JP5274354B2 - Print management system, thin client terminal, server, other server, and information processing apparatus for printing - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable print processing from an uncontrolled printer while ensuring proper security. <P>SOLUTION: The print management system 10 comprises a thin client terminal, a server and the other server. The thin client terminal includes:a file conversion instruction part instructing a server to convert a print target file into a predetermined file format; a file transfer instruction part instructing the server to transfer the converted print target file; and a file acquisition part reading the converted print target file from the other server and storing it into a portable storage device. The server includes: a file conversion instruction reception part receiving the instruction to convert the print target file into the predetermined file format from the thin client terminal; a file conversion part converting the print target file into the predetermined file format; and a file transfer part transferring the converted print target file to the other server. The other server includes: a file storage processing part receiving the converted print target file from the server and storing it into a pre-print file storage folder; and a file moving part transmitting the converted print target file to the thin client terminal, and moving it to a post-print file storage folder. <P>COPYRIGHT: (C)2011,JPO&amp;INPIT

Description

  The present invention relates to a print management system, a thin client terminal, a server (thin client server), another server, and an information processing apparatus for printing, and more specifically, a management target after ensuring appropriate security. The present invention relates to a technology that enables printing processing from an external printer. The server only needs to have resources that can be used by the thin client, and the name is not limited to the server. For example, it includes a PC.

  Because of the need for information leakage countermeasures and internal control in companies, etc., the client computer is a dedicated computer (thin client) that has only a minimum function such as display and input, or that can be used without a hard disk device. A thin client concept has emerged in which resources such as application software are centrally managed by a server (for example, a blade server).

  As a technique related to such a thin client system, for example, a thin client, a printer directly connected to the thin client, or a printer connected via a local network, and the thin client are installed in different locations, and the thin client And a server for storing data and performing application processing based on instructions from the thin client, and transmitting processing results to the thin client, and from a user who uses the thin client When there is a print instruction, the server acquires printer information of a printer that performs printing, generates print data from the printer information and the user's print instruction, and generates watermark information based on the user information. And the printing finger The watermark information is embedded in the print data according to, and transmitted to the thin client, and the thin client prints the print data embedded with the watermark information transmitted from the server from the printer. (Refer patent document 1) etc. are proposed.

JP 2007-34830 A

  Thin clients are often carried with users when they go out because of their portability. Under such circumstances, a request from a thin client user to perform print processing naturally occurs. However, in a thin client system that is based on the premise of establishing a secure usage environment, a general printer on the go (eg, a business trip destination hotel or a customer's external environment, such as a thin client system operator) If the printing process is executed without limitation, the above assumption in the thin client system may be broken.

  Therefore, the present invention has been made in view of the above problems, and a main object of the present invention is to provide a technique that enables printing processing from a printer that is not a management target while ensuring appropriate security.

The print management system of the present invention that solves the above problems is composed of a thin client terminal, a server, another server, and a printing information processing apparatus. Among these, the thin client terminal accepts designation of a print target file from among files stored in a server in which a thin client connection is established via a network, and a predetermined file format of the print target file A request to transfer the file to be printed after conversion from the server to another server connected to the server after executing a file conversion instruction unit for instructing the server to perform a conversion instruction and an authentication process for the user Is received by the input device, and a file transfer instruction unit for instructing the server to transfer the converted print target file including the ID of the user who has been authenticated by the authentication process, and executing the authentication process for the user The other server is accessed, and the authentication process is performed in the data storage area provided in the storage device of the other server. The converted print target file is received from the input device by designating the converted print target file from the pre-print file storage folder that stores the converted print target file and is linked to the user ID that has been converted. Is read from the other server and stored in a portable storage device connected to the interface .
Further, the server transmits a list of files to be stored in the storage device to the thin client terminal with which the connection has been established, designation of a print target file from the list, and a predetermined file format for the print target file the conversion processing instructions to be received from the thin client terminal, a file conversion instruction receiving unit, in accordance with the conversion instruction of the print target file, read from the storage device the print target file, to the print target file Setting the connection destination of another server to be accessed when a print event occurs and the availability setting data for instructing whether or not to execute the print processing to the program for executing the print processing, and converting the file to be printed into a predetermined file format The file conversion unit stored in the memory and the user of the thin client terminal A transfer instruction for the converted print target file including the ID of the user who has been authenticated by the certificate processing is received from the thin client terminal, the converted print target file is read from the memory, and the server A file transfer unit that performs transfer processing of the converted print target file to another server connected to the server .
The other server includes a data storage area for each user ID in the storage device, and receives the converted print target file from the server if it is transferred, and receives the converted print target. The pre-printing file in the storage area associated with the user ID attached to the post-conversion print target file by associating the file with the print authority information attached to the post-conversion print target file The file storage processing unit stored in the storage folder, and the use authenticated by the authentication process in the data storage area provided in the storage device for the thin client terminal that has received access through the user authentication process A list of files to be printed after conversion in the pre-print file storage folder associated with the user's ID is transmitted, and a change to be printed from the list is sent. Accepts the designation of the post-print target file, reads out the post-conversion print target file from the storage device and sends it to the thin client terminal, and prints the post-conversion print target file from the pre-print file storage folder after printing A print authority inquiry request transmitted from the file moving unit and the printing information processing apparatus to be moved to the file storage folder is received, and the user ID included in the print authority inquiry request and the converted print target Based on the file ID, the print authority information associated with the ID of the post-conversion file to be printed is specified in the pre-print file storage folder corresponding to the user ID, and the print authority information and the print authority authentication If the information matches and the two match, the result of determination that the right print authority exists is displayed. Reply to broadcasting processing apparatus, and a permission judging unit.
The information processing device for printing includes a communication device that communicates with other devices via a network, a storage device that stores a program for printing the converted print target file, and an interface that is connected to the portable storage device, Read the converted print target file from the portable storage device connected to the interface, receive a print instruction from the user at the input device and information for print authority authentication, detect the occurrence of a print event, and The connection destination of the other server to be accessed is read from the post-conversion print target file, and the user ID, the post-conversion print target file ID, and the print authority authentication information are addressed to the connection destination of the other server. A print authority inquiry part that sends a print authority inquiry request including When the determination result of the print authority returned from the other server is received and this determination result indicates the existence of a valid print authority, the non-printable data set in advance as the availability setting data can be printed. An authority setting unit, and a program for printing the converted print target file is read from the storage device and executed, and the print processing of the converted print target file is performed based on the availability setting data. And a print processing unit for instructing.

In the other server,
The file storage processing unit receives the converted print target file from the server if it has been transferred, and associates the print authority file with predetermined information for the converted print target file, The print management system according to claim 1, wherein the print management system stores the file in a pre-print file storage folder in a storage area associated with the user ID attached to the converted print target file.

In the server,
The file transfer unit receives from the thin client terminal an instruction to transfer the converted print target file including the ID of the user authenticated in the authentication process for the user of the thin client terminal, When the converted print target file is read from the memory, it is determined whether the read file is in a predetermined file format of the converted print target file, and the transfer instruction is a transfer instruction for a file of the predetermined file format 3. The print management system according to claim 1, wherein the process of transferring the converted print target file from the server to another server connected to the server is performed only on the print management system.

In the thin client terminal,
When the file acquisition unit reads the converted print target file from the other server and stores it in the portable storage device connected to the interface, the file acquisition unit inquires of the portable storage device whether a biometric authentication function exists or not. Acquiring information on presence / absence of an authentication function, and storing the converted print target file in the portable storage device when the portable storage device connected to the interface has a biometric authentication function. print management system according to any one of claims 1 to 3,.

The other server is
A print including at least the ID of the converted print target file and the transmission time information transmitted to the thin client terminal as the converted print target file to be printed is read from the storage device and transmitted to the thin client terminal. print management system according to any one of claims 1 to 4, the log is stored in the user ID storage unit in association with, having a print log recording unit, characterized in that.

The information processing apparatus for printing is
After a print instruction to the printing mechanism for the converted print target file, a print end notification is received from the print mechanism, and the converted print target file is erased from the temporary storage means of the converted print target file to print management system according to any one of claims 1 to 5, characterized in that it has an image erasing unit.

