JP4836499B2 - Network printing system - Google Patents

Description

The present invention relates to print data from the user equipment to a network printing system that performs printing apparatus prints received via the network.

  In recent years, network printing systems in which printers receive print data from a PC via a network and perform printing have become widespread. However, in such a network printing system, the printer is located away from the PC. When a person who makes a print request for a document has a risk of others seeing it before receiving the printed document, when handling a document that requires high confidentiality, it is desirable to ensure the security against seeing the printed document. It is.

With regard to ensuring the security of such a printed document, a network management system conventionally provided with a fingerprint authentication device in a printer and configured to receive a printed document only when the fingerprint authentication is successful here. Is known (see Patent Document 1).
JP 2001-265739 A

  However, the conventional technology is configured to ensure the safety against the snooping of the printed document by restricting the retrieval of the printed document to the user who requested the printing by the opening / closing mechanism of the ejection port of the paper discharge device. Therefore, the mechanical structure of the apparatus is inevitably complicated, and there is a problem that costs increase. In addition, although it is possible to ensure the safety of the output printed document itself, there is no consideration for the security against the snooping of the document data held in the device, and the document data by taking out the data storage device in the printer etc. Can not be prevented from leaking.

  For this reason, it is necessary to consider a system configuration from the viewpoint of ensuring the safety of the document data itself. As a technique for ensuring the security of such print data, for example, SSL widely used in the field of data communication via a network. It is conceivable to adopt the encryption communication technology by the However, in a general LAN as a network system to which a printer is connected, network management is not so rigorously operated, so it can be said that it is perfect for snooping print data such as man-in-the-middle attacks. However, there are a number of problems in terms of ensuring safety in the network printing system.

  In addition, the facsimile communication system that is frequently used to send documents to remote locations has the same problems as the network printing system described above, and it is necessary to ensure the security against snooping at the document destination. Is desired. In addition, there is a problem of falsification of facsimile data and spoofing of the sender, and it is desired to secure safety against such facsimile communication.

The present invention has been devised to solve such problems of the prior art, and its main purpose is to solve problems such as document data sneaking, document data tampering and sender spoofing. Another object of the present invention is to provide a network printing system configured to ensure high security.

In order to solve such a problem, according to the present invention, there is provided a network printing system in which a printing apparatus receives printing data from a user apparatus via a network and performs printing. An encryption unit provided on the apparatus side for encrypting the print data using the user's personal encryption information to generate encrypted print data; and the user's personal decryption corresponding to the encrypted information possessed by the user Information, transmission request information for instructing transmission of encrypted print data to the user device, a portable object holding the address information of the user device, and decryption information held by the portable object. the portable object and and a decoding means provided in at least one of the printing apparatus, the printing apparatus, the required information to and from the portable object to decrypt Interface means are provided to perform the transfer, the printing apparatus obtains the transmission request information and the address information from said portable object through said interface means, to the user device applicable on the basis of the address information The transmission request information is sent, and the encrypted print data is transmitted from the user device .

According to this, it becomes possible to perform encrypted printing without means for storing encrypted print data in the printing apparatus (for example, a large-capacity storage device such as a hard disk device), and to perform printing safely even in a low-cost printing apparatus. It becomes possible.

  The transmission request information instructs the user device to transmit encrypted print data, and includes authentication information and information (identification information) for specifying the encrypted print data. The address information is information (for example, IP address) that identifies the user device on the network.

As described above, according to the present invention, in the network printing system, only the print requesting user can decrypt the encrypted print data. It is possible to ensure high safety, and in particular, it is possible to perform cipher printing without means for storing cipher print data in the printing apparatus (for example, a large-capacity storage device such as a hard disk device). In this case, printing can be performed safely .

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram showing an example of a network printing system according to the present invention. In this network printing system, a plurality of PCs (user devices) 1 and printers (printing devices) 2 for each user are connected via a network (LAN), and the printer 2 is shared by a plurality of users. The user who has instructed printing of the document by the PC 1 can receive the required print document by the printer 2.

  The PC 1 includes an encryption information storage unit 11 that stores encryption information of an individual user who is a print request source, and an encryption processing unit (encryption unit) 12 that encrypts print data using the encryption information. When the document data generated by the document data generation unit 15 is instructed by a document creation application or an attached scanner, the print data generation unit 13 responds with a predetermined page description language such as a postscript. The described print data is generated, the print data is encrypted by the encryption processing unit 12, and the generated encrypted print data is transmitted from the network control unit 14 to the printer 2.

  The printer 2 includes a decryption information storage unit (storage unit) 21 that stores decryption information for each user, and a decryption processing unit (decryption unit) 22 that decrypts encrypted print data using the decryption information. When the network control unit 23 receives the encrypted print data from the PC 1, the encrypted print data is stored in the print data storage unit 26 by the data storage processing unit 25, and the decryption processing unit 22 stores the print data storage The required encrypted print data is extracted from the unit 26 and the required decryption information is extracted from the decryption information storage unit 21 to perform the decryption process.

  The printer 2 also includes a user authentication unit (user authentication means) 4. Here, a person who performs an operation for instructing output using the operation panel of the printer 2 is a valid user having an output authority. When the authentication by the user authentication unit 4 is successful, the document is printed. In particular, here, in order to prevent snooping of print documents and print data, the authority of decryption and print output is limited to the user who requested the print request, and the user authentication unit 4 authenticates with the user who requested the print request. Only the decryption unit 22 performs decryption, and the print unit 27 outputs a print document based on the print data obtained thereby.

  FIG. 2 is a block diagram showing another example of decoding in the network printing system according to the present invention. Here, a USB key (portable item) 3 having a decryption information storage unit (storage means) 31 that is owned by the user and stores decryption information of the individual user is used. An interface (interface means) 29 that enables data transfer between the printer 2 and the printer 2 is provided. The printer 2 obtains the decryption information of the individual user from the USB key 3 via the interface 29, and the printer 2 The decryption processing unit 22 decrypts the encrypted print data.

  Here, in the decryption processing of the encrypted print data performed by the decryption processing unit 22 in the printer 2, the USB key 3 is connected to the printer 2 because the decryption information necessary for this is obtained from the USB key 3. In this case, for example, the decryption process can be started in response to a predetermined instruction operation by the user. In particular, the decryption process is automatically started in response to the connection of the USB key 3. Then, the user's operation becomes simple.

  Further, the process of connecting the USB key 3 to the printer 2 and providing the decryption information to the printer 2 can be performed in advance, for example, before instructing the printing by the PC 1. It is not preferable to keep the information for a long time from the viewpoint of preventing eavesdropping on the decrypted information. For this reason, it is desirable to provide the decryption information from the USB key 3 immediately before print output by the printer 2.

  In addition, the interface 29 is configured so that the USB key 3 is mechanically connected to the housing of the printer 2 so that the USB key 3 is directly attached to the printer 2, and the USB key 3 is connected to the interface 29. It is also possible to configure the connected device as an independent device from the printer 2 so that the interface 29 can transfer data to and from the USB key 3 via this connected device. It may be advantageous in terms of cost.

  FIG. 3 is a block diagram showing another example of decoding in the network printing system according to the present invention. Here, the USB key (portable) 3 includes a decryption processing unit (decryption unit) 32 for decrypting the encrypted print data in addition to the decryption information storage unit (storage unit) 31, and After obtaining from the printer 2 via the interface 29 and decrypting using the decryption information stored in the decryption information storage unit 31 in the own apparatus, the decrypted print data is transmitted via the interface 29. The data is transferred to the printer 2.

  FIG. 4 is a block diagram showing another example of decoding in the network printing system according to the present invention. Here, both the printer 2 and the USB key 3 include the decryption processing unit 22 and the decryption processing unit 32, respectively, and a part of the encrypted print data is decrypted by the decryption processing unit 32 in the USB key 3, Using the result, the decryption processing unit 22 in the printer 2 decrypts the remainder of the encrypted print data. This configuration is particularly effective in the configuration shown in FIGS. 13 and 14 described later in detail.

  The USB key 3 houses the memory constituting the decryption information storage unit 31 and the CPU constituting the decryption processing unit 32 and the USB controller in the housing, and connects the connector protruding outside the housing to the connector on the printer 2 side. Thus, data transfer conforming to the USB (Universal Serial Bus) standard is performed. Note that the portable object here may be any one that can transfer data to and from the printer using an appropriate wired or wireless communication medium. In particular, it is based on a contact-type or non-contact-type proximity communication interface. For example, a so-called IC card in which a memory or a CPU is embedded in the card is also suitable.

  In the above example, the USB key (portable item) is involved in the decryption by the printer. On the other hand, the USB key (portable item) may be involved in the encryption by the PC (user device). In this case, an encryption information storage unit for storing the encryption information of the individual user is accommodated on the portable object side.

  FIG. 5 is a block diagram showing an example of user authentication in the network printing system according to the present invention. Here, the user authentication unit (user authentication means) 4 of the printer 2 is configured to identify and verify a user based on a biometric method, that is, physical characteristics such as a fingerprint, a face, an iris, and a palm print. A biometric database 41 in which data is registered, a biometric sensor 42 that detects the body characteristics of the user, and the biometric data acquired from the biometric sensor 42 is compared with the data on the database 41 to identify the user. And an authentication processing unit 43.

  When the user performs an operation to instruct print output using the operation panel or the like, the printer 2 performs a display prompting the user to perform an authentication operation for aligning a required body part with the detection position of the biometric sensor 42. In response to this, when the user performs an authentication operation, the authentication processing unit 43 performs user authentication processing. When the user is determined to be registered in the biometrics database 41, the identification information of the user is output. The

  FIG. 6 is a block diagram showing another example of user authentication in the network printing system according to the present invention. Here, as in the example shown in FIG. 2 and the like, the printer 2 includes an interface 29 to which a USB key (portable item) 3 is connected. In particular, the USB key 3 here identifies the user who owns it. The printer 2 includes a user information storage unit 33 for storing information. When the user performs an operation for instructing print output using the operation panel or the like, the printer 2 requests the USB key 3 to transfer user identification information. Thus, the identification information of the user who performs the output operation can be acquired.

  The user authentication unit (user authentication means) 4 can be configured to include both the biometric method shown in FIG. 5 and a portable object such as the USB key 3 shown in FIG. In this case, it is effective to increase the security if the user is specified only when both authentication results match.

  In addition, as shown in FIGS. 2 and 3, in the configuration in which the portable object such as the USB key 3 holds the decryption information of the individual user, a user identification function for specifying the user in the decryption information of the individual user itself The user possessing such a portable object can be identified as the user specified by the decryption information held therein, and in the same manner as in the example shown in FIG. 3 is connected to the printer 2 and obtains the decryption information of the individual user, so that it can be considered that the user authentication processing has been performed.

