JP2008226033A - Printing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve the user-friendliness by allowing even an information processor such as a client PC that is not usually allowed to perform printing to perform printing when there is no problem in security. <P>SOLUTION: The printing system 100 includes: a printer 112a; a first information processor 111a for instructing the printer 112a to perform printing; and a second information processor 125 for determining whether to allow the printing, wherein the first information processor 111a includes a print request transmitting means for transmitting to the second information processor 125 print target data and printer identification information for specifying the printer 112a to be an output destination, and the second information processor 125 includes a print request receiving means for receiving from the first information processor 111a the print target data and the printer identification information, and a printing permission/inhibition determining means for determining whether to allow the printer corresponding to the printer identification information to perform printing. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a printing system including a printing apparatus (for example, a printer) and an information processing apparatus (for example, a client PC) that instructs printing on the printing apparatus.

  In recent years, due to an increase in security awareness, countermeasures against data leakage from client PCs used by general users are required. This tendency also applies to printing, which is a type of data output, and certain documents such as confidential documents and confidential documents tend to impose certain restrictions on printing.

As a technique for imposing such restrictions, for example, Japanese Patent Application Laid-Open No. 2002-259108 discloses a printing system including a document server, a printer, and a user client connected via a network, and the document server is a printer that is an output destination. There has been disclosed a printing system that prevents output to an unqualified printer by confirming that the printer is a secure printer by authentication based on a public key certificate and collation with a list of secure printers.
JP 2002-259108 A

  However, if such restrictions are applied uniformly, for example, it will not be possible to print even documents with no security problems, and the types and functions of printers that can be printed will be greatly restricted. Will significantly reduce the convenience.

  The present invention has been made in view of the above points, and it is an object of the present invention to enable printing even from an information processing apparatus such as a client PC that is not normally permitted to print if there is no security problem. To do.

  In the present invention, the first information processing apparatus that instructs printing on the printing apparatus determines whether the printing is permitted based on the print target data and the printing apparatus identification information that specifies the printing apparatus that is the output destination. Usually, the second information processing apparatus determines whether to permit the printing target data to be printed by the printing apparatus corresponding to the printing apparatus identification information. Even from the first information processing apparatus that is not permitted to print, if there is no security problem, printing can be performed, and the convenience for the user can be improved.

That is, according to the present invention,
A printing system comprising: a printing apparatus; a first information processing apparatus that instructs printing on the printing apparatus; and a second information processing apparatus that determines whether the printing is permitted or not.
The first information processing apparatus includes:
Print request transmitting means for transmitting to the second information processing apparatus, print target data and printing apparatus identification information for specifying a printing apparatus as an output destination;
The second information processing apparatus
Print request receiving means for receiving the print target data and the printing apparatus identification information from the first information processing apparatus;
There is provided a printing system comprising: a printing permission / rejection determining unit that determines whether to allow the printing target data to be printed by a printing device corresponding to the printing device identification information.

The printing system further includes a third information processing device that generates print data interpretable by the printing device from the print target data,
The second information processing apparatus
Print object data transmission means for transmitting the print object data to the third information processing apparatus when printing is permitted by the print permission determination means;
Print data receiving means for receiving the print data from the third information processing apparatus;
Print data transmission means for transmitting the print data to the first information processing apparatus,
The third information processing apparatus includes:
Data receiving means for receiving the print target data from the second information processing apparatus;
Print data generation means for generating the print data from the print target data;
A data transmission unit configured to transmit the print data generated by the print data generation unit to the second information processing apparatus;

The second information processing apparatus includes:
Print data generating means for generating, from the print target data, print data that can be interpreted by the printing device when printing is permitted by the print permission determination means;
The apparatus may further include a print data transmission unit that transmits the print data generated by the print data generation unit to the first information processing apparatus.

The first information processing apparatus includes:
Print data receiving means for receiving the print data from the second information processing apparatus;
Print data transmission means for transmitting the print data received by the print data reception means to a printing apparatus as an output destination can be further provided.

The first information processing apparatus includes:
A printing apparatus authentication unit that authenticates the printing apparatus before transmitting the print data to the printing apparatus may be further provided.

The second information processing apparatus includes:
Printing device information acquisition means for acquiring printing device information from a printing device corresponding to the printing device identification information;
Security level determination means for determining a security level of the print target data;
The printing permission determination unit can determine whether to permit printing based on the printing device information acquired by the printing device information acquisition unit and the security level determined by the security level determination unit. .

  Further, the printing apparatus information is information relating to a security function that can be provided by the printing apparatus, for example.

The second information processing apparatus includes:
The information processing apparatus may further include an inquiry unit that inquires of the person who is responsible for determining whether to permit printing whether or not the printing target data is permitted to be printed by a printing apparatus corresponding to the printing apparatus identification information.

Further, the printing permission / inhibition judging means includes
The print target data is analyzed, the occurrence frequency of keywords included in the print target data is totaled, a risk value is calculated from the total result, and printing is performed depending on whether the calculated risk value exceeds a threshold value. It is possible to determine whether or not to permit.

The print data generation means includes
Print data that defines an image to be printed and a print job ticket that controls the operation of the printer can be generated separately.

The first information processing apparatus includes:
The image forming apparatus may further include a printing condition changing unit that changes a printing condition designated as changeable in the print job ticket.

The first information processing apparatus includes:
Receiving a printing apparatus information acquisition request from the second information processing apparatus and transmitting it to the printing apparatus; and receiving a response to the printing apparatus information acquisition request from the printing apparatus; Communication relay means for transmitting to the processing device can be further provided.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. However, the present invention is not limited to the embodiments described below.

  FIG. 1 is a diagram illustrating a configuration example of a printing system according to an embodiment of the present invention.

  As shown in FIG. 1, the printing system 100 includes a first network system 110 and a second network system 120. The first network system 110 and the second network system 120 are the Internet. 130 is connected.

