JP2007180975A - Network print system, print device, facsimile communication system, and facsimile device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To secure a series of printout processing, to improve use convenience by reducing a processing time, etc., and to provide the secure printout suitable for a case of transmitting a print data to another person, such as facsimile communication. <P>SOLUTION: A printer 2 includes a user authentication section 6 for comparing and verifying a biometric verification data for verifying a person performing a printout operation, with a biometric data obtained from the person performing the output operation. When the user authentication is successful, the output of the print data is permitted. The printer 2 obtains the biometric verification data from a PC 1. For the printout of an identical user, the PC 1 can specify an identical biometric verification data to the printer 2. Further, to perform the above, biometric data specification information for verification can be used to specify the biometric verification data. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a network printing system in which a printing device receives printing data from a user device via a network and performs printing, a printing device used in this type of system, and facsimile data from a transmission side device to a communication network. The present invention relates to a facsimile communication system in which a receiving-side apparatus receives and outputs via a facsimile, and a facsimile apparatus used in this type of system.

  In recent years, network printing systems in which printers receive print data from a PC via a network and perform printing have become widespread. However, in such a network printing system, the printer is located away from the PC. If a person who makes a print request to a person who receives a print request receives a printed document, there is a risk that someone else will steal it, and when handling a document that requires a high level of confidentiality, it is desirable to ensure the security against the view of the printed document. It is.

In order to ensure the safety of such a printed document, the print data encrypted by the PC is decrypted by the printer, and the person who performs the operation for instructing the output using the printer operation panel has the output authority. It is sufficient that user authentication for identifying and verifying that the user is a valid user is performed, and if the user authentication is successful, the document is printed. There has been known a printer security system that performs so-called biometric authentication using handwritten characters (handwriting) (see Patent Documents 1, 2, and 3).
JP 2001-51915 A JP 2002-127545 A JP 2003-5939 A

  However, in the conventional method, a part of a series of network printing and facsimile communication is secured, and it cannot be said that it is safe. In addition, since there are some difficulties in ease of use, there is a risk that users who are not conscious of security will not implement even if they try to fully operate in an organization. Ease of use is a very important point for ensuring the execution of security functions, and without this, it is impossible to maintain and improve the security level.

  (Patent Document 1) collects biometric data for verification necessary for fingerprint authentication by a user device, adds it to print data and transmits it, and collects biometric data from the user at the time of user authentication in the printing device Then, this is compared with the biometric data for collation of the print data, and when it is determined that the two data match, print output is performed. It should be noted that what is matched here is impossible in fingerprint authentication and should be determined as the same user.

  First, the security problem with this method is that spoofing works. Although there is a device to encrypt the data in the embodiment, a malicious third party once acquires all the print data on a communication path such as a network, and replaces the fingerprint verification data part of the authorized user with its own, It is not possible to prevent printing from being transmitted to the printing apparatus. In order to execute printing safely, it is required to detect the replacement of the fingerprint collation data in addition to data encryption.

  In terms of ease of use, for a user, by performing user authentication once in the printing apparatus, the user searches for print data that the user has the right to print from all the print data stored in the printing apparatus. It is desirable to display the data on the operation panel of the printing apparatus, and to select the print data to be printed out from among them. However, this method is not intended for such use. In this method, collation biometric data is collected by the user device and added to the print data for transmission. Therefore, when multiple prints are executed, two or more user devices are used. In some cases, the same user may use different verification biometric data, and the printing device compares and matches all the stored print data to find the print data for which the user has rights. Must be carried out. This search time increases in proportion to the number of print data stored in the printing apparatus, and the waiting time becomes longer. The length of the waiting time is also related to the security level. If the waiting time is long, the possibility that the user will leave the place increases, and the security level is lowered. In the embodiment, although the printing by the fingerprint registration number is shown, the specific processing method is not specified, and it is not clear what this is.

  Also, with this method, fingerprint authentication software must be installed on the user device, which requires labor and cost. Furthermore, if the OS of the user device changes, additional software must be prepared. This is the same when the fingerprint authentication method of the printing apparatus is changed. Also, this software may become a security hole and requires management. Once a security hole is found and a countermeasure is found, it is not easy for all user devices to respond reliably.

  It is desirable in terms of cost, management, and security that no special processing is performed in the user device as much as possible. In addition, it is preferable that such collation biometric data is not changed once set.In particular, if the biometric data for collation generated by the fingerprint authentication function of the printing apparatus is taken into the user apparatus and used continuously, the cost, It is advantageous in terms of management and security.

  In this method, when print data is exchanged between other people, there is no way to add verification biometric data on the side that receives the print data, which is not suitable for facsimile communication or the like.

  Next, in (Patent Document 2), biometrics data for verification is registered in advance in a printing apparatus, an ID number is assigned to the data, and this is added to the print data output from the user apparatus, whereby fingerprint authentication of the print data is performed. The biometric data for collation used for is designated.

  Although this method also encrypts data, it is processing inside the printing apparatus, and there is a security problem on a communication path such as a network. This is worse than (Patent Document 1), and it is not necessary to impersonate, and a malicious third party only needs to eavesdrop. If the format of the print data cannot be understood, the eavesdropper can acquire the print result by transmitting the data from which the ID number added to the print data is removed to the printer, similar to the impersonation attack.

  This method also has a problem in terms of usability. The user must register biometric data for verification in advance in all printing apparatuses that may be used. Even if you want to use the printing device temporarily on a business trip or the like, it is troublesome to register. Furthermore, when there are many departments with a lot of changes or the number of printing apparatuses is large, management operations such as registration and deletion become complicated, resulting in inconvenience of generating a large management cost. Also, when viewed from the printing device side, biometrics data for collation for all users that are expected to be used is registered in advance, regardless of the user who is performing printing, so that storage capacity is also required become. This also affects the authentication accuracy. In order to increase the recognition accuracy, it is better to increase the number of registered biometric data for verification for each user. However, if this type of correspondence is performed with this method, a larger storage capacity is required and the cost increases. Become. In addition, this also increases the data to be compared and collated, leading to a decrease in the authentication speed as the number of registered people increases. This is a usability and safety issue as explained above.

  This method is also unsuitable for exchanging print data between others such as facsimile communication. If there are two facsimile machines on the other side of the facsimile communication and one of them is selected for the convenience of the occasion, the ID number is generated by each facsimile communication without permission. However, it is necessary to change the ID number depending on the facsimile apparatus, which is troublesome to manage. This is an inconvenience caused by registering the biometric data for verification on the printing device side in advance, and can be solved by registering the biometric data for verification at the time of printing and dynamically issuing an ID number accordingly. . In this case, the user selects the biometric data for collation when transmitting the print data, and when transmitting to the same user, it is possible to transmit the same operation method even if the printing apparatuses are different. .

  The above problem is a problem caused by registering collation biometric data on the receiving side. When the collation biometric data is transmitted from the transmitting side to the receiving side, no problem occurs. However, in the method such as (Patent Document 1), the problem as described above occurs, and as already described, the verification biometric data transmitted from the transmission side to the reception side is the fingerprint of the reception side. You must use the one generated by the authentication function.

  Next, (Patent Document 3), which is substantially the same as (Patent Document 1), is different only in that decoding is performed according to the authentication result. Therefore, there is the same problem as (Patent Document 1).

  Note that it is disadvantageous in terms of execution speed to limit the decryption according to the authentication result. If the user selects the print data that he / she wants to print first from the operation panel of the printing apparatus and then performs user authentication, the internal decryption is performed from the point when the print data is selected, It is preferable to advance the printing process such as rasterization and perform the print output according to the authentication result in order to improve the print output speed. In this method, there is a risk of tampering by a malicious third party, but if this is not good, the decryption key should not be stored in the printer, but a portable storage device such as an IC card. Should be decrypted using. In this case, if the decryption process is performed from the time when the print data is selected and the IC card is inserted regardless of the user authentication, the print output speed is sufficient. When the IC card is inserted, there is no problem because the user can visually check whether a third party is tampering.

  Also, as a result of user authentication, print data with print rights is displayed on the operation panel of the printing device, and in the system that allows the user to select print data to be printed out, which print data is output immediately after authentication Since it is not known, the decryption process cannot be executed. If the decryption is forcibly executed at this point, it may take an erasing time. In this case, it is better to execute the decoding process from the time when the user selects the print data using the operation panel next time.

  The present invention has been devised to solve such problems of the prior art, and its main purpose is to make network printing and facsimile communication safe and easy to use, and by using biometrics. When performing authentication, it is configured to eliminate the burden of management, reduce the amount of data stored in the memory, reduce costs, and further reduce the processing time to improve usability. Another object of the present invention is to provide a network printing system, a printing apparatus, a facsimile communication system, and a facsimile apparatus.

  In order to solve such a problem, according to the present invention, as shown in claim 1, a printing apparatus receives print data from a user apparatus via a network, and performs printing in a network printing system that performs printing after user authentication. The apparatus includes user authentication means for verifying the identity by biometrics, and with this user authentication means, biometric data acquired from the person who performs the output operation, and verification biometric data used for identifying the identity in the user authentication, By comparing the above, it is determined whether or not the person who performs the output operation has the right to output the print data, and when the user authentication is successful, the output of the print data is permitted. The printing device obtains the biometric data for verification from the user device, and the user device is the same user. When printing, the same verification biometric data, and configured to include a biometric designation means for the same verification that can be specified for a plurality of print data.

  According to this, since the biometric data for collation of what is printed out is sent from the user device to the printing device, it is not necessary to register biometric data for all the users in advance on the printing device side. There is no need for management due to registration work associated with the introduction of a new printing apparatus, and management costs can be reduced.

  Also, when viewed from the printing device side, only the biometric data for collation for the user who executed printing is retained, which is compared to registering biometric data for collation for all users who use the printing device. Less storage capacity is required.