  FIG. 7 is a block diagram showing an example of encryption and decryption in the network printing system according to the present invention. In the PC 1, user identification information including the user's name and the like and user's personal encryption information are registered in advance, and when the user performs an operation to instruct printing, an encryption key (encryption information) ) Is used to encrypt print document data, and transmission data in which a user name (user identification information) is added to the encrypted data is generated.

  The printer 2 includes a print data call processing unit 51 that extracts print data corresponding to the corresponding user from the print data storage unit 26 based on the user identification information acquired from the user authentication unit 4. The print data storage unit 26 stores the print data to which the user identifier (user name) is added as it is, and can determine which user the print data belongs to based on the user identifier. And the print data may be stored in a storage area for each user.

  Further, the printer 2 is based on the decryption key database 52 in which the decryption key for each user, which is an aspect of the decryption information storage unit 21 illustrated in FIG. 1, and the user identification information acquired from the user authentication unit 4. A decryption key call processing unit 53 for retrieving a decryption key corresponding to the corresponding user from the decryption key database 52.

  When the user identification information is acquired by the user authentication unit 4 by the authentication operation in biometric authentication or the connection of the USB key 3, the encrypted print data of the corresponding user is obtained from the print data storage unit 26 based on the user identification information. The calling process is performed by the print data call processing unit 51, and the decryption key call processing unit 53 calls the decryption key of the corresponding user from the decryption key database 52 based on the user identification information. Then, the decryption processing unit 22 performs a process of decrypting the corresponding encrypted print data of the user with the decryption key of the user, thereby obtaining the original print data.

  FIG. 8 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, unlike the above example, the user identification information is not added to the transmission data, and the PC 1 is encrypted in a state where a mark registered in advance is added to the print document data. The mark is not particularly limited as long as it can be detected by decoding with the printer 2 such as text data.

  The printer 2 includes the decryption key database 52 and the decryption key call processing unit 53 as in the above example, but the print data call processing unit that extracts the print data corresponding to the corresponding user from the print data storage unit 26 is Here, the decryption processing unit 22 sequentially calls the encrypted print data stored in the print data storage unit 26 and uses the decryption key call processing unit 53 to decrypt the decrypted data. Processing is performed to verify whether or not the encrypted print data belongs to the corresponding user, and the print data of the corresponding user is output.

  In the decryption processing unit 22, in the case of the encrypted print data of the corresponding user, a mark appears in the decrypted data, and by detecting this, it is determined that the encrypted print data belongs to the corresponding user. With this configuration, it is not possible to easily determine which user the encrypted print data stored in the print data storage unit 26 of the printer 2 belongs to.

  FIG. 9 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, as in the example shown in FIG. 8, the PC 1 encrypts a mark registered in advance with the print document data added. On the other hand, unlike the example shown in FIG. 8, the printer 2 sequentially calls the decryption keys registered in the decryption key database 52 in the decryption processing unit 22, and prints the same as in the example shown in FIG. 7. The decryption process is performed using the user's encrypted print data acquired by the data call processing unit 51, and it is verified whether or not the decryption key belongs to the corresponding user, and the corresponding user's print data is output. The

  In the decryption processing unit 22, in the case of the decryption key of the corresponding user, a mark appears in the decrypted data of the encrypted print data, and by detecting this, it is found that the decryption key belongs to the corresponding user. To do.

  FIG. 10 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, the user designates the encrypted print data stored in the print data storage unit 26 using the operation panel 28, and the corresponding encrypted print data is taken out by the print data call processing unit 51 that has received the designation. In the decryption processing unit 22, the encrypted print data is decrypted using the decryption key obtained by the decryption key call processing unit 53.

  On the operation panel 28, for example, a list of encrypted print data stored in the print data storage unit 26 is displayed, and the user can select and specify from this list. In addition, the corresponding encrypted print data may be read by the print data call processing unit 51 based on user information acquired by an authentication device different from the user authentication unit 4.

  FIG. 11 is a block diagram showing another example of user authentication and decryption in the network printing system according to the present invention. Here, as in the example shown in FIG. 7, the print data call processing unit 51 specifies print data based on the identification information of the user authenticated by the user authentication unit 4. Since the decryption information is obtained from the USB key 3 and the decryption processing unit 22 decrypts the print data, the decryption key database 52 and the decryption key call processing unit 53 as shown in FIGS. It is unnecessary.

  FIG. 12 is a block diagram showing another example of user authentication and decryption in the network printing system according to the present invention. Here, as in the example shown in FIG. 11, the decryption information is obtained from the USB key 3, the print data is decrypted by the decryption processing unit 22, and the decryption obtained from the USB key 3 is further performed. As in the example shown in FIG. 8, the decryption processing unit 22 verifies whether or not the sequentially called encrypted print data belongs to the corresponding user by using the information, and obtains the encrypted print data of the corresponding user. Since the data is output, the user authentication unit 4 is not particularly necessary.

  FIG. 13 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, in the PC 1, the public key (encrypted information) and the common key (encrypted information) of the user who is the print request source are registered in advance, and the public key (encrypted information) of the user is used among them. The common key randomly generated in the PC 1 is encrypted, and the print data and the hash value thereof are encrypted using the common key and the user's personal common key (encryption information). A user name (user identification information) is added to the generated encrypted print data and transmitted.

  The USB key (portable) 3 possessed by the user himself / herself stores the user's private key (second decryption information), and the printer 2 obtains the user's private key via the interface 29. can do. Further, as shown in FIG. 5, the printer 2 is provided with a user authentication unit (user authentication means) 4 for identifying and verifying that the person who performs the output operation is the print requesting user. In addition, as shown in FIG. 6, the structure which performs user authentication using the user identification information memorize | stored in the USB key 3 is also possible.

  In the decryption key database (storage means) 52 of the printer 2, a common key (first decryption information) paired with the common key registered in the PC 1 is registered for each user, and a decryption key call processing unit ( In the decryption information acquisition means) 53, the common key (first decryption information) corresponding to the user authenticated by the user authentication unit 4 is extracted from the decryption key database 52, and the private key stored in the USB key 3; Using the common key acquired by the decryption key call processing unit 53, processing for decrypting the encrypted print data received from the PC 1 is performed.

  In this case, in addition to the configuration related to the decryption processing shown in FIGS. 2 and 3, a configuration in which a part of the decryption processing is performed by the decryption processing unit 32 in the USB key 3 as shown in FIG. 4 is also possible. is there. For example, decryption processing of the common key encrypted with the public key is performed by the decryption processing unit 32 in the USB key 3, and the common key obtained thereby is transferred to the printer 2, and this common key and decryption key are transferred. It is assumed that the decryption processing unit 22 in the printer 2 performs a process of decrypting the print data and the hash value using the common key acquired by the call processing unit 53.

  FIG. 14 is a block diagram showing another example of encryption and decryption in the network printing system according to the present invention. Here, in the PC 1, a password is input by the user using a keyboard or the like, and this password, a common key randomly generated in the PC 1, a pre-registered common key (the first key corresponding to the first decryption information). 1), the print data and the hash value are encrypted. The common key that is randomly generated is encrypted with a public key (second encryption information corresponding to the second decryption information) registered in advance, as in the above example.

  In the printer 2, the secret key (second decryption information) and the common key (first decryption information) are acquired in the same procedure as in the above example. In addition, a password is input by the user using the operation panel (input means) 28, and the acquired password, the secret key (second decryption information), and the common key (first decryption information) are used. Thus, the encrypted print data is decrypted.

  The example shown in FIGS. 13 and 14 is an aspect of the configuration in which the user's personal decryption key is held in a portable object such as the USB key 3 as shown in FIGS. In this case, as shown in FIGS. 7 to 10, the decryption key database 52 that holds the decryption key for each user is unnecessary, and the decryption key call processing unit 53 for specifying the decryption key is also unnecessary.

  In addition, as a configuration using a password input by the user, for example, the PC 1 encrypts the password together with the print data with a required encryption key, and the printer 2 decrypts the data with the required decryption key. A configuration in which a determination is made by comparing a certain password with a password input by a user is also possible.

  FIG. 15 is a block diagram showing an example of a facsimile communication system according to the present invention. This facsimile communication system transmits and receives facsimile data between the transmission-side facsimile apparatus 101 and the reception-side facsimile apparatus 102 according to the G3 facsimile communication procedure via the PSTN. Facsimile data is encrypted, and confidential transmission that makes it difficult for the receiving facsimile apparatus 102 to view a printed document or data is possible. Here, the facsimile data is generated by compressing bitmap image data by an encoding method such as MR or JBIG.

  The transmission-side facsimile apparatus 101 includes an addressee database 111 in which encryption information for each addressee is registered, and an encryption processing unit (encryption means) that encrypts transmission document data using the addressee personal encryption information. 112, the facsimile data generated by the facsimile data generation unit 115 in response to the reading of the transmission original by the original reading unit 113 is encrypted by the encryption processing unit 112, and the encrypted facsimile data is transmitted from the network control unit 114. Is transmitted to the receiving facsimile machine 102.

  The receiving-side facsimile apparatus 102 includes a decryption information storage unit (storage means) 121 that stores decryption information for each user (addressee), and a decryption process that decrypts encrypted document data using the decryption information. (Decryption means) 122, and when the network control unit 23 receives the encrypted facsimile data from the transmission-side facsimile apparatus 101, the encrypted facsimile data is stored in the facsimile data storage unit 126 by the data storage processing unit 25. Then, the decryption processing unit 122 extracts the required encrypted facsimile data from the facsimile data storage unit 126 and also extracts the required decryption information from the decryption information storage unit 121 and performs the decryption process.

  In addition, the receiving side facsimile apparatus 102 includes a user authentication unit (user authentication means) 104, and here, it is identified and verified that the person who performs the operation of instructing the output using the operation panel or the like is the addressee. Only when the user authentication unit 104 authenticates the addressee, the decryption unit 122 performs decryption, and the print unit 127 outputs a print document based on the print data obtained thereby. Is done.

  The user authentication unit 104 is based on the biometrics method shown in FIG. 5 or the USB key 3 that the user (destination person) owns and stores personal identification information as shown in FIG. It is possible to use any portable object, and a combination of a biometric method and a portable object is also possible. Further, as shown in FIGS. 2 and 3, it is also possible to perform a process corresponding to user authentication with a portable object possessed by the user (addressee) himself and holding the decryption information of the individual user.

  FIG. 16 is a block diagram showing an example of encryption and decryption in the facsimile communication system according to the present invention. In the addressee database 111 of the transmission side facsimile apparatus 101, identification information such as the name of the addressee to be sent confidentially and the encryption key of the addressee personal are registered in advance, and the user selects the addressee by the operation panel 118. When the designated operation is performed, the addressee encryption key (encryption information) is called by referring to the addressee database 111, and the encryption data is encrypted by the encryption processing unit 112 using the addressee encryption key. Further, transmission data in which the addressee name (addressee identification information) is added to the encrypted facsimile data is generated.

