JP2018056883A - Job execution device, job execution method, and job execution program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent data from being illegally used so as to perform follow-up survey of the execution process of a job.SOLUTION: A key storage unit 22 stores a first secret key Kb1 and a second public key Ka2 before starting the execution of a job. A communication unit 21 receives a job ID and a manuscript data MD# encrypted by using a first public key Ka1 from an order placement device 10. A job control unit 23 refers to a job database 33 on the basis of the received job ID to control whether to execute a print job or not. A manuscript data decryption unit 24 decrypts the encrypted manuscript data MD# by using the first secret key Kb1. An encrypted print data creation unit 25 creates print data PD# which is encrypted by using the second public key Ka2 on the basis of the manuscript data MD. A log encryption unit 26 encrypts a log LGx showing an execution process of the job by using a third public key Ka3.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a job execution device, a job execution method, and a job execution program that execute an instructed job. The present invention is applied to, for example, a printing system that executes a print job.

  The printing company performs printing by operating a printing machine in accordance with an order from the orderer. In recent years, a printing system using a computer or a network is used in order to efficiently perform processing from ordering to printing. FIG. 13 is a diagram illustrating a data flow in the printing system. As shown in FIG. 13, an editing apparatus 220, a RIP (Raster Image Processing) processing apparatus 230, and a printing machine 240 are installed in the printing company. An orderer (not shown) uses the ordering device 210 to transmit the document data MD to the printing company. The editing device 220 creates print data PD based on the received document data MD. The RIP processing device 230 converts the created print data PD into data that can be processed by the printing press 240 (hereinafter referred to as data RD after RIP processing). The printer 240 performs printing based on the data RD after RIP processing.

  In the editing device 220 and the RIP processing device 230, the order from the orderer is processed as a print job. In order to represent the contents of the print job, a job file described using a job description language is used. The job file is created when an order for printing is received, and the editing device 220 and the RIP processing device 230 operate by referring to the job file.

  By the way, some print orders require printing with high security. For example, in order to prevent forgery of the product and determine the authenticity of the product, a product label (see FIG. 14) on which a special symbol called a security code (or security mark) is printed is attached to the product, There is known a method of using a product package on which is printed. The orderer instructs the number of printed security codes when placing an order for printing the security codes. The printing company prints the security code in compliance with the instructed number.

  In connection with the present invention, Patent Document 1 discloses document data transmission from an application to a printer driver and print data from a printer driver to a printing apparatus in order to prevent leakage of document data in a printing process. An information processing apparatus and a printing system that perform transmission in a state encrypted using a public key and a private key are described.

JP 2009-193118 A

  When printing a security code in a conventional printing system, the orderer cannot confirm whether printing has been performed properly. For example, the orderer cannot confirm whether or not the designated number of printed sheets is observed. The conventional printing system may encrypt data created inside the printing company, but does not encrypt data created outside the printing company. For this reason, there is a possibility that the document data and print data of the security code are duplicated during transmission to the printing company or inside the printing company and illegally flow out.

  The orderer may take measures such as assigning a person who monitors the printing status to the printing company. However, there are cases where monitoring personnel cannot be allocated or sufficient monitoring cannot be performed even when monitoring personnel are allocated. Also, if the original data or print data of the security code remains in the printing system after the printing is completed, there is a possibility that these data will be illegally leaked.

  SUMMARY OF THE INVENTION Therefore, an object of the present invention is to provide a job execution device, a job execution method, and a job execution program that can prevent unauthorized use of data created at the time of job execution and can correctly track and investigate the execution process of the job. And

A first aspect of the present invention is a job execution device that creates second data based on first data,
A key storage unit for storing a secret key necessary for encrypted communication of the first data before starting execution of a job;
A communication unit that receives the job ID and the encrypted first data;
A job control unit that controls whether to execute the job based on a job ID received by the communication unit;
A data decryption unit for decrypting the encrypted first data received by the communication unit;
A data processing unit that creates the second data based on the first data obtained by the data decoding unit;
A log encryption unit that encrypts a log indicating the job execution process using a log public key.

According to a second aspect of the present invention, in the first aspect of the present invention,
The communication unit receives first data encrypted using a public key paired with the secret key,
The data decryption unit decrypts the encrypted first data received by the communication unit using the secret key.

According to a third aspect of the present invention, in the first aspect of the present invention,
The communication unit receives first data encrypted using a common key,
The data decryption unit decrypts the encrypted first data received by the communication unit using the common key,
The common key is deleted after execution of the job is completed.

According to a fourth aspect of the present invention, in the second or third aspect of the present invention,
The first data is data representing a material included in a printed matter,
The second data is data obtained by encrypting data representing a page of a printed matter.

According to a fifth aspect of the present invention, in the second or third aspect of the present invention,
The first data is data representing a page of printed matter,
The second data is data that can be processed by a printing press.

According to a sixth aspect of the present invention, in the first aspect of the present invention,
The second data is data obtained by encrypting third data based on the first data,
A second key storage unit that stores a second secret key required for encrypted communication of the third data before starting execution of the job;
A second communication unit that receives the job ID and the second data from the communication unit;
A second job control unit that controls whether to execute the job based on the job ID received by the second communication unit;
A second data decoding unit for obtaining the third data by decoding the second data received by the second communication unit;
A second data processing unit for generating fourth data based on the third data obtained by the second data decoding unit;
A second log encryption unit that encrypts a second log indicating the job execution process using the log public key;

A seventh aspect of the present invention is the sixth aspect of the present invention,
The communication unit receives first data encrypted using a public key paired with the secret key,
The data decryption unit decrypts the encrypted first data received by the communication unit using the secret key,
The data processing unit creates the second data by performing encryption using a second public key paired with the second secret key;
The second data decryption unit decrypts the second data received by the second communication unit using the second secret key.

According to an eighth aspect of the present invention, in the sixth aspect of the present invention,
The communication unit receives first data encrypted using a common key,
The data decryption unit decrypts the encrypted first data received by the communication unit using the common key,
The data processing unit creates the second data by performing encryption using the common key,
The second data decryption unit decrypts the second data received by the second communication unit using the common key,
The common key is deleted after execution of the job is completed.

According to a ninth aspect of the present invention, in the seventh or eighth aspect of the present invention,
The first data is data representing a material included in a printed matter,
The second data is data obtained by encrypting data representing a printed page,
The fourth data is data that can be processed by a printing press.

A tenth aspect of the present invention is a job execution method for creating second data based on first data,
A key storage step of storing a secret key required for encrypted communication of the first data before starting execution of a job;
A communication step of receiving the job ID and the encrypted first data;
A job control step for controlling whether to execute the job based on the job ID received in the communication step;
A data decryption step of decrypting the encrypted first data received in the communication step;
A data processing step for creating the second data based on the first data obtained in the data decoding step;
A log encryption step of encrypting a log indicating the execution process of the job using a log public key.

An eleventh aspect of the present invention is a job execution program for creating second data based on first data,
A key storage step of storing a secret key required for encrypted communication of the first data before starting execution of a job;
A communication step of receiving the job ID and the encrypted first data;
A job control step for controlling whether to execute the job based on the job ID received in the communication step;
A data decryption step of decrypting the encrypted first data received in the communication step;
A data processing step for creating the second data based on the first data obtained in the data decoding step;
The CPU causes the computer to execute a log encryption step of encrypting a log indicating the job execution process using a log public key using a memory.

A twelfth aspect of the present invention is the eleventh aspect of the present invention,
The communication step receives first data encrypted using a public key paired with the secret key,
In the data decryption step, the encrypted first data received in the communication step is decrypted using the secret key.

A thirteenth aspect of the present invention is the eleventh aspect of the present invention,
The communication step receives first data encrypted using a common key,
The data decryption step decrypts the encrypted first data received in the communication step using the common key,
The common key is deleted after execution of the job is completed.

A fourteenth aspect of the present invention is the twelfth or thirteenth aspect of the present invention,
The first data is data representing a material included in a printed matter,
The second data is data obtained by encrypting data representing a page of a printed matter.

A fifteenth aspect of the present invention is the twelfth or thirteenth aspect of the present invention,
The first data is data representing a page of printed matter,
The second data is data that can be processed by a printing press.

