JP4765614B2 - Authentication printing system and printing method - Google Patents

Description

  The present invention relates to an authentication printing technique for executing printing on the condition that authentication has been performed.

2. Description of the Related Art Conventionally, there is known a framework called authenticated printing that prevents information leakage by permitting printing only to a person who has been authenticated using an authentication device. For example, in Patent Document 1, when printing a confidential document, image data developed based on the print data is stored in the printing apparatus instead of immediately printing according to a print instruction. A configuration is disclosed in which printing is executed based on the image data on condition that user authentication is performed.
Japanese Patent No. 3034160

  In the conventional authentication printing framework, the system is usually constructed by so-called “built-in” on the assumption that a specific type of authentication device is used in a fixed manner. Therefore, there has been a situation where it is very difficult to make the system compatible with changing or adding types of authentication devices and changing the authentication method accordingly. For example, when a company merger or business unit integration is performed, if an authentication printing system is to be integrated in multiple sections, an authentication printing system that assumes different types of authentication devices is adopted in each of these multiple sections. If this is the case, the system in one section must be effectively discarded or a major design change must be made to change the “built-in” portion of the system, which is a heavy burden on the user. It was.

  Accordingly, an object of the present invention is to provide a framework for authentication printing that can flexibly cope with a change in an authentication device or an authentication method itself without assuming the use of a specific type of authentication device.

  The authentication print control apparatus of the present invention refers to a job storage unit that stores a print job in association with a user, acquires a print job corresponding to the authenticated user, and outputs the acquired print job to the printing unit At least one of an authentication information acquisition module that acquires authentication information of a user who desires printing using an authentication device and an authentication module that executes authentication processing based on the authentication information , Authentication environment storage means for storing information necessary for starting the module (hereinafter referred to as “startup information”), startup information is obtained by referring to the authentication environment storage means, and based on the startup information And module control means for starting the module. The authentication print control apparatus preferably includes at least one of the job storage unit and the printing unit.

  According to this configuration, when changing the authentication device and the authentication method, the authentication information acquisition module and the authentication module corresponding to the changed authentication device and the authentication method are prepared, and the activation information of each module is stored in the authentication environment. Since it is sufficient to store it in the means, it is possible to easily and flexibly cope with changes in the authentication device or the like.

  Preferably, the information processing apparatus further comprises means for acquiring a module specific message from the module and registering it in a message table in association with a message code, wherein the module control means is notified from the module with reference to the message table. A message corresponding to the message code is read out and presented to the user.

  According to such a configuration, it is possible to output module specific messages uniformly at an appropriate timing independent of module changes.

  Preferably, the module control means accesses a predetermined module distribution server when the module that has acquired the activation information is not mounted on the authentication print control apparatus, downloads the corresponding module, and performs the authentication print. It is mounted on a control device. According to such a configuration, it is possible to mount or upgrade each module without burdening the user.

  Preferably, the module control means acquires activation information corresponding to an authentication device connected to the authentication control apparatus, and records the activation information in the authentication environment storage means. According to such a configuration, the activation information is set when the authentication device is connected, so that it is possible to reduce the burden on the user regarding the setting work when the authentication device is changed.

  Preferably, the activation information is acquired via a communication network and recorded in the authentication environment storage means. According to such a configuration, activation information can be set for a plurality of authentication print control apparatuses in a broadcast manner via a communication network.

  The authentication print control method of the present invention relates to an authentication information acquisition step of acquiring authentication information of a user who desires printing using an authentication device, an authentication step of executing authentication processing based on the authentication information, and a user An authentication print control method comprising: a print control step of acquiring a print job corresponding to the authenticated user with reference to a job storage unit that stores the print job and outputting the acquired print job to the print unit And at least one of the authentication information acquisition step and the authentication step starts the module by referring to an authentication environment storage unit that stores information (startup information) necessary for starting the module, It is executed by calling the module.

  The printing / printing control method of the present invention can be implemented by a computer, for example, in an authentication server of an authentication printing system. The computer program therefor includes various programs such as a CD-ROM, a magnetic disk, a semiconductor memory, and a communication network. It can be installed or loaded on a computer through a medium.

  As described above, according to the present invention, it is possible to provide an authentication printing framework that can flexibly cope with a change in an authentication device or an authentication method itself without assuming the use of a specific type of authentication device.

(First embodiment)
FIG. 1 is a block diagram showing a hardware configuration of an authentication printing system 1 according to an embodiment of the present invention. As shown in FIG. 1, the authentication printing system 1 includes a host device 10, a printer device 20, an authentication server 30, and an authentication device 100.

