JP2014142735A - Printing system, method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a print data specifying method that does not degrade security with respect to a request for the print data of a user from a printer that does not take user information into account, by solving a problem in that a printer obtains a token for a printer (a token unrelated to a user) from an authentication service and a print job is requested with the printer token, and if a print service carries out generation of a print job by the authority of the printer token, the holder of the print data cannot be specified from the token.SOLUTION: With respect to a request for the print data of a user from a printer that does not take user information into account, adequacy is checked to determine whether to meet a request with a roll and an application ID for an approval token added to the request from the printer, and the print data of the user sent back to the printer is specified with a tenant ID, job ID, and printer ID.

Description

  The present invention relates to a printing system, a method, and a program for performing print data specifying processing in a printing system, in particular, a pull printing system, when document data input with user authority is acquired by a printer having printer authority.

  In recent years, business has been developed by publishing services on the Internet as cloud services. The print server is also required to provide a function as a print service on the Internet. Providing services as cloud services can be done by placing print servers on a large data center, eliminating the need for hardware management for each customer and adding resources according to the server load. There are various advantages such as being easy to do. Therefore, there is a demand for an environment in which a printer acquires print data from the print server via the Internet and performs pull-type printing.

  In cloud printing, the user operates the UI screen of a web browser or printer, authenticates the operator, issues a user authentication token, and permits a print request to the print service together with the authentication token. Get a print job from the service and print. In the cloud print service, document data submitted to the print service, print job information, print data, and printer resources associated with the device are managed as user resources. In response to the request sent from the client together with the correct user authentication token, the print service manages and accesses the resource of the user of the tenant who is the requester. When sending a print request to the printer, the cloud print service generates an authorization token from the user authentication token using the authentication service, passes the authorization token from the print service to the printer via the web browser, and the printer uses the token. A method for acquiring a print job is realized.

  Also, as in Patent Document 1, there is a technique for realizing single sign-on by sharing a cooperation ID, not an authorization token, among a plurality of applications.

JP 2008-59038 A

  However, there is a possibility of token leakage by routing an authorization token between the print service, the Web browser, and the printer. In addition, by issuing a token issuance request to the authentication service in the print service, the token is issued before the printer actually acquires the print job, and the print job acquisition is delayed because the printer is out of paper, etc. The token could expire. Furthermore, holding an authorization token for each user for each printer without routing tokens requires performing an authorization token issuing operation for each user who uses the printer in the printer, which places a burden on the user. Therefore, a mechanism is conceivable in which the printer obtains a printer token (a token not associated with the user) from the authentication service and accesses the print service with the printer token.

  However, in this case, when the printer requests a print job with a printer token, if the print service generates the print job with the authority of the printer token, there is a problem that the owner of the print data cannot be specified from the token. Another problem is that the user name to be embedded in the print job cannot be obtained from the printer token, and it is impossible to know who the job is as a print job on the printer.

  Accordingly, an object of the present invention is to provide a print data specifying method that does not reduce security in response to a user-owned print data request from a printer that is unaware of user information.

  A print server on the cloud that receives a print request by a user operation from the client terminal (101 to 103) or a batch print request from the batch print application (308) in the printer (105 to 108) when the registered time comes (104) has the following characteristics in the printing system that provides the print data in the print data acquisition request (S815, S1019) from the printer (105 to 108).

The print server (104) receives the document data (608) together with the user authority token (712), and stores the document data (608) for each tenant and user (FIG. 6),
When the print server (104) receives the document ID (502) associated with the document data (608) together with the user authority token (712) in the print request from the client terminals (101 to 103), the print server (104) , The token is passed to the authentication service (310), the user ID (703) and the tenant ID (706) are acquired, and the print data (605) and the print job ID (512, 522) associated therewith are obtained from the document data (608). Means for embedding the printer user name (704) in the print data (605) when generating,
Means for acquiring a token (712) from the authentication service (301) when the printer (105-108) receives a print request from the print server (104) via the client terminal (101-103);
The print job ID (512, 522) and tenant ID (706) acquired together with the print request received by the printer (105-108) from the print server (104) via the client terminal (101-103) together with the acquired token (712). , Means for obtaining the printer ID (533),
When the printer (105 to 108) makes a print job acquisition request to the print server (104) together with the token (712), print job ID (512, 522), tenant ID (706), and printer ID (533), the print server (104) ) Includes means for specifying print data (605) associated with the print job ID (512, 522), tenant ID (706), and printer ID (533) and sending the print data (105) to the printer (105-108). Printing system to do.

