JP2019155647A - Printing system and printing method - Google Patents

Abstract

To provide a printing system which allows only a specific user to print a secure file protected by a password, and which can distribute a secure file so that a third person having no authority cannot print the secure file.SOLUTION: A management device 10 inputs (P1) a password, a secure file, and a user list, allocates a unique user ID to each user, and sends (P2) first information in which file identification information, the password, and the unique user ID for identifying the secure file in a unique manner, are associated, to a designated printer, and sends (P3) second information including the unique user ID of the user and secure file to each user of a user list. A printer 30 stores received first information in a storage part 32a, and receives a printing instruction including the secure file and the unique user ID, then authenticates authority of printing based on the unique user ID, and if there is no conflict to a printing upper limit number and an effective term, releases protection of the secure file by the corresponding password and prints.SELECTED DRAWING: Figure 4

Description

  The present invention relates to a printing system and a printing method for printing a password-protected file.

  Conventionally, when an administrator allows a second user to print a password-protected file, a method of passing both the password-protected file and the password from the administrator to the second user is generally used. It was the target. The second user can release the protection of the file with a password and print the file.

  However, if both the file protected by the password and the password are leaked from the second user to an unauthorized third party, the third party can also print the file, and security cannot be ensured.

  As one method for preventing such information leakage, there is a manual method in which a password-protected file is printed by an administrator himself to create a printed material, and the administrator distributes the printed material to a second user. is there.

  Patent Document 1 below discloses a method for ensuring file security by pre-registering a file password in a printer and distributing only the file protected by the password to the user.

JP 2009-72960 A

  However, in the method disclosed in Patent Document 1, when a file protected by a password is transferred to an unauthorized third party, the third party also prints the file using a designated printer in which a password is pre-registered. It becomes possible to do.

  In the case of the above-described manual method in which the administrator himself prints and distributes the printed matter to the second user, high security can be ensured, but it is not convenient.

  The present invention is intended to solve the above-described problem, so that a password-protected file can be printed only by a specific user and cannot be printed even by an unauthorized third party. It is an object of the present invention to provide a printing system and a printing method that can be distributed.

  The gist of the present invention for achieving the object lies in the inventions of the following items.

[1] having a management device and a printer;
The management device
A password, a file protected by the password, and an input unit for inputting a user list;
A unique ID assigning unit for assigning unique user identification information unique to each user registered in the user list;
File identification information that uniquely identifies the password-protected file, first information that associates the password and the unique user identification information is transmitted to a predetermined printer and registered in the user list. A transmitting unit for transmitting to each user the second information including the unique user identification information assigned to the user and the file protected by the password;
Have
The printer is
A storage unit for storing the first information received from the management device;
A print instruction receiving unit that receives a print instruction including a password-protected file and unique user identification information;
Unique user associated with the first file identification information, wherein the first file identification information for uniquely identifying the file included in the print instruction received by the print instruction reception unit is stored in the storage unit A collation unit that determines whether a print permission condition in which the identification information matches the unique user identification information included in the print instruction;
A protection cancellation unit that cancels protection of a file included in the print instruction with a password associated with the first file identification information when the verification unit determines that the print permission condition is satisfied;
A printing unit for printing a file whose protection has been canceled by the protection cancellation unit;
A printing system characterized by comprising:

  In the above invention and the invention described in [7] below, the unique user identification information created for each user by the management apparatus is passed in advance to the designated printer and the user who is permitted to print. The printer authenticates the user's printing authority by comparing the unique user identification information included in the print instruction received from the user with the unique user identification information registered in advance.

[2] The first information includes an upper limit number of prints for each user,
The printer according to [1], further comprising a print number limiting unit that limits the number of prints of the file for each user based on the maximum number of prints for each user included in the first information. Printing system.

  In the above-described invention, the number of prints of a password-protected file is limited for each user by the maximum number of prints for each user.

[3] The first information includes information on a period during which printing is permitted,
[1] or [2], wherein the printer further includes a printing period limiting unit that limits a period during which the file is permitted to be printed based on the period information included in the first information. The printing system described.

  In the above invention, execution of printing of a file protected by a password is restricted within a predetermined period.

