US20190387129A1 - Method and apparatus to prevent reproduction of secure data - Google Patents
Method and apparatus to prevent reproduction of secure data Download PDFInfo
- Publication number
- US20190387129A1 US20190387129A1 US16/007,649 US201816007649A US2019387129A1 US 20190387129 A1 US20190387129 A1 US 20190387129A1 US 201816007649 A US201816007649 A US 201816007649A US 2019387129 A1 US2019387129 A1 US 2019387129A1
- Authority
- US
- United States
- Prior art keywords
- document
- perceptual hash
- secure data
- reproduction
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000004044 response Effects 0.000 claims abstract description 22
- 238000004891 communication Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/44—Secrecy systems
- H04N1/4406—Restricting access, e.g. according to user identity
- H04N1/4433—Restricting access, e.g. according to user identity to an apparatus, part of an apparatus or an apparatus function
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1202—Dedicated interfaces to print systems specifically adapted to achieve a particular effect
- G06F3/1222—Increasing security of the print job
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1223—Dedicated interfaces to print systems specifically adapted to use a particular technique
- G06F3/1237—Print job management
- G06F3/1238—Secure printing, e.g. user identification, user rights for device usage, unallowed content, blanking portions or fields of a page, releasing held jobs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/12—Digital output to print unit, e.g. line printer, chain printer
- G06F3/1201—Dedicated interfaces to print systems
- G06F3/1278—Dedicated interfaces to print systems specifically adapted to adopt a particular infrastructure
- G06F3/1285—Remote printer device, e.g. being remote from client or server
- G06F3/129—Remote printer device, e.g. being remote from client or server in server-printer device-client configuration, e.g. print flow goes from server to printer and then bidirectional from printer to client, i.e. the client does not communicate with the server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/44—Secrecy systems
- H04N1/448—Rendering the image unintelligible, e.g. scrambling
- H04N1/4486—Rendering the image unintelligible, e.g. scrambling using digital data encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Definitions
- the present disclosure relates generally to printing devices and, more particularly, to a method and an apparatus to prevent a printing device from printing secure data.
- Secure information can be contained in documents. Some individuals or companies may not want the secure information to be printed or reproduced in any way. Some security methods may be manually performed. For example, an analyst may examine every document before the document is reproduced to ensure that no secure data is in the document.
- Other methods may use a login and password to reproduce secure data. For example, users with authorized access to the secure data in a document may enter a password in the multi-function device (MFD) to reproduce the document containing the secure data.
- MFD multi-function device
- the security requires some level of user interaction or input from a user at the MFD.
- most methods attempt to limit reproduction by attaching some security to the document.
- the secure data is in other documents that do not include any security feature, the secure data can still be reproduced.
- a method for preventing reproduction of secure data on a printing device.
- One disclosed feature of the embodiments is a method that is performed by a processor of a multi-function device. The method receives a request to reproduce a document, calculates a perceptual hash of the document, transmits the perceptual hash of the document to a server, receives a control signal to halt reproduction of the document on the printing device in response to a perceptual hash of the secure data stored on the server matching at least a portion of the perceptual hash of the document, and halts the reproduction of the document on the printing device in response to the control signal.
- Another disclosed feature of the embodiments is a non-transitory computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform a method that receives a request to reproduce a document, calculates a perceptual hash of the document, transmits the perceptual hash of the document to a server, receives a control signal to halt reproduction of the document on the printing device in response to a perceptual hash of the secure data stored on the server matching at least a portion of the perceptual hash of the document, and halts the reproduction of the document on the printing device in response to the control signal.
- Another disclosed feature of the embodiments is an apparatus comprising a processor that is configured to receive a request to reproduce a document, calculate a perceptual hash of the document, transmit the perceptual hash of the document to a server, receive a control signal to halt reproduction of the document on the printing device in response to a perceptual hash of the secure data stored on the server matching at least a portion of the perceptual hash of the document, and halt the reproduction of the document on the printing device in response to the control signal.
- FIG. 1 illustrates one example of a communication network of the present disclosure
- FIG. 2 illustrates an example flowchart of one embodiment of a method for preventing reproduction of secure data on a multi-function device
- FIG. 3 illustrates an example flowchart of another embodiment of a method for preventing reproduction of secure data on a multi-function device
- FIG. 4 illustrates a high-level block diagram of a computer suitable for use in performing the functions described herein.
- the present disclosure broadly discloses a method and apparatus to prevent reproduction of secure data.
- secure information can be contained in documents. Some individuals or companies may not want the secure information to be printed or reproduced in any way. Some security methods may be manually performed. For example, an analyst may examine every document before the document is reproduced to ensure that no secure data is in the document.
- Other methods may use a login and password to reproduce secure data. For example, users with authorized access to the secure data in a document may enter a password in the multi-function device (MFD) to reproduce the document containing the secure data.
- MFD multi-function device
- the security requires some level of user interaction or input from a user at the MFD.
- most methods attempt to limit reproduction by attaching some security to the document.
- the secure data is in other documents that do not include any security feature, the secure data can still be reproduced.
- Embodiments of the present disclosure configure a printing device to automatically detect secure data in a document and prevent reproduction of the secure data.
- a perceptual hash can be applied to the secure data.
- the perceptual hash can be stored in a backend server.
- the printing device may calculate the perceptual hash of the document.
- the perceptual hash of the document can be sent to the backend server to determine if any portion of the perceptual hash of the document matches the perceptual hash of the secure data. If a match is found, the backend server may send a control signal to the printing device to prevent reproduction of the document containing the secure data.
- the printing device may be configured to automatically prevent reproduction of any secure data that may be contained in any document.
- FIG. 1 illustrates an example of a communication network 100 .
- the communication network 100 includes a printing device 102 , a server 104 , and an endpoint device 106 .
- the printing device 102 , the server 104 , and the endpoint device 106 may establish a wired or wireless connection with one another over an Internet protocol (IP) network.
- IP Internet protocol
- the IP network may be local area network (LAN) or a wide area network (WAN). Some connections may be over a LAN and other connections may be over a WAN.
- the printing device 102 and the endpoint device 106 may be in a same geographic location and communicate over a LAN.
- the server 104 and the printing device 102 may be remotely located (e.g., different buildings or geographic locations) and communicate over a WAN.
- FIG. 1 Although a single printing device 102 , a single endpoint device 106 , and a single server 104 are illustrated in FIG. 1 , it should be noted that any number of printing devices 102 , endpoint devices 106 , and servers 104 may be deployed.
- the server 104 may be in communication with a plurality of different printing devices 102 associated with different geographic locations or customers.
- a plurality of endpoint devices 106 at the same location or different locations, may be in communication with the server 104 .
- the printing device 102 may be any type of printing device capable of establishing a communication path with the server 104 .