Thin client terminal
The input device accepts the designation of the file to be printed from among the files stored in the server that has established the thin client connection via the network, and instructs the server to instruct the server to convert the file to be printed into a predetermined file format. Processing,
After executing the authentication process for the user, the input device accepts a transfer request for the file to be printed after conversion from the server to another server connected to the server, and the use authenticated by the authentication process A process for instructing the server to transfer the converted print target file including the ID of the user,
After executing the authentication process for the user, the other server is accessed, and the other server is associated with the ID of the user authenticated by the authentication process in the data storage area provided in the storage device, The input device accepts designation of the post-conversion print target file from the pre-print file storage folder that stores the post-conversion print target file, reads the post-conversion print target file from the other server, and is connected to the interface Execute processing to store in a portable storage device,
The server
A list of files to be stored in the storage device is transmitted to the thin client terminal with which the connection has been established, designation of a print target file from the list, and an instruction to convert the print target file into a predetermined file format Receiving from the thin client terminal,
In response to an instruction to convert the file to be printed, the file to be printed is read from a storage device, a connection destination of another server to be accessed when a print event occurs, and a program for executing print processing Processing for setting availability setting data for instructing whether or not to execute print processing, converting the print target file into a predetermined file format, and storing the file in a memory;
A transfer instruction for the converted print target file including the ID of the user authenticated in the authentication process for the user of the thin client terminal is received from the thin client terminal, and the converted print target is received from the memory. Read the file, execute the process of transferring the converted print target file from the server to another server connected to the server,
Other servers equipped with a data storage area for each user ID in the storage device,
If the converted print target file is transferred from the server, it is received and the converted print target file is associated with the print authority information attached to the converted print target file. Te, of the storage area linked to the user ID incidental to the converted print target file, the process of storing the pre-print file storage folder,
The pre-print file storage folder associated with the user ID authenticated in the authentication process in the data storage area provided in the storage device for the thin client terminal that has received access through the user authentication process Send a list of converted print target files in the list, accept the designation of the converted print target file to be printed from the list, read out the converted print target file of the print target from the storage device, and A process of transmitting to the thin client terminal and moving the target print file after conversion from the pre-print file storage folder to the post-print file storage folder;
A print authority inquiry request transmitted from the information processing apparatus for printing is received, and the user ID included in the print authority inquiry request and the converted print target file ID correspond to the user ID. In the pre-print file storage folder, the print authority information associated with the ID of the post-conversion print target file is specified, and if the print authority information and the print authority authentication information are collated and they match, And a process of returning a determination result that the right print authority exists to the information processing apparatus for printing ,
An information processing apparatus for printing including a communication apparatus that communicates with other apparatuses via a network, a storage apparatus that stores a program for printing the converted print target file, and an interface that is connected to the portable storage apparatus.
Read the converted print target file from the portable storage device connected to the interface, receive a print instruction from the user at the input device and information for print authority authentication, detect the occurrence of a print event, and The connection destination of the other server to be accessed is read from the post-conversion print target file, and the user ID, the post-conversion print target file ID, and the print authority authentication information are addressed to the connection destination of the other server. Processing to send a print authorization inquiry request including
The print authority determination result returned from the other server in response to the print authority inquiry request is received, and when the determination result indicates the presence of a valid print authority, the permission setting data is set in advance. Processing to change the non-printable data that has been made into printable data,
A program for printing the converted print target file is read from the storage device and executed, and a process for instructing a print mechanism to print the converted print target file based on the availability setting data is executed.

  The print management system may include a printing information processing apparatus. The information processing apparatus for printing may be the printer apparatus itself or a computer that sends a print instruction to the printer apparatus. In any case, it is a device that is not managed by a company or organization that manages the thin client system (corresponding to a device that is installed in a business trip destination company, accommodation facility, public facility, etc., where employees of the company etc. visit) .

  In addition, the problems disclosed by the present application and the solutions thereof will be clarified by the embodiments of the present invention and the drawings.

  According to the present invention, it is possible to perform printing processing from a printer that is not a management target while ensuring appropriate security.

1 is a network configuration diagram of a print management system of an embodiment. FIG. It is a figure which shows the structural example of the thin client terminal of this embodiment. It is a figure which shows the structural example of the blade server (server) of this embodiment. It is a figure which shows the structural example of the print corresponding | compatible server (other server) of this embodiment. It is a figure which shows the structural example of the IC chip with which the portable memory | storage device of this embodiment is provided. It is a figure which shows the structural example of the information processing apparatus for printing of this embodiment. It is a figure which shows each data structure example of (a) file storage folder before printing in this embodiment, (b), file storage folder after printing, and (c) log storage folder. It is a figure which shows the example 1 of a processing flow of the printing management method in this embodiment. It is a figure which shows the processing flow example 2 of the printing management method in this embodiment. It is a figure which shows the example 3 of a processing flow of the printing management method in this embodiment.

--- System configuration ---
Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 is a network configuration diagram of a print management system 10 according to the present embodiment. A print management system 10 shown in FIG. 1 includes a thin client system, and manages a plurality of blade servers (servers) 200 connected to each other via a network 40, and performs thin client connection control. The system includes a management server 400, a plurality of thin client terminals 100, a print-compatible server 300 (another server), and a destination PC 500 (or printer 550 itself) that is an information processing apparatus for printing.

  Data communication between the thin client terminal 100 and the blade server 200 may be performed via the management server 400, or directly processed between the thin client terminal 100 and the blade server 200 without the management server 400. It may be.

  The thin client terminal 100, the blade server 200, the print compatible server 300, and the management server 400 are connected to a LAN (Local Area Network) 145 that is an internal network built in a company or the like. The LAN 45 is connected to a network 40 such as a WAN (Wide Area Network) via a router 46. It can be assumed that the thin client terminal 100 is not connected to an internal network (such as a company) but is connected to an external network constructed at an office of another company, a hotel as a lodging place during a business trip, a station, or the like. In this case, the thin client terminal 100 is connected to a LAN 47 which is an external network, and is connected to a network 40 such as a WAN via a router 48. The LAN 47 is connected to a destination PC 500 and a printer 550 that are information processing apparatuses for printing. These are also connected to the network 40 such as a WAN via the destination PC 500, the printer 550, and the router 48.

The blade server 200 constructs a VPN (Virtual Private Network) with the thin client terminal 100, and input information (operation contents of the input device) sent from the thin client terminal 100 via the VPN. The video information (desktop screen of the display device) indicating the processing result is transmitted to the thin client terminal 100. The blade server 200 is a server device that is normally used without locally connecting an input / output device --- a thin client terminal ---.

  Next, each device constituting the print management system 10 in the present embodiment will be described. FIG. 2 is a diagram illustrating a configuration example of the thin client terminal 100 according to the present embodiment. The thin client terminal 100 is a device that uses the blade server 200 via the network 40 or the LAN 45 by, for example, use allocation processing of the management server 400, and includes a hard disk drive 201 (or TPM) to have a function for realizing the present invention. ) Or the like is read into the RAM 103 and executed by the CPU 104 which is an arithmetic unit.

  The thin client terminal 100 is connected to an input device 105 such as various keyboards and buttons generally provided in a computer device, an output device 106 such as a display, and the print compatible server 300 and the blade server 200. It has a NIC 107 (Network Interface Card), which is a communication device for transferring data.

  The thin client terminal 100 is connected to the print compatible server 300, the blade server 200, and the management server 400 through the NIC 107 via, for example, the network 40 such as the Internet or the LAN 45, and executes data exchange.

  As such a thin client terminal 100, in the present embodiment, a terminal in which a general PC having a normal HDD (Hard Disk Drive) as a storage device is made into a thin client is assumed instead of a so-called HDD-less type thin client terminal. Regarding the technology for converting a general PC into a thin client terminal, an existing technology (such as connecting a USB memory built in an OS to a USB interface of a general PC and executing a series of thin client processes such as OS activation, VPN connection, management server authentication) Reference: http://www.hitachi-ics.co.jp/product/seihin/jyourou/sec/sec.html)

  The thin client terminal 100 includes a USB interface 144 as an interface for connecting various devices, a flash ROM 108, an I / O connector 160 for connecting a keyboard and a mouse, a video card 130 for connecting a display, and the like. The power supply 120 includes a bridge 109 that relays a bus connected to each of the units 101 to 160. The CPU 104 first recognizes the system configuration of the thin client terminal 100 by accessing the flash ROM 108 and executing the BIOS 135 after the power source 120 is turned on.

  The OS 136 in the flash ROM 108 is a program for the CPU 104 to control each unit 101 to 160 of the thin client terminal 100 and execute a program corresponding to each unit to be described later. In accordance with the BIOS 135, the CPU 104 loads the OS 136 from the flash ROM 108 to the RAM 103 and executes it. As the OS 136 of the present embodiment, an OS having a relatively small size that can be stored in the flash ROM 108 such as an embedded OS is used.

