JP2006260023A - Printing system and print control method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a printing system allowing secure management of security with a simple configuration when permitting printing of the same print job to a plurality of users, and to provide a print control method therefor. <P>SOLUTION: Correspondence relation between printers 30-1 to 30-n and authentication devices 40-1 to 40-n performing user authentication for acquiring printed matter from the printers is stored in a print server 20 connected to a network 50, and the print job wherein a plurality of user IDs or a group ID is added to a header is transmitted to the print server 20 in time of group printing from a client device. The print server 20 stores and manages the received print job in association with the plurality of user IDs or the plurality of user IDs for the group ID, and permits the printing of the print job when the user ID authenticated by the user authentication by the authentication device agrees with the plurality of user IDs or the plurality of user IDs included in the group ID. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a printing system and a printing control method, and more particularly, to a printing system and a printing control method that improve operability by allowing a plurality of users to print out the same print job while ensuring security.

  Recently, a system has been constructed in which a printer in a so-called network environment can be used, in which a plurality of client devices are connected to a network, a plurality of printers are connected, and the plurality of printers are shared by a plurality of client devices. Has been.

  In a system that shares a printer in such a network environment, ensuring the security of the printed document is a problem.

For example, in such a network environment, it is possible to instruct printing of a document from an arbitrary client device to an arbitrary printer, and the printer is not necessarily arranged near the client device.
1) A print instruction may be issued from a user who does not have the authority to print a document. 2) Even if a print instruction is issued from a user having a valid authority, the user outputs a document output from the printer based on the print instruction. There is a problem that this document may be taken away by a third party or the contents of the document may be seen by the time it is taken.

  In order to solve this problem, conventionally, as shown in Patent Document 1, when printing is performed from a printer in a network environment, an input of a personal identification number is requested from the operation panel of the printer, and the personal authentication is performed using the personal identification number. A configuration has been proposed in which printing is permitted by performing the above.

Also, as shown in Patent Document 2, a configuration has been proposed in which printing is performed by performing personal authentication using an IC card when printing from a printer.
In addition, a configuration is also known in which personal authentication is performed by biometric authentication such as fingerprint authentication to allow printing or take out printed matter.
JP-A-8-256239 JP2002-240398

  However, since both of those disclosed in Patent Document 1 and Patent Document 2 perform personal authentication on the printer side, it is difficult to cope with the variety of authentication media and biometric authentication devices. .

  Because there are so many authentication devices in the market and there are many types that are not compatible for each authentication device, providing a part to perform authentication judgment for each authentication device in the printer There was a problem that the cost was significantly increased.

  Further, in the configuration in which identity authentication is performed using an IC card as shown in Patent Document 2, generally, the configuration information and usage information of the card tend not to be disclosed except for a specific OS environment. There is also a problem that it is difficult to provide a personal authentication configuration using an IC card in a printer in a general network environment.

  In addition, since both the configurations of Patent Document 1 and Patent Document 2 need to provide a configuration for performing authentication determination in the printer body, the network environment that has already been introduced is changed with the change of the configuration of the printer. It was difficult to employ various authentication devices.

  Also, in a configuration in which a print job related to a print instruction from a client device is stored in the server and the print job stored in the server is executed based on authentication of the authentication device, the same print job can be printed for a plurality of users. There was also a request to print with permission.

  Therefore, the present invention makes it possible to employ various authentication devices without changing the network environment that has already been introduced, and to provide security for allowing multiple users to print the same print job. It is an object of the present invention to provide a printing system capable of reliably performing management with a simple configuration and a control method thereof.

  In order to achieve the above object, an invention according to claim 1 is provided with an authentication device for authenticating printing permission in a printing device corresponding to one or a plurality of printing devices connected to a network, and a print request from a client device. In the printing system for storing the print job related to the above in the server device and executing the print job stored in the server device based on the authentication of the authentication device, the client device has a plurality of user identification information or a plurality of user identification information Print job transmission means for transmitting to the server device a print job to which group identification information is collected, and the server device transmits the print job transmitted from the client device to the plurality of user identification information or the group Print job management means for storing and managing corresponding to the identification information; and Printing that permits printing of the print job when the user identification information authenticated by the certificate matches the user identification information included in the plurality of user identification information or the group identification information managed by the print job management unit And a permission unit.

  According to a second aspect of the present invention, in the first aspect of the invention, the print job management unit identifies an owner user who has transmitted the print job by the print job transmission unit in response to job identification information of the print job. A first management table for managing information, and a second for managing the job identification information in correspondence with identification information of member users corresponding to the plurality of user identification information or group identification information obtained by aggregating the plurality of user identification information. The print job transmission means encrypts the print job based on the identification information of the owner user and transmits it to the server apparatus, and the print permission means stores the print management means in the second management table. Based on the identification information of the owner user managed by the first management table, the print permission of the print job is determined based on And transmits to the corresponding printing apparatus decrypts the printing job.

  According to a third aspect of the present invention, in the first aspect of the invention, the print job management unit generates a plurality of print jobs corresponding to the user identification information included in the plurality of user identification information or the group identification information. The plurality of generated print jobs are respectively managed in correspondence with the job identification information, and the print permission unit manages the user identification information authenticated by authentication of the authentication device by the print job management unit. When the user identification information matches, the printing of the print job corresponding to the job identification information is permitted.

  According to a fourth aspect of the present invention, in the invention according to any one of the first to third aspects, the print job transmission means determines the total number of copies permitted for printing in correspondence with the plurality of user identification information or the group identification information. The designated number of copies designation information is added to the print job and transmitted to the server device, and the print permission means limits the total number of copies permitted for printing the print job based on the number of copies designation information. .

  According to a fifth aspect of the present invention, in the invention according to any one of the first to third aspects, the print job transmission unit corresponds to each user identification information included in the plurality of user identification information or the group identification information. The print job is transmitted to the server device by adding copy number designating information for designating the number of copies permitted to be printed, and the print permission means determines the number of copies permitted to be printed for the print job based on the copy number designation information. It is limited for each user.