  The first network system 110 includes one or more client PCs 111 (two client PCs 111a and 111b in the example of FIG. 1) and one or more printers 112 (two printers 112a, in the example of FIG. 1). 112b) and a router 113. The client PC 111, the printer 112, and the router 113 are each connected to a network 119 such as a LAN, and the router 113 is also connected to the Internet 130. The system configuration of the first network system 110 is the same as the system configuration adopted in, for example, a home LAN of each home or a street wireless LAN spot that provides Internet access. When using a wireless LAN, the client PC 111 is connected to the network 119 via an access point (not shown) connected to the network 119.

  The client PC 111 is an information processing apparatus that is used by a user to create a document to be printed by the printer 112 and to instruct printing of the created document. The client PC 111 is configured by, for example, a personal computer or other computer, and includes a central processing unit (CPU), a memory (ROM and RAM), an external storage device (for example, a hard disk device and an optical disk device), and various interface units (for example, a network interface). Part), a display device (for example, a CRT display or a liquid crystal display), an input device (for example, a keyboard or a mouse) and the like.

  The printer 112 is a printing apparatus that receives print data sent via the network 119 and performs output on the paper according to the received print data. The printer 112 includes, for example, an electrophotographic or inkjet print engine, a CPU, a ROM, a RAM, a non-volatile memory (for example, NVRAM), and various interface units (for example, an NVRAM), as in a normal network-compatible printer or multifunction device. Network interface unit).

  The router 113 is a communication device that connects the network 119 and the Internet 130 and relays packets between the network 119 and the Internet 130. Here, it is assumed that the router 113 has a firewall function for preventing unauthorized access from the Internet 130.

  The second network system 120 includes a plurality of client PCs 121 (two client PCs 121a and 121b in the example of FIG. 1), a plurality of printers 122 (two printers 122a and 122b in the example of FIG. 1), A router 123, a thin client server 124, a print permission / rejection determination server 125, and a print data generation server 126 are provided. The client PC 121, printer 122, router 123, thin client server 124, print permission / rejection determination server 125, and print data generation server 126 are each connected to a network 129 such as a LAN. The router 123 is also connected to the Internet 130. It is connected. The system configuration of the second network system 120 is the same as the system configuration adopted in an organization such as a company, for example.

  The client PC 121 is an information processing apparatus that is used by the user to create a document to be printed by the printer 122 and to instruct the printing of the created document. The client PC 121 includes, for example, a personal computer or other computer, and includes a CPU, a memory (ROM and RAM), various interface units (for example, a network interface unit), a display device (for example, a CRT display and a liquid crystal display), and an input device ( For example, a keyboard and a mouse) are provided. Here, for example, the client PC 121 operates as a thin client that remotely operates application software running on the thin client server 124, and displays screen information transmitted from the thin client server 124. It is assumed that input information from a user using a keyboard or mouse is transmitted to the thin client server 124.

  The printer 122 is a printing apparatus that receives print data sent via the network 129 and performs output on the paper according to the received print data. The printer 122 includes, for example, an electrophotographic or inkjet print engine, a CPU, a ROM, a RAM, a non-volatile memory (for example, NVRAM), and various interface units (for example, an NVRAM), as in a normal network-compatible printer or multifunction device. Network interface unit).

  The router 123 is a communication device that connects the network 129 and the Internet 130 and relays packets between the network 129 and the Internet 130. Here, the router 123 also has a firewall function for preventing unauthorized access from the Internet 130 and a VPN (Virtual Private Network) gateway function for constructing a virtual private network on the Internet 130. It shall be.

  The thin client server 124 is an information processing apparatus that provides functions necessary for the client PC 121 to operate as a thin client. For example, the thin client server 124 operates application software started by each client PC 121, notifies input information transmitted from each client PC 121 to the corresponding application software, and screen information generated by each application software. Is transmitted to the corresponding client PC 121.

  The print permission / rejection determination server 125 is an information processing apparatus that determines whether or not to allow a print request received via the network 129. For example, the print permission determination server 125 receives a print request transmitted by the client PC 111 of the first network system 110 via the network 119, the Internet 130, and the network 129, and determines whether or not to permit the print request. to decide. If the print permission determination server 125 permits the print request, it notifies the print data generation server 126 of the print target data and the print conditions included in the print request, and instructs generation of print data and the like.

  The print data generation server 126 generates print data that can be interpreted by a printer as an output destination from print target data received via the network 129. The print data generation server 126 also generates a print job ticket from the print conditions received via the network 129. When the print data generation server 126 completes the generation of the print data and the print job ticket, the print data generation server 126 transmits the generated print data and the print job ticket to the print permission determination server 125.

  The thin client server 124, the print permission / rejection determination server 125, and the print data generation server 126 are each configured by a normal server computer or other computer, such as a central processing unit (CPU), memory (ROM or RAM), external A storage device (for example, a hard disk device or an optical disk device), various interface units (for example, a network interface unit), a display device (for example, a CRT display or a liquid crystal display), an input device (for example, a keyboard or a mouse), and the like are provided.

  In the second network system 120, in order to ensure strong security, all client PCs connected to the network 129 that is an in-house network are registered in advance, and unregistered client PCs cannot be connected. It is assumed that it is set as follows. Further, it is assumed that an available printer is designated for each user and each client PC. That is, for example, in the client PC 121a, the IT administrator sets in advance so that printing can be performed only by the printer 122a. All client PCs 121 operate as thin clients, and all data used by the user and other PC environments are stored in the thin client server 124. In this case, all the data and environment used by the user are stored in the thin client server 124 and are not left in the client PC 121. Therefore, even if the client PC 121 is lost, it does not lead to security leakage.

  When a user of an organization that has performed such operations takes the client PC 121 outside the organization (for example, at home or away from home) and uses the client PC 121 outside the organization, first, for example, at home or away from home. It is necessary to connect to the network 119 of the first network system 110, which is an available network, and to connect to the thin client server 124 in the organization via the Internet 130. Similarly, when browsing document data (for example, document data stored in a document server connected to the network 129) existing in the organization using the client PC 111 outside the organization, the Internet is similarly used. It is necessary to connect to the network 129 of the second network system 120 via 130. At this time, the VPN technology is used as a technology for connecting to the network 129 via the Internet 130. By using the VPN technology, the client PC 111 connected to the network 119 can connect to the network 129 via the Internet 130 as if connected to the network 129 via a dedicated line. .