  The reception-side facsimile apparatus 102 includes a facsimile data call processing unit 131 that extracts facsimile data corresponding to the user authenticated by the user authentication unit 4 from the facsimile data storage unit 126. Further, the decryption key database 132 in which the decryption key for each user is registered, and the decryption key corresponding to the user authenticated by the user authentication unit 4, which is an aspect of the decryption information storage unit 121 illustrated in FIG. A decryption key call processing unit 133 that is extracted from the key database 132.

  When the user authentication unit 104 authenticates the user, the facsimile data call processing unit 131 performs a process of calling the corresponding user's encrypted facsimile data from the facsimile data storage unit 126 based on the identification information of the user. The decryption key call processing unit 133 calls the decryption key of the corresponding user from the decryption key database 132 based on the user identification information, and the decryption processing unit is a process for decrypting the encrypted facsimile data with the decryption key obtained thereby. In step 122, facsimile data is generated.

  In this case, a public key cryptosystem in which the encryption key distributed to the transmission source and registered in the transmission-side facsimile apparatus 101 is a public key and the decryption key registered in the reception-side facsimile apparatus 102 is a secret key is suitable.

  The configuration of the receiving side facsimile apparatus 102 here is the same as the example shown in FIG. 7, but in addition to this, the same configuration as the example shown in FIG. The encrypted facsimile data stored in the facsimile data storage unit 126 is sequentially called, and the user's decryption key acquired by the decryption key call processing unit 133 is used to verify whether the encrypted facsimile data belongs to the corresponding user. As a result, the facsimile data of the corresponding user may be output.

  The receiving facsimile apparatus 102 has the same configuration as the example shown in FIG. 9, that is, the decryption processing unit 22 sequentially calls the decryption keys registered in the decryption key database 132, and the example shown in FIG. It is assumed that the decryption key is that of the corresponding user while decrypting the encrypted facsimile data acquired by the same facsimile data call processing unit 131 and that the corresponding user's facsimile data is output. Also good.

  Further, the receiving side facsimile apparatus 102 has the same configuration as the example shown in FIG. 10, that is, the user designates the encrypted facsimile data stored in the facsimile data storage unit 126 using the operation panel, and accepts the designation. The corresponding encrypted print data is called by the facsimile data call processing unit 131, and the decryption processing unit 122 decrypts the encrypted print data by using the decryption key obtained by the decryption key call processing unit 53. good.

  In addition, the receiving-side facsimile apparatus 102 here has a configuration for performing decryption processing therein, but in addition to this, a configuration similar to the example shown in FIG. An interface to which the key (portable) 3 can be connected may be provided, and decryption processing in the USB key 3 may be performed using the decryption information stored in the USB key 3. Also, the same configuration as the example shown in FIG. 4, that is, a part of the encrypted facsimile data is decrypted by the decryption processing unit in the USB key 3, and the decryption processing in the receiving side facsimile apparatus 102 using the result The remaining part of the encrypted facsimile data may be decrypted by the part.

  FIG. 17 is a block diagram showing another example of a facsimile communication system according to the present invention. Here, when the receiving facsimile apparatus 102 is connected to a PC (user apparatus) 103 for each user (addressee) via a network (LAN) and receives encrypted facsimile data from the transmitting facsimile apparatus 101, A notification processing unit (notification processing unit) 141 that performs notification to that effect on the PC 103 of the corresponding user (addressee) is provided, and notification information generated by the notification processing unit 141 is transmitted from the network control unit 142 to the PC 103. Sent to.

  When the notification information from the receiving facsimile apparatus 102 is received, the PC 103 displays a message to the effect that the confidential facsimile has arrived on the monitor, and the user (destination person) himself / herself at the PC 103 located away from the receiving facsimile apparatus 102. You can know the arrival of a confidential facsimile addressed to you.

  FIG. 18 is a block diagram showing another example of a facsimile communication system according to the present invention. This facsimile communication system transmits and receives facsimile data between the transmission-side facsimile apparatus 105 and the reception-side facsimile apparatus 106 according to the G3 facsimile communication procedure via the PSTN. Facsimile data with a digital signature is created so that the receiving facsimile machine 102 can determine whether the data has been tampered with or the sender is forged.

  Here, a USB key (portable item) 103 that is owned by the user (sender) and stores the encryption information of the individual user is used, and data transmission to and from the USB key 103 is performed on the transmitting-side facsimile apparatus 105. And an interface (interface means) 151 for enabling a digital signature generation section (digital signature generation means) 152 for generating a digital signature using the encryption information of the user (sender) personal stored in the USB key 103. Yes.

  When the user (sender) selects the signature transmission on the operation panel 153 and performs an operation for instructing the transmission, the facsimile data generated by the facsimile data generation unit 155 in response to the reading of the transmission document by the document reading unit 154 is a digital signature. A digital signature is generated by being sent to the generation unit 152, and facsimile data with a digital signature obtained by adding the digital signature to the facsimile data is transmitted from the network control unit 156 to the receiving side facsimile apparatus 106.

  The receiving side facsimile apparatus 106 is provided with a digital signature determination processing unit (digital signature determination unit) 161 that verifies data falsification and spoofing based on the digital signature, and the network control unit 162 is connected to the transmission side facsimile apparatus 105. When the facsimile data with a digital signature is received, verification by the digital signature is performed by the digital signature determination processing unit 161. If successful, the print data is sent to the printing unit 163 for printing. At this time, for example, a sender's name and a word proving its authenticity may be printed in the margin. As another application using the printing of the sender's name, if the sender sends print data with a digital signature to him and prints his / her name together, it is printed out. When a printed document or the like is left unattended, it can be used to specify who the output is for. In addition, when verification by the digital signature is unsuccessful, a message indicating that the authenticity is doubtful may be printed in the margin together with the sender name.

  The digital signature generation unit that generates a digital signature using the sender's personal encryption information is provided inside a portable object such as the USB key 103 that is owned by the sender and stores the sender's personal encryption information. Is also possible. Moreover, the structure which acquires user identification information by user authentication and specifies the encryption information in a database based on the user identification information is also possible.

  FIG. 19 is a block diagram showing an example of encryption and decryption in the facsimile communication system according to the present invention. The USB key 103 connected to the transmission-side facsimile apparatus 105 holds the private key of the user (sender), and a digital signature is created by the digital signature generation unit 152 using this private key. The digital signature generation unit 152 obtains a hash value of the facsimile data and encrypts the hash value using the private key of the user (sender) to generate a simple digital signature.

  The receiving-side facsimile apparatus 106 is provided with a public key database 164 in which a public key for each sender is registered. The digital signature determination processing unit (digital signature determination means) 161 is a sender of the received facsimile data with a digital signature. Obtains the sender's public key from the public key database 164 based on the name (sender identification information), decrypts the digital signature with the public key, obtains the hash value, and compares it with the hash value obtained from the received facsimile data And verify whether the data has been tampered with.

  FIG. 20 is a block diagram showing another example of encryption and decryption in the facsimile communication system according to the present invention. Here, in the transmission side facsimile apparatus 105, in addition to the digital signature, transmission data in which a digital certificate issued by an external certificate authority (CA station) is added to the facsimile data is created, thereby further enhancing the authenticity of the digital signature. It is what I did.

  In the certificate authority (CA station) 107, a digital certificate is created by encrypting the public key of the user (sender) corresponding to the secret key held in the USB key 103 with the secret key of the certificate authority 107. In 105, the digital certificate received from the certificate authority 107 and the digital signature created in the same procedure as described above are added to the facsimile data and transmitted to the receiving facsimile apparatus 106. The receiving facsimile apparatus 106 In the digital signature determination processing unit 161, the digital certificate is decrypted using the public key of the certificate authority 107, and the digital signature is decrypted using the public key of the user (sender) obtained thereby to obtain the hash value. To do.

FIG. 21 is a block diagram showing another example of a facsimile communication system according to the present invention.
Here, a PC (user device) 108 for each user (sender) is connected to the transmission-side facsimile device 109 via the LAN, and a print instruction for document data generated by the document data generation unit 181 by a document creation application or the like on the PC 108. Then, the print data is transmitted to the reception side facsimile apparatus 106 via the transmission side facsimile apparatus 109.

  The PC 108 is provided with a user authentication unit 104 and a digital signature generation unit 152 in the same manner as the transmission-side facsimile apparatus 105 shown in FIG. 18, and a signature facsimile transmission is designated by the input operation unit 182 of the PC 108. When printing is instructed, the print data generated by the print data generation unit 183 is sent to the digital signature generation unit 152 to generate a digital signature, and the print data with the digital signature added to the print data is the network control unit. The data is transmitted from 184 toward the transmitting facsimile apparatus 109. The transmission side facsimile apparatus 109 transmits facsimile data to the reception side facsimile apparatus 106 via the PSTN according to a normal G3 facsimile communication procedure, and the reception side facsimile apparatus 106 performs verification using a digital signature in the same procedure as described above. .

  In the example of the facsimile communication system using the digital signature, the sender encryption information is provided by the USB key. However, the user identification information is obtained by user authentication, and the database is based on the user identification information. A configuration for specifying the encryption information in the inside is also possible.

  In the example of the facsimile communication system described above, the facsimile data is transmitted / received via the PSTN according to the G3 facsimile communication procedure. A so-called Internet facsimile which is stored in a mail and transmitted / received via the Internet is also possible.

  FIG. 22 shows another example of the network printing system according to the present invention. Here, as in the example of FIG. 1, the printer 2 receives the encrypted print data generated on the PC 1 side using the encryption information of the individual user from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. Is decrypted using the decryption information corresponding to the encrypted information, and the printer 2 performs printing, and the memory card 201 is carried as a portable object possessed by the user himself and storing the decryption information of the individual user. Is used.

  The memory card 201 is a non-contact type that complies with, for example, the ISO14443Type-A standard, and enhances safety by performing data protection with a key file for each data area in the card.

  Further, here, the printer 2 is provided with a reader / writer (interface means) 202 that enables data transfer to and from the memory card 201, and from the PC 1 using the decryption information stored in the memory card 201. A process for decrypting the received encrypted print data is performed in the decryption processing unit 22.

  In particular, here, the PC 1 generates an encryption / decryption information generation unit (information acquisition unit) 205 that generates and acquires the encryption information of the user for encrypting the print data and the decryption information paired therewith, A reader / writer (interface means) 206 that enables data transfer to and from the memory card 201 is provided, and the PC 1 provides decryption information to the memory card 201 via the reader / writer 206.

  In this configuration, when the memory card 201 is connected to the PC 1, the encryption / decryption information generation unit 205 of the PC 1 generates encryption information for encrypting print data and decryption information paired therewith. Then, the information storage unit 207 stores the decrypted information in the memory card 201. When printing is instructed by the PC 1, the process of encrypting the print data generated by the print data generation unit 13 using the encryption information generated by the encryption / decryption information generation unit 205 of the PC 1 is encrypted. The encrypted print data obtained by this processing is transmitted to the printer 2, and the printer 2 stores the received encrypted print data in the print data storage unit 26, and enters a standby state.