  According to a sixth aspect of the present invention, there is provided an authentication device for authenticating printing permission in the printing device corresponding to one or a plurality of printing devices connected to the network, and a print job related to a print instruction from the client device is provided. In a print control method for a printing system that stores in a server device and executes a print job stored in the server device based on authentication of the authentication device, the client device may store the print job as a plurality of user identification information or a plurality of user identification information Group identification information in which user identification information is aggregated is added to the print job and transmitted to the server device, and the server device transmits the print job transmitted from the client device to the plurality of user identification information or the group identification information. The user identification information managed in correspondence with the information and authenticated by the authentication of the authentication device is the If it matches the user identification information included in the user identification information or the group identification information of a few, and permits the printing of the print job.

  According to the present invention, the client apparatus adds a plurality of user identification information or group identification information obtained by aggregating a plurality of user identification information to the print job and transmits the print job to the server. Management information corresponding to a plurality of user identification information or group identification information, and the user identification information authenticated by authentication of the authentication device is included in the plurality of user identification information or group identification information When the print job is matched, the print job is permitted to be printed, so that security management can be reliably performed with a simple structure when multiple users are allowed to print the same print job. There is an effect.

  Hereinafter, embodiments of a printing system and a control method thereof according to the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a system configuration diagram showing an outline of a printing system according to the present invention.

  1, this printing system includes a plurality of client devices 10-1,... 10-m, a print server 20, a plurality of printing devices 30-1,... 30-n, and a plurality of printing devices 30-1. ,..., 30-n are connected to the network 50, respectively.

  Here, the client apparatuses 10-1,..., 10-m issue a print instruction for a desired document using this printing system, and perform a plurality of user authentications as to whether the user has the authority for this print instruction. Authentication apparatuses 11-1,... 11-m are connected locally.

  The authentication devices 40-1,... 40-n are connected to the network 50 corresponding to the printing devices 30-1,..., 30-n, respectively, and the above-described printing devices 30-1,. When printing a document related to a print instruction, user authentication is performed to determine whether the user has authority to print.

  User authentication in the authentication devices 11-1, ... 11-m and the authentication devices 40-1, ... 40-n is a card-like storage medium (hereinafter referred to as security) in which user identification information (user ID) carried by the user is stored. User authentication using a card), user authentication that reads biometric feature information such as a user's fingerprint, and the like can be employed. In this embodiment, a case where user authentication is performed using a security card will be described as an example. .

  Here, the security card can be composed of an IC card equipped with an IC (integrated circuit), a magnetic card having a magnetic stripe as a storage means, and the like, in addition to the user identification information (user ID), the user can include a user. Are stored in advance, such as department information to which the user belongs, various information necessary for user authentication such as authority range, a secret key used for encryption of a print job formed based on a print instruction, a public key used for encoding, and the like.

  The client apparatuses 10-1,... 10-m issue a print instruction using the printing apparatuses 30-1,... 30-n of documents created and edited by themselves or documents acquired from a document management system (not shown).

  When a print instruction is issued from the client device 10-1,... 10-m of this document, user authentication as to whether or not the user has authority to issue a print instruction of this document is given to the client device 10-1,. This is performed using authentication devices 11-1,... 11-m connected locally.

  The authentication devices 11-1,... 11-m include a card reader that reads information necessary for user authentication from a security card carried by the user, and information required for user authentication from the security card is used for user authentication. (Hereinafter referred to as “authentication data”), and this authentication data is input to the corresponding client device 10-1,.

  The client apparatuses 10-1,... 10-m perform necessary user authentication based on this authentication data. This user authentication is performed by an inquiry to the print server 20.

  That is, the client apparatuses 10-1,... 10-m transmit all or part of the authentication data read from the security card to the print server 20 via the network 50, and the user sends this document to the print server 20. An inquiry is made as to whether or not the user has the authority to issue a print instruction.

  The print server 20 performs user authentication processing based on an inquiry to its own database or a separately provided user management system to determine whether or not the user has authority to issue a print instruction for the document, and the response is sent to the client device. Return to 10-1, ..., 10-m.

  In the client apparatuses 10-1,... 10-m, if it is determined that the user does not have the authority to print the document, the print job based on the print instruction is not submitted and discarded.

  If it is determined that the user has the authority to issue a print instruction for the document, a print job based on the print instruction is generated, and the print job is read using the secret key read from the security card. The encrypted print job is transmitted to the print server 20 via the network 50.

  By the way, in this embodiment, group printing that permits printing of the same print job to a plurality of users is enabled. In the case of this group printing, a plurality of user IDs or a plurality of user IDs are aggregated. The group ID is added to the encrypted print job header and transmitted to the print server 20.

  The print server 20 receives the encrypted print job transmitted from the client device 10-1,... 10-m, for example, the user ID of the user who issued the print instruction. Accumulate and manage a plurality of user IDs corresponding to the ID. At this time, printing related to this print job stored in the print server 20 is not started.

  When the user who has issued a print instruction on the client device 10-1,... 10-m or the user who has the authority to acquire the printed material based on the print instruction acquires the printed material based on the print instruction, print output is performed. .., 30-n, and user authentication is performed by the authentication devices 40-1,..., 40-n arranged near the printing devices 30-1,.

  This user authentication is performed using a security card in the same manner as the user authentication by the authentication devices 11-1,.

  For example, when a user who has performed near the printing apparatus 30-1 that performs print output inserts a security card carried by the user into the authentication apparatus 40-1 near the printing apparatus 30-1, the authentication apparatus 40- 1, the authentication data necessary for user authentication is read from the security card.

  The read authentication data is sent to the print server 20 via the network 50, and the print server 20 authenticates whether or not the user has the authority to acquire a printed material based on the print instruction.

  This user authentication is also performed based on an inquiry to the database of the print server 20 or a separately provided user management system.

  If it is determined by the user authentication that the user does not have the authority to acquire a printed material based on the printing instruction in the printing apparatus 30-1, printing based on the printing instruction is prohibited.

  If it is determined by the user authentication that the user has the authority to acquire a printed matter based on the print instruction in the printing apparatus 30-1, the print server 20 authenticates the authentication apparatuses 40-1,. Search for the corresponding print job from the encrypted print job stored and managed based on the user ID included in the authentication data sent from -n, and use the public key included in the authentication data for the searched print job To decrypt.