  However, if a printer that can be used for each user or client PC is specified, the same restriction is imposed when using the client PC outside the organization, and it is close to the user at home or away from home. The printer installed in the printer cannot print. However, depending on the document to be printed, etc., there may be no security problem even if printing with a printer existing outside the organization is allowed. Therefore, in the present embodiment, the print permission / rejection determination server 125 determines whether or not to permit printing for each print request, and permits printing when there is no security problem.

  In the following, a client PC 111 connected to the network 119 of the first network system 110 connects to the network 129 of the second network system 120 via the Internet 130 and browses document data existing in the organization. A case will be described in which the document data is printed on the printer 112 connected to the network 119, which is originally not allowed to be printed.

  First, the functional configuration of the client PC 111 will be described.

FIG. 2 is a diagram illustrating an embodiment of the functional configuration of the client PC 111. As illustrated in FIG. 2, the client PC 111 includes a print request transmission unit 210, a print data reception unit 220, a print condition change unit 230, and a print. A data transmission unit 240, a printer authentication unit 250, and a communication relay unit 260 are provided.

  When the user is instructed to print the document data, the print request transmission unit 210 includes the document data itself that is the print target data, the identification information of the printer 112 that is the output destination, and other necessary information. A print request is transmitted to request a print permission / rejection determination.

  The print data receiving unit 220 receives print data and a print job ticket sent from the print permission / rejection determination server 125 when printing is permitted by the print permission / rejection determination server 125.

  The print condition changing unit 230 inquires of the user whether or not the print conditions set to be changeable in the print job ticket are necessary, and makes necessary changes.

  The print data transmission unit 240 transmits the print data and the print conditions to which necessary changes have been made to the printer 112 serving as an output destination.

  The printer authentication unit 250 authenticates the printer 112 as an output destination before sending print data or the like to the printer 112.

  The communication relay unit 260 relays communication between the print permission determination server 125 and the printer 112 when the print permission determination server 125 communicates with the printer 112. That is, the communication relay unit 260 receives the printer information inquiry message for the printer 112 transmitted from the print permission / rejection determination server 125 and transmits it to the printer 112, and sends a response message to the inquiry message from the printer 112. Received and sent to the print permission / rejection determination server 125. In the present embodiment, the communication relay unit 260 relays the communication between the print permission / rejection determination server 125 and the printer 112, so that the print permission / rejection determination server 125 can change depending on the configuration state of the firewall or VPN system in the middle of the network. Even when the direct communication via the network is not possible, the print permission determination server 125 can acquire the information of the printer 112.

  Next, the functional configuration of the print permission / rejection determination server 125 will be described.

  FIG. 3 is a diagram illustrating an embodiment of a functional configuration of the print permission / rejection determination server 125.

  As shown in FIG. 3, the print permission / rejection determination server 125 includes a print request reception unit 310, a security level determination unit 320, a printer information acquisition unit 330, a print permission / rejection determination unit 340, an operation control table 350, and a print target. A data transmission unit 360, a print data reception unit 370, and a print data transmission unit 380 are provided.

  The print request receiving unit 310 receives a print request sent from the client PC 111. The received print request includes data to be printed, identification information of the printer 112 serving as an output destination, and the like.

  The security level determination unit 320 determines the security level of the print target data included in the print request. For example, the security level determination unit 320 checks the attribute information of the print target data to determine the security level of the print target data.

  The printer information acquisition unit 330 acquires the security function information of the printer 112 and other information from the printer 112 designated as the output destination in the print request. The printer information acquisition unit, for example, the printer public key certificate, the time server information used by the printer, the communication encryption method supported by the printer, and the presence or absence of the security watermark function Information, information on the presence or absence of a password printing function, information on the printer model name and optional configuration (additional hard disk drive, paper feed tray, paper output tray, etc.), etc. are acquired.

  By acquiring such printer information, it is possible to determine the reliability of the printer that is the output destination. For example, if the public key certificate acquired from the printer is issued by a trusted root certificate authority, it can be determined that the reliability of the printer is high, and the time server used by the printer can be trusted. If so, it can be determined that the reliability of the printer is high. If the printer supports a strong encryption method, it can be determined that the security level is high. If the printer has a security watermark function and a password printing function, it can be determined that the security level is high accordingly. The security watermark function is a technology that enables identification of a printed product by printing a pattern that cannot be identified by human eyes but mechanically identifiable together with the original print result. The password printing function is a function for starting printing after confirming that the user has input a password via the printer operation panel or the like without printing immediately after receiving print data. .

  The print permission / rejection determination unit 340 determines whether to permit printing according to the security level of the print target data determined by the security level determination unit 320 and the printer information acquired by the printer information acquisition unit 330. . The print permission / rejection determination unit 340 refers to the operation control table 350 and determines whether to permit printing.

  The operation control table 350 is a table in which data for controlling the operation of the print permission / rejection determination server 125 is stored. The operation control table 350 is data used for determining whether or not to permit printing, and printing that allows setting changes after printing is permitted. Data about conditions and data indicating whether to save print target data and print data are stored. Each data stored in the operation control table 350 is set in advance by an administrator or the like. Details of the operation control table 350 will be described later.

  When printing is permitted by the print permission determination unit 340, the print target data transmission unit 360 transmits the print target data, print conditions, and the like to the print data generation server 126, and instructs generation of print data and a print job ticket. To do. The print target data transmission unit 360 also saves print target data and the like as necessary.

  The print data receiving unit 370 receives the print data and the print job ticket generated by the print data generation server 126, and stores the received print data and the like as necessary.

  The print data transmission unit 380 transmits the print data and print job ticket received from the print data generation server 126 to the client PC 111.