- the printing device 102 may be a multi-function device (MFD), a printer, a scanning device, and the like.
- the server 104 may be a content security back-end system (CSBES) server.
- CSBES content security back-end system
- the CSBES server may be preconfigured to perform the functions described herein.
- the endpoint device 106 may be any type of endpoint device.
- the endpoint device 106 may be a desktop computer, a laptop computer, a tablet computer, a smart phone, and the like.
- the endpoint device 106 may execute an application to allow a user to generate a perceptual hash of secure data 110 .
- the secure data may include any type of text, numbers, images, graphics, pictures, or any combination thereof, that can be generated in a document.
- a perceptual hash is a method to transform an image into a series of binary bit values that provide an efficient way to compare two images and determine if the images are similar. For example, an image may be converted into a greyscale image or halftone image. The average color value of the pixels in the entire image may be calculated. Then the color value of each pixel of the image may be compared to the average color value of the pixels. If the color value of the pixel is below the average color value, the pixel may be assigned a value of zero. If the color value of the pixel is above the average color value, the pixel may be assigned a value of one. Thus, the image may be converted into a sequence of binary bit values of zeros and ones.
- the endpoint device 106 may transmit the perceptual hash of secure data 110 to the server 104 .
- the endpoint device 106 may have a public key of the server 104 .
- the perceptual hash of secure data 110 may be encrypted with the public key for security.
- the perceptual hash of secure data 110 may also be converted or compressed to save memory space. For example, a sequence of binary bit values of zeros and ones of the perceptual hash of secure data 110 may be converted into a hexadecimal value.
- the server 104 may include a processor 112 and a memory 114 .
- the processor 112 may execute instructions stored on the memory 114 .
- the memory 114 may be any type of non-transitory computer readable memory such as a hard disk drive, a random access memory (RAM), an external disk drive, solid state drive, and the like.
- server 104 has been simplified for ease of explanation.
- the server 104 may include additional components that are not shown.
- the server 104 may include a communication interface, a display, input/output devices, and the like.
- the memory 114 may include a perceptual hash list 116 .
- the perceptual hash list 116 may include a plurality of the perceptual hashes of secure data 110 that are indexed.
- the perceptual hash list 116 may store the perceptual hash of secure data 110 for different types of secure data received from different endpoint devices 106 .
- the perceptual hash list 116 may be used to provide an automated way to ensure that secure data is not reproduced on the printing device 102 . Thus, any portion of a document 108 that contains secure data found in the perceptual hash list 116 may be prevented from being reproduced on the printing device 102 .
- the printing device 102 may receive a request to reproduce the document 108 .
- the document 108 may include one or more pages. Each page may include text, images, or a combination thereof.
- the document 108 may be an electronic document transmitted from an endpoint device (e.g., the endpoint device 106 ) or a physical copy that is placed in the printing device 102 to copy or scan. In other words, reproduction of the document 108 may include printing, scanning, copying, and the like.
- the printing device 102 may have a configurable setting to turn on or off a security mode.
- the security mode When the security mode is turned on or enabled, the printing device 102 may generate a perceptual hash of the document 108 .
- the perceptual hash of the document 108 may be transmitted to the server 104 to ensure that no secure data is contained in the document 108 .
- the printing device 102 may always have the security mode enabled such that all documents 108 are analyzed to determine that no secure data is contained in the documents 108 .
- the printing device 102 may include a processor 118 , a memory 120 , and a perceptual hash engine 124 .
- the processor may execute instructions stored in the memory 120 .
- the memory 120 may be any type of non-transitory computer readable memory such as a hard disk drive, a random access memory (RAM), an external disk drive, solid state drive, and the like.
- the printing device 102 has been simplified for ease of explanation.
- the printing device 102 may include additional components that are not shown.
- the printing device 102 may include a communication interface, a wireless radio, paper trays, a print path, a marking engine, a user interface, a display, input/output devices, and the like.
- the perceptual hash engine 124 may be executed by the processor 118 to generate a perceptual hash of document 122 .
- the perceptual hash of document 122 may be the perceptual hash of the document 108 generated by the perceptual hash engine 124 .
- the printing device 102 may be modified or specially configured to include the ability to locally generate a perceptual hash of the document 108 .
- the perceptual hash of document 122 may be generated in a similar way that the perceptual hash of secure data 110 is generated, as discussed above.
- the perceptual hash of the document 122 may include a perceptual hash of each page of the document 108 .
- the perceptual hash of document 122 may be temporarily stored in the memory 120 .
- the memory 120 may be a secure memory such as local secure circular list.
- the secure memory may be a partitioned portion of the memory 120 or a memory device that is separate from the memory 120 .
- the perceptual hash of document 122 may be stored temporarily until the server 104 verifies that the document 108 does not contain any secure data. In other words, no portion of the document 108 is reproduced (e.g., no copy of the document 108 is outputted from the printing device 102 ) until a control signal is received from the server 104 .
- the operation of the printing device 102 may also be modified to rely on a control signal from the remotely located server 104 before completing a reproduction operation, unlike current printing devices.
- a copy of the perceptual hash of document 122 may be transmitted to the server 104 for analysis to see if the document 108 contains any secure data.
- the copy of the perceptual hash of document 122 that is transmitted may be identical to the perceptual hash of document 122 stored in the memory 120 .
- each perceptual hash of secure data 110 stored in the perceptual hash list 116 may be compared to perceptual hash of document 122 .
- the perceptual hash of document 122 may include a perceptual hash for each page of the document 108 and perceptual hash for each page of the document 108 may be transmitted to server 104 and compared one page at a time.
- the perceptual hash of document 122 may include the perceptual hash of all pages of the document 108 and all pages may be compared simultaneously by the server 104 .
- the server 104 may compare the perceptual hash of document 122 to perceptual hashes of secure data stored in a perceptual hash list 116 in the server 104 .
- a match may be detected when a predefined percentage of a sequence of values of one or more of the perceptual hash of the secure data 110 in the perceptual hash list 116 matches a sequence of values of the perceptual hash of document 122 .
- the predefined percentage may be 90%.
- An example of the perceptual hash of the secure data 110 may be 1100011000.
- a portion of the perceptual hash of document 122 may be 0100011000.
- the portion of the document 108 with the perceptual hash of 0100011000 may be determined to match the perceptual hash 1100011000 of the perceptual hash of secure data 110 .
- the predefined percentage is provided as an example.
- the predefined percentage may be any value in accordance with a desired application. For example, if tighter security is required the predefined percentage may be lower (e.g., 70% or 80%) to catch a broader range of potential matches. If less security is required the predefined percentage may be higher (e.g., 99% or 100%) to allow more documents to be reproduced.
- a sliding window may be used to perform the comparison.
