JP4926154B2 - Network interface device, print control method, print control program, and image forming apparatus - Google Patents

Description

  The present invention relates to an information processing apparatus that generates print data, and a network interface apparatus, a print control method, a print control program, and an image forming apparatus provided in an image forming apparatus that is communicably connected to an authentication server that performs user authentication. .

Conventionally, a so-called “pull print (accumulated printing)” printing system that enables print data to be output from a printing apparatus when a user makes a print request to the print data temporarily accumulated on the server from the printing apparatus. Has been proposed.
As an example of a “pull print (accumulation print)” print system, Patent Document 1 is cited. Patent Document 1 discloses a print control system in which an MFP has an authentication function and security is taken into consideration.

Patent Document 1 is as follows.
As shown in FIG. 4 of Patent Document 1, first, the user logs in to a client PC (Personal Computer) 100 ((1) -1). Then, a print instruction is issued from the client PC 100 to the printer ((1) -2). Then, the client PC 100 transmits the generated print data to the print server 200 ((2) -1) and stores it in a predetermined storage location of the print server 200 ((2) -2). At this time, print data is not transmitted to the printing apparatus.
Next, the client PC 100 generates bibliographic information data of the print data transmitted to the print server 200, transmits the generated bibliographic information data to the print management server 400, and stores it in a predetermined storage location of the print management server 400. ((3) -1). When the bibliographic information data file is stored from the client PC 100, the print management server 400 analyzes the bibliographic information data file and registers the bibliographic information in the bibliographic information DB ((3) -2). Next, when the multifunction device 300 detects the IC card 410 by the card reader, it reads the personal authentication information in the IC card 410 and transmits the read personal authentication information to the print management server 400 as an authentication request ((4 ) -1). When the print management server 400 receives the personal authentication information from the multi-function peripheral 300, the print management server 400 performs authentication processing of the personal authentication information based on the IC card authentication table stored on the external storage device of the print management server 400, and the authentication result. Is returned to the MFP 300 ((4) -2).

Next, upon receiving an authentication result (login user ID of the client PC 100) indicating that the authentication has succeeded from the print management server 400, the multifunction device 300 transmits a print data list request to the print management server 400 ((5)). -1).
Note that the print data list request includes the login user ID of the client PC 100. When the print management server 400 receives a print data list request from the multifunction device 300, the print management server 400 searches the bibliographic information DB with the login user ID included in the print data list request, and generates a print data list corresponding to the login user ID. Then, the response is sent back to the multifunction machine 300 ((5) -2). When the MFP 300 receives the print data list from the print management server 400, the MFP 300 displays the print data list on the UI of the operation unit 308. When the user selects print data and gives a print instruction, the multi-function device 300 transmits a print request (output instruction) for the selected print data to the print management server 400 (6).

  When the print management server 400 receives a print data print request (output instruction) from the MFP 300, the bibliographic information of the print data for which the output instruction has been issued, the login user name of the client PC 100, and the print data time stamp as keys. The print server 200 is searched from the bibliographic information DB, the print server 200 storing the corresponding print data is specified from the searched bibliographic information, and a print instruction for the corresponding print data is transmitted to the print server 200 (7). When the print server 200 receives a print instruction from the print management server 400, the print server 200 transmits print data to the multi-function apparatus 300 based on the print instruction and causes the multi-function apparatus 300 to print (8).

According to the above method, the printed matter is output when the user makes a print request from the printing apparatus to the server. A system can be realized.
JP 2006-99714 A

However, when the authentication server cannot be used, such as when the authentication server is down, there is a problem in that printing cannot be performed because authentication cannot be performed, and work is delayed.
In order to solve this problem, a first printing method for temporarily storing print data transmitted from a user in a server and printing the stored print data when the user makes a print request from the printing apparatus to the server And a second printing method that outputs the transmitted print data as it is without accumulating, normally using the first printing method and switching to the second printing method when the authentication server stops. Conceivable.
As a result, it is possible to realize a system that can perform printing even when the authentication server cannot be used and does not delay business.

However, in the case of the technique for switching the printing method in this way, there is a problem that the print data stored in the server cannot be printed when the first printing method is switched to the second printing method.
For example, when 100 jobs are input in the first printing method and the authentication server is stopped and switched to the second printing method, the user has to input the printing data of 100 jobs again. It is very inconvenient.
Another problem is that unnecessary print data stored in the server cannot be deleted when the second printing method is switched to the first printing method.

Therefore, an object of the present invention is to provide a mechanism capable of outputting accumulated print data that has not been output due to, for example, an authentication server being down.

In order to achieve the above-described object, a first invention is a network interface device that is connected to an image forming apparatus and communicates with an information processing apparatus that transmits print data and an authentication server that authenticates a user, wherein the information Receiving means for receiving print data from the processing device;
Storage means for storing the print data received by the reception means as first user identification information obtained by reception of the print data, and user authentication by the authentication server in response to reception of authentication information for user authentication First acquisition means for acquiring, from the print data stored in the storage means, print data of the first user identification information that matches second user identification information for identifying a user obtained by A determination unit that determines whether or not user authentication can be performed by the authentication server; and when it is determined that authentication cannot be performed by the determination unit, according to reception of print data by the reception unit The second acquisition of the print data stored in the storage means that matches the first user identification information obtained by receiving the print data. And a transmission means for transmitting the print data acquired by the first acquisition means or the second acquisition means to the image forming apparatus for printing by the image forming apparatus. Interface device.

In addition, when the determination unit determines that authentication cannot be performed, the transmission unit displays the print data acquired by the second acquisition unit and the print data received by the reception unit as the image forming unit. It transmits to an apparatus, It is characterized by the above-mentioned.

When it is determined that authentication cannot be performed by the determination unit, a deletion determination unit that determines whether or not to delete the print data received by the reception unit, and a deletion determination unit that determines whether to delete the print data. A deletion unit that deletes the print data received by the reception unit, and when the deletion determination unit determines not to delete, the transmission unit includes the print data acquired by the second acquisition unit and The printing data received by the receiving unit is transmitted to the image forming apparatus.

The determination means determines whether or not user authentication can be performed by the authentication server in response to reception of authentication information for user authentication.

In addition, the information processing apparatus further includes authentication storage means for storing second user identification information for identifying a user obtained by user authentication by the authentication server.

In addition, when it is determined that authentication cannot be performed by the determination unit, a second user identification corresponding to the received authentication information in the authentication storage unit in response to reception of authentication information for user authentication Authentication determination means for determining whether information is stored;
  If it is determined by the authentication determination means that the print data of the user corresponding to the second user identification information can be printed, the print reservation for setting the second user identification information is set. The apparatus further comprises means.

In addition, when the transmission unit determines that authentication cannot be performed by the determination unit, the transmission unit receives the print data received by the reception unit and receives the print data. When the information matches the second user identification information set by the print reservation unit, the print data acquired by the second acquisition unit is transmitted. When the information does not match, the print data is acquired by the second acquisition unit. The print data received by the receiving means is output without obtaining the print data.
In addition, the print data received by the receiving unit is set by a printer driver provided in the information processing apparatus to determine whether to delete the print data when it is determined that the determination unit cannot perform authentication. It is characterized by being.
The second user identification information is a user name stored in a storage medium or a user name obtained by being authenticated by the authentication server using the storage medium identification information stored in the storage medium. It is characterized by.

According to a second aspect of the present invention, there is provided a network interface apparatus having an information processing apparatus connected to an image forming apparatus and transmitting print data, and a storage unit capable of storing print data by communicating with an authentication server for authenticating a user. In the printing control method according to claim 1, the receiving step of receiving print data from the information processing apparatus, the print data received by the receiving means, and the first user identification information obtained by receiving the print data And a first storage control step that matches the second user identification information for identifying a user obtained by user authentication by the authentication server in response to acceptance of authentication information for user authentication. A first acquisition step of acquiring print data of user identification information from print data stored in the storage unit; A determination step for determining whether or not user authentication can be performed by the authentication server, and when the determination unit determines that authentication cannot be performed, in response to reception of print data by the reception unit A second acquisition step of acquiring the print data stored in the storage means that matches the first user identification information obtained by receiving the print data, and the first acquisition step or the second acquisition step. A printing step including sending the print data acquired in step 1 to the image forming apparatus in order to print the print data on the image forming apparatus.

According to a third aspect of the present invention, there is provided a print control program that can be executed by an information processing apparatus that is connected to an image forming apparatus and transmits print data, and a network interface apparatus that communicates with an authentication server that performs user authentication. The apparatus authenticates the apparatus from the information processing apparatus with print data receiving means, and the storage means for storing the print data received by the receiving means with the first user identification information obtained by receiving the print data. Print data of the first user identification information that matches the second user identification information for identifying a user obtained by user authentication by the authentication server in response to acceptance of authentication information for the storage means. A first acquisition means for acquiring from the stored print data; and a user at the authentication server A determination unit that determines whether or not authentication can be performed, and when the determination unit determines that authentication cannot be performed, in response to reception of the print data by the reception unit, Second acquisition means for acquiring print data stored in the storage means that matches the first user identification information obtained by reception, and print data acquired by the first acquisition means or the second acquisition means Is a print control program that causes the image forming apparatus to function as a transmission unit that transmits the image to the image forming apparatus.