  In addition, in the present invention, even if the collation biometric data of the person who prints out is compared with all the collation biometric data stored in the printing apparatus, printing is executed in the printing apparatus. Since there is only collation biometric data for users, the authentication speed is faster than comparing with collation biometric data for all users. Therefore, printing is performed by performing user authentication once in the printing device. The user searches for the print data that the user has the right to print from all the print data stored in the device, displays it on the operation panel of the printing device, and selects the print data to be printed out from this. Suitable for the most user friendly method.

  Moreover, even when printing is performed a plurality of times or when the user is printing using a plurality of user devices, if the same user outputs, the same collation biometric data is used for user authentication of the print data. Therefore, it is possible to simplify the processing in the printing apparatus and improve the execution speed such as user authentication. It is particularly suitable for sending print data to others, such as facsimile communication.

  The collation biometric data is not necessarily sent before sending the print data or collation biometric data designation information described later. When the print output operation is performed, the user device prints the print biometric data. It can also be realized by being transmitted to. As described above, the transmission of the verification biometric data and the transmission of the print data and the verification biometric data designation information are not synchronized.

  Note that the user authentication unit may be an authentication device connected to the printing apparatus, and is not necessarily limited to a function in the printing apparatus.

  In the network printing system, as shown in claim 2, the verification biometric data can be composed of a plurality of verification biometric data.

  According to this, it becomes possible to increase the number of biometric data for collation for one user and improve recognition accuracy. For example, in fingerprint authentication, the biometric data that is acquired differs depending on how the finger is placed on the sensor and the orientation of the finger, so some biometric data with different angles and positions can be acquired as reference biometric data. In this case, the user authentication is less likely to be rejected depending on how the finger is inserted during user authentication. In addition, if the biometric data for collation of all users in the group is designated as collation biometric data for print data, any user in this group can print. For example, in facsimile communication, the recipients can be grouped. It is also possible to be a user, and it is convenient.

  In the network printing system, as shown in claim 3, collation biometric data is generated by collation biometric data generation means of the printing apparatus, and the printing apparatus delivers the collation biometric data to the user apparatus. The biometrics data transmission means can be provided. According to this, since it is not necessary to install user authentication software specially in the user device, it is easy to use and security management is also simplified. Moreover, the aspect of cost may be sufficient.

  In the network printing system, as shown in claim 4, the user device can include a data synthesizing unit that adds the biometric data for verification to the print data and transmits the print data. This makes it easy to specify biometric data for verification used for user authentication of print data.

  In the network printing system, as shown in claim 5, the printing apparatus includes collation biometric data comparison means for comparing two or more collation biometric data, and the printing apparatus compares the collation biometric data. When the collation biometric data determined as belonging to the same user is received again by the means, the print data transmitted in association with the previous and subsequent collation biometric data is stored in association with each other. Can be configured.

  According to this, even if the user device acquires the biometric data for verification again for some reason, the print data of the same user is still managed as one, so the processing in the printing device is simplified, The improvement of execution speed such as user authentication can be expected. Also, the storage capacity can be reduced.

  In the network printing system, as shown in claim 6, collation biometric data designation information in which the user device designates collation biometric data to designate collation biometric data used for user authentication of print data. Can be transmitted to the printing apparatus in association with the print data.

  According to this, once the verification biometric data is sent, the verification biometric data is specified by the verification biometric data specification information. Therefore, the verification biometric data specification information is changed from the verification biometric data specification information. If an ID with a small data size is used, management on the printing apparatus side can be simplified and the amount of transmission data can be reduced, which is advantageous in communication speed and traffic control. In particular, the ID may be a management number used for storing print data inside the printing apparatus.

  If the biometric data designation information for collation is used, the performance does not depend on the size of the biometric data for collation, so that it becomes easy to select a biometric method according to the user's needs. As biometrics methods, various methods such as fingerprints, voice prints, facial appearances, irises, palm prints, retinas, irises, signs (handwriting), and back vein patterns can be used.

  In addition, taking advantage of the feature that performance does not depend on the size of the biometric data for verification, it is easy to increase the number of registered biometric data for verification for each user, and the recognition accuracy can be increased. .

  In addition, since the user sends only the biometric data for verification and the same biometric data for verification can be used by the same user, it is possible to use facsimile communication data while using the biometric data specification information for verification. As described above, there is no problem in usability even when print data is transmitted to another person.

  In the network printing system, as shown in claim 7, the collation biometric data designation information designates a plurality of collation biometric data, or the collation biometric data designation information designates a plurality of collation biometric data designations. It can be composed of information.

  According to this, it becomes possible to increase the number of biometric data for collation for one user and improve recognition accuracy. In addition, if the biometric data for collation of all users in the group is designated as collation biometric data for print data, any user in this group can print. For example, in facsimile communication, the recipients can be grouped. It is also possible to be a user, and it is convenient.

  In the network printing system, as shown in claim 8, the user device can be configured to include a data synthesizing unit that adds the biometric data designation information for verification to the print data and transmits the print data. This makes it easy to specify biometric data for verification used for user authentication of print data.

  In the network printing system, as shown in claim 9, the printing apparatus includes collation biometric data designation information generation means that generates collation biometric data designation information or obtains this from other, and uses this means. Generating the biometric data specification information for verification or acquiring it from others, storing it in correspondence with the biometric data for verification received from the user device, and storing the biometric data specification information for verification in the user device It is possible to adopt a configuration in which notification is made.

  According to this, collation biometric data designation information is dynamically issued, and matching between the biometric data for collation and the biometric data designation information for collation is also performed dynamically. It is not necessary and becomes easy to use.

  In addition, since the printing apparatus issues collation biometric data designation information, the designation information is not duplicated in the printing apparatus, and the mounting of the printing apparatus is simplified. In particular, if identification information that is convenient for the printing apparatus, such as a folder number in which print data is stored, is issued as collation biometric data designation information, the implementation can be simplified.

  In the network printing system, as shown in claim 10, the printing apparatus includes collation biometric data comparison means for comparing two or more pieces of collation biometric data, and the printing apparatus compares the collation biometric data. When the collation biometric data determined by the means is received again, the collation biometric data designation information of the collation biometric data stored previously is received next. It can be configured such that notification is made as biometric data designation information for collation of biometric data.

  According to this, even if the user device acquires the biometric data for verification again for some reason, the print data of the same user is still managed as one, so the processing in the printing device is simplified, The improvement of execution speed such as user authentication can be expected. Also, the storage capacity can be reduced.

  Note that the collation biometric data designation information may continue to designate old collation biometric data, or may designate new collation biometric data.

  In the network printing system, as shown in claim 11, the user device includes collation biometrics data designation information generation means, and the collation biometrics data designation information generation means generates collation biometrics data designation information. Then, the printing device associates the matching biometric data with the matching biometric data specification information by notifying the printing device with the matching biometric data specification information in association with the matching biometric data. Can be configured to be stored.

  According to this, collation biometric data designation information is dynamically issued, and matching between the biometric data for collation and the biometric data designation information for collation is also performed dynamically. It is not necessary and becomes easy to use.

  In addition, it is necessary to devise so that the biometric data specification information for collation does not overlap in each user apparatus. For example, a unique MAC address and generation time for each user apparatus may be a part of the collation biometric data designation information.

  In the network printing system, as shown in claim 12, when the printing apparatus receives collation biometric data designation information that is not associated with any collation biometric data from the user apparatus, It is possible to adopt a configuration in which new biometric data for verification is requested to be issued. According to this, it is possible to reliably associate the matching biometric data with the matching biometric data designation information.

  In the network printing system, as shown in claim 13, the collation biometric data designation information is calculated from the collation biometric data, and at least the printing apparatus performs the collation biometric data designation. It can be set as the structure provided with the information calculation means.

  According to this, since the matching biometric data designation information is calculated from the matching biometric data, the printing apparatus needs to store the correspondence between the matching biometric data and the matching biometric data designation information. Therefore, the mounting of the printing apparatus becomes simple. For example, the verification biometric data specification information may be a hash value of the verification biometric data.

  In the network printing system, as shown in claim 14, the printing apparatus acquires biometric data from a person who performs an output operation with the user authentication unit, and biometric data determined to belong to the same user as the biometric is obtained. A configuration may be adopted in which output from the storage means is permitted and print data associated with the biometric data or the collation biometric data designation information is permitted. According to this, since the corresponding print data can be automatically extracted from the data storage means, the user's operation becomes simple and the usability can be improved.

  In the network printing system, as described in claim 15, there is print data designation information for designating print data, and the printing apparatus includes designation information input means for designating print data designation information, and performs an output operation. When the performer designates the print data designation information, the collation biometric data associated with the print data designated by the print data designation information is processed as collation biometric data to be compared and collated. It can be set as such a structure. According to this, the comparison and collation of the biometric data in the user authentication may be performed only for the collation biometric data with respect to the print data to be output, and the authentication time can be shortened.

  The print data designation information is not always given for each print data. It may be given to each user and may be user identification information for identifying the user. For example, a user PIN number or password may be used. In addition, a configuration in which the printing apparatus acquires user identification information, that is, print data designation information through communication with a portable device that stores user identification information possessed by the user himself / herself is possible.

  In the network printing system, as shown in claim 16, the printing apparatus includes designation information input means for designating collation biometric data designation information, and a person who performs an output operation can thereby perform collation biometric data. When the designation information is designated, the biometric data for collation designated by the biometric data designation information for collation can be processed as the biometric data for collation to be compared and collated. According to this, the comparison and collation of the biometric data in the user authentication may be performed only for the target collation biometric data, and the authentication time can be shortened.