A sixteenth aspect of the present invention is the eleventh aspect of the present invention,
The second data is data obtained by encrypting third data based on the first data,
A second key storage step of storing a second secret key necessary for encrypted communication of the third data before starting execution of the job;
A second communication step for receiving the job ID and the second data from the communication step;
A second job control step for controlling whether or not to execute the job based on the job ID received in the second communication step;
A second data decoding step for obtaining the third data by decoding the second data received in the second communication step;
A second data processing step of creating fourth data based on the third data obtained in the second data decoding step;
And a second log encryption step of encrypting a second log indicating the execution process of the job using the log public key.

A seventeenth aspect of the present invention is the sixteenth aspect of the present invention,
The communication step receives first data encrypted using a public key paired with the secret key,
The data decryption step decrypts the encrypted first data received in the communication step using the secret key,
The data processing step creates the second data by performing encryption using a second public key paired with the second secret key,
In the second data decryption step, the second data received in the second communication step is decrypted using the second secret key.

An eighteenth aspect of the present invention is the sixteenth aspect of the present invention,
The communication step receives first data encrypted using a common key,
The data decryption step decrypts the encrypted first data received in the communication step using the common key,
The data processing step creates the second data by performing encryption using the common key,
The second data decryption step decrypts the second data received in the second communication step using the common key,
The common key is deleted after execution of the job is completed.

The nineteenth aspect of the present invention is the seventeenth or eighteenth aspect of the present invention,
The first data is data representing a material included in a printed matter,
The second data is data obtained by encrypting data representing a printed page,
The fourth data is data that can be processed by a printing press.

  According to the first, tenth, or eleventh invention, the first data is received by encrypted communication, and the job is created when the job is executed by controlling whether to execute the job based on the job ID. Can prevent unauthorized use of stored data. Also, by encrypting the log using the log public key, it is possible to prevent falsification of the log and to correctly follow the job execution process.

  According to the second or twelfth aspect, by receiving the first data using the public key cryptosystem, it is possible to prevent the first data from being illegally leaked during reception.

  According to the third or thirteenth aspect, by receiving the first data using both the public key cryptosystem and the common key cryptosystem, it is possible to prevent the first data from being illegally leaked during reception. Can do. In addition, by performing encryption and decryption using a common key, these processes can be performed at high speed.

  According to the fourth or fourteenth aspect, when creating data (print data) representing a page of a printed material based on data (original data) representing the material included in the printed material, the data is created when the job is executed. It is possible to prevent unauthorized use of the data and to follow up and investigate the job execution process correctly.

  According to the fifth or fifteenth invention, when creating data that can be processed by the printing press based on the print data, unauthorized use of the data created at the time of job execution is prevented, and the job execution process is correctly performed. Can be followed up.

  According to the sixth or sixteenth aspect, the first data and the second data are transmitted / received by encrypted communication, and the job is created based on the job ID to control whether to execute the job. Illegal use of the data thus obtained can be prevented. Further, by encrypting the log and the second log using the log public key, it is possible to prevent the log from being falsified and to correctly follow the job execution process.

  According to the seventh or seventeenth aspect, the first data and the second data are illegally leaked during transmission / reception by receiving the first data and transmitting / receiving the second data using the public key cryptosystem. This can be prevented.

  According to the eighth or eighteenth aspect, the first data and the second data are transmitted and received during transmission / reception by using the public key cryptosystem and the common key cryptosystem together to receive the first data and transmit / receive the second data. Data can be prevented from leaking illegally. In addition, by performing encryption and decryption using a common key, these processes can be performed at high speed.

  According to the ninth or nineteenth aspect, when the print data is created based on the document data and the data that can be processed by the printing machine is created based on the print data, illegal use of the data created when the job is executed And the job execution process can be traced correctly.

1 is a block diagram illustrating a configuration of a printing system according to a first embodiment of the present invention. FIG. 2 is a block diagram illustrating details of the printing system illustrated in FIG. 1. It is a figure which shows the content of the job database contained in the printing system shown in FIG. FIG. 2 is a block diagram illustrating a configuration of a computer that functions as four apparatuses included in the printing system illustrated in FIG. 1. 3 is a flowchart showing the operation of four computers functioning as four apparatuses included in the printing system shown in FIG. 1. FIG. 6 is a continuation diagram of FIG. 5. It is a block diagram which shows the detail of the printing system which concerns on the 2nd Embodiment of this invention. It is a flowchart which shows operation | movement of the four computers which function as four apparatuses contained in the printing system shown in FIG. FIG. 9 is a continuation diagram of FIG. 8. It is a block diagram which shows the structure of the printing system which concerns on the 3rd Embodiment of this invention. It is a block diagram which shows the structure of the printing system which concerns on the 4th Embodiment of this invention. It is a block diagram which shows the detail of the printing system shown in FIG. It is a figure which shows the flow of the data in a printing system. It is a figure which shows the product label which printed the security code.

  Hereinafter, a job execution device, a job execution method, and a job execution program according to an embodiment of the present invention will be described with reference to the drawings. The job execution method according to the present embodiment is typically executed using a computer. The job execution program according to the present embodiment is a program for executing a job execution method using a computer. The job execution apparatus according to the present embodiment is typically configured using a computer. The computer that executes the job execution program functions as a job execution device.

  In the following description, it is assumed that the job is a print job that performs printing with high security based on document data received from the ordering apparatus. The document data is, for example, image data of a security code. By attaching a product label printed with a security code to a product or using a product package printed with a security code, forgery of the product can be prevented and the authenticity of the product can be determined.

(First embodiment)
FIG. 1 is a block diagram showing a configuration of a printing system according to the first embodiment of the present invention. A printing system 1 shown in FIG. 1 includes an ordering device 10, an editing device 20, a RIP processing device 30, a log management device 40, and a printing machine 50. The ordering device 10 is installed at the location of the orderer who orders printing. The editing device 20, the RIP processing device 30, the log management device 40, and the printing machine 50 are installed inside the printing company and are connected to the local area network 8 in the printing company. The ordering device 10 is communicably connected to the editing device 20 and the log management device 40 using a wide area network 7 such as the Internet.

  FIG. 2 is a block diagram showing details of the printing system 1. The ordering apparatus 10 includes a communication unit 11, a key storage unit 12, a job ID creation unit 13, a document data encryption unit 14, a log decryption unit 15, and a log display unit 16. The editing device 20 includes a communication unit 21, a key storage unit 22, a job control unit 23, a document data decryption unit 24, an encrypted print data creation unit 25, and a log encryption unit 26. The RIP processing device 30 includes a communication unit 31, a key storage unit 32, a job database 33, a job control unit 34, a print data decryption unit 35, a RIP processing unit 36, a printing press control unit 37, and a log encryption unit 38. It is out. The log management device 40 includes a communication unit 41 and a log storage unit 42. Hereinafter, the symbol # indicates that the data or key is encrypted.

  The ordering device 10 transmits the document data MD to the editing device 20. The editing device 20 creates print data PD based on the document data MD. The editing device 20 transmits print data PD to the RIP processing device 30. The RIP processing device 30 creates data RD after RIP processing based on the print data PD. The RIP processing device 30 outputs the data RD after RIP processing to the printing press 50. When the document data MD is transmitted from the ordering apparatus 10 to the editing apparatus 20 and when the print data PD is transmitted from the editing apparatus 20 to the RIP processing apparatus 30, communication using the public key cryptosystem is performed. For example, RSA (Rivest Shamir Adleman) encryption is used for encryption of the document data MD and the print data PD.

  The document data MD is data representing a material included in a printed matter to be printed with high security. The content and format of the document data MD may be arbitrary. The document data MD may be security code image data, for example. The print data PD is data representing a page of printed matter created based on the document data MD. The format of the print data PD may be arbitrary. The print data PD may be, for example, PDF (Portable Document Format) format data or vector format data.

  The editing device 20 and the RIP processing device 30 create logs LGx and LGy indicating the execution process of printing and write them in the log storage unit 42 of the log management device 40. The ordering device 10 reads the log LG from the log storage unit 42 after printing is completed, and displays the read log LG on the screen. The log LG is written in the log storage unit 42 in an encrypted state using a public key cryptosystem. For example, RSA encryption is used for encryption of the log LG.

  In the printing system 1, three public keys and three secret keys that are paired with each public key are used. Hereinafter, the former is referred to as first to third public keys Ka1 to Ka3, and the latter is referred to as first to third secret keys Kb1 to Kb3. The first public key Ka1 and the first secret key Kb1 are used for encryption and decryption of the document data MD, respectively. The second public key Ka2 and the second secret key Kb2 are used for encryption and decryption of the print data PD, respectively. The third public key Ka3 and the third secret key Kb3 are used for encryption and decryption of the log LG, respectively.