  According to the present invention, in response to a user-owned print data request from a printer that is unaware of user information, the validity of whether the request can be answered with the role and application ID for the authorization token accompanying the printer request is confirmed. By specifying the print data to be returned to the printer by the tenant ID, job ID, and printer ID, a printing system that does not reduce security can be realized.

Block diagram showing network configuration Hardware configuration diagram of print server, client terminal and printer Module configuration diagram of print server, client terminal and printer Software configuration diagram of print server, pull print application, batch print application, authorization token acquisition application Configuration diagram of document information, print job information, batch print job information, and printer information managed by the print server Conceptual diagram of the management hierarchy of document information, print job information, batch print job information, document data, and print data of the print server Management service management data configuration diagram Processing sequence of printing system Document submission processing sequence for batch printing Batch printing process sequence of printing system Batch print start time setting screen

  The best mode for carrying out the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram showing an overall configuration of a printing system according to an embodiment of the present invention.

  In FIG. 1, client terminals 101 to 103, a print server 104, and printers 105 to 108 are connected via networks 109 to 111.

  In the figure, it is assumed that a plurality of client terminals 101 to 103 and printers 105 to 108 are connected.

  The networks 109 to 111 are, for example, a LAN such as the Internet, a WAN, a telephone line, a dedicated digital line, an ATM, a frame relay line, a cable television line, a data broadcasting wireless line, or the like. It is a so-called communication network realized by a combination of these. The networks 109 to 111 only need to be able to transmit and receive data. The communication means from the client terminals 101 to 103 to the print server 104 and the printers 105 to 108 and the communication means from the printers 105 to 108 to the print server 104 may be different.

  The client terminals 101 to 103 are, for example, a desktop personal computer, a notebook personal computer, a mobile personal computer, a PDA (personal data assistant), or the like, but may be a mobile phone with a built-in program execution environment. Each of the client terminals 101 to 103 includes an environment for executing a program such as a Web browser (Internet browser, WWW browser, browser used for World Wide Web).

  The print server 104 receives information for identifying a document to be printed and an output destination printer from the Web browser of the client terminals 101 to 103 together with a print request. Then, the validity of the request is confirmed with the authentication server 112, and user information is obtained from the authentication server 112. Then, a response screen including a command for instructing printing is returned to the Web browser of the client terminals 101 to 103. The print server 104 starts generating print data including the printer user name and domain in the user information acquired from the authentication server 112.

  The Web browsers of the client terminals 101 to 103 issue the received print command to the designated printer.

  Upon receiving a print command from the Web browser of the client terminals 101 to 103, the printers 105 to 108 acquire print data from the print server 104 and perform printing.

  FIG. 2 is a hardware configuration diagram of the client terminals 101 to 103, the print server 104, and the printers 105 to 108 of the printing system according to the embodiment of the present invention.

  In FIG. 2, 202 is a CPU that controls the entire apparatus, executes an application program, OS, and the like stored in a hard disk (HDD) 205, and temporarily stores information, files, and the like necessary for executing the program in a RAM 203. Control to store in.

  Reference numeral 204 denotes a ROM as storage means, which stores programs such as a basic I / O program, various data such as print data and printer information used in print processing.

  Reference numeral 203 denotes a RAM as temporary storage means, which functions as a main memory, work area, and the like for the CPU 202. Reference numeral 205 denotes one of external storage means, which is a hard disk (HDD) that functions as a large-capacity memory. An application program such as a Web browser, a print server program, an OS, and related programs are stored.

  A display 206 is a display unit that displays commands input from the keyboard 207, document information submitted to the print server 104, and the like.

  An external device I / F 208 is an I / F for connecting a printer, a USB device, and a peripheral device.

  Reference numeral 207 denotes a keyboard as instruction input means.

  A system bus 201 controls the flow of data in the print server of the printing system.

  A network interface card (NIC) 209 exchanges data with external devices via the interface 209 and the networks 109 to 111. Note that the configuration of the computer is an example thereof, and is not limited to the configuration example of FIG. For example, the storage location of data and programs can be changed by ROM, RAM, HDD, etc. according to the characteristics. Reference numeral 209 denotes a controller for the printers 105 to 108, which is a device that controls the printer control system.

  A CPU 210 controls the entire apparatus, and comprehensively controls access to various devices connected to the system bus 218. This control is based on a control program or the like stored in the ROM 212 or a control program or resource data (resource information) stored in the external memory 223 connected via the disk controller (DKC 216).

  Reference numeral 211 denotes a RAM that functions as a main memory, a work area, and the like of the CPU 210, and is configured such that the memory capacity can be expanded by an optional RAM connected to an expansion port (not shown).

  Reference numeral 213 denotes external storage means that functions as a large-capacity memory, and stores a pull print application program, a batch print application program, an authorization token acquisition application program, a related program, and the like.