A fourth invention is an image forming apparatus capable of communicating with an information processing apparatus that transmits print data,
Accepting means for accepting print data from the information processing apparatus, storage means for storing the print data accepted by the accepting means as first user identification information obtained by accepting the print data, and user authentication In response to acceptance of the authentication information, print data of the first user identification information that matches the second user identification information for identifying the user obtained by user authentication by the authentication server is stored in the storage means. A first obtaining unit that obtains print data from the print data, a determination unit that determines whether user authentication can be performed by the authentication server, and a case where it is determined that authentication cannot be performed by the determination unit In addition, in response to the reception of the print data by the reception means, the first user identification information obtained by the reception of the print data is matched. A second acquisition unit that acquires the print data stored in the storage unit; and a printing unit that prints the print data acquired by the first acquisition unit or the second acquisition unit. The image forming apparatus.

According to the present invention, it is possible to provide a mechanism capable of outputting accumulated print data that has not been output due to, for example, an authentication server being down.

Hereinafter, preferred embodiments of a secure print system according to the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a diagram showing an example of the configuration of a conventional secure print system.

  As shown in FIG. 1, for example, a NIC 700 connected to one or a plurality of printing apparatuses 1000 installed on each floor, one or more client PCs 300 installed on the administrator, one on each user, and so on. One or more printer servers 101 installed at each site and one or more authentication servers 102 installed at each site are connected via a LAN (Local Area Network) 150. The card reader 400 is connected to the NIC 700 via the USB cable 160.

The client PC 300 is a PC for setting the printing apparatus 1000. The client PC 300 is a PC equipped with a function capable of communicating with the printing apparatus 1000 via the LAN 150 using, for example, HTTP (Hyper Text Transfer Protocol), TCP / IP (Transmission Control Protocol / Internet Protocol), or the like.
The client PC 300 is a PC for a user to submit a print job. When a user generates a print job from an application running on the client PC 300 via the printer driver, the printer driver transmits the print job to the printing apparatus 1000 or the printer server 101 using a print protocol such as LPR (Line Printer Daemon Protocol). can do.

  The printer server 101 receives a print job from the client PC 300, analyzes the print job, acquires job information, and accumulates the print job. Also, a print request is received from the printing apparatus 1000, a user job is searched from the stored jobs based on the user name included in the print request, and a print instruction is issued to the printing apparatus 1000 for the found user job. .

  The authentication server 102 is a server for the printing apparatus 1000 to perform user authentication. It has data such as user name, e-mail address, usage authority, etc. associated with the card ID 211. In response to an inquiry from the printing apparatus 1000, the authentication server 102 has a function of returning the user information when there is a user and when there is a user.

The card reader 400 is connected to the NIC 700 via the USB cable 160.
When the IC card 410 (storage medium) (for example, FeliCa (registered trademark) of Sony (registered trademark)) is held over the card reader 400, the card reader 400 reads information (storage medium identification information) inside the card, and the USB cable The information is notified to the printing apparatus 1000 via 160 and the NIC 700. Note that in this embodiment, the authentication process is performed using the IC card 410, but the authentication process can be performed using a fingerprint or the like. In that case, the card reader 400 is replaced with a fingerprint reader, and authentication is performed by transmitting fingerprint information read by the fingerprint reader to the authentication server 102.

Next, the secure print system 1 according to the present invention will be described with reference to FIG.
FIG. 2 is a diagram showing an example of the configuration of the secure print system 1 according to the present invention.

A secure print system 1 shown in FIG. 2 is connected to a client PC (information processing apparatus) 300, an LDAP (Lightweight Directory Access Protocol) server (authentication server) 200, and a NIC (network interface apparatus) 700 via a LAN 150. The printing apparatus 1000 is connected via a NIC (network interface apparatus) 700.
The NIC 700 connects a mass storage (storage unit) 500 and a card reader 400 via a USB cable 160 and a USB hub 600.
Although the mass storage 500 and the USB hub 600 are externally attached to the printing apparatus 1000 via the NIC 700, they may be built in the printing apparatus 1000. Further, when the NIC 700 has a plurality of USB ports 160, it is not necessary to go through the USB hub 600, and the card reader 400 and the mass storage 500 are directly connected to the NIC 700.

The LDAP server 200 performs the role of the authentication server 102 in FIG. 1 and has a function of performing communication using the LDAP protocol. The LDAP server 200 can centrally manage user information in an internal directory. The LDAP server 200 may be composed of one server. Further, the LDAP server 200 may be composed of two servers, a primary server and a secondary server, as will be described later. Further, the LDAP server 200 may be configured by three or more servers. In any case, the fact that the LDAP server 200 is down means that all the servers constituting the LDAP server 200 are down.
Although the LDAP server 200 is used in FIG. 2, the server is not limited to the LDAP server as long as it can perform authentication.
The client PC 300 is an information processing apparatus that generates print data.

The mass storage 500 is hardware having a large capacity file system such as an HDD (Hard Disk Drive) or a flash memory, and is connected to the USB hub 600 via the USB cable 160.
The mass storage 500 can perform file system control such as file writing, reading, and deletion from the printing apparatus 1000.

Next, the client PC 300, the LDAP server 200, the printing apparatus 1000, and the NIC 700 will be described with reference to FIG. 3, FIG. 4, and FIG.
3 is a diagram illustrating the hardware configuration of the LDAP server 200 and the client PC 300, FIG. 4 is a diagram illustrating the hardware configuration of the printing apparatus 1000, and FIG. 5 is a diagram illustrating the hardware configuration of the NIC 700.

  As shown in FIG. 3, an LDAP server 200 and a client PC 300 are connected via a system bus 2004 to a CPU (Central Processing Unit) 2001, a RAM (Random Access Memory) 2002, a ROM (Read Only Memory) 2003, an input controller 2005, a video. A controller 2006, a memory controller 2007, and a communication I / F controller 2008 are connected.

The CPU 2001 controls each device and controller connected to the system bus 2004 in an integrated manner.
The ROM 2003 or the external memory 2011 holds a basic input / output system (BIOS) and an operating system (OS) that are control programs of the CPU 2001, various programs executed by each server or each PC, and the like.
A RAM 2002 functions as a main memory, work area, and the like for the CPU 2001. The CPU 2001 implements various operations by loading a program necessary for execution of processing from the ROM 2003 or the external memory 2011 to the RAM 2002 and executing the loaded program.

An input controller 2005 controls input from a pointing device such as a keyboard (KB) 2009 or a mouse (not shown).
The video controller 2006 controls display on a display device such as a CRT (Cathode Ray Tube) 2010. The display is not limited to the CRT, but may be another display such as a liquid crystal display. These are used by the administrator as needed.

The memory controller 2007 is a hard disk (HD), flexible disk (FD), or PCMCIA (Personal Computer Memory Card International Association) that stores a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 2011 such as a compact flash (registered trademark) memory connected to the card slot via an adapter.
The communication I / F controller 2008 connects and communicates with an external device via a network such as the LAN 150, and executes communication control processing on the network. The communication I / F controller 2008 can perform communication using TCP / IP (Transmission Control Protocol / Internet Protocol), for example.

The CPU 2001 can display on the CRT 2010 by executing outline font rasterization processing on a display information area in the RAM 2002, for example. Further, the CPU 2001 enables a user instruction using a mouse cursor (not shown) on the CRT 2010 or the like.
Various programs operating on the hardware of the LDAP server 200 and the client PC 300 are recorded in the external memory 2011, loaded into the RAM 2002 as necessary, and executed by the CPU 2001. Definition files and various information tables used when executing the program are stored in the external memory 2011.

Next, the hardware configuration of the printing apparatus 1000 will be described.
As shown in FIG. 4, the printing apparatus 1000 includes an input unit 3000, a CPU 3001, an operation unit 3002, a print processing unit 3003, a storage unit 3004, an output unit 3005, a paper cassette 3006, and the like.

The input unit 3000 connects the printing apparatus and the NIC 700, and controls data communication with the NIC 700.
A CPU 3001 controls the overall operation of the printing apparatus 1000.
The operation unit 3002 provides an interface for direct user operation to the printing apparatus 1000.
A print processing unit 3003 analyzes a command received by the input unit 3000, analyzes print data (PDL), and the like.
The storage unit 3004 includes a ROM (not shown) for operating the printing apparatus 1000, a RAM (not shown), a secondary storage device (not shown), and the like. The RAM is a data storage area that is not restricted in use, and is used for data reception or the like in the reception buffer of the input unit 3000 or the print processing unit 3003.
The output unit 3005 transfers the print data received by the input unit 3000 into image information that can be printed by the print processing unit 3003 onto paper.
The paper cassette 3006 supplies appropriate paper in accordance with the processing of the output unit 3005.

  The NIC 700 is a network interface card. The NIC 700 receives data received from another device via the LAN 150 as a window, and passes the data to a program (not shown) in the NIC or the input unit 3000 of the printing apparatus 1000.

Next, the hardware configuration of the NIC 700 will be described.
As shown in FIG. 5, the NIC 700 includes a CPU 4001, a RAM 4002, a communication I / F controller 4003, a USB I / F controller 4004, an internal memory 4005, a memory controller 4006, a ROM 4007, a device I / F controller 4008, and the like.

The CPU 4001 controls the NIC 700 and controls devices connected internally.
A RAM 4002 functions as a main memory, work area, and the like for the CPU 4001. The CPU 4001 loads a program necessary for execution of processing from the ROM 4007 or the internal memory 4005 to the RAM 4002 and executes the loaded program.
The communication I / F controller 4003 connects and communicates with an external device via a network such as the LAN 150, and executes communication control processing in the network. For example, communication using a communication protocol such as TCP / IP or UDP (User Datagram Protocol) is possible.