  The print server 20 stores a correspondence table that stores correspondence between the printing devices 30-1,... 30-n and the authentication devices 40-1,... 40-n, and the authentication device 40 that has received the authentication data. -1 is identified with reference to the correspondence table, and the decrypted print data is transmitted to the identified printing device 30-1.

  As a result, the printing apparatuses 30-1,... 30-n start printing based on the decrypted print data.

  In the case of group printing, a user who has authenticated by the client device 10-1,... 10-m and an authentication device 40-1,... 40-n corresponding to the printing device 30-1,. The user who performs authentication may be different.

  Therefore, in this embodiment, in the authentication in the authentication devices 40-1,... 40-n, the user has a plurality of user IDs corresponding to a plurality of user IDs or group IDs added to the header of the print job. If it matches any one, it is configured to permit printing.

  In this case, the decryption of the print job is performed using the public key of the user who has been authenticated by the client devices 10-1,.

  According to such a configuration, it is possible to allow a plurality of users to print the same print job.

  Further, there is no security inconvenience that this printed matter is taken away by a third party or the contents are seen, and the authentication determination configuration is provided in the printing devices 30-1,... 30-n. Since it is not provided, various authentication devices can be employed as the authentication devices 11-1, ... 11-m and the authentication devices 40-1, ... 40-n without changing the already installed network environment. .

  FIG. 2 is a block diagram showing an example of a detailed configuration of the print server 20 shown in FIG.

  In FIG. 2, the print server 20 includes a network interface unit 201, a print job reception unit 202, a print job analysis unit 203, a user ID management unit 204, a print job management unit 205, and a print job storage that constitute an interface with the network 50. Unit 206, authentication data receiving unit 207, authentication processing unit 208, authentication result transmission unit 209, print job selection unit 210, print job decryption unit 211, print data generation unit 212, printing apparatus authentication device correspondence storage unit 213, print A device specifying unit 214 and a print data transmitting unit 215 are provided.

  Here, the print job accepting unit 202 accepts an encrypted print job related to a print instruction from the client apparatuses 10-1 to 10 -m via the network interface unit 201.

  The print job analysis unit 203 analyzes the header of the print job. In the case of normal printing, the print job is stored in the print job storage unit 206 corresponding to the user ID. In the case of group printing, the print job is analyzed. The user ID managed by the user ID management unit 204 is referred to, and the print job storage unit 206 corresponds to a plurality of user IDs corresponding to a plurality of user IDs or group IDs added to the print job header. accumulate.

  The user ID management unit 204 manages a user ID corresponding to the group ID.

  The print job management unit 205 manages the print jobs received from the client apparatuses 10-1,... 10-m in correspondence with the owner ID that is the user ID of the user (owner) who issued the print job print instruction. In the case of group printing, the job ID of a print job that permits printing is managed corresponding to the member ID that is the user ID of the user (member) who is a member of each group.

  The print job storage unit 206 stores and manages print jobs corresponding to the user IDs of users who are permitted to print.

  The authentication data receiving unit 207 receives the authentication data related to the inquiry from the client devices 10-1,... 10-m and the authentication data from the authentication devices 40-1,.

  Based on the authentication data received by the authentication data receiving unit 204, the authentication processing unit 208 performs authentication data related to an inquiry from the client devices 10-1,... 10-m and authentication data from the authentication devices 40-1,. And a public key for decrypting the print job related to the print instruction from the authentication data from the authentication devices 40-1,... 40-n with reference to the management information of the print job management unit 205. Extract.

  Here, the user authentication based on the authentication data related to the inquiry from the client devices 10-1,..., 10-m in the authentication processing unit 208 is a print instruction from the client devices 10-1,. The user authentication based on the authentication data from the authentication devices 40-1,... 40-n obtains a printed matter related to the print instruction. Authentication is performed to determine whether or not the user who has the right is authorized.

  This user authentication can be performed with reference to a database (not shown) in the print server 20 or a database of a user management system (not shown) linked to the printing system.

  When the authentication processing unit 208 performs user authentication based on the authentication data related to the inquiry from the client devices 10-1,... 10-m, the authentication result transmission unit 209 transmits the authentication result via the network interface unit 201. When the user authentication is performed based on the authentication data from the authentication devices 40-1,... 40-n, the authentication result is passed through the network interface unit 201. To the authentication devices 40-1,... 40-n.

  When the authentication processing unit 208 authenticates the user based on the authentication data from the authentication devices 40-1,... 40-n, and authenticates that the print job selection unit 210 is a valid user who obtains the printed matter, Based on the user ID of the user, the management information of the print job management unit 205 is referred to, and the print job permitted to be printed is selected from the print jobs stored and managed in the print job storage unit 206.

  The print job decryption unit 208 decrypts the print job selected by the print job selection unit 210 based on the public key extracted by the authentication processing unit 208, and the print data generation unit 212 decrypts the print job by the print job decryption unit 211. Based on the data, print data to be transmitted to the printing apparatuses 30-1,.

  The printing device authentication device correspondence storage unit 213 stores a correspondence table that stores the correspondence between the printing devices 30-1, ... 30-n and the authentication devices 40-1, ... 40-n. The identification unit 214 stores the above-mentioned printing apparatus authentication apparatus correspondence relationship according to which authentication apparatus 40-1,... 40-n the authentication apparatuses 40-1,. Referring to the correspondence table stored in the unit 213, the printer that transmits the print data is specified from the printers 30-1,.

  The print data transmission unit 215 transmits the print data generated by the print data generation unit 209 to the printing device specified by the printing device specification unit 215 via the network interface unit 201.

  3 is a block diagram illustrating an example of a detailed configuration of the client apparatuses 10-1,... 10-m (collectively referred to as client apparatus 10) illustrated in FIG.

  In FIG. 3, a client device 10 issues a print instruction using this printing system, and is composed of a personal computer or the like, and authentication devices 11-1,... 11-m (collectively referred to as authentication device 11) are locally provided. Connected.