[4] The transmission unit transmits the second information to each user registered in the user list by email. [1] to [3] Printing system.

[5] The printing system according to any one of [1] to [4], wherein the printer further includes a print result notifying unit that notifies the management device of the number of printed files. .

  In the above invention, the printing result of the file protected by the password is fed back from the printer to the management apparatus.

[6] The printing system according to any one of [1] to [5], wherein the input unit receives input of information on a Web page displayed on a Web browser.

  In the above invention, the management device has a function as a Web server, and receives information such as a password, a file, and a user list through a Web page displayed on a PC or the like.

[7] The information processing device inputs a password, a file protected by the password, and a user list;
A unique ID assignment step in which the information processing apparatus assigns unique user identification information unique to each user registered in the user list;
The information processing apparatus transmits file identification information that uniquely identifies the file protected by the password, first information that associates the password and the unique user identification information to a predetermined printer, and the user Transmitting to each user registered in the list the second information including the unique user identification information assigned to the user and the file protected by the password;
A storing step in which the printer receives and stores the first information;
A printing instruction receiving step in which the printer receives a printing instruction including a file protected by a password and unique user identification information;
The printer stores first file identification information that uniquely identifies a file included in the print instruction received in the print instruction reception step, and a unique user associated with the first file identification information A collation step of determining whether a print permission condition in which the identification information matches the unique user identification information included in the print instruction;
A protection release step of releasing protection of a file included in the print instruction with a password associated with the first file identification information when the printer determines that the print permission condition is satisfied in the collating step; ,
A printing step in which the printer prints the file whose protection is canceled in the protection cancellation step;
A printing method characterized by comprising:

  According to the printing system and the printing method of the present invention, a password-protected file can be distributed so that only a specific user can print it and cannot be printed even by an unauthorized third party. Can do.

It is a figure which shows the structural example of the printing system which concerns on embodiment of this invention. It is a block diagram which shows schematic structure of a management apparatus. FIG. 2 is a block diagram illustrating a schematic configuration of a printer. It is a figure which shows the flow of the data in a printing system. It is a flowchart which shows the process which a management apparatus performs. It is a flowchart which shows the process performed when a user terminal sends out a printing instruction | indication. 6 is a flowchart illustrating processing performed when a printing apparatus receives a print instruction.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 shows a configuration example of a printing system 5 according to an embodiment of the present invention. The printing system 5 is configured by connecting the management device 10, the printer 30, and the user terminal 50 so as to communicate with each other via a network or the like. The management device 10 and the user terminal 50 are information processing devices such as PCs.

  The printing system 5 distributes the file protected by a password to a specific user so that the file cannot be printed even if it is obtained by an unauthorized third party, and permits printing.

  The management apparatus 10 includes a user list in which users who are permitted to print are registered, contact information (e-mail address) of each user, a file protected by a password (referred to as a secure file), and a release of secure file protection. The input information includes a password used for printing, an upper limit number of prints for each user, a valid period during which the secure file can be printed, designation information (for example, an IP address) of a printer used for printing the secure file, and the like.

  For each user registered in the input user list, the management apparatus 10 generates unique user identification information (unique user ID) that can uniquely identify the user. Then, file identification information (for example, file name, file size, file creation date, etc.) that can uniquely identify the secure file, password, user list, unique user ID assigned to each user, and printing for each user First information including the upper limit number of sheets and a valid printable period in association with each other is created and transmitted to a printer designated by designation information such as an IP address. In the user list, a user name, a unique user ID assigned to the user, and information on the upper limit printing number of the user may be registered in association with each other.

  In addition, the management apparatus 10 provides each user registered in the user list with a unique user ID assigned to the user, a secure file, an upper limit number of prints for the user, a valid printable period, and a secure file. Second information including designation information (such as an IP address) of a printable printer is generated and transmitted. Here, the second information is distributed to each user using electronic mail.

  The printer 30 stores the first information received from the management device 10 in the storage unit.

  In the user terminal 50, an application program for printing (hereinafter referred to as a print application) is installed. The user transmits a print instruction to the designated printer using the print application. The print instruction includes the secure file received from the management apparatus 10 and the unique user ID.