  The first secret key Kb1 is a key unique to the editing apparatus 20 that is uniquely determined for the editing apparatus 20, and is generated in the editing apparatus 20. The generation means here include a method of generating using a random number or an arbitrary calculation formula, or an operator inputting using an input unit such as a keyboard. The generated first secret key Kb1 is held in a secret state in the key storage unit 22 without going outside the editing device 20. The first public key Ka1 is a key that is paired with the first secret key Kb1, is generated in the editing device 20 in the same manner, is transmitted to the ordering device 10, and is held in the key storage unit 12 of the ordering device 10. . Here, the transmission means is transmitting in the network via the local area network 8 and the wide area network 7, but may be other communication means.

  The second secret key Kb2 is a key unique to the RIP processing device 30 that is uniquely determined for the RIP processing device 30, and is generated in the RIP processing device 30 as described above. The generated second secret key Kb2 is held in a secret state in the key storage unit 32 without going outside the RIP processing device 30. The second public key Ka2 is a key that is paired with the second secret key Kb2, and is generated in the RIP processing device 30 in the same manner, and then transmitted to the editing device 20 in the same manner as described above, and the key storage unit of the editing device 20 22 is held.

  The third secret key Kb3 is a key unique to the ordering apparatus 10 and is generated in the ordering apparatus 10 as described above. The generated third secret key Kb3 is held in a secret state in the key storage unit 12 without going outside the ordering apparatus 10. The third public key Ka3 is a key that is paired with the third secret key Kb3. After being generated in the ordering device 10 in the same manner, the third public key Ka3 is transmitted to the editing device 20 and the RIP processing device 30 in the same manner as described above, and stored in the key memory. It is held in the parts 22 and 32.

  The first to third public keys Ka1 to Ka3 and the first to third secret keys Kb1 to Kb3 are previously generated and transmitted to the ordering device 10, the editing device 20, and the RIP processing device 30 as described above. It is remembered. More specifically, the key storage unit 12 included in the ordering apparatus 10 stores the first public key Ka1 and the third secret key Kb3 before starting execution of the print job. The key storage unit 22 included in the editing apparatus 20 stores the first secret key Kb1, the second public key Ka2, and the third public key Ka3 before starting execution of the print job. The key storage unit 32 included in the RIP processing device 30 stores the second secret key Kb2 and the third public key Ka3 before starting execution of the print job. The keys stored in the key storage units 12, 22, and 32 may be input using an input unit such as a keyboard, or may be read from an external storage medium such as a USB memory, The secret key Kb1, Kb2, and Kb3 may be generated inside each device without passing through a medium such as a network or a USB memory, and limited to the inside of each device. It is preferable from the viewpoint of safety. The key storage units 12, 22, and 32 may store keys when the printing system 1 is initially set. Thereafter, the key storage units 12, 22, and 32 may update the stored key at an arbitrary time (for example, during regular maintenance).

  The communication units 11, 21, 31, and 41 transmit and receive data among the ordering device 10, the editing device 20, the RIP processing device 30, and the log management device 40. The communication units 11, 21, 31, and 41 may be used for key transmission / reception.

  The job ID creation unit 13 creates a unique ID (hereinafter referred to as a job ID) for each print job. In the printing system 1, whether or not to execute a print job is controlled using the job ID and the job database 33. FIG. 3 is a diagram showing the contents of the job database 33. As illustrated in FIG. 3, the job database 33 stores job IDs, states, and print counts for print jobs executed by the print system 1 and print jobs already executed by the print system 1. Information regarding the print job stored in the job database 33 is held in the job database 33 indefinitely (forever) from the viewpoint of preventing unauthorized printing. The job database 33 is managed using encryption, date, checksum, etc. to prevent tampering.

  The job control units 23 and 34 control whether or not to execute a print job based on the job ID. The job control unit 23 refers to the job database 33 using the job ID as a search key, and controls whether or not to generate the print data PD according to the result. The job control unit 34 refers to the job database 33 using the job ID as a search key, and controls whether to execute printing (including creation of data RD after RIP processing) according to the result.

  The document data encryption unit 14 encrypts the document data MD managed in a secret state in the ordering apparatus 10 using the first public key Ka1 stored in the key storage unit 12. The document data decrypting unit 24 decrypts the encrypted document data MD # received from the ordering apparatus 10 using the first secret key Kb1 stored in the key storage unit 22. The encrypted print data creation unit 25 creates the print data PD # encrypted using the second public key Ka2 stored in the key storage unit 22 based on the document data MD obtained by the document data decryption unit 24. . The encrypted print data creating unit 25 starts the process immediately after the document data decrypting unit 24 finishes processing, creates the encrypted print data PD #, and then creates the document data MD obtained by the document data decrypting unit 24. delete. The print data decryption unit 35 decrypts the encrypted print data PD # received from the editing apparatus 20 using the second secret key Kb2 stored in the key storage unit 32. The RIP processing unit 36 performs RIP processing on the print data PD obtained by the print data decoding unit 35 and obtains data RD after the RIP processing. The RIP processing unit 36 deletes the print data PD obtained by the print data decoding unit 35 after obtaining the data RD after the RIP processing. The printing press control unit 37 outputs the data RD after the RIP process to the printing press 50 and causes the printing press 50 to execute printing.

  The log encryption unit 26 encrypts the log LGx indicating the printing execution process in the editing apparatus 20 using the third public key Ka3 stored in the key storage unit 22. The log LGx # encrypted by the log encryption unit 26 is transmitted from the editing device 20 to the log management device 40 and written in the log storage unit 42. The log encryption unit 38 encrypts the log LGy indicating the printing execution process in the RIP processing device 30 by using the third public key Ka3 stored in the key storage unit 32. The log LGy # encrypted by the log encryption unit 38 is transmitted from the RIP processing device 30 to the log management device 40 and written in the log storage unit 42. The logs LGx and LGy are created at the start of printing and at the end of printing. The logs LGx and LGy may be created at an arbitrary timing during execution of printing. The logs LGx and LGy include, for example, the creation of encrypted print data PD #, the creation of data RD after RIP processing, and the number of prints.

  The log decoding unit 15 and the log display unit 16 operate after printing is completed. The log decryption unit 15 decrypts the encrypted log LG # read from the log management device 40 using the third secret key Kb3 stored in the key storage unit 12. The log display unit 16 displays the log LG obtained by the log decoding unit 15 on the screen.

  The ordering device 10, the editing device 20, the RIP processing device 30, and the log management device 40 are typically realized by a computer that executes a program. The ordering device 10 is realized by a computer that executes an ordering program. The editing device 20 is realized by a computer that executes an editing program. The RIP processing device 30 is realized by a computer that executes a RIP processing program. The log management device 40 is realized by a computer that executes a log management program.

  FIG. 4 is a block diagram illustrating a configuration of a computer that functions as the ordering device 10, the editing device 20, the RIP processing device 30, or the log management device 40. 4 includes a CPU 101, a main memory 102, a storage unit 103, an input unit 104, a display unit 105, a communication unit 106, and a storage medium reading unit 107. For the main memory 102, for example, a DRAM is used. For the storage unit 103, for example, a hard disk or a solid state drive is used. The input unit 104 includes a keyboard 108 and a mouse 109, for example. For the display unit 105, for example, a liquid crystal display is used. The communication unit 106 is an interface circuit for wired communication or wireless communication. The storage medium reading unit 107 is an interface circuit of the storage medium 110 that stores programs and the like. As the storage medium 110, for example, a non-transitory recording medium such as a CD-ROM, a DVD-ROM, or a USB memory is used.

  When the computer 100 executes the program 111, the storage unit 103 stores the program 111 and data 112 to be processed by the program 111. For example, the program 111 may be received from a server or another computer using the communication unit 106, or may be read from the storage medium 110 using the storage medium reading unit 107. The data 112 may be received from the server or another computer using the communication unit 106, or may be read from the storage medium 110 using the storage medium reading unit 107, and the user of the computer 100 uses the input unit 104. It may be input using.