  A user interface 221 for performing a pull print operation and a pull print switching button are arranged on an operation panel (operation unit) 221. In addition, buttons for performing operations such as setting of operation modes of the printers 105 to 108, display of operation states of the printers 105 to 108, and designation of copying, and display units such as a liquid crystal panel and LEDs 214 are also arranged.

  A network interface card (NIC) 219 exchanges data with an external device via the interface 219.

  The print engine 220 shown in this figure uses a known printing technique, and examples of suitable implementation systems include an electrophotographic system (laser beam system), an ink jet system, and a sublimation method (thermal transfer) system. .

  A raster controller 215 is a controller that converts print data in PDL language / PDF language into image data. A device I / F 217 is a connection I / F with an external device that can be connected by USB or the like.

  FIG. 3 is a system configuration diagram of the printing system according to the embodiment of the present invention.

  The print server 104 manages document data of each user input from other services or programs, document information 501, print job information 511, batch print job information 521, and printer information 531 of each printer in the storage 307. . The data format of the print data is a format such as PDF.

  The storage 307 is a storage device such as an HDD built in the information processing apparatus of the print server 104, an externally connected HDD, or a network storage.

  When the print server 104 receives a print request from the Web browser 301 and the batch print application 308 via the Web application 302, the print server 104 acquires designated document data from the storage 307. Then, the document data is sent to the print data generation service 306.

  The print data generation service 306 converts the document data into print data having a data format that can be interpreted by the printer, and sends the print data to the print server 104.

  Next, the web application 302 creates a web page that can be displayed by the web browser 301 operating on the client terminals 101 to 103, responds to a request from the web browser 301, and returns the created web page.

  When receiving a request regarding batch printing from the batch print application 308 in the printers 105 to 108, an XML response message is generated as a response to the request.

  Next, when the Web service 303 receives a print data acquisition request from the pull print application 304 of the printers 105 to 108, the Web service 303 confirms the validity of the request with the authentication service 310. When the confirmation is obtained, the request is sent to the print service 305. When the Web service 303 receives a data stream including print data as a response from the print service 305, the Web service 303 reads a part of the print data and returns a part of the data to the request response from the printers 105 to 108. to continue. Repeat until all of the print data is sent to the printers 105-108.

  In addition, the printer 105 to 108 receives a print job completion notification in the printing process. The pull print application 304 of the printers 105 to 108 receives a print request from the Web browser 301. Upon receiving a print request, the pull print application 304 acquires print data from the Web service 303 of the print server 104 and performs printing using the printers 105 to 108.

  Next, the batch print application 308 acquires a job list for batch printing from the print service 305 when the batch print execution time registered in the screen of FIG. 11 described later is reached, and executes printing for the pull print application 304. To do.

  Next, when the pull print application 304 or the batch print application 308 accesses the Web service 303 or the Web application 302, the authentication token acquisition application 309 receives an authorization token having a role suitable for each application. And return to each application.

  The authentication service 310 generates and returns an authorization token for the designated role in response to the authorization token generation request from the authentication service 310. In addition, the validity of the authorization token validity check request from the Web service 303 or the Web application 302 is confirmed and the result is returned. Also, authorization / authentication information 711 and user information 701 associated with the authorization token or the authentication token are returned.

  The print service 305, the print data generation service 306, the web application 302, and the web service 303 are independent programs, and can be arranged in different information processing apparatuses. Each of these programs is arranged in an information processing apparatus connected to a network, and communicates between the programs. It is also possible to place these programs in the information processing apparatus.

  4 is a software configuration diagram of the printing system according to the embodiment of the present invention, and FIG. 5 is a data configuration diagram managed by the printing system. FIG. 6 is a configuration hierarchy diagram of each data held in the storage 307 by the printing system. FIG. 7 is a configuration diagram of authentication data managed by the authentication service 310. Processing of a printing system that performs document submission from another service or program to the printing system and printing of the document received by the user operating the Web browser 301 with reference to FIGS. A batch print process performed when the printing system is scheduled will be described.

  Another service or another program transmits the document data to the Web service 303 located in the print server 104. When the Web service 303 receives the document data at the document data receiving unit 410, the token confirmation unit 409 of the Web service 303 sends the authorization token accompanying the request to the authentication service 310, and the validity of the token is verified by the authentication service 310. Verify with

  The authentication service 310 confirms whether the token matches the token 712 of the authentication / authorization information 711, and verifies whether the token is a role 715 that can be processed by the request source application. If it is determined to be valid, the result is returned to the Web service 303 which is the request source application.