The USB I / F controller 4004 connects and communicates with the NIC 700 and USB devices such as the card reader 400, the mass storage 500, and the USB hub 600, and executes USB communication control processing.
The internal memory 4005 includes an OS that controls the NIC 700, and stores application programs that operate on the OS and setting information thereof.
The memory controller 4006 controls access to the internal memory 4005 that stores various applications, various data, and the like.
The ROM 4007 is a read-only semiconductor memory and stores a boot program because the contents are not lost even when the power is turned off.
A device I / F controller 4008 connects and communicates with the NIC 700 and the printing apparatus 1000.

Next, an outline of processing of the secure print system 1 according to the preferred embodiment of the present invention will be described with reference to FIGS.
FIG. 6 is a diagram showing an outline of processing during storage printing in the secure print system 1, and FIG. 7 is a diagram showing an outline of processing during normal printing in the secure print system 1.

The process at the time of accumulation printing shown in FIG. 6 is a process when the printing method is accumulation. That is, the LDAP server 200 is operating normally, and the IC card 410 is held over the card reader 400, thereby printing the print data stored in the mass storage 500.
On the other hand, the normal printing process shown in FIG. 7 is a printing method when the LDAP server 200 is not operating normally. The print data is not stored in the mass storage 500 and the IC card 410 is held over the card reader 400. This is a normal printing method in which print data input from the client PC 300 is printed as it is.

  The secure print system 1 according to the embodiment of the present invention inputs a job when the LDAP server 200 is operating normally, the LDAP server 200 is down before the job is output, and the printing method starts from “accumulate”. Under the state changed to “normal”, the job stored in the mass storage 500 can be output.

In the accumulated printing shown in FIG. 6, first, the user logs in to the client PC 300 (step 1-1) and issues a data printing instruction (step 1-2).
The printer driver generates a job from the data and transmits it to the printing apparatus 1000 (step 2-1). Here, the job is stored in the mass storage 500 (step 2-2).

The user who gives the print instruction holds the IC card 410 over the card reader 400 (step 3-1). The card reader 400 reads the card ID 211 from the IC card 410 and notifies the printing apparatus 1000 (step 3-2).
The printing apparatus 1000 inquires of the LDAP server 200 about the user name (user identification information) that matches the received card ID 211 (step 4-1). The LDAP server 200 searches the LDAP directory 201 and transmits the searched user name (user identification information) to the printing apparatus 1000 (step 4-2).
The printing apparatus 1000 acquires a job that matches the user name (user identification information) from the mass storage 500 (step 5-1), and passes the corresponding job to the printing apparatus 1000 (step 5-2).
The printing apparatus 1000 prints and outputs the received job (step 6-1).

At the time of normal printing shown in FIG. 7, a user who wants to make a print reservation for an accumulated job holds the IC card 410 over the card reader 400 (step 1-1). The card reader 400 reads the card ID 211 from the IC card 410 and notifies the printing apparatus 1000 (step 1-2). The printing apparatus 1000 makes a print reservation for the user who holds the card.
The user logs in to the client PC 300 (step 2-1) and issues a data print instruction (step 2-2).
The printer driver generates a job from the data and transmits it to the printing apparatus 1000 (step 3-1). The printing apparatus 1000 analyzes the received job and acquires a user name (step 3-2).

Here, when the user is not reserved for printing, the job is printed as it is from the printing apparatus 1000 and outputted (step 4-1A).
On the other hand, when the user has reserved printing, the printing apparatus 1000 acquires a job that matches the user name from the mass storage 500 (step 4-1B), and passes the corresponding job to the printing apparatus 1000 (step 4). -2B).
The printing apparatus 1000 prints and outputs the received job (step 5-1). Further, not only the job stored in the mass storage 500 but also the job received in step 3-1 is output together (step 5-2). Depending on the setting of the job created in step 1-1, this job may not be output.

Next, referring to FIGS. 8, 20, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, and 34, the overall processing flow of the secure print system 1 will be described. To do.
8 is a block diagram showing the configuration of the secure print system 1 according to the present invention, FIG. 20 is a diagram showing an example of the setting information 802, FIG. 21 is a diagram showing details of the operation information 860, and FIG. FIG. 23 is a diagram showing an example of the print reservation information 880, FIG. 25 is a diagram showing details of the job 310, and FIG. 26 is a diagram showing details of the print information management header 311. 27 shows details of the job information 820, FIG. 28 shows details of the job list 805, FIG. 29 shows details of the execution list 804, and FIG. 30 shows details of the file system 501. 31 shows details of the IC card 410, FIG. 32 shows an example of the user information 210, FIG. 33 shows details of the LDAP directory 201, and FIG. 34 shows an output setting screen. Is a diagram illustrating a.

  As shown in FIG. 8, in the secure print system 1, the NIC 700 connected to the LDAP server 200, the client PC 300, and the printing apparatus 1000 is connected via a LAN 150 capable of bidirectional communication. A mass storage 500, a USB hub 600, and a card reader 400 are connected to the NIC 700 via a USB cable 160 capable of USB communication.

The LDAP server 200 includes an LDAP directory 201, an LDAP function unit 202, an I / F driver unit 190, and the like. The LDAP server 200 can have a redundant configuration, and a plurality of LDAP servers may be installed.
The LDAP server 200 has a role of searching for user information in the system. Therefore, the LDAP server 200 is not limited to the LDAP server as long as it has a user information storage and search function.

The LDAP directory 201 stores data shown in FIG.
In the LDAP directory 201, one or a plurality of identification codes are arranged under the highest unit suffix that groups data groups, and one or a plurality of user information 210 is stored under the identification codes.
Generally, the identification code is constructed by OU (Organization Unit). In Active Directory (registered trademark), suffix is a unit called a domain.

As shown in FIG. 32, the user information 210 includes a card ID 211, a user name 212 (user identification information), a password 213, a sub user 1 214, a sub user 2 215, a sub user 3 216, a sub user 4 217, a use restriction 218, and the like. Have
As shown in FIG. 31, the card ID 211 registers the ID of the user's IC card 410 and is a unique value among the user information 210 group included under the suffix of the LDAP directory 201. In this embodiment, the IC card 410 is configured to store a card ID and perform authentication processing using the card ID. However, the IC card 410 stores a user ID such as an employee number. It is also possible to configure to perform authentication processing using this user ID. In this case, the user ID is stored in the user name 212, and if the user name 212 matches the user ID read from the IC card 410, it is determined that authentication has been achieved.
The user name 212 is the name of the user holding the IC card 410 that matches the card ID 211.
The password 213 is stored for user identification when performing user authentication.
The sub-users 1 to 4 214 to 217 have different names from the main user name 212 used by the user, and are user names used when the user acts as a proxy for another user.
The usage restriction 218 stores restriction information for using the printing apparatus 1000.

The LDAP function unit 202 performs communication connection, authentication, search, change, addition, deletion, disconnection, and the like according to the LDAP protocol.
In connection, a logical communication path is secured for the client that issued the connection request.
In the authentication, the user name that issued the authentication request is searched from the LDAP directory 201, the password is verified, and the authentication result is returned.
In the search, based on the value received the search request, the corresponding user is searched from the LDAP directory 201 and the matched user information 210 is returned.
The I / F driver unit 190 connects and communicates with an external device via a network such as the LAN 150, and controls communication according to a communication protocol such as TCP / IP or UDP.

The client PC 300 includes an application unit 301, a printer driver unit 302, a transmission buffer 303, an I / F driver unit 190, and the like.
The application unit 301 provides a graphic user interface to the user, and generates image data suitable for the user's purpose.
The printer driver unit 302 converts the image data generated by the application unit 301 into page description language (PDL) data that can be printed by the printing apparatus 1000. Furthermore, a print information management header 311 including job information such as a job owner 312, a job name 313, and an output flag 314 is added to the PDL data as shown in FIG. 26 to create a job 310 shown in FIG. 25. . The job owner 312 indicates the name of the user who created the job. The job name 313 is a name for identifying the job. The output flag 314 is a flag for determining whether or not to output the job. ("True" or "false").

This output flag can be set by installing an add-on module of the printer driver. When the add-on module is installed, the print setting screen of the printer driver of FIG. 34 is added. On this print setting screen, it is possible to instruct whether or not to output the job stored in the mass storage 500 and whether or not to print the application data that is currently the print target. Note that if 3401 is checked on the screen of FIG. 34, the job stored in the mass storage 500 can be output. If 3402 is checked, the output flag 314 included in the print information management header 311 of the job input from the client PC 300 becomes “true”, and printing of the application data currently being printed and the mass storage 500 are performed. Both printing of the stored print data can be executed.
If the check box 3401 is not checked on the screen of FIG. 34, the job stored in the mass storage 500 is not output. If 3401 is not checked, check input to 3402 is disabled.

  When determining whether or not to output a job stored in the mass storage 500 using such a screen of FIG. 34, an accumulated job output presence / absence flag (not shown) is held in the print information management header 311; When the accumulated job output presence / absence flag is “true”, that is, when the accumulated job output is set to be output, the processing from FIG. 10 onward may be executed. In this case, the accumulated job output presence / absence flag corresponds to the check 3401 on the screen of FIG.

In the above description, it has been configured so that the presence or absence of the output of the accumulated job can be controlled by checking 3401 on the screen of FIG. 34. However, if the print reservation information is set in step S159 of FIG. It is also possible to realize a configuration that does not include the check item 3401 so that it is output.
Even if there is a check in 3401, the accumulated job is not output unless print reservation information is set in step S159 of FIG.
In the above description, the method for realizing the output flag by the add-on module of the printer driver has been described. However, the output flag is set by the processing on the application 800 side at the time of job reception in FIGS. 9 and 10. Also good. In this case, for example, a configuration file in which the administrator can set the same output flag for all jobs may be included in the application 800.