  When the program 111 is executed, the program 111 and data 112 are copied and transferred to the main memory 102. The CPU 101 processes the data 112 stored in the main memory 102 by executing the program 111 stored in the main memory 102 using the main memory 102 as a working memory. At this time, the computer 100 functions as the ordering device 10, the editing device 20, the RIP processing device 30, or the log management device 40. The configuration of the computer 100 described above is merely an example, and the ordering device 10, the editing device 20, the RIP processing device 30, and the log management device 40 can be configured using an arbitrary computer.

  5 and 6 are flowcharts showing the operations of four computers functioning as the ordering device 10, the editing device 20, the RIP processing device 30, and the log management device 40. FIG. Hereinafter, the CPUs of the four computers that function as the ordering device 10, the editing device 20, the RIP processing device 30, and the log management device 40 are referred to as first to fourth CPUs, respectively. In the following description, the CPU transmitting or receiving means that the CPU 101 controls the communication unit 106 to transmit or receive.

  In FIG. 5, the first CPU creates a job ID unique to the print job (step S101). Next, the first CPU encrypts the document data MD using the first public key Ka1 stored in the key storage unit 12 (step S102). Next, the first CPU transmits the job ID and the encrypted document data MD # to the editing apparatus 20 (step S103). The second CPU receives the job ID and the encrypted document data MD # from the ordering apparatus 10 (step S204).

  Next, the second CPU determines whether to create print data PD based on the received job ID (step S205). In step S205, communication is performed between the editing apparatus 20 and the RIP processing apparatus 30, and the job database 33 is referred to using the job ID received in step S204 as a search key. Whether or not to create the print data PD is determined according to the result of referring to the job database 33. For example, when the status of the job having the received job ID is stored in the job database 33 as “print data created”, “printing in progress”, “printing completed”, etc., the second CPU prints the print data PD Is determined not to be created. If the second CPU determines Yes, it proceeds to step S206. If it determines No, it proceeds to the next step of step S208.

  In the former case, the second CPU decrypts the received encrypted document data MD # using the first secret key Kb1 stored in the key storage unit 22 (step S206). The document data MD obtained in step S206 is stored in the main memory 102 and not stored in the storage unit 103. Next, the second CPU creates print data PD # encrypted using the second public key Ka2 stored in the key storage unit 22 based on the document data MD (step S207). In step S207, the second CPU inseparably performs the process of creating the print data PD based on the document data MD and the process of encrypting the created print data PD using the second public key Ka2. The print data PD, which is intermediate data, is stored in the main memory 102 and is not stored in the storage unit 103. In step S207, after creating the encrypted print data PD #, the second CPU releases the storage area for the document data MD and the print data PD in the main memory 102. Therefore, the document data MD and the print data PD are deleted in step S207.

  Next, the second CPU transmits the job ID received in step S204 and the encrypted print data PD # to the RIP processing apparatus 30 (step S208). The third CPU receives the job ID and the encrypted print data PD # from the editing device 20 (step S309).

  Next, the third CPU determines whether or not to execute printing based on the received job ID (step S310). In step S310, the job database 33 is referred to using the job ID received in step S209 as a search key, and it is determined whether to execute printing according to the result of referring to the job database 33. For example, if the status of the job having the received job ID is stored in the job database 33 as “printing”, “printing completed”, etc., the third CPU determines that printing is not executed. If the third CPU determines Yes, it proceeds to step S311. If it determines No, it proceeds to the next step of step S314.

  In the former case, the third CPU decrypts the encrypted print data PD # received in step S309 using the second secret key Kb2 stored in the key storage unit 32 (step S311). Next, the third CPU performs RIP processing on the print data PD and obtains data RD after the RIP processing (step S312). In step S312, the third CPU deletes the print data PD after obtaining the data RD after the RIP process. Next, the third CPU executes printing based on the data RD after the RIP process (step S313). In step S313, the RIP processed data RD is output from the RIP processing apparatus 30 to the printing machine 50, and the printing machine 50 performs new printing based on the data RD after the RIP processing. Next, the third CPU deletes the data RD after RIP processing created in step S312 (step S314).

  After executing step S204, the second CPU creates a log LGx indicating the printing execution process in the editing apparatus 20, and the log LGx # encrypted using the third public key Ka3 stored in the key storage unit 22 Is transmitted to the log management device 40. After executing step S309, the third CPU creates a log LGy indicating the printing execution process in the RIP processing apparatus 30, and the log LGy encrypted using the third public key Ka3 stored in the key storage unit 32. # Is transmitted to the log management device 40. The fourth CPU receives the encrypted logs LGx # and LGy # from the editing device 20 and the RIP processing device 30 and writes them to the log storage unit 42. Since these processes are performed at the start of printing and at an arbitrary timing during execution of printing, description thereof is omitted in the flowchart and the description thereof.

  In FIG. 6, the second CPU creates a log LGx indicating that the encrypted print data PD # has been created (step S215). Next, the second CPU encrypts the log LGx using the third public key Ka3 stored in the key storage unit 22 (step S216). Next, the second CPU transmits the encrypted log LGx # to the log management device 40 (step S217). The third CPU creates a log LGy indicating that the data RD after RIP processing has been created, the number of printed sheets, the data RD after RIP processing has been deleted, and the like (step S318). Next, the third CPU encrypts the log LGy using the third public key Ka3 stored in the key storage unit 32 (step S319). Next, the third CPU transmits the encrypted log LGy # to the log management device 40 (step S320). The fourth CPU receives the encrypted log LGx # from the editing device 20, and receives the encrypted log LGy # from the RIP processing device 30 (step S421). Next, the fourth CPU writes the received encrypted logs LGx # and LGy # in the log storage unit 42 (step S422).

  Next, the first CPU transmits a log request indicating that a log read request is requested to the log management device 40 (step S123). The fourth CPU receives the log request from the ordering apparatus 10 (step S424). Next, the fourth CPU reads the encrypted log LG # from the log storage unit 42, and transmits the encrypted log LG # to the ordering apparatus 10 (step S425). The first CPU receives the encrypted log LG # from the log management device 40 (step S126). Next, the first CPU decrypts the received encrypted log LG # using the third secret key Kb3 stored in the key storage unit 12 (step S127). Next, the first CPU displays the log LG obtained in step S127 on the screen (step S128).

  The second CPU preferably deletes the encrypted document data MD # and the encrypted print data PD # after the printing is completed. The third CPU preferably deletes the encrypted print data PD # after the end of printing.

  The components of the printing system 1 shown in FIG. 2 correspond to the components of the computer 100 shown in FIG. 4 and the steps shown in FIGS. 5 and 6 as follows. The first CPU that executes steps S103, S123, and S126 and the communication unit 106 function as the communication unit 11. The first CPU that executes step S <b> 101 functions as the job ID creation unit 13. The first CPU that executes step S102 functions as the document data encryption unit 14. The first CPU that executes step S127 functions as the log decryption unit 15. The first CPU that executes step S128 and the display unit 105 function as the log display unit 16.

  The second CPU that executes steps S204, S208, and S217 and the communication unit 106 function as the communication unit 21. The second CPU that executes Step S <b> 205 functions as the job control unit 23. The second CPU that executes step S <b> 206 functions as the document data decoding unit 24. The second CPU that executes step S207 functions as the encrypted print data creation unit 25. The second CPU that executes step S216 functions as the log encryption unit 26.

  The third CPU that executes steps S309 and S320 and the communication unit 106 function as the communication unit 31. The third CPU that executes step S310 functions as the job control unit 34. The third CPU that executes step S <b> 311 functions as the print data decoding unit 35. The third CPU that executes Step S312 functions as the RIP processing unit 36. The third CPU that executes step S313 functions as the printing press control unit 37. The third CPU that executes step S319 functions as the log encryption unit 38. The fourth CPU that executes steps S421, S424, and S425 and the communication unit 106 function as the communication unit 41.

  Hereinafter, effects of the printing system 1 according to the present embodiment will be described. In the printing system 1, the editing apparatus 20 receives the job ID and the encrypted document data MD #. The job control unit 23 controls whether or not the print data PD is created based on the received job ID. When the job status is “print data created”, “printing”, “printing completed”, etc., the encrypted document data MD # is not decrypted and the print data PD is not created. The RIP processing device 30 receives the job ID and the encrypted print data PD #. The job control unit 34 controls whether to execute printing (including creation of data RD after RIP processing) based on the received job ID. When the job status is “printing”, “printing completed”, etc., the encrypted print data PD # and the data RD after RIP processing are not created and printing is not executed. The original document created when the job is executed by receiving the encrypted original data MD # or the encrypted print data PD # and controlling whether to execute the job based on the job ID. Unauthorized use of data MD, print data PD, and data RD after RIP processing can be prevented.