  The client apparatus 10 includes a print instruction reception unit 101, a print job generation unit 102, an authentication data reception unit 103, an authentication processing unit 104, an authentication data transmission unit 105, an authentication result reception unit 106, a print job encryption unit 107, a print job. A transmission unit 108 and a network interface unit 109 are provided.

  Here, the print instruction receiving unit 101 receives a print instruction using this printing system based on an input selection operation such as a keyboard and a mouse (not shown).

  In the case of group printing, this print instruction includes group print instruction information including a plurality of user IDs or group IDs for specifying group members.

  The authentication data receiving unit 103 receives authentication data related to this print instruction from the authentication device 11.

  The authentication processing unit 104 performs user authentication based on the authentication data received by the authentication data receiving unit 103 to determine whether or not the user who issues the print instruction is a user who has a valid authority.

  User authentication by the authentication processing unit 104 is performed by an inquiry to the print server 20.

  That is, when user authentication is performed by the authentication processing unit 104, a part or all of the authentication data from the authentication device 11 is transmitted to the print server 20 via the authentication data transmission unit 105 and the network interface unit 109, thereby An inquiry is made as to whether the user involved in this is a user who has the authority to issue a print instruction using this printing system.

  Then, the result of this inquiry is received by the authentication result receiving unit 106 in the network interface unit 109, and the authentication processing unit 104 uses the printing system by the user related to the authentication data based on the received information of the authentication result receiving unit 106. It is determined whether the user is authorized to issue a print instruction.

  When it is determined by the user authentication in the authentication processing unit 104 that the user related to the authentication data is a valid user who has the authority to issue a print instruction using the print system, the print job generation unit 102 receives a print instruction. Based on the print instruction received by the unit 101, a print job for issuing a print instruction is generated using this printing system.

  In the case of group printing, this print job includes a plurality of user IDs or group IDs for specifying users who are permitted to perform group printing in its header.

  The print job encryption unit 107 encrypts the print job generated by the print job generation unit using a print job encryption secret key included in the authentication data.

  The print job transmission unit 108 transmits the print job encrypted by the print job encryption unit 107 to the print server 20 via the network interface unit 109 and the network 50.

  FIG. 4 is a diagram illustrating an example of a dialog (printer driver dialog) for inputting a print instruction to the print instruction receiving unit 101 of the client apparatus 10 illustrated in FIG. 3.

  In this printer driver dialog, “number of copies”, “original size”, “output paper size”, “original orientation”, “collective one”, “group printing”, “paper tray selection”, “ It is possible to specify “paper type”.

  Here, “group printing” is blank when group printing is not set. However, when group printing is set, a plurality of user IDs or group IDs for specifying group members who are permitted to perform group printing are set. The group ID is entered.

  In the example of FIG. 4, the user ID “A, B, C” is entered for “group printing”.

  When the “OK” button is pressed in the printer driver dialog of FIG. 4, the user ID “A, B, C” for specifying the group member who is permitted to perform group printing is displayed in the upper print generation unit 102 shown in FIG. Is added to the header of the corresponding print job.

  FIG. 5 shows a case where the group ID “G1” is entered for “group printing”. The group ID “G1” corresponds to the user ID “A, B, C”, for example. This correspondence relationship is registered and managed in advance in the user ID management unit 204 shown in FIG. 2. In this case, when the “OK” button is pressed, the group members who are permitted to perform this group printing are specified. The group ID “G1” is added to the header of the print job by the print upper generation unit 102 shown in FIG.

  FIG. 6 is a diagram showing an example of a job management table managed by the print job management unit 205 shown in FIG. 2 when a group print instruction is issued in the printer driver dialog shown in FIG. 3 or FIG.

  Here, in the first management table shown in FIG. 6A, “owner ID” and “job” for identifying the owner user corresponding to the “job ID” are managed in association with the print job. In the second management table shown in FIG. 6B, a “job ID” that identifies a print job that permits printing is stored and managed in correspondence with the “member ID” that identifies the member user of this group printing.

  In this example, an owner user identified by the user ID “A” gives a group print instruction in which the group members are identified by the user ID “A”, the user ID “B”, and the user ID “C”. In addition, a print job in a case where a group printing instruction in which a group member is identified by a user ID “B”, a user ID “C”, and a user ID “D” is given from an owner user identified by the user ID “C” An example of a job management table managed by the management unit 205 is shown.

  In this case, in the first management table shown in FIG. 6A, the owner user of the print job identified by the job ID “1” is the user identified by the owner ID “A”. Is “J1”, and the owner user of the print job identified by the job ID “2” is the user identified by the owner ID “C”, and it is stored that the print job is “J2”. It is managed.

  In the second management table shown in FIG. 6B, the print job permitted to be printed by the user identified by the member ID “A” is the print job identified by the job ID “1”. The print job permitted to be printed by the user identified by the ID “B” is the print job identified by the job ID “1” and the job ID “2”, and is permitted to be printed by the user identified by the member ID “C”. The print job to be printed is a print job identified by the job ID “1” and the job ID “2”, and the print job permitted to be printed by the user identified by the member ID “D” is identified by the job ID “2”. The print job is stored and managed.

  FIG. 7 is a flowchart showing processing of the client apparatus 10 shown in FIG.

  In FIG. 7, the client apparatus 10 first checks whether the print instruction receiving unit 101 has received a print instruction (step 701). If the print instruction has not been received (NO in step 701), the client apparatus 10 returns to step 701 to print. Waiting for the reception of the instruction, if it is determined that the printing instruction has been received (YES in step 701), it is next checked whether the authentication data receiving unit 103 has received the authentication data related to the printing instruction by inserting the security card. (Step 702).

  If authentication data has not been received (NO in step 702), the process returns to step 702 and waits for reception of authentication data.

  When the authentication data is received (YES in step 702), the authentication processing unit 104 performs user authentication based on the received authentication data to determine whether the user related to the authentication data has the authority to issue a print instruction using the printing system. Perform (step 703).

  If the user authentication determines that the user has authority to issue a print instruction using the printing system (YES in step 704), the print job related to the print instruction received by the print instruction receiving unit 101 is transmitted. The print job generation unit 103 generates the print job (step 705), and then checks whether the print command is a group print command (step 706).

