, a portable object may be provided with a secret key that requires confidentiality. It is preferable that the structure be held.

  The network printing system and the facsimile communication system according to the present invention have the advantage that it is possible to solve the problems such as snooping of document data, falsification of document data and spoofing of the sender, and to ensure high safety, and the user device Useful as a network printing system in which printing data is received by a printing device via a network and printed, and a facsimile communication system in which facsimile data from a sending device is received and output by a receiving device via a communication network It is.

1 is a block diagram showing an example of a network printing system according to the present invention. The block diagram which shows another example of the decoding in the network printing system by this invention The block diagram which shows another example of the decoding in the network printing system by this invention The block diagram which shows another example of the decoding in the network printing system by this invention 1 is a block diagram showing an example of user authentication in a network printing system according to the present invention. The block diagram which shows another example of the user authentication in the network printing system by this invention 1 is a block diagram showing an example of encryption and decryption in a network printing system according to the present invention. The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding The block diagram which shows another example of the user authentication and decoding in the network printing system by this invention The block diagram which shows another example of the user authentication and decoding in the network printing system by this invention The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding 1 is a block diagram showing an example of a facsimile communication system according to the present invention. 1 is a block diagram showing an example of encryption and decryption in a facsimile communication system according to the present invention. The block diagram which shows another example of the facsimile communication system by this invention The block diagram which shows another example of the facsimile communication system by this invention 1 is a block diagram showing an example of encryption and decryption in a facsimile communication system according to the present invention. The block diagram which shows another example of the encryption in the facsimile communication system by this invention, and a decoding The block diagram which shows another example of the facsimile communication system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention

Explanation of symbols

1 PC (user equipment)
2 Printer (printing device)
3.103 USB key (portable)
4.104 User authentication unit (user authentication means)
11 Cryptographic information storage unit (storage means)
12 Encryption processing part (encryption means)
21.31 Decryption Information Storage Unit (Storage Unit)
22.32 Decoding processing unit (decoding means)
26 Print Data Storage Unit 29 Interface (Interface Unit)
51 Print Data Call Processing Unit 52 Decryption Key Database (Storage Unit)
53 Decryption key call processing unit (decryption information acquisition means)
101/105 Sending facsimile apparatus 102/106 Receiving facsimile apparatus 107 Authentication station 111 Addressee database 112 Encryption processing unit (encryption means)
121 Decryption information storage unit (storage means)
122 Decoding processing unit (decoding means)
126 Facsimile Data Storage Unit 131 Facsimile Data Call Processing Unit 132 Decryption Key Database 133 Decryption Key Call Processing Unit 141 Notification Processing Unit (Notification Processing Unit)
152 Digital Signature Generation Unit 161 Digital Signature Determination Processing Unit 164 Public Key Database 201 Memory Card (Portable)
202/206 reader / writer (interface means)
205 Encryption / decryption information generation unit (information acquisition means)
211 Encryption / Decryption Information Generation Unit (Information Acquisition Unit)
222 Rasterizer (processing means)
223 Encryption processing unit (encryption means)
226 Decoding processing unit (decoding means)
241 Server device 242 RFID tag (portable)
244/246 Receiver (interface means)
245 Request part (request means)
247 Request part (request means)
261 Encryption / Decryption Information Generation Unit (Information Acquisition Unit)
281 Encryption processing unit (first encryption means)
282 Decoding processing unit (first decoding means)
283 Rasterizer (processing means)
284 Encryption processing unit (second encryption means)
285 First encryption / decryption information generation unit (information acquisition unit)
291 Smart card (portable)
292/295 Reader / Writer (interface means)
294 decryption processing unit (second decryption means)
301 Information transmitter (information transmitter)
302 Information receiving unit (information receiving means)
303 Information receiving unit (information receiving means)
304 Information transmission unit (information transmission means)
321 Data storage unit (storage means)
322/326 monitor (image display means)
323 Mobile phone (portable)
324/325 camera (image reading means)
331 Information recording sheet (mobile)
332 scanner (image reading means)
342 Encryption processing unit (encryption means)

Claims (39)

A network printing system in which print data is received from a user device via a network and printed.