- the perceptual hash of secure data 110 may include 20 bits.
- the perceptual hash of document 122 may include 1000 bits for a single page.
- a sliding window of the size of the perceptual hash of secure data 110 (e.g., 20 bits) may be used to examine the perceptual hash of each page of the document 108 .
- the server 104 may send a control signal to the printing device 102 to halt reproduction of the document 108 . In other words, no portion of the document 108 is reproduced and the request to reproduce the document 108 is stopped or denied.
- the printing device 102 may generate a security event and create a security log.
- the security log may include a date, a time, a user (e.g., if a user is required to log into the printing device 102 ), and an image of the page or pages of the document 108 that contained the secure data.
- the security log may be transmitted back to the server 104 .
- the security log may be encrypted with a public key of the server 104 before transmission for security.
- the printing device 102 may delete the copy of the perceptual hash of document 122 that is temporarily stored in the memory 120 .
- the server 104 may send a control signal to the printing device 102 to indicate that reproduction of the document 108 is authorized.
- the printing device 102 may continue with the requested operation to generate a reproduction of the document 108 (e.g., printing, scanning, or copying).
- the present disclosure provides a printing device 102 that is modified to operate in cooperation with the server 104 .
- the printing device 102 may work with the server 104 to automatically analyze documents 108 and ensure that no secure data is reproduced by the printing device 102 .
- FIG. 2 illustrates a flowchart of a method 200 for preventing reproduction of secure data on a multi-function device.
- the method 200 may be performed by the MFD 102 or a computer as illustrated in FIG. 4 and discussed below.
- the method 200 begins at block 202 .
- the method 200 receives a request to reproduce a document.
- the document may be a plurality of pages of text, images, or a combination of both text and images.
- the document may be a physical document to be reproduced on the MFD.
- the document may be already printed on paper, or any other type of print media, and the document may be placed in the MFD for scanning, copying, or printing.
- the document may be sent electronically from an endpoint device.
- a user on an endpoint device may select an electronic document for printing on the MFD and send an electronic copy of the document for printing.
- the method 200 calculates a perceptual hash of the document.
- the perceptual hash may be calculated when the MFD is running in a security mode.
- the security mode may be turned on and off on the MFD depending on whether the MFD should automatically detect secure data and prevent the reproduction of the secure data.
- the perceptual hash of the document may be calculated as described above.
- the perceptual hash may be calculated for each page of the document.
- the perceptual hash of each page of the document may be temporarily stored in secure memory on the MFD.
- the secure memory may be a secure circular list in the MFD.
- the method 200 transmits the perceptual hash of the document to a server.
- the server may be a preconfigured content security back-end system (CSBES).
- the CSBES may be remotely located from the MFD.
- the MFD may establish a secure wireless or wired communication path to the CSBES.
- the perceptual hash of the document may be transmitted over the communication path to the CSBES.
- the blocks 206 and 208 may be repeated for each page of the document. For example, if the document has two pages, the perceptual hash of the first page may be calculated and the perceptual hash of the first page may be transmitted. Then the perceptual hash of the second page may be calculated and the perceptual hash of the second page may be transmitted. In another embodiment, the perceptual hash of all pages of the document may be first calculated, and then the perceptual hash of all pages of the document may be transmitted to the CSBES at the same time.
- the method 200 receives a control signal to halt reproduction of the document on the multi-function device in response to a perceptual hash of the secure data stored on the server matching at least a portion of the perceptual hash of the document.
- the server or CSBES, may compare the perceptual hash of the document, or each page of the document, to perceptual hashes of secure data stored in a perceptual hash list in the server.
- a match may be detected when a predefined percentage of a sequence of values of the perceptual hash of the secure data matches a sequence of values of the perceptual hash of the document.
- the predefined percentage may be 90%.
- the perceptual hash of one of the secure data may be 1100011000.
- a portion of the perceptual hash of the document may be 0100011000.
- the portion of the document with the perceptual hash of 0100011000 may be determined to match the perceptual hash 1100011000 of the secure data.
- the predefined percentage is provided as an example.
- the predefined percentage may be any value in accordance with a desired application. For example, if tighter security is required the predefined percentage may be lower (e.g., 70% or 80%) to catch a broader range of potential matches. If less security is required the predefined percentage may be higher (e.g., 99% or 100%) to allow more documents to be reproduced.
- a sliding window may be used to perform the comparison.
- the perceptual hash of the secure data may include 20 bits.
- a page of the document may include 1000 bits.
- a sliding window of the size of the perceptual hash of the secure data (e.g., 20 bits) may be used to examine the perceptual hash of each page of the document.
- the method 200 halts the reproduction of the document on the multi-function device in response to the control signal.
- the MFD may prevent the document from being reproduced in any way (e.g., prevents scanning, copying, or printing).
- a security event may be created and logged by the MFD.
- the security log may include a date, a time, a user (e.g., if a user is required to log into the MFD), and an image of the page or pages of the document that contained the secure data.
- the security log may be transmitted back to the server or CSBES.
- the security log may be encrypted with a public key of the CSBES before transmission for security.
- the MFD may be modified to automatically detect secure data in a document and prevent reproduction of the secure data.
- part of the control of the MFD may be controlled by the server or CSBES.
- the MFD of the present disclosure may work with the CSBES to provide an automated system to detect secure data and prevent reproduction of the secure data without any user intervention.
- the method 200 ends at block 214 .
- FIG. 3 illustrates a flowchart of a method 300 for preventing reproduction of secure data on a multi-function device.
- the method 300 may be performed by CSBES 104 or a computer as illustrated in FIG. 4 and discussed below.
- the method 300 begins at block 302 .
- the method 300 receives a perceptual hash of secure data to be stored in a perceptual hash list.
- the perceptual hash of the secure data may be created by a user on an endpoint device.
- the CSBES may collect the perceptual hash for a plurality of different secure data received from different endpoint devices and store the perceptual hashes in the perceptual hash list.
- the perceptual hash for each secure data can be generated or calculated, as discussed above.
- the perceptual hash of the secure data may be converted or compressed to save storage space.
- the bits of the perceptual hash may be converted into a hexadecimal format, or any other memory space saving format for storage.
- each perceptual hash stored in the perceptual hash list may be encrypted with a public key of the CSBES.
- the user of the endpoint device that creates the perceptual hash may have the public key of the CSBES.
- the perceptual hash of the secure data may be encrypted with the public key before being transmitted to the CSBES.
- the method 300 receives a perceptual hash of a document to be reproduced on an MFD.
- the CSBES may manage a plurality of different MFDs at a plurality of different geographic locations.
- the CSBES may receive the perceptual hash of the document from one of the MFDs.
- the perceptual hash of the document may include the perceptual hash of each page of the document.