  If the print instruction is a group print instruction (YES in step 706), group print instruction information is added to the header of the print job (step 707), and the process proceeds to step 708.

  If the print instruction is not a group print instruction (NO in step 607), the process advances to step 708 without adding group print instruction information to the print job.

  In step 708, the print job encryption unit 107 encrypts the print job using the secret key included in the authentication data, and the print job transmission unit 108 prints the encrypted print job via the network interface unit 109. The data is transmitted to the server 20 (step 709), and the processing in the client device 10 is terminated.

  If it is determined in step 704 that the user related to the authentication data does not have the authority to issue a print instruction using this printing system (NO in step 704), the user issues a print instruction using this printing system. Since it is not possible to do so, a message indicating that the user has no authority to print instructions is displayed on the display of the client device 10 (step 710), and printing prohibition such as discarding the print instructions received by the print instruction receiving unit 101 is prohibited. Processing is performed (step 711), and the processing in the client device 10 is terminated.

  FIG. 8 is a flowchart showing processing of the print server 20 shown in FIG.

  In FIG. 8, the print server 20 checks whether it is an authentication request based on the fact that the authentication data receiving unit 207 has received authentication data based on the inquiry from the client device 10 (step 801). If the request is an authentication request (YES in step 801), the authentication data is passed to the authentication processing unit 208, and user authentication is performed based on the authentication data.

  Then, the authentication result is transmitted to the client device 10 (step 802), and this process is terminated.

  If it is determined in step 801 that the request is not an authentication request from the client device 10 (NO in step 801), the print job reception unit 202 checks whether the print job is stored due to reception of the print job from the client device 10 (step 803). .

  If it is determined that the print job is stored (YES in step 803), the print job analysis unit 203 analyzes the header of the print job to check whether the print job is group printing. (Step 804).

  In the case of group printing (YES in step 804), the print job is referred to the user ID managed by the user ID management unit 204, and corresponds to a plurality of user IDs or group IDs added to the print job header. Group processing for associating with a plurality of user IDs is performed (step 805), and based on this association, a print job is stored in the print job storage unit 206 (step 806), and this processing ends.

  In the case of normal printing that is not group printing (NO in step 804), the job is stored in the print job storage unit 206 in correspondence with the user ID (step 806), and this process ends.

  If it is determined in step 803 that the print job is not stored (NO in step 803), it is checked whether the authentication data reception unit 207 has received the authentication data from the authentication device 40 (step 807). If it is determined that the request is a print request from the authentication device 40 (YES in step 807), authentication data from the authentication device 40 is passed to the authentication processing unit 208, and user authentication is performed based on this authentication data.

  Then, based on the authentication result, it is determined whether the print request from the authentication device 40 has the print authority (step 808).

  Whether the print request has the print authority is determined by authenticating the authentication data from the authentication device 40 and allowing the user ID included in the authentication data to be managed by the print job management unit 205. This is performed depending on whether or not the user ID matches.

  If it is determined that the user has print authority (YES in step 808), the print job stored in the print job storage unit 206 is printed with reference to the management data of the print job management unit 205. The print job is selected by the print job selection unit 210 (step 809), and the selected print job is decrypted by the print job decryption unit 211 (step 810).

  For example, the management information managed by the print job management unit 205 is shown in the first management table in FIG. 6A and the second management table in FIG. Is “B”, first, based on the second management table, a print job “J1” corresponding to the job ID “1” corresponding to the member ID “B” is selected as the print job selection unit 210. Since the owner user of the selected print job is the user with the owner ID “A” from the second management table, the print job decrypting unit 211 uses the public key of the user with the owner ID “A”. Used to decrypt the print job.

  Next, the printing apparatus 30 corresponding to the authentication apparatus 40 that has transmitted the authentication data is specified with reference to the correspondence table stored in the printing apparatus authentication apparatus correspondence storage unit 213 (step 811).

  The print data generation unit 209 generates print data based on the decrypted print job, and transmits the print data to the printing apparatus 30 identified in step 811 via the print data transmission unit 212 and the network interface unit 201. (Step 812), the processing of the print server 20 is terminated.

  If it is determined in step 807 that the request is not a print request (NO in step 807), or if it is determined in step 808 that the user does not have the authority to acquire a printed material (NO in step 808), the print instruction is displayed. Since printing based on the print data cannot be performed, the process of the print server 20 is terminated without transmitting print data.

  In the above embodiment, the encrypted print job stored and managed in the print server 20 is decrypted in the print server 20 using the public key included in the authentication data from the authentication device 40, and the print data is printed in the printing device 30. However, the print job may be decrypted in the authentication apparatus 40 or may be configured in the printing apparatus 30.

  FIG. 9 is a flowchart showing processing of the authentication devices 40-1,... 40-n (collectively referred to as authentication device 40) shown in FIG.

  In FIG. 9, the authentication device 40 first checks whether authentication data has been accepted by inserting a security card (step 901). If authentication data is accepted (YES in step 901), an authentication request is made to the print server 20 based on the authentication data (step 902).

  When an authentication result is received from the print server 20 in response to this authentication request (YES in step 903), it is checked whether or not there is a print request authority based on this authentication result (step 904). If it is determined that the print data is present (YES in step 904), the print data is transmitted from the print server 20 to the corresponding printing device 40. Therefore, a print start instruction is issued to the printing device 40 (step 905), and a print request is issued. If it is determined that the user is not authorized (NO in step 904), the print data is not transmitted from the print server 20, so the print apparatus 40 is instructed to prohibit printing (step 906). Exit.

  As described above, according to the first exemplary embodiment, a group job is designated from the client device 10 and a print job is transmitted to the print server 20, thereby ensuring security for the same print job, and a plurality of group members. This user can be made to perform printing related to the print job.

  In the first embodiment, when group printing is designated, the client apparatus 10 adds user IDs or group IDs of a plurality of users who are group members to the print job header, and the print job is sent to the print server. 20, the print server 20 analyzes the header of the print job, and print job management of the job ID of the print job corresponding to the plurality of user IDs corresponding to the user ID or group ID of the plurality of users. Is configured to be managed by the unit 205, but is configured to copy a print job corresponding to a plurality of user IDs corresponding to user IDs or group IDs of a plurality of users and directly accumulate the print job in the print job accumulation unit 206. May be.