  If the Web service 303 determines that the request is valid, each information of the user information 701 is received from the authentication service 310. The user information 701 will be described later. When the authentication service 310 confirms the validity of the token, the Web service 303 receives user information 701 from the authentication service 310. The Web service 303 transmits the received user information 701 and document data to the document data management unit 401 of the print service 305.

  The document data received by the document data management unit 401 of the print service 305 is stored in the document data 604 in the configuration hierarchy of each data shown in FIG. 6 of the storage 307 based on the tenant ID 706 and the user ID 703. Further, as the document information 501 of the document, a document name 503, a document ID 502, a document status 504, a document reception date 505, and a document storage path 506 indicating a path of document data to be stored in the storage 307 are stored in the storage 307.

  The status 504 includes “receiving”, “receiving error”, “waiting”, “waiting for printing”, “waiting for printing”, “printing”, “printing end”, “printing error”, “cancel end”, and the like. The document storage path 506 includes a hierarchical path indicating the document data 604 in the configuration hierarchical diagram of each data shown in FIG.

  Here, the configuration of each data in the storage 307 of the printing system will be described. The data structure is first a tenant ID hierarchy 601 that can be identified by the tenant ID 706 of the user information 701 of the authentication service 310. In addition, a user ID hierarchy 603 that can be identified by the user ID 703 and a printer ID hierarchy 521 that can be identified by the printer ID 533 of the printer information 531 managed by the printer information management unit 403 of the print service 305 are included.

  The management units 401, 402, and 403 constituting the print service 305 acquire the tenant ID 706 and the user ID 703 of the user information 701 in response to the requests coming via the Web interfaces 302 and 303, and the hierarchy indicated by each ID Access each data and information of the configuration 501, 511, 521, 531, 604, 605.

  Next, processing of a printing system in which a user operates the Web browser 301 to print a document will be described.

  When a print request specifying a printer ID and a document ID for printing is received from the Web browser 301, the request reception unit 407 of the Web application 302 receives the request. The token confirmation unit 405 of the Web application 302 passes the authentication token accompanying the request to the authentication service 310 and verifies the validity of the token by the authentication service 310.

  The authentication service 310 confirms whether the token matches the token 712 of the authentication / authorization information 711, and verifies whether the token is a role 715 that can be processed by the request source application. If it is determined to be valid, the result is returned to the Web application 302 that is the request source application. The Web application 302 receives each piece of user information 701 from the authentication service 310 if the request is determined to be valid. Here, the user information 701 includes a user name 702, a user ID 703 for identifying the user, a user name of the printer registered by the user in the printer, a printer user name 704 registered in association with the domain, and a printer domain 705. Consists of Further, a printer user name 704 and a printer domain 705 are information for associating a printer managed by user information of a local authentication server (not shown) with user information 701 managed by the authentication service 310.

  The printer normally handles print jobs with the printer user name 704 and the printer domain 705. The print job information displayed on the printer operation panel 221 is displayed with the printer user name 704.

  When the Web application 302 receives the user information 701 from the authentication service 310, the session management unit 406 creates a session for the request. In addition, the Web application 302 sends a print request, a printer ID, a document ID, and user information 701 for printing to the document data management unit 401 of the print service 305.

  The document data management unit 401 passes the user information 701 and the printer ID to the printer information management unit 403. Upon receipt, the printer information management unit 403 identifies the tenant ID hierarchy 601 of the storage 307 from the tenant ID 706, identifies the printer ID 533 that matches the printer ID from the printer information 531, and passes the printer information 531 to the document data management unit 401.

  Here, the printer information 531 includes a printer name 532 designated by the user, a printer ID 533 that identifies the printer, and a model name 534 that represents the product model of the printer. Furthermore, it is composed of an IP address 535 for accessing when a Web browser 301 to be described later issues a print request to the printer.

  The document data management unit 401 that has received the printer information 531 identifies the tenant ID hierarchy 601 and the user ID hierarchy 602 of the storage 307 from the user information 701, and acquires the document storage path 506 of the document information 501.

  The document data management unit 401 passes the acquired document storage path 506, user information 701, and printer information 531 to the print job information management unit 402. The print job information management unit 402 generates a print job ID 512, identifies the tenant ID hierarchy 601 and printer ID hierarchy 602 of the storage 307 from the user information 701, and registers the print job information 511.

  Here, the print job information 511 includes a print job ID 512 for specifying a print job, a status 513, a print start time 514, and a printer ID 533 of the printer information 531 acquired from the document data management unit 401. Furthermore, it comprises a user ID 703 of user information 701, a print data storage path 527 for storing print data 605 generated and received by a print data generation service 306, which will be described later, a printer user name 704 of user information 701, and a printer domain 705.