  The host device 10, the printer device 20, and the authentication server 30 are configured to be able to communicate with each other via a communication network N1. The authentication device 100 is configured to be able to communicate with the authentication server 30 via the communication network N2. The communication networks N1 and N2 may be any of a LAN, the Internet, a dedicated line, a packet communication network, a combination thereof, and the like, and include both wired and wireless. In FIG. 1, one each of the host device 10, the printer device 20, the authentication server 30, and the authentication device 100 is described. However, the authentication printing system is configured so that each one is one or more according to the design. 1 may be configured.

  The host device 10 includes hardware such as a CPU (processor), a ROM, a RAM, an I / O controller, a communication interface, and an HDD, and the CPU is configured to be accessible to each means via a bus. ing.

  The host device 10 has the same function as an information processing device such as a normal personal computer. For example, the host device 10 accepts various inputs from the user via an I / O controller or the like / input / output means 11 for outputting information, and transmits / receives various data to / from other devices via a communication interface. The communication unit 12 and the printer driver unit 13 for controlling the printer device are provided (see FIG. 2). Each of these means is functionally realized by the CPU executing a program stored in a ROM, RAM, HDD, external storage medium, or the like in the host device 10.

  The printer driver unit 13 corresponds to the printer device 20 and has a function of creating a print job in a format in which the corresponding printer device can perform print processing, similarly to a normal printer driver. For example, when there is a print request specifying the printer device 20 from an application program operating on the host device 10, the printer driver unit 13 creates a print job based on a printer control language that can be interpreted by the printer device 20, and executes the print job. The print job is output to the authentication server 30.

  The printer device 20 has the same configuration as a normal printer device.

  For example, the printer device 20 includes a power supply mechanism that includes a paper feed mechanism that supplies paper into the printer device, a print engine that performs printing, and a paper discharge mechanism that discharges paper outside the printer. A print engine is usually configured to include a paper feed mechanism, a carriage mechanism, a print head, and the like. A serial printer that prints in units of characters, such as an inkjet printer or a thermal transfer printer, a line printer that prints in units of lines, and a page unit. Various print engines corresponding to a page printer or the like for printing can be used.

  Further, for example, the printer device 20 includes an information processing unit including a CPU (processor), a ROM, a RAM, an LCD panel and an LCD controller, a communication interface, and the like for controlling the power mechanism unit to perform a printing operation. The CPU is configured to be able to access each unit via a bus, and controls the power mechanism unit according to a print job sent via a communication interface, for example, to actually perform a printing operation. Note that the power mechanism unit may include a CPU independently. In that case, the CPU of the power mechanism unit communicates with the CPU of the information processing unit via a parallel interface or the like to control the print engine. A printing operation is performed.

  The function of the information processing unit of the printer device 20 is basically the same as the function of the information processing unit of the conventional printer device (see FIG. 2). For example, each printer device functions as an information processing unit. The receiving unit 21 receives a print job, analyzes the print job, generates a raster-format print image for one band or one page, and stores it in the image buffer. Based on the control command in the analysis / image generation means 22 and the print job, a print image for a predetermined unit (for example, one pass) is transferred from the image buffer to the print engine, and printing is executed while controlling the print engine. Control means 23 and the like are provided. Each of these means is functionally realized by the CPU executing a program stored in a ROM or RAM in the printer apparatus, an external storage medium, or the like.

  The authentication server 30 includes a CPU (processor), a ROM, a RAM, an I / O controller, a communication interface, an interface with an authentication device, and hardware such as an HDD. Is configured to be accessible.

  Similar to a normal authentication server, the authentication server 30 has a function for receiving and storing a print job for authentication printing, and an authentication for acquiring authentication information for a user who desires printing using the authentication device 100. An information acquisition function, an authentication function for executing authentication processing based on authentication information, a print instruction function for outputting a print job selected by an authenticated user to the printer device 20 and the like are provided.

  However, the authentication server 30 of the present embodiment is configured such that the authentication information acquisition function and the authentication function are each modularized, and the module to be activated can be changed according to the authentication device and the authentication method. Is different from the authentication server 30.

  Specifically, the authentication server 30 acquires print jobs from the host device 10 and the input / output unit 31 that accepts various inputs / outputs information from the user via the I / O controller or the like as the main functional unit. Then, using the print job acquisition unit 33 stored in the print job storage unit 32, the authentication device 100, an authentication information acquisition module 34 for acquiring authentication information of a user who desires printing, and an authentication process based on the authentication information. For at least one of the authentication module 35, the authentication information acquisition module 34, and the authentication module 35, an authentication environment storage unit 36 that stores activation information, a module control unit 37 that starts the module with reference to the authentication environment storage unit 36, and a module Message table storage means 38 for storing unique messages, print job storage hand 32, a job list output unit 39 that outputs print job list information (list list, etc.) corresponding to an authenticated user (hereinafter referred to as “authenticated user”), and a print job selected by the authenticated user in the printer device 20 is provided with a print job output means 40 for outputting to the printer 20 (see FIG. 2).