  The transmission buffer 303 temporarily stores the job 310 created by the printer driver unit 302 and realizes spooling.

The USB hub 600 includes a USB communication unit 195 and the like. The USB hub 600 relays the USB data, and transfers the USB data of the device connected to the USB hub 600 to other devices.
The USB communication unit 195 performs data communication such as control transfer, interrupt transfer, bulk transfer, and isochronous transfer according to the USB specification. Data transfer is a necessary condition, and the transfer speed, USB version, etc. are not particularly limited.

The mass storage 500 includes a file system 501, a file system management unit 502, a USB communication unit 195, and the like.
As shown in FIG. 30, the file system 501 stores the job 310 in an internal storage device (not shown). The job 310 is written, read, deleted, and the like.

The card reader 400 includes a USB communication unit 195, a card reading unit 401, and the like.
The card reading unit 401 is for reading the card ID 211 from the IC card 410. When the IC card 410 is held over the card reader 400, information such as the card ID 211 is read from the IC card 410, and the information is transmitted to other devices connected via the USB communication unit 195.

The NIC 700 includes an application 800, a NIC OS 900, and the like.
The application 800 is a program that operates on the NIC OS 900.
The NIC OS 900 controls the NIC 700, and at the same time, manages the application 800 on the NIC 700 and performs various instructions to the printing apparatus 1000.

  An application 800 of the NIC 700 includes a setting information management unit 801, setting information 802, an LPR communication unit 803, an execution list 804, a job list 805, an LDAP communication unit 806, a periodic check unit 807, a print information management protocol analysis unit 808, and a list management unit. 809, a user notification unit 810, a card reader management unit 811, a file management unit 812, a print instruction unit 813, a beep instruction unit 814, a panel display instruction unit 815, and the like.

The setting information management unit 801 manages setting information 802 necessary for executing the application 800 shown in FIG. 20, and writes and reads the setting information 802.
When the client PC 300 accesses the application 800 using a browser to set the setting information of the application 800, and the application 800 receives an instruction from the client PC 300, the setting information management unit 801 displays the set data as setting information 802. Hold as.
The setting information 802 includes a suffix 831, an identification code 832, a primary server 833, a primary port 834, a secondary server 835, a secondary port 836, a user 837, a password 838, a print reservation valid time 839, and the like.

The suffix 831 and the identification code 832 serve as conditions for designating a search location when issuing a search request to the LDAP server 200.
The primary server 833, the primary port 834, the secondary server 835, and the secondary port 836 are information for connecting to the LDAP server 200. Since the LDAP server 200 can have a redundant configuration, it is possible to set a plurality of units such as primary and secondary.
The user 837 and the password 838 are information necessary for issuing an authentication request to the LDAP server 200.
The print reservation valid time 839 is information for setting the expiration date of the print reservation information 880 shown in FIG. The print reservation information 880 includes a user name 212 and a time stamp 871, and represents a user who has made a print reservation. This is information for printing the user's stored job even when the printing method 861 is “normal”. That is, the user's stored job stored in the print reservation information 880 can execute printing. More specifically, by holding the card, the user's stored job corresponding to the card can be printed.

The LPR communication unit 803 analyzes the LPR printing protocol and performs communication. The LPR communication unit 803 analyzes and communicates the protocol when receiving the job 310 from the client PC 300.
Here, LPR is described as an example, but the printing protocol is not limited to LPR.

The execution list 804 is shown in FIG. 29 and is a subset of the job list 805 shown in FIG. When printing is performed, a print instruction is issued based on the job information 820 stored in the execution list 804.
The job list 805 includes job information 820 shown in FIG. The job information 820 is information obtained by extracting information necessary for managing the job 310, and includes a user name 821, a file name 822, a job name 823, a time stamp 824, an output flag 825, and the like. The job list 805 holds all information on the job 310 stored in the file system 501.

The LDAP communication unit 806 communicates with the LDAP server 200 according to the LDAP protocol, and connects to the LDAP server 200 specified by the primary server 833 and the primary port 834 of the setting information 802.
The LDAP communication unit 806 performs authentication using the user 837 and the password 838 of the setting information 802. Also, the LDAP communication unit 806 searches the user information 210 (FIG. 32) associated with the card ID 211 using the suffix 831 and the identification code 832 of the setting information 802 as search locations. If neither the primary nor the secondary can be accessed, the printing method 861 of the operation information 860 shown in FIG. 21 is set to “normal”. The operation information 860 is information managed on the application 800 in the same manner as the setting information 802. When the primary or secondary can be accessed, the printing method 861 of the operation information 860 shown in FIG. 21 is set to “accumulate”. The default setting of the printing method 861 is accumulation.
If the user information 210 is found as a result of the search performed by the LDAP communication unit 806, the card ID 211 and the user name 212 of the user information 210 are registered in the authentication cache 870 shown in FIG. 22 (authentication storage). . This is because the card ID 211 can be resolved from the user name 212 even when the authentication server is stopped. The authentication cache 870 is information managed on the application 800 in the same way as the setting information 18. Note that when a user ID (user name) is registered in the IC card 410, it is also possible to register only the user ID (user name) in the authentication cache 870.

The periodic check unit 807 periodically monitors whether the LDAP server 200 and the NIC 700 can communicate with each other and whether the print reservation information 880 has expired. Actual connection processing and the like are performed through the LDAP communication unit 806. If the printing method 861 of the operation information 860 is “accumulation”, the periodic check unit 807 does not check anything, but if the printing method 861 of the operation information 860 is “normal”, the LDAP server 200 and NIC 700 When it is determined that communication is possible, the printing method 861 is changed to “accumulation”. Thereby, the return of the print switching when the authentication server is down is realized.
Also, the time stamp of the print reservation information 880 is compared with the print reservation valid time 839 of the setting information 802 to check the validity period. If the validity period has expired, the print reservation information 880 is deleted. This is so that even if the user who made the print reservation forgets the output, another user can make the print reservation after a certain period of time.

The print information management protocol analysis unit 808 analyzes the print information management header 311 included in the job 310. The print information management header 311 is binary data added to the head of PDL data, and includes various job information.
When the job owner 312, the job name 313, and the output flag 314 included in the print information management header 311 are acquired and job information 820 is created, values analyzed by the print information management protocol analysis unit 808 are used. Further, after analyzing the print information management protocol, the status of the printing method 861 is checked. If “normal”, the job 310 is passed to the print instruction unit 813 to print the job 310. On the other hand, if the setting of the printing method 861 is “accumulate”, the job 310 is transferred to the file management unit 812 to save the job.

  A list management unit 809 manages the execution list 804 and the job list 805. When the job 310 is written in the file system 501, the job information 820 is received from the file management unit 812, and added to the job list 804 for management. In addition, job information 820 that matches the user name passed from the LDAP communication unit 806 is extracted from the job list 805 to create an execution list 804. The list management unit 809 receives a notification from the file management unit 812 when printing is completed, and deletes the corresponding job information 820 from the job list 805.

  The user notification unit 810 notifies the user who is using the printing apparatus 1000 of an error or the like. The user notification unit 810 issues a beep instruction to the NIC OS 900, sounds a beep from the printing apparatus 1000 to appeal to the user's hearing, and instructs the panel display to display arbitrary characters on the panel of the printing apparatus 1000. , Has a function to appeal to the user's vision.

  The card reader management unit 811 is for controlling the card reader 400 connected to the NIC 700 via the USB 160. When the IC card 410 is held over the card reader 400, the card reader management unit 811 acquires the card ID 211.

  The file management unit 812 manages the job 310 within the application 800. The file management unit 812 encrypts the job 310 and stores it in the file system 501, decrypts the job 310, sends the job 310 to the print instruction unit 813, or finishes submitting the job to the print instruction unit 813 At the timing, the corresponding job 310 is deleted from the file system 501.

The print instruction unit 813 instructs the NIC OS 900 to print the decrypted job 310 sent from the file management unit 812 using the print information management protocol. At this time, exclusive control of print processing is performed using the print exclusive flag 862. This is because when the printing method is “normal” and the user registered in the print reservation information 880 performs printing, the accumulated job is output. At that time, another user performs printing from the client PC 300. This is to prevent the mixed prints from being mixed.
Also, the print instruction unit 813 determines whether to output the job by looking at the state of the output flag 825 of the job information 820.

The beep instruction unit 814 receives the beep command from the user notification unit 810 and notifies the NIC OS 900 of it. Regarding the beep sound, the beep sound can be realized by various methods such as a print information management protocol, JL, and UDP, but which function is supported varies depending on the printing apparatus 1000. The beep instruction unit 814 absorbs the difference depending on the type of the printing apparatus 1000 and performs an appropriate beep instruction.
The panel display instruction unit 815 displays an arbitrary message on a panel (not shown) of the printing apparatus 1000 using MIB (Management Information Base). In the case of a printing apparatus 1000 of a model that cannot be displayed for a certain period of time, the display is reset after being displayed for a few seconds.

Next, details of the NIC OS 900 will be described.
The NIC OS 900 includes an I / F driver unit 190, a USB communication unit 195, an encryption / decryption unit 905, a print information management protocol analysis / communication unit 904, a JL communication unit 903, a UDP communication unit 902, an MIB communication unit 901, a communication control. Part 906.