  The print job information 511 is a list that holds information in the order of print requests, and is a list that manages the order of print schedules. After registering the print job information 511 in this list, the print job information management unit 402 returns a print request response to the Web application 302 via the document data management unit 401. This response includes the print job ID 512.

  Based on this response, the Web application 302 makes a print request to the pull print application 304 of the printers 103 to 105 via the Web browser 301. At this time, the print job ID 512, the printer ID 533, and the tenant ID 706 are passed in the print request.

  Here, the print job information management unit 402 of the print service 305 obtains the document data 604 for the print job that is at the head of the print schedule order in the print job information 511 list. Specifically, the document data 604 is acquired from the storage 307 based on the document storage path 506 received from the document data management unit 401. Then, together with the model name 534 of the printer information 531, the printer user name 704 of the user information 701, and the printer domain 705, it is sent to the print data generation unit 404 of the print data generation service 306.

  A print data generation unit 404 generates print data that can be received by a printer corresponding to the printer model of the received document data. The print data is generated by including the printer user name 704 and the printer domain 705 in the print data. The generated print data is sent to the print job information management unit 402 of the print service 305. The print job information management unit 402 stores the print job information 511 in the print data storage path 517.

  The pull print application 304 receives a print request from the Web browser 301 at the Web service reception unit 420. Then, the pull print controller 423 is notified to that effect. Upon receiving the notification, the pull print controller 423 sends an authorization token generation request to the authorization token acquisition application 309 via the token generation request unit 426. This request is made by specifying a role for the pull print application. When the request reception unit 441 of the authorization token acquisition application 309 receives a token generation request from the pull print application 304, the authentication token acquisition unit 440 requests the authentication service 310 to generate an authorization token together with the specified role information. Here, in the case of the role 715 of the pull-print application 304, the authentication service 310 does not have a user log-in result, and therefore generates a token in which the user ID 713 information does not exist and the application ID 714 exists.

  The authorization token acquisition application 309 acquires a token from the authentication service 310 and sends the token to the pull print application 304. Upon receiving the authorization token from the authorization token acquisition application 309, the pull print controller 423 of the pull print application 304 issues a print job acquisition instruction to the print server 104 to the print job acquisition unit 422. The print job acquisition unit 422 sends a print job acquisition request including the authorization token, the print job ID 512, the printer ID 525, and the tenant ID 706 to the Web service 303 of the print server 104.

  The token confirmation unit 409 of the Web service 303 passes the authorization token accompanying the request to the authentication service 310, and the authentication service 310 verifies the validity of this token. The authentication service 310 confirms whether the token matches the token 712 of the authentication / authorization information 711, and verifies whether the token is a role 715 that can be processed by the request source application. If it is determined to be valid, the result is returned to the Web service 303 which is the request source application. Further, the token confirmation unit 409 sends the authorization token to the authentication service 310 and acquires the application ID 714 for the authorization token. The token confirmation unit 409 confirms that the unrecognized application ID recognized by the Web service 303 matches the application ID 714. If they do not match, the print job is not passed to the pull print application 304 as an error. When confirming that the application IDs match, the Web service 303 sends the print job acquisition request to the print service 305.

  The print job information management unit 402 of the print service 305 receives a print job request from the Web service 303. Then, the tenant ID hierarchy 601 and the printer ID hierarchy 603 of the storage 307 are specified by the tenant ID 706 and the printer ID 525 acquired via the Web service 303. Also, with the print job ID 512, print job information that matches the print job ID of the designated print job is acquired from the print job information 511. Also, the print job information management unit 402 refers to the print data storage path 517 of the acquired print job information, acquires the print data 605, and sends the print data 605 to the Web service 303.

  The above is the mechanism of the print service 305 that specifies a print job in response to a request from the pull print application 304 that is accessed with an authorization token without user login.

  As described above, the print job transmission unit 411 of the Web service 303 receives the data stream including the print data in the response to the print job acquisition request to the print job information management unit 402 of the print service 305. Then, a part of the print data is read, and the part of the data is continuously returned in response to the job acquisition request from the print job acquisition unit 422 of the pull print application 304 of the printers 105 to 108.

  Repeat until all of the print data is sent to the pull print application 304. When the print job acquisition unit 422 starts receiving a part of the print data from the Web service 303, the pull print application 304 sends the print data to the controller of the printer (not shown) via the print job transmission unit 424. The printer starts printing. The print control unit 425 monitors the controller of the printer and detects the completion of the print job. Upon detecting the completion of printing, the print control unit 425 notifies the print status reception unit 412 of the Web service 303 of the completion of printing via the Web service transmission unit 421. This notification includes a print job ID 512, a printer ID 533, a tenant ID 706, and a completion status.

