JP2006164161A - Information processing system, information processor and server - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processing system capable of assuring a client of being able to perform printing via a normal printer. <P>SOLUTION: The client and a server are connected through a communication network, the client transmits client information and information about a printer of an output destination to the server (step S302), the server determines whether the client is allowed to receive an output of the printer according to the received information (step S304 and step S305) and transmits a determination result to the client (step S307 and step S308), and the client holds information showing printing permission when the determination result shows that the client is allowed to perform printing (step S310). <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an information processing system in which a client and a server are connected via a communication network, and relates to a network printer service for printing with a printer or the like via a network, for example.

In recent years, print services using the Web have begun to spread, and services that permit printing of images such as portraits for a fee have also started. At that time, a technique has been proposed in which the copyright of the content owner is protected and printing can be permitted by a valid user (see Patent Document 1).
JP 2003-50921 A

  However, the current print control technology is realized by controlling a print command from an application. However, even if the author has a valid print right and the author wants the user to print only once, the authorized user can, for example, “output to a file” or send an image through an image driver. It was not possible to prevent the image from being illegally acquired and once saved on the computer and printed indefinitely.

  Therefore, an object of the present invention is to provide an information processing system that can ensure that a client performs printing via a regular printer.

  In order to solve the above problems, an information processing system according to the present invention is an information processing system in which a client and a server are connected via a communication network, and the client relates to a client apparatus and an output destination printing apparatus. A transmission unit configured to transmit information to the server; a determination unit configured to determine whether the client is permitted to output the printing apparatus based on the received information; and a determination result obtained by the determination unit The transmission unit for transmitting to the client and the client include an instruction unit for instructing a printing process in the printing apparatus when the determination result is permitted.

  In order to solve the above problems, an information processing system of the present invention is an information processing system in which a client and a server are connected via a communication network, and the client receives information on an output destination printing apparatus as described above. A transmission means for transmitting to the server; a determination means for determining whether the server is permitted to output the printing apparatus based on the received information; and a transmission means for transmitting a determination result by the determination means to the client. The client includes holding means for holding information indicating print permission when the determination result is permitted.

  The client can be guaranteed to print via a regular printer.

[System configuration]
FIG. 1 is a configuration diagram of an image distribution system for realizing the present invention. 101 is an image distribution server, 102 is an image distribution program that runs on the image distribution server, 103 is a client that executes printing, 104 is a print application that is executed on the client, and 105 is a printer based on a command from the print application Reference numeral 107 denotes a printer driver that transmits a print command to be transmitted to the printer. Reference numeral 107 denotes a printer that executes printing in accordance with the print command transmitted from the printer driver. Reference numeral 106 denotes an encryption module that encrypts and decrypts data.

  Here, the print application has a function of interpreting the copyright information added to the content and determining whether or not to allow the user to perform printing.

[Required storage information]
FIG. 2 shows storage information necessary for realizing the present invention.

  The client storage information 211 is information used by the print application 104 operating on the client 103. The client storage information 211 is an encrypted printer name recording data 202, an encryption key KM 203, and a Client ID 204 uniquely assigned to each print application. The encryption method using the encryption key KM used in the encryption module 106 may be a common key method such as AES or a public key encryption method such as RSA. A key is held so that both the server and the client can perform encryption and decryption. Here, it is assumed that the key KM is shared between the server and the client, assuming that the common key method is used. On the other hand, in the case of the public key method, the encryption key and the decryption key of both the server and the client are held. A function for encryption by a certain encryption method is E_KM (·), and a function for decryption is D_KM (·). However, it is assumed that KM and ClientID are safely stored using a code obfuscation method or a tamper-resistant module such as an IC card. Here, || means that two data are connected.

  The server storage information 210 includes registered printer information 205, an encryption key KM 203, and printer registration determination data 201. The registered printer information 205 is a list of registered regular printers and describes a regular PrinterName. Further, the printer registration determination data 201 is necessary for recording the status of whether or not a printer is set for the Client ID 204. The printer registered determination data 201 is data E_KM (Bole || ClientID) obtained by concatenating TRUE or FALSE Boolean value Bool and ClientID 204 and encrypted with the encryption key KM203. At this time, the initial value of Boolean is FALSE.