  In the network printing system, as described in claim 17, the printing apparatus requests print data, collation biometric data, collation biometric data designation information, or print data designation information from a predetermined operation or user apparatus. Alternatively, it may be configured to include an erasing unit that erases when a predetermined condition is satisfied. This eliminates the need to store verification biometric data, verification biometric data specification information, and print data specification information indefinitely after printing has been completed. There is no need for troublesome management, and management costs can be reduced.

  In this case, the predetermined operation that triggers the biometric data erasing process may be an operation that is periodically performed on the printing apparatus, for example, an operation of turning off / on the main power. In addition, the predetermined condition can be satisfied on the condition that a predetermined time has elapsed. In this way, management can be simplified by erasing data through appropriate operations and conditions.

  In the network printing system, as shown in claim 18, when all the print data of the same user is deleted from the storage unit of the printing apparatus, the collation biometric data or the collation biometric data associated with the print data is stored. A configuration may be provided that includes an erasing unit that erases the metrics data designation information or the print data designation information. This eliminates the need to store verification biometric data, verification biometric data specification information, and print data specification information indefinitely after printing has been completed. There is no need for troublesome management, and management costs can be reduced.

  In the network printing system, as described in claim 19, when the printing apparatus deletes the print data, collation biometric data, collation biometric data designation information, or print data designation information, In addition, it is possible to adopt a configuration provided with confirmation means for inquiring whether or not to delete. According to this, in the case where the user can erase using the operation panel of the printing apparatus, it is possible to prevent the accidental deletion.

  In the network printing system, as shown in claim 20, the user device includes an encryption unit that encrypts a part or all of the transmission data and transmits the encrypted data to the printing device, and the printing device stores the encrypted data. It can be configured to include a decoding means for decoding. According to this, since the encrypted print data is sent from the user device to the printing device, it is possible to prevent snooping due to eavesdropping on the communication path. If the decryption is not performed at the time of reception and decryption is performed at the time of print output, it is possible to prevent leakage of print data due to theft of the storage device of the printing apparatus.

  In this case, a configuration in which the user holds the decryption key and provides the decryption key to the printing device, or obtains the encryption key from among the encryption / decryption keys generated by the printing device and provides this to the user device. It is possible to configure.

  In order to improve the print output speed, the printing apparatus may perform decryption immediately after receiving the encrypted print data from the user apparatus, and rasterize it. Also, in consideration of safety, the print output instruction may be given. Decoding may be performed later. Even when rasterizing, it is safe to re-encrypt with the encryption key held by the printing apparatus.

  In addition, although not particularly specified thereafter, when encryption / decryption is performed by the common key method, the encryption key and the decryption key are the same. Also, although not specifically stated thereafter, encryption / decryption may be performed in two or more stages, and it is assumed that such a method is also used in the present invention. For example, since the public key encryption method is heavier than the common key encryption method, when using the key of the public key encryption method, the entire data is encrypted with the common (first encryption) key. The common key is encrypted with the public (second decryption) key, transmitted, and decrypted, and conversely, the common (first decryption) key encrypted with the secret (second decryption) key And the encrypted print data is decrypted with the common (first decryption) key.

  In the network printing system, as shown in claim 21, the user apparatus and the printing apparatus can include an encryption key exchanging unit that secretly exchanges an encryption key through the network. According to this, since the encryption key and the decryption key are automatically provided in the user device and the printing device, the setting becomes simple and easy to use. Since the key exchange is performed secretly, the decryption key does not leak on the communication path.

  As a method for secretly exchanging keys, a public key encryption method such as DH (Diffie Hellman) or SSL can be used. In addition, a configuration in which a common key for key exchange is registered between devices in advance is also possible.

  In the network printing system, as described in claim 22, the printing apparatus includes an interface unit that transfers data to and from a portable object that is held by the user and that holds a decryption key that is used for decryption. When the portable object is connected to the printing apparatus by the interface means, the decryption key of the portable object can be used to decrypt at least one of the portable object and the printing apparatus. According to this, since the printing apparatus does not store the decryption key, the contents of the print data are not leaked even if the eavesdropping or the printing apparatus is stolen. In addition, no special safety measures such as a tamper resistant function are required for the printing apparatus, and the cost can be reduced.

  In the network printing system, as described in claim 23, the printing apparatus encrypts the received print data or a part or all of the processed print data using the encryption key of the individual user. And printing means. The printing apparatus further comprises interface means for transferring data to and from a portable object possessed by a user and holding a decryption key used for decryption. When the portable object is connected to the printing apparatus by the means, it is possible to use at least one of the portable object and the printing apparatus to perform decryption using the decryption key of the portable object. According to this, since the printing apparatus does not store the decryption key, the content of the print data does not leak even if the printing apparatus is stolen. In addition, no special safety measures such as a tamper resistant function are required for the printing apparatus, and the cost can be reduced.

  In the network printing system, as described in claim 24, when the print data to be printed out is selected in the printing apparatus, the decryption process can be started even before the authentication. According to this, it is possible to improve the printing output speed.

  In the network printing system, as shown in claim 25, the user device and the printing device include a digest generation unit, and the user device uses the digest generation unit to generate a digest value from a part or all of the data transmitted to the printing device. Is generated and transmitted to the printing apparatus, and the printing apparatus generates a digest value for the same data as the user apparatus performed by the digest generation means, and the digest value received from the user apparatus. In the case where they do not match, it is possible to adopt a configuration in which output of print data is not permitted.

  According to this, since it is possible to detect fraudulent replacement of collation biometric data and collation biometric data specification information, a malicious third party steals print data on the communication path and uses his / her collation biometric data and collation data. It is possible to prevent the biometric data specification information from being printed by replacing it with a regular one. In other words, it can protect against impersonation. In this case, the digest data is preferably a hash value generated by a hash function.

  In addition, since the replacement can be detected, the verification biometric data and the verification biometric data specification information can be sent to the printing apparatus as plain text without being encrypted, thereby speeding up the user authentication process. Can do.

  In the network printing system, as shown in claim 26, when the printing apparatus has an invalid access, the network printing system is provided with a notification means for notifying a predetermined notification destination or a log storage means for storing this as a log. It can be configured. According to this, it becomes possible to promptly notify the user of dangerous access, and it is possible to realize printing with higher safety.

  As described above, according to the present invention, it is possible to make a series of printing processes safe such as preventing eavesdropping and impersonation, and biometric data for each user is registered in advance in a printing apparatus or a facsimile apparatus that outputs printed matter. Therefore, it is possible to eliminate the troublesomeness of management, and further reduce the amount of data stored in the memory, reduce the manufacturing cost, and shorten the processing time. Can be improved. Moreover, it is possible to provide security printing suitable for sending print data to another person such as facsimile communication.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram showing an example of a network printing system according to the present invention. In this network printing system, a plurality of PCs (user devices) 1 and printers (printing devices) 2 for each user are connected via a LAN (network), and the printer 2 is shared by a plurality of users. Thus, a user who has instructed printing of a document on the PC 1 can receive a required print document on the printer 2. In the following figures, the network is omitted.

  First, the flow of print data will be described. A print document generated by a document data generation unit 25 such as a print document creation application or an attached scanner receives a print instruction, and is printed by a print data generation unit 26 in a predetermined page description language such as a postscript. The data is converted into data and transmitted to the printer 2 through the network control unit 3. At this time, the print data generation unit 26 adds the information of the print text name received from the document data generation unit 25 to the print data.

  In the printer 2, when the network control unit 4 receives the print data transmitted from the PC 1, the data storage unit 61 stores it in the storage device 5. When the user gives a print output instruction using the operation panel or the like of the printer 2 (the illustration of this part is omitted), the print data reading unit 62 displays the print text name of each print data stored in the storage device 5. This is read and displayed on the monitor display unit 8. When the user selects a print text name to be printed out through the key input unit 7, the user authentication unit (user authentication unit) 6 verifies whether the person who performs the output operation is a user who has the right to output this print data. When the user authentication here is successful, the print data reading unit 62 reads the selected print data, and the print processing unit 64 prints it out.

  In this example, first, print data to be output with a print text name is selected. However, the method for selecting print data is not limited to this. As shown in FIG. 16 to be described later, print data that can be printed through user authentication is displayed, and a method for selecting the print data and information for specifying the print data as shown in FIG. It is also possible to select the print data by selecting with. In the subsequent drawings, various means can be used for selecting the print data, although not particularly specified.

  Next, a user authentication flow will be described. Although not shown in the figure, the user authentication unit 6 obtains biometric data from a print output by a biometric sensor, and compares it with biometric data for verification (hereinafter referred to as verification data). User authentication. As such a method, for example, in the case of fingerprint authentication, a pattern matching method and a minutia method are well known. If the two data have a certain degree of similarity, it is determined that the person who performs the output operation is a user who has the right to output the print data, and printing is permitted. As a biometric method, any method can be used as long as it can identify and verify an individual such as a fingerprint, a face, an iris, and a palm print.

  This collation data is obtained in advance by detecting the characteristics of the user's body using a biometric sensor. In particular, the verification data is not the raw information acquired by the biometric sensor, but is extracted by a predetermined analysis algorithm. As information, for example, position information of feature points acquired by image analysis of image data, it may be management of personal information or storage capacity.

  This collation data is stored in the collation biometric data storage unit (same collation biometric designating means) 21 of the PC 1 in order to use the same collation data even if it is printed a plurality of times and is output by the same user. Prior to user authentication, the data is read by the matching biometric data reading unit 22 and transmitted to the printer 2 through the network control unit 3.