  The log storage unit 42 stores a log LG indicating the progress of execution of the print job. The log LG stored in the log storage unit 42 is encrypted using the third public key Ka3 held in a secret state in the editing device 20 and the RIP processing device 30. Only the log encryption units 26 and 38 having the third public key Ka3 can encrypt the log LG # using the third public key Ka3. Therefore, if the log decryption unit 15 can decrypt the encrypted log LG # read from the log storage unit 42 using the third secret key Kb3, the log LG is created by the editing device 20 or the RIP processing device 30. Can be guaranteed. Therefore, according to the printing system 1, the log LG can be prevented from being falsified, and the execution process of the print job can be traced correctly.

  When the security code is printed using the printing system 1, the document data MD is image data of the security code. According to the printing system 1, unauthorized use of the security code image data created at the time of printing the security code, the print data having a page including the security code, and the data after RIP processing capable of printing the security code is prevented. Unauthorized distribution of security codes can be prevented. In addition, the log LG can be prevented from being falsified, and the execution process of the print job for printing the security code can be traced correctly. Therefore, forgery of the product can be prevented and the product brand can be protected by attaching the product label printed with the security code to the product or using the product package printed with the security code.

  As described above, in the printing system 1, the editing apparatus 20 functions as a job execution apparatus that creates second data (encrypted print data PD #) based on the first data (original data MD). The editing apparatus 20 stores the secret key (first secret key Kb1) necessary for encrypted communication of the first data before the execution of the job (print job), and the job ID and the encrypted key. A communication unit 21 that receives first data (encrypted document data MD #), a job control unit 23 that controls whether or not to execute a job based on a job ID received by the communication unit 21, and a communication A data decryption unit (original data decryption unit 24) that decrypts the encrypted first data received by the unit 21, and a data processing unit that creates second data based on the first data obtained by the data decryption unit ( An encrypted print data creation unit 25), and a log encryption unit 26 that encrypts the log LGx indicating the job execution process using the log public key (third public key Ka3). The communication unit 21 receives the first data encrypted using the public key (first public key Ka1) paired with the secret key, and the data decryption unit receives the encrypted first data received by the communication unit 21. Decrypt data using private key. The first data is data representing the material included in the printed material, and the second data is data obtained by encrypting data representing the page of the printed material.

  According to the editing apparatus 20, the first data is received by encrypted communication, and whether or not the job is executed based on the job ID is prevented, thereby preventing unauthorized use of the data created when the job is executed. be able to. Also, by encrypting the log using the log public key, it is possible to prevent falsification of the log and to correctly follow the job execution process. Further, by receiving the first data using the public key cryptosystem, it is possible to prevent the first data from being illegally leaked during reception. In addition, the above-described effects can be achieved when creating print data that represents a page of a printed material based on document data that represents a material included in the printed material.

  In the printing system 1, the RIP processing device 30 also functions as a job execution device that creates second data (data RD after RIP processing) based on the first data (print data PD). The RIP processing device 30 includes a key storage unit 32 for storing a secret key (second secret key Kb2) necessary for encrypted communication of the first data before starting execution of the job (print job), and the job ID. A communication unit 31 that receives the first data (encrypted print data PD #), a job control unit 34 that controls whether to execute a job based on the job ID received by the communication unit 31, A data decryption unit (print data decryption unit 35) that decrypts the encrypted first data received by the communication unit 31, and a data processing unit that creates second data based on the first data obtained by the data decryption unit (RIP processing unit 36) and a log encryption unit 38 that encrypts the log LGy indicating the job execution process using the log public key (third public key Ka3). The communication unit 31 receives the first data encrypted using the public key (second public key Ka2) paired with the secret key, and the data decryption unit receives the encrypted first data received by the communication unit 31. Decrypt data using private key. The first data is data representing a page of the printed material, and the second data is data that can be processed by the printing press. According to the RIP processing device 30, the same effect as that of the editing device 20 can be obtained when creating data that can be processed by the printing press based on the print data.

  In the printing system 1, the combination of the editing device 20 and the RIP processing device 30 creates second data (encrypted print data PD #) based on the first data (original data MD), and further adds fourth data. It functions as a job execution device that creates (data RD after RIP processing). In the combination of the editing device 20 and the RIP processing device 30, the second data is data obtained by encrypting the third data (print data PD) based on the first data. The device that combines the editing device 20 and the RIP processing device 30 provides the second secret key Kb2 necessary for encrypted communication of the third data in addition to the components of the editing device 20 before starting the execution of the job (print job). The second key storage unit (key storage unit 32) to store, the second communication unit (communication unit 31) that receives the job ID and the second data from the communication unit 21, and the job ID received by the second communication unit A second job control unit (job control unit 34) for controlling whether or not to execute a job based on the second data decoding, and second data decoding for obtaining third data by decoding the second data received by the second communication unit A second data processing unit (RIP processing unit 36) that creates fourth data based on the third data obtained by the second data decoding unit (print data decoding unit 35), the third data obtained by the second data decoding unit, and a second job processing progress 2 logs (log LGy) are released for logs And a second log encryption unit for encrypting (log encryption unit 38) using a (third public key Ka3). The communication unit 21 receives the first data encrypted using the public key, and the data decryption unit decrypts the encrypted first data received by the communication unit 21 using the secret key, and the data processing unit Creates second data by performing encryption using the second public key, and the second data decryption unit decrypts the second data received by the second communication unit using the second secret key. The first data is data representing the material included in the printed material, the second data is data obtained by encrypting the data representing the page of the printed material, and the fourth data is data that can be processed by the printing press.

  According to the combined device of the editing device 20 and the RIP processing device 30, the first data and the second data are transmitted and received by encrypted communication, and the job is controlled by controlling whether to execute the job based on the job ID. It is possible to prevent unauthorized use of data created during execution. Further, by encrypting the log and the second log using the log public key, it is possible to prevent the log from being falsified and to correctly follow the job execution process. Further, by receiving the first data and transmitting / receiving the second data using the public key cryptosystem, it is possible to prevent the first data and the second data from being illegally leaked during the transmission / reception. Further, when the print data is created based on the document data and the data that can be processed by the printing machine is created based on the print data, the above-described effects can be obtained. A device combining the editing device 20 and the RIP processing device 30 can also be realized by a computer that executes a program (editing / RIP processing program) having a function of an editing program and a function of a RIP processing program.

(Second Embodiment)
FIG. 7 is a block diagram showing details of the printing system according to the second embodiment of the present invention. The printing system 2 illustrated in FIG. 7 includes the ordering device 10, the editing device 20, and the RIP processing device 30 in the printing system 1 according to the first embodiment, which are the ordering device 60, the editing device 70, and the RIP, respectively. The processing device 80 is replaced. Among the constituent elements of each embodiment, the same elements as those of the first embodiment are denoted by the same reference numerals and description thereof is omitted.

  The orderer may wish to create and manage a private key in-house without leaving it to the printing company. If the public key cryptosystem is used when the amount of document data or print data is large, it takes time to encrypt and decrypt. Therefore, the printing system 2 uses a hybrid encryption method that uses both a public key encryption method and a common key encryption method. When the document data MD is transmitted from the ordering device 60 to the editing device 70 and when the print data PD is transmitted from the editing device 70 to the RIP processing device 80, communication using the common key encryption method is performed. For example, DES (Data Encryption Standard) encryption is used to encrypt the document data MD and the print data PD. When the common key is transmitted from the ordering device 60 to the editing device 70 and when the common key is transmitted from the editing device 70 to the RIP processing device 80, communication by the public key cryptosystem is performed. For example, RSA encryption is used for encryption of the common key.

  As illustrated in FIG. 7, the ordering device 60 includes the document data encryption unit 14, the key creation unit 61, the document data encryption unit 62, and the key encryption unit 63 in the ordering device 10 according to the first embodiment. Is replaced. In the editing device 70 according to the first embodiment, the editing device 70 replaces the document data decrypting unit 24 with a key decrypting unit 71 and a document data decrypting unit 72, and the encrypted print data creating unit 25 creates encrypted print data. The unit 73 and the key encryption unit 74 are replaced. The RIP processing device 80 is obtained by replacing the print data decryption unit 35 with a key decryption unit 81 and a print data decryption unit 82 in the RIP processing device 30 according to the first embodiment.