- the document may be a plurality of pages.
- the MFD may calculate the perceptual hash of each page of the document and transmit the perceptual hash of each page of the document to the CSBES.
- the method 300 compares the perceptual hash of the document to the perceptual hash of the secure data stored in the perceptual hash list. In one embodiment, the comparing may be performed for each page of the document if the document comprises multiple pages, as noted in block 306 .
- a sequence of bits of the perceptual hash of the secure data may be compared to a sequence of bits of the perceptual hash of the document.
- the comparison may be performed to determine of the sequence of bits of the perceptual hash of the secure data match within a predefined threshold, or detection range, of any portion of the sequence of the perceptual hash of the document.
- a sliding window may be used to perform the comparison.
- the perceptual hash of the secure data may include 20 bits.
- a page of the document may include 1000 bits.
- a sliding window of the size of the perceptual hash of the secure data (e.g., 20 bits) may be used to examine the perceptual hash of each page of the document.
- the method 300 transmits a control signal to the MFD to halt reproduction of the document when the perceptual hash of the secure data in the perceptual hash list matches at least a portion of the perceptual hash of the document.
- a match may be detected when a predefined percentage of a sequence of values of the perceptual hash of the secure data matches a sequence of values of the perceptual hash of the document.
- the predefined percentage may be 90%.
- the perceptual hash of one of the secure data may be 1100011000.
- a portion of the perceptual hash of the document may be 0100011000.
- the portion of the document with the perceptual hash of 0100011000 may be determined to match the perceptual hash 1100011000 of the secure data.
- the predefined percentage is provided as an example.
- the predefined percentage may be any value in accordance with a desired application. For example, if tighter security is required the predefined percentage may be lower (e.g., 70% or 80%) to catch a broader range of potential matches. If less security is required the predefined percentage may be higher (e.g., 99% or 100%) to allow more documents to be reproduced.
- the MFD may transmit a security log to the CSBES.
- the security log may include a date, a time, a user (e.g., if a user is required to log into the MFD), and an image of the page or pages of the document that contained the secure data.
- the security log may be encrypted with the public key of the CSBES for security.
- the CSBES may send a control signal indicating that no match was found and that the document may be reproduced.
- the MFD may hold the document for reproduction until either a control signal indicating a match was found or a control signal indicating that no match was found is received from the CSBES.
- the method 300 ends.
- one or more blocks, functions, or operations of the methods 200 and 300 described above may include a storing, displaying and/or outputting block as required for a particular application.
- any data, records, fields, and/or intermediate results discussed in the methods can be stored, displayed, and/or outputted to another device as required for a particular application.
- blocks, functions, or operations in FIGS. 2 and 3 that recite a determining operation, or involve a decision do not necessarily require that both branches of the determining operation be practiced. In other words, one of the branches of the determining operation can be deemed as an optional block.
- FIG. 4 depicts a high-level block diagram of a computer that is dedicated to perform the functions described herein.
- the computer 400 comprises one or more hardware processor elements 402 (e.g., a central processing unit (CPU), a microprocessor, or a multi-core processor), a memory 404 , e.g., random access memory (RAM) and/or read only memory (ROM), a module 405 for preventing reproduction of secure data on a multi-function device, and various input/output devices 406 (e.g., storage devices, including but not limited to, a tape drive, a floppy drive, a hard disk drive or a compact disk drive, a receiver, a transmitter, a speaker, a display, a speech synthesizer, an output port, an input port and a user input device (such as a keyboard, a keypad, a mouse, a microphone and the like)).
- a hardware processor element 402 e.g., a central processing unit (CPU), a micro
- the present disclosure can be implemented in software and/or in a combination of software and hardware deployed on a hardware device, a computer or any other hardware equivalents (e.g., the MFD 102 or the CSBES 104 ).
- computer readable instructions pertaining to the method(s) discussed above can be used to configure a hardware processor to perform the blocks, functions and/or operations of the above disclosed methods.
- instructions and data for the present module or process 405 for preventing reproduction of secure data on a multi-function device e.g., a software program comprising computer-executable instructions
- a hardware processor executes instructions to perform “operations,” this could include the hardware processor performing the operations directly and/or facilitating, directing, or cooperating with another hardware device or component (e.g., a co-processor and the like) to perform the operations.
- the processor executing the computer readable or software instructions relating to the above described method(s) can be perceived as a programmed processor or a specialized processor.
- the present module 405 for preventing reproduction of secure data on a multi-function device (including associated data structures) of the present disclosure can be stored on a tangible or physical (broadly non-transitory) computer-readable storage device or medium, e.g., volatile memory, non-volatile memory, ROM memory, RAM memory, magnetic or optical drive, device or diskette and the like.
- the computer-readable storage device may comprise any physical devices that provide the ability to store information such as data and/or instructions to be accessed by a processor or a computing device such as a computer or an application server.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Facsimiles In General (AREA)
Abstract
Description
- The present disclosure relates generally to printing devices and, more particularly, to a method and an apparatus to prevent a printing device from printing secure data.
- Secure information can be contained in documents. Some individuals or companies may not want the secure information to be printed or reproduced in any way. Some security methods may be manually performed. For example, an analyst may examine every document before the document is reproduced to ensure that no secure data is in the document.
- Other methods may use a login and password to reproduce secure data. For example, users with authorized access to the secure data in a document may enter a password in the multi-function device (MFD) to reproduce the document containing the secure data.
- In most instances, the security requires some level of user interaction or input from a user at the MFD. In addition, most methods attempt to limit reproduction by attaching some security to the document. However, if the secure data is in other documents that do not include any security feature, the secure data can still be reproduced.
- According to aspects illustrated herein, there are provided a method, a non-transitory computer readable medium, and an apparatus for preventing reproduction of secure data on a printing device. One disclosed feature of the embodiments is a method that is performed by a processor of a multi-function device. The method receives a request to reproduce a document, calculates a perceptual hash of the document, transmits the perceptual hash of the document to a server, receives a control signal to halt reproduction of the document on the printing device in response to a perceptual hash of the secure data stored on the server matching at least a portion of the perceptual hash of the document, and halts the reproduction of the document on the printing device in response to the control signal.
- Another disclosed feature of the embodiments is a non-transitory computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform a method that receives a request to reproduce a document, calculates a perceptual hash of the document, transmits the perceptual hash of the document to a server, receives a control signal to halt reproduction of the document on the printing device in response to a perceptual hash of the secure data stored on the server matching at least a portion of the perceptual hash of the document, and halts the reproduction of the document on the printing device in response to the control signal.