  In the printer 2, when the network control unit 4 receives the verification data transmitted from the PC 1, the data storage unit 61 stores the verification data in the storage device 5. Here, it is assumed that the print data received from the same PC for a predetermined time after the printer 2 receives the collation data, and the collation data is associated with the collation data. Thereafter, as described above, from the PC 1 to the printer 2 It is assumed that the print data has been transmitted, and the collation data and the print data are associated with each other. Note that the transmission / reception of the collation data does not necessarily have to be synchronized with the transmission / reception of the print data in this way, and the association may be performed by another method.

  When the user selects a print text name to be printed out through the key input unit 7, user authentication is performed next. Specifically, the verification biometric data reading unit 63 reads the verification data associated with the selected print data from the storage device 5 and sends it to the user authentication unit (user authentication means) 6, thereby performing user authentication. To implement. As described above, the user authentication unit (user authentication means) 6 only compares and compares the biometric data acquired from the person who performs the authentication operation with the verification data associated with the print data. This eliminates the need for prior user registration as performed by authentication, and can reduce the user management effort.

  In FIG. 1, the printer 1 is described from the PC 1, but this is not limited to this configuration, and the facsimile communication is such that the PC 1 is a transmitting facsimile machine and the printer 2 is a receiving facsimile machine. It is also possible. The same applies to the subsequent figures, although not particularly specified.

  FIG. 2 is a block diagram showing an example in which the collation data in the network printing system shown in FIG. 1 is composed of a plurality of users. The processing is exactly the same as in FIG. 1, but the verification data received by the user authentication unit 6 is that of the users A, B, and C. Therefore, the user authentication is correctly performed by the user A, the user B, and the user C, and printing is performed. It has become possible. This is convenient because it is possible to designate a particular group for printing out, particularly in facsimile communication. Here, the collation data of a plurality of users is used, but this may be different collation data of the same user. In this case, the authentication accuracy can be improved.

  FIG. 3 is a block diagram showing an example of how the collation data stored in the PC 1 is acquired in the network printing system shown in FIG. Although not shown in the figure, the user first enters the collation data creation mode in the printer 2 using the operation panel of the printer. Although this is also omitted in the figure, the biometric sensor causes the authentication data generation unit (collation data generation means) 9 to obtain biometric data from the one that performs printout, generates collation data therefrom, and The data is temporarily stored in the storage device 5.

  Next, the user requests the printer to transmit verification data to the printer. Specifically, the following processing is performed. The collation biometric data storage unit 28 uses the monitor display unit 14 to display an address information input screen. The user uses the key input unit 13 to input the address information of the printer 2 in which the collation data has been registered on the address information input screen. The verification biometric data storage unit 28 transmits a verification data transmission request to the printer 2 based on the address information. In the printer 2, the collation biometric data transmission unit (collation data transmission means) 65 receives this, reads the collation data that has been temporarily stored earlier from the storage device 5, and transmits it to the PC 1. The printer 2 may delete the verification data immediately after this, or may delete it after reaching a certain number of accesses in consideration of receiving requests from a plurality of PCs. The erasing method is not limited to these methods. In the PC 1, the collation biometric data storage unit 28 receives this and stores it in the collation biometric data storage unit 21. Thus, the user can acquire the authentication data without installing the authentication software on the PC 1, and the cost can be reduced and the security management of the authentication software is not required.

  Note that collation biometric transmission for passing collation data from the printer 2 to the PC 1 is not limited to the method described here. A method of using the Embedded Web (Web server) function of the printer 2 or a portable storage device such as an SD card can be used for delivery, which is easier to use.

  In this example, the verification data is generated by the authentication data generation unit (verification data generation means) 9. However, in the actual implementation, if the user authentication unit 6 performs this, the processing routines do not overlap. good.

  FIG. 4 is a block diagram illustrating an example of correspondence between collation data and print data in the network printing system illustrated in FIG. The PC 1 associates the collation data with the print data by the data synthesis unit (data synthesis means) 27 in order to associate the collation data with the print data. This makes it possible to easily associate the title bio with the print data. Here, it is described that the collation data is stored in both the collation biometrics data storage unit and the print data storage unit in the storage device 5, but this is illustrated for convenience for easy understanding. The reference bio is not limited to memorize in one place. The same applies to the subsequent drawings. The data display in the storage device is for convenience only.

  FIG. 5 is a block diagram showing an example of correspondence between collation data and print data in the network printing system shown in FIG. It is assumed that the same user uses the collation data A and the collation data B, and the collation data A is first stored in the printer 2 and then the collation data B is received. Here, although it has been described that two different pieces of collation data are used on the same PC, it is also possible that the user uses different pieces of collation data on two PCs.

  As described with reference to FIG. 4, the collation data is added to the print data in the PC 1 and transmitted to the printer 2. The difference from FIG. 4 is that the printer 2 does not immediately store it in the storage device 5 by the data storage unit 61, but first receives it by the biometric data collation unit (collation biometric data comparison means) 72. When the biometric data collation unit (collation biometrics data comparison unit) 72 receives the collation data, the collation biometric data reading unit 63 sequentially calls the collation data stored in the storage device 5, and this is referred to as biometric data collation. Part (verification biometrics data comparison means) 72. The biometric data collation unit (collation biometric data comparison unit) 72 sequentially compares and collates the collation data received from the PC 1 and the existing collation data read from the storage device 5 by the collation biometric data reading unit 63. Check whether the user verification data is already stored. If collation data for the same user is stored, the newly received collation data is replaced with the previously stored collation data for the user, and the previously stored collation data and print data for the user are stored in the data. The data is stored in the storage device 5 through the storage unit 61. If the result of checking all the collation data in the storage device 5 is that there is no one from the same user, the printer 2 sends the received collation data and print data to the storage device 5 through the data storage unit 61 as in FIG. To remember.

  As a result, print data of the same user can be combined into one, and the storage capacity can be reduced. The user authentication method here is intentionally changed from the user authentication method shown in FIG. 4 in order to clearly show this effect. First, although not shown in the figure, the user authentication unit 6 acquires biometric data from the one to be printed out by the biometric sensor. In accordance with this, the collation biometric data reading unit 63 reads the collation data from the storage device 5 and sends it to the user authentication unit 6. The user authentication unit 6 compares and collates the two biometric data. When it is not determined that the user belongs to the same user, the matching biometric data reading unit 63 sequentially reads the matching data and performs the same operation. When the collation data determined to be the same user is found, the user authentication unit 6 notifies the print data reading unit 62 that the collation data is permitted to print the print data used for user authentication. As a result, the user can quickly print all of the user's print data with one user authentication, which improves usability. If the same user's collation data is stored separately, this user authentication must be compared with all the collation data stored in the storage device 5, which takes time and impairs usability. . It is easier to use the print data if the print data that can be printed is displayed on the operation panel of the printer 2 and the user selects the print data instead of immediately printing all the print data of the user.

  The determination of the collation data in the biometrics data collation unit 72 is a comparison collation equivalent to that of the user authentication unit 6. In the actual implementation, the biometrics data collation unit 72 is substituted for the user authentication unit 6. If so, it is not necessary to implement the same processing routine.

  FIG. 6 is a block diagram showing an example of correspondence between collation data and print data in the network printing system shown in FIG. The print data flow is the same as in FIG.

  Next, a user authentication flow will be described. Although not shown in the figure, the user authentication unit 6 acquires biometric data from a print output by a biometric sensor, and compares this with the verification data to perform user authentication.

  This collation data is stored in the collation biometric data storage unit 21 of the PC 1, read by the collation biometric data reading unit 22 prior to user authentication, and transmitted to the printer 2 through the network control unit 3. . Note that the transmission of the verification data does not synchronize with the transmission of print data, and it is sufficient that the verification data is transmitted at least once before user authentication. In the printer 2, when the network control unit 4 receives the verification data transmitted from the PC 1, the data storage unit 61 stores the verification data in the storage device 5.

  In the print data transmitted to the printer 2, the PC 1 clearly indicates which collation data is to be used, but does not send the collation data every time in association with the print data. (Referred to as designation information) is sent in association with the print data data. For example, as in FIG. 1, the printer 2 can receive print data received from the same PC for a certain period of time after receiving the designation information, and can associate the print data with the designation information. As in FIG. 1, this association is not limited to this method.

  The designation information may be any information as long as it can identify the collation data. For example, the designation information may indicate storage position information of the storage device 5 that stores the collation data. In this case, the PC 1 may request the storage position when transmitting the collation data, or the printer 2 may transmit the storage position information to the PC 1 when the collation data is received.

  Specifically, this designation information is stored in the collation biometric data designation information storage unit 23 of the PC 1 in association with the collation data, read by the collation biometric data designation information reading unit 24, and The data is transmitted to the printer 2 through the control unit 3. In the printer 2, when the network control unit 4 receives the designation information transmitted from the PC 1, the data storage unit 61 stores the designation information in the storage device 5 in association with the print data. Thereafter, it is assumed that the above-described printing is performed within a predetermined time, and the designation information and the print data are associated with each other.

  When the user selects a print text name to be printed out through the key input unit 7, user authentication is performed next. Specifically, the designation information associated with the selected print data is read out by the print data reading unit 62, and on the basis of this designation information, the matching biometric data reading unit 63 receives the matching data from the storage device 5. The user authentication is performed by reading and sending this to the user authentication unit 6.

  In this way, it is possible to associate the collation data with the print data using the designation information. If the designation information is smaller than the collation data, the communication speed can be improved. In addition, if a plurality of pieces of collation data of the user are indicated by one designation information, it is possible to improve the authentication accuracy while maintaining the performance. Moreover, if this designation information is used as a storage number used in the printer 2, the printer 2 can be easily mounted and the performance can be improved.