  When the printer 30 receives the print instruction from the user terminal 50, the file identification information for uniquely specifying the received secure file is stored in the storage unit, and any of the unique user IDs associated with the file identification information is stored. When the print permission condition that the unique user ID included in the print instruction matches is satisfied, the protection of the secure file included in the print instruction is canceled with the password associated with the file identification information. Print the file.

  FIG. 2 is a block diagram illustrating a schematic configuration of the management apparatus 10. The management device 10 includes a CPU (Central Processing Unit) 11 as a control unit that controls the operation of the device itself. The CPU 11 is connected to a ROM (Read Only Memory) 12, a RAM (Random Access Memory) 13, a nonvolatile memory 14, a hard disk device 15, a network communication unit 16, an operation panel 17 and the like through a bus.

  The CPU 11 is based on an OS (Operating System) program, and executes middleware, application programs, and the like. Various programs are stored in the ROM 12, and each function of the management apparatus 10 is realized by the CPU 11 executing various processes according to these programs.

  The RAM 13 is used as a work memory for temporarily storing various data when the CPU 11 executes processing based on a program.

  The nonvolatile memory 14 is a memory (flash memory) whose stored contents are not destroyed even when the power is turned off, and is used for storing various setting information.

  The hard disk device 15 is a large-capacity nonvolatile storage device, and stores various programs and data. The hard disk device 15 stores the first information received from the external device.

  The network communication unit 16 functions to communicate with the printer 30, the user terminal 50, and other various devices via the network.

  The operation panel 17 includes an operation unit 17a and a display unit 17b. The display unit 17b functions to display various operation screens, setting screens, and the like. The display unit 17b includes a liquid crystal display and its driver. The operation unit 17a functions to receive various operations from the user. The operation unit 17a includes a keyboard that receives input of characters, numbers, symbols, and the like, and a touch screen provided on the display surface of the display unit 17b. The touch screen detects a coordinate position where the display surface of the display unit 17b is touched with a touch pen or a finger.

  The CPU 11 of the management apparatus 10 functions based on a program to function as a unique ID assignment unit 21, an information creation unit 22, a transmission control unit 23, and an input unit 24.

  The input unit 24 receives input of the above input information. Here, the management apparatus 10 has a function as a Web server, displays a Web page on an external terminal, and receives input information through the Web page. For the secure file to be printed, the management device 10 may obtain the entity by uploading the entity from an external terminal, or the management device 10 receives the file name and storage location information on the Web page. The file may be acquired from the storage location.

  The unique ID assigning unit 21 has a function of generating a unique user ID that can uniquely identify the user for each user registered in the user list included in the input information input by the input unit 24 and assigning the unique user ID to the user. Fulfill. The information creation unit 22 creates the first information and the second information described above based on the input information and the unique user ID created by the unique ID assignment unit 21. The transmission control unit 23 sends the first information created by the information creation unit 22 to the designated printer using the network communication unit 16 and the second information created by the information creation unit 22 by e-mail. The function of transmitting to each user registered in the user list as an attachment is attached.

  FIG. 3 is a block diagram illustrating a schematic configuration of the printer 30. The printer 30 shown in FIG. 3 is a multifunction machine, and a copy job that prints an image based on image data obtained by optically reading a document on recording paper, and a save job that stores image data of the read document as a file or the like. , A transmission job for transmitting image data of a read original as a file to the outside, a print job for printing an image based on print data received from a PC on a recording paper, and a FAX job for transmitting and receiving image data according to a facsimile procedure It has a function to execute such jobs. The printer 30 may not have other functions as long as it has a printing function.

  The printer 30 has a CPU 31 that comprehensively controls the operation of its own apparatus. A non-volatile memory 32, a RAM 33, a scanner unit 34, a printing unit 35, a network communication unit 36, an operation panel 37, a facsimile communication unit 38, an authentication unit 39, and the like are connected to the CPU 31 through a bus.

  Various programs executed by the CPU 31 are stored in the nonvolatile memory 32. In addition, the nonvolatile memory 32 functions as a storage unit 32 a that stores the first information received from the management device 10.

  The RAM 33 is used as a work memory for temporarily storing various data when the CPU 31 executes processing based on a program, an image memory for storing image data, and the like.