Encryption means for encrypting print data using predetermined encryption information, user authentication means for identifying and verifying that the person who performs the output operation is the user who made the print request, and the encryption received from the user device Decrypting means for decrypting print data using required decryption information,
The user authentication unit and the decryption unit are provided on the printing apparatus side, and when the authentication by the user authentication unit is successful, the decryption unit executes the decryption to perform printing. A network printing system.   The network printing system according to claim 1, wherein the user authentication unit identifies and verifies the user based on biometrics. A network printing system in which print data is received from a user device via a network and printed.
Encrypting means for encrypting print data using user's personal encryption information to generate encrypted print data, and portable object possessed by the user himself / herself and holding the user's personal decryption information corresponding to the encrypted information And decryption means for decrypting the encrypted print data using the decryption information held by the portable object,
The printing apparatus is provided with interface means for delivering required information to and from the portable object, and the decryption means is provided in at least one of the portable object and the printing apparatus. Printing system.   The said printing apparatus is provided with the said decryption means, acquires the said user's individual decryption information from the said portable thing via the said interface means, and decrypts encryption print data. The network printing system described in 1.   The portable object includes the decryption unit, obtains encrypted print data from the printing apparatus via the interface unit, decrypts it using decryption information in the own apparatus, and then decrypts the encrypted print data. 4. The network printing system according to claim 3, wherein print data is transferred to the printing apparatus via the interface means. The portable object holds the encrypted information together with the decryption information;
The user device comprises interface means for delivering required information to and from the portable object,
6. The method according to claim 3, wherein at least one of the user device and the portable object includes an encryption unit that encrypts print data using encryption information held by the portable object. The network printing system according to the above.   The said user apparatus is provided with the said encryption means, The said user's personal encryption information is acquired from the said portable thing via the said interface means, The encryption of print data is characterized by the above-mentioned. The network printing system described.   The portable object includes the encryption unit, and print data is acquired from the user device via the interface unit, encrypted using encryption information in the own device, and then the encrypted print 7. The network printing system according to claim 6, wherein data is transferred to the user device via the interface unit.   The user apparatus comprises information acquisition means for acquiring the encrypted information and decryption information, and interface means for delivering required information to and from the portable object, and the decryption acquired by the information acquisition means 6. The network printing system according to claim 3, wherein the network information is provided to the portable object via the interface unit.   The printing apparatus comprises information acquisition means for acquiring the encrypted information and decryption information, and interface means for delivering required information to and from the portable object, and the encryption acquired by the information acquisition means 9. The network printing system according to claim 6, wherein the information and the decryption information are provided to the portable object via the interface unit in advance of a print request.   The printing apparatus decrypts the encrypted print data received from the user apparatus side using the decryption information acquired by the information acquisition means, and the print data obtained thereby has a required Processing means for performing processing, and encryption means for re-encrypting the processed print data obtained or processed print data obtained thereby by using the encryption information acquired by the information acquisition means The network printing system according to claim 10. The encryption unit is provided on the user device side, and the encrypted print data generated here is transmitted to the printing device,
The portable object holds transmission request information for instructing the user device to transmit encrypted print data and address information of the user device,
The printing apparatus acquires the transmission request information and the address information from the portable object via the interface unit, and sends the transmission request information to the corresponding user apparatus based on the address information. 4. The network printing system according to claim 3, wherein encrypted print data is transmitted from the apparatus. A network system in which a printing device receives print data from a user device via a network and performs printing.