  FIG. 7 is a block diagram showing an example of correspondence between collation data and print data in the network printing system shown in FIG. FIG. 7 uses the designation information as in FIG. 6, but this is performed by a method different from that in FIG. 6. Here, the collation biometric data reading unit 22 of the PC 1 transmits the collation data to the printer 2 in response to a request from the printer 2. Specifically, when the user selects a print text name to be printed out through the key input unit 7 in the printer 2, the designation information associated with the selected print data is read out by the print data reading unit 62, The collation biometric data reading unit 63 requests the collation biometric data reading unit 22 to transmit the collation data corresponding to the designation information, and in response to this, the collation biometric data reading unit 22 receives the collation biometric data. The collation data is sent to the reading unit 63. In this case, information indicating from which PC the collation data is acquired may be added to the specified information. Thereby, the same effect as FIG. 6 can be expected.

  FIG. 8 is a block diagram showing an example in which the collation data in the network printing system shown in FIG. 6 is composed of collation data of a plurality of users. The processing is exactly the same as in FIG. 6, but the verification data received by the user authentication unit 6 is that of the users A, B, and C. Therefore, the user authentication is correctly performed by the user A, the user B, and the user C, and printing is performed It has become possible. This is convenient because it is possible to designate a particular group for printing out, particularly in facsimile communication. Here, the collation data of a plurality of users is used, but this may be different collation data of the same user. In this case, the authentication accuracy can be improved.

  FIG. 9 is a block diagram illustrating an example of correspondence between designation information and print data in the network printing system illustrated in FIG. 6. The PC 1 adds the designation information to the print data by the data synthesis unit (data synthesis means) 27 in order to associate the designation information with the print data. This makes it possible to easily associate the print data with the specified information.

  FIG. 10 is a block diagram showing an example of correspondence between collation data and designation information in the network printing system shown in FIG. When associating the collation data with the designation information, when the printer 2 stores the collation data, the designation information generating unit (collation biometrics data designation information generating means) 71 stores designation information such as a number in the collation data. And the collation data and the designation information are stored in the storage device 5 by the data storage unit 61. The designation information issued at this time is transmitted to the designation information storage unit 31 of the PC 1 by the designation information generation unit (collation biometric data designation information generation means) 71, and the designation information storage unit 31 designates the collation biometric data designation. It is stored in the information storage unit 23. As a result, it is possible to automatically determine the correspondence between the collation data and the specified information between the PC and the printer, and it is not necessary to determine the correspondence in advance, so that labor can be saved.

  FIG. 11 is a block diagram showing an example of correspondence between collation data and designation information in the network printing system shown in FIG. In FIG. 11, unlike FIG. 10, when the printer 2 receives the collation data from the PC 1, it does not immediately issue the designation information, but checks whether the collation data has been received once.

  Specifically, when the printer 2 receives the collation data, the collation biometric data reading unit 63 sequentially calls the collation data stored in the storage device 5, and this is called a biometric data collation unit (comparison biometric data comparison). Means) to 72. The biometric data collation unit (collation biometric data comparison unit) 72 sequentially compares and collates the collation data newly received from the PC 1 and the existing collation data read from the storage device 5 by the collation biometric data reading unit 63. It is checked whether the collation data of the same user is already stored. If collation data of the same user is stored, the existing designation information issued for the collation data is transmitted to the PC 1 as designation information for the newly issued collation data. If the result of checking all the collation data in the storage device 5 is that there is no one for the same user, the printer 2 issues new designation information to the PC 1 by the method described in FIG. Information is stored in the storage device 5. As a result, the print data and designation information of the same user can be combined into one, and the storage capacity can be reduced. In such a configuration, the authentication speed can be increased.

  When the user replaces the PC, the collation data may be taken into the PC again. There is a corresponding method as described with reference to FIG. 5, but the method described here may be faster in processing speed when print data is repeatedly transmitted and received.

  The determination of the collation data in the biometrics data collation unit 72 is a comparison collation equivalent to that of the user authentication unit 6. In the actual implementation, the biometrics data collation unit 72 is substituted for the user authentication unit 6. If so, it is not necessary to implement the same processing routine.

  As described above, when the PC 1 transmits two different verification data of the same user to the printer 2, after the printer 2 issues the existing designation information to the PC 1, the newly transmitted verification data is You can delete it. In the case of an information structure in which the existing designation information can point to new collation data, the existing collation data can be replaced with new collation data. In this case, it is sufficient to leave the verification data with higher quality for user authentication and delete the verification data with poor quality.

FIG. 12 is a block diagram showing another example of the correspondence between the collation data and the designation information in the network printing system shown in FIG. Here, the PC 1 generates designation information in association with the collation data, and sends it to the printer 2. Specifically, when the PC 1 receives the collation data, the designation information generation unit (collation biometric data designation information generation means) 32 generates designation information indicating the collation data. Then, the designation information storage unit 31 stores this designation information in the collation biometric data designation information storage unit 23 in association with the collation data. Also, the designation information generation unit (collation biometric data designation information generation means) 32 synthesizes the collation data with the designation information and transmits it to the printer 2. In the printer 2, the data storage unit 61 stores this in the storage device 5. As a result, like FIG. 10 and FIG. 11, it is possible to automatically determine the correspondence between the collation data and the designated information between the PC and the printer, and it is not necessary to determine the correspondence in advance. become.
In this case, a unique value such as a PC network address may be a part of the designation information so that the same designation information is not issued by a plurality of PCs.

  FIG. 13 is a block diagram showing an example of the correspondence between the collation data and the designation information in the network printing system shown in FIG. In FIG. 12, the correspondence between the collation data and the designation information is transmitted from the PC 1 to the printer 2 before sending the print data, but here the correspondence is not completed by the PC 1 before the correspondence is transmitted. An example of processing when designation information is added to print data and transmitted to a printer is shown.

  It is assumed that collation data and designation information are associated with each other in the PC 1 in advance.

  When the printer 2 receives the print data to which the designation information is added, the printer 2 stores the print data in the storage device 5 through the data storage unit 61 and simultaneously sends the designation information to the collation biometric data read unit 63 to read the collation biometric data. The unit 63 checks whether collation data can be extracted from the storage device 5 from now on. If it cannot be extracted, this designation information is not yet stored in correspondence with the collation data, so this is notified to the collation data request command generation unit 75, and the collation data request command generation unit 75 corresponds to this designation information. The PC 1 is requested to issue verification data to be attached. When the PC 1 receives this request, the collation biometric data reading unit 22 reads the collation data of the designated information from the collation biometric data storage unit 21 and sends it to the printer 2. When the printer 2 receives the collation data, it stores it in the storage device 5 through the data storage unit 61 in association with the previous designation information. Although it has been described that the printer 2 checks whether the collation data exists when receiving the print data, and if there is no collation data, it issues the collation data issuance request to the PC 1, this may be during user authentication.

  FIG. 14 is a block diagram showing another example of correspondence between collation data and designation information in the network printing system shown in FIG. Here, the designation information is a hash value calculated from the collation data. In addition, although it is set as the hash value here, the data calculated from collation data are not restricted to this. In this case, since the designation information is derived from the collation data by calculation, it is not necessary to exchange the designation information between the PC 1 and the printer 2, and basically the same as the description of FIG. A significant difference from FIG. 6 is that the verification data is called from the hash value.

  When the user selects a print text name to be printed out through the key input unit 7, the hash value added to the selected print data is read out by the print data reading unit 62 and sent to the hash value matching unit. The collation biometric data reading unit 63 sequentially reads the collation data from the storage device and sends it to the hash value calculation unit (collation biometric designation information calculation means for collation) 73. The hash value calculation unit (collation biometric designation information calculation unit) 73 calculates a hash value of the read collation data and sends it to the hash value collation unit 74. The hash value collation unit 74 compares the hash value added to the print data with the hash value of the collation data read and calculated. Until the two data match, the matching biometric data reading unit 63 sequentially reads the matching data stored from the storage device and performs the same operation. When both data match in the hash value matching unit 74, this is notified to the matching biometric data reading unit 63. The verification biometrics data reading unit 63 sends the verification data having the matched hash value to the user authentication unit 6 and uses it as verification data for user authentication. In this way, since the designated information is the hash value of the collation data, unlike FIG. 10 to FIG. 13, it is not necessary to exchange the correspondence information between the collation data and the designation information in advance, and the labor can be saved. Moreover, since the designation information is uniquely and uniquely determined, the designation information does not have to be issued as a tab.

  FIG. 15 is a block diagram showing an example of correspondence between collation data and designation information in the network printing system shown in FIG. Here, in order to perform print output at a high speed, a part of the invention is devised with respect to FIG. When the printer 2 receives the collation data from the PC 1, it is not immediately stored in the storage device 5, but a hash calculation unit (collation biometric designation information calculation means) 73 obtains a hash value of the collation data. The data is combined and sent to the data storage unit 61, and the data storage unit 61 stores this combined data in the storage device 5.

  When the user selects a print text name to be printed out through the key input unit 7, the hash value added to the selected print data is read out by the print data reading unit 62 and stored in the collation biometric data reading unit 63. The verification data having this hash is read from the device 5 and sent to the user authentication unit 64. As described above, since the hash value is obtained in advance when storing the collation data in the storage device 5 and stored together, it is easy to find the corresponding collation data stored in the storage device 5 from the hash value. ing.

  FIG. 16 is a block diagram showing another example of user authentication in the network printing system shown in FIG. Here, when the user completes the user authentication based on the biometric data once in the printer 2, the user authentication is omitted for subsequent print data output requests. The complexity of performing user authentication can be avoided.

  Specifically, the following processing is performed. First, although not shown in the figure, the user authentication unit 6 acquires biometric data from the one to be printed out by the biometric sensor. In accordance with this, the collation biometric data reading unit 63 reads the collation data from the storage device (storage unit) 5 and sends it to the user authentication unit 6. The user authentication unit 6 compares and collates the two biometric data. When it is not determined that the user belongs to the same user, the matching biometric data reading unit 63 sequentially reads the matching data and performs the same operation. When the collation data determined to belong to the same user is found, the user authentication unit 6 notifies the print data reading unit 62 that printing of print data having the designation information of the collation data is permitted.