  According to this configuration, the required memory capacity of the print job storage unit 206 increases, but the management of the print job management unit 205 becomes unnecessary. At this time, it is also possible to perform decryption once with the owner's public key and then re-encryption with the key of the print authorizer.

  In the first embodiment, a group job is designated from the client device 10 and a print job is transmitted to the print server 20, so that a plurality of users who are group members can be secured while ensuring security for the same print job. However, in order to further improve security in this configuration, the total number of copies of a plurality of users who are group members may be limited. Good.

  In the second embodiment, similarly to the first embodiment, it is possible to allow a plurality of users who are group members to perform printing related to the print job while ensuring security for the same print job. However, here, the total number of copies that can be printed by a plurality of users who are group members is limited.

  FIG. 10 is a diagram illustrating an example of a dialog (printer driver dialog) for inputting a print instruction in the client device 10 according to the second embodiment.

  The printer driver dialog shown in FIG. 10 is configured so that the total number of copies can be specified for “group printing”. Other configurations are the same as those of the printer driver dialog shown in FIG.

  That is, in the printer driver dialog shown in FIG. 10, “7: A, B, C” is input for “group printing”. Here, “7” is printed by this group printing. “A, B, C” indicates a plurality of user IDs for specifying group members who are permitted to perform group printing.

  FIG. 11 is a diagram illustrating an example of a job management table managed by the print job management unit 205 illustrated in FIG. 2 when a group print instruction is issued in the printer driver dialog illustrated in FIG.

  Here, in the first management table shown in FIG. 11A, the “owner ID” and “job” for identifying the owner user corresponding to the “job ID” in the print job, and the “total number of copies” permitting printing. Are managed in association with each other, and the second management table shown in FIG. 6B identifies print jobs that are permitted to be printed corresponding to “member IDs” that identify member users of this group printing. “Job ID” is stored and managed.

  In this example, from the owner user identified by the user ID “A”, the group members are identified by the user ID “A”, the user ID “B”, and the user ID “C”, and the total number of copies is “7”. Next, a group printing instruction is made, and from the owner user identified by the user ID “C”, group members are identified by the user ID “B”, the user ID “C”, and the user ID “D”. An example of a job management table managed by the print job management unit 205 when a group print instruction with the number of copies of “3” is given is shown.

  In this case, in the first management table shown in FIG. 11A, the owner user of the print job identified by the job ID “1” is the user identified by the owner ID “A”. Is “J1”, the total number of copies permitted for printing is “7”, and the owner user of the print job identified by the job ID “2” is the user identified by the owner ID “C”. Yes, the print job is “J2”, and the total number of copies permitted to be printed is “3”.

  In the second management table shown in FIG. 11B, the print job permitted to be printed by the user identified by the member ID “A” is the print job identified by the job ID “1”. The print job permitted to be printed by the user identified by the ID “B” is the print job identified by the job ID “1” and the job ID “2”, and is permitted to be printed by the user identified by the member ID “C”. The print job to be printed is a print job identified by the job ID “1” and the job ID “2”, and the print job permitted to be printed by the user identified by the member ID “D” is identified by the job ID “2”. The print job is stored and managed.

  FIG. 12 is a flowchart illustrating processing of the print server 10 illustrated in FIG. 2 according to the second embodiment.

  The flowchart shown in FIG. 12 corresponds to the flowchart shown in FIG. 8. In the flowchart shown in FIG. 12, a print request is issued when the authentication data receiving unit 207 receives the authentication data from the authentication device 40. In this case, the processing is different from the processing in the flowchart shown in FIG. Other processes are the same as those in the flowchart shown in FIG. In FIG. 12, for simplification of description, the same number as the step number used in FIG. 8 is used for the same process as the process of the flowchart shown in FIG.

  If it is determined in step 807 in FIG. 12 that the request is a print request from the authentication device 40 (YES in step 807), the “total number of copies” in the first management table in FIG. It is checked whether the total number of copies is greater than “0” (step 121).

  If it is determined that the total number of copies is greater than “0” (YES in step 121), authentication data from the authentication device 40 is passed to the authentication processing unit 208, and user authentication is performed based on the authentication data.

  Then, based on the authentication result, it is determined whether the print request from the authentication device 40 has the print authority (step 808).

  Whether the print request has the print authority is determined by authenticating the authentication data from the authentication device 40 and allowing the user ID included in the authentication data to be managed by the print job management unit 205. This is performed depending on whether or not the user ID matches.

  If it is determined that the user has print authority (YES in step 808), the print job stored in the print job storage unit 206 is printed with reference to the management data of the print job management unit 205. The print job is selected by the print job selection unit 210 (step 809), and the selected print job is decrypted by the print job decryption unit 211 (step 810).

  Next, the printing apparatus 30 corresponding to the authentication apparatus 40 that has transmitted the authentication data is specified with reference to the correspondence table stored in the printing apparatus authentication apparatus correspondence storage unit 213 (step 811).

  The print data generation unit 209 generates print data based on the decrypted print job, and transmits the print data to the printing apparatus 30 identified in step 811 via the print data transmission unit 212 and the network interface unit 201. (Step 812).

  Thereafter, “1” is subtracted from the “total number of copies” in the first management table of FIG. 11A (step 122), and this process is terminated.

If it is determined in step 807 that the request is not a print request (NO in step 807), if it is determined in step 121 that the total number of copies is “0” (NO in step 121),
If it is determined in step 808 that the user does not have the authority to acquire a printed material (NO in step 808), the processing of the print server 20 is terminated without transmitting print data.

  According to such a configuration, printing of this print job is permitted until the “total number of copies” in the first management table of FIG. 11A becomes “0”, but the first management table of FIG. When the “total number of copies” in the management table becomes “0”, printing of this print job is prohibited, thereby limiting the total number of printed copies by group members in group printing.