  In the printing system 2, a common key Kc is used in addition to the first to third public keys Ka1 to Ka3 and the first to third secret keys Kb1 to Kb3. The common key Kc is used for encrypting and decrypting the document data MD and encrypting and decrypting the print data PD. The first public key Ka1 and the first secret key Kb1 are used for encryption of the common key Kc in the ordering device 60 and decryption of the common key Kc in the editing device 70, respectively. The second public key Ka2 and the second secret key Kb2 are used for encryption of the common key Kc in the editing device 70 and decryption of the common key Kc in the RIP processing device 80, respectively. The third public key Ka3 and the third secret key Kb3 are used for encryption and decryption of the log LG, respectively. Hereinafter, the common key encrypted using the first public key Ka1 is referred to as Kc1 #, and the common key encrypted using the second public key Ka2 is referred to as Kc2 #.

  The key creation unit 61 creates a common key Kc. The document data encryption unit 62 encrypts the document data MD managed in a secret state in the ordering device 60 using the common key Kc. The key encryption unit 63 encrypts the common key Kc using the first public key Ka1 stored in the key storage unit 12. The key decryption unit 71 decrypts the encrypted common key Kc1 # received from the ordering device 60 using the first secret key Kb1 stored in the key storage unit 22. The document data decrypting unit 72 decrypts the encrypted document data MD # received from the ordering device 60 using the common key Kc obtained by the key decrypting unit 71.

  The encrypted print data creation unit 73 creates print data PD # encrypted using the common key Kc based on the document data MD obtained by the document data decryption unit 72. The key encryption unit 74 encrypts the common key Kc using the second public key Ka2 stored in the key storage unit 22. The key decryption unit 81 decrypts the encrypted common key Kc2 # received from the editing device 70 using the second secret key Kb2 stored in the key storage unit 32. The print data decryption unit 82 decrypts the encrypted print data PD # received from the editing device 70 using the common key Kc obtained by the key decryption unit 81. The RIP processing unit 36 performs RIP processing on the print data PD obtained by the print data decoding unit 82 and obtains data RD after RIP processing. The printing press control unit 37 outputs the data RD after the RIP process to the printing press 50 and causes the printing press 50 to execute printing.

  The job control units 23 and 34, the log encryption units 26 and 38, and the log decryption unit 15 operate in the same manner as in the first embodiment. The common key Kc obtained by the key decryption unit 71 and the common key Kc obtained by the key decryption unit 81 are deleted after printing is completed.

  The ordering device 60, the editing device 70, the RIP processing device 80, and the log management device 40 are typically realized by a computer that executes a program. FIGS. 8 and 9 are flowcharts showing the operation of four computers functioning as the ordering device 60, the editing device 70, the RIP processing device 80, and the log management device 40. Hereinafter, the CPUs of the four computers functioning as the ordering device 60, the editing device 70, the RIP processing device 80, and the log management device 40 are referred to as first to fourth CPUs, respectively.

  In FIG. 8, the first CPU creates a job ID unique to the print job (step S601). Next, the first CPU creates a common key Kc (step S602). Next, the first CPU encrypts the document data MD using the common key Kc (step S603). Next, the first CPU transmits the job ID and the encrypted document data MD # to the editing device 70 (step S604). The second CPU receives the job ID and the encrypted document data MD # from the ordering device 60 (step S705).

  Next, the first CPU encrypts the common key Kc using the first public key Ka1 stored in the key storage unit 12 (step S606). Next, the first CPU transmits the encrypted common key Kc1 # to the editing device 70 (step S607). The second CPU receives the encrypted common key Kc1 # from the ordering device 60 (step S708).

  Next, the second CPU determines whether or not to execute printing based on the received job ID (step S709). In step S709, the same determination as in step S205 shown in FIG. 5 is performed based on the job ID received in step S705. If the second CPU determines Yes, it proceeds to step S710, and if it determines No, it proceeds to the next step of step S717.

  In the former case, the second CPU decrypts the encrypted common key Kc1 # received in step S708 using the first secret key Kb1 stored in the key storage unit 22 (step S710). Next, the second CPU decrypts the encrypted document data MD # received in step S705 using the common key Kc obtained in step S710 (step S711). The document data MD obtained in step S711 is stored in the main memory 102 and is not stored in the storage unit 103.

  In FIG. 9, next, the second CPU creates print data PD # encrypted using the common key Kc obtained in step S710 based on the document data MD (step S712). In step S <b> 712, the second CPU inseparably performs the process of creating the print data PD based on the document data MD and the process of encrypting the created print data PD using the common key Kc. The print data PD, which is intermediate data, is stored in the main memory 102 and is not stored in the storage unit 103. In step S712, the second CPU creates the encrypted print data PD #, and then releases the storage area for the document data MD and the print data PD in the main memory 102. Therefore, the document data MD and the print data PD are deleted in step S712.

  Next, the second CPU transmits the job ID received in step S705 and the encrypted print data PD # to the RIP processing device 80 (step S713). The third CPU receives the job ID and the encrypted print data PD # from the editing device 70 (step S814). Next, the second CPU encrypts the common key Kc obtained in step S710 using the second public key Ka2 stored in the key storage unit 22 (step S715). Next, the second CPU transmits the encrypted common key Kc2 # to the RIP processing device 80 (step S716). Next, the second CPU deletes the common key Kc obtained in step S710 (step S717).

  The third CPU receives the encrypted common key Kc2 # from the editing device 70 (step S818). Next, the third CPU determines whether to execute printing based on the received job ID (step S819). In step S819, the same determination as in step S310 shown in FIG. 5 is performed based on the job ID received in step S814. If the third CPU determines Yes, it proceeds to step S820. If it determines No, it proceeds to the next step of step S824.

  In the former case, the third CPU decrypts the encrypted common key Kc2 # received in step S818 using the second secret key Kb2 stored in the key storage unit 32 (step S820). Next, the third CPU decrypts the encrypted print data PD # received in step S814 using the common key Kc obtained in step S820 (step S821). Next, the third CPU performs RIP processing on the print data PD and obtains data RD after the RIP processing (step S822). In step S822, the third CPU deletes the print data PD after obtaining the data RD after the RIP process. Next, the third CPU executes printing based on the data RD after the RIP process (step S823). Next, the third CPU deletes the data RD after RIP processing created in step S821 and the common key Kc obtained in step S820 (step S824).

  The first to third CPUs perform the process shown in FIG. 6 following the processes shown in FIGS. 8 and 9. After executing Step S607, the first CPU executes Steps S123 and S126 to S128 shown in FIG. After executing step S709 or S717, the second CPU executes steps S215 to S217 shown in FIG. The third CPU executes steps S318 to S320 shown in FIG. 6 after executing step S819 or S824. The fourth CPU executes steps S421, S422, S424, and S425 shown in FIG.

  In the printing system 2, the editing device 70 functions as a job execution device that creates second data (encrypted print data PD #) based on the first data (original data MD). The editing device 70 includes a communication unit 21, a key storage unit 22, a job control unit 23, a data decryption unit (original data decryption unit 72), a data processing unit (encrypted print data creation unit 73), and a log encryption unit 26. It has. The communication unit 21 receives first data (encrypted document data MD #) encrypted using the common key Kc, and the data decryption unit receives the encrypted first data received by the communication unit 21. Decrypt using the common key Kc. The common key Kc is deleted after the execution of the job (print job) is completed. According to the editing device 70, by receiving the first data using both the public key cryptosystem and the common key cryptosystem, it is possible to prevent the first data from being illegally leaked during reception. Also, by performing encryption and decryption using the common key Kc, these processes can be performed at high speed.

  In the printing system 2, the RIP processing device 80 also functions as a job execution device that creates second data (RD after RIP processing) based on the first data (print data PD). The RIP processing apparatus 80 includes a communication unit 31, a key storage unit 32, a job control unit 34, a data decryption unit (print data decryption unit 82), a data processing unit (RIP processing unit 36), and a log encryption unit 38. ing. The communication unit 31 receives the first data (encrypted print data PD #) encrypted using the common key Kc, and the data decryption unit receives the encrypted first data received by the communication unit 31. Decrypt using the common key Kc. The common key Kc is deleted after the execution of the job (print job) is completed. According to the RIP processing device 80, the same effect as that of the editing device 70 can be obtained.