  FIG. 4 is a diagram illustrating an embodiment of the operation control table 350.

  As shown in FIG. 4, the operation control table 350 includes a “document security level” field 401, a “printer installation location” field 402, a “required printer security function” field 403, a “variable printing condition” field 404, A “document data storage” field 405 and a “print data storage” field 405 are provided.

  The “document security level” field 401 is an area for storing a security level set for each document data. In the example shown in FIG. 4, six types of security levels (that is, “not applicable”) are shown. , “Public”, “unknown”, “confidential”, “secret”, “top secret”).

  A “printer installation location” field 402 is an area in which a value indicating a location where a printer as an output destination is installed is stored. In the example illustrated in FIG. Values (ie, “internal” and “external”) are stored.

  An “essential printer security function” field 403 is an area in which information indicating a required printer security function is stored for each combination of the document security level and the printer installation location. If the printer 112 as the output destination has the security function specified in the field 403, the print permission / rejection determination unit 340 determines that necessary security can be ensured and permits printing.

  The “variable printing condition” field 404 is an area in which a printing condition for permitting a user to change after a printing permission is given. In the field 404, for each combination of the document security level and the printer installation location, a printing condition (and a range of setting values as necessary) that does not cause a security problem even if the user is allowed to change is designated.

  The “document data storage” field 405 is an area in which it is designated whether or not the document data included in the print request needs to be stored. The print permission determination server 125 refers to the field 405 and reads the document data. If it is specified that the storage of the document is necessary, the document data is stored.

  The “print data storage” field 406 is an area in which it is specified whether or not the print data generated by the print data generation server 126 needs to be stored. The print permission determination server 125 refers to the field 406. If it is specified that the print data needs to be saved, the print data is saved.

  Next, the functional configuration of the print data generation server 126 will be described.

  FIG. 5 is a diagram illustrating an embodiment of a functional configuration of the print data generation server 126.

  As illustrated in FIG. 5, the print data generation server 126 includes a data reception unit 510, a print data generation unit 520, and a data transmission unit 530.

  The data receiving unit 510 receives print target data, print conditions, and the like transmitted from the print permission / rejection determination server 125 via the network 129.

  The print data generation unit 520 generates print data and a print job ticket from the print target data and the print conditions received by the data reception unit 510. That is, the print target data is converted into print data that can be interpreted by the printer 112 serving as an output destination, and a print job ticket is generated from the print conditions and the like. The print data is data that defines an image (image) that is described in a printer control language such as Postscript (registered trademark) or PCL and that is output to a print medium such as paper. The print job ticket is data including information for controlling the operation of the printer. For example, the print job ticket includes information regarding printing conditions and information regarding a printer serving as an output destination.

  The data transmission unit 530 transmits the print data and the print job ticket generated by the print data generation unit 520 to the print permission determination server 125 via the network 129.

  FIG. 6 is a diagram illustrating an example of a print job ticket generated by the print data generation server 126.

  As shown in FIG. 6, the print job ticket 600 includes a printer identification information section 610 and a print condition section 620.

The printer identification information section 610 includes <Printer
ID> and </ Printer ID>, which includes information relating to the printer identification method. In the print job ticket 600 shown in FIG. 6, it is specified that the printer identification method is a serial number (model_and_serial).

  The print condition section 620 is a portion sandwiched between <PrintJobInstructions> and </ PrintJobInstructions> and includes information related to the print conditions. In the print job ticket 600 shown in FIG. 6, four types of printing conditions (Copies), duplex setting (Duplex), post-processing (Finishing), and watermark printing (Watermark) are designated as printing conditions.

  As shown in FIG. 6, the print condition section 620 of the print job ticket 600 includes a variable print condition section 621. The variable printing condition section 621 is a portion sandwiched between <Changeables> and </ Changeables>, and is a portion in which changeable printing conditions are designated. That is, each changeable printing condition is specified in each part sandwiched between <Changeable> and </ Changeable>. In the example shown in FIG. 6, the number of copies (Copies) and post-processing (Finishing) are specified as changeable printing conditions. Further, regarding the number of copies to be printed, a changeable range, that is, a lower limit (Minimum) and an upper limit (Maximum) are also specified.

  Next, the functional configuration of the printer 112 will be described.

  FIG. 7 is a diagram illustrating an embodiment of a functional configuration of the printer 112.

  As shown in FIG. 7, the printer 112 includes a data reception unit 710, a print control unit 720, a print processing unit 730, and a printer information transmission unit 740.

  The data receiving unit 710 receives print data, a print condition instruction command, and the like via the network 119.

  The print control unit 720 controls print output according to the print data received by the data receiving unit 710. For example, the print control unit 720 includes a time information acquisition unit 721 that acquires the current accurate time from a time server on the Internet 130, and is notified together with the time information acquired by the time information acquisition unit 721 and the print data. The printable time range information is compared, and if the current time is within the printable time range, the print processing unit 730 is instructed to print out. On the other hand, if the current time is not within the printable time range, no print output is instructed. By performing such processing, it is possible to prevent the same job from being printed later by copying a print request for which printing permission has been issued once.

  The print control unit 720 includes a hash value calculation unit 722 that calculates and stores a hash value of print data or the like, for example, and hashes calculated by the hash value calculation unit 722 from newly received print data or the like. The value may be compared with a hash value that has been calculated and stored before and the print processing unit 730 may be instructed to perform print output only when they do not match. By performing such processing, the same print request can be printed only once. Therefore, it is possible to copy the print request for which the print permission has been issued once and prevent the same print request from being printed multiple times. It becomes possible.

  The print processing unit 730 performs print output according to the print data received by the data receiving unit 710 on the paper.

  When the printer information transmission unit 740 receives a printer information inquiry from the print permission / rejection determination server 125 via the client PC 111, in response to the inquiry, the printer information transmission unit 740 sends information related to the security function included in the printer information transmission unit 740 via the client PC 111. Thus, the print permission / rejection determination server 125 is notified.

  Next, the operation of the printing system 100 having the above configuration will be described. First, the operation of the client PC 111 will be described.