  Next, a description will be given of functional units configured and held by the hard disk drive 101 (or TPM) based on the program 102, for example, by the thin client terminal 100 as the terminal. The thin client terminal 100 receives designation of a print target file from the file 215 stored in the blade server 200 in which a thin client connection is established via a LAN or a network, and receives the print target file from the input device 105. A file conversion instruction unit 110 that instructs the blade server 200 to instruct the file server to convert to a predetermined file format. Since the storage file 215 of the blade server 200 with which connection has been established can be searched and displayed from the thin client terminal 100 using a general file management program, the file conversion instruction unit 110 can display a list of files stored in the blade server 200. Can be displayed on the output device 106, and the designation of the file to be printed by the user can be received by a click event such as a mouse.

  In addition, the thin client terminal 100 executes an authentication process for the user, and then sends a transfer request for the converted print target file from the blade server 200 to the print compatible server 300 connected to the blade server 200. A file transfer instructing unit 111 is provided for instructing the blade server 200 to transfer the converted print target file including the ID of the user who has been received by the input device 105 and authenticated by the authentication process.

  Further, the thin client terminal 100 accesses the print corresponding server 300 after executing authentication processing for the user, and the authentication corresponding to the authentication is performed in the data storage area 325 provided in the storage device 301 of the print corresponding server 300. The input device 105 accepts designation of the post-conversion print target file from the pre-print file storage folder 326 that stores the post-conversion print target file and is associated with the user ID authenticated in the processing, A file acquisition unit 112 is provided that reads a file to be printed after conversion from the print-compatible server 300 and stores the file in, for example, the USB memory 50 that is a portable storage device connected to the USB interface 144 that is an interface.

  The file acquisition unit 112 of the thin client terminal 100 reads the converted print target file from the print compatible server 300 and stores it in the USB memory 50 connected to the USB interface 144. Information about the presence or absence of a biometric authentication function is obtained, and when the USB memory 50 connected to the USB interface 144 has a biometric authentication function, the post-conversion print target The file may be stored in the USB memory 50.

  The authentication process for the user of the thin client terminal 100 may be assumed to be a normal authentication process when using a thin client in a thin client system, for example.

  Further, the thin client terminal 100 uses the certificate information related to the user stored in the USB memory 50 connected to the USB interface 144 and the user ID and password information input by the input device 105. Naturally, the thin client terminal has a function of executing a blade server allocation request process for the management server 400 and a connection establishment process with the blade server 200.

  In addition, the thin client terminal 100 transmits the operation information input from the input device 105 of the thin client terminal 100 to the address of the blade server 200 as the connection establishment process with the blade server 200 is executed. Naturally, the thin client terminal also has a function of receiving video information corresponding to the operation information from the blade server 200 and displaying it on the output device 106 of the thin client terminal 100.

  The thin client terminal 100 includes a remote client program 170 and an encrypted communication program 171 in the hard disk drive 101 (or TPM). The remote client program 170 is a program for the thin client terminal 100 to remotely access the desktop of the blade server 200, for example, a VNC client (viewer) program. The CPU 104 loads the remote client program 170 from the hard disk drive 101 to the RAM 103 and executes it in accordance with the OS 136. As a result, the CPU 104 transmits input information (operation contents of the keyboard and mouse) of the I / O connector 160 to the blade server 200 via the network 40 such as VPN, and the relevant information via the network 40 such as VPN. The video information (display desktop screen) sent from the blade server 200 is output to an output device 106 such as a display connected to the video card 130.

  The encrypted communication program 171 is a communication program for constructing a secure communication network such as VPN with the blade server 200 having the address notified from the remote client program 170. For example, a communication program using IPsec can be assumed. The CPU 104 loads the encrypted communication program 171 from the hard disk drive 101 to the RAM 103 and executes it in accordance with the OS 136. As a result, the CPU 104 transmits a communication start request to the blade server 200 assigned to the own thin client terminal 100 via the NIC 107, and constructs a network such as a VPN with the blade server 200. To communicate with the blade server 200 via

  Further, the thin client terminal 100 according to the present embodiment may include the device information 173 in the hard disk drive 101. The device information 173 is authentication information of the thin client terminal 100 included in the connection establishment request or the like when a connection establishment request or the like is transmitted from the thin client terminal 100. Specifically, for example, the ID, model number, MAC address, etc. of the thin client terminal 100 can be assumed.

  In the present embodiment, the thin client terminal 100 uses the TPM (Trusted Platform Module) instead of the hard disk drive 101 instead of the units 110 to 112, the remote client program 170, the encrypted communication program 171, and the device information 173. It may be contained in a chip called.

  This TPM has a function similar to that of a security chip mounted on a smart card (IC card). It is a hardware chip that has an asymmetric key calculation function and tamper resistance for safe storage of these keys. is there. The functions of this TPM include, for example, RSA (Rivest-Shamir-Adleman Scheme) private key generation / storage, RSA private key computation (signature, encryption, decryption), SHA-1 (Secure Hash Algorithm 1) hash Calculation, platform state information (software measurement) retention (PCR), key, certificate, credential trust chain retention, high-quality random number generation, non-volatile memory, other opt-in and I / O It is done.

  The TPM has a function to securely store and notify platform status information (software measurement values) in a register PCR (Platform Configuration Registers) in the TPM, in addition to generating, storing, and calculating cryptographic keys (asymmetric keys). Have. In the latest specification of TPM, functions such as locality and delegation (authority delegation) are further added. The TPM is physically attached to platform parts (motherboard or the like).

--- Blade server ---
FIG. 3 is a diagram illustrating a configuration example of the blade server 200 of the present embodiment. On the other hand, the blade server 200 is a device that accepts the usage from the thin client terminal 100 via the network by the usage allocation process of the management server 400, and is provided with a function of realizing the present invention (HDD (hard disk drive)). A program 202 stored in 201 or the like is read into the RAM 203 and executed by the CPU 204 as an arithmetic unit.

  The blade server 200 can be provided with an input device 205 such as various keyboards and buttons generally provided in a computer device, and an output device 206 such as a display, if necessary. A NIC 207 and the like responsible for data exchange with the print compatible server 300 and the management server 400 are included.

  The blade server 200 is connected to the print compatible server 300, the thin client terminal 100, the management server 400, and the like via the NIC 207 via a network such as the Internet or a LAN, and executes data exchange. In addition, the blade server 200 includes a flash ROM (Read Only Memory) 208, a video card 230 that generates desktop video information, a bridge 209 that relays these units 201 to 230, and a bus, and a power source. 220.

  The flash ROM 208 stores a BIOS (Basic Input / Output System) 235. The CPU 204 first recognizes the system configuration of the blade server 200 by accessing the flash ROM 208 and executing the BIOS 235 after the power supply 220 is turned on.

  A description will be given of functional units configured and held by the blade server 200 based on the program 202, for example. The blade server 200 transmits a list of files 215 to be stored in the storage device 201 to the thin client terminal 100 with which the connection has been established, and specifies the print target file from the list and the print target file. A file conversion instruction receiving unit 210 that receives an instruction for conversion processing into a predetermined file format from the thin client terminal 100 is provided.

  The blade server 200 reads the print target file from the storage device 201 in response to the print target file conversion instruction, converts the print target file into a predetermined file format, and stores the file in the memory 203. 211 is provided. The file conversion unit 211 of the blade server 200 uses a connection destination (for example, an IP address) of the print corresponding server 300 to be accessed when a print event occurs, and a program for executing print processing on the print target file. On the other hand, it is possible to set whether or not to execute the printing process in the file to be printed, and convert the file to be printed into a predetermined file format. For this reason, the blade server 200 stores in advance in the storage device 201 the connection destination of the print-compatible server 300, that is, the address 216 on the network. In addition, the availability setting data set here can assume a “print execution impossible” flag added to the post-conversion print target file. This permission / prohibition setting data is a flag that is read when the print program 525 (held by the destination PC 500) that prints the converted print target file opens the converted print target file.

  The blade server 200 receives from the thin client terminal 100 an instruction to transfer the converted print target file including the ID of the user who has been authenticated in the authentication process for the user of the thin client terminal 100. The file transfer unit 212 reads the converted print target file from the memory 203 and performs the transfer process of the converted print target file from the blade server 200 to the print compatible server 300 connected to the blade server 200. Prepare.

  The file transfer unit 212 of the blade server 200 receives the transfer instruction of the converted print target file including the ID of the user authenticated by the authentication process for the user of the thin client terminal 100. A file received from the thin client terminal 100 and the converted print target file is read from the memory 203, and it is determined whether or not the read file is in a predetermined file format of the converted print target file. Only when the transfer instruction is for a file in a file format, the converted print target file may be transferred from the blade server 200 to the print compatible server 300 connected to the blade server 200.

  The blade server 200 receives operation information from the thin client terminal 100 as the connection establishment process with the thin client terminal 100 is executed, and performs information processing according to the operation content indicated by the operation information. As a matter of course, the blade server in the thin client system has a function of transmitting video information indicating the result to the thin client terminal 100.