- Another disclosed feature of the embodiments is an apparatus comprising a processor that is configured to receive a request to reproduce a document, calculate a perceptual hash of the document, transmit the perceptual hash of the document to a server, receive a control signal to halt reproduction of the document on the printing device in response to a perceptual hash of the secure data stored on the server matching at least a portion of the perceptual hash of the document, and halt the reproduction of the document on the printing device in response to the control signal.
- The teaching of the present disclosure can be readily understood by considering the following detailed description in conjunction with the accompanying drawings, in which:
-
FIG. 1 illustrates one example of a communication network of the present disclosure; -
FIG. 2 illustrates an example flowchart of one embodiment of a method for preventing reproduction of secure data on a multi-function device; -
FIG. 3 illustrates an example flowchart of another embodiment of a method for preventing reproduction of secure data on a multi-function device; and -
FIG. 4 illustrates a high-level block diagram of a computer suitable for use in performing the functions described herein. - To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures.
- The present disclosure broadly discloses a method and apparatus to prevent reproduction of secure data. As discussed above, secure information can be contained in documents. Some individuals or companies may not want the secure information to be printed or reproduced in any way. Some security methods may be manually performed. For example, an analyst may examine every document before the document is reproduced to ensure that no secure data is in the document.
- Other methods may use a login and password to reproduce secure data. For example, users with authorized access to the secure data in a document may enter a password in the multi-function device (MFD) to reproduce the document containing the secure data.
- In most instances, the security requires some level of user interaction or input from a user at the MFD. In addition, most methods attempt to limit reproduction by attaching some security to the document. However, if the secure data is in other documents that do not include any security feature, the secure data can still be reproduced.
- Embodiments of the present disclosure configure a printing device to automatically detect secure data in a document and prevent reproduction of the secure data. In one embodiment, a perceptual hash can be applied to the secure data. The perceptual hash can be stored in a backend server. When a printing device prepares to print a document, the printing device may calculate the perceptual hash of the document. The perceptual hash of the document can be sent to the backend server to determine if any portion of the perceptual hash of the document matches the perceptual hash of the secure data. If a match is found, the backend server may send a control signal to the printing device to prevent reproduction of the document containing the secure data. As a result, the printing device may be configured to automatically prevent reproduction of any secure data that may be contained in any document.
- To better understand the present disclosure,
FIG. 1 illustrates an example of acommunication network 100. In one embodiment, thecommunication network 100 includes aprinting device 102, aserver 104, and anendpoint device 106. Theprinting device 102, theserver 104, and theendpoint device 106 may establish a wired or wireless connection with one another over an Internet protocol (IP) network. The IP network may be local area network (LAN) or a wide area network (WAN). Some connections may be over a LAN and other connections may be over a WAN. For example, theprinting device 102 and theendpoint device 106 may be in a same geographic location and communicate over a LAN. Theserver 104 and theprinting device 102 may be remotely located (e.g., different buildings or geographic locations) and communicate over a WAN. - Although a
single printing device 102, asingle endpoint device 106, and asingle server 104 are illustrated inFIG. 1 , it should be noted that any number ofprinting devices 102,endpoint devices 106, andservers 104 may be deployed. For example, theserver 104 may be in communication with a plurality ofdifferent printing devices 102 associated with different geographic locations or customers. In addition, a plurality ofendpoint devices 106, at the same location or different locations, may be in communication with theserver 104. - In one embodiment, the
printing device 102 may be any type of printing device capable of establishing a communication path with theserver 104. Theprinting device 102 may be a multi-function device (MFD), a printer, a scanning device, and the like. - In one embodiment, the
server 104 may be a content security back-end system (CSBES) server. The CSBES server may be preconfigured to perform the functions described herein. - In one embodiment, the
endpoint device 106 may be any type of endpoint device. For example, theendpoint device 106 may be a desktop computer, a laptop computer, a tablet computer, a smart phone, and the like. Theendpoint device 106 may execute an application to allow a user to generate a perceptual hash ofsecure data 110. The secure data may include any type of text, numbers, images, graphics, pictures, or any combination thereof, that can be generated in a document. - In one embodiment, a perceptual hash is a method to transform an image into a series of binary bit values that provide an efficient way to compare two images and determine if the images are similar. For example, an image may be converted into a greyscale image or halftone image. The average color value of the pixels in the entire image may be calculated. Then the color value of each pixel of the image may be compared to the average color value of the pixels. If the color value of the pixel is below the average color value, the pixel may be assigned a value of zero. If the color value of the pixel is above the average color value, the pixel may be assigned a value of one. Thus, the image may be converted into a sequence of binary bit values of zeros and ones.
- In one embodiment, the
endpoint device 106 may transmit the perceptual hash ofsecure data 110 to theserver 104. In one embodiment, theendpoint device 106 may have a public key of theserver 104. The perceptual hash ofsecure data 110 may be encrypted with the public key for security. In one embodiment, the perceptual hash ofsecure data 110 may also be converted or compressed to save memory space. For example, a sequence of binary bit values of zeros and ones of the perceptual hash ofsecure data 110 may be converted into a hexadecimal value. - In one embodiment, the
server 104 may include aprocessor 112 and amemory 114. Theprocessor 112 may execute instructions stored on thememory 114. Thememory 114 may be any type of non-transitory computer readable memory such as a hard disk drive, a random access memory (RAM), an external disk drive, solid state drive, and the like. - It should also be noted that the
server 104 has been simplified for ease of explanation. For example, theserver 104 may include additional components that are not shown. For example, theserver 104 may include a communication interface, a display, input/output devices, and the like. - In one embodiment, the
memory 114 may include aperceptual hash list 116. Theperceptual hash list 116 may include a plurality of the perceptual hashes ofsecure data 110 that are indexed. Theperceptual hash list 116 may store the perceptual hash ofsecure data 110 for different types of secure data received fromdifferent endpoint devices 106. Theperceptual hash list 116 may be used to provide an automated way to ensure that secure data is not reproduced on theprinting device 102. Thus, any portion of adocument 108 that contains secure data found in theperceptual hash list 116 may be prevented from being reproduced on theprinting device 102. - For example, the
printing device 102 may receive a request to reproduce thedocument 108. Thedocument 108 may include one or more pages. Each page may include text, images, or a combination thereof. Thedocument 108 may be an electronic document transmitted from an endpoint device (e.g., the endpoint device 106) or a physical copy that is placed in theprinting device 102 to copy or scan. In other words, reproduction of thedocument 108 may include printing, scanning, copying, and the like. - In one embodiment, the