The encryption / decryption unit 905 is for performing encryption and decryption of data. The format is not fixed, and block encryption such as DES (Data Encryption Standard), Triple DES, and AES (Advanced Encryption Standard), and stream encryption such as RC4 can be performed.
The print information management protocol analysis / communication unit 904 is for performing data communication according to the print information management protocol. The print information management protocol is a communication protocol for controlling the printing apparatus 1000, and can perform a print instruction, a beep sound, and the like.
The JL communication unit 903 is for performing JL communication. JL is a job control language, and can issue an information acquisition command for the printing apparatus 1000, a PDL data reception command, a beep command for the printing apparatus 1000, and the like.

The UDP communication unit 902 performs UDP communication. Using this UDP communication, a DNS (Domain Name System) query, a beep command, and the like can be performed.
The MIB communication unit 901 is for performing MIB communication. The MIB is a protocol for managing communication devices, and performs panel display of the printing apparatus 1000 and the like.
The communication control unit 906 notifies the application 800 of data received from the I / F driver unit 190 or passes it to the printing apparatus 1000. The communication control unit 906 transfers data transmitted to the NIC 700 via the LAN 150 to the application 800. Further, the data transmitted from the application 800 is transferred to the printing apparatus 1000.

Next, the printing apparatus 1000 will be described.
The printing apparatus 1000 includes an I / F driver unit 190, a reception buffer 1001, a transmission buffer 1002, an MIB communication unit 901, a UDP communication unit 902, a JL communication unit 903, a print information management protocol analysis / communication unit 904, an LPR communication unit 803, A panel display unit 1008, a beep sound unit 1009, a PDL translator unit 1011, a device DB unit 1010, a drawing buffer 1012, a drawing unit 1013, and a printer engine unit 1014 are provided.

The reception buffer 1001 temporarily secures all data received by the I / F driver unit 190 and serves as a buffer for processing delay.
The transmission buffer 1002 temporarily secures all data before transmission to the I / F driver unit 190 and serves as a buffer for processing delay.
The panel display unit 1008 displays the designated message on the panel of the printing apparatus 1000.
The beep sounding unit 1009 activates a sounding device (not shown) built in the printing apparatus 1000 to make a sound.
The device DB unit 1010 stores information on the printing apparatus 1000 set by JL and provides the information to the PDL translator unit 1011. The environmental information here is, for example, the number of printed sheets.

The PDL translator unit 1011 performs a translation process on the PDL data and converts it into intermediate data that is a drawing object suitable for drawing.
The drawing buffer 1012 temporarily stores intermediate data of the drawing object generated by the PDL translator unit 1011 until actual printing is performed.
The drawing unit 1013 actually draws the drawing object temporarily stored in the drawing buffer 1012 to generate image data that is a bitmap image.
The printer engine unit 1014 receives the bitmap image generated by the drawing unit 1013 and prints it on a medium such as paper using a known printing technique.

Next, detailed processing of the secure print system 1 according to the present invention will be described with reference to FIGS. 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, and 24.
9 is a flowchart illustrating an example of a print job reception process procedure of the secure print system 1, FIG. 10 is a flowchart illustrating an example of a print job reception process procedure of the secure print system 1, and FIG. 11 is a card of the secure print system 1 FIG. 12 is a flowchart showing an example of the card detection processing procedure of the secure print system 1, FIG. 13 is a flowchart showing an example of the card detection processing procedure of the secure print system 1, and FIG. FIG. 15 is a flowchart showing an example of the card detection processing procedure of the secure print system 1, FIG. 16 is a flowchart showing an example of the card detection processing procedure of the secure print system 1, and FIG. Showing flow FIG. 17 is a flowchart showing an example of a periodic check processing procedure of the secure print system 1, FIG. 18 is a flowchart showing an example of a print processing procedure of the secure print system 1, and FIG. 19 is a user notification of the secure print system 1 FIG. 24 is a flowchart illustrating an example of a processing procedure, and FIG. 24 is a diagram illustrating an example of a message displayed on the printing apparatus 1000.

  In the following, processing performed by the NIC 700 is described by distinguishing the function of the application 800 and the function of the NIC OS 900. Therefore, for the sake of convenience, the subject of processing is assumed to be the application 800 and the NIC OS 900. However, in practice, the NIC 700 is the subject that performs the processing. The NIC 700 that is hardware executes processing described later in cooperation with the application 800 or NIC OS 900 that is software.

The job reception process of the secure print system 1 will be described with reference to FIGS.
In FIG. 9, the NIC 700 receives print data from the client PC 300. The NIC 700 stores the received print data in the mass storage 500. In FIG. 10, the NIC 700 transmits print data to the printing apparatus 1000. In addition, print data stored in the mass storage 500 is output according to the print reservation information 880.

As shown in FIG. 9, in the job submission process to the secure print system 1, the application of the client PC 300 generates a job 310 via the printer driver (step S001).
When the client PC 300 transmits the generated job 310 to the NIC OS 900 (step S002), the NIC OS 900 receives the data transmitted from the client PC 300 and transfers it to the application 800. (Step S003).

The application 800 analyzes the print information management header 311 of the job 310, acquires the job owner, job name, and output flag 314 (step S004), and creates job information 820 (step S005). At this time, the job owner 312 acquired from the job 310 is stored in the job information 820 as the user name 821, the acquired job name 313 as the job name 823, and the acquired output flag 314 as the output flag 825. Also, a character string that is unique within the application is generated and used as the file name 822. The time stamp 824 is stored after writing the file.
The reason for not using the job name 823 for the file name 822 is to prevent the file system 501 from being overwritten inadvertently. The job name 823 can be freely set by the user. Also, the file system 501 cannot have a file with the same name. Therefore, when the user happens to print a file having the same name without being aware of the file already in the file system 501, the file having the same name is overwritten in the file system 501. In order to avoid this, a character string that is unique in the application is generated and used as the file name 822.

The application 800 performs a branching process with reference to the printing method 861 of the operation information 860 (step S006). Note that the initial value of the printing method 861 is “accumulation”.
The client PC 300 does not need to be aware of whether the printing method uses the mass storage 500 or whether the printing is performed directly from the printing apparatus 1000 without being able to communicate with the LDAP server 200. Since the job 310 can be transmitted without being conscious of whether or not communication with the LDAP server 200 is possible when printing is output, it is possible to save the trouble of changing the setting and to realize a secure print system with higher usability. ing.

If the printing method 861 is set to “accumulate”, the application 800 passes the job 310 data to the NIC OS 900 to encrypt the job 310, and specifies an encryption key, an encryption algorithm, and the like (step S007). ).
The NIC OS 900 encrypts the passed job data using the designated parameter (step S008).
The application 800 writes the job encrypted by the NIC OS 900 in the file system 501 (step S009).
Writing the job 310 to the file system 501 eliminates the need to write the job 310 to the printer server 101 as in the prior art. As a result, the printer server 101 is not required, and a secure print system with higher security is realized. Further, since the printer server 101 is unnecessary, it is possible to save the cost of installing the server and the trouble of setting the server installation in the secure print system introduction. Furthermore, even if the mass storage 500 is removed from the printing apparatus 1000, the job 310 is written in an encrypted manner, so there is no concern that the PDL data in the job 310 can be read, and higher security is realized. Yes.

When the NIC OS 900 transmits the processing for storing the job 310 to the mass storage 500 (step S010), the mass storage 500 writes the encrypted job 310 into the file system 501 (step S011).
When the NIC OS 900 transmits the write processing of the encrypted job 310 to the file system 501 to the application 800 (step S012), the application 800 obtains a time stamp when the writing of the job 310 to the file system 501 is completed, It is stored in the time stamp 824 of the job information 820 (step S013).
The application 800 stores the created job information 820 in the job list 805 (step S014).
Here, the application 800 saves the time stamp at the end of file writing because the time is arbitrarily set by the client PC 300, and therefore, referring to the job input time from the client PC 300 cannot ensure time consistency. It is.

As shown in FIG. 10, when the printing method 861 of the operation information 860 is set to “normal” in step S006 of FIG. 9, the application 800 looks at the print exclusion flag 862 of the operation information 860 and performs branch processing. Is performed (step S021). Note that the initial value of the print exclusion flag 862 is “false”.
If the print exclusion flag 862 is “true”, the application 800 performs a wait process (step S022), and after waiting for a while, determines the print exclusion flag 862 again (step S021).
When the print exclusive flag 862 is “false”, the application 800 sets the print exclusive flag 862 to “true” (step S023). That is, if there is no print data that has been previously printed, the print exclusion flag 862 is “false”, so the print exclusion flag 862 is set to “true”.

Here, if there is print data that has been subjected to print processing before, the print exclusive flag 862 is “true”. Therefore, after a predetermined time, it is determined whether the print exclusive flag 862 has become “false” in step S026 described later. The determination is made in S021. During this time, since the previous print processing has been performed, other jobs acquired from the client PC 300 are not output.
The series of processing (steps S021 to S023) related to the print exclusive flag 862 is to prevent other users from performing print processing while one user is performing print processing. As a result, when the printing method 861 is set to “normal” and the print job input from the client PC 300 is output without being accumulated, it is possible to prevent the jobs of the respective users from being mixed.

The application 800 sees the print reservation information 880 and performs branch processing (step S024).
That is, if the user name 212 and the time stamp 871 are not set in the print reservation information 880, the application 800 performs the printing process shown in FIG. 18 in order to output the input job as it is (step S025). If the user name 212 and the time stamp 871 are set in the print reservation information 880, the user name 212 is compared with the user name 821 of the job information 820 acquired in the previous step S011 (step S024). As a result, if the user names are not the same, the printing process shown in FIG. 18 is performed in order to output the input job as it is (step S025).
After performing the printing process, the print exclusion flag 862 is set to “false” so that a print job of another user can be accepted (step S026).