  The blade server 200 stores a remote server program 270, an encrypted communication program 271, and an OS (Operating System) 236 in the HDD 201. The OS 236 is a program for the CPU 204 to control each unit 201 to 230 of the blade server 200 and execute each program that implements each unit such as each unit 210 to 212. In accordance with the BIOS 235, the CPU 204 loads the OS 236 from the HDD 201 to the RAM 203 and executes it. As a result, the CPU 204 comprehensively controls the units 201 to 230 of the blade server 200.

  The remote server program 270 is a program for enabling remote operation of the desktop of the blade server 200 from the thin client terminal 100. For example, the remote server program 270 is a server program of VNC (Virtual Network Computing) developed at AT & T Cambridge Laboratory. is there. The CPU 204 loads the remote server program 270 from the HDD 201 to the RAM 203 and executes it in accordance with the OS 236. Thus, the CPU 204 receives and processes the input information (keyboard and mouse operation contents) sent from the thin client terminal 100 via a network such as VPN, and also displays video information indicating the processing result (display desktop screen). ) Is transmitted to the thin client terminal 100 via a network such as VPN.

  The encrypted communication program 271 is a communication program for constructing a network such as VPN with the thin client terminal 100, for example, a communication program using IPsec (Security Architecture for the Internet Protocol). In accordance with the OS 236, the CPU 204 loads the encrypted communication program 271 from the HDD 201 into the RAM 203 and executes it. As a result, the CPU 204 constructs a secure network such as VPN with the thin client terminal 100 in accordance with the connection establishment request received from the thin client terminal 100 via the NIC 207, and the thin client terminal via this VPN or the like. Communicate with 100.

--- Print-compatible server ---
FIG. 4 is a diagram illustrating a configuration example of the print correspondence server 300 according to the present embodiment. The print compatible server 300 (other server) reads out a program 302 stored in the hard disk drive 301 or the like so as to have a function for realizing the present invention into the RAM 303 and executes it by the CPU 304 as an arithmetic unit. The print-compatible server 300 includes an input device 305 such as various buttons, an output device 306 such as a display, and a NIC (Network Interface Card) 307 responsible for data exchange with the thin client terminal 100, the blade server 200, and the like. Etc.

  The print compatible server 300 is connected to the thin client terminal 100 and the blade server 200 via the NIC 307 via a network such as the Internet or a LAN, and executes data exchange. The print compatible server 300 includes a flash ROM 308, a video card 330 for outputting video data to a display, a bridge 309 that relays a bus connecting the units 301 to 330, and a power source 320.

  The flash ROM 308 stores a BIOS 335. After the power source 320 is turned on, the CPU 304 first accesses the flash ROM 308 and executes the BIOS 335 to recognize the system configuration of the print corresponding server 300. The hard disk drive 301 stores an OS 336 in addition to each functional unit (means) and tables. The OS 336 is a program for the CPU 304 to control each unit 301 to 330 of the print compatible server 300 and realize each unit described below. In accordance with the BIOS 335, the CPU 304 loads the OS 336 from the hard disk drive 301 to the RAM 303 and executes it. As a result, the CPU 304 comprehensively controls each unit of the print compatible server 300.

  Subsequently, functional units that are configured and held by the print compatible server 300 based on, for example, the program 302 will be described. The print server 300 has the pre-print file storage folder 326, the post-print file storage folder 327, and the log storage folder 328 in the data storage area 325 of the hard disk drive 101. The data storage area 325 can be provided for each user ID, for example.

  When the converted print target file is transferred from the blade server 200, the print corresponding server 300 receives this and stores the storage area associated with the user ID attached to the converted print target file. Among these, a file storage processing unit 310 for storing in the pre-print file storage folder 326 is provided.

  In addition, the print corresponding server 300 receives the access authenticated through the authentication process in the data storage area 325 provided in the storage device 301 for the thin client terminal 100 that has received access through the user authentication process. A list of post-conversion print target files in the pre-print file storage folder 326 associated with the user's ID is received, the designation of the post-conversion print target file to be printed from the list is received, and the print target The file to be converted is read from the storage device 301 and transmitted to the thin client terminal 100, and the file to be converted after the conversion is moved from the pre-print file storage folder 326 to the post-print file storage folder 327. Part 311 is provided.

  The file storage processing unit 310 of the print compatible server 300 receives the converted print target file from the blade server 200 if it is transferred, and receives the converted print target file and the converted print target. Assume that the user print authority information attached to the file is associated with the file and stored in the pre-print file storage folder 326 in the storage area associated with the user ID attached to the converted print target file. Also good.

  The print server 300 receives a print authority inquiry request transmitted from the destination PC 500 (or the printer 550), and includes the user ID included in the print authority inquiry request and the converted print target. Based on the file ID, print authority information associated with the ID of the post-conversion file to be printed is specified in the pre-print file storage folder 326 corresponding to the user ID, and the print authority information and the print authority authentication are specified. And an authority determination unit 312 that returns a determination result that there is a valid printing authority to the destination PC 500 (or the printer 550) when the two are matched.

  The file storage processing unit 310 of the print compatible server 300 receives the converted print target file from the blade server 200 if it has been transferred, and determines the predetermined value for the converted print target file. The print authority information may be associated with each other and stored in the pre-print file storage folder 326 in the storage area associated with the user ID attached to the converted print target file.

  Further, the print corresponding server 300 reads the converted print target file to be printed from the storage device 301 and transmits it to the thin client terminal 100, and the corresponding converted print target file transmitted to the thin client terminal 100. It is preferable to include a print log recording unit 313 that stores a print log including at least the ID of the user ID and transmission time information in the log storage folder 328 in the storage device 301 in association with the user ID.

  The print-compatible server 300 includes an encrypted communication program 315 for performing encrypted communication when communicating with the thin client terminal 100. The encrypted communication program 115 will be described later.

---- Portable storage device ---
FIG. 5 is a diagram showing a configuration example of the IC chip 55 provided in the portable storage device 50 of the present embodiment. As an example of the portable storage device 50, the IC chip 55 can be stored in an appropriate storage case 51 such as a plastic housing, and data communication can be performed with the USB interface of the thin client terminal 100 or the destination PC 500 (or printer 550). For example, a device such as a USB memory is connected. The IC chip 55 includes a CPU 601, a memory 602, and a USB interface 603 for connecting to the USB interface of the thin client terminal 100 and the destination PC 500 (or the printer 550). As the portable storage device 50, an authentication device (in which a personal certificate, a private key and a password, and various application software necessary for mobile use are preinstalled in a memory card in which an IC card unit and a flash memory are integrated) Trade name: KeyMobile) can be used. The information stored in the memory 602 by the portable storage device 50 includes a chip ID, authentication information 610 storing a personal certificate, a secret key, and a password, and a blade server 200 that is a usage allocation destination of the thin client terminal 100. Address 611, the address 612 of the management server 400 that performs usage allocation processing between the thin client terminal 100 and the blade server 200, and software 613 (Perform personal authentication processing related to the OS and the user of the portable storage device 50) Can be assumed). In addition, the memory 602 is provided with a storage area 614 for the converted print target file sent from the destination PC 500.

  For example, it is preferable that the USB memory 50 has a biometric authentication function such as fingerprint authentication or vein authentication. In this case, the USB memory 50 includes a biometric information sensor 604 such as a sensor for reading a user's fingerprint or vein or an imaging device. The USB memory 50 includes a biometric authentication program 615 in the memory 602.

  For example, the biometric information sensor 604 performs a biometric information reading operation at regular intervals, and when the biometric information is read, the read data is passed to the biometric authentication program 615. The biometric authentication program 615 acquires this read data, and executes a verification process with the biometric information of the legitimate user stored in advance in the authentication information 610. If the matching of the biometric information cannot be specified by this collation processing, the biometric authentication program 615 subsequently rejects the I / O data (from the destination PC 500 or the printer 550) for the USB memory 50 or closes the USB port. The USB memory 50 is prohibited from being used.

  In response to an inquiry from the file acquisition unit 112 of the thin client terminal 100 regarding the presence or absence of a biometric authentication function, for example, the CPU 601 searches the memory 602 for the presence of the biometric authentication program 615. Then, the CPU 601 returns to the thin client terminal 100 information indicating whether or not the biometric authentication program 615 = biometric authentication function is found by this search.