Encryption means for encrypting print data using user's personal encryption information to generate encrypted print data, and storing the user's personal decryption information corresponding to the encryption information in association with the user's personal access information In response to a transmission request made by adding the access information from an external device, a server device that provides corresponding decryption information to the requesting device, and the user himself / herself has access information of the individual user A portable object to be held, request means for attaching the access information acquired from the portable object and making a transmission request to the server device to obtain the decryption information, and a decryption acquired by the request means Decrypting means for decrypting the encrypted print data using information,
The request means is provided on the printing apparatus side, and the printing apparatus is provided with interface means for delivering required information to and from the portable object, and at least one of the portable object and the printing apparatus includes the A network printing system comprising a decrypting unit. The server device stores encrypted information together with user personal decryption information in association with user personal access information, and responds to a transmission request made by attaching the access information from an external device. Providing encryption information to the requesting device;
The user device is provided with interface means for delivering required information to and from the portable object,
Request means for acquiring the encrypted information by attaching the access information acquired from the portable object and making a transmission request to the server device is provided on the user device side,
14. The network according to claim 13, wherein at least one of the user device and the portable object is provided with the encryption means for encrypting print data using encryption information received from the server device. Printing system. In response to an issue request from an external device, the server device issues required access information associated with encryption information and decryption information that are paired with each other, and the access information and encryption information are requested from the request source. To the device of
The user device is provided with interface means for delivering required information to and from the portable object,
Request means for obtaining the access information and encryption information by making an issuance request to the server device is provided on the user device side, and the access information received from the server device by the request means is stored in the portable device. Hold it on the object,
14. The network according to claim 13, wherein at least one of the user device and the portable object is provided with the encryption means for encrypting print data using encryption information received from the server device. Printing system. In response to a registration request made by adding decryption information from an external device, the server device issues required access information associated with the decryption information, and the access information and the decryption Storing information and providing the access information to the requesting device;
The user device is provided with information acquisition means for acquiring encryption information and decryption information that make a pair with each other, and interface means for delivering required information to and from the portable object,
Request means for acquiring the access information by attaching a decryption information acquired by the information acquisition means and making a registration request to the server apparatus is provided on the user apparatus side. Holding the access information received from the device in the portable object;
14. The encryption unit that encrypts print data using the encryption information acquired by the information acquisition unit is provided in at least one of the user device and the portable object. Network printing system. In response to a registration request made by adding access information and decryption information from an external device, the server device stores the access information and decryption information in association with each other,
The user device is provided with information acquisition means for acquiring encryption information and decryption information that make a pair with each other, and interface means for delivering required information to and from the portable object,
Request means for making a registration request to the server device with the decryption information acquired by the information acquisition unit and the access information acquired from the portable object is provided on the user device side,
14. The encryption unit that encrypts print data using the encryption information acquired by the information acquisition unit is provided in at least one of the user device and the portable object. Network printing system.   The network printing system according to claim 13, wherein the access information is personal identification information given to each user. A network printing system in which print data is received from a user device via a network and printed.
Using first encryption means for generating print data by encrypting print data using the first encryption information of the individual user, and using the first decryption information corresponding to the first encryption information First decrypting means for decrypting the encrypted print data, processing means for performing required processing on the print data obtained thereby, processed print data obtained thereby or processed The second encryption means for re-encrypting the unprinted print data using the second encryption information to generate the re-encrypted print data, and the second corresponding to the second encrypted information possessed by the user himself / herself And a second decryption unit for decrypting the re-encrypted print data using the second decryption information retained by the portable object,
The first encryption unit is provided on the user device side, and the encrypted print data generated here is sent to the printing device, and the first decryption unit, the process is transmitted to the printing device side. And a second encryption unit are provided, and the printing apparatus is provided with interface means for delivering required information to and from the portable object, and at least one of the portable object and the printing apparatus A network printing system comprising the second decryption means. The user apparatus includes an interface unit that transfers required information to and from the portable object, and the printing apparatus includes an information acquisition unit that acquires the first encrypted information and the first decryption information. The portable object holds second encrypted information together with the second decryption information,