  When the print document is output by the printer 2, when the memory card 201 is connected to the printer 2, the information reading unit 203 of the printer 2 performs a process of reading the decrypted information from the memory card 201. Using the information, the decryption processing unit 22 performs a process of decrypting the encrypted print data, and the print data obtained thereby is sent to the printing unit 27.

  In the configuration shown in FIG. 22, the method for generating the encryption information and the decryption information in the encryption / decryption information generation unit 205 of the PC 1 is not particularly limited. For example, according to a predetermined program In addition to automatic generation, it is also possible to input directly by the user. The same applies to the examples shown below.

  Further, in the example shown in FIG. 22, the generation process of the encryption information and the decryption information performed in the encryption / decryption information generation unit 205 of the PC 1 is performed after the memory card 201 is connected to the PC 1. However, unlike this, the memory card 201 may be performed in advance prior to being connected to the PC 1.

  In addition, since the encryption information and decryption information generation processing can be performed in advance prior to the connection of the memory card 201 to the PC 1, the print data is encrypted according to the print instruction in the PC 1. The temporal relationship between each process of transmission to the printer 2 and the process of storing the decryption information in the memory card 201 is not particularly limited.

  In addition, the process of storing the decryption information in the memory card 201 may be performed at least before the print document is output by the printer 2, but the PC 1 is dedicated to a specific user, and login is restricted by a password or the like. It is not desirable for safety to keep the decryption information in the PC 1 for a long time unless high security is ensured by the function to be performed, etc. From this point of view, the memory card 201 is connected to the PC 1 At this point, the encryption / decryption information generation unit 205 generates encryption information and decryption information, immediately stores the decryption information in the memory card 201, and immediately after that, erases the decryption information in the PC 1 And good. On the other hand, if the security of the encrypted information can be ensured by the public key encryption method even if the PC 1 itself cannot secure high security, only the encrypted information is held in the PC 1 for a long time. In this way, it is possible to save the trouble of connecting the memory card 201 to the PC 1 when instructing printing on the PC 1 next time.

  Further, the memory card 201 may be configured to store the encryption information together with the decryption information. In this case, for example, after the decryption information and the encryption information are stored in the memory card 201, the encryption information and the decryption information in the PC 1 are deleted, and the memory card 201 is connected to the PC 1 for encryption. The encryption information in the memory card 201 is provided to the PC 1, and when the encryption is completed, the encryption information in the PC 1 may be deleted.

  Further, in the configuration shown in FIG. 22, instead of the memory card 201 as a portable object, a so-called IC card in which a CPU is embedded in the card is adopted, and print data is encrypted in the IC card. That is, the portable object may be configured to include an encryption processing unit (encryption unit) that encrypts print data.

  FIG. 23 shows another example of a network printing system according to the present invention. Here, as in the above example, the printer 2 receives the encrypted print data generated from the personal information of the user on the PC 1 side via the network, and the encrypted print data is encrypted on the printer 2 side. The printer 2 performs printing using the decryption information corresponding to the decryption information, but unlike the above example, the printer 2 stores the user's personal encryption information and decryption information. An encryption / decryption information generation unit (information acquisition unit) 211 for generation and acquisition is provided, and the printer 2 provides the encryption information and the decryption information to the memory card 201 via the reader / writer 202. .

  In this system, first, when the memory card 201 is connected to the printer 2 prior to a print request at the PC 1, the process of generating encryption information and decryption information for encrypted communication of print data is performed by the encryption of the printer 2. The information storage unit 212 performs processing for storing the encrypted information and the decryption information obtained by the decryption information generation unit 211 in the memory card 201. When the storage of the encrypted information and the decrypted information in the memory card 201 is completed, the encrypted information and the decrypted information are deleted from the printer 2.

  When the memory card 201 is connected to the PC 1 at the time of a print request in the PC 1, the information reading unit 213 reads the encrypted information from the memory card 201 by the information reading unit 213 of the PC 1, and then performs this encryption. The encryption processing unit 12 performs processing for encrypting print data using information, and the encrypted print data obtained thereby is transmitted to the printer 2. In the printer 2, the received encrypted print data is stored in the print data storage unit. 26, and it is in a standby state.

  When the print document is output by the printer 2, when the memory card 201 is connected to the printer 2, a process for reading the decryption information from the memory card 201 is performed by the information reading unit 203. Using the information, the decryption processing unit 22 performs processing for decrypting the encrypted print data.

  FIG. 24 shows another example of the network printing system according to the present invention. Here, the printer 2 performs a required rasterization process on the print data obtained by decrypting the encrypted print data received from the PC 1 side, and the processed data obtained thereby is processed. When storing in the raster data storage unit (storage unit) 225, an encryption processing unit (encryption unit) 223 that re-encrypts using necessary encryption information is provided. In particular, here, encryption information and decryption information for encrypting print data are the same as encryption information and decryption information for encrypting raster data.

  In this system, first, when the memory card 201 is connected to the printer 2 prior to a print request at the PC 1, the process of generating encryption information and decryption information for encrypted communication of print data is performed by the encryption of the printer 2. A process that is performed by the decryption information generation unit 211 and the obtained encryption information and decryption information are stored in the information storage unit 227, and that the encryption information and the decryption information are stored in the memory card 201. This is performed by the information storage unit 212.

  When the memory card 201 is connected to the PC 1 at the time of a print request in the PC 1, the information reading unit 213 of the PC 1 performs a process of reading the encrypted information from the memory card 201, and then uses this encrypted information. Processing for encrypting the print data is performed by the encryption processing unit 12, and the encrypted print data obtained thereby is transmitted to the printer 2, and the received encrypted print data is decrypted in the information storage unit 227 by the printer 2. The decryption processing unit 221 performs a decryption process using the information, and then the decryption information in the information storage unit 227 is deleted.

  Next, rasterization of the print data obtained by the decryption processing unit 221 is performed by the rasterizer 222, and then processing for re-encrypting the raster data using the encryption information of the information storage unit 227 is performed by the encryption processing unit 223. Thereafter, the encrypted information in the information storage unit 227 is erased. A process of saving the re-encrypted raster data in the print data storage unit 26 is performed by the data storage unit 224, thereby entering a standby state.

  When the print document is output by the printer 2, when the memory card 201 is connected to the printer 2, the information reading unit 203 of the printer 2 performs a process of reading the decrypted information from the memory card 201. Using the information, the decryption processing unit (decryption unit) 226 performs a process of decrypting the encrypted raster data extracted from the print data storage unit 26, and the obtained raster data is sent to the printing unit 27. It is done.

  FIG. 25 shows another example of a network printing system according to the present invention. Here, as in the previous examples, the printer 2 receives the encrypted print data generated by using the personal user's encryption information on the PC 1 side from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. The printer 2 is configured to perform decryption using decryption information corresponding to the encrypted information, and in particular, here, a server device connected to the PC 1 and the printer 2 via an appropriate communication medium. This server device 241 stores decryption information in association with individual user access information, and in response to a transmission request made with access information from the printer 2, the corresponding decryption information is stored. Information is provided to the printer 2.

  Further, in this system, an RFID tag (portable item) 242 that is owned by the user and stores the access information of the individual user is used, and the printer 2 can transfer data to and from the RFID tag 242. A receiving device (interface means) 244 that performs the request, and a request unit that acquires decryption information by making a transmission request to the server device 241 with the access information acquired from the RFID tag 242 via the receiving device 244 Request means) 245 is provided, and the decryption information acquired by the request unit 245 is used to decrypt the encrypted print data.

  Further, the server device 241 stores the encrypted information together with the decryption information in association with the user's personal access information, and in response to the transmission request made with the access information from the PC 1, the corresponding encrypted information is stored. The PC 1 is provided with a receiving device (interface means) 246 that enables data transfer to and from the RFID tag 242, and the RFID tag 242 is obtained via the receiving device 246. A request unit (request means) 247 for acquiring encrypted information by making a transmission request to the server apparatus 241 with access information is provided, and the encrypted information acquired by the request unit 247 is used. The print data is encrypted.

  The access information is personal identification information given to each user and is stored in advance in the RFID tag 242.

  In this system, when the RFID tag 242 is connected to the PC 1 at the time when the user instructs printing on the PC 1, or before that, the PC 1 automatically or in response to a predetermined instruction by the user. The information reading unit 248 performs processing for reading access information from the RFID tag 242, and then the request unit 247 makes a transmission request to the server device 241 with the access information acquired from the RFID tag 242. In the device 241, the access execution unit 249 retrieves the encrypted information from the information storage unit 250 according to the access information and transmits it to the PC 1, and the PC 1 acquires the encrypted information from the server device 241.

  When the user issues a print instruction on the PC 1, the encryption processing unit 12 performs a process of encrypting the print data using the encryption information, and the encrypted print data obtained thereby is transmitted to the printer 2. The printer 2 stores the received encrypted print data in the print data storage unit 26, and enters a standby state.

  When the user goes to the printer 2 with the RFID tag 242 and the RFID tag 242 is connected to the printer 2, the information reading unit 251 automatically or in response to a predetermined instruction from the user. Then, the access information is read from the RFID tag 242, and then the request information is sent to the server device 241 by attaching the access information, and the access execution unit 249 accesses the server device 241. The decryption information is extracted from the information storage unit 250 according to the information and transmitted to the printer 2, and the decryption information is acquired by the request unit 245 of the printer 2. When the user instructs the printer 2 to output a print document, the decryption processing unit 22 performs a process of decrypting the encrypted print data using the decryption information, and the print data obtained thereby is used. Printing is performed in the printing unit 27.

  Note that, unlike the example shown in FIG. 25, a configuration in which a request unit 245 that acquires decryption information by a transmission request to the server device 241 is provided in the receiving device 244 on the printer 2 side. It is. Further, on the PC 1 side, a configuration in which a request unit 247 that acquires encrypted information in response to a transmission request to the server device 241 is provided in the receiving device 246 may be adopted. In addition, the print data storage unit 26 on the printer 2 side can be configured as a storage device that exists independently outside the printer 2. Further, the server device 241 can be configured by a plurality of server devices.

  In the configuration shown in FIG. 25, when the encrypted print data is extracted from the print data storage unit 26 and decrypted, it is necessary to specify the encrypted print data to be decrypted by some method. In this case, for example, Based on the user's personal identification information added to the print data, it can be automatically performed by a method such as determining whether or not the encrypted print data is to be decrypted, and can be encrypted by an instruction operation by the user. A configuration may be adopted in which print data is designated.

  In addition, when PC1 is dedicated to a specific user and has a high level of security secured by a function that restricts login by a password or the like, or the security of encrypted information is secured by public key cryptography. In the case where the access information or the encryption information is stored in the PC 1, it is possible to save the trouble of connecting the RFID tag 242 to the PC 1 for each print instruction.