  If the user name 212 and the time stamp 871 are set in the print reservation information 880, the application 800 compares the user name 212 with the user name 821 of the job information 820 acquired in the previous step S011 (step S024), and the same. In the case of the user name, an execution list 804 is created (step S027). Specifically, the same processing as described later is performed (steps S126 and S127 in FIG. 14).

Next, the application 800 acquires a stored job from the mass storage 500 based on the created execution list 804, and prints the stored job (step S028). Specifically, the same processing as described later is performed (step S135 to step S139 in FIG. 15).
In steps S027 and S028, when the printing method is “normal”, a job with the user name 212 set in the print reservation information 880 is searched from the job list 805 to create an execution list 804. In step S201 of FIG. 16 described later, a job of the execution list 804 is acquired (second acquisition unit).
Further, the application 800 deletes the print reservation information 880 (step S029). The print reservation information 880 is information for printing the stored job during normal printing, and plays the role of print reservation for the user. Also, up to one user can be registered in the print reservation information 880. Therefore, after printing the stored job, the print reservation information 880 is deleted so that another user can make a reservation for printing the stored job.

The application 800 performs branch processing (deletion determination) by looking at the output flag 825 of the job information 820 acquired in step S011 of FIG. 9 in the previous stage (step S030).
When the output flag 825 is “false”, the application 800 deletes the accepted job (step S031), and controls the card reader 400 so that another user's stored job print reservation can be accepted and starts polling. Is performed (step S032). Thereafter, the print exclusion flag is set to “false” so that print jobs of other users can be accepted (step S026).
When the output flag 825 is “true”, the application 800 performs the printing process (FIG. 18) of the received job 310 (step S033), and controls the card reader 400 to start polling (step S032). Thereafter, the print exclusion flag is set to “false” so that print jobs of other users can be accepted (step S026).

  The above processing (step S030 to step S033) is processing for controlling whether to output not only the stored job but also the printed matter instructed to be output from the client PC 300 after outputting the stored job. For example, if it is desired to print a stored job and print a new job together, the output flag can be set to “true” to output both the stored job and the submitted job. On the other hand, when it is only desired to output a stored job, by setting the output flag to “false”, it is possible to output only the stored job without causing the job input from the client PC 300 to be output. Therefore, useless printed matter is not output. In this embodiment, the configuration is such that it is determined whether or not the input job is to be printed after the accumulation job. However, it is first determined whether or not the input job is to be printed, and it is determined that the input job is to be printed. In this case, the input job can be printed first, and then the stored job can be printed.

Next, processing after card detection in the secure print system 1 will be described with reference to FIGS. 11, 12, 13, 14, and 15.
In FIG. 11, the NIC 700 establishes communication with the LDAP server 200. At this time, the NIC 700 determines whether or not communication with the LDAP server 200 is possible. If communication with the LDAP server 200 is not possible, the NIC 700 sets the printing method 861 to “normal”. Further, when communication with the authentication server is possible and the printing method 861 is “normal”, the NIC 700 sets the printing method 861 to “accumulation”.

  As shown in FIG. 11, the card reader 400 detects the IC card 410, reads the card ID 211 recorded therein (step S100), and the NIC OS 900 transmits the read information to the application 800 (step S101). ).

The application 800 confirms the printing method 861 of the operation information 860 (print mode determination) (step S102).
If the printing method 861 is set to “normal”, the application 800 checks the authentication cache (authentication determination) (step S108). If the card ID 211 read in step S100 exists in the authentication cache, the process proceeds to step S159. If the card ID 211 read in step S100 does not exist in the authentication cache, the process proceeds to step S162.
When the printing method 861 is set to “accumulate”, the application 800 tries to connect to the LDAP server 200 based on the setting information 802 (step S104). More specifically, the application 800 refers to the setting information 802 and connects to the primary port of the primary LDAP server 200a. If the application 800 cannot be connected to the secondary port of the secondary LDAP server 200b, Connect to it.
Alternatively, even if the printing method 861 is set to “normal” in step S102, if communication can be established by communicating with the LDAP server 200, the printing method 861 is changed to “accumulation” and the process proceeds to step S109. To do.

The NIC OS 900 tries to connect to the LDAP server 200 based on the connection request (step S105), and the application 800 performs branch processing depending on whether or not the connection attempt is successful (step S106).
More specifically, if it is not possible to connect to both the primary LDAP server 200a and the secondary LDAP server 200b, it is regarded as a connection failure.
If the connection fails, the application 800 changes the printing method 861 to “normal” (second printing mode) (step S107), and checks the authentication cache (step S108).
If the connection to the LDAP server 200 cannot be established, the printing method 861 is switched to “normal”, so that the job 310 is not stored in the mass storage 500 and printing is performed directly from the printing apparatus 1000 from the next printing. Accordingly, it is possible to output a printed matter even when communication with the LDAP server 200 is not possible.

The application 800 checks the authentication cache 870 (step S108). More specifically, it is confirmed whether or not the card ID 211 acquired in the preceding step S100 matches any one or a plurality of card IDs 211 registered in the authentication cache 870.
If there is a card ID 211 that matches the authentication cache 870 as a result of step S108, the application 800 sets the print reservation information 880 (step S159). More specifically, the user name 212 associated with the matching card ID 211 in the authentication cache 870 is set in the user name 212 of the print reservation information 880, and the current time is set in the time stamp 871. The time stamp 871 is used to check the expiration of the print reservation information 880.
As described above (steps S024 to S028), when the user submits a job from the client PC 300, the stored job cannot be printed unless the print reservation information 880 is registered. Therefore, since the accumulated job cannot be printed unless a print reservation is made by holding the card, printing with high security can be performed even under a situation where the authentication server is stopped and normal printing is performed.

Next, the application 800 selects “AP Insatsu Yaku” as message 1 from the message shown in FIG. 24, performs the user notification process shown in FIG. 19 (step S160), controls the card reader 400, and performs polling. Stop (step S161). By stopping polling, the card reader 400 does not read the card. Accordingly, a plurality of users cannot register the print reservation information 880 and cannot overwrite the print reservation information 880. As a result, it is possible to prevent the stored jobs from being output when a plurality of reserved users perform normal printing at the same time, thereby reducing security. Further, it is possible to prevent another user from overwriting the print reservation information 880 by holding the card while the print reservation information 880 is set.
If the user's job corresponding to the card is not transmitted from the client PC 300 for a certain time after the polling is stopped, the polling is canceled and polling is started. This will be described later with reference to FIG.

  That is, when the printing method is “normal”, when the user holds the card in FIG. 11, the print reservation information of the job requested to print by the user holding the card is created in S159 in S159. Is done. After that, when the user executes printing from his / her client PC 300 within a predetermined time in FIG. 9, the job stored in the mass storage 500 is acquired and printed according to the print reservation information in FIG. 10 (S028).

  If the card ID 211 that matches the authentication cache 870 does not exist as a result of the previous step S108, the application 800 selects “AP user cache no” as the message 2 from the message shown in FIG. The user notification process shown is performed (step S162).

Next, in step S106 in FIG. 11, if the application 800 can connect to either the primary LDAP server 200a or the secondary LDAP server 200b, the application 800 performs LDAP authentication (step S109 in FIG. 12).
The user 837 and password 838 of the setting information 802 are transmitted to the LDAP server 200 and an authentication request is issued. This authentication process is a process in the case where strong security is applied such that the search is not performed unless the LDAP server 200 authenticates. As another embodiment, when a setting that does not require authentication when performing a search (non-authentication setting) has been made, the processing from S109 to S114 accompanying authentication may be omitted.

The NIC OS 900 transmits the data (setting information 802) transmitted from the application 800 to the LDAP server 200 (step S110).
The LDAP server 200 searches the LDAP directory 201 with the user name of the received data (setting information 802). When the user is found, the received data is compared with the password 213 included in the user information 210 of the corresponding user, and the authentication result is returned (step S111).
When the NIC OS 900 transmits the data received from the LDAP server 200 to the application 800 (step S112), the application 800 receives the LDAP authentication result (step S113).

The application 800 performs a branch process depending on whether or not the authentication result in step S113 in the preceding stage is acceptable (step S114). If the authentication fails, the application 800 selects “AP server error” in message 3 from the message shown in FIG. Processing is performed (step S115).
If the authentication is successful, the application 800 searches the LDAP server 200 for the card ID 211 based on the setting information 802 (step S116).
The application 800 designates a search position using the suffix 831 and the identification code 832 of the setting information 802.

The NIC OS 900 transmits the data transmitted from the application 800 to the LDAP server 200 (step S117).
The LDAP server 200 searches the LDAP directory 201 based on the data transmitted from the application 800, and returns the search result (step S118).
The designated card ID 211 is searched from the data below the designated suffix 831 and the identification code 832, and the found user information 210 is transmitted. The suffix 831 and the identification code 832 are information that is specified to specify the position of the user in the LDAP directory 201, and are generally values that are specified as SearchBases during the LDAP search.

  When the NIC OS 900 transmits the data received from the LDAP server 200 to the application 800 (step S119), the application 800 acquires a search result from the LDAP server 200 (step S120).

Next, as illustrated in FIG. 13, the application 800 performs a branch process depending on whether the user information 210 has been acquired by looking at the search result from the LDAP server 200, that is, whether or not the user exists (step S <b> 121). .
If the user information 210 cannot be acquired, the application 800 selects “AP user password” of message 4 from the message shown in FIG. 24, and performs user notification processing (step S122).