  8 and 9 are flowcharts for explaining the operation of the client PC 111.

  When a user who uses the client PC 111 selects a document to be printed (print target data) and a printer as an output destination, and issues an instruction to execute printing, the client PC 111 first, as shown in FIG. In step S801, communication with the printer 112 designated as the output destination is established, and a communication port identifier used for communication with the printer 112 is acquired. The communication port identifier is subsequently used as identification information for the printer 112 that is the output destination.

  In step S <b> 802, the client PC 111 transmits document data to be printed, a communication port identifier, and the like to the print permission determination server 125 to request print permission. Upon receiving the document data or the like, the print permission / refusal determination server 125 starts determining whether or not to permit printing of the document data.

  In step S803, the client PC 111 relays communication between the print permission / rejection determination server 125 and the printer 112 serving as an output destination. That is, when a printer information acquisition request for requesting printer information necessary for determining whether or not to permit printing is received from the print permission determination server 125, the received printer information acquisition request is transmitted to the printer. When a response to the printer information acquisition request is received from the printer 112, the response is transmitted to the print permission determination server 125.

  In step S <b> 804, the client PC 111 determines whether printing is permitted by the printing permission determination server 125. As a result, if printing is not permitted by the printing permission / refusal determination server 125 (S804: No), in step S815, the user is notified appropriately that printing is not permitted, and the process is terminated.

  On the other hand, if printing is permitted by the print permission determination server 125 (S804: Yes), the client PC 111 receives print data and a print job ticket from the print permission determination server 125 in step S805. Next, in step S806, the client PC 111 authenticates the printer that is the output destination. That is, it is confirmed whether or not the printer that is going to perform printing is the same as the printer that has obtained printing permission. Details of the authentication process of the printer will be described later.

  Next, in step S807, the client PC 111 determines whether or not the printer authentication is successful, and the printer authentication fails. That is, if the printer that is about to perform printing does not match the printer that has obtained the print permission. In step S815, the user is notified appropriately that printing is not permitted, and the process ends.

  On the other hand, if the authentication of the printer is successful, that is, if it can be confirmed that the printer that is going to perform printing is a printer that has obtained printing permission (S807: Yes), then, as shown in FIG. In step S808, the user is inquired whether the printing conditions need to be changed. That is, the client PC 111 analyzes the print job ticket, extracts the print conditions set in the print job ticket, and includes a user interface (UI) screen for confirming and changing each print condition. To display. At this time, the printing conditions designated as changeable in the print job ticket are displayed on the UI screen in such a manner that they can be changed as necessary. For example, an appropriate UI component (for example, a check box, a radio button, a list box, etc.) for setting printing conditions is displayed. At this time, if a selectable value is specified in the print job ticket, options corresponding to the specification of the print job ticket are displayed. On the other hand, printing conditions that are not designated as changeable are displayed on the UI screen in a manner that allows the user to know that they cannot be changed (for example, gray-out display). Through the UI screen for confirming / changing the printing condition displayed in this way, the user changes the setting of the printing condition as necessary. In this way, the user can change settings only for those specified as print conditions that can be changed in the print job ticket (only within the specified range if the range is also specified). By doing so, it becomes possible to allow a change in printing conditions immediately before printing within a range that does not cause a security problem, and it is possible to improve user convenience while ensuring necessary security.

  As a result of the inquiry in step S808, if it is necessary to change the printing condition (S808: Yes), the printing condition is changed in accordance with an instruction from the user in step S809. Then, after the printing condition is changed as necessary, the printing condition is converted into a printing condition designation command in step S810.

  In step S811, the client PC 111 transmits a print condition designation command and print data to the printer 112 serving as an output destination. At this time, if encrypted communication is designated as the communication method with the printer 112, the client PC 111 performs communication using the encrypted communication method. The printer 112 that has received the print condition designation command and the print data performs an output corresponding to the received print condition designation command and the print data on a print medium such as paper.

  Next, in step S812, the client PC 111 determines whether or not it is notified that the print result corresponding to the print data transmitted to the printer 112 has been collected by the user. When the user collects the printed product after the printing process in the printer 112 is completed, the user notifies the client PC 111 that the collection has been successful via the UI screen displayed on the display device of the client PC 111. As a result of the determination in step S812, if the client PC 111 receives a notification that the collection is successful (S812: Yes), the client PC 111 notifies the print permission / rejection determination server 125 of the successful printing result collection in step S813. Exit. On the other hand, as a result of the determination in step S812, if the user has notified that the printed product cannot be collected or has not made a collection report within a predetermined time (S812: No), the client In step S814, the PC 111 notifies the print permission / rejection determination server 125 of the print result collection failure, and ends the process. Upon receiving the notification, the print permission / refusal determination server 125 records the print result collection failure as a security risk.

  Next, details of the printer authentication process will be described.

  FIG. 10 is a flowchart for explaining printer authentication processing.

  First, the client PC 111 confirms the printer identification method specified in the print job ticket. That is, as shown in FIG. 10, first, in step S1001, it is determined whether or not the printer identification method is based on a serial number. If the method is not based on a serial number (S1001: No), further, in step S1002. It is determined whether the certificate is based on a public key certificate. As a result, if no printer identification method is specified in the print job ticket (S1002: No), it is determined in step S1009 that the printer authentication has failed, and the process ends.

  On the other hand, if the print job ticket specifies that the printer identification method is a serial number (S1001: Yes), the serial number is acquired from the printer 112 in step S1003. For example, in the print job ticket 600 shown in FIG. 6, it is specified that the serial number is used as the printer identification method. In this case, the printer 112 is inquired about the serial number of the printer 112. In response to the inquiry, the printer 112 notifies the client PC 111 of its own serial number.

  When the client PC 111 acquires the serial number from the printer 112, in step S1004, the client PC 111 compares the acquired serial number with the serial number specified in the print job ticket, and determines whether or not they match. . If they are different as a result of the comparison (S1004: No), it is determined in step S1009 that the printer authentication has failed, and the process is terminated.