  The print data reading unit 62 reads the print text name of each print data permitted to be printed stored in the storage device (storage unit) 5 and displays it on the monitor display unit 8. When the user selects a print text name to be printed out through the key input unit 7, the selected print data is read out by the print data reading unit 62 and is printed out by the print output unit 64.

  FIG. 17 is a block diagram showing another example of user authentication in the network printing system shown in FIG. Here, print data printing designation information for designating print data (hereinafter referred to as print designation information. The designation information is referred to as collation designation information only in the explanation of this figure for easy identification). Yes, so that print data to be printed out can be specified. The print designation information may be changed for each print data. However, if the operation is to provide the print designation information for each user, that is, if the print designation information is used as user identification information, it may be easy for the user to use. For example, a password set individually by the user, an employee number, a PIN (personal identification number), or the like may be used as the print designation information.

  In the PC 1, print designation information is added to each print data in addition to the collation designation information, and is transmitted to the printer 2. In the printer 2, this is stored in the storage device 5 through the data storage unit 61. In order to perform print output, the user first inputs the print designation information of print data to be printed using the key input unit (designation information input means) 7 of the printer 2. In this case, it is convenient if the print designation information is a number such as an ID.

  The print data reading unit 62 reads the collation designation information of the corresponding print data from the storage device 5 based on the print designation information input by the key, and sends this to the collation biometric reading unit 63. The collation biometrics reading unit 63 reads the collation data corresponding to the collation designation information from the storage device 5 and sends it to the user authentication unit 6. Although not shown in the figure, the user authentication unit 6 acquires biometric data from a print output by a biometric sensor and compares it with collation data. When it is determined that they belong to the same user, the user authentication unit 6 notifies the print data reading unit 62 that printing of print data having the designation information of the collation data is permitted. Thereafter, all the printing designated by the collation designation information may be performed, or print data to be printed again may be selected from these as shown in FIG. Thus, the user can avoid the trouble of searching for print output from all print data including print data of others.

  18 is a block diagram showing another example of user authentication in the network printing system shown in FIG. Here, when the user inputs key information on the printer 2, collation data corresponding to the designation information is read out, and user authentication is performed based on the collation data. User authentication is omitted for subsequent print data output requests, thereby avoiding the complexity of performing user authentication for each print job.

  Specifically, the following processing is performed. First, the user uses the key input unit (designated information input means) 7 to input designation information for designating collation data used for user authentication. In this case, it is convenient if the designation information is a number such as an ID. The collation biometric data reading unit 63 reads the corresponding collation data from the storage device 5 based on the designation information input by the key, and sends it to the user authentication unit 6. Although not shown in the figure, the user authentication unit 6 acquires biometric data from a print output by a biometric sensor and compares it with collation data. If it is determined that they belong to the same user, the user authentication unit 6 notifies the print data reading unit 62 that printing of the specified information of the collation data is permitted. Thereafter, all of the printing may be performed, or as shown in FIG. 16, the user may select print data permitted to be printed, and the selected print data may be printed.

  FIG. 19 is a block diagram showing an example of collation data deletion in the network printing system shown in FIG. 1 or FIG. Here, in the printer 2, the time from when the collation data is stored is measured, the time lapse measuring unit 109 updates and checks the time, and when a predetermined time elapses, the data erasing unit (data erasing means) ) 81 is instructed to delete the corresponding verification data. Thereby, collation data that has not been used indefinitely is not saved, the storage capacity can be reduced, and the labor of management can be reduced. If the print data is sent from the PC 1 with the specified information of the erased collation data after the collation data is erased, for example, recovery may be performed by a method as shown in FIG.

  FIG. 20 is a block diagram showing another example of collation data deletion in the network printing system shown in FIG. Here, in the printer 2, the collation data is erased when all the print data that uses certain collation data for user authentication is erased from the storage device. The print data reading unit 62 erases the called print data from the storage device (storage means) 5 as needed, and all the print data having the collation A designation information has been printed. It is checked whether all the data has been deleted from the storage device (storage means) 5, and when all the print data is lost, a notification is sent to the data erasure unit (data erasure means) 81 to delete the corresponding verification data. As a result, the collation data can be erased at the print output timing, so that the storage capacity can be reduced and the labor of management can be reduced.

  FIG. 21 is a block diagram showing an example of collation data erasure in the network printing system shown in FIG. Here, in the printer 2, when deleting the collation data, a deletion permission is requested from a predetermined PC. By performing the confirmation in this way, an erroneous operation can be prevented, so that it is possible to add a function that enables the printer to delete the collation data by a predetermined operation. For example, it may be deleted in accordance with the operation of turning off / on the main power of the printer 2.

  For example, as in FIG. 20, when the print data reading unit 62 in the printer 2 prints all the print data of certain collation data and wants to erase the collation data, first, the data erasure request unit (confirmation means) 82 A predetermined notification destination address is read from the address storage unit, and an inquiry is made here. In response to this, the data erasure instruction unit 41 of the PC 1 displays an inquiry on the monitor display unit 10 and waits for an instruction from the user. When the user instructs erasure through the key input unit 11, the data erasure instruction unit 41 transmits the erasure instruction to the printer 2. In response to this, the data erasing unit 81 of the printer 2 erases the corresponding verification data. Although the inquiry destination is set in advance here, there is a method of adding the inquiry destination information to the print data, the designation information, or the collation data, and the method is not limited to such a method. Absent.

  22 is a block diagram showing an example of data encryption / decryption in the network printing system shown in FIG. Here, in the PC 1, the encryption key of the user who is the print request source is held in the encryption key storage unit 41, and the print data and the specified information are encrypted by the encryption unit (encryption unit) 42 using the encryption key. The encrypted data is transmitted to the printer 2. On the other hand, in the printer 2, the decryption key of the user is held in the decryption key storage unit 91. Using this decryption key, the decryption unit (decryption means) 92 decrypts the encrypted data received from the PC 1. The decrypted data is stored in the storage device 5 through the data storage unit 61. Here, the encryption / decryption key is the user's personal key, but is not limited to the user's personal key. If the key is a user's personal key, the degree of security only increases. For example, it can be used as a device key.

  This prevents eavesdropping on the print data on the network, and a malicious third party temporarily stores the encrypted print data, replaces the authorized designation information part with its own, and sends the encrypted print data to the printer again. Thus, it is possible to prevent an attack such as obtaining a printed matter.

  Although the encryption key and the decryption key are described separately here, in the common key encryption method, the two are the same. The same applies to the following figures.

  If the encryption key and decryption key are based on the public key encryption method, encrypting all data with this encryption key is heavy and takes a lot of time, so a common key is used on the PC side. If this encryption is performed and this common key is encrypted with this encryption key, the processing can be light. On the contrary, the decryption on the printer side is performed by first decrypting the common key encrypted with the decryption key, extracting the common key, and then decrypting all the data encrypted with this common key. . Although not specifically mentioned, it is possible to use such a technique even in the figures below.

  FIG. 23 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. Here, the encryption key is stored in the encryption key storage unit 93 of the printer 2, and in response to a request from the encryption key receiving unit (encryption key exchange unit) 43 of the PC 1, the encryption key transmission unit (encryption key exchange unit) of the printer 2. ) 94 sends the encryption key to the encryption key receiving unit (encryption key exchanging means) 43, whereby the data is encrypted. This eliminates the need for the user to set a personal decryption key in advance in the printer, saving labor.

  However, since the encryption key may be wiretapped on the network, the decryption key should not be analogized by this. In this case, it is safe if a public key encryption method is used and the public key is an encryption key. Here, the method of sending the encryption key from the printer 2 to the PC 1 has been described. However, the encryption key is transmitted to the PC 1 by exchanging the seed for generating the encryption / decryption key as in the DH (Diffie-Hellman) key exchange method. May be passed.

  FIG. 24 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. Here, as in FIG. 22, the encryption / decryption key uses the user's personal key. However, the decryption key is stored in the decryption key storage unit 95 in the portable storage device owned by the user. Specifically, it is as follows. In the PC 1, the encryption key of the user who is the print request source is held in the encryption key storage unit 41, and the print data and the specified information are encrypted by the encryption unit 42 using the encryption key. 2 is transmitted. Note that the information part of the printed text name is not encrypted. On the other hand, the printer 2 stores the encrypted data in the storage device 5 through the data storage unit 51.

  When the user gives a print output instruction, the print data reading unit 62 reads the print text name of each print data stored in the storage device 5 and displays it on the monitor display unit 8. The printer 2 is provided with an I / F (interface means) section 12 that enables data transfer to and from the I / F section (interface means) 13 of the portable storage device. When the text name is selected through the key input unit 7, the print data reading unit 62 first reads out the corresponding encrypted designation information, and then reads it through both I / F (interface means) units, and the decrypting unit 96 in the portable storage device. Send to. The decryption unit 96 calls the decryption key from the decryption key storage unit 95, decrypts the encrypted designation information, and sends it to the collation biometric data reading unit 63 again through both I / F (interface means) units. . Based on the designation information, the verification biometric data reading unit 63 reads the corresponding verification data from the storage device 5 and sends it to the user authentication unit 6. The user authentication unit 6 verifies whether the person who performs the output operation is a user who has the right to output the print data. If the user authentication is successful, the print data reading unit 62 is notified of the print permission. The print data reading unit 62 calls the corresponding print data from the storage device and sends it to the decoding unit 96 in the portable storage device through both I / F (interface means) units. The decryption unit 96 also calls the decryption key from the decryption key storage unit 95, decrypts the encrypted print data, and sends it to the print processing unit 6 again through both I / F (interface means) units.