  Here, the printer name recording data 202 is data E_KM (PrinterName || ClientID) that is obtained by concatenating the PrinterName and ClientID that can uniquely identify the printer and encrypted by the encryption key KM.

  The reason why the printer name record data is always linked to the client ID is to prevent unauthorized use of storage information generated on another client.

  With the above configuration, a system is realized in which the client is prohibited from registering the printer without the permission of the server and the registration information is prohibited from being changed. The main embodiment is as follows.

(Embodiment 1)
[Operation procedure (registration)]
FIG. 3 is a diagram showing an operation procedure in printer registration of the image distribution system according to the present invention. FIG. 3A is a flowchart of the client 103, and FIG. 3B is a flowchart of the server 101. Printer registration is performed by the client 103 communicating with the server 101. This communication procedure will be described with reference to FIG.

  1. In step S301, the client 103 acquires PrinterName using an application programming interface of an operating system operating on the client. In step S302, printer name record data E_KM (PrinterName || ClientID) 202 is generated from the PrinterName and ClientID, and transmitted to the server ([1] in FIG. 5). Here, the printer name recording data 202 exists only on the memory.

  2. In step S303, the server 101 receives the printer name recording data E_KM (PrinterName || ClientID) 202 from the client 103 and decrypts it using the key KM (D_KM (E_KM (PrinterName || ClientID)) ([2 in FIG. 5] Next, in step S304, the server 101 determines whether or not the client having the Client ID obtained by decrypting in step S303 has already been registered with the printer, details of which will be described later with reference to FIG. If YES in step S304, printer registration is permitted only once for each client, and NG is transmitted to the client in step S308 ([3] in FIG. 5). In 05, it is confirmed whether the printer name (PrinterName) obtained by decryption in step S303 exists in the registered printer information 205 in which the regular printer is registered, if there is, the server in step S306. The printer name recording data is saved, and the printer setting registration determination data E_KM (Bool || ClientID) is updated / saved, and OK is sent to the client as a message in step S307 (step S307), NO in step S305. In other words, if it does not exist in the registered printer information, NG is transmitted to the client in step S308 ([3] in FIG. 5).

  3. In step S309, the client determines whether OK has been received from the server. If YES in step S309, the printer name recording data 202 existing in the memory is saved as a file (step S311), and the process ends. When NG is received from the server (NO in step 309), the printer name recording data 202 existing in the memory is deleted in step S310.

  Details of step S304 will be described with reference to the flowchart of FIG. The printer name registered determination data E_KM (Bool || ClientID) 201 is decrypted with the key KM to acquire the ClientID (step S601). In step S602, it is determined whether the ClientID obtained in step S601 is equal to the ClientID obtained in step S303 (that is, the ClientID obtained by decrypting the printer name recording data E_KM (PrinterName || ClientID) 202). . If YES in step S602, it is determined in step S603 whether the Boolean value is TRUE. If YES in step S603, YES is output (step S604). If NO in step S602 or S603, NO is output (step S605).

[Operation procedure (printing)]
Next, the operation during printing will be described with reference to the flowchart of FIG. FIG. 4 is a flowchart of the client 103. In a normal printing operation, when a “print” menu is selected from an application, a printing process is performed using an interface provided by the OS. At this time, a print dialog for selecting a printer as shown in FIG. 7 is displayed. The user selects a desired printer from the printer list in the printer name 701 and presses an “OK” button 702 to execute printing. On the other hand, in the present embodiment, when the “print” menu is selected, a dedicated print dialog is displayed, the printer is selected, and the “OK” button is pressed to perform printing.

  If the user presses the “OK” button, in step S401, the printer name is obtained using the application programming interface of the operating system. In addition, the printer name record data 202 held by the client is decrypted by the KM to obtain the PrinterName / ClientID. Here, if the client does not hold the printer name record data 202, the registration process described above may be started.

  In step S402, it is determined whether the printer name is the same as PrinterName. In addition, it is determined whether the Client ID is equal to the Client ID 204. If YES, printing is executed in step S403, and if NO, the process ends.

(Embodiment 2)
In the first embodiment, it is assumed that stored information on the client is handled safely and is not tampered with. On the other hand, in order to realize higher security, it is desirable that such stored information is not retained on the client as much as possible. Therefore, in the second embodiment, it is assumed that the server is safe and the client and the server are always connected via a network or the like. Although this reduces the convenience to some extent, this premise is generally accepted because an image distribution system usually needs to be connected to a network in order to connect to an image distribution server. Further, since it is determined whether or not the printer is correct every time, it is not necessary to register the printer in advance.