  The scanner unit 34 functions to optically read a document and acquire image data. The scanner unit 34 sequentially moves, for example, a light source that irradiates light on a document, a line image sensor that receives the reflected light for one line in the width direction, and a line-by-line reading position in the length direction of the document. An optical path composed of a moving unit, a lens or a mirror that guides the reflected light from the document to the line image sensor and forms an image, a conversion unit that converts the analog image signal output from the line image sensor into digital image data, etc. It is configured with.

  The printing unit 35 has a function of forming an image corresponding to the image data on a recording sheet. Here, it has a recording paper transport device, a photosensitive drum, a charging device, a laser unit, a developing device, a transfer separation device, a cleaning device, and a fixing device, and forms an image by an electrophotographic process. It is configured as a so-called laser printer. Other methods may be used for image formation.

  The network communication unit 36 has a function of communicating with the management device 10, the user terminal 50, and other devices through the network.

  The operation panel 37 includes an operation unit 37a and a display unit 37b. The display unit 37b functions to display various operation screens, setting screens, and the like, and includes a liquid crystal display. The operation unit 37a includes various hard keys such as a start button and a numeric keypad that receive various operations from the user, and a touch screen provided on the display surface of the display unit 37b. The operation panel 37 receives a job setting operation from the user.

  The facsimile communication unit 38 has a function of transmitting / receiving image data to / from a device having a facsimile function through a telephone line.

  The authentication unit 39 authenticates a user who uses the printer 30. The authentication method may be any method using a password, fingerprint, vein or the like.

  The CPU 31 of the printing apparatus 30 performs functions such as a storage control unit 41, a collation unit 42, a print instruction reception unit 43, a protection release unit 44, a print control unit 45, and a print result notification unit 46 by executing a program.

  The storage control unit 41 performs control to store the first information received from the management apparatus 10 in the storage unit 32a. The print instruction receiving unit 43 has a function of receiving a print instruction from the user terminal 50.

  The collation unit 42 collates the first information stored in the storage unit 32a with the information included in the print instruction to determine whether a predetermined print permission condition is satisfied, and the print permission condition is satisfied. In this case, the function of permitting printing based on the print instruction is performed. Note that the collation unit 42 is based on the information on the effective period included in the print number limiting unit and the first information, which limits the number of prints of the secure file for each user based on the upper limit number of prints set for each user. It also functions as a printing period limiter that limits the period during which the secure file is allowed to be printed.

  The protection cancellation unit 44 has a function of canceling protection of the secure file using a password. The print control unit 45 performs control to generate print data corresponding to the file whose protection has been removed by RIP processing, and cause the printing unit 35 to print the print data. The print result notifying unit 46 performs control to notify the management apparatus 10 of information related to the print result when the secure file is printed.

  Next, a process for printing a password-protected file (secure file) by the printing system 5 will be described in more detail.

  FIG. 4 shows a data flow when the secure file is printed by the printing system 5. FIG. 5 is a flowchart showing processing performed by the management apparatus 10 when a secure file is printed by the printing system 5. FIG. 6 is a flowchart showing processing performed when the user terminal 50 sends a print instruction. FIG. 7 is a flowchart showing processing performed when the printing apparatus 30 receives a print instruction.

  Input information is input to the management apparatus 10 (P1 in FIG. 4, step S101 in FIG. 5). The input information includes a user list in which users who are allowed to print are registered, an e-mail address that is a contact for each user, a password-protected file (secure file), and a password that is used to cancel protection of the secure file. , An upper limit number of prints for each user, an effective period during which the secure file can be printed, and designation information (IP address) of the printer used for printing the secure file.

  For each user registered in the user list included in the input information, the unique ID assignment unit 21 of the management apparatus 10 generates a unique user ID that can uniquely identify the user (step S102 in FIG. 5).

  Next, the management apparatus 10 includes file identification information (for example, file name, file size, file creation date and time) that can uniquely identify the secure file, a password, a user list, and a unique user ID assigned to each user. First information including the maximum number of prints for each user and the valid printable period is created.