  The management server 400 stores information stored in the portable storage device 50 used by each user of the thin client terminal 100 and the blade serving as a usage allocation destination of the thin client terminal 100 associated with the portable storage device 50. An allocation management table for storing a correspondence relationship with the address of the server 200 is provided in an appropriate storage device such as a hard disk, and the blade server to the thin client terminal 100 is established during the connection establishment process between the thin client terminal 100 and the blade server 200. This is a general management server in a thin client system that is responsible for 200 allocation processing and the like. Therefore, description of functions provided in the management server 400 and processing performed when establishing a connection between the thin client terminal 100 and the blade server 200 will be omitted.

--- Information processing device for printing ---
FIG. 6 is a diagram illustrating a configuration example of the information processing apparatus for printing according to the present embodiment. The destination PC 500 serving as the information processing apparatus for printing reads out the program 502 stored in the hard disk drive 501 or the like so as to have a function for realizing the present invention, and executes it by the CPU 504 serving as an arithmetic unit. Further, the destination PC 500 includes an input device 505 such as various buttons, an output device 506 such as a display, and a NIC (Network Interface Card) 507 that handles data exchange with the print compatible server 300 and the like. Yes.

  The destination PC 500 connects to the print compatible server 300 via the NIC 507 via a network such as the Internet or a LAN, and executes data exchange. In addition, the destination PC 500 connects the flash ROM 508, the video card 530 for outputting video data to a display, the bridge 509 that relays the bus connecting the above units 501 to 520, the power source 520, and the USB memory 50. USB interface 514 is provided.

  The flash ROM 508 stores a BIOS 535. After the power source 520 is turned on, the CPU 504 first accesses the flash ROM 508 and executes the BIOS 535 to recognize the system configuration of the destination PC 500. The hard disk drive 501 stores an OS 536 in addition to each functional unit (means) and tables. The OS 536 is a program for the CPU 504 to control each unit 501 to 520 of the destination PC 500 and realize each unit described later. The CPU 504 loads the OS 536 from the hard disk drive 501 to the RAM 503 and executes it in accordance with the BIOS 535. As a result, the CPU 504 comprehensively controls each unit of the destination PC 500.

  Next, a description will be given of functional units configured and held by the destination PC 500 based on the program 502, for example. The hard disk drive 501 or the flash ROM 508 stores a printer driver 520 of the printer 550 connected to the destination PC 500. The hard disk drive 501 stores a program 525 for printing the converted print target file. For example, the program 525 may be an application that opens the converted print target file and performs a printing operation.

  The destination PC 500 reads the converted file to be printed from the USB memory 50 connected to the USB interface 514, receives a print instruction from the user and information for print authority authentication at the input device 505. When a print event is detected, the connection destination of the print compatible server 300 to be accessed is read from the converted print target file, the user ID and the converted print addressed to the connection destination of the print compatible server 300 A printing authority inquiry unit 510 that transmits a printing authority inquiry request including the ID of the target file and information for printing authority authentication is provided.

  Further, the destination PC 500 receives the print authority determination result returned from the print corresponding server 300 in response to the print authority inquiry request, and the determination result indicates the existence of a valid print authority. In some cases, an authority setting unit 511 is provided that changes the unprintable data set in advance as the availability setting data to the printable data.

  Further, the destination PC 500 reads out and executes the program 525 for printing the converted print target file from the storage device 501, and instructs the print mechanism to print the converted print target file based on the availability setting data. The print processing unit 512 is provided. As the printing mechanism, the printer 550 connected by the LAN 47 can be assumed. Alternatively, when the printer 550 itself is assumed as a printing information processing apparatus instead of the destination PC 500, a printing mechanism provided in the printer 550 is provided.

  The destination PC 500 receives a print end notification from the printing mechanism after a printing instruction to the printing mechanism for the converted printing target file, and converts the converted printing target file into the converted printing target file. It is preferable to provide an image erasing unit 513 that performs an erasing process from the RAM 503 serving as a temporary storage unit. In this case, it is assumed that the destination PC 500 temporarily stores the converted print target file acquired from the print compatible server 300 in the RAM 503 and outputs it to the printer 550.

  Here, the printer 550 may have the same function as the destination PC 500, and the printer 550 may be an information processing apparatus for printing. In this case, the printer 550 includes a communication device for communicating with the print compatible server 300 via a network and a USB interface for connecting the USB memory 50.

  In addition, the units 110 to 112, 210 to 212, 310 to 313, and 510 in the thin client terminal 100, the blade server 200, the print compatible server 300, and the information processing apparatus 500 for printing that constitute the print management system 10 described so far. ˜512 and the like may be realized as hardware, or may be realized as a program stored in an appropriate storage device such as a memory or HDD (Hard Disk Drive). In this case, the CPU of each device reads the corresponding program from the storage device to each RAM and executes it in accordance with the program execution.

  In addition to the Internet and LAN, the network 40 may employ various networks such as an ATM line, a dedicated line, a WAN (Wide Area Network), a power line network, a wireless network, a public line network, and a mobile phone network. I can do it. If a virtual private network technology such as VPN (Virtual Private Network) is used, communication with improved security is established when the Internet is adopted.

---- Folder structure ---
Next, the structure of the file storage folder used by the print compatible server 300 constituting the information processing system 10 in the present embodiment will be described. FIG. 7 is a diagram showing an example of the data structure of (a) the pre-print file storage folder 326, (b) the post-print file storage folder 327, and (c) the log storage folder 328 in this embodiment. These pre-print file storage folder 326, post-print file storage folder 327, and log storage folder 328 are all stored in a data storage area 325 provided in the storage device 301 of the print compatible server 300. The data storage area 325 is set, for example, for each ID of a user who is permitted to print the converted print target file downloaded from the print compatible server 300 to the USB memory 50 by the predetermined printer 550. Accordingly, the data storage area 325, the pre-print file storage folder 326, the post-print file storage folder 327, and the log storage folder 328 are set in advance in the storage device 301 of the print compatible server 300 by the administrator of the thin client system 10 or the like. Has been.

  The pre-print file storage folder 326 is a folder serving as a storage destination in which the file storage processing unit 310 stores the converted print target file transferred from the blade server 200. The pre-print file storage area 326 is, for example, a folder for each user ID, and is a collection of records in which the post-conversion print target file (pre-print), print authority information related to the file, connection destination, and availability setting data are associated with each other. It has become. The file conversion unit 211 of the blade server 200 uses a connection destination (for example, an IP address) of the print corresponding server 300 to be accessed when a print event occurs, and a program for executing print processing on the print target file. On the other hand, it can be assumed that the permission setting data for instructing whether or not to execute the printing process is set, and the conversion process of the file to be printed into a predetermined file format is performed. Therefore, in the example of FIG. 7A, not only the file to be printed after conversion but also each data of print authority information, connection destination, and availability setting is associated with the user ID. It should be noted that the availability setting data can be assumed to be a “print execution impossible” flag (“×” in the example in the figure) added to the converted print target file by default.

  Further, the post-print file storage area 327 is moved from the pre-print file storage folder 326 after conversion, which is transmitted from the print corresponding server 300 to the thin client terminal 100 and has undergone the print processing by the printer 550. This is the destination folder. The post-print file storage area 327 is a folder for each user ID, for example, and is an aggregate of post-conversion print target files (eg, the print correspondence server 300 appends the movement date and time to the original file name). ing.

  The log storage folder 328 is a storage area for storing a print log including at least the ID of the file to be converted after transmission transmitted from the print corresponding server 300 to the thin client terminal 100 and information on the transmission time. For example, it is a folder for each user ID, and is an aggregate of log files (for example, the original printer output image file name with extension “log”). This log file stores information on the ID and transmission time of the file to be printed after conversion.

--- Processing flow example 1 ---
First, the flow of establishing a connection between the thin client terminal 100 and the blade server 200 will be described. FIG. 8 is a diagram showing a processing flow example 1 of the print management method in the present embodiment. Here, it is assumed that a user who has the USB memory 50 as a portable storage device considers using the blade server 200 via the thin client terminal 100. Here, “use” can assume a process of selecting a file to be printed from the file 215 stored in the storage device 201 of the blade server 200.

  In this case, the user connects the USB memory 50 as a portable storage device to the USB interface 144 of the thin client terminal 100. As the USB memory 50, an authentication device (trade name: KeyMobile) in which a personal certificate, a private key, and various application software necessary for mobile use are preinstalled in a memory card in which an IC card unit and a flash memory are integrated. ) Can be adopted.

  Such an authentication device is not a simple storage device, but stores an authentication application, and can execute an authentication process in cooperation with the thin client terminal 100 of the connection destination. Accordingly, when the USB memory 50 is connected to the USB interface 144 of the thin client terminal 100, for example, an authentication application is activated from the storage area of the USB memory 50, and appropriate authentication information (user ID, password, biometric information, etc.) If there is no input from the input device 105 or the biological information sensor 604, control is performed so that a necessary program of the thin client terminal 100 cannot be started (s10).