  In addition, in the configuration shown in FIG. 25, instead of the RFID tag 242 as a portable object, a so-called IC card in which a CPU is embedded in a card is adopted, and print data is encrypted or decrypted in the IC card. In other words, the portable object may include an encryption processing unit (encryption unit) that encrypts print data and a decryption processing unit (decryption unit) that decrypts encrypted print data. Is possible. In this case, by providing the encryption information and the decryption information to the IC card before the encryption and decryption processes, the encryption and decryption processes in the IC card can be performed.

  Further, in the configuration shown in FIG. 25, it is necessary to register necessary information in the server device 241 in advance prior to a transmission request from the PC 1 and the printer 2 to the server device 241. In the process of information registration, the following configuration is possible.

  That is, the printer 2 issues an access information issuance request to the server device 241, and in response to this, the server device 241 issues required access information associated with the encryption information and the decryption information that are paired with each other. The access information, the encrypted information, and the decrypted information are stored, the access information is provided to the printer 2, and the printer 2 provides the access information to the RFID tag 242 when the RFID tag 242 is connected. Is possible.

  Also, the printer 2 generates encryption information and decryption information that are paired with each other, requests the server device 241 to register the encryption information and decryption information, and the server device 241 responds accordingly to the encryption information and the decryption information. When necessary access information associated with the decryption information is issued, the access information, the encryption information, and the decryption information are stored, the access information is provided to the printer 2, and the RFID tag 242 is connected. In addition, the printer 2 may be configured to provide access information to the RFID tag 242. The server device 241 does not issue access information, but the printer 2 designates access information such as a data storage location and requests the server device 241 to register encryption information and decryption information. Is also possible.

  Further, the printer 2 generates encryption information and decryption information that make a pair with each other, and when the RFID tag 242 is connected, the access information is acquired from the RFID tag 242, and this access information is sent to the server device 241. The server device 241 can store the access information, the encrypted information, and the decrypted information by requesting registration of the encrypted information and the decrypted information.

  FIG. 26 shows another example of the network printing system according to the present invention. Here, as in the above example, the server device 241 connected to the PC 1 and the printer 2 stores the decryption information in association with the access information of the individual user, and adds the access information from the printer 2. In response to the transmission request, the corresponding decryption information is provided. However, unlike the above example, the server device 241 responds to the issuance request from the PC 1 with the encryption information paired with each other. The required access information associated with the decryption information is issued, and the access information and encryption information are provided to the PC 1. The PC 1 can transfer data to and from the memory card (portable item) 201. The access information received from the server device 241 is stored in the memory card 201 via the reader / writer 206, and from the server device 241. And performs encryption of the print data in only took encrypted information.

  In this system, when the memory card 201 is connected to the PC 1 at the time when the user instructs printing on the PC 1 or before that, the PC 1 automatically or in response to a predetermined instruction by the user. The request unit (request unit) 247 issues a request to the server apparatus 241 to issue encryption information and access information for acquiring the decryption information paired therewith, and the server apparatus is responded accordingly. The access execution unit 249 of 241 selects access information for acquiring one piece of existing encrypted information and decryption information paired with the existing encrypted information from the information storage unit 250 and transmits the selected information to the PC 1.

  In the PC 1, the information storage unit 252 performs processing for causing the request unit 247 to store the access information acquired from the server device 241 in the memory card 201. When the printing instruction is given by the PC 1, the encryption processing unit 12 performs processing for encrypting the print data using the encryption information acquired from the server device 241 by the request unit 247. The encrypted print data is transmitted to the printer 2, and the printer 2 stores the received encrypted print data in the print data storage unit 26, and enters a standby state.

  When the memory card 201 is connected to the printer 2, a process for reading access information from the memory card 201 is performed automatically or in response to a predetermined instruction from the user by the information reading unit 251 of the printer 2. Next, the request unit 245 performs processing for sending a transmission request to the server device 241 with the access information. In the server device 241, the access execution unit 249 receives the decryption information from the information storage unit 250 according to the access information. The data is taken out and transmitted to the printer 2, and decryption information is acquired by the request unit 245 of the printer 2. When the printer 2 outputs a print document, the decryption processing unit 22 performs a process of decrypting the encrypted print data using the decryption information, and printing is performed using the print data obtained thereby. Printing is performed in the unit 27.

  In the configuration shown in FIG. 26, the server apparatus 241 selects one piece of existing encryption information and access information for acquiring the decryption information paired therewith. As the previous stage, it is necessary to store encryption information and decryption information and corresponding access information in the information storage unit 250 of the server device 241 in advance. A configuration in which the data is stored in the storage unit 250 is possible.

  FIG. 27 shows another example of a network printing system according to the present invention. Here, as in the above example, the server device 241 connected to the PC 1 and the printer 2 stores the decryption information in association with the user's personal access information, and adds the access information from the printer 2. In response to the transmission request, corresponding decryption information is provided. However, unlike the above example, the server device 241 responds to a registration request made with decryption information from the PC 1, The required access information is issued and registered in association with the decryption information, and the access information is provided to the PC 1. The PC 1 generates encryption information and decryption information that make a pair with each other. An encryption / decryption information generation unit (information acquisition unit) 261 and a reader / writer 206 that enables data transfer between the memory card 201 and the encryption / decryption information generation unit 261 are provided. The access information acquired from the server apparatus 241 in response to the registration request made with the generated decryption information is stored in the memory card 201 via the reader / writer 206, and the encryption / decryption information of the own apparatus is stored. The print data is encrypted with the encryption information generated by the generation unit 261.

  In this system, when the memory card 201 is first connected to the PC 1 before or when the user instructs printing on the PC 1, the encryption / decryption information generation unit 261 of the PC 1 A process for generating paired decryption information is performed, and then a request for registering decryption information is made to the server device 241 by the request unit (request means) 247, and the server device 241 executes access according to this request. The unit 249 issues access information for obtaining the decryption information obtained from the PC1, stores the access information and the decryption information in the information storage unit 250, and transmits the access information to the PC1.

  In the PC 1, the information storage unit 252 performs processing for storing the access information acquired by the request unit 247 from the server device 241 in the memory card 201, and when the user instructs printing in the PC 1, the encryption / decryption information is stored. Using the encryption information generated by the generation unit 261, processing for encrypting print data is performed by the encryption processing unit 12, and the encrypted print data obtained thereby is transmitted to the printer 2, and the printer 2 receives it. The encrypted print data is stored in the print data storage unit 26, and a standby state is entered.

  When the print document is output by the printer 2, when the memory card 201 is connected to the printer 2, the information reading unit 251 of the printer 2 reads access information from the memory card 201 in the same procedure as in the above example. Next, the request unit 245 performs a process of sending a transmission request to the server device 241 with the access information. In the server device 241, the access execution unit 249 decrypts the information from the information storage unit 250 according to the access information. Information is extracted and transmitted to the printer 2. When the decryption information is acquired by the request unit 245 of the printer 2, the decryption processing unit 22 performs a process of decrypting the encrypted print data using the decryption information, and the print obtained thereby. Printing is performed in the printing unit 27 using the data.

  In the example shown in FIG. 27, the encryption information and the decryption information are generated in response to the memory card 201 being connected to the PC 1, and then the decryption information registration request to the server device 241 is generated. Although predetermined processing is executed, the predetermined processing such as a registration request to the server device 241 may be performed in advance prior to the connection of the memory card 201 to the PC 1. is there.

  Further, the processing until the server device 241 issues access information to the PC 1 can be performed in advance prior to the connection of the memory card 201 to the PC 1, and the print data can be encrypted according to the print instruction in the PC 1. The temporal relationship between each process of transmission to the printer 2 and the process of storing the access information in the memory card 201 is not particularly limited.

  The storage process of the access information to the memory card 201 may be performed at least before the print document is output by the printer 2, but the PC 1 is dedicated to a specific user, and login is restricted by a password or the like. Except for the case where high safety is ensured by functions or the like, it is not desirable for safety to keep the access information in the PC 1 for a long time. From this point of view, the time when the memory card 201 is connected to the PC 1 Thus, it is preferable that the access information issued by the server device 241 is immediately stored in the memory card 201 and the access information in the PC 1 is erased immediately after that. On the other hand, if the security of the encrypted information can be ensured by the public key encryption method even if the PC 1 itself cannot secure high security, only the encrypted information is held in the PC 1 for a long time. In this way, it is possible to save the trouble of connecting the memory card 201 to the PC 1 when instructing printing on the PC 1 next time.

  Also, unlike the example shown in FIG. 27, the server device 241 may be configured to issue access information for acquiring encrypted information together with access information for acquiring decrypted information. Furthermore, the access information for obtaining the encrypted information can be stored in the memory card 201. In this case, when encrypting the print data, the server apparatus 241 is requested to send the encrypted information with the access information and the print data is encrypted using the acquired encryption information. Done.

  FIG. 28 shows another example of the network printing system according to the present invention. Here, as in the above example, the server device 241 connected to the PC 1 and the printer 2 via an appropriate communication medium stores the decryption information in association with the access information of the individual user, and accesses from the printer 2. The corresponding decryption information is provided in response to the transmission request made with the information attached. Unlike the above example, the server device 241 adds the access information and decryption information from the PC 1. In response to the registration request made, the access information and the decryption information are registered in association with each other, and the PC 1 generates the encryption information and the decryption information that are paired with each other. A decryption information generated by the encryption / decryption information generation unit 261, and a reception device 244 that enables data transfer between the encryption information generation unit 261 and the RFID tag 242. A registration request is made to the server device 241 with the access information acquired from the RFID tag 242 via the device 244, and the encrypted information generated by the encryption / decryption information generation unit 261 of the own device is printed. Data encryption is performed.

  In this system, when the RFID tag 242 is first connected to the PC 1 at the time of a print request on the PC 1, the information reading unit 248 of the PC 1 performs a process of reading access information from the RFID tag 242, and encryption is performed. The decryption information generation unit 261 performs processing for generating encryption information and decryption information that is paired with the encryption information, and then the access information acquired from the RFID tag 242 by the request unit (request means) 247; A request for registering the decryption information generated by the encryption / decryption information generation unit 261 is made to the server device 241. In response to this, the access execution unit 249 of the server device 241 obtains the access acquired from the PC1. A registration process for storing the decrypted information in the information storage unit 250 in association with the information is performed.

  In the PC 1, the encryption processing unit 12 performs processing for encrypting print data using the encryption information generated by the encryption / decryption information generation unit 261, and the encrypted print data obtained thereby is stored in the printer. 2, the printer 2 stores the received encrypted print data in the print data storage unit 26 and enters a standby state.

  When the print document is output by the printer 2, when the RFID tag 242 is connected to the printer 2, the information reading unit 251 performs a process of reading access information from the RFID tag 242 as in the above example. Next, processing for sending a transmission request to the server device 241 with this access information is performed by the request unit 245. In the server device 241, the access execution unit 249 extracts the decryption information from the information storage unit 250 according to the access information. To the printer 2. When the decryption information is acquired by the request unit 245 of the printer 2, the decryption processing unit 22 performs a process of decrypting the encrypted print data using the decryption information, and the print obtained thereby. Printing is performed in the printing unit 27 using the data.