  In addition, the management device 10 determines, for each user registered in the user list, a unique user ID assigned to the user, a secure file protected by a password, the upper limit number of prints of the user, and a valid printable period. Then, the second information including the designation information (IP address or the like) of the printer that is the print destination of the secure file is created (step S103 in FIG. 5).

  Next, the management apparatus 10 connects to the printer 30 designated by the designation information such as the IP address via the network (step S104), transmits the first information to the connected printer 30, and stores the storage unit 32a of the printer 30. The first information is stored (step S105, P2 in FIG. 4).

  Further, the management apparatus 10 transmits to the users registered in the user list, the second information created for the users attached to the e-mail (S106, P3 in FIG. 4). The user terminal 50 stores the second information attached to the electronic mail in an internal nonvolatile memory.

  When printing a secure file received by an e-mail, the user activates the print application on the user terminal 50 that has received the e-mail. The activated print application connects the user terminal 50 to the printer 30 indicated by the designation information (IP address included in the second information) via the network (FIG. 6, step S201).

  The print application receives a selection of a secure file that the user desires to print on the screen and receives an instruction to start printing (step S202). The print application that has received the instruction to start printing refers to the second information corresponding to the selected secure file, creates a print instruction including the secure file and the unique user ID included in the second information, and executes this step. The data is transmitted to the printer connected in S201 (step S203, P4 in FIG. 4).

  Upon receiving the print instruction from the user terminal 50, the printing apparatus 30 determines whether to permit printing based on the print instruction, the information included in the received print instruction, and the first information stored in the storage unit 32a. Judgment is made by collating (P5 in FIG. 4).

  Specifically, it is checked whether or not file identification information that uniquely identifies the secure file included in the received print instruction is stored in the storage unit 32a (FIG. 7, step S301).

  If the corresponding file identification information is stored in the storage unit 32a (step S301; Yes), a print instruction is given with one of the unique user IDs stored in the storage unit 32a in association with the file identification information. It is checked whether or not the included unique user ID matches (step S302).

  If any unique user ID associated with the file identification information uniquely identifying the secure file included in the received print instruction matches the unique user ID included in the print instruction (step S302; Yes), this The number of prints of the secure file by the user specified by the unique user ID is less than or equal to the maximum number of prints set for this user, and the current date and time is within the validity period set for this secure file. It is confirmed that there is (step S303).

  If the printing device 30 is equal to or less than the upper limit number of prints and within the effective period (step S303 in FIG. 7; Yes), the corresponding password is read from the storage unit 32a, and the secure file included in the print instruction is protected with this password Is released (step S304, P6 in FIG. 4). Then, the secure file whose protection is canceled is rasterized (RIP) and printed by the printing unit 35 (step S305 in FIG. 7 and P7 in FIG. 4). Thereafter, the printing apparatus 30 notifies the management apparatus 10 of the printing result (step S306). The print record includes information such as the file identification information of the printed secure file, the user who issued the print instruction, the number of prints, and the print date.

  If “No” is determined in any of the determinations in steps S301 to S303, the user terminal 50 that is the transmission source of the print instruction is notified that printing is not possible (step S307).

  As described above, a unique user ID is generated for each user included in the user list, and the authority of printing is authenticated by this unique user ID, so that unauthorized printing by an unauthorized third party can be prevented, Security can be ensured. In addition, since the printer that can print the secure file is limited to the designated printer, and further, the printing is limited by the upper limit number of prints and the valid period, the printing security can be further increased.

  The embodiment of the present invention has been described with reference to the drawings. However, the specific configuration is not limited to that shown in the embodiment, and there are changes and additions within the scope of the present invention. Are also included in the present invention.

  In the embodiment, the file identification information is included in the first information transmitted from the management apparatus 10 to the printing apparatus 30, but the secure file itself protected by the password is delivered to the printing apparatus 30 instead of the file identification information. It may be. In this case, the printing apparatus 30 may determine whether or not a security file that matches the secure file included in the print instruction is stored in the storage unit 32a in step S301 in FIG.

  The upper limit number of prints and the valid period increase the security of printing, and there is no need to add restrictions on these. In the embodiment, the upper limit number of prints is set for each user, but it may be the number of prints for all users registered in the user list. The valid period may be set for each user.