printing device 102 may have a configurable setting to turn on or off a security mode. When the security mode is turned on or enabled, theprinting device 102 may generate a perceptual hash of thedocument 108. The perceptual hash of thedocument 108 may be transmitted to theserver 104 to ensure that no secure data is contained in thedocument 108. In one embodiment, theprinting device 102 may always have the security mode enabled such that alldocuments 108 are analyzed to determine that no secure data is contained in thedocuments 108. - In one embodiment, the
printing device 102 may include aprocessor 118, amemory 120, and aperceptual hash engine 124. The processor may execute instructions stored in thememory 120. Thememory 120 may be any type of non-transitory computer readable memory such as a hard disk drive, a random access memory (RAM), an external disk drive, solid state drive, and the like. - It should be noted that the
printing device 102 has been simplified for ease of explanation. Theprinting device 102 may include additional components that are not shown. For example, theprinting device 102 may include a communication interface, a wireless radio, paper trays, a print path, a marking engine, a user interface, a display, input/output devices, and the like. - In one embodiment, the
perceptual hash engine 124 may be executed by theprocessor 118 to generate a perceptual hash ofdocument 122. The perceptual hash ofdocument 122 may be the perceptual hash of thedocument 108 generated by theperceptual hash engine 124. In other words, theprinting device 102 may be modified or specially configured to include the ability to locally generate a perceptual hash of thedocument 108. - The perceptual hash of
document 122 may be generated in a similar way that the perceptual hash ofsecure data 110 is generated, as discussed above. In one embodiment, the perceptual hash of thedocument 122 may include a perceptual hash of each page of thedocument 108. - The perceptual hash of
document 122 may be temporarily stored in thememory 120. Thememory 120 may be a secure memory such as local secure circular list. The secure memory may be a partitioned portion of thememory 120 or a memory device that is separate from thememory 120. - The perceptual hash of
document 122 may be stored temporarily until theserver 104 verifies that thedocument 108 does not contain any secure data. In other words, no portion of thedocument 108 is reproduced (e.g., no copy of thedocument 108 is outputted from the printing device 102) until a control signal is received from theserver 104. Thus, the operation of theprinting device 102 may also be modified to rely on a control signal from the remotely locatedserver 104 before completing a reproduction operation, unlike current printing devices. - In one embodiment, a copy of the perceptual hash of
document 122 may be transmitted to theserver 104 for analysis to see if thedocument 108 contains any secure data. In other words, the copy of the perceptual hash ofdocument 122 that is transmitted may be identical to the perceptual hash ofdocument 122 stored in thememory 120. In one example, each perceptual hash ofsecure data 110 stored in theperceptual hash list 116 may be compared to perceptual hash ofdocument 122. - In one embodiment, the perceptual hash of
document 122 may include a perceptual hash for each page of thedocument 108 and perceptual hash for each page of thedocument 108 may be transmitted toserver 104 and compared one page at a time. In another embodiment, the perceptual hash ofdocument 122 may include the perceptual hash of all pages of thedocument 108 and all pages may be compared simultaneously by theserver 104. - In one embodiment, the
server 104 may compare the perceptual hash ofdocument 122 to perceptual hashes of secure data stored in aperceptual hash list 116 in theserver 104. In one example, a match may be detected when a predefined percentage of a sequence of values of one or more of the perceptual hash of thesecure data 110 in theperceptual hash list 116 matches a sequence of values of the perceptual hash ofdocument 122. For example, the predefined percentage may be 90%. An example of the perceptual hash of thesecure data 110 may be 1100011000. A portion of the perceptual hash ofdocument 122 may be 0100011000. Thus, the portion of thedocument 108 with the perceptual hash of 0100011000 may be determined to match the perceptual hash 1100011000 of the perceptual hash ofsecure data 110. - It should be noted that the predefined percentage is provided as an example. In other words, the predefined percentage may be any value in accordance with a desired application. For example, if tighter security is required the predefined percentage may be lower (e.g., 70% or 80%) to catch a broader range of potential matches. If less security is required the predefined percentage may be higher (e.g., 99% or 100%) to allow more documents to be reproduced.
- In one embodiment, a sliding window may be used to perform the comparison. For example, the perceptual hash of
secure data 110 may include 20 bits. The perceptual hash ofdocument 122 may include 1000 bits for a single page. Thus, a sliding window of the size of the perceptual hash of secure data 110 (e.g., 20 bits) may be used to examine the perceptual hash of each page of thedocument 108. - In one embodiment, when at least one match is found by the
server 104, theserver 104 may send a control signal to theprinting device 102 to halt reproduction of thedocument 108. In other words, no portion of thedocument 108 is reproduced and the request to reproduce thedocument 108 is stopped or denied. - In one embodiment, in response to the control signal from the
server 104, theprinting device 102 may generate a security event and create a security log. The security log may include a date, a time, a user (e.g., if a user is required to log into the printing device 102), and an image of the page or pages of thedocument 108 that contained the secure data. In one example, the security log may be transmitted back to theserver 104. The security log may be encrypted with a public key of theserver 104 before transmission for security. In addition, theprinting device 102 may delete the copy of the perceptual hash ofdocument 122 that is temporarily stored in thememory 120. - In one embodiment, when no match is found by the
server 104, theserver 104 may send a control signal to theprinting device 102 to indicate that reproduction of thedocument 108 is authorized. As a result, theprinting device 102 may continue with the requested operation to generate a reproduction of the document 108 (e.g., printing, scanning, or copying). - Thus, the present disclosure provides a
printing device 102 that is modified to operate in cooperation with theserver 104. Theprinting device 102 may work with theserver 104 to automatically analyzedocuments 108 and ensure that no secure data is reproduced by theprinting device 102. -
FIG. 2 illustrates a flowchart of amethod 200 for preventing reproduction of secure data on a multi-function device. In one embodiment, themethod 200 may be performed by theMFD 102 or a computer as illustrated inFIG. 4 and discussed below. - The
method 200 begins atblock 202. Atblock 204, themethod 200 receives a request to reproduce a document. For example, the document may be a plurality of pages of text, images, or a combination of both text and images. The document may be a physical document to be reproduced on the MFD. For example, the document may be already printed on paper, or any other type of print media, and the document may be placed in the MFD for scanning, copying, or printing. - In another example, the document may be sent electronically from an endpoint device. For example, a user on an endpoint device may select an electronic document for printing on the MFD and send an electronic copy of the document for printing.
- At
block 206, themethod 200 calculates a perceptual hash of the document. In one embodiment, the perceptual hash may be calculated when the MFD is running in a security mode. For example, the security mode may be turned on and off on the MFD depending on whether the MFD should automatically detect secure data and prevent the reproduction of the secure data. - The perceptual hash of the document may be calculated as described above. The perceptual hash may be calculated for each page of the document. In one embodiment, the perceptual hash of each page of the document may be temporarily stored in secure memory on the MFD. For example, the secure memory may be a secure circular list in the MFD.