  Unlike the example shown in FIG. 28, the server device 241 can store the encrypted information together with the decrypted information in association with the access information. In this case, when encrypting the print data, the server apparatus 241 is requested to send the encrypted information with the access information and the print data is encrypted using the acquired encryption information. Done.

  FIG. 29 shows another example of the network printing system according to the present invention. Here, the PC 1 is provided with an encryption processing unit (first encryption unit) 281 that generates encrypted print data by encrypting print data using the first encryption information of the individual user. The encrypted print data is transmitted from the PC 1 to the printer 2 via the network.

  The printer 2 includes a decryption processing unit (first decryption unit) 282 that decrypts the encrypted print data received from the PC 1 using the first decryption information corresponding to the first encryption information. The rasterizer (processing means) 283 that performs rasterization processing on the decrypted print data obtained by the above-described processing, and the raster data (processed print data) obtained thereby by using the second encryption information An encryption processing unit (second encryption unit) 284 that re-encrypts and generates encrypted raster data (re-encrypted print data) is provided, and the encrypted raster data obtained by the encryption processing unit 284 is data The data is stored in the print data storage unit (storage unit) 26 by the storage processing unit 25.

  Further, here, a smart card (portable) 291 possessed by the user and storing necessary information is used, and a reader / writer (interface) that enables data transfer to and from the smart card 291 is used for the printer 2. Means) 292 is provided.

  The smart card 291 holds the second decryption information corresponding to the second encrypted information in the information storage unit 293, and the smart card 291 includes the second decryption information in the information storage unit 293. Is used, a decryption processing unit (second decryption means) 294 for decrypting the encrypted raster data (re-encrypted print data) stored in the print data storage unit 26 is provided.

  Further, here, the PC 1 is also provided with a reader / writer (interface means) 295 that enables data transfer with the smart card 291. The printer 2 is provided with a first encryption / decryption information generation unit (information acquisition unit) 285 that generates and acquires first encryption information and decryption information. The smart card 291 holds the second encrypted information together with the second decryption information in the information storage unit 293.

  The second encryption information held by the smart card 291 is acquired by the printer 2 via the reader / writer 292 when the smart card 291 is connected to the printer 2 prior to the print request, and the encryption of the printer 2 is stored. The encryption processing unit (second encryption means) 284 is used for encryption.

  The first encryption information generated by the first encryption / decryption information generation unit (information acquisition unit) 285 of the printer 2 is also stored when the smart card 291 is connected to the printer 2 in advance prior to the print request. Then, the data is acquired by the smart card 291 via the reader / writer 292 and used for encryption by the encryption processing unit (first encryption means) 281 provided in the PC 1.

  In this system, first, when the smart card 291 is connected to the printer 2 prior to a printing instruction on the PC 1, the first encryption / decryption is automatically performed according to this or according to a predetermined instruction by the user. The encrypted information generation unit 285 generates first encrypted information and decryption information, and the information storage unit 286 performs processing for storing the first encrypted information in the information storage unit 293 of the smart card 291. In addition, the second encrypted information is read from the information storage unit 293 of the smart card 291 by the information reading unit 287 of the printer 2, and the second encrypted information is stored in the information storage unit 288.

  Next, when the smart card 291 is connected to the PC 1, the first encryption is automatically performed from the information storage unit 293 of the smart card 291 by the information reading unit 300 of the PC 1 automatically or in response to a predetermined instruction from the user. Information is read. When the user issues a print instruction on the PC 1, the encryption processing unit 281 performs processing for encrypting the print data using the first encrypted information acquired by the information reading unit 300. The encrypted print data is transmitted to the printer 2.

  In the printer 2, the decryption processing unit 282 performs processing for decrypting the received encrypted print data using the first decryption information in the information storage unit 288, and then the decrypted print data is transmitted by the rasterizer 283. The encryption processing unit 284 performs a process of re-encrypting the raster data obtained by the rasterization process using the second encryption information in the information storage unit 288. A process of saving the re-encrypted raster data in the print data storage unit 26 is performed by the data storage processing unit 25, and a standby state is entered.

  When the smart card 291 is connected to the printer 2 so that the printer 2 can output a print document, the decryption processing control unit 289 of the printer 2 automatically or in response to a predetermined instruction from the user. The encrypted raster data is read from the print data storage unit 26, transmitted to the smart card 291, and the decryption processing unit 294 uses the second decryption information in the information storage unit 293 to convert the encrypted raster data. When the decoding process control unit 289 obtains the decoded raster data from the smart card 291 by performing the decoding process, printing is performed in the printing unit 27 using the raster data.

  In the configuration shown in FIG. 29, a decryption processing unit (for decrypting encrypted raster data (re-encrypted data) extracted from the print data storage unit 26 of the printer 2 using the second decryption information ( A configuration in which the second decoding unit) is provided in the printer 2 is also possible. In addition, a configuration in which an encryption processing unit (first encryption unit) that encrypts the print data generated by the print data generation unit 13 using the first encryption information is provided in the smart card 291 is also possible. . In this case, it is not necessary to send the first encrypted information to the outside of the smart card 291, so that safety can be improved. This can be similarly applied to the configuration described below.

  The encryption information and the decryption information are information necessary for generating or acquiring the encryption key and the decryption key, respectively, in addition to the encryption key and the decryption key that actually encrypt and decrypt the target data. For example, when there is a server device that holds an encryption key and a decryption key, the access information for acquiring the encryption key and the decryption key from the server device can be used as the encryption information and the decryption information. It is. This is similarly applicable to configurations shown in the drawings other than FIG.

  Further, when the encrypted raster data (re-encrypted data) is extracted from the print data storage unit 26 and decrypted, it is necessary to identify the encrypted raster data to be decrypted by some method. By adding the identification information of the individual user, it can be automatically performed by a method such as determining whether or not the encrypted print data is to be decrypted. It may be configured to specify data.

  In the example shown in FIG. 29, the encryption information and the decryption information are generated after the smart card 291 is connected to the printer 2. However, the generation process of the encryption information and the decryption information is as follows. It is also possible to adopt a configuration that is performed in advance prior to connection of the smart card 291 to the printer 2.

  In addition, the first encryption information exchange between the printer 2 and the smart card 291 according to the above procedure, the first encryption information exchange between the smart card 291 and the PC 1, and the printer. 2 and the smart card 291, once each process of the exchange of the second encrypted information is performed, the first encrypted information and the second encrypted information will be stored for a certain period thereafter. If it is held in the device of the provision destination, connection operation for exchanging information becomes unnecessary, and it is possible to save the user's trouble. In this case, since it is not desirable for safety to hold the information providing apparatus for a long time, it is preferable to delete the information when a predetermined instruction operation or a certain condition is established by the user.

  FIG. 30 shows another example of the network printing system according to the present invention. Here, unlike the example shown in FIG. 29, the PC 1 is provided with an information transmission unit (information transmission unit) 301 for transmitting required information to the printer 2 via the network. In addition, the printer 2 is provided with an information receiving unit (information receiving unit) 302 that receives necessary information from the PC 1 via the network.

  The first encryption information generated by the first encryption / decryption information generation unit (information acquisition unit) 285 of the printer 2 is smart in advance prior to the print request, as in the example shown in FIG. When the card 291 is connected to the printer 2, it is acquired by the smart card 291 via the reader / writer 292 and used for encryption in the encryption processing unit (first encryption means) provided in the PC 1. I have to.

  On the other hand, unlike the example shown in FIG. 29, the second encrypted information held by the smart card 291 is acquired by the PC 1 via the reader / writer 295 on the PC 1 side, and further the information transmitting unit 301 of the PC 1 and The data is acquired by the printer 2 via the information receiving unit 302 of the printer 2 and used for encryption by the encryption processing unit (second encryption unit) 284 of the printer 2.

  In this system, first, when the smart card 291 is connected to the printer 2 prior to a printing instruction on the PC 1, the first encryption / decryption is automatically performed according to this or according to a predetermined instruction by the user. The encrypted information generation unit 285 generates first encrypted information and decryption information, and the information storage unit 286 performs processing for storing the first encrypted information in the information storage unit 293 of the smart card 291. Is called.

  Next, when the smart card 291 is connected to the PC 1, the second encryption is automatically performed from the information storage unit 293 of the smart card 291 by the information reading unit 300 of the PC 1 automatically or in response to a predetermined instruction from the user. The encrypted information is read out, and then the second encrypted information is transmitted to the printer 2 by the information transmitting unit 301. In the printer 2, the second encrypted information from the PC 1 is received by the information receiving unit 302, and this second encrypted information is stored in the information storage unit 288.

  In the PC 1, when the information reading unit 300 reads the first encrypted information from the information storage unit 293 of the smart card 291, and the PC 1 issues a print instruction, the first reading acquired by the information reading unit 300 is performed. The encryption processing unit 281 performs processing for encrypting the print data using the encryption information, and the encrypted print data obtained thereby is transmitted to the printer 2.

  Thereafter, similar to the example shown in FIG. 29, the printer 2 performs processes of decrypting the encrypted print data, rasterizing the print data, encrypting the raster data, and storing the encrypted raster data. When the smart card 291 is connected to the printer 2 when the printer 2 enters the standby state and outputs a print document, the printing unit 27 performs printing after decrypting the encrypted raster data.

  FIG. 31 shows another example of the network printing system according to the present invention. Here, unlike the example shown in FIG. 30, the PC 1 is provided with an information receiving unit (information receiving means) 303 for receiving necessary information from the printer 2 via the network. In addition, the printer 2 is provided with an information transmission unit (information transmission unit) 304 that transmits necessary information to the PC 1 via the network.

  Similarly to the example shown in FIG. 30, the second encrypted information held by the smart card 291 is acquired by the PC 1 via the reader / writer 295 on the PC 1 side, and further the information transmission unit 301 of the PC 1 and the printer 2 The information is acquired by the printer 2 via the information receiving unit 302 and used for encryption in the encryption processing unit (second encryption unit) 284 of the printer 2.

  On the other hand, the first encryption information generated by the first encryption / decryption information generation unit (information acquisition unit) 285 of the printer 2 is different from the above example, and the information transmission unit 304 of the printer 2 and the PC 1 The data is acquired by the PC 1 via the information receiving unit 303 and used for encryption in the encryption processing unit (first encryption unit) 281 of the PC 1.

  Further, here, the printer 2 is provided with an encryption processing unit 305 that encrypts the first encrypted information using the second encrypted information when the first encrypted information is transmitted to the PC 1. The encrypted first encrypted information thus obtained is transmitted to the PC 1 by the information transmitting unit 304, and the encrypted first encrypted information received by the information receiving unit 303 is transmitted to the PC 1. A decryption processing control unit 306 is provided that causes the decryption processing unit 294 of the smart card 291 to perform a process of decrypting the data using the second decryption information.