  Upon receiving the print completion notification, the print status reception unit 412 sends a completion notification together with the print job ID 512, printer ID 533, tenant ID 706, and completion status to the print job information management unit 402 of the print service 305.

  The print job information management unit 402 identifies the tenant ID hierarchy 601 and printer ID hierarchy 603 of the storage 307 using the received tenant ID 706 and printer ID 525, and further identifies print job information 511 using the job ID 512. Then, the print job information management unit 402 registers the acquired completion status in the status 513 of the print job information 511, and sends it to the completion status together with the tenant ID 706, job ID 512, and user ID 516 of the print job information 511 in the document data management unit 401. .

  The document data management unit 401 identifies the user ID hierarchy 602 of the tenant ID hierarchy 601 of the storage 307 using the received tenant ID 706 and user ID 516, and updates the status 504 of the document information 501 that matches the user ID 516 to the completion status.

  This is the description of the processing of the printing system in which the user operates the Web browser 301 to print the document. Specifically, the print service 305 creates print data including the user name and domain of the submitted document data that has been authenticated by the user. In response to a print job acquisition request from the preprint application 304 of the printers 103 to 108 not logged in by the user, the validity of the role 715 and application ID 714 of the request source preprint application 304 is confirmed. Further, a mechanism for specifying the print data 605 by the tenant ID 706, job ID 512, and printer ID 533 and transmitting the print data 605 to the preprint application 304 will be described. With this mechanism, a print system that does not reduce security can be realized by specifying print data in response to a user-owned print data request from the preprint application 304 that is unaware of user information.

  Next, batch print processing that is performed when the printing system is scheduled will be described. Description of processing equivalent to processing of a printing system in which a user operates the Web browser 301 to print a document is omitted.

  In the batch print process, the print service 305 receives a printer ID 533 for printing along with receiving document data from another service or another program at the time of document submission. When the print service 305 receives a document submission request, the authentication service 310 confirms the validity of the authentication token as described above, and further acquires user information 701. Then, the document data management unit 401 of the print service 305 stores the received document data in the document data 604 of the storage 307. The document data management unit 401 checks with the printer information management unit 403 whether the received printer ID 533 exists, and prints the document storage path 506, user information 701, and printer information 531 to the print job information management unit 402. To pass.

  The print job information management unit 402 generates a print job ID 512 and registers the batch print job information 521 in the printer ID hierarchy 602 of the storage 307. Here, the batch print job information 521 has the same information configuration as the print job information 511, but the batch print job information 521 holds only batch print job information.

  Here, FIG. 11 shows a screen example of the batch print start time setting screen 1101 of the batch application 308.

  On the batch print start time setting screen 1101, the timing of periodic execution of the batch start time can be set by setting the periodic processing 1102. Setting items include a batch start time, an end time, and a batch execution interval, and the batch application 308 executes a batch print process at each batch execution interval within the start and end times.

  In the setting of the scheduled processing 1103, it is possible to set the batch application 308 to execute batch print processing once at a specified time. The setting information is managed by the batch print management unit 443. In addition, the batch time management unit 434 detects the set time, and notifies the batch print controller 432 that the designated execution time is reached.

  When the batch print controller 432 is notified of the start of the batch from the batch time management unit 434, the batch print controller 432 issues an authorization token creation request to the authorization token acquisition application 309 via the token generation unit request unit 435.

  Subsequently, the authorization token acquisition application 309 issues a request to create an authorization token for the role 715 for the batch application 308 to the authentication service 310. Here, the authentication service 310 generates a token having the application ID 714 associated with the user information 701 as a token for the batch print application 308. The authorization token acquisition application 309 acquires a token from the authentication service 310 and sends the token to the batch print application 308.

  Upon receiving the authorization token from the authorization token acquisition application 309, the batch print controller 432 of the batch print application 308 issues a print job list acquisition instruction to the Web application 302 to the print job list acquisition unit 430. At this time, the batch print application 308 sends the printer ID 525 to the Web application 302.

  The web application 302 receives a request from the batch print application 308 at the request reception unit 407. In response to this request, the token confirmation unit 405 requests the authentication service 310 to validate the token. The authentication service 310 confirms whether the token is valid as a role of the batch print application 308. Further, the token confirmation unit 405 confirms that the application ID 714 recognized by the Web application 302 matches the application ID 714.

  Further, the Web application 302 acquires the tenant ID 706 from the authentication service 310. The Web application 302 passes the tenant ID 706 and printer ID 525 to the print job information management unit 402 of the print service 305.