  As described above, when the form storage device owned by the individual user is used, the management of the decryption key becomes very secure. Note that the portable device here may be any device that can transfer data to and from the printer using a suitable wired or wireless communication medium. In particular, the portable device uses a contact-type or non-contact proximity communication interface. For example, a so-called IC card in which a memory or a CPU is embedded in the card is also suitable. In the case of an IC card, there is also an anti-tamper function, which further increases safety. However, this is not limited to an IC card, and a simple portable memory such as a USB memory or an SD card may be used. However, in the case of a mere memory, the decryption processing function is not installed inside, and in this case, the printer must call the decryption key from the portable storage device and decrypt it in the printer. The same processing may be performed with an IC card. However, when there is a decryption processing function, it is safer to use a portable storage device as much as possible because there is no key extraction.

  If print output is performed at the time when the portable storage device is pulled out from the printer 2, it may be possible to prevent forgetting to remove the portable storage device. The same applies to the following drawings using a portable device.

  In this example, the portable storage device is connected only to the printer, but this is also connected to the PC that performs encryption, and encryption is performed within the portable storage device, or an encryption key is obtained from the portable storage device. Encryption can also be performed within the calling PC. Furthermore, an encryption / decryption key can be generated by a PC, and the decryption key can be stored in the portable storage device.

  FIG. 25 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. Here, as in FIG. 22, the PC 1 encrypts the print data and the designation information and transmits them to the printer 2. Here, the keys used in this case are the first encryption key and the first decryption key. If this is also a public key cryptosystem, it is this common key that uses the common key on the PC, encrypts the print data and the specified information, and encrypts it with the first encryption key. be able to.

  First, the difference from FIG. 22 is that the PC 1 has the second encryption key storage unit 44, from which the second encryption key is read and transmitted from the PC 1 to the printer. Here, the second encryption key may be sent after being encrypted with the first encryption key. However, when the second encryption key is a public key in the public key encryption method, it is not necessary to encrypt the second encryption key.

  Next, the difference from FIG. 22 is that after the print data encrypted by the decryption unit 92 of the printer 2 is decrypted, the data processing unit 97 rasterizes the print data. The print data and the designation information are encrypted by the encryption unit 98 (encryption means) using the second encryption key received from the PC 1 and stored. In FIG. 22 and FIG. 23, it is possible to increase the print processing speed by performing this data processing in advance at the time of reception, but in FIG. 20, this is re-encrypted to make it safe.

  As shown in FIGS. 22 and 23, when the decrypted data is stored in the storage device 5, the storage device 5 of the printer becomes a security hole. Therefore, when data is once decrypted for data processing, it is preferable to re-encrypt it and store it. In this case, this may be performed using an encryption / decryption key stored in the printer, but care must be taken because storage of this key also becomes a security hole. As described here, if this is encrypted with an encryption key that is paired with the decryption key in the portable storage device owned by the user, the storage state is the same as in FIG. 24, which is very secure. . The method described here is devised so as to realize data processing at the time of reception while maintaining the safety level realized by the method of FIG.

  Here, the first encryption key may be provided from the printer 2 to the PC 1 as shown in FIG.

  When the second encryption / decryption key is of the public key encryption system, the print data and the specified information processed with the common key generated by the printer or the PC 1 are encrypted at the time of re-encryption. Encrypting with an encryption key is good for improving processing speed.

  FIG. 26 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. Here, substantially the same processing as in FIG. 24 is performed. The difference from FIG. 24 is that when the user issues a print output instruction, the encrypted print data is immediately decrypted. However, until the user authentication is performed, the print data is stored in the print processing unit and is not output. Thereby, the print output speed after user authentication can be improved, and usability can be improved.

  Specifically, the following processing is performed. When a user issues a print output instruction, the print data reading unit 62 reads the print text name of each print data stored in the storage device 5 and displays it on the monitor display unit 8. The printer 2 is provided with an I / F unit 12 that enables data transfer to and from the I / F unit 13 of the portable storage device, and the user can input a print text name to be printed out by the key input unit 7. The print data reading unit 62 reads the corresponding encrypted designation information and print data and sends them to the decryption unit 96 in the portable storage device through both I / F units. The decryption unit 96 calls the decryption key from the decryption key storage unit 95 and decrypts the encrypted designation information and print data. Among these, the designation information is passed through both I / F units and the collation biometrics data reading unit 63. Send to. The print data is sent to the print processing unit 6 through both I / F units. The print processing unit executes processing such as rasterization of print data, and even if the processing ends, the print processing unit enters a user authentication waiting state.

  In the user authentication unit 6, it is verified whether the person who performs the output operation is a user who has the right to output this print data. If the user authentication is successful, the print processing unit 64 is notified of the print permission, Print output is performed.

  Although not explicitly shown in FIG. 24, the portable storage device is described here as being inserted prior to user authentication.

  FIG. 27 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. Here, as in FIG. 23, the encryption key is transferred from the printer 2 to the PC 1, and encryption is performed. First, the difference from FIG. 23 is that a digest value of the combined data of the specified information and the print data is calculated in the digest generation unit (digest generation means) 45 in the PC 1, and the digest value and the print data are encrypted in the encryption unit 43. It is where it is done. As a result, the designation information can be transmitted from the PC 1 to the printer 2 without being encrypted. Even if a malicious third party temporarily saves the encrypted print data, replaces the regular designated information part with its own, and sends the encrypted print data to the printer again, it takes an attack that acquires the printed matter. This is because the digest value cannot be rewritten, and this illegal printing action can be detected. As a result, the specified information can be stored in the printer 2 without being encrypted, so that the print output speed can be improved. The digest value should be hash-calculated. Note that the information part of the printed text name is not encrypted.

  The data synthesis unit 27 synthesizes the unencrypted designation information, the encrypted digest value, and the print data, and transmits them to the printer 2. On the other hand, unlike FIG. 23, the printer 2 stores the synthesized data in the storage device 5 through the data storage unit 61 without being decoded. By doing so, a malicious third party is prevented from replacing the designated information with his / her own in the storage device 5. Desirably, encryption / decryption is performed using a form device owned by the individual user as in FIG. Become safer.

  When the user issues a print output instruction, the print data reading unit 62 reads the print text name of each print data stored in the storage device 5 and displays it on the monitor display unit 8. When the user selects a print text name to be printed out through the key input unit 7, the print data reading unit 62 first reads the corresponding designation information and sends it to the collation biometric data reading unit 63. Based on the designation information, the verification biometric data reading unit 63 reads the corresponding verification data from the storage device 5 and sends it to the user authentication unit 6. The user authentication unit (user authentication means) 6 verifies whether the person who performs the output operation is a user who has the right to output the print data. If the user authentication is successful, the print permission is read out. The print data reading unit 62 calls the corresponding encrypted print data and digest value from the storage device and sends them to the decryption unit 92. The decryption unit 92 calls the decryption key from the decryption key storage unit 91, decrypts the encrypted print data and digest, sends the print data to the print processing unit 64, and the digest value is a digest determination unit (digest comparison unit). ) Send to 98. The digest generation unit (digest generation unit) 97 generates a digest value from the decoded print data and the designation information read out earlier, and sends it to the digest determination unit (digest generation unit) 98. A digest determination unit (digest generation unit) 98 determines whether or not two digest values match, and if they match, notifies the print processing unit 64 of print permission. The print processing unit 64 executes print output processing when printing permission is received. It should be noted that it is not necessary to make the main printing until permission to print, and during that time, some data processing such as rasterization processing may be executed in advance.

  FIG. 28 is a block diagram showing a detection method when an unauthorized operation is performed in the network printing system shown in FIG. Here, processing when user authentication fails is shown. If the authentication fails, the user authentication unit 6 does not give the print permission and does not proceed to the printing operation. Then, the user authentication unit 6 instructs the warning mail creation unit (notification unit) 101 to send a warning e-mail. The warning mail creation unit 101 obtains notification destination e-mail address information from the address storage unit 100 in which pre-warning e-mail address information is registered, and notifies the PC 1 of fraud through the mail server 14. In the PC 1, the mail receiving unit 51 receives this and displays it on the monitor display unit 10 to notify the authorized user.

  Here, the warning is issued using e-mail, but this is not limited to e-mail, and may be a general network notification such as telephone or TRAP. Even if the printer 2 does not actively notify the PC 1, a log may be left in the printer, and the user may view the log through the operation panel of the printer 2 or the Embedded Web.

  Although the notification destination address information is described as being registered in advance here, this information may be added to the print data, the collation data, or the specified information.

  The network printing system, printing apparatus, facsimile communication system, and facsimile apparatus according to the present invention can secure a series of printing processes such as preventing eavesdropping and impersonation, and perform user authentication using biometrics. In addition, it eliminates the hassle of management, reduces the amount of data stored in the memory, reduces manufacturing costs, and shortens the processing time. A network printing system in which data is received and printed by a printing device via a network, a printing device used in this type of system, and facsimile data from the sending device received by the receiving device via the network and output Used in a facsimile communication system and this type of system That the facsimile apparatus is useful as.