  In principle, the authentication information acquisition module 34 and the authentication module 35 can be configured using conventional techniques. For example, when a magnetic card reader or fingerprint reader is used as the authentication device, driver software for the magnetic card reader or fingerprint reader can be used as the authentication information acquisition module 34. For example, when using an authentication service based on LDAP (Lightweight Directory Access Protocol), client software of the authentication service can be used as the authentication module 35. Each module corresponding to another authentication device or authentication scheme may be used.

  Each of these means is functionally realized by the CPU executing a program stored in the ROM, RAM, HDD, external storage medium or the like in the authentication server 30. The authentication environment storage unit 36 is configured so that, for example, an authentication print manager can set and register activation information from the outside via the input / output unit 31. For example, the authentication server 30 may receive the activation information via the communication network and record it in the authentication environment storage unit 36.

  The authentication device 100 is, for example, a magnetic card reader, a fingerprint reader, a barcode reader, or the like, and various existing authentication devices can be used.

  The authentication printing framework in the authentication printing system 1 will be described below with reference to the flowcharts shown in FIGS. In addition, each process (including the partial process to which the code | symbol is not provided) can be arbitrarily changed in order within the range which does not produce contradiction in the processing content, or can be performed in parallel.

(Print job accumulation stage: Fig. 3)
When the printer driver unit 13 of the host device 10 receives a print request designating the printer device 20 from an application program operating on the outside or the host device 10 (S100), predetermined printer control that can be interpreted by the printer device 20 A print job is created based on the language (S101), and the created print job is output to the authentication server 30 (S102).

  The print job can include, for example, information such as job ID, output destination printer model information, user name, document name, authentication information (password, etc.), print setting information, and importance of the print job (document). .

  When the authentication server 30 receives a print job from the host device 10 (printer driver means) (S103), it stores it in the print job storage means 32 (S104).

(Authentication environment setting stage: Fig. 4)
The module control unit 37 of the authentication server 30 executes the following authentication environment setting process at a predetermined timing when the authentication printing is not executed (when the power is turned on, when the authentication device is connected, when the user gives an instruction, etc.).

  First, the module control unit 37 determines whether or not the authentication information acquisition module 34 and the authentication module 35 are already in an activated state (S200). If the module is in an activated state, the module is terminated (S201). The determination as to whether or not the module is in the activated state can be made, for example, by referring to a module list in which information on modules in the activated state is registered. If the module is terminated in S201, the corresponding information is deleted from the module list.

  Next, the module control unit 37 refers to the authentication environment storage unit 36 and acquires activation information for the authentication information acquisition module 34 and the authentication module 35 (S202).

  The startup information can include related information required by each module during execution in addition to the startup module name and the like. For example, when the authentication information acquisition module is a magnetic card reader module, the activation information can include information specifying a reading range of the magnetic card reader. Further, for example, when the authentication module executes an authentication process using an external device, the activation information can include the IP address of the external device. FIG. 6 shows an example of activation information stored in the authentication environment storage unit 36.

  Next, the module control unit 37 determines whether a module corresponding to the acquired activation information is mounted on the authentication server 30 (S203). If it is not installed, a predetermined module distribution server (not shown) is accessed, and the activation target module is downloaded and installed in the authentication server 30 (S204). The determination as to whether or not the module is mounted may include determination as to whether or not a module of a predetermined version (for example, the latest version) is mounted.

  Next, the module control means 37 refers to predetermined locations (such as headers and structure variables) of the authentication information acquisition module 34 and authentication module 35 to be activated, acquires messages specific to each module, and stores message table storage means. 38 is registered in association with the message code (S205). FIG. 7 shows an example of a message registered in the message table when the authentication information acquisition module 34 is a magnetic card reader module.

  Next, the module control unit 37 activates the authentication information acquisition module 34 and the authentication module 35 to be activated based on the obtained activation information (S206). At this time, when the activation state is managed using the module list, information on the activated module is registered in the module list.

  Next, when the message code notified as a return value from the activated module indicates a value other than normal (for example, Set_Err_No_1) (S207: YES), the module control unit 37 refers to the message table storage unit 38. A message corresponding to the notified message code is extracted and presented to the user via the input / output means 31 (S208), and the authentication environment setting process is terminated.