  The processing contents will be described below. At the time of printing, step S403 performed on the client in the first embodiment is changed to be performed on the server side. A client that is always connected does not have the key KM. The protocol at that time is shown in FIG. The operation procedure is shown in FIG. FIG. 9A is a flowchart of the client 103, and FIG. 9B is a flowchart of the server 101.

  1. If the user presses the “OK” button, in step S901, the printer name is obtained using the application programming interface of the operating system, and the PrinterName and ClientID are transmitted to the server.

  2. In step S903, the server 101 receives the PrinterName and ClientID. In step S904, it is determined whether PrinterName exists in the registered printer information 205 registered. If YES in step S904, print is sent to the client as a message in step S905 and executed. If NO, NG is sent in step S906.

  3. In step S907, the client determines whether OK is received from the server. If YES in step S907, printing is executed in step S908. If NG is received from the server (NO in step S907), the process ends.

  In the present embodiment, the client does not have the key KM. However, as in the first embodiment, the client also has the key. For example, in step S901, the printer name recording data E_KM (PrinterName || ClientID) 202 May be sent to the server to communicate with the server. Further, the server and the client need not always be connected, and may be connected to the server when the client executes print processing.

(Embodiment 3)
In the first embodiment, the printer can be registered only once. Therefore, when it is desired to replace the printer and re-register the printer, the Boolean value of the server-side printer registration determination data needs to be set to FALSE. In an image distribution system, it is desirable to be able to register a printer according to print data, such as an inkjet printer for printing a still image and a laser printer for a compound document of text and still images. Therefore, in this embodiment, the number of times that the printer can be registered can be set, and the printer can be registered according to the data type.

  Hereinafter, although the processing content is demonstrated, only a different part from Embodiment 1 is demonstrated.

  The printer registration determination data 201 is E_KM (Bool || ClientID) in the first embodiment, but is E_KM (Count || ClientID) in the present embodiment. Here, Count is the remaining number of times that can be set.

  The printer name record data 202 is E_KM (PrinterName || ClientID) in the first embodiment, but is E_KM (PrinterName || FileType || ClientID) in this embodiment. Here, FileType is an identifier that can uniquely identify data to be printed, such as MIME Media Types or a file extension.

[Operation procedure (registration)]
In steps S301 and S302, printer name recording data is generated using the FileType / PrinterName selected by the user. Of the printer registration completion determination steps, in step S603, it is determined whether Count is positive. In step S306, Count is decremented by 1 when updating the printer registered information.

[Operation procedure (printing)]
At the time of printing, the file type of the content to be printed is determined, and the printer is selected. Based on the information, it compares with the FileType / PrinterName / ClientID of the decrypted printer name recording data, and if they match, printing is performed.

  FIG. 10 shows a protocol diagram in the third embodiment.

(Embodiment 4)
In the present invention, since it is premised that the ClientID and KM are stored safely and the operation of the client is not bypassed, there is no risk of falsifying the printer name recording information. However, in order to further increase security, an electronic signature can be attached to the printer name recording data 202 and the client ID 204. Here, it is assumed that the electronic signature of the printer name recording data 202 is Sign_server (E_KM (PrinterName || ClientID)) 206, and the electronic signature of the ClientID 204 is Sign_server (ClientID) 207. Here, Sign_server (·) means an electronic signature by a server.

  Hereinafter, differences from the first embodiment will be described.

[Operation procedure (registration)]
In step S <b> 301, the client transmits a Sign_server (ClientID) 207 together with the printer name recording data 202. In step S602, the Sign_server (ClientID) 207 is verified before verifying whether the ClientIDs match. In step S306, Sign_server (E_KM (PrinterName || ClientID)) 206 is generated and transmitted to the client together with OK data in step S307. The client stores the Sign_server (E_KM (PrinterName || ClientID)) 206 received in step S311.

[Operation procedure (printing)]
In step S402, the Sign_server (E_KM (PrinterName || ClientID)) 206 is verified. If verification fails, the process ends. If the verification is successful, the printer name recording data is decrypted. Next, the Sign_server (ClientID) stored in the client is verified. If verification fails, the process ends. If the verification is successful, the Client ID is compared with the Client ID derived from the printer name record data.