When the user information can be acquired, the application 800 performs a branching process based on whether or not the user has a usage right based on the usage restriction of the user information 210 (step S123).
Various setting methods can be considered for the usage restriction. For example, the usage authority is expressed by a 4-digit number, the first digit is the printer usage authority, the second digit is the copy usage authority, and the third digit is a scan. Use authority The fourth digit is the use authority for fax. The value “0” is “unusable”, “1” is “monochrome only usable”, and “2” is “both color monochrome usable”. Then, referring to the usage authority in the user information 210, a method of considering “no authority” if the printer item is “0”, and “authorizing” if “1” or “2” is considered.
If there is no usage authority in step S123, the application 800 selects “AP user error” in message 5 from the message shown in FIG. 24, and performs user notification processing (step S124).

If it is determined in the previous step S123 that the user has “authority”, the application 800 updates the authentication cache (step S125). More specifically, the card ID 211 and the user name 212 of the user information 210 acquired in step S120 of FIG. 12 are registered as an authentication cache. If the same data has already been registered, it is overwritten.
By caching the authentication information, the user name 212 can be resolved based on the card ID 211 even when the authentication server is stopped.

In FIG. 14, when the NIC 700 can communicate with the LDAP server 200, the NIC 700 acquires print data corresponding to the user information 210 from the mass storage 500.
As shown in FIG. 14, when there is a usage right, the application 800 extracts job information 820 having a matching user name from the job list 805 using the user name in the acquired user information 210 as a key (step S126). .
The application 800 creates the execution list 804 using the extracted job information 820 as a list (step S127). In step S127, when the printing method is “accumulate”, the job list 805 is searched for the user's job and the execution list 804 is created. In step S201 of FIG. 16 described later, a job in the execution list 804 is acquired (first acquisition unit).

The application 800 acquires a sub user from the acquired user information 210 (step S128).
If sub user 1 has been acquired immediately before, the next sub user 2 is acquired. A series of processes from S128 to S131 related to the sub-user is a process performed for outputting a printed matter of a plurality of users by one user. For example, in the past, only one user could be registered per IC card, so it was necessary for the secretary to borrow an IC card if he wanted to output the supervisor's printed material. In addition, a user who uses two PCs alone needs to carry two IC cards. By performing processing related to this series of sub-users, it is possible to solve the above problems and to output printed materials of a plurality of users with a single IC card.

The application 800 checks the acquired sub-user (step S129), and if all the sub-users up to the sub-user 4 have been acquired, or if the sub-user has not been acquired or has not been registered, the process proceeds to S132. move on.
If the sub user can be acquired, the application 800 extracts job information 820 that matches the sub user from the job list 805 (step S130), and adds the extracted job information 820 to the execution list 804 (step S131).

When all sub users are acquired, the application 800 sorts the created execution list 804 (step S132).
More specifically, the job information 820 is sorted by the time stamp 824, then sorted by the user name 821, and rearranged in time series by the user name 821. By this sort, when it is desired to output a printed matter of a plurality of users, a collective output matter is obtained for each user, and the labor of sorting can be saved. In addition, since the printed matter of each user is arranged in the order of the time stamp, the order is in accordance with the instruction of the user who executed the printing, and the output order is easy to understand for the user. Further, the sorting method is not limited to this method, and sorting may be performed by user name and then by time stamp.

  Next, as shown in FIG. 15, the application 800 checks the number of job information 820 in the execution list 804 (step S133), and in the case of 0, the message “AP job no” from message 6 shown in FIG. And a user notification process is performed (step S134).

When the number of job information 820 in the execution list 804 is one or more, the application 800 performs a loop process with the number of job information 820 in the execution list 804 (step S135). When all the job information 820 is referenced, the loop process is terminated. This loop processing is processing for performing steps S136 to S138 for all job information 820 in the execution list. In step S135, that is, it is determined whether the processing has been completed for all job information 820 in the execution list. If it is determined that the processing has been completed, the process proceeds to step S139.
The application 800 determines whether or not a job can be submitted (step S136). Usually, since a printing device has a limited RAM, a print job that can be submitted at one time is limited. The reason for determining whether or not to submit a job is to prevent a job from being submitted even though the submission limit has been exceeded and printing from failing.
Next, the application 800 performs a wait process (step S137). This wait processing prevents the phenomenon of occupying the CPU by continuing the loop (step S136 to step S137) when the job cannot be submitted beyond the submission limit.
The application 800 performs the job printing process shown in FIG. 16 (step S138), and clears all the job information 820 in the execution list 804 (step S139).

Next, job print processing of the secure print system 1 will be described with reference to FIG.
In FIG. 16, the NIC 700 transmits print data to the printing apparatus 1000.

As shown in FIG. 16, the application 800 acquires the job 310 from the file system 501 based on the job information 820 passed from the upper level (step S201).
The application 800 requests the mass storage 500 to acquire a file in the file system 501 that matches the file name 822 stored in the job information 820.
When the NIC OS 900 transmits a command from the application 800 to the mass storage 500 (step S202), the mass storage 500 reads a specified file from the file system 501 and returns it to the application 800 (step S203). The command from 500 is transmitted to the application 800 (step S204).

The application 800 requests the NIC OS 900 to decrypt the acquired job 310 and simultaneously designates a decryption key, a decryption algorithm, and the like (step S205).
The NIC OS 900 performs a data decryption process (step S206), and the application 800 issues a print instruction for the decrypted job 310 (step S207).
The NIC OS 900 receives a command from the application 800 and performs a printing process shown in FIG. 18 (step S208).

When the NIC OS 900 transmits a command from the printing apparatus 1000 to the application 800 (step S213), the application 800 requests the mass storage 500 to delete the corresponding job 310 from the file system 501 (step S214).
When the NIC OS 900 transmits the command of the application 800 to the mass storage 500 (step S215), the mass storage 500 deletes the designated job 310 from the file system 501 (step S216).
The NIC OS 900 transmits a command from the mass storage 500 to the application 800 (step S217).

Next, periodic check processing of the secure print system 1 will be described with reference to FIG.
In FIG. 17, the NIC 700 confirms whether or not communication with the LDAP server 200 is possible at regular intervals. If the printing method 861 is set to “normal” and communication with the LDAP server 200 is possible, the printing method 861 is displayed. Set to “Accumulate”. The print reservation information 880 is checked for an expiration date. If the expiration date has expired, the print reservation information 880 is deleted.
These processes are started when the application 800 is activated, and are repeated until the application 800 ends.

As shown in FIG. 17, the application 800 checks the printing method 861 (step S301).
When the printing method 861 is “accumulation”, the application 800 performs a wait process (step S306) and confirms the printing method 861 again (step S301). This wait processing prevents the phenomenon of occupying the CPU by continuing the loop (step S301 to step S305) when the printing method 861 is “accumulation”.

When the printing method 862 is “normal”, the application 800 requests the NIC OS 900 to connect to the ports of the primary LDAP server 200a and the secondary LDAP server 200b set in the setting information 802, and the NIC 800 The OS 900 connects to the two specified LDAP servers 200.
The application 800 checks whether it can connect to either the primary LDAP server 200a or the secondary LDAP server 200b (step S302).

If the connection is established, the application 800 deletes the information of the print reservation information 880 (step S303), and switches the printing method 861 to “accumulation” (first print mode) (step S305). Thereafter, wait processing is performed (step S306), and the printing method 861 is confirmed again (step S301).
As a result, when the LDAP server 200 is restored, the printing method 861 can be automatically switched to “accumulation”, and the trouble of manually changing the settings of the application 800 can be saved.

If the connection cannot be established, the application 800 checks the expiration date of the print reservation information 880 (step S307). More specifically, the determination is made based on whether or not the time stamp 871 of the print reservation information 880 plus the print reservation information valid time 839 of the setting information 802 has passed the current time.
By checking the expiration date, even if the user who made a print reservation forgets to print, another user can make a print reservation after a certain period of time.
If the expiration date has not expired, the application 800 performs a wait process (step S305) and confirms the printing method 861 again (step S301).
If the expiration date has expired, the application 800 deletes the print reservation information 880 (step S308), controls the card reader 400, and starts polling (step S309). Thereafter, wait processing is performed (step S306), and the printing method 861 is confirmed again (step S301).

Next, the print processing of the secure print system 1 will be described with reference to FIG.
In FIG. 18, the NIC 700 transfers print data to the printing apparatus 1000, and the printing apparatus 1000 analyzes the print data and outputs a printed matter.

As shown in FIG. 18, the NIC OS 900 transfers the job 310 received from the host to the printing apparatus 1000 (step S401). The printing apparatus 1000 accepts the transferred job 310, stores it in the reception buffer 1001, and performs spool processing. This is performed (step S402).
The printing apparatus 1000 analyzes the print information management header 311 of the spooled job 310 (step S403). The analyzed data is used for internal log data (not shown).
The printing apparatus 1000 analyzes the PDL data in the job 310, creates intermediate data of the drawing object, and creates a bitmap image based on the intermediate data (step S404).
The printing apparatus 1000 prints the created bitmap image on a medium such as paper using a known printing technique (step S405).

Next, user notification processing of the secure print system 1 will be described with reference to FIG.
As shown in FIG. 19, the application 800 acquires a message character string transmitted from the host (step S501), and requests the NIC OS 900 to sound a beep and specify a message (step S502).
The NIC OS 900 determines the type of the printing apparatus 1000 and instructs a beep sound using an appropriate method (step S503). For example, because UDP, print information management protocol, and JL are used depending on the model, the NIC OS 900 absorbs the information and issues a beep sound instruction by a method suitable for the model of the printing apparatus 1000. For panel display, a display instruction is sent to the printing apparatus 1000 using the MIB.
The printing apparatus 1000 receives the command, makes a beep sound (step S504), and displays a specified message on the panel (step S505).