  The print job information management unit 402 specifies the tenant ID hierarchy 601 and the printer ID hierarchy 602 of the storage 307 based on the tenant ID 706 and the printer ID 525, and acquires batch print job information 521. A list of batch print job IDs 522 of the batch print job information 521 is returned to the batch print application 308 by the Web application 302.

  Next, the batch print application 308 passes the batch print job ID 522 and the printer ID 525 in the list of acquired batch print job IDs 522 to the Web application 302 and performs batch print processing. The Web application 302 performs token validity confirmation, application ID 714 confirmation and user information 701 acquisition to the authentication service 310, and issues a print request to the print job information management unit 402 of the print service 305.

  The print job information management unit 402 issues a print data generation request to the print data generation unit 404 and returns a response to the Web application 302. Further, the Web application 302 that has received the response returns a response including a command to issue a print instruction to the batch print application 308. The batch print application 308 sends a print command to the pull print application 304 in the same manner as the Web browser 301 described above.

  Thereafter, processing similar to the processing described in the processing of the printing system in which the user operates the Web browser 301 to print a document is performed. The above is the description of the batch print process performed when the printing system is scheduled.

  Next, a processing sequence of a printing system in which a user operates the Web browser 301 to print a document will be described with reference to FIG.

  When the user performs a print execution operation on the Web browser 301 of the client terminal 101 in S801, the Web browser 301 of the client terminal 101 issues a print request to the print server 104 together with the authentication token, the document ID 502, and the printer ID in S802.

  In step S <b> 802, the print server 104 acquires user information 701 from the authentication service 310.

  In step S <b> 804, the authentication service 310 sends user information 701 to the print server 104.

  In step S805, the print server 104 checks whether the designated printer ID exists in the printer ID 533 of the printer information 531, and if it exists, generates a print job ID 512 in step S806.

  In step S807, the print server 104 registers the print job information 511. In step S808, the print server 104 returns a print command including the print job ID 512, the tenant ID 706 of the user information 701, and the printer ID 533 to the Web browser 301.

  In step S809, the print server 104 starts generating print data including the printer user name 704 and the printer domain 705 of the user information 701.

  Next, when the Web browser 301 sends a print request to the pull print application 304 in S810, the pull print application 304 makes an authorization token generation request to the authorization token acquisition application 309 in S811.

  Further, in S812, the authorization token acquisition application 309 makes an authorization token generation request to the authentication service 310. The S813 authentication service 310 returns the authorization token to the authorization token acquisition application 309, and the authorization token acquisition application 309 returns the authorization token to the pull print application 304 in S814.

  In step S815, the pull print application 304 makes a print data request to the printer print server 104 together with the print job ID 512, the tenant ID 706 of the user information 701, and the printer ID 533.

  In step S816, the print server 104 checks the validity of the authorization token with respect to the authentication service 310.

  In step S817, when the print server 104 receives the confirmation result from the authentication service 310, the print server 104 acquires authentication / authorization information 711 from the authentication service 310 in step S818.

  In step S <b> 819, the authentication service 310 sends authentication / authorization information 711 to the print server 104.

  In step S820, the print server 104 confirms that the application ID 714 of the authentication / authorization information 711 matches the application ID recognized by the print server 104.

  In step S <b> 821, the print server 104 performs print data identification based on the print job ID 512, the tenant ID 706 of the user information 701, and the printer ID 533. Then, in step S822, the specified print data is transmitted to the pull print application 304.

  In step S823, printing is performed by the printers 105 to 108. When the pull print application 304 detects the completion of printing, the pull print application 304 issues a print completion notification to the print server 104 in step S823.

  The above is the description of the processing sequence of the printing system in which the user operates the Web browser 301 to print the document.

  Next, a document submission processing sequence for batch printing from another service or another program to the print server 104 will be described with reference to FIG.

  In step S901, the print server 104 receives a document submission request with an authorization token, document data, and printer name from another service or program.

  In step S <b> 902, the print server 104 requests the authentication service 310 to acquire the user information 701 along with checking the validity of the authorization token.

  In step S903, when the print server 104 acquires the user information 701 from the authentication service 310, the print server 104 checks whether the printer is registered in the print information 531 in step S904, and creates a batch print job ID 522 in step S905. In step S905, the batch print job information 521 is registered as a batch print job.

  Next, a batch print processing sequence performed when the printing system is scheduled will be described with reference to FIG.

  In step S1001, the batch print application 308 becomes the batch print time set on the batch print start time setting screen 1101.

  In step S <b> 1002, the batch print application 308 requests the print server 104 for a batch job list together with an authorization token and a printer ID.

  In step S <b> 1003, the print server 104 checks the validity of the authorization token with the authentication service 310.