  In this case, when the total number of copies by the group members reaches the total number set corresponding to the group printing, even if other conditions are satisfied, printing of this print job is not permitted, so unnecessary printing is prevented, Thereby, security can be improved.

  In the second embodiment, the total number of prints that can be printed by a plurality of users who are group members is limited. However, in the third embodiment, the number of copies that can be printed for each user who is a group member. Configured to be restrictive.

  FIG. 13 is a diagram illustrating an example of a dialog (printer driver dialog) for inputting a print instruction in the client device 10 according to the third embodiment.

  The printer driver dialog shown in FIG. 13 is configured so that the number of copies can be designated for each user regarding “group printing”. Other configurations are the same as those of the printer driver dialog shown in FIG.

  In other words, the printer driver dialog shown in FIG. 13 shows a case where “A (2), B (3), C (1)” is input for “group printing”. “2)” means that the user with the user ID “A” can print “2” copies regarding this print job, and “B (3)” means that the user with the user ID “B” relates to this print job. “3” copies can be printed, and “C (1)” indicates that a user with a user ID “C” can print “1” copies for this print job.

  FIG. 14 is a diagram showing an example of a job management table managed by the print job management unit 205 shown in FIG. 2 when a group print instruction is issued in the printer driver dialog shown in FIG.

  Here, in the first management table shown in FIG. 14A, “owner ID” and “job” for identifying the owner user corresponding to the “job ID” are managed in association with each other. In the second management table shown in FIG. 14B, a “job ID” for identifying a print job permitted to be printed corresponding to the “member ID” for identifying a member user of this group printing and the number of printable copies thereof. Is stored and managed.

  In this example, from the owner user identified by the user ID “A”, the group members are identified by the user ID “A”, the user ID “B”, and the user ID “C”, and identified by the user ID “A”. The user who is permitted to print is “2”, the user who is identified by the user ID “B” is the user who is permitted to print “3”, and the user who is identified by the user ID “C” is Then, a group print instruction is issued with the number of copies permitted to be “1”, and then, from the owner user identified by the user ID “C”, the group member has the user ID “B”, the user ID “C”, the user An example of a job management table managed by the print job management unit 205 when a group print instruction identified by ID “D” is given is shown.

  In this case, in the first management table shown in FIG. 14A, the owner user of the print job identified by the job ID “1” is the user identified by the owner ID “A”. Is “J1”, and the owner user of the print job identified by the job ID “2” is the user identified by the owner ID “C”, and it is stored that the print job is “J2”. It is managed.

  In the second management table shown in FIG. 14B, the print job permitted to be printed by the user identified by the member ID “A” is the print job identified by the job ID “1”. The number of print permission copies of the job is “2”, and the print job permitted to be printed by the user identified by the member ID “B” is the print job identified by the job ID “1” and the job ID “2”. The number of print permission copies of the print job identified by the job ID “1” is “3”, and the print job permitted to be printed by the user identified by the member ID “C” is the job ID “1” and the job ID “1”. Print job identified by “2”, the print job identified by the job ID “1” has “1”, and the print job permitted to be printed by the user identified by the member ID “D” Is the job ID “2” It is stored and managed in a print job identified.

  FIG. 15 is a flowchart illustrating processing of the print server 20 illustrated in FIG. 2 according to the second exemplary embodiment.

  The flowchart shown in FIG. 15 corresponds to the flowchart shown in FIG. 8. In the flowchart shown in FIG. 15, a print request is made when the authentication data receiving unit 207 receives the authentication data from the authentication device 40. In this case, the processing is different from the processing in the flowchart shown in FIG. Other processes are the same as those in the flowchart shown in FIG. In FIG. 15, for simplification of description, the same number as the step number used in FIG. 8 is used for the same process as the process of the flowchart shown in FIG.

  If it is determined in step 807 in FIG. 15 that the request is a print request from the authentication device 40 (YES in step 807), authentication data from the authentication device 40 is passed to the authentication processing unit 208, and user authentication is performed based on this authentication data. I do.

  Then, based on the authentication result, it is determined whether the print request from the authentication device 40 has the print authority (step 808).

  Whether the print request has the print authority is determined by authenticating the authentication data from the authentication device 40 and allowing the user ID included in the authentication data to be managed by the print job management unit 205. This is performed depending on whether or not the user ID matches.

  If it is determined that the user has the print authority (YES in step 808), the second management table in FIG. 11B is referred to and whether the print permission number of the print job is greater than “0”. Check (step 151).

  If it is determined that the number of print permission copies is greater than “0” (YES in step 151), the management data of the print job management unit 205 is referred to and the print job stored in the print job storage unit 206 is stored. The print job selection unit 210 selects a print job to be printed (step 809), and the print job decryption unit 211 decrypts the selected print job (step 810).

  Next, the printing apparatus 30 corresponding to the authentication apparatus 40 that has transmitted the authentication data is specified with reference to the correspondence table stored in the printing apparatus authentication apparatus correspondence storage unit 213 (step 811).

  The print data generation unit 209 generates print data based on the decrypted print job, and transmits the print data to the printing apparatus 30 identified in step 811 via the print data transmission unit 212 and the network interface unit 201. (Step 812).

  Thereafter, “1” is subtracted from the number of printable copies of the print job in the second management table of FIG. 14B (step 152), and this process is terminated.

  According to such a configuration, printing of the print job is permitted until the number of printable copies of the print job corresponding to the user ID in the second management table of FIG. 14B becomes “0”. When the number of printable copies of the print job corresponding to the user ID in the second management table in FIG. 14B becomes “0”, printing of the print job by the user with this user ID is prohibited. The number of prints by group members in printing can be limited corresponding to each user.

  In this case, when the number of copies printed by each group member reaches the number of printable copies set corresponding to each user, printing of this print job is not permitted even if other conditions are met. Unnecessary printing for each time is prevented, which makes it possible to further improve security.

  The printing system and the control method thereof according to the present invention require security and can be applied to various document printing systems that permit a plurality of users to print the same print job.