1 is a block diagram showing an example of a network printing system according to the present invention. The block diagram which shows an example when the collation data in the network printing system shown in FIG. FIG. 1 is a block diagram showing an example of how the collation data stored in the PC 1 is acquired in the network printing system shown in FIG. FIG. 2 is a block diagram showing an example of correspondence between collation data and print data in the network printing system shown in FIG. FIG. 2 is a block diagram showing an example of correspondence between collation data and print data in the network printing system shown in FIG. FIG. 2 is a block diagram showing an example of correspondence between collation data and print data in the network printing system shown in FIG. FIG. 2 is a block diagram showing an example of correspondence between collation data and print data in the network printing system shown in FIG. FIG. 6 is a block diagram showing an example when the collation data in the network printing system shown in FIG. 6 is composed of collation data of a plurality of users. FIG. 6 is a block diagram showing an example of correspondence between designation information and print data in the network printing system shown in FIG. The block diagram which shows an example of matching with the collation data and designation | designated information in the network printing system shown in FIG. The block diagram which shows an example of matching with the collation data and designation | designated information in the network printing system shown in FIG. The block diagram which shows another example of matching with the collation data and designation | designated information in the network printing system shown in FIG. The block diagram which shows an example of matching with the collation data and designation | designated information in the network printing system shown in FIG. The block diagram which shows another example of matching with the collation data and designation | designated information in the network printing system shown in FIG. The block diagram which shows an example of matching with the collation data and designation | designated information in the network printing system shown in FIG. The block diagram which shows another example of the user authentication in the network printing system shown in FIG. The block diagram which shows another example of the user authentication in the network printing system shown in FIG. The block diagram which shows another example of the user authentication in the network printing system shown in FIG. Block diagram showing an example of collation data erasure in the network printing system shown in FIG. 1 and FIG. The block diagram which shows another example of the collation data deletion in the network printing system shown in FIG. The block diagram which shows an example of the collation data deletion in the network printing system shown in FIG. FIG. 6 is a block diagram showing an example of data encryption / decryption in the network printing system shown in FIG. FIG. 7 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. FIG. 7 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. FIG. 7 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. FIG. 7 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. FIG. 7 is a block diagram showing another example of data encryption / decryption in the network printing system shown in FIG. FIG. 6 is a block diagram showing a detection method when an unauthorized operation is performed in the network printing system shown in FIG.

Explanation of symbols

1 PC (user equipment)
2 Printer (printing device)
5. Storage device (storage means)
6 User authentication part (user authentication means)
7 Key input part (designated information input means)
9 Authentication data generator (Biometrics generator for verification)
12 I / F part (interface part)
13 I / F part (interface part)
21 collation biometric data storage unit (same collation biometric designation means)
27 Data composition unit (data composition means)
32 Designation information generation unit (Biometrics specification information generation means for verification)
42 Encryption part (encryption means)
43 Encryption key receiver (encryption key exchange means)
45 digest generator (digest generator)
65 Verification biometric data transmission unit (Biometric transmission means for verification)
71 Designation information generation unit (collation biometric designation information generation means)
72 Biometrics data verification unit (Verification biometrics comparison means)
73 Hash value calculator (Biometric designation information calculation means for verification)
81 Data erasure unit (data erasure means)
82 Data erasure request part (confirmation means)
92 Decoding unit (decoding means)
94 Encryption Key Transmitter (Encryption Key Exchange Means)
97 digest generator (digest generator)
98 Encryption part (encryption means)
101 Warning email creation unit (notification means)

Claims (26)

A network printing system that receives print data from a user device via a network, prints after user authentication,
The printing apparatus includes user authentication means for verifying the identity by biometrics, and the biometric data acquired from the person who performs the output operation by the user authentication means, and the verification bio used for identifying the identity in the user authentication By comparing and comparing with the metric data, it is determined whether or not the person who performs the output operation has the right to output the print data, and when the user authentication is successful, the output of the print data is permitted. Because
The printing apparatus acquires the biometric data for verification from the user apparatus,
The network comprising: the same collation biometric designating means capable of designating the same collation biometric data to a plurality of the print data when the same user prints Printing system. The network printing system according to claim 2, wherein the collation biometric data includes a plurality of collation biometric data. The collation biometric data is generated by collation biometric data generation means of the printing apparatus, and the printing apparatus includes collation biometric data transmission means for transferring the collation biometric data to the user apparatus. 3. The network printing system according to claim 1, further comprising a network printing system. The network printing system according to any one of claims 1 to 3, wherein the user device includes a data synthesis unit that adds the biometric data for verification to the print data and transmits the data. The printing apparatus includes a biometric data comparison unit for collation for comparing two or more pieces of biometric data for collation.
When the printing device receives again the biometric data for collation determined to be the same user by the biometric data comparison unit for collation, it is associated with the previous and subsequent biometric data for collation. 5. The network printing system according to claim 1, wherein the transmitted print data is stored in association with each other. In order to specify the verification biometric data used for user authentication of the print data, the user device associates the biometric data specification information for verification specifying the biometric data for verification with the print data in association with the print data. 6. The network printing system according to claim 1, wherein the network printing system transmits to a printing apparatus. The collation biometrics data designation information designates a plurality of collation biometrics data, or the collation biometrics data designation information includes a plurality of collation biometrics data designation information. The network printing system according to claim 6. The network printing system according to any one of claims 6 to 7, wherein the user device includes data synthesizing means for adding the biometric data specification information for verification to the print data and transmitting the print data. The printing apparatus includes collation biometrics data designation information generating means for generating the collation biometric data designation information or acquiring it from others, and using this means, the collation biometric data designation information is obtained. Generating or acquiring it from another, storing it in association with the collation biometric data received from the user device, and notifying the user device of the collation biometric data designation information. The network printing system according to any one of claims 6 to 8. The printing apparatus includes a biometric data comparison unit for collation for comparing two or more pieces of biometric data for collation.
When the printing device receives again the biometric data for collation determined to be the same user by the biometric data comparison unit for collation, the biometric data for collation stored previously is collated. The network printing system according to claim 9, wherein the metric data designation information is notified as the collation biometric data designation information of the collation biometric data received next. The user device includes a biometric data specification information generation unit for verification, and biometrics data specification information for verification is generated by the biometric data specification information generation unit for verification,
Corresponding to the biometric data for verification, the printing device notifies the biometric data specification information for verification to the printing device, so that the printing device has the biometric data for verification and the biometric data specification information for verification. The network printing system according to claim 6, wherein the network printing system is stored in association with each other. When the printing device receives the collation biometric data designation information that is not associated with any collation biometric data from the user device, it newly issues collation biometric data to the user device. 12. The network printing system according to claim 11, wherein the network printing system is requested to do so. The collation biometrics data designation information is calculated from the collation biometrics data, and at least the printing apparatus includes collation biometrics data designation information calculation means for performing the calculation. The network printing system according to any one of claims 6 to 12. The printing apparatus acquires the biometric data from a person who performs an output operation with the user authentication unit, searches the storage unit for biometric data determined to be the same user as the biometric, and the biometrics 14. The network printing system according to claim 1, wherein output of data or print data associated with the collation biometric data designation information is permitted. There is print data designation information for designating the print data,
The printing apparatus includes a designation information input unit for causing the print data designation information to be designated. When a person who performs an output operation designates the print data designation information, the print data designation information is designated. 15. The network printing system according to claim 1, wherein the collation biometric data associated with the print data to be processed is processed as collation biometric data for comparison and collation. The printing apparatus includes designation information input means for designating collation biometric data designation information. When a person who performs an output operation designates the collation biometric data designation information, the collation biometric data designation information is designated. The network printing system according to any one of claims 6 to 15, wherein the biometric data for verification specified by the biometric data specification information for processing is processed as biometric data for verification for comparison and verification. The printing apparatus is configured to request the print data, the collation biometric data, the collation biometric data designation information, or the print data designation information from a predetermined operation, the user apparatus, or a predetermined condition is satisfied. 17. The network printing system according to claim 1, further comprising erasing means for erasing in response. When all the print data of the same user is deleted from the storage unit of the printing apparatus, the biometric data for collation associated with the print data, the biometric data designation information for collation, or the print data designation 18. The network printing system according to claim 1, further comprising an erasing unit for erasing information. Whether the printing apparatus erases the print data, the collation biometric data, the collation biometric data designation information, or the print data designation information with respect to the user apparatus. 19. The network printing system according to claim 1, further comprising confirmation means for making an inquiry. The user apparatus includes an encryption unit that encrypts a part or all of transmission data and transmits the encrypted data to the printing apparatus, and the printing apparatus includes a decryption unit that decrypts the encrypted data. The network printing system according to claim 1, wherein: 21. The network printing system according to claim 20, further comprising: an encryption key exchanging unit that exchanges an encryption key secretly through the network between the user apparatus and the printing apparatus. The printing apparatus includes interface means for transferring data to and from a portable object possessed by a user and holding a decryption key used for the decryption, and the user uses the interface means to transfer the portable object to the printing apparatus. The network printing system according to any one of Claims 20 to 21, wherein when the connection is made, the decryption key of the portable object is used to decrypt at least one of the portable object and the printing apparatus. The printing apparatus includes an encryption unit that encrypts a part or all of the received print data or the print data that has been processed using the user's personal encryption key. The printing apparatus includes interface means for transferring data to and from a portable object that is held by a user and that holds a decryption key used for the decryption.
When the user connects the portable object to the printing apparatus using the interface unit, the decryption key of the portable object is used to decrypt at least one of the portable object and the printing apparatus. The network printing system according to any one of claims 20 to 22. The network printing system according to any one of claims 20 to 23, wherein when the print data to be printed out is selected by the printing apparatus, the decoding process is started even before authentication. The user apparatus and the printing apparatus include a digest generation unit, and the user apparatus generates a digest value from a part or all of the data transmitted to the printing apparatus by the digest generation unit, and uses the digest value to generate the digest value. To
The printing apparatus generates a digest value for the same data as the user apparatus performed by the digest generation unit, compares the digest value with the digest value received from the user apparatus, and if they do not match, 25. The network printing system according to claim 1, wherein output of print data is not permitted. 26. The printing apparatus according to any one of claims 1 to 25, further comprising a notification unit that notifies a predetermined notification destination when there is an invalid access to the printing apparatus, or a log storage unit that stores this as a log. Network printing system.

Images