Prior to a print request, the second encryption information held by the portable object is acquired in advance by the printing apparatus via the interface unit, and encrypted by the second encryption unit of the printing apparatus. To use
Prior to a print request, the first encrypted information acquired by the information acquisition unit of the printing apparatus is acquired by the portable object via the interface unit, and at least the user apparatus and the portable object are acquired. 20. The network printing system according to claim 19, wherein the network printing system is used for encryption by the first encryption means provided on one side. The user device includes interface means for delivering required information to and from the portable object, and information transmitting means for transmitting required information to the printing apparatus via a network, and the printing apparatus includes the An information acquisition unit configured to acquire first encrypted information and first decryption information; and an information reception unit configured to receive necessary information from the user device via a network. Holding the second encrypted information together with the decryption information of
Prior to a print request, the first encrypted information acquired by the information acquisition unit of the printing apparatus is acquired by the portable object via the interface unit, and at least the user apparatus and the portable object are acquired. It is used for encryption by the first encryption means provided on one side,
The second encrypted information held by the portable object is acquired by the user device via the interface unit, and further, the information transmission unit of the user device and the information reception unit of the printing device The network printing system according to claim 19, wherein the network printing system is acquired by a printing apparatus and used for encryption by the second encryption unit of the printing apparatus. The user apparatus includes interface means for delivering required information to and from the portable object, and information transmitting means and information receiving means for transmitting and receiving required information to and from the printing apparatus via a network. An information acquisition means for the printing apparatus to acquire the first encrypted information and decryption information; an information transmission means and an information reception means for transmitting / receiving required information to / from the user apparatus via a network; The portable object holds the second encryption information together with the second decryption information,
The second encrypted information held by the portable object is acquired by the user device via the interface unit, and further, the information transmission unit of the user device and the information reception unit of the printing device Causing the printing apparatus to obtain the data and use it for encryption by the second encryption unit of the printing apparatus;
The first encrypted information acquired by the information acquisition unit of the printing device is acquired by the user device via the information transmission unit of the printing device and the information reception unit of the user device, and the user 20. The network printing system according to claim 19, wherein the network printing system is used for encryption by the first encryption means provided in at least one of an apparatus and the portable object. The user apparatus includes information receiving means for receiving required information from the printing apparatus via a network, and the printing apparatus acquires information about the first encrypted information and decryption information, and a network. Information transmitting means for transmitting the information required by the user device via the portable object, the portable object holds the second encrypted information together with the second decryption information,
Prior to a print request, the second encryption information held by the portable object is acquired in advance by the printing apparatus via the interface unit, and encrypted by the second encryption unit of the printing apparatus. To use
The first encrypted information acquired by the information acquisition unit of the printing device is acquired by the user device via the information transmission unit of the printing device and the information reception unit of the user device, and the user 20. The network printing system according to claim 19, wherein the network printing system is used for encryption by the first encryption means provided in at least one of an apparatus and the portable object.   The encrypted print data or the re-encrypted print data is encrypted using another encryption information paired with another decryption information different from the decryption information held by the portable object, and 24. The network printing according to claim 3, further comprising: another encrypted information encrypted using encrypted information paired with the decrypted information held by the portable object. system. A network printing system in which print data is received from a user device via a network and printed.
Encryption means for encrypting print data using the first encrypted information and second encrypted information of the user to generate encrypted print data, and a first decryption corresponding to the first encrypted information Storage means for storing the encrypted information, a portable item possessed by the user himself / herself and holding the second decryption information corresponding to the second encrypted information, and a person who performs the output operation is authorized by the print request source User authentication means for identifying and verifying that the user is a user; decryption information acquisition means for retrieving first decryption information corresponding to the user authenticated by the user authentication means from the storage means; and Decrypting means for decrypting the encrypted print data received from the user device using the obtained first decryption information and the second decryption information held by the portable object;
The encryption unit is provided on the user device side, and the generated encrypted print data is sent to the printing device, and the storage unit, the user authentication unit, and the decryption unit are transmitted to the printing device side. An information acquisition means is provided, the printing apparatus is provided with interface means for delivering required information to and from the portable object, and at least one of the portable object and the printing apparatus is provided with the decryption means. A network printing system characterized by that. A network printing system in which print data is received from a user device via a network and printed.