- At
block 208, themethod 200 transmits the perceptual hash of the document to a server. In one embodiment, the server may be a preconfigured content security back-end system (CSBES). The CSBES may be remotely located from the MFD. The MFD may establish a secure wireless or wired communication path to the CSBES. The perceptual hash of the document may be transmitted over the communication path to the CSBES. - In one embodiment, the
blocks - At
block 210, themethod 200 receives a control signal to halt reproduction of the document on the multi-function device in response to a perceptual hash of the secure data stored on the server matching at least a portion of the perceptual hash of the document. For example, the server, or CSBES, may compare the perceptual hash of the document, or each page of the document, to perceptual hashes of secure data stored in a perceptual hash list in the server. - In one example, a match may be detected when a predefined percentage of a sequence of values of the perceptual hash of the secure data matches a sequence of values of the perceptual hash of the document. For example, the predefined percentage may be 90%. The perceptual hash of one of the secure data may be 1100011000. A portion of the perceptual hash of the document may be 0100011000. Thus, the portion of the document with the perceptual hash of 0100011000 may be determined to match the perceptual hash 1100011000 of the secure data.
- It should be noted that the predefined percentage is provided as an example. In other words, the predefined percentage may be any value in accordance with a desired application. For example, if tighter security is required the predefined percentage may be lower (e.g., 70% or 80%) to catch a broader range of potential matches. If less security is required the predefined percentage may be higher (e.g., 99% or 100%) to allow more documents to be reproduced.
- In one embodiment, a sliding window may be used to perform the comparison. For example, the perceptual hash of the secure data may include 20 bits. A page of the document may include 1000 bits. Thus, a sliding window of the size of the perceptual hash of the secure data (e.g., 20 bits) may be used to examine the perceptual hash of each page of the document.
- At
block 212, themethod 200 halts the reproduction of the document on the multi-function device in response to the control signal. In other words, in response to the control signal, the MFD may prevent the document from being reproduced in any way (e.g., prevents scanning, copying, or printing). In one embodiment, a security event may be created and logged by the MFD. - In one embodiment, the security log may include a date, a time, a user (e.g., if a user is required to log into the MFD), and an image of the page or pages of the document that contained the secure data. In one example, the security log may be transmitted back to the server or CSBES. The security log may be encrypted with a public key of the CSBES before transmission for security.
- As a result, the MFD may be modified to automatically detect secure data in a document and prevent reproduction of the secure data. In one embodiment, part of the control of the MFD may be controlled by the server or CSBES. Thus, the MFD of the present disclosure may work with the CSBES to provide an automated system to detect secure data and prevent reproduction of the secure data without any user intervention. The
method 200 ends atblock 214. -
FIG. 3 illustrates a flowchart of amethod 300 for preventing reproduction of secure data on a multi-function device. In one embodiment, themethod 300 may be performed byCSBES 104 or a computer as illustrated inFIG. 4 and discussed below. - The
method 300 begins atblock 302. Atblock 304, themethod 300 receives a perceptual hash of secure data to be stored in a perceptual hash list. For example, the perceptual hash of the secure data may be created by a user on an endpoint device. The CSBES may collect the perceptual hash for a plurality of different secure data received from different endpoint devices and store the perceptual hashes in the perceptual hash list. The perceptual hash for each secure data can be generated or calculated, as discussed above. - In one embodiment, the perceptual hash of the secure data may be converted or compressed to save storage space. For example, the bits of the perceptual hash may be converted into a hexadecimal format, or any other memory space saving format for storage.
- In one embodiment, each perceptual hash stored in the perceptual hash list may be encrypted with a public key of the CSBES. For example, the user of the endpoint device that creates the perceptual hash may have the public key of the CSBES. The perceptual hash of the secure data may be encrypted with the public key before being transmitted to the CSBES.
- At
block 306, themethod 300 receives a perceptual hash of a document to be reproduced on an MFD. In one embodiment, the CSBES may manage a plurality of different MFDs at a plurality of different geographic locations. The CSBES may receive the perceptual hash of the document from one of the MFDs. - In one embodiment, the perceptual hash of the document may include the perceptual hash of each page of the document. For example, the document may be a plurality of pages. The MFD may calculate the perceptual hash of each page of the document and transmit the perceptual hash of each page of the document to the CSBES.
- At
block 308, themethod 300 compares the perceptual hash of the document to the perceptual hash of the secure data stored in the perceptual hash list. In one embodiment, the comparing may be performed for each page of the document if the document comprises multiple pages, as noted inblock 306. - For example, a sequence of bits of the perceptual hash of the secure data may be compared to a sequence of bits of the perceptual hash of the document. The comparison may be performed to determine of the sequence of bits of the perceptual hash of the secure data match within a predefined threshold, or detection range, of any portion of the sequence of the perceptual hash of the document.
- In one embodiment, a sliding window may be used to perform the comparison. For example, the perceptual hash of the secure data may include 20 bits. A page of the document may include 1000 bits. Thus, a sliding window of the size of the perceptual hash of the secure data (e.g., 20 bits) may be used to examine the perceptual hash of each page of the document.
- At
block 310, themethod 300 transmits a control signal to the MFD to halt reproduction of the document when the perceptual hash of the secure data in the perceptual hash list matches at least a portion of the perceptual hash of the document. In one example, a match may be detected when a predefined percentage of a sequence of values of the perceptual hash of the secure data matches a sequence of values of the perceptual hash of the document. For example, the predefined percentage may be 90%. The perceptual hash of one of the secure data may be 1100011000. A portion of the perceptual hash of the document may be 0100011000. Thus, the portion of the document with the perceptual hash of 0100011000 may be determined to match the perceptual hash 1100011000 of the secure data. - It should be noted that the predefined percentage is provided as an example. In other words, the predefined percentage may be any value in accordance with a desired application. For example, if tighter security is required the predefined percentage may be lower (e.g., 70% or 80%) to catch a broader range of potential matches. If less security is required the predefined percentage may be higher (e.g., 99% or 100%) to allow more documents to be reproduced.
- In one example, when a match is found and the MFD is halted from reproducing the document, the MFD may transmit a security log to the CSBES. The security log may include a date, a time, a user (e.g., if a user is required to log into the MFD), and an image of the page or pages of the document that contained the secure data. The security log may be encrypted with the public key of the CSBES for security.