  According to the present invention, the client apparatus adds a plurality of user identification information or group identification information obtained by aggregating a plurality of user identification information to the print job and transmits the print job to the server. Management information corresponding to a plurality of user identification information or group identification information, and the user identification information authenticated by authentication of the authentication device is included in the plurality of user identification information or group identification information Since the configuration is such that printing of the print job is permitted when the two match, it is possible to reliably perform security management with a simple configuration when permitting a plurality of users to print the same print job.

1 is a system configuration diagram showing an outline of a printing system according to the present invention. FIG. 2 is a block diagram illustrating an example of a detailed configuration of a print server illustrated in FIG. 1. It is a block diagram which shows an example of a detailed structure of the client apparatus shown in FIG. FIG. 4 is a diagram illustrating an example of a dialog (printer driver dialog) for inputting a print instruction to a print instruction reception unit of the client apparatus illustrated in FIG. 3. FIG. 10 is a diagram illustrating another example of a dialog (printer driver dialog) for inputting a print instruction in the client device according to the first exemplary embodiment. FIG. 5 is a diagram illustrating an example of a job management table managed by the print job management unit illustrated in FIG. 2 when a group print instruction is issued in the printer driver dialog illustrated in FIG. 3 or FIG. 4. It is a flowchart which shows the process of the client apparatus shown in FIG. 3 is a flowchart illustrating processing of the print server illustrated in FIG. 2 according to the first exemplary embodiment. It is a flowchart which shows the process of the authentication apparatus shown in FIG. FIG. 10 is a diagram illustrating an example of a dialog (printer driver dialog) for inputting a print instruction in the client device according to the second embodiment. FIG. 11 is a diagram illustrating an example of a job management table managed by the print job management unit illustrated in FIG. 2 when a group print instruction is issued in the printer driver dialog illustrated in FIG. 10. 6 is a flowchart illustrating processing of the print server illustrated in FIG. 2 according to the second exemplary embodiment. FIG. 10 is a diagram illustrating an example of a dialog (printer driver dialog) for inputting a print instruction in the client device according to the third embodiment. FIG. 14 is a diagram illustrating an example of a job management table managed by the print job management unit illustrated in FIG. 2 when a group print instruction is issued in the printer driver dialog illustrated in FIG. 13. 10 is a flowchart illustrating processing of the print server illustrated in FIG. 2 according to the third exemplary embodiment.

Explanation of symbols

10, 10-1, ... 10-m Client device 11, 11-1, ... 11-m Authentication device 12 Security card 20 Security print server 30, 30-1, ... 30-n Printing device 40, 40-1, ... 40-n authentication device 50 network 101 print instruction reception unit 102 print job generation unit 103 authentication data reception unit 104 authentication processing unit 105 authentication data transmission unit 106 authentication result reception unit 107 print job encryption unit 108 print job transmission unit 109 network interface Unit 201 Network interface unit 202 Print job reception unit 203 Print job analysis unit 204 User ID management unit 205 Print job management unit 206 Print job storage unit 207 Authentication data reception unit 208 Authentication processing unit 209 Authentication result transmission unit 210 Print job Selecting section 211 print job decoding unit 212 the print data generating unit 213 printing device authenticator correspondence relationship storage unit 214 the printing device specifying unit 215 the print data transmission unit

Claims (6)

An authentication device that performs authentication of print permission in the printing device corresponding to one or a plurality of printing devices connected to a network is provided, a print job related to a print request from a client device is stored in a server device, and the authentication device In a printing system that executes a print job stored in the server device based on the authentication of
The client device is
A print job transmission means for transmitting a print job to which a plurality of user identification information or group identification information obtained by aggregating a plurality of user identification information is added to the server device;
The server device
Print job management means for storing and managing a print job transmitted from the client device corresponding to the plurality of user identification information or the group identification information;
When the user identification information authenticated by the authentication of the authentication device matches the user identification information included in the plurality of user identification information or the group identification information managed by the print job management unit, the print job is printed. And a printing permission unit that permits printing. The print job management means includes
A first management table for managing identification information of an owner user who has transmitted the print job by the print job transmission unit corresponding to job identification information of the print job;
A second management table for managing the job identification information corresponding to the identification information of member users corresponding to the group identification information obtained by aggregating the plurality of user identification information or the plurality of user identification information,
The print job transmission means includes:
Based on the identification information of the owner user, the print job is encrypted and transmitted to the server device,
The printing permission means includes
Judging whether to permit printing of the print job based on the second management table, decoding the corresponding print job based on the identification information of the owner user managed in the first management table, and transmitting the decrypted print job to the corresponding printing apparatus. The printing system according to claim 1. The print job management means includes
Generating a plurality of print jobs corresponding to the user identification information included in the plurality of user identification information or the group identification information, and managing the generated plurality of print jobs corresponding to the job identification information,
The printing permission means includes
When the user identification information authenticated by the authentication of the authentication device matches the user identification information managed by the print job management unit, printing of a print job corresponding to the job identification information is permitted. The printing system according to claim 1. The print job transmission means includes:
Adding to the print job, copy number designation information for designating the total number of copies permitted to be printed in correspondence with the plurality of user identification information or the group identification information,
The printing permission means includes
The printing system according to any one of claims 1 to 3, wherein the total number of copies permitted to be printed for the print job is limited based on the number of copies designation information. The print job transmission means includes:
Transmitting the print job to the server device with the addition of copy number designation information for designating the number of copies permitted to be printed corresponding to each user identification information included in the plurality of user identification information or the group identification information,
The printing permission means includes
4. The printing system according to claim 1, wherein the number of copies permitted to be printed for the print job is limited for each user based on the copy number designation information. 5. An authentication device that performs authentication of print permission in the printing device corresponding to one or a plurality of printing devices connected to the network is provided, a print job related to a print instruction from a client device is stored in a server device, and the authentication device In a printing control method of a printing system for executing a print job stored in the server device based on authentication of
The client device adds a plurality of user identification information or group identification information obtained by aggregating a plurality of user identification information to the print job, and transmits the print job to the server device.
The server device manages a print job transmitted from the client device corresponding to the plurality of user identification information or the group identification information;
Printing the print job when the user identification information authenticated by the authentication of the authentication device matches the user identification information included in the plurality of user identification information or the group identification information. Control method.

Images