  In the printing system 2, the combination of the editing device 70 and the RIP processing device 80 creates second data (encrypted print data PD #) based on the first data (original data MD), and further adds fourth data. It functions as a job execution device that creates (data RD after RIP processing). The communication unit 21 receives the first data (encrypted document data MD #) encrypted using the common key Kc, and the data decryption unit (document data decryption unit 72) receives the encrypted data received by the communication unit 21. The encrypted first data is decrypted using the common key Kc, and the data processing unit (encrypted print data creation unit 73) creates the second data by performing encryption using the common key Kc, and the second The data decryption unit (print data decryption unit 82) decrypts the second data received by the second communication unit (communication unit 31) using the common key Kc. The common key Kc is deleted after the execution of the job (print job) is completed. According to the combination of the editing device 70 and the RIP processing device 80, the first data is received and the second data is transmitted and received by using the public key encryption method and the common key encryption method together. It is possible to prevent data and second data from being illegally leaked. Also, by performing encryption and decryption using the common key Kc, these processes can be performed at high speed.

(Third embodiment)
FIG. 10 is a block diagram showing a configuration of a printing system according to the third embodiment of the present invention. A printing system 3 shown in FIG. 10 is obtained by replacing the editing device 20 and the log management device 40 with an editing / log management device 90 in the printing system 1 according to the first embodiment. The editing / log management device 90 is obtained by adding the function of the log management device 40 to the editing device 20. The editing / log management device 90 is realized by, for example, a computer that executes an editing program and a log management program. According to the printing system 3, the number of devices (computers) included in the printing system can be reduced, and the cost of the printing system can be reduced.

  The printing system 3 includes the editing / log management device 90 in which the function of the log management device 40 is added to the editing device 20. Instead, the function of the log management device 40 is added to the RIP processing device 30. A RIP processing / log management device may be provided. Further, the function of the log management device 40 may be added to the editing device 70 or the RIP processing device 80 according to the second embodiment.

(Fourth embodiment)
FIG. 11 is a block diagram showing a configuration of a printing system according to the fourth embodiment of the present invention. The printing system 4 shown in FIG. 11 includes an ordering device 18, an editing device 20, a RIP processing device 30, an encryption / log management device 95, and a printing machine 50. The ordering device 18 is installed at the location of the orderer who orders printing. The RIP processing device 30 and the printing machine 50 are installed in a printing department of a printing company and are connected to a local area network 8 in the printing department. The editing device 20 and the encryption / log management device 95 are installed in the server management department of the printing company, and are connected to the local area network 9 in the server management department. The ordering device 18 is communicably connected to the editing device 20 and the encryption / log management device 95 using the wide area network 7 such as the Internet. The RIP processing device 30 is also communicably connected to the editing device 20 and the encryption / log management device 95 using the wide area network 7.

  FIG. 12 is a block diagram showing details of the printing system 4. The ordering apparatus 18 includes a communication unit 19, a job ID creation unit 13, and a log display unit 16. The encryption / log management device 95 includes a communication unit 96, a key storage unit 12, a document data encryption unit 14, a log storage unit 42, and a log decryption unit 15.

  The ordering device 18 transmits the document data MD to the editing device 20 via the encryption / log management device 95. When the document data MD is transmitted from the ordering apparatus 18 to the encryption / log management apparatus 95, encrypted communication provided by browser software operating on a computer constituting the ordering apparatus 18 (hereinafter referred to as encrypted communication by the browser). Is used. When the document data MD is transmitted from the encryption / log management device 95 to the editing device 20, communication using a public key cryptosystem is performed.

  The editing device 20 and the RIP processing device 30 create logs LGx and LGy indicating the execution process of printing and write them in the log storage unit 42 of the encryption / log management device 95. The log LG is written in the log storage unit 42 in an encrypted state using a public key cryptosystem. The log decryption unit 15 decrypts the encrypted log LG # stored in the log storage unit 42. The ordering device 18 receives the log LG obtained by the log decrypting unit 15 from the encryption / log management device 95 after printing is completed, and displays the received log LG on the screen. When displaying the log LG on the screen, browser software operating on a computer constituting the ordering device 18 is used.

  The communication units 19, 21, 31, and 96 transmit and receive data among the ordering device 18, the editing device 20, the RIP processing device 30, and the encryption / log management device 95. The communication units 19, 21, 31, and 96 may be used for key transmission / reception. Between the communication units 19 and 96, encrypted communication by a browser is performed. The key storage units 12, 22, and 32 store the keys as in the first embodiment.

  The document data MD is transmitted from the ordering device 18 to the encryption / log management device 95. For transmission of the document data MD, encrypted communication by a browser is used. The document data encryption unit 14 encrypts the document data MD received from the ordering device 18 using the first public key Ka1 stored in the key storage unit 12. The encrypted document data MD # is transmitted from the encryption / log management device 95 to the editing device 20. The document data decrypting unit 24 decrypts the encrypted document data MD # received from the encryption / log management device 95 using the first secret key Kb1 stored in the key storage unit 22. The job control units 23 and 34, the encrypted print data creation unit 25, the print data decryption unit 35, the RIP processing unit 36, the printing press control unit 37, and the log encryption units 26 and 38 are the same as in the first embodiment. To work.

  The log LGx # encrypted by the log encryption unit 26 is transmitted from the editing device 20 to the encryption / log management device 95 and written to the log storage unit 42. The log LGy # encrypted by the log encryption unit 38 is transmitted from the RIP processing device 30 to the encryption / log management device 95 and written to the log storage unit 42. The log decryption unit 15 decrypts the encrypted log LG # stored in the log storage unit 42 using the third secret key Kb3 stored in the key storage unit 12. The log LG obtained by the log decoding unit 15 is transmitted to the ordering device 18. The log display unit 16 displays the log LG received from the encryption / log management device 95 on the screen.

  In the printing system 4, the encryption / log management device 95 encrypts the document data MD received from the ordering device 18 using the first public key Ka 1, and stores the log LG # stored in the log storage unit 42 as the third secret. Decrypt using key Kb3. When the document data MD is transmitted from the ordering apparatus 18 to the encryption / log management apparatus 95, encrypted communication is performed by the browser, and the ordering apparatus 18 displays the log LG on the screen using browser software. Therefore, according to the printing system 4, it is possible to configure the ordering apparatus 18 simply by adding software for creating a job ID to a computer managed by the orderer.

  Various modifications can be configured for the printing system according to the first to fourth embodiments of the present invention. For example, in the printing system according to the first to fourth embodiments, the editing apparatus and the RIP processing apparatus are associated with each other on a one-to-one basis. In the printing system according to the modified example, one editing apparatus is associated with a plurality of RIP processing apparatuses, and the editing apparatus executes RIP processing from among the plurality of RIP processing apparatuses when executing a print job. May be selected. In this case, the key storage unit included in the editing apparatus stores a plurality of second public keys each paired with a second secret key uniquely determined for each RIP processing apparatus before starting execution of the print job. To do. The print data PD is encrypted using a key selected from a plurality of second public keys stored in the key storage unit. In addition, a printing system in which the RIP processing apparatus transmits a second public key to the editing apparatus during execution of a print job, and the editing apparatus encrypts the print data PD using the received second public key is also conceivable.

  In the printing systems according to the first to fourth embodiments, the job ID is transmitted and received in the same steps as the encrypted document data MD # or the encrypted print data PD #. In the printing system according to the modification, the job ID may be transmitted and received separately in different steps from the encrypted document data MD # or the encrypted print data PD #. In the printing systems according to the first to fourth embodiments, the job ID is transmitted and received without being encrypted. In the printing system according to the modification, the job ID may be transmitted / received in an encrypted state in the same manner as the document data MD or the print data PD.

  In the printing system according to the first to fourth embodiments, the RIP processing apparatus includes the job database 33. In the printing system according to the modification, the editing apparatus may include the job database 33. In this case, the job control unit included in the RIP processing apparatus refers to the job database 33 through communication between the editing apparatus and the RIP processing apparatus, and determines whether or not to create the print data PD according to the result.