  On the other hand, as a result of the comparison in step S1004, if the serial numbers match (S1004: Yes), it is determined in step S1005 that the printer has been successfully authenticated, and the process ends.

  If it is determined in step S1002 that the print job ticket specifies that the printer identification method is a public key certificate (S1002: Yes), the public key certificate is received from the printer 112 in step S1006. get. In step S1007, it is checked whether the acquired public key certificate is valid. That is, a digest (hash value) of the public key certificate is generated, the electronic signature of the public key certificate is decrypted with the issuer's public key, and it is checked whether or not the decryption result matches the digest. As a result, if the public key certificate is valid (S1007: Yes), it is determined in step S1008 that the printer has been successfully authenticated, and the process ends. On the other hand, if the public key certificate is not valid (S1007: No), it is determined in step S1009 that the authentication of the printer 112 has failed, and the process is terminated.

  As described above, printer authentication processing is performed.

  By authenticating the printer in this way, it is possible to perform printing only with a printer that is permitted to print (the same printer as when printing is permitted). It is possible to prevent fraudulent acts such as printing with a low-level printer.

  Next, the operation of the print permission determination server 125 will be described.

  FIGS. 11 and 12 are flowcharts for explaining the operation of the print permission / rejection determination server 125.

  As shown in FIG. 11, when the print permission / rejection determination server 125 first receives a print request from the client PC 111, in step S1101, the document name of the document data included in the print request and the communication port identifier with the printer are displayed. Etc. are extracted and stored in the print log.

  Next, in step S1102, the print permission / refusal determination server 125 determines the security level of the document data. The security level is information included in the document data as an attribute of the document data, and is appropriately set when the document data is created by word processor software or registered in the document management database, for example.

  Next, in step S1103, the print permission / rejection determination server 125 acquires the security function information of the printer 112 that is the output destination and other information related to the printer from the printer 112 that is the output destination. For example, the printer public key certificate, information on the time server used by the printer, information on the communication encryption method supported by the printer, information on the presence or absence of the security watermark function and password printing function, the printer model Get information about name and optional configuration (extended hard disk drive, paper feed tray, paper output tray, etc.). The printer information is acquired via the client PC 111 (communication relay unit 260) as described above. Also, if the print permission / rejection determination server 125 cannot communicate with the printer 112, the print permission / rejection determination server 125 determines that the security function information of the printer 112 cannot be acquired and determines that there is no security function.

  Next, in step S1104, the print permission / rejection determination server 125 uses the security level of the document data determined in step S1102 and the printer information acquired in step S1103 to determine whether or not minimum security can be ensured. to decide. In other words, the print permission / refusal determination server 125 refers to the operation control table 350 and determines whether or not the printer 112 as the output destination has a security function required depending on the security level of the document and the installation location of the printer. Determine whether.

  As a result of the determination, if the printer 112 does not have a security function required depending on the security level of the document and the installation location of the printer (S1104: No), the print permission / rejection determination server 125 permits the printing. In step S1105, the client PC 111 is notified of the fact that the print request has been rejected and the reason thereof, and is recorded in the print log, and the process ends.

  On the other hand, when the printer 112 has a security function required according to the security level of the document to be printed and the installation location of the printer (S1104: Yes), the print permission / rejection determination server 125 further performs step S1106. Then, it is determined whether or not the document to be printed can be printed (printability). In the present embodiment, one of three methods is used as a method for determining whether printing is possible. That is, either (i) automatic determination, (ii) other person (boss) determination, or (iii) self-determination. Details of each determination method will be described later. Which of the three types of determination methods is used is set in advance according to the mounting conditions, for example.

  Next, in step S1107, the print permission / refusal determination server 125 determines whether it is determined that printing is possible as a result of the determination in step S1106. As a result, if it is determined that printing is not possible (S1107: No), in step S1105, the fact that the print request has been rejected and the reason thereof are notified to the client PC 111 and recorded in the print log for processing. finish.

  On the other hand, if it is determined that printing is possible as a result of the determination in step S1107 (S1107: Yes), the print permission / rejection determination server 125 confirms the necessity of document data storage in step S1108. Whether or not the document data needs to be stored is specified in the operation control table 350 as described above. If it is specified in the operation control table 350 that the document data needs to be stored (S1108: Yes), the print permission / rejection determination server 125 sets the document data together with the printer information in step S1109. Save using the save method. When the storage of the document data is completed as necessary, next, as shown in FIG. 12, in step S1110, the document data, the printing conditions, and the printer identification information are sent to the print data generation server 126, and the print job ticket and the print data are sent. Is generated to the print data generation server 126. The print data generation server 126 that has received the request generates a print job ticket and print data from the data received from the print permission determination server 125 and sends it back to the print permission determination server 125.

  When receiving the print job ticket and the print data generated by the print data generation server 126, the print permission / rejection determination server 125 confirms the necessity of storing the print data in step S1111. Whether the print data needs to be stored is also set in the operation control table 350 as described above. Therefore, the print permission determination server 125 needs to store the print data by referring to the operation control table 350. Check sex. As a result, if it is necessary to save the print data (S1111: Yes), the print data is saved together with the printer information by a preset save method in step S1112. When the storage of the print data is completed as necessary, the print permission / rejection determination server 125 notifies the client PC 111 that printing is permitted and transmits the print job ticket and the print data to the client PC 111 in step S1113. Note that the print permission / rejection determination server 125 encrypts the print data according to the encryption method provided in the printer 112 as necessary before transmitting the print data to the client PC 111. In step S1114, the print permission / rejection determination server 125 records that printing has been performed (print data has been generated and transmitted to the client PC 111) in the print log, and the process ends.

  Next, a method for determining whether or not printing is possible in step S1106 will be described. As described above, whether or not printing is possible is determined by any one of (i) automatic determination, (ii) other person (boss) determination, and (iii) self-determination.

  First, the case where the determination of whether or not printing is possible is an automatic determination.