(Authentication printing execution stage: FIG. 5)
Upon receiving an authentication print execution instruction from a user who wishes to execute authentication print in the authentication server 30, the module control unit 37 executes the following authentication print processing.

  First, the module control unit 37 controls (calls) the authentication information acquisition module 34 and acquires information (authentication information) necessary for authentication of the user using the authentication device 100 (S300).

  For example, when the authentication device 100 is a magnetic card reader, information recorded on an authentication card passed by the user who wishes to print through the card reader is acquired as authentication information. Although what kind of information is specifically used as the authentication information can be determined according to the design, it is conceivable to use a user name, a user ID (employee number, etc.), for example. Note that as part of the authentication information, a password or the like may be received from a user who desires printing via the input / output unit 31.

  Next, when the message code notified as a return value from the authentication information acquisition module 34 indicates a value other than normal (for example, Err_No_1 to Err_No_3) (S301: NO), the module control unit 37 sets the message table storage unit 38. A message corresponding to the notified message code is extracted and presented to the user via the input / output means 31 (S302), and the authentication printing process is terminated.

  As described above, in the present embodiment, the module control unit 37 that activates a module while registering a module-specific message in the message table, instead of outputting a message by the module that may be changed, is included in the message table. Therefore, the module specific message can be output uniformly at an appropriate timing that does not depend on the change of the module.

  On the other hand, when the notified message code indicates a normal value, the module control unit 37 controls (calls) the authentication module 35 and executes an authentication process based on the authentication information acquired in S300 (S303). .

  For example, when the authentication module 35 is the client software of the LDAP authentication service, the authentication module 35 sends the above-mentioned information to a directory server (not shown) that provides the LDAP authentication service based on the activation information stored in the authentication environment storage unit 36. The acquired authentication information is notified, and the result of authentication performed in the directory server is received based on the notification.

  Next, when the message code notified as a return value from the authentication module 35 indicates a value other than normal (for example, Err_No_4) (S304: NO), the module control unit 37 refers to the message table storage unit 38. A message corresponding to the notified message code is extracted and presented to the user via the input / output means 31 (S302), and the authentication printing process is terminated.

  On the other hand, if the notified message code indicates a normal value, the authentication server 30 refers to the print job storage unit 32 and prints the print job for which the authenticated user (authenticated user) has print authority, that is, authentication. A print job corresponding to the user name of the user is selected and the list information is created (S305).

  For example, when the print job includes a document name or the like, the list information is configured using the document name. In addition, it is desirable that the list information also presents information about the printer device designated as the output destination of the print job.

  If the print job is stored in the print job storage unit 32 in association with the authentication information, the print job corresponding to the authenticated user can be acquired based on the acquired authentication information.

  Next, the authentication server 30 presents the list information to the authenticated user via the input / output means 31 (S306), and waits for an input from the authenticated user (S307).

  When the authentication server 30 receives a print job designation and print execution instruction from the authenticated user based on the list information, the authentication server 30 refers to the print job storage unit 32 to read the print job designated by the authenticated user, and 20 (S308).

  Note that a print job that has been output to the printer apparatus may be deleted from the print job storage unit 32 at a predetermined timing (for example, when a print end notification is received from the printer apparatus or after a certain period of time has elapsed). desirable.

  When the printer device 20 receives a print job from the authentication server 30, the printer device 20 executes print processing based on the print job in the same manner as in the past (S309). That is, by analyzing the print job, a raster-format print image for one band or one page is generated and stored in the image buffer. Based on the control command in the print job, a predetermined unit (for example, one pass) The print image is transferred from the image buffer to the print engine, and printing is executed while controlling the print engine.

  As described above, in the present embodiment, the authentication information acquisition function and the authentication function are not realized by so-called “making”, but the authentication environment storage unit 36 in which the activation information is recorded after these functions are modularized. An authentication information acquisition function and an authentication function in authentication printing are realized by a configuration in which the corresponding modules (the authentication information acquisition module 34 and the authentication module 35) are activated with reference to the configuration. According to such a configuration, when the authentication device or the authentication method is changed, the authentication information acquisition module 34 or the authentication module 35 corresponding to the changed authentication device or the authentication method is mounted on the authentication server 30, and each of these modules is installed. Since it is sufficient to store the activation information in the authentication environment storage unit 36, it is possible to easily and flexibly cope with changes in the authentication device and the like.

(Other)
The present invention is not limited to the above embodiment and can be applied with various modifications. For example, in the above-described embodiment, an authentication printing system including a printer device as a printing apparatus has been described. However, the present invention is also applicable to an authentication printing system including a printing apparatus such as a copying machine, a facsimile machine, or a multifunction machine. .