- In one embodiment, if no match is found, the CSBES may send a control signal indicating that no match was found and that the document may be reproduced. Thus, the MFD may hold the document for reproduction until either a control signal indicating a match was found or a control signal indicating that no match was found is received from the CSBES. At
block 312, themethod 300 ends. - It should be noted that although not explicitly specified, one or more blocks, functions, or operations of the
methods FIGS. 2 and 3 that recite a determining operation, or involve a decision, do not necessarily require that both branches of the determining operation be practiced. In other words, one of the branches of the determining operation can be deemed as an optional block. -
FIG. 4 depicts a high-level block diagram of a computer that is dedicated to perform the functions described herein. As depicted inFIG. 4 , thecomputer 400 comprises one or more hardware processor elements 402 (e.g., a central processing unit (CPU), a microprocessor, or a multi-core processor), amemory 404, e.g., random access memory (RAM) and/or read only memory (ROM), amodule 405 for preventing reproduction of secure data on a multi-function device, and various input/output devices 406 (e.g., storage devices, including but not limited to, a tape drive, a floppy drive, a hard disk drive or a compact disk drive, a receiver, a transmitter, a speaker, a display, a speech synthesizer, an output port, an input port and a user input device (such as a keyboard, a keypad, a mouse, a microphone and the like)). Although only one processor element is shown, it should be noted that the computer may employ a plurality of processor elements. - It should be noted that the present disclosure can be implemented in software and/or in a combination of software and hardware deployed on a hardware device, a computer or any other hardware equivalents (e.g., the
MFD 102 or the CSBES 104). For example, computer readable instructions pertaining to the method(s) discussed above can be used to configure a hardware processor to perform the blocks, functions and/or operations of the above disclosed methods. In one embodiment, instructions and data for the present module orprocess 405 for preventing reproduction of secure data on a multi-function device (e.g., a software program comprising computer-executable instructions) can be loaded intomemory 404 and executed byhardware processor element 402 to implement the blocks, functions or operations as discussed above in connection with theexample methods - The processor executing the computer readable or software instructions relating to the above described method(s) can be perceived as a programmed processor or a specialized processor. As such, the
present module 405 for preventing reproduction of secure data on a multi-function device (including associated data structures) of the present disclosure can be stored on a tangible or physical (broadly non-transitory) computer-readable storage device or medium, e.g., volatile memory, non-volatile memory, ROM memory, RAM memory, magnetic or optical drive, device or diskette and the like. More specifically, the computer-readable storage device may comprise any physical devices that provide the ability to store information such as data and/or instructions to be accessed by a processor or a computing device such as a computer or an application server. - It will be appreciated that variants of the above-disclosed and other features and functions, or alternatives thereof, may be combined into many other different systems or applications. Various presently unforeseen or unanticipated alternatives, modifications, variations, or improvements therein may be subsequently made by those skilled in the art which are also intended to be encompassed by the following claims.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/007,649 US10491782B1 (en) | 2018-06-13 | 2018-06-13 | Method and apparatus to prevent reproduction of secure data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/007,649 US10491782B1 (en) | 2018-06-13 | 2018-06-13 | Method and apparatus to prevent reproduction of secure data |
Publications (2)
Publication Number | Publication Date |
---|---|
US10491782B1 US10491782B1 (en) | 2019-11-26 |
US20190387129A1 true US20190387129A1 (en) | 2019-12-19 |
Family
ID=68617633
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/007,649 Active US10491782B1 (en) | 2018-06-13 | 2018-06-13 | Method and apparatus to prevent reproduction of secure data |
Country Status (1)
Country | Link |
---|---|
US (1) | US10491782B1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11449545B2 (en) | 2019-05-13 | 2022-09-20 | Snap Inc. | Deduplication of media file search results |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7656930B2 (en) * | 2001-09-10 | 2010-02-02 | Digimarc Corporation | Assessing quality of service using digital watermark information |
US8103108B2 (en) * | 2007-05-01 | 2012-01-24 | Sharp Kabushiki Kaisha | Image processing apparatus, image forming apparatus, image processing system, and image processing method |
US9319384B2 (en) * | 2014-04-30 | 2016-04-19 | Fortinet, Inc. | Filtering hidden data embedded in media files |
US10152605B2 (en) * | 2014-05-21 | 2018-12-11 | Siddharth Shetye | Systems and methods for front-end and back-end data security protocols |
JP2018055465A (en) * | 2016-09-29 | 2018-04-05 | セイコーエプソン株式会社 | Printer and control method of printer |
-
2018
- 2018-06-13 US US16/007,649 patent/US10491782B1/en active Active
Also Published As
Publication number | Publication date |
---|---|
US10491782B1 (en) | 2019-11-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9794252B2 (en) | Information processing system and device control method | |
US8601559B2 (en) | Image output authentication system, image output authentication server, and image output authentication method | |
US11057531B2 (en) | Operating an appliance scanner system | |
US20050144469A1 (en) | Imaging apparatus, imaging system, security management apparatus, and security management system | |
US9348994B2 (en) | Information processor and system that associate job and user information based on job identifier | |
US20130182279A1 (en) | Authentication system, authentication method, and apparatus | |
US9930492B2 (en) | Information processing system, information storage apparatus, and location information storing method | |
US9167120B2 (en) | Document policies for a document processing unit | |
US8166541B2 (en) | Information processing apparatus and data management system | |
US20110016531A1 (en) | System and method for automated maintenance based on security levels for document processing devices | |
US20210073369A1 (en) | Tampering detection method and apparatus and non-transitory computer-readable storage medium | |
US20220058278A1 (en) | Using machine learning to bypass activities of a secure document workflow based on recipient profile | |
US20150020167A1 (en) | System and method for managing files | |
US20180270246A1 (en) | Information processing system, information processing apparatus, and information processing method | |
US20160124689A1 (en) | Non-transitory computer readable recording medium storing an account management program, image forming apparatus and image forming system | |
US10491782B1 (en) | Method and apparatus to prevent reproduction of secure data | |
US20220058287A1 (en) | Modifying elements of a secure document workflow based on change in profile of recipient | |
US10289356B2 (en) | Information processing apparatus, information processing system, method for processing information, and program | |
US20130141752A1 (en) | Job control apparatus, job control system, and method of controlling processing job data | |
JP2009187551A (en) | System and method for performing document processing in accordance with content of document | |
US9286480B2 (en) | Information processing device, non-transitory computer readable medium, and information processing method | |
US11599662B2 (en) | Bypassing elements of a secure document workflow based on identity of recipient | |
US11336789B1 (en) | Controlling a multi-function device based on a user limit associated with a policy | |
US11625207B2 (en) | Information processing apparatus and non-transitory computer readable medium for suppression or prevention of work from being illegally sent to external apparatus | |
US9165222B2 (en) | Forming system, apparatus and storage medium executing a job based on a preview log image and a log image is generated as a history image |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: XEROX CORPORATION, CONNECTICUT Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ZEHLER, PETER J.;REEL/FRAME:046077/0915 Effective date: 20180525 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: CITIBANK, N.A., AS AGENT, DELAWARE Free format text: SECURITY INTEREST;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:062740/0214 Effective date: 20221107 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
AS | Assignment |
Owner name: XEROX CORPORATION, CONNECTICUT Free format text