  FIG. 13 is a flowchart for explaining processing in a case where the determination of whether printing is possible is automatic determination.

  As shown in FIG. 13, the print permission determination server 125 first analyzes document data and extracts keywords in step S1301. Next, in step S1302, a risk threshold value is calculated. For example, the risk threshold value is calculated by multiplying the number of keywords extracted in step S1301 by a predetermined coefficient. As will be described later, in the present embodiment, when the risk value exceeds the risk threshold, the document data to be determined is determined to have a high security risk.

  Next, in step S1303, a risk value is calculated. For example, when keywords are extracted in step S1301, the number of appearances (appearance frequency) of each keyword is counted, and the number of occurrences of each keyword multiplied by the risk coefficient of each keyword is obtained for all keywords. The risk value is calculated by summing up. In addition, the keyword and the risk coefficient of each keyword shall be registered into the security dangerous term dictionary prepared beforehand, for example.

  When the calculation of the risk value is completed, in step S1304, the calculated risk value is compared with the risk threshold value to determine whether the calculated risk value exceeds the risk threshold value. As a result, if the calculated risk value exceeds the risk threshold value (S1304: Yes), it is determined in step S1305 that printing of the document is high risk and printing is impossible, and the process ends. On the other hand, as a result of the determination in step S1304, if the calculated risk value does not exceed the risk threshold (S1304: No), it is determined in step S1306 that printing is possible, and the process ends.

  As described above, whether printing is possible is automatically determined.

  Next, a case will be described in which the determination of whether or not printing is possible is another person determination (supervisor determination).

  In some cases, the determination of whether or not printing is possible (in-house regulations) is performed by a person who is responsible for determining whether or not printing is possible (for example, the supervisor of the print requester). In such a case, the print permission / rejection determination server 125 makes an inquiry to the boss who is responsible for determining whether printing is permitted or not, and determines whether or not to permit printing according to a response from the boss to the inquiry. I do.

  FIG. 14 is a flowchart for explaining processing in a case where the determination as to whether printing is possible is a boss determination.

  As shown in FIG. 14, the print permission / rejection determination server 125 first acquires identification information (user ID) of the user's supervisor who instructed printing from the employee database in the organization in step S1401. Next, in step S1402, the terminal where the boss is logged in is searched. In step S1403, it is determined whether there is a terminal to which the boss is logged in. As a result, if there is no terminal to which the boss is logged in (S1403: No), the determination cannot be obtained immediately. Therefore, in step S1404, it is determined that printing is not possible because the printing permission cannot be determined. Exit.

  On the other hand, if the result of determination in step S1403 is that there is a terminal to which the boss has logged in (S1403: Yes), in step S1405, a screen for inquiring whether to grant printing permission is displayed on the terminal. For example, information useful for determination, such as information about a document to be printed and a printer to be output, is displayed on the screen.

  Next, in step S1406, after displaying the screen, it is determined whether or not there is a response within a predetermined time limit (for example, 3 minutes). As a result, if there is no response within the time limit (S1406: No), it is determined that the boss is logged in but is not in a situation where it is possible to immediately determine whether or not to allow printing for some reason. Since it is impossible, it is determined that printing is impossible, and the process is terminated.

  On the other hand, as a result of the determination in step S1406, if there is a response from the superior within the time limit (S1406: Yes), it is determined in step S1407 whether the response is print rejection or print permission. As a result, if the response from the supervisor is print rejection (S1407: Yes), it is determined in step S1408 that printing is not possible, and the process ends. On the other hand, as a result of the determination in step S1407, if the response from the supervisor is print permission (S1407: No), it is determined in step S1409 that printing is possible, and the process ends.

  As described above, whether or not printing is possible is determined by the boss. Note that the print permission / rejection determination server 125 records a determination result or the like in a log as necessary.

  Next, a case where the print rejection determination is self-determination will be described.

  FIG. 15 is a flowchart for explaining the processing when the determination of whether or not printing is possible is self-determination.

  As shown in FIG. 15, the print permission / refusal determination server 125 first displays a UI screen asking whether to permit printing on the client PC 111 used by the user who has instructed printing in step S1501. At this time, the UI screen displays information such as security functions provided in the printer 112 serving as an output destination in order to help the user's judgment.

  Next, in step S1502, it is determined whether or not there is an instruction from the user not to print on the UI screen. As a result, if there is an instruction from the user not to print (S1502: Yes), it is determined in step S1503 that printing is not possible, and the process ends. On the other hand, if there is an instruction from the user to perform printing (S1502: No), it is determined in step S1504 that printing is possible, and the process ends.

  As described above, whether printing is possible is determined by itself.

  As described above, according to the above-described embodiment, it is possible to perform printing when it is determined that there is no security problem even from a client PC that is not normally permitted to print. It is possible to improve the convenience of the user while ensuring sufficient security.

  In the above-described embodiment, the print job ticket and the print data are handled as separate data. However, both can be handled as a single piece of data. In the above-described embodiment, the print permission / rejection determination server 125 and the print data generation server 126 are realized as separate servers. However, both can be realized as a single server. It is also possible to mount the print data generation server 126 on a client PC.

  In the above-described embodiment, three types of methods have been described as methods for determining whether printing is possible. However, other methods may be used for determination. Further, the module that performs the determination can be mounted as an external module of the print permission / rejection determination server 125. In this case, the print permission / rejection determination server 125 notifies the external module of information necessary for the determination, the external module determines whether or not printing is possible based on the notified information, and returns the result to the print permission / rejection determination server. become.

  The functions of the above-described embodiments are as follows: assembly language, C, Visual C, C ++, Visual C ++, Java (registered trademark), Java (registered trademark) Beans, Java (registered trademark) Applet, Java (registered trademark) Script, Perl , Ruby, etc., can be realized by a device-executable program written in a legacy programming language, an object-oriented programming language, or the like, and can be stored and distributed in a device-readable recording medium.