  In the printing systems according to the first to fourth embodiments, both the editing apparatus and the RIP processing apparatus are provided with a job control unit. In the printing system according to the modification, only the RIP processing device may include the job control unit. The job control unit in the editing apparatus is not always necessary. That is, job control for determining whether to create print data PD in the editing apparatus is not always necessary. The reason is that the RIP processing apparatus may determine whether or not to finally execute printing from the job status. In this case, however, the editing apparatus creates the print data PD without judging the job status, so that the RIP processing apparatus later determines that the created print data PD cannot be printed, resulting in useless work. There is a demerit that it may occur if you do.

  In the printing system according to the first to fourth embodiments, the information regarding the print job stored in the job database 33 is held indefinitely. However, when it is desired to reduce the capacity of the job database 33. The following modifications can be applied. That is, the job ID creation date / time information or expiration date information is added to the job ID to limit the validity period of the job ID. Then, after the execution of the print job is completed, after a predetermined time or expiration date has passed, the job ID is invalidated, and the RIP processing device 30 determines that printing cannot be performed. In this case, even if information regarding a print job that has become out of date and expired is deleted from the job database 33, execution of unauthorized printing can be prevented.

  In the printing system described above, all ordering devices, editing devices, RIP processing devices, log management devices, and printing machines transmit and receive data and keys using a communication network such as a local area network or the Internet. It was decided. However, in the printing system of the present invention, the ordering device, editing device, RIP processing device, log management device, and printing machine may transmit and receive data and keys offline without using a communication network. In this case, the communication unit of the apparatus transmits the data and key by writing the data and key to the external storage medium, and receives the data and key by reading the data and key from the external storage medium.

  In addition, the job execution device, the job execution method, and the job execution program included in the printing system described above can be arbitrarily combined with each other as long as the features of the job execution program are not contrary to the properties thereof, A job execution method and a job execution program can be configured.

  As described above, according to the job execution device, job execution device, job execution method, and job execution program of the present invention, it is possible to prevent unauthorized use of data created during job execution and Follow up correctly.

1, 2, 3, 4 ... printing system 10, 18, 60 ... ordering device 11, 19, 21, 31, 41, 96 ... communication unit 12, 22, 32 ... key storage unit 13 ... job ID creation unit 14, 62 ... Document data encryption unit 15 ... Log decryption unit 16 ... Log display unit 20, 70 ... Editor 23,34 ... Job control unit 24,72 ... Document data decryption unit 25,73 ... Encrypted print data creation unit 26,38 ... Log encryption unit 30, 80 ... RIP processing device 33 ... Job database 35, 82 ... Print data decryption unit 36 ... RIP processing unit 37 ... Printer control unit 40 ... Log management device 42 ... Log storage unit 50 ... Printer 61 ... Key creation unit 63, 74 ... Key encryption unit 71, 81 ... Key decryption unit 90 ... Edit / log management device 95 ... Encryption / log management device 100 ... Computer 101 ... CPU
110 ... Storage medium 111 ... Program

Claims (19)

A job execution device that creates second data based on first data,
A key storage unit for storing a secret key necessary for encrypted communication of the first data before starting execution of a job;
A communication unit that receives the job ID and the encrypted first data;
A job control unit that controls whether to execute the job based on a job ID received by the communication unit;
A data decryption unit for decrypting the encrypted first data received by the communication unit;
A data processing unit that creates the second data based on the first data obtained by the data decoding unit;
A job execution apparatus, comprising: a log encryption unit that encrypts a log indicating a job execution process using a log public key. The communication unit receives first data encrypted using a public key paired with the secret key,
The job execution apparatus according to claim 1, wherein the data decryption unit decrypts the encrypted first data received by the communication unit using the secret key. The communication unit receives first data encrypted using a common key,
The data decryption unit decrypts the encrypted first data received by the communication unit using the common key,
The job execution apparatus according to claim 1, wherein the common key is deleted after execution of the job is completed. The first data is data representing a material included in a printed matter,
4. The job execution apparatus according to claim 2, wherein the second data is data obtained by encrypting data representing a page of a printed material. The first data is data representing a page of printed matter,
The job execution apparatus according to claim 2, wherein the second data is data that can be processed by a printing press. The second data is data obtained by encrypting third data based on the first data,
A second key storage unit that stores a second secret key required for encrypted communication of the third data before starting execution of the job;
A second communication unit that receives the job ID and the second data from the communication unit;
A second job control unit that controls whether to execute the job based on the job ID received by the second communication unit;
A second data decoding unit for obtaining the third data by decoding the second data received by the second communication unit;
A second data processing unit for generating fourth data based on the third data obtained by the second data decoding unit;
The job execution apparatus according to claim 1, further comprising: a second log encryption unit configured to encrypt a second log indicating the execution process of the job using the log public key. The communication unit receives first data encrypted using a public key paired with the secret key,
The data decryption unit decrypts the encrypted first data received by the communication unit using the secret key,
The data processing unit creates the second data by performing encryption using a second public key paired with the second secret key;
The job execution apparatus according to claim 6, wherein the second data decryption unit decrypts the second data received by the second communication unit using the second secret key. The communication unit receives first data encrypted using a common key,
The data decryption unit decrypts the encrypted first data received by the communication unit using the common key,
The data processing unit creates the second data by performing encryption using the common key,
The second data decryption unit decrypts the second data received by the second communication unit using the common key,
The job execution apparatus according to claim 6, wherein the common key is deleted after execution of the job is completed. The first data is data representing a material included in a printed matter,
The second data is data obtained by encrypting data representing a printed page,
The job execution apparatus according to claim 7 or 8, wherein the fourth data is data that can be processed by a printing press. A job execution method for creating second data based on first data,
A key storage step of storing a secret key required for encrypted communication of the first data before starting execution of a job;
A communication step of receiving the job ID and the encrypted first data;
A job control step for controlling whether to execute the job based on the job ID received in the communication step;
A data decryption step of decrypting the encrypted first data received in the communication step;
A data processing step for creating the second data based on the first data obtained in the data decoding step;
And a log encryption step of encrypting a log indicating the job execution process using a log public key. A job execution program for creating second data based on the first data,
A key storage step of storing a secret key required for encrypted communication of the first data before starting execution of a job;
A communication step of receiving the job ID and the encrypted first data;
A job control step for controlling whether to execute the job based on the job ID received in the communication step;
A data decryption step of decrypting the encrypted first data received in the communication step;
A data processing step for creating the second data based on the first data obtained in the data decoding step;
A job execution program that causes a computer to execute a log encryption step of encrypting a log indicating a job execution process using a log public key, using a memory. The communication step receives first data encrypted using a public key paired with the secret key,
The job execution program according to claim 11, wherein the data decrypting step decrypts the encrypted first data received in the communication step using the secret key. The communication step receives first data encrypted using a common key,
The data decryption step decrypts the encrypted first data received in the communication step using the common key,
The job execution program according to claim 11, wherein the common key is deleted after execution of the job is completed. The first data is data representing a material included in a printed matter,
The job execution program according to claim 12 or 13, wherein the second data is data obtained by encrypting data representing a page of a printed matter. The first data is data representing a page of printed matter,
The job execution program according to claim 12 or 13, wherein the second data is data that can be processed by a printing press. The second data is data obtained by encrypting third data based on the first data,
A second key storage step of storing a second secret key necessary for encrypted communication of the third data before starting execution of the job;
A second communication step for receiving the job ID and the second data from the communication step;
A second job control step for controlling whether or not to execute the job based on the job ID received in the second communication step;
A second data decoding step for obtaining the third data by decoding the second data received in the second communication step;
A second data processing step of creating fourth data based on the third data obtained in the second data decoding step;
The job execution according to claim 11, further causing the computer to further execute a second log encryption step of encrypting a second log indicating the execution process of the job using the log public key. program. The communication step receives first data encrypted using a public key paired with the secret key,
The data decryption step decrypts the encrypted first data received in the communication step using the secret key,
The data processing step creates the second data by performing encryption using a second public key paired with the second secret key,
The job execution program according to claim 16, wherein the second data decrypting step decrypts the second data received in the second communication step by using the second secret key. The communication step receives first data encrypted using a common key,
The data decryption step decrypts the encrypted first data received in the communication step using the common key,
The data processing step creates the second data by performing encryption using the common key,
The second data decryption step decrypts the second data received in the second communication step using the common key,
The job execution program according to claim 16, wherein the common key is deleted after execution of the job is completed. The first data is data representing a material included in a printed matter,
The second data is data obtained by encrypting data representing a printed page,
The job execution program according to claim 17 or 18, wherein the fourth data is data that can be processed by a printing press.

Images