  In this system, when the smart card 291 is first connected to the PC 1, the information storage unit 293 of the smart card 291 is automatically or according to a predetermined instruction from the user by the information reading unit 300 of the PC 1. The second encryption information stored in the information is read out, and the process of transmitting the second encryption information to the printer 2 is performed by the information transmission unit 301. The printer 2 receives the second encryption information received by the information reception unit 302. Two pieces of encrypted information are stored in the information storage unit 288. The first encryption / decryption information generation unit 285 of the printer 2 generates first encryption information and decryption information, and these pieces of information are stored in the information storage unit 288. Then, the encryption processing unit 305 performs processing for encrypting the first encrypted information in the information storage unit 288 using the second encrypted information in the information storage unit 288, and the information transmission unit 304 performs the first processing. A process of transmitting the first encrypted information encrypted with the encrypted information 2 to the PC 1 is performed.

  In the PC 1, when the encrypted first encrypted information from the printer 2 is received by the information receiving unit 303, the decrypted processing control unit 306 of the PC 1 smartly converts the encrypted first encrypted information. The decryption processing unit 294 causes the decryption processing unit 294 to decrypt the encrypted data using the second decryption information in the information storage unit 293, so that the decryption processing control unit 306 receives the decryption processing from the smart card 291. The first encrypted information that has been decrypted is acquired, and the first encrypted information is stored in the information storage unit 308. When the user issues a print instruction on the PC 1, the encryption processing unit 12 performs a process of encrypting the print data using the first encryption information in the information storage unit 308. Print data is transmitted to the printer 2.

  Thereafter, similar to the example shown in FIG. 29, the printer 2 performs processes of decrypting the encrypted print data, rasterizing the print data, encrypting the raster data, and storing the encrypted raster data. When the smart card 291 is connected to the printer 2 when the printer 2 enters the standby state and outputs a print document, the printing unit 27 performs printing after decrypting the encrypted raster data.

  FIG. 32 shows another example of the network printing system according to the present invention. Here, similarly to the example shown in FIG. 31, the second encryption information held by the smart card 291 is acquired by the PC 1 via the reader / writer 295, and the information transmission unit 301 and the printer 2 of the PC 1 are further acquired. The information is acquired by the printer 2 via the information receiving unit 302 and used for encryption by the encryption processing unit (second encryption unit) 284 of the printer 2, and the first encryption / decryption of the printer 2 is used. The first encryption information generated by the conversion information generation unit (information acquisition unit) 286 is acquired by the PC 1 via the information transmission unit 304 of the printer 2 and the information reception unit 303 of the PC 1, and the encryption process of the printer 2 is performed. (Second encryption means) 284 is used for encryption.

  Further, here, unlike the example shown in FIG. 31, the PC 1 is provided with a third encryption / decryption information generation unit 311 that generates the third encryption information and the third decryption information. The third encrypted information generated here is acquired together with the second encrypted information by the printer 2 via the information transmitting unit 301 of the PC 1 and the information receiving unit 302 of the printer 2 to encrypt the printer 2. The processing unit 305 is used for encrypting the first encrypted information.

  In this system, first, in the PC 1, the third encryption / decryption information generation unit 311 generates third encryption information and third decryption information, and these information are stored in the information storage unit 308. The When the smart card 291 is connected to the PC 1, the information read unit 300 of the PC 1 reads the second encrypted information stored in the smart card 291, and the third encrypted information is read from the information storage unit 308. Information is read out, and the information transmitting unit 301 performs a process of transmitting the second encrypted information and the third encrypted information to the printer 2.

  In the printer 2, the second encrypted information and the third encrypted information received by the information receiving unit 302 are stored in the information storage unit 288. The first encryption / decryption information generation unit 285 of the printer 2 generates first encryption information and decryption information, and these information are stored in the information storage unit 288. Then, the encryption processing unit 305 performs processing for encrypting the first encrypted information read from the information storage unit 288 using the third encrypted information read from the information storage unit 288, and the information transmission unit By 304, the process which transmits the 1st encryption information encrypted with the 3rd encryption information to PC1 is performed.

  In the PC 1, when the encrypted first encrypted information from the printer 2 is received by the information reception unit 303, the third decryption information read from the information storage unit 308 by the decryption processing unit 312 of the PC 1. Is used to decrypt the encrypted first encrypted information, and the obtained first encrypted information is stored in the information storage unit 308. When the user issues a print instruction on the PC 1, the encryption processing unit 281 performs processing for encrypting the print data using the first encryption information in the information storage unit 308, and the encrypted print obtained thereby. Data is transmitted to the printer 2.

  Thereafter, as in the above example, the printer 2 performs a process of decrypting the encrypted print data, rasterizing the print data, encrypting the raster data, and storing the encrypted raster data, and enters a standby state. When the smart card 291 is connected to the printer 2 when the print document is output by the printer 2, printing is performed in the printing unit 27 through the process of decrypting the encrypted raster data.

  FIG. 33 shows another example of a network printing system according to the present invention. Here, as in the example shown in FIG. 29, the second encryption information held by the smart card 291 is stored in the reader / writer 292 when the smart card 291 is connected to the printer 2 in advance of the print request. The data is acquired by the printer 2 and used for encryption by the encryption processing unit (second encryption means) 284 of the printer 2.

  On the other hand, the first encryption information generated by the first encryption / decryption information generation unit (information acquisition unit) 286 of the printer 2 is the information transmission unit of the printer 2 as in the example shown in FIG. 304 and the information receiving unit 303 of the PC 1 are acquired by the PC 1 and used for encryption by the encryption processing unit (first encryption unit) 281 of the PC 1.

  In this system, first, when the smart card 291 is connected to the printer 2 prior to a printing instruction on the PC 1, the information reading unit 287 of the printer 2 automatically or in response to a predetermined instruction by the user. Thus, the second encrypted information is read from the information storage unit 293 of the smart card 291 and the second encrypted information is stored in the information storage unit 288.

  The first encryption / decryption information generation unit 285 generates first encryption information and decryption information, and these pieces of information are stored in the information storage unit 288. Then, the encryption processing unit 305 performs processing for encrypting the first encrypted information in the information storage unit 288 using the second encrypted information in the information storage unit 288, and the information transmission unit 304 performs the first processing. The first encrypted information encrypted with the encrypted information 2 is transmitted to the PC 1. In the PC 1, the information receiving unit 303 receives the encrypted first encrypted information from the printer 2. Is done.

  Next, when the smart card 291 is connected to the PC 1, the first encrypted information encrypted in the decryption processing control unit 306 of the PC 1 automatically or in response to a predetermined instruction from the user. Is sent to the smart card 291, and the decryption processing unit 294 performs a process of decrypting the encrypted data using the second decryption information in the information storage unit 293, so that the decryption process control unit 306 performs the smart card The decrypted first encrypted information is acquired from 291, and the first encrypted information is stored in the information storage unit 308. When the user issues a print instruction on the PC 1, the encryption processing unit 281 performs processing for encrypting the print data using the first encryption information in the information storage unit 308, and the encryption obtained thereby. Print data is transmitted to the printer 2.

  Thereafter, similar to the example shown in FIG. 29, the printer 2 performs processes of decrypting the encrypted print data, rasterizing the print data, encrypting the raster data, and storing the encrypted raster data. When the smart card 291 is connected to the printer 2 when the printer 2 enters the standby state and outputs a print document, the printing unit 27 performs printing after decrypting the encrypted raster data.

  FIG. 34 shows another example of the network printing system according to the present invention. Here, as in the previous examples, the printer 2 receives the encrypted print data generated by using the personal user's encryption information on the PC 1 side from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. The printer 2 performs printing by using the decryption information corresponding to the encrypted information, and in particular, here, a data storage unit (in this case, which is owned by the user and stores necessary information) A mobile phone (portable item) 323 including a storage unit) 321 and a monitor (image display unit) 322 for displaying required information as an image is used. The mobile phone 323 includes at least encrypted information and decrypted information. Either one is stored in the data storage unit 321, and the information stored in the data storage unit 321 is displayed as an image on the monitor 322 of its own device, and this is displayed on the PC 1 or By to read the camera (image reading means) 324 provided in the printer 2 side, so as to provide the necessary information to the device of the information providing destination.

  Further, here, the mobile phone 323 is further provided with a camera (image reading means) 325 that reads an image indicating required information, and is provided on the information providing apparatus side that holds at least one of the encrypted information and the decrypted information. The information displayed on the monitor (image display means) 326 is read by the camera 325 of its own device, so that necessary information is acquired from the information source device.

  In this example, in the PC 1, the encryption information used for the encrypted communication of the print data and the decryption information paired therewith are stored in the information storage unit 327, and when the user makes a print request in the PC 1. Then, the decoding processing of the information storage unit 327 is read and converted into image data by bar code in the image processing unit 328, and the obtained image data is output to the monitor 326 of the PC1. The captured image data is stored in the data storage unit 321 by photographing the screen of the monitor 326 with the camera 325 of the mobile phone 323.

  When the printer 2 outputs the print document, the image data is read from the data storage unit 321 of the mobile phone 323 and displayed on the monitor 322, and the camera 324 provided in the printer 2 captures the screen of the monitor 322. The captured image data thus obtained is converted into decryption information by the image processing unit 329, and the decryption processing unit 22 performs a process of decrypting the encrypted data using the decryption information acquired thereby.

  Here, as in the example shown in FIG. 22, the portable object obtains the decryption information from the PC and provides it to the printer. On the contrary, the example shown in FIG. Similarly to the above, it is possible to adopt a configuration in which the portable object acquires the encryption information from the printer and provides it to the PC. In this case, the information providing source printer 2 is provided with a monitor (image display means), and the information providing destination PC is provided with a camera (image reading means).

  In addition, the mobile phone 323 holds the image data obtained by photographing the barcode image displayed on the monitor of the information providing apparatus, and converts the image data into encrypted information or decrypted information. When the information is provided to the information providing apparatus, it may be converted into a barcode image and displayed on the screen.

  FIG. 35 shows another example of the network printing system according to the present invention. Here, as in the previous examples, the printer 2 receives the encrypted print data generated by using the personal user's encryption information on the PC 1 side from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. The printer 2 performs printing by using the decryption information corresponding to the encryption information, and in particular, here, at least one of the encryption information and the decryption information is indicated by a barcode or the like. An information recording sheet 331 on which an image is recorded is read by a scanner (image reading unit) 332 provided on the PC 1 or printer 2 side as an information providing destination, thereby providing necessary information to the information providing destination device. Like to do.

  Further, here, the printer 2 prints out an information recording sheet 331 on which an image indicating encrypted information held in the information storage unit 333 of the own apparatus is recorded, and the information recording sheet 331 is provided on the PC 1 side. By making the scanner 332 read, the encryption information is provided to the PC 1.