  The embodiments of the present invention have been described with reference to the drawings. However, the present invention is not limited to the above-described embodiments, and other embodiments, additions, modifications, deletions, and the like will occur to those skilled in the art. It can be changed within the range that can be achieved, and any aspect is included in the scope of the present invention as long as the effects and effects of the present invention are exhibited.

1 is a diagram illustrating a configuration example of a printing system according to an embodiment of the present invention. The figure which shows embodiment of the function structure of client PC. The figure which shows embodiment of the function structure of a printing permission judgment server. The figure which shows embodiment of an operation control table. The figure which shows embodiment of the function structure of a print data generation server. FIG. 4 is a diagram illustrating an example of a print job ticket generated by a print data generation server. FIG. 3 is a diagram illustrating an embodiment of a functional configuration of a printer. The flowchart for demonstrating operation | movement of client PC (the 1). The flowchart for demonstrating operation | movement of client PC (the 2). 6 is a flowchart for explaining printer authentication processing. 6 is a flowchart (part 1) for explaining the operation of the print permission / rejection determination server. 9 is a flowchart (part 2) for explaining the operation of the printing permission / refusal determination server. 7 is a flowchart for explaining processing when determination of whether printing is possible is automatic determination. The flowchart for demonstrating a process in case determination of whether printing is possible is a supervisor determination. 10 is a flowchart for explaining processing when determination of whether printing is possible is self-determination.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Printing system, 110 ... First network system, 111a, 111b ... Client PC, 112a, 112b ... Printer, 113 ... Router, 119 ... Network, 120 ... Second network system, 121a, 121b ... Client PC, 122a , 122b ... printer, 123 ... router, 124 ... thin client server, 125 ... print permission determination server, 126 ... print data generation server, 129 ... network, 130 ... internet, 210 ... print request transmission unit, 220 ... print data reception unit , 230 ... printing condition change unit, 240 ... print data transmission unit, 250 ... printer authentication unit, 260 ... communication relay unit, 310 ... print request reception unit, 320 ... security level determination unit, 330 ... printer information acquisition unit, 340 ... Printing permission Cutting unit, 350 ... Operation control table, 360 ... Print target data transmission unit, 370 ... Print data reception unit, 380 ... Print data transmission unit, 510 ... Data reception unit, 520 ... Print data generation unit, 530 ... Data transmission unit, 600 ... Print job ticket, 610 ... Printer identification information section, 620 ... Print condition section, 621 ... Variable print condition section, 710 ... Data receiving section, 720 ... Print control section, 721 ... Time information acquisition section, 722 ... Hash value calculation , 730... Print processing unit, 740... Printer information transmission unit

Claims (12)

A printing system comprising: a printing apparatus; a first information processing apparatus that instructs printing on the printing apparatus; and a second information processing apparatus that determines whether the printing is permitted or not.
The first information processing apparatus includes:
Print request transmission means for transmitting to the second information processing apparatus, print target data and printing apparatus identification information for specifying a printing apparatus as an output destination;
The second information processing apparatus
Print request receiving means for receiving the print target data and the printing apparatus identification information from the first information processing apparatus;
A printing system comprising: a printing permission / rejection determining unit that determines whether or not printing of the printing target data is permitted by a printing device corresponding to the printing device identification information. A third information processing device for generating print data interpretable by the printing device from the print target data;
The second information processing apparatus
Print object data transmission means for transmitting the print object data to the third information processing apparatus when printing is permitted by the print permission determination means;
Print data receiving means for receiving the print data from the third information processing apparatus;
Print data transmission means for transmitting the print data to the first information processing apparatus,
The third information processing apparatus includes:
Data receiving means for receiving the print target data from the second information processing apparatus;
Print data generation means for generating the print data from the print target data;
The printing system according to claim 1, further comprising: a data transmission unit that transmits the print data generated by the print data generation unit to the second information processing apparatus. The second information processing apparatus
Print data generating means for generating, from the print target data, print data that can be interpreted by the printing device when printing is permitted by the print permission determination means;
The printing system according to claim 1, further comprising: a print data transmission unit that transmits the print data generated by the print data generation unit to the first information processing apparatus. The first information processing apparatus includes:
Print data receiving means for receiving the print data from the second information processing apparatus;
The printing system according to claim 2, further comprising: a print data transmission unit that transmits the print data received by the print data reception unit to a printing apparatus that is an output destination. The first information processing apparatus includes:
The printing system according to claim 4, further comprising: a printing apparatus authentication unit that authenticates the printing apparatus before transmitting the printing data to the printing apparatus. The second information processing apparatus
Printing device information acquisition means for acquiring printing device information from a printing device corresponding to the printing device identification information;
Security level determination means for determining a security level of the print target data;
2. The printing permission / refusal determination unit determines whether to permit printing according to the printing device information acquired by the printing device information acquisition unit and the security level determined by the security level determination unit. The printing system as described in any one of -5. The printing system according to claim 6, wherein the printing apparatus information is information relating to a security function that can be provided by the printing apparatus. The second information processing apparatus
8. The inquiry unit according to claim 6, further comprising inquiry means for inquiring whether or not to permit the printing permission / inhibition judgment person to print the data to be printed by a printing apparatus corresponding to the printing apparatus identification information. Printing system. The printing permission / refusal judging means includes
The print target data is analyzed, the occurrence frequency of keywords included in the print target data is totaled, a risk value is calculated from the total result, and printing is performed depending on whether the calculated risk value exceeds a threshold value. The printing system according to claim 6, wherein it is determined whether or not to permit the operation. The print data generation means includes
The printing system according to any one of claims 2 to 9, wherein print data defining an image to be printed and a print job ticket for controlling the operation of the printer are separately generated. The first information processing apparatus includes:
The printing system according to claim 10, further comprising a printing condition changing unit that changes a printing condition designated as changeable in the print job ticket. The first information processing apparatus includes:
Receiving a printing apparatus information acquisition request from the second information processing apparatus and transmitting it to the printing apparatus; and receiving a response to the printing apparatus information acquisition request from the printing apparatus; The printing system according to claim 1, further comprising a communication relay unit that transmits to the processing apparatus.

Images