  As described above, according to the embodiment of the present invention, it is possible to provide a mechanism capable of outputting print data that has not been output due to switching of a printing method due to, for example, an authentication server being down. It becomes possible.

In the secure print system 1 according to the present invention, it is possible to perform printing even when the authentication server does not operate for some reason. Therefore, it is possible to construct a highly available system that does not stop the user's work. Become.
In addition, in order to determine whether or not the authentication server can communicate at regular intervals or during user authentication, the print mode can be automatically restored and switched with respect to the restoration of the authentication server. It becomes possible to output print data that has not been output.

In addition, when the authentication server is stopped and the printing method is switched to the second printing mode, the user may set whether to print the received print data together with the accumulated print data by the output flag. It becomes possible.
Furthermore, when the authentication server is stopped and the printing method is switched to the printing method of the second print mode, the print data stored while ensuring security can be output by the authentication cache or the like. There is no need to retransmit the print data stored in the print mode.
This also eliminates the need for the user to delete unnecessary print data when the authentication server is restored and the printing method is switched from the second print mode to the first print mode.

  The preferred embodiments of the secure print system and the network interface device according to the present invention have been described above with reference to the accompanying drawings. However, the present invention is not limited to the above-described embodiments. It is obvious for those skilled in the art that various modifications or modifications can be conceived within the scope of the technical idea described in the claims, and these are naturally within the technical scope of the present invention. It is understood that it belongs.

The figure which shows an example of a structure of the conventional secure print system 1 is a diagram showing an example of the configuration of a secure print system 1 according to the present invention. The figure which shows the hardware constitutions of LDAP server 200 and client PC300 The figure which shows the hardware constitutions of the printing apparatus 1000 The figure which shows the hardware constitutions of NIC700 The figure which shows the Example of the secure printing system 1 (1st printing mode) The figure which shows the Example of the secure printing system 1 (2nd printing mode) 1 is a block diagram showing a configuration of a secure print system 1 according to the present invention. The flowchart which shows an example of the print job reception processing procedure of the secure print system 1 The flowchart which shows an example of the print job reception processing procedure of the secure print system 1 The flowchart which shows an example of the card | curd detection processing procedure of the secure print system 1 The flowchart which shows an example of the card | curd detection processing procedure of the secure print system 1 The flowchart which shows an example of the card | curd detection processing procedure of the secure print system 1 The flowchart which shows an example of the card | curd detection processing procedure of the secure print system 1 The flowchart which shows an example of the card | curd detection processing procedure of the secure print system 1 The flowchart which shows an example of the job print processing procedure of the secure print system 1 The flowchart which shows an example of the periodic check processing procedure of the secure print system 1 The flowchart which shows an example of the printing processing procedure of the secure print system 1 The flowchart which shows an example of the user notification processing procedure of the secure print system 1 The figure which shows an example of the setting information 802 The figure which shows an example of the operation information 860 The figure which shows an example of the authentication cache 870 The figure which shows an example of the printing reservation information 880 FIG. 10 is a diagram illustrating an example of a message displayed on the printing apparatus 1000. Diagram showing details of job 310 The figure which shows the detail of the printing information management header 311 The figure which shows the detail of the job information 820 The figure which shows the detail of the job list 805 The figure which shows the detail of the execution list 804 The figure which shows the detail of the file system 501 The figure which shows the detail of IC card 410 The figure which shows an example of the user information 210 The figure which shows the detail of the LDAP directory 201 Figure showing an example of the output setting screen

Explanation of symbols

1 ……… Secure Print System 150 ……… LAN
160 ......... USB cable 200 ......... LDAP server 300 ......... Client PC
400 ......... Card reader 500 ......... Mass storage 600 ......... USB hub 700 ......... NIC
800 ………… Application 900 ……… NIC OS
1000 ... Printer

Claims (12)

An information processing apparatus connected to the image forming apparatus and transmitting print data; and a network interface apparatus communicating with an authentication server for authenticating a user,
Receiving means for receiving print data from the information processing apparatus;
Storage means for storing print data received by the receiving means as first user identification information obtained by receiving the print data;
In response to acceptance of authentication information for user authentication, print data of the first user identification information that matches second user identification information for identifying a user obtained by user authentication by the authentication server, a first acquisition means acquire the print data stored in the storage means,
Determining means for determining whether or not user authentication can be performed by the authentication server;
The storage unit that matches the first user identification information obtained by receiving the print data in response to the reception of the print data by the reception unit when the determination unit determines that the authentication cannot be performed. Second acquisition means for acquiring print data stored in
A transmission unit that transmits the print data acquired by the first acquisition unit or the second acquisition unit to the image forming apparatus in order to print the print data by the image forming apparatus;
A network interface device comprising: The transmission unit sends the print data acquired by the second acquisition unit and the print data received by the reception unit to the image forming apparatus when it is determined that the determination unit cannot perform authentication. The network interface device according to claim 1, wherein the network interface device transmits. A deletion determination unit that determines whether or not to delete the print data received by the reception unit when the determination unit determines that authentication cannot be performed ;
A deletion unit that deletes the print data received by the reception unit when the deletion determination unit determines to delete the print data ;
When it is determined that the deletion determination unit does not delete, the transmission unit transmits the print data acquired by the second acquisition unit and the print data received by the reception unit to the image forming apparatus. The network interface device according to claim 2 . 4. The determination unit according to claim 1, wherein the determination unit determines whether or not user authentication can be performed by the authentication server in response to reception of authentication information for user authentication. 2. The network interface device according to item 1. 5. The authentication storage unit according to claim 1, further comprising authentication storage means for storing second user identification information for identifying a user obtained by user authentication by the authentication server. Network interface device. When it is determined that authentication cannot be performed by the determination unit, in response to reception of authentication information for user authentication, second authentication information corresponding to the received authentication information is stored in the authentication storage unit. Authentication determination means for determining whether or not the information is stored;
The authentication if it is determined that the determination means are stored in order to allow printing of print data of the user corresponding to the second user identification information, print reservation for setting the second user identification information 6. The network interface device according to claim 5, further comprising means. In the case where it is determined that the determination unit cannot perform authentication , the transmission unit receives the first user identification information obtained by receiving the print data in response to the reception of the print data by the reception unit. When it matches the second user identification information set by the print reservation unit, the print data acquired by the second acquisition unit is transmitted, and when it does not match , the print data is acquired by the second acquisition unit. The network interface device according to claim 6 , wherein the print data received by the receiving unit is output without performing the operation. The print data received by the reception unit is print data set by a printer driver provided in the information processing apparatus for setting whether or not to delete when it is determined that authentication cannot be performed by the determination unit. The network interface device according to claim 1, wherein the network interface device is a network interface device. The second user identification information is a user name stored in a storage medium or a user name obtained by authenticating with the authentication server using the storage medium identification information stored in the storage medium. 9. The network interface device according to claim 1, wherein the network interface device is characterized in that: A print control method in a network interface device having an information processing apparatus connected to an image forming apparatus and transmitting print data and an authentication server for authenticating a user and having a storage unit capable of storing the print data. And
Accepting print data from the information processing apparatus;
A storage control step of storing in the storage means the print data received by the reception means and the first user identification information obtained by receiving the print data;
In response to acceptance of authentication information for user authentication, print data of the first user identification information that matches second user identification information for identifying a user obtained by user authentication by the authentication server, a first acquisition step of retrieve from the print data stored in the storage means,
A determination step of determining whether user authentication can be performed by the authentication server;
The storage unit that matches the first user identification information obtained by receiving the print data in response to the reception of the print data by the reception unit when the determination unit determines that the authentication cannot be performed. A second acquisition step of acquiring print data stored in
A transmission step of transmitting the print data acquired in the first acquisition step or the second acquisition step to the image forming apparatus in order to print the print data on the image forming apparatus;
A printing control method comprising: A print control program executable by an information processing apparatus connected to an image forming apparatus and transmitting print data and a network interface apparatus communicating with an authentication server for authenticating a user,
The network interface device
Receiving means for receiving print data from the information processing apparatus;
Storage means for storing print data received by the receiving means as first user identification information obtained by receiving the print data;
In response to acceptance of authentication information for user authentication, print data of the first user identification information that matches second user identification information for identifying a user obtained by user authentication by the authentication server, First acquisition means for acquiring print data stored in the storage means;
Determining means for determining whether or not user authentication can be performed by the authentication server;
The storage unit that matches the first user identification information obtained by receiving the print data in response to the reception of the print data by the reception unit when the determination unit determines that the authentication cannot be performed. Second acquisition means for acquiring print data stored in
A print control program that causes print data acquired by the first acquisition unit or the second acquisition unit to function as a transmission unit that transmits to the image forming apparatus in order to print the print data by the image forming apparatus . An image forming apparatus capable of communicating with an information processing apparatus that transmits print data,
Receiving means for receiving print data from the information processing apparatus;
Storage means for storing print data received by the receiving means as first user identification information obtained by receiving the print data;
In response to acceptance of authentication information for user authentication, print data of the first user identification information that matches second user identification information for identifying a user obtained by user authentication by the authentication server, a first acquisition means acquire the print data stored in the storage means,
Determining means for determining whether or not user authentication can be performed by the authentication server;
The storage unit that matches the first user identification information obtained by receiving the print data in response to the reception of the print data by the reception unit when the determination unit determines that the authentication cannot be performed. Second acquisition means for acquiring print data stored in
Printing means for printing the print data obtained by the first obtaining means or the second obtaining means;
An image forming apparatus comprising:

Images