Encryption means for encrypting print data by using first encryption information and second encryption information of a user and a password input by the user to generate encrypted print data, and the first encryption information Storage means for storing the first decryption information corresponding to, a portable object possessed by the user and holding the second decryption information corresponding to the second encryption information, and a person who performs the output operation A user authentication unit that identifies and verifies that the user is a legitimate user of the print request source, a decryption information acquisition unit that retrieves from the storage unit the first decryption information corresponding to the user authenticated by the user authentication unit, A user inputs a password; first decryption information acquired by the decryption information acquisition means; second decryption information held by the portable object; and a password input by the input means. With words, and a decoding means for decoding the encrypted print data received from the user device,
The encryption unit is provided on the user device side, and the encrypted print data generated here is sent to the printing device, and the storage unit, the user authentication unit, and the decryption information are transmitted to the printing device side. An acquisition means and the input means are provided, and the printing apparatus is provided with interface means for delivering required information to and from the portable object, and at least one of the portable object and the printing apparatus includes the decryption A network printing system characterized in that means are provided.   The interface unit provided in the user apparatus or the printing apparatus serving as an information providing destination causes the image reading unit to read a display screen of an image display unit that displays an image of necessary information held by the portable object. 27. The network printing system according to claim 3, wherein the information stored in the portable object is acquired by the user apparatus or the printing apparatus.   The interface unit provided in the user device or the printing device as an information provider causes the image reading unit to read a display screen of an image display unit that displays an image of necessary information held by the user device or the printing device. 28. The network printing system according to claim 3, wherein the information stored in the user device or the printing device is acquired by the portable object.   The portable object is an information recording sheet on which an image indicating required information is recorded, and the interface unit provided in the user device or the printing device as an information providing destination uses the information recording sheet as an image reading unit. 27. The network printing system according to claim 3, wherein the user printing device or the printing device acquires information recorded on the information recording sheet by reading the information.   30. The network printing according to claim 29, wherein the printing apparatus as an information providing source prints out the information recording sheet on which an image indicating required information held in a storage unit of the apparatus is recorded. system.   In addition to generating the user's personal encryption information and the decryption information paired therewith, there is provided information generating means for newly generating the encryption information and the decryption information when a predetermined update condition is satisfied. The network printing system according to any one of claims 1 to 30, wherein: A facsimile communication system in which facsimile data from a transmission side device is received by a reception side device via a communication network and output.
In the case of confidential transmission in which the output is restricted to a required addressee, the transmission side device includes encryption means for encrypting facsimile data using predetermined encryption information, and an encryption facsimile generated by the encryption means Sending data to the receiving device;
User receiving means for identifying and verifying that the person who performs the output operation is the addressee, and decryption for decrypting the encrypted facsimile data received from the transmitting apparatus using the required decryption information A facsimile communication system comprising: a decryption unit configured to cause the decryption unit to perform decryption when authentication by the user authentication unit is successful.   The facsimile communication system according to claim 32, wherein the user authentication means identifies and verifies a user by biometrics. A facsimile communication system in which facsimile data from a transmission side device is received by a reception side device via a communication network and output.
Has a portable item possessed by the addressee who holds the decryption information of the addressee individual,
In the case of confidential transmission in which the output is restricted to a required destination person, the transmission side device includes an encryption unit that encrypts print data using the encryption information of the individual addressee, and generated by the encryption unit Send encrypted facsimile data to the receiving device;
The receiving side device comprises interface means for delivering required information to and from the portable object,
At least one of the portable object and the receiving apparatus is provided with a decrypting means for decrypting the encrypted facsimile data received from the transmitting apparatus using the decryption information held by the portable object. Facsimile communication system.   The receiving apparatus includes the decryption unit, acquires decryption information of the individual addressee from the portable object via the interface unit, and decrypts the encrypted facsimile data. Item 35. The facsimile communication system according to Item 34.   The portable object includes the decryption means, and the encrypted facsimile data is obtained from the receiving-side apparatus via the interface means, decrypted using decryption information in the own apparatus, and then decrypted. 35. The facsimile communication system according to claim 34, wherein completed facsimile data is transferred to the receiving side device via an interface means. The receiving device is composed of a facsimile communication device that receives encrypted facsimile data from the transmitting device, and a user device for each addressee connected to the facsimile communication device via a network.
37. The notification processing unit according to claim 32, wherein the facsimile communication apparatus includes notification processing means for performing notification to the corresponding destination user apparatus that the encrypted facsimile data has been received from the transmission side apparatus. The facsimile communication system according to any one of the above. A facsimile communication system in which facsimile data from a transmission side device is received by a reception side device via a communication network and output.
Have a portable item that the sender owns and holds the encryption information of the individual
The transmitting device comprises interface means for delivering required information to and from the portable object,
At least one of the portable object and the transmission-side device is provided with a digital signature generating means for generating a digital signature using the sender's personal encryption information held by the portable object, and the digital signature generated by the digital signature generating means Is added to the facsimile data and transmitted to the receiving device,
A facsimile communication system, wherein the receiving apparatus comprises a digital signature determination means for analyzing a digital signature using decryption information corresponding to the encrypted information used by the digital signature generation means. In addition to the digital signature, the transmitting device adds a digital certificate issued by an external certificate authority to the facsimile data and transmits it to the receiving device,
The facsimile communication system according to claim 38, wherein the digital signature determination means analyzes the digital signature based on a digital certificate.

Images