  In this example, the encrypted information used for the encrypted communication of the print data in the printer 2 is stored in the information storage unit 333 together with the decryption information paired therewith, and the user records the information recording sheet 331 in the printer 2. When printing output is instructed, the decrypted information in the information storage unit 333 is read out and converted into image data by the image processing unit 334, and this image data is output to recording paper by the printing unit 27 and is recorded on the information recording sheet 331. Is obtained.

  When the user makes a print request on the PC 1, the information recording sheet 331 is read by the scanner 332 provided in the PC 1, and the read image data obtained thereby is converted into encrypted information by the image processing unit 335. The encryption processing unit 12 performs processing for encrypting the print data using the acquired encryption information.

  Here, as in the example shown in FIG. 23, the encryption information held in the printer 2 is provided to the PC 1, but conversely, the same as the example shown in FIG. In addition, the decryption information held in the PC 1 can be provided to the printer 2. In this case, if the information providing destination apparatus is a multi-function machine having printer and scanner functions, the information recording sheet may be read by the scanner unit of the multi-function machine.

  In addition, a printing apparatus that prints and outputs an information recording sheet on which an image indicating encryption information or decryption information is recorded is not limited to a printing apparatus that is an output destination of encrypted printing. An information recording sheet may be printed out.

  FIG. 36 shows another example of a network printing system according to the present invention. Here, as in the previous examples, the printer 2 receives the encrypted print data generated by using the personal user's encryption information on the PC 1 side from the PC 1 via the network, and the encrypted print data is received on the printer 2 side. The printer 2 performs printing using decryption information corresponding to the encrypted information, but unlike the above example, a smart card (portable) 291 equipped with a CPU is encrypted. The data processing section (encryption means) 342 is provided, the print data is acquired from the PC 1 via the reader / writer (interface means) 295, encrypted using the encryption information in the own apparatus, and then encrypted. The print data is transferred to the PC 1 via the reader / writer 295.

  When the smart card 291 is connected to the PC 1 at the time of a print request in the PC 1, the print data generated by the print data generation unit 13 is transmitted to the smart card 291 in the encryption processing control unit 346 of the PC 1, and the smart card The encryption processing unit 342 in the 291 performs processing for encrypting the print data using the encryption information in the information storage unit 344, whereby the encryption processing control unit 346 performs the encrypted printing from the smart card 291. Data is acquired, and the encrypted print data is transmitted to the printer 2.

  This configuration can be applied to the systems shown in FIGS. The decryption of the encrypted data on the printer 2 side is also performed by the decryption processing unit (decryption means) 345 in the smart card 291 as in the examples of FIGS. 3 and 4 and FIGS. It is also good.

  FIG. 37 shows another example of the network printing system according to the present invention. Here, as in the example of FIG. 22, the printer 2 receives the encrypted print data generated from the personal information of the user on the PC 1 side via the network, and the encrypted print data is received on the printer 2 side. Is decrypted using decryption information corresponding to the encrypted information, and the printer 2 performs printing. The PC 1 provides the decryption information to the memory card 201 via the reader / writer 206, and the printer 2. The decryption information stored in the memory card 201 is provided to the printer 2 via the reader / writer 202, and the encrypted print data is decrypted.

  In particular, here, the memory card 201 holds transmission request information for instructing the PC 1 to transmit encrypted print data and address information indicating the address of the PC 1 on the network, and the memory card 201 is connected to the printer 2. When this is done, the printer 2 acquires the transmission request information and the address information from the memory card 201 via the reader / writer 202, and sends the transmission request information to the corresponding PC 1 based on this address information. In response to receiving the transmission request information from the printer 2, a process of transmitting the encrypted print data to the printer 2 is performed. Thus, the printer 2 receives the encrypted print data from the PC 1 and immediately receives the decryption processing unit 22. The encrypted print data is decrypted and a print document is output by the printing unit 27. For this reason, the memory | storage part which memorize | stores the encryption print data shown in each said example is unnecessary.

  In this configuration, when the memory card 201 is connected to the PC 1, the information storage unit 207 performs processing for storing the decryption information generated by the encryption / decryption information generation unit 205 in the memory card 201, and print control. The information storage unit 207 performs processing for storing the transmission request information and the address information generated by the unit 351 in the memory card 201. When printing is instructed by the PC 1, processing for encrypting the print data generated by the print data generating unit 13 is performed by the encryption processing unit 12.

  When the memory card 201 is connected to the printer 2 in order to output a print document by the printer 2, the information reading unit 203 of the printer 2 performs a process of reading transmission request information and address information from the memory card 201, and then this address. A process of transmitting the transmission request information to the PC 1 according to the information is performed by the information transmission unit 352. When the information reception unit 353 of the PC 1 receives the transmission request information from the printer 2, the print control unit 351 instructs the print data transmission unit 354 to transmit the encrypted print data generated by the encryption processing unit 12. The encrypted print data is transmitted from the print data transmission unit 354 to the printer 2.

  In the printer 2, when the encrypted print data from the PC 1 is received by the print data receiving unit 355, the information reading unit 203 performs a process of reading the decryption information from the memory card 201, and then decrypts using the decryption information. The processing unit 22 performs a process of decrypting the encrypted print data, and the print data obtained thereby is sent to the printing unit 27.

  In the above system, when a predetermined update condition is satisfied, the encryption / decryption information generation unit can newly generate encryption information and decryption information. In this case, the update condition corresponds to an update instruction from the user, a certain period of time (for example, one day), a case where the number of prints reaches a predetermined value, etc. It is good to be able to specify. It is possible to update the encryption information and the decryption information each time a print instruction is issued.

  Note that the network printing system and the facsimile communication system according to the present invention are not limited to the illustrated examples, and can be configured by appropriately combining these examples, and in particular, the examples shown in the network printing system. Can be applied to a facsimile communication system by replacing a PC (user device) with a transmitting device and a printing device with a receiving device.

  In addition, the network printing system and the facsimile communication system according to the present invention may adopt either a common key encryption method or a public key encryption method as appropriate. For example, a portable object may be provided with a secret key that requires confidentiality. It is preferable that the structure be held.

  The network printing system and the facsimile communication system according to the present invention have the advantage that it is possible to solve the problems such as snooping of document data, falsification of document data and spoofing of the sender, and to ensure high safety, and the user device Useful as a network printing system in which printing data is received by a printing device via a network and printed, and a facsimile communication system in which facsimile data from a sending device is received and output by a receiving device via a communication network It is.

1 is a block diagram showing an example of a network printing system according to the present invention. The block diagram which shows another example of the decoding in the network printing system by this invention The block diagram which shows another example of the decoding in the network printing system by this invention The block diagram which shows another example of the decoding in the network printing system by this invention 1 is a block diagram showing an example of user authentication in a network printing system according to the present invention. The block diagram which shows another example of the user authentication in the network printing system by this invention 1 is a block diagram showing an example of encryption and decryption in a network printing system according to the present invention. The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding The block diagram which shows another example of the user authentication and decoding in the network printing system by this invention The block diagram which shows another example of the user authentication and decoding in the network printing system by this invention The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding The block diagram which shows another example of the encryption in a network printing system by this invention, and a decoding 1 is a block diagram showing an example of a facsimile communication system according to the present invention. 1 is a block diagram showing an example of encryption and decryption in a facsimile communication system according to the present invention. The block diagram which shows another example of the facsimile communication system by this invention The block diagram which shows another example of the facsimile communication system by this invention 1 is a block diagram showing an example of encryption and decryption in a facsimile communication system according to the present invention. The block diagram which shows another example of the encryption in the facsimile communication system by this invention, and a decoding The block diagram which shows another example of the facsimile communication system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention The block diagram which shows another example of the network printing system by this invention

Explanation of symbols

1 PC (user equipment)
2 Printer (printing device)
3.103 USB key (portable)
4.104 User authentication unit (user authentication means)
11 Cryptographic information storage unit (storage means)
12 Encryption processing part (encryption means)
21.31 Decryption Information Storage Unit (Storage Unit)
22.32 Decoding processing unit (decoding means)
26 Print Data Storage Unit 29 Interface (Interface Unit)
51 Print Data Call Processing Unit 52 Decryption Key Database (Storage Unit)
53 Decryption key call processing unit (decryption information acquisition means)
101/105 Sending facsimile apparatus 102/106 Receiving facsimile apparatus 107 Authentication station 111 Addressee database 112 Encryption processing unit (encryption means)
121 Decryption information storage unit (storage means)
122 Decoding processing unit (decoding means)
126 Facsimile Data Storage Unit 131 Facsimile Data Call Processing Unit 132 Decryption Key Database 133 Decryption Key Call Processing Unit 141 Notification Processing Unit (Notification Processing Unit)
152 Digital Signature Generation Unit 161 Digital Signature Determination Processing Unit 164 Public Key Database 201 Memory Card (Portable)
202/206 reader / writer (interface means)
205 Encryption / decryption information generation unit (information acquisition means)
211 Encryption / Decryption Information Generation Unit (Information Acquisition Unit)
222 Rasterizer (processing means)
223 Encryption processing unit (encryption means)
226 Decoding processing unit (decoding means)
241 Server device 242 RFID tag (portable)
244/246 Receiver (interface means)
245 Request part (request means)
247 Request part (request means)
261 Encryption / Decryption Information Generation Unit (Information Acquisition Unit)
281 Encryption processing unit (first encryption means)
282 Decoding processing unit (first decoding means)
283 Rasterizer (processing means)
284 Encryption processing unit (second encryption means)
285 First encryption / decryption information generation unit (information acquisition unit)
291 Smart card (portable)
292/295 Reader / Writer (interface means)
294 decryption processing unit (second decryption means)
301 Information transmitter (information transmitter)
302 Information receiving unit (information receiving means)
303 Information receiving unit (information receiving means)
304 Information transmission unit (information transmission means)
321 Data storage unit (storage means)
322/326 monitor (image display means)
323 Mobile phone (portable)
324/325 camera (image reading means)
331 Information recording sheet (mobile)
332 scanner (image reading means)
342 Encryption processing unit (encryption means)

Claims (1)

A network printing system in which print data is received from a user device via a network and printed.
An encryption unit provided on the user device side, which encrypts the print data using the user's personal encryption information to generate the encrypted print data; and the user's personal information corresponding to the encryption information possessed by the user himself / herself Decryption information, transmission request information for instructing transmission of encrypted print data to the user device, a portable object holding the address information of the user device, and the encrypted printing using the decryption information held by the portable object Decryption means provided in at least one of the portable object and the printing apparatus for decrypting data,
The printing apparatus is provided with interface means for delivering required information to and from the portable object, and the printing apparatus acquires the transmission request information and the address information from the portable object via the interface means. A network printing system , wherein the transmission request information is transmitted to the corresponding user device based on the address information, and the encrypted print data is transmitted from the user device .

Images