  If the authentication process for the use of the thin client terminal 100 is OK in the authentication application of the USB memory 50 (s100: OK), the thin client terminal 100 executes the process for reading the stored information in the USB memory 50 and reads The information (including the address of the management server 400) is stored in the RAM 103 (s101). On the other hand, if the authentication processing for the use of the thin client terminal 100 is NG in the authentication application of the USB memory 50 (s100: NG), the USB memory 50 and the thin client terminal 100 use the thin client terminal 100 itself. The subsequent processing is terminated without accepting.

  Subsequent to step s101, the thin client terminal 100, for example, stores the information stored in the USB memory 50 read from the RAM 203 (for example: addressed to the address of the management server 400 included as the stored information in the USB memory 50). The device information 173 in the hard disk drive 101 or the TPM is transmitted in the usage allocation request of the blade server 200 (s102). In this process, the encrypted communication program 171 is started in the thin client terminal 100. The encrypted communication program 171 reads the address of the management server 400 from the RAM 103, secures a network between the thin client terminal 100 and the management server 400, and constructs a secure network environment with communication data encryption. .

  On the other hand, the management server 400 receives the usage allocation request including the storage information of the USB memory 50 from the thin client terminal 100 (s103), and stores the storage information of the USB memory 50 included in the usage allocation request with a predetermined allocation. The management table is collated (s104). In this assignment management table, if the blade server 200 is assigned and set in advance for each thin client terminal 100, the management server 400 addresses the corresponding blade server 200 assigned to the thin client terminal 100. Is identified, and this is notified to the thin client terminal 100 that is the transmission source of the usage allocation request (s105).

  The thin client terminal 100 receives the address of the assignment destination blade server 200 from the management server 400 (s106). The thin client terminal 100 that has obtained the address of the blade server 200 in this way transmits a connection establishment request including at least information for authentication of the thin client terminal 100 or the user to the address of the blade server 200 that is the use allocation destination. (S107).

  On the other hand, the blade server 200 receives the connection establishment request transmitted from the thin client terminal 100 and executes an authentication process based on the authentication information of the thin client terminal 100 or the user included in the connection establishment request. (S108). If it is determined in this authentication process that the connection establishment request can be accepted (s108: OK), the determination result is returned as response data to the thin client terminal 100 (s109).

  On the other hand, the thin client terminal 100 that has transmitted the connection establishment request receives the response data returned from the blade server 200, and if the response data is “connection establishment is possible” (s110: OK), A connection establishment process is performed between the blade server 200 and the thin client terminal 100 via the network 40 or the LANs 45 and 47 (s111). If the response data returned by the blade server 200 is “connection establishment impossible” (s110: NG), the subsequent processing is terminated.

  In the connection establishment process, the remote client program 170 stored in the hard disk drive 101 (or TPM) of the thin client terminal 100 may send an authentication request to the address of the blade server 200. . In response to this authentication request, the blade server 200 returns, for example, a login ID, password, or biometric information input request to the thin client terminal 100. In response to this input request, when the thin client terminal 100 returns a login ID, password, etc., the blade server 200 manages the login ID, password, or biometric information managed by itself and the login ID derived from the thin client terminal 100. It is determined whether or not the password, the password, or the biometric information matches, and finally the availability of the blade server 200 is determined.

  Subsequently, as the connection establishment process is executed, the thin client terminal 100 transmits the operation information input from the input device 105 of the thin client terminal 100 to the address of the blade server 200 (s112). The blade server 200 receives the operation information from the thin client terminal 100 as the connection establishment process with the thin client terminal 100 is executed according to the determination result, and the operation content indicated by the operation information. Information processing is performed according to the information, and video information indicating the result is transmitted to the thin client terminal 100 (s113). The thin client terminal 100 receives this video information and displays it on the output device 106 (s114). Thus, the user can use it.

--- Processing flow example 2 ---
Hereinafter, the actual procedure of the print management method in the present embodiment will be described with reference to the drawings. Note that various operations corresponding to the print management method described below are executed by reading into the RAMs of the thin client terminal 100, the blade server 200, the print compatible server 300, and the destination PC 500, which constitute the print management system 10. Realized by the program. And this program is comprised from the code | cord | chord for performing the various operation | movement demonstrated below.

  FIG. 9 is a diagram showing a processing flow example 2 of the print management method in the present embodiment. Here, it is assumed that the connection between the thin client terminal 100 and the blade server 200 is established as shown in the above-described processing flow example 1. Here, the file conversion instruction reception unit 210 of the blade server 200 generates a list of files 215 to be stored in the storage device 201 for the thin client terminal 100 with which the connection has been established (s200). It transmits to the client terminal 100 (s201). For the blade server 200 with which connection has been established, the storage file 215 can be searched and displayed from the thin client terminal 100 by a general file management program. Therefore, for example, the thin client terminal 100 displays a list of files stored in the blade server 200 on the output device 106 in accordance with a user instruction received by the input device 105, and designates a file to be printed by the user. Can be received by a click event such as a mouse.

  In this way, the file conversion instruction unit 110 of the thin client terminal 100 acquires a list of files 215 stored in the blade server 200, and accepts designation of a file to be printed from the list by the input device 105 (s202). . In addition, the file conversion instruction unit 110 instructs the blade server 200 to convert the print target file specified in step s202 into a predetermined file format (s203).

  On the other hand, the file conversion instruction accepting unit 210 of the blade server 200 performs processing for converting the print target file specified from the list (for example, the file name) and the print target file into a predetermined file format. An instruction is received from the thin client terminal 100 (s204). At this time, the file conversion unit 211 of the blade server 200 reads the print target file from the storage device 201 according to the file name of the print target file indicated by the conversion instruction, and converts the print target file into a predetermined file format. And stored in the RAM 203 (s205).

  Note that the file conversion unit 211 of the blade server 200 has a connection destination (for example, an IP address) of the print corresponding server 300 to be accessed when a print event occurs, and a program 525 for executing print processing on the print target file. Is set in the print target file, and conversion processing of the print target file into a predetermined file format is performed. For this reason, the blade server 200 stores in advance in the storage device 201 the connection destination of the print-compatible server 300, that is, the address 216 on the network. In addition, the availability setting data set here can assume a “print execution impossible” flag added to the post-conversion print target file. This permission / prohibition setting data is a flag that is read when the print program 525 (held by the destination PC 500) that prints the converted print target file opens the converted print target file.

  On the other hand, the file transfer instruction unit 111 of the thin client terminal 100 executes an authentication process for the user, and then sends a transfer request for the converted print target file from the blade server 200 to the print corresponding server 300. It is assumed that the input device 105 accepts it (s206). At this time, the file transfer instructing unit 111 also accepts input of print authority information = password related to the print target file by the input device 105. The file transfer instruction unit 111 instructs the blade server 200 to transfer the converted print target file including the user ID authenticated in the authentication process and the print authority information (s207).

  The file transfer unit 212 of the blade server 200 receives the transfer instruction from the thin client terminal 100 (s208). Then, using the ID of the user authenticated in the authentication process for the user, the file name of the converted print target file, and the like as keys, the corresponding converted print target file is read from the RAM 203, and the transfer instruction includes Information = Transfer processing from the blade server 200 to the print corresponding server 300 is performed together with the user ID and printing authority information (s209).

  The file transfer unit 212 of the blade server 200 receives the transfer instruction from the thin client terminal 100, reads the converted print target file from the RAM 203, and the read file is the converted file. It is determined whether or not the file to be printed has a predetermined file format (for example, it is determined whether or not the extension of the file is a predetermined one), and only when the transfer instruction is a transfer instruction for a file of the predetermined file format Transfer processing of the post-conversion print target file from the blade server 200 to the print compatible server 300 may be performed. That is, control is performed so that the transfer process is permitted only for a file in a format that can be managed by the print management system 10.

  Subsequently, the file storage processing unit 310 of the print corresponding server 300 receives the converted print target file, the user ID, and the print authority information transferred from the blade server 200 (s210). In addition, the file storage processing unit 310 stores the post-conversion print target file and the print authority in the pre-print file storage folder 326 in the storage area 325 associated with the user ID attached to the post-conversion print target file. Information is stored in association with each other (s211). Note that the print authority information associated with the converted print target file is not specified by the user, but is print authority information predetermined by an appropriate administrator or the like (eg, according to the job title of the user, etc.) It is also possible to employ a password that is uniquely determined and is stored in advance in the storage device 301 by the print correspondence server 300. By the processing so far, the print target file is converted into the print target file after conversion, and is stored in the print corresponding server 300.