  Further, for example, in the above embodiment, the authentication server 30 and the printer device 20 are described as separate units. However, the authentication server 30 includes the printer device 20 (the configuration in which the authentication server 30 also has a printing function). May be.

  Conversely, the printer device 20 is configured to include functions related to authentication of the authentication server 30 (authentication information acquisition module 34, authentication module 35, authentication environment storage means 36, module control means 37, job list output means 38, etc.). May be.

  Further, for example, the authentication server 30 (module control unit 37) acquires the activation information of the module corresponding to the authentication device connected to the authentication server 30, and stores it in the authentication environment storage unit 36 (or performs the authentication environment setting process). Execute). For example, as shown in FIG. 8, the map information that associates the type of authentication device with the activation information of the authentication information acquisition module, the module location information, etc. is stored, and the authentication device is newly connected. If detected, the activation information of the authentication information acquisition module is acquired with reference to the correspondence relationship and stored in the authentication environment storage means 36. At this time, if the corresponding authentication information acquisition module is not mounted, the module location may be accessed at this stage (such as a module distribution server) to download the corresponding module program.

2 is a block diagram illustrating a hardware configuration of the authentication printing system 1. FIG. 2 is a block diagram illustrating functional configurations of a host device 10, a printer device 20, and an authentication server 30. FIG. 3 is a flowchart for explaining a print job accumulation stage in the authentication printing system 1; 3 is a flowchart for explaining an authentication printing environment setting stage in the authentication printing system 1; 3 is a flowchart for explaining an authentication printing execution stage in the authentication printing system 1; It is a figure which shows the example of the starting information memorize | stored in the authentication environment memory | storage means. It is a figure which shows the example of the message registered into a message table. It is a figure which shows the example of the map information which matched the starting information etc. of the authentication information acquisition module with the authentication device.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Authentication printing system, 10 Host apparatus, 11 Input / output means, 12 Communication means, 13 Printer driver means, 20 Printer apparatus, 21 Reception means, 22 Analysis and image generation means, 23 Print control means, 30 Authentication server, 31 Input / output Means, 32 print job storage means, 33 print job acquisition means, 34 authentication information acquisition module, 35 authentication module, 36 authentication environment storage means, 37 module control means, 38 message table storage means, 39 job list output means, 40 print job Output means, 100 authentication device

Claims (7)

An authentication print control apparatus that refers to a job storage unit that stores a print job in association with a user, acquires a print job corresponding to an authenticated user, and outputs the acquired print job to a printing unit,
To activate a module for at least one of an authentication information acquisition module that acquires authentication information of a user who desires printing using an authentication device and an authentication module that executes authentication processing based on the authentication information Authentication environment storage means for storing necessary information (hereinafter referred to as “activation information”);
Module control means for obtaining activation information with reference to the authentication environment storage means, and activating a module based on the activation information;
Means for acquiring a module specific message from the module and registering it in a message table in association with a message code;
The module control means reads out a message corresponding to the message code notified from the module with reference to the message table and presents the message to the user .   The authentication print control apparatus according to claim 1, further comprising at least one of the job storage unit and the printing unit. The module control means accesses a predetermined module distribution server, downloads a corresponding module, and mounts it on the authentication print control apparatus when the module that acquired the activation information is not mounted on the authentication print control apparatus The authentication print control apparatus according to claim 1 or 2, wherein The said module control means acquires the starting information corresponding to the authentication device connected to the said authentication control apparatus, and records it on the said authentication environment memory | storage means, The said any one of Claim 1 thru | or 3 characterized by the above-mentioned. Authentication printing control device. 5. The authentication printing control apparatus according to claim 1 , wherein activation information is acquired via a communication network and recorded in the authentication environment storage unit. An authentication information acquisition module for acquiring authentication information of a user who desires printing using an authentication device;
An authentication process in which an authentication module executes an authentication process based on authentication information;
A print control step of acquiring a print job corresponding to the authenticated user with reference to a job storage unit that stores the print job in association with the user, and outputting the acquired print job to the printing unit ;
The module corresponding to at least one of the authentication information acquisition step and the authentication step is referred to an authentication environment storage unit that stores information necessary for starting the module (hereinafter referred to as “startup information”). A module control process to be activated ;
Obtaining a module specific message from the module and registering it in a message table in association with a message code,
The module control step reads the message corresponding to the message code notified from the module with reference to the message table, and presents the message to the user . A program for causing a computer to execute the authentication printing control method according to claim 6 .

Images