  FIG. 11 shows a protocol diagram in the fourth embodiment.

<Other embodiments>
In the above embodiment, a printer is associated with the machine. However, if the same user shares a printer with multiple machines, the above settings will be complicated for each machine. However, instead of associating the printer with the machine, the user ID can be associated with the printer name. It doesn't matter. At this time, the ClientID in the transmission information / stored information may be changed to UserID.

  An object of the present invention is to supply a recording medium (or storage medium) that records a program code of software that realizes the functions of the above-described embodiments to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus. Needless to say, this can also be achieved by reading and executing the program code stored in the recording medium. In this case, the program code itself read from the recording medium realizes the functions of the above-described embodiment, and the recording medium on which the program code is recorded constitutes the present invention.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an operating system (OS) running on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Furthermore, after the program code read from the recording medium is written into a memory provided in a function expansion card inserted into the computer or a function expansion unit connected to the computer, the function is based on the instruction of the program code. It goes without saying that the CPU or the like provided in the expansion card or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  When the present invention is applied to the recording medium, program code corresponding to the flowchart described above is stored in the recording medium.

It is a system configuration diagram of the present invention. It is a figure showing client storage information and server storage information. 6 is a flowchart of a printer name registration procedure in the first embodiment. 6 is a flowchart of a printing procedure in the first embodiment. 3 is a server-client protocol when registering a printer name according to the first exemplary embodiment. 4 is a flowchart of a printer setting registration determination procedure in the first embodiment. Print dialog. 10 is a protocol between a server and a client at the time of printing in the second embodiment. 10 is a flowchart of a printing procedure in the second embodiment. 10 is a server-client protocol when registering a printer name in the third embodiment. 10 is a protocol between a server and a client when registering a printer name in the fourth embodiment.

Claims (10)

An information processing system in which a client and a server are connected via a communication network,
The client includes transmission means for transmitting information about an output destination printing apparatus to the server;
The server determines from the received information whether the output of the printing device is permitted;
Transmitting means for transmitting the determination result by the determining means to the client;
The information processing system according to claim 1, wherein the client includes a holding unit that holds information indicating printing permission when the determination result is permitted.   The information processing system according to claim 1, wherein the client includes an instruction unit that instructs printing processing of the printing apparatus using information indicating the printing permission. An information processing system in which a client and a server are connected via a communication network,
The client includes a transmission unit that transmits client information and information about an output destination printing apparatus to the server;
The server determines from the received information whether the client is permitted to output the printing device; and
Transmitting means for transmitting the determination result by the determining means to the client;
The information processing system according to claim 1, wherein the client includes an instruction unit that instructs a printing process in the printing apparatus when the determination result is permitted.   The information processing system according to any one of claims 1 to 3, wherein the determination unit determines whether the printing apparatus is a regular printing apparatus based on information regarding the output destination printing apparatus. .   5. The information processing system according to claim 1, wherein the transmission unit of the client transmits the client information and information related to the output destination printing apparatus in a connected manner. An information processing apparatus connected to a server via a communication network,
Transmitting means for transmitting information relating to the information processing apparatus and information relating to an output destination printing apparatus to the server;
Receiving means for receiving, from the transmitted information, a determination result of the server determining whether the information processing apparatus is permitted to output the printing apparatus;
An information processing apparatus comprising: instruction means for instructing a printing process in the printing apparatus when the determination result is permitted. An information processing apparatus connected to a server via a communication network,
Transmitting means for transmitting information relating to an output destination printing apparatus to the server;
Receiving means for receiving, from the transmitted information, a determination result of a server determining whether output of the printing apparatus is permitted;
An information processing apparatus comprising: holding means for holding information indicating printing permission when the determination result is permitted.   The information processing apparatus according to claim 7, further comprising an instruction unit that instructs printing processing of the printing apparatus using information indicating the printing permission. A server connected to a client via a communication network,
Receiving means for receiving from the client information about the client information and the output destination printing device;
Determination means for determining whether the client is permitted to output the printing device from the received information;
A server comprising transmission means for transmitting a determination result by the determination means to the client.   The function of the information processing system according to any one of claims 1 to 5, the function of the information processing device according to any one of claims 6 to 8, or the function of a server according to claim 9. A program for realizing on a computer.

Images