  After that, it is assumed that the user has to carry the thin client terminal 100 and print the converted print target file on the printer 550 of a company on a business trip, for example. In this case, the file acquisition unit 112 of the thin client terminal 100 executes an authentication process for the user, and receives an instruction from the user through the input device 105 to access the print corresponding server 300. (S212). In addition, the file acquisition unit 112 includes a pre-print file storage folder associated with the user ID authenticated by the authentication processing in the data storage area 325 provided in the storage device 301 of the print correspondence server 300. The browsing request 326 is transmitted to the print corresponding server 300 (s213).

  On the other hand, the file moving unit 311 of the print compatible server 300 is associated with the ID of the user who is authenticated by the authentication process in the data storage area 325 provided in the storage device 301 for the thin client terminal 100. A list of post-conversion print target files in the pre-print file storage folder 326 is transmitted (s214).

  On the other hand, the file acquisition unit 112 of the thin client terminal 100 receives the list from the print compatible server 300, receives the designation of the file to be converted from the list in the input device 105 (s215), A request for obtaining the converted print target file is transmitted to the print corresponding server 300.

  At this time, the file moving unit 311 of the print compatible server 300 reads out the converted print target file designated by the user indicated by the acquisition request from the storage device 301 and transmits it to the thin client terminal 100 (s216). Then, the post-conversion print target file is moved from the pre-print file storage folder 326 to the post-print file storage folder 327 (s217). In addition, the print log recording unit 313 of the print compatible server 300 transmits the converted post-conversion target to be transmitted to the thin client terminal 100 as the post-conversion print target file is transmitted to the thin client terminal 100. A print log including at least a file ID and transmission time information is stored in the log storage folder 328 in the storage device 301 in association with the user ID (s218).

  On the other hand, the thin client terminal 100 receives the converted print target file transmitted from the print compatible server 300 and stores it in the USB memory 50 that is a portable storage device connected to the USB interface 144. (S219). When the file acquisition unit 112 obtains the converted print target file from the print compatible server 300 and stores it in the USB memory 50, the file acquisition unit 112 inquires of the USB memory 50 about the presence or absence of a biometric authentication function and performs biometric authentication. If the function presence / absence information is acquired and the USB memory 50 connected to the USB interface 144 has a biometric authentication function, the converted print target file is stored in the USB memory 50. Is preferred.

  In this case, prior to the execution of step s219, the biometric information sensor 604 of the USB memory 50 performs a biometric information reading operation at regular intervals, and when the user's biometric information is read, the read data is read. Is passed to the biometric authentication program 615. The biometric authentication program 615 acquires this read data, and executes a verification process with the biometric information of the legitimate user stored in advance in the authentication information 610. If the matching of the biometric information cannot be specified by this collation processing, the biometric authentication program 615 subsequently rejects the I / O data (from the destination PC 500 or the printer 550) for the USB memory 50 or closes the USB port. The USB memory 50 is prohibited from being used.

  In response to an inquiry from the file acquisition unit 112 of the thin client terminal 100 regarding the presence or absence of a biometric authentication function, for example, the CPU 601 searches the memory 602 for the presence of the biometric authentication program 615. Then, the CPU 601 returns to the thin client terminal 100 information indicating whether or not the biometric authentication program 615 = biometric authentication function is found by this search.

--- Processing flow example 3 ---
FIG. 10 is a diagram showing a processing flow example 3 of the print management method in the present embodiment. Here, the USB memory 50 storing the converted file to be printed is connected to the destination PC 500 (or the printer 550 as the printing information processing apparatus 500), and the converted printing is performed from the printer 550 connected to the destination PC 500. A flow when executing the print processing of the target file will be described.

  Here, the printing authority inquiry unit 510 of the destination PC 500 reads the converted file to be printed from, for example, the RAM 503 from the USB memory 50 connected to the USB interface 514 (s300). Thereafter, the occurrence of a print event is detected in response to a print instruction (specifying a file to be converted after conversion) from the user via the input device 505 and information for printing authority authentication (eg, a password entered by the user) ( s301).

  Subsequently, the print authority inquiry unit 510 converts the converted file to be printed from the connection destination of the print compatible server 300 to be accessed (as in the example of the pre-print file storage folder shown in FIG. 7A). The connection destination information is added to the post-print target file), and the user ID, the ID of the post-conversion print target file, and the print authority authentication are sent to the connection destination of the print compatible server 300. A print authority inquiry request including information is transmitted (s302). When the converted print target file does not include the connection destination of the print compatible server 300 to be accessed, connection destination information (eg, pre-distributed from the print compatible server 300) held in the storage device 501 by the destination PC 500 in advance is stored. It may be read and used.

  On the other hand, the authority determination unit 312 of the print-compatible server 300 receives the print authority inquiry request transmitted from the destination PC 500 (or the printer 550 as the printing information processing apparatus 500) (s303). Based on the user ID included in the print authority inquiry request and the converted print target file ID, the pre-print file storage folder 326 corresponding to the user ID corresponds to the converted print target file ID. The attached print authority information is specified (s304).

  The authority determining unit 312 collates the print authority information specified in step s304 with the print authority authentication information (s305), and if they match (s305: OK), there is a valid print authority. The determination result is sent back to the destination PC 500 (or printer 550) (s306). On the other hand, if the printing authority information specified in step s304 does not match the printing authority authentication information (s305: NG), the authority determining unit 312 determines that there is no valid printing authority. The result is returned to the destination PC 500 (or printer 550) (s307), and the process is terminated.

  On the other hand, the authority setting unit 511 of the destination PC 500 receives the print authority determination result returned from the print corresponding server 300 in response to the print authority inquiry request. Is changed to the print enable flag “◯”, which has been set in advance as the enable / disable setting data for the converted print target file (s308).

  Further, the print processing unit 512 of the destination PC 500 reads out and executes a program 525 for printing the converted print target file from the storage device 501, and based on the availability setting data = printable flag “◯”. The printer 550 is instructed to print the converted print target file (s309). As the printing mechanism, the printer 550 connected by the LAN 47 can be assumed. Alternatively, when the printer 550 itself is assumed as a printing information processing apparatus instead of the destination PC 500, a printing mechanism provided in the printer 550 is provided.

  Also, the image erasing unit 513 of the destination PC 500 receives a print end notification from the printer 550 after instructing the printer 550 to print the converted print target file, Erasing processing is performed from the RAM 503, which is a temporary storage unit for the file to be printed after conversion (s310). In this case, it is assumed that the destination PC 500 temporarily stores the converted print target file acquired from the print compatible server 300 in the RAM 503 and outputs it to the printer 550.

  The printer 550 may have the same function as the destination PC 500, and the printer 550 may be an information processing apparatus for printing. In this case, the printer 550 includes a communication device for communicating with the print compatible server 300 via a network and a USB interface for connecting the USB memory 50.

  The authentication medium 50 is preferably assumed to be the authentication device, but may also be assumed to be a mobile phone having similar functions and connectivity with the thin client terminal 100. .

  According to the present embodiment, it is possible to perform printing processing from a printer that is not a management target while ensuring appropriate security.

  As mentioned above, although embodiment of this invention was described concretely based on the embodiment, it is not limited to this and can be variously changed in the range which does not deviate from the summary.

10 Print management system 40 Network 45, 47 LAN
46, 48 Router 50 Portable storage device 51 Storage case 55 IC chip 100 Thin client terminal 101, 201, 301, 501 HDD (Hard Disk Drive: storage device)
102, 202, 302, 502 Program 103, 203, 303, 503 RAM (Random Access Memory)
104, 204, 304, 504 CPU (Central Processing Unit)
105, 205, 305, 505 Input device 106, 206, 306, 506 Output device 107, 207, 307, 507 Communication device, NIC (Network Interface Card)
108, 208, 308, 508 Flash ROM
109, 209, 309, 509 Bridge 110 File conversion instruction unit 111 File transfer instruction unit 112 File acquisition unit 115, 236, 336, 536 OS
120, 220, 320, 520 Power supply 128 Log storage folder 130, 230, 330 Video card 135, 235, 335, 535 BIOS
144, 544, 603 USB interface 160 I / O connector 170 Remote client program 171, 271, 315 Encrypted communication program 173 Device information 200 Blade server 210 File conversion instruction reception unit 211 File conversion unit 212 File transfer unit 270 Remote server program 300 Print compatible server (other servers)
310 File storage processing unit 311 File movement unit 312 Authority determination unit 313 Print log recording unit 325 Data storage area 326 File storage folder before printing 327 File storage folder after printing 400 Management server 500 Destination PC (information processing apparatus for printing)
508 Printer driver 510 Print authority inquiry unit 511 Authority setting unit 512 Print processing unit 550 Printer

Claims (7)