  The file protected by a password may be a file in an arbitrary format other than a PDF (Portable Document Format; registered trademark) file.

  In the embodiment, the second information is distributed to each user as an attachment to the e-mail, but the distribution method of the second information is not limited to this.

5 ... Printing system 10 ... Management device 11 ... CPU
12 ... ROM
13 ... RAM
DESCRIPTION OF SYMBOLS 14 ... Nonvolatile memory 15 ... Hard disk apparatus 16 ... Network communication part 17 ... Operation panel 17a ... Operation part 17b ... Display part 21 ... Unique ID allocation part 22 ... Information preparation part 23 ... Transmission control part 24 ... Input part 30 ... Printing apparatus 31 ... CPU
32 ... Nonvolatile memory 32a ... Storage unit 33 ... RAM
34 ... Scanner unit 35 ... Printing unit 36 ... Network communication unit 37 ... Operation panel 37a ... Operation unit 37b ... Display unit 38 ... Facsimile communication unit 39 ... Authentication unit 41 ... Storage control unit 42 ... Verification unit 43 ... Print instruction receiving unit 44 ... Protection release unit 45 ... Print control unit 46 ... Print result notification unit 50 ... User terminal

Claims (7)

A management device and a printer,
The management device
A password, a file protected by the password, and an input unit for inputting a user list;
A unique ID assigning unit for assigning unique user identification information unique to each user registered in the user list;
File identification information that uniquely identifies the password-protected file, first information that associates the password and the unique user identification information is transmitted to a predetermined printer and registered in the user list. A transmitting unit for transmitting to each user the second information including the unique user identification information assigned to the user and the file protected by the password;
Have
The printer is
A storage unit for storing the first information received from the management device;
A print instruction receiving unit that receives a print instruction including a password-protected file and unique user identification information;
Unique user associated with the first file identification information, wherein the first file identification information for uniquely identifying the file included in the print instruction received by the print instruction reception unit is stored in the storage unit A collation unit that determines whether a print permission condition in which the identification information matches the unique user identification information included in the print instruction;
A protection cancellation unit that cancels protection of a file included in the print instruction with a password associated with the first file identification information when the verification unit determines that the print permission condition is satisfied;
A printing unit for printing a file whose protection has been canceled by the protection cancellation unit;
A printing system characterized by comprising: The first information includes an upper limit number of prints for each user,
2. The printer according to claim 1, further comprising: a print number limit unit that limits the number of prints of the file for each user based on an upper limit number of prints for each user included in the first information. Printing system. The first information includes information on a period during which printing is permitted,
The said printer further has a printing period restriction | limiting part which restrict | limits the period which permits the printing of the said file based on the information of the said period contained in the said 1st information. Printing system. The printing system according to any one of claims 1 to 3, wherein the transmission unit transmits the second information to each user registered in the user list by e-mail. The printing system according to any one of claims 1 to 4, wherein the printer further includes a print result notification unit that notifies the management apparatus of the number of printed files. The printing system according to any one of claims 1 to 5, wherein the input unit receives input of information on a Web page displayed on a Web browser. An information processing apparatus, an input step for inputting a password, a file protected by the password, and a user list;
A unique ID assignment step in which the information processing apparatus assigns unique user identification information unique to each user registered in the user list;
The information processing apparatus transmits file identification information that uniquely identifies the file protected by the password, first information that associates the password and the unique user identification information to a predetermined printer, and the user Transmitting to each user registered in the list the second information including the unique user identification information assigned to the user and the file protected by the password;
A storing step in which the printer receives and stores the first information;
A printing instruction receiving step in which the printer receives a printing instruction including a file protected by a password and unique user identification information;
The printer stores first file identification information that uniquely identifies a file included in the print instruction received in the print instruction reception step, and a unique user associated with the first file identification information A collation step of determining whether a print permission condition in which the identification information matches the unique user identification information included in the print instruction;
A protection release step of releasing protection of a file included in the print instruction with a password associated with the first file identification information when the printer determines that the print permission condition is satisfied in the collating step; ,
A printing step in which the printer prints the file whose protection is canceled in the protection cancellation step;
A printing method characterized by comprising:

Images