  When the confirmation result is sent from the authentication service 310 to the print server 104 in S1004, the print server 104 acquires the authentication / authorization information 711 to the authentication service 310 in S1005.

  In step S <b> 1006, the print server 104 confirms that the application ID 714 of the authentication / authorization information 711 matches the application ID recognized by the print server 104.

  In step S <b> 1007, the print server 104 acquires user information 701 from the authentication service 310.

  In step S <b> 1008, user information 701 is sent from the authentication service 310 to the print server 104.

  In step S1009, the print server 104 identifies the batch print job information 521 based on the printer ID and the tenant ID 706 of the user information 701, and sends the batch job list to the batch print application 308 in step S1010.

  When the batch print application 308 sends a batch print request to the print server 104 in step S1011, the print server 104 returns a print command including the tenant ID 706 and printer ID 533 of the user information 701 in step S1012.

  In step S <b> 1014, the print server 104 starts generating print data including the printer user name 704 and the printer domain 705 in the user information 701.

  In step S <b> 1013, when the batch print application 308 sends a print request to the pull print application 304, the pull print application 304 sends an authorization token generation request to the authorization token acquisition application 309 in step S <b> 1015.

  In step S1016, the authorization token acquisition application 309 requests the authentication service 310 to generate an authorization token.

  In step S1017, the authentication service 310 returns an authorization token to the authorization token acquisition application 309. In step S1018, the authorization token acquisition application 309 returns the authorization token to the pull print application 304.

  In step S <b> 1019, the pull print application 304 sends a print data request to the printer print server 104 together with the batch print job ID 522, the tenant ID 706 of the user information 701, and the printer ID 533.

  In step S <b> 1020, the print server 104 confirms the validity of the authorization token with respect to the authentication service 310.

  In step S <b> 1021, when the print server 104 receives the confirmation result from the authentication service 310, the print server 104 acquires authentication / authorization information 711 from the authentication service 310 in step S <b> 1022.

  In step S <b> 1023, the authentication service 310 sends authentication / authorization information 711 to the print server 104.

  In step S1024, the print server 104 confirms that the application ID 714 of the authentication / authorization information 711 matches the application ID recognized by the Web service 303.

  In step S <b> 1025, the print server 104 specifies print data based on the batch print job ID 522 acquired from the pull print application 304, the tenant ID 706 of the user information 701, and the printer ID 533.

  The specified print data is transmitted to the pull print application 304 in step S1026.

  In step S1027, printing is performed by the printers 105 to 108.

  When the pull print application 304 detects the completion of printing, the pull print application 304 issues a print completion notification to the print server 104 in step S1028.

  The above is the description of the processing sequence of the printing system in which the user operates the Web browser 301 to print the document.

  The above is the description of the printing system of the present invention. Specifically, for a user-owned print data request from a printer that is not aware of user information, the validity of whether or not the request can be answered with the role and application ID for the authorization token accompanying the printer request is confirmed. A print system that does not reduce security can be realized by specifying print data to be returned to the printer by the tenant ID, job ID, and printer ID.

101-103 Client terminal 104 Print server 105-108 Printer 109-111 Network

Claims (1)

A print server on the cloud that receives a print request by a user operation from the client terminal (101 to 103) or a batch print request from the batch print application (308) in the printer (105 to 108) when the registered time comes (104) has the following characteristics in the printing system that provides the print data in the print data acquisition request (S815, S1019) from the printer (105 to 108).
The print server (104) receives the document data (608) together with the user authority token (712), and stores the document data (608) for each tenant and user (FIG. 6),
When the print server (104) receives the document ID (502) associated with the document data (608) together with the user authority token (712) in the print request from the client terminals (101 to 103), the print server (104) , The token is passed to the authentication service (310), the user ID (703) and the tenant ID (706) are acquired, and the print data (605) and the print job ID (512, 522) associated therewith are obtained from the document data (608). Means for embedding the printer user name (704) in the print data (605) when generating,
Means for acquiring a token (712) from the authentication service (301) when the printer (105-108) receives a print request from the print server (104) via the client terminal (101-103);
The print job ID (512, 522) and tenant ID (706) acquired together with the print request received by the printer (105-108) from the print server (104) via the client terminal (101-103) together with the acquired token (712). , Means for obtaining the printer ID (533),
When the printer (105 to 108) makes a print job acquisition request to the print server (104) together with the token (712), print job ID (512, 522), tenant ID (706), and printer ID (533), the print server (104) ) Includes means for specifying print data (605) associated with the print job ID (512, 522), tenant ID (706), and printer ID (533) and sending the print data (105) to the printer (105-108). Printing system to do.