The input device accepts the designation of the file to be printed from among the files stored in the server that has established the thin client connection via the network, and instructs the server to instruct the server to convert the file to be printed into a predetermined file format. , File conversion instruction part,
After executing the authentication process for the user, the input device accepts a transfer request for the file to be printed after conversion from the server to another server connected to the server, and the use authenticated by the authentication process A file transfer instruction unit for instructing the server to transfer the converted print target file including the ID of the user,
After executing the authentication process for the user, the other server is accessed, and the other server is associated with the ID of the user authenticated by the authentication process in the data storage area provided in the storage device, The input device accepts designation of the post-conversion print target file from the pre-print file storage folder that stores the post-conversion print target file, reads the post-conversion print target file from the other server, and is connected to the interface A thin client terminal having a file acquisition unit to be stored in a portable storage device;
A list of files to be stored in the storage device is transmitted to the thin client terminal with which the connection has been established, designation of a print target file from the list, and an instruction to convert the print target file into a predetermined file format Is received from the thin client terminal, a file conversion instruction receiving unit,
In response to an instruction to convert the file to be printed, the file to be printed is read from a storage device, a connection destination of another server to be accessed when a print event occurs, and a program for executing print processing A file conversion unit that sets whether or not to execute print processing and converts the print target file into a predetermined file format and stores the file in a memory;
A transfer instruction for the converted print target file including the ID of the user authenticated in the authentication process for the user of the thin client terminal is received from the thin client terminal, and the converted print target is received from the memory. A server having a file transfer unit that reads a file and performs transfer processing of the converted print target file from the server to another server connected to the server;
A data storage area for each user ID is provided in the storage device,
If the converted print target file is transferred from the server, it is received and the converted print target file is associated with the print authority information attached to the converted print target file. A file storage processing unit for storing in a pre-printing file storage folder in a storage area associated with the user ID attached to the converted print target file;
The pre-print file storage folder associated with the user ID authenticated in the authentication process in the data storage area provided in the storage device for the thin client terminal that has received access through the user authentication process Send a list of converted print target files in the list, accept the designation of the converted print target file to be printed from the list, read out the converted print target file of the print target from the storage device, and A file moving unit for transmitting to the thin client terminal and moving the converted file to be printed from the pre-print file storage folder to the post-print file storage folder;
A print authority inquiry request transmitted from the information processing apparatus for printing is received, and the user ID included in the print authority inquiry request and the converted print target file ID correspond to the user ID. In the pre-print file storage folder, the print authority information associated with the ID of the post-conversion print target file is specified, and if the print authority information and the print authority authentication information are collated and they match, Another server having an authority determination unit that returns a determination result that there is a print authority to the information processing apparatus for printing ,
A communication device that communicates with other devices via a network, a storage device that stores a program for printing the converted print target file, and an interface that is connected to the portable storage device;
Read the converted print target file from the portable storage device connected to the interface, receive a print instruction from the user at the input device and information for print authority authentication, detect the occurrence of a print event, and The connection destination of the other server to be accessed is read from the post-conversion print target file, and the user ID, the post-conversion print target file ID, and the print authority authentication information are addressed to the connection destination of the other server. A print authority inquiry section that sends a print authority inquiry request including
The print authority determination result returned from the other server in response to the print authority inquiry request is received, and when the determination result indicates the presence of a valid print authority, the permission setting data is set in advance. An authority setting section for changing the non-printable data to printable data,
A print processing unit that reads and executes a program for printing the converted print target file from a storage device, and instructs the print mechanism to print the converted print target file based on the availability setting data. An information processing apparatus for printing;
A print management system comprising: In the other server,
The file storage processing unit receives the converted print target file from the server if it has been transferred, and associates the print authority file with predetermined information for the converted print target file, The print management system according to claim 1, wherein the print management system stores the file in a pre-print file storage folder in a storage area associated with the user ID attached to the converted print target file. In the server,
The file transfer unit receives from the thin client terminal an instruction to transfer the converted print target file including the ID of the user authenticated in the authentication process for the user of the thin client terminal, When the converted print target file is read from the memory, it is determined whether the read file is in a predetermined file format of the converted print target file, and the transfer instruction is a transfer instruction for a file of the predetermined file format 3. The print management system according to claim 1, wherein the process of transferring the converted print target file from the server to another server connected to the server is performed only on the print management system. In the thin client terminal,
When the file acquisition unit reads the converted print target file from the other server and stores it in the portable storage device connected to the interface, the file acquisition unit inquires of the portable storage device whether a biometric authentication function exists or not. Acquiring information on presence / absence of an authentication function, and storing the converted print target file in the portable storage device when the portable storage device connected to the interface has a biometric authentication function. print management system according to any one of claims 1 to 3,. The other server is
A print including at least the ID of the converted print target file and the transmission time information transmitted to the thin client terminal as the converted print target file to be printed is read from the storage device and transmitted to the thin client terminal. print management system according to any one of claims 1 to 4, the log is stored in the user ID storage unit in association with, having a print log recording unit, characterized in that. The information processing apparatus for printing is
After a print instruction to the printing mechanism for the converted print target file, a print end notification is received from the print mechanism, and the converted print target file is erased from the temporary storage means of the converted print target file to print management system according to any one of claims 1 to 5, characterized in that it has an image erasing unit. Thin client terminal
The input device accepts the designation of the file to be printed from among the files stored in the server that has established the thin client connection via the network, and instructs the server to instruct the server to convert the file to be printed into a predetermined file format. Processing,
After executing the authentication process for the user, the input device accepts a transfer request for the file to be printed after conversion from the server to another server connected to the server, and the use authenticated by the authentication process A process for instructing the server to transfer the converted print target file including the ID of the user,
After executing the authentication process for the user, the other server is accessed, and the other server is associated with the ID of the user authenticated by the authentication process in the data storage area provided in the storage device, The input device accepts designation of the post-conversion print target file from the pre-print file storage folder that stores the post-conversion print target file, reads the post-conversion print target file from the other server, and is connected to the interface Execute processing to store in a portable storage device,
The server
A list of files to be stored in the storage device is transmitted to the thin client terminal with which the connection has been established, designation of a print target file from the list, and an instruction to convert the print target file into a predetermined file format Receiving from the thin client terminal,
In response to an instruction to convert the file to be printed, the file to be printed is read from a storage device, a connection destination of another server to be accessed when a print event occurs, and a program for executing print processing Processing for setting availability setting data for instructing whether or not to execute print processing, converting the print target file into a predetermined file format, and storing the file in a memory;
A transfer instruction for the converted print target file including the ID of the user authenticated in the authentication process for the user of the thin client terminal is received from the thin client terminal, and the converted print target is received from the memory. Read the file, execute the process of transferring the converted print target file from the server to another server connected to the server,
Other servers equipped with a data storage area for each user ID in the storage device,
If the converted print target file is transferred from the server, it is received and the converted print target file is associated with the print authority information attached to the converted print target file. Te, of the storage area linked to the user ID incidental to the converted print target file, the process of storing the pre-print file storage folder,
The pre-print file storage folder associated with the user ID authenticated in the authentication process in the data storage area provided in the storage device for the thin client terminal that has received access through the user authentication process Send a list of converted print target files in the list, accept the designation of the converted print target file to be printed from the list, read out the converted print target file of the print target from the storage device, and A process of transmitting to the thin client terminal and moving the target print file after conversion from the pre-print file storage folder to the post-print file storage folder;
A print authority inquiry request transmitted from the information processing apparatus for printing is received, and the user ID included in the print authority inquiry request and the converted print target file ID correspond to the user ID. In the pre-print file storage folder, the print authority information associated with the ID of the post-conversion print target file is specified, and if the print authority information and the print authority authentication information are collated and they match, And a process of returning a determination result that the right print authority exists to the information processing apparatus for printing ,
An information processing apparatus for printing including a communication apparatus that communicates with other apparatuses via a network, a storage apparatus that stores a program for printing the converted print target file, and an interface that is connected to the portable storage apparatus.
Read the converted print target file from the portable storage device connected to the interface, receive a print instruction from the user at the input device and information for print authority authentication, detect the occurrence of a print event, and The connection destination of the other server to be accessed is read from the post-conversion print target file, and the user ID, the post-conversion print target file ID, and the print authority authentication information are addressed to the connection destination of the other server. Processing to send a print authorization inquiry request including
The print authority determination result returned from the other server in response to the print authority inquiry request is received, and when the determination result indicates the presence of a valid print authority, the permission setting data is set in advance. Processing to change the non-printable data that has been made into printable data,
A program for printing the converted print target file is read from the storage device and executed, and a process for instructing a print mechanism to print the converted print target file based on the availability setting data is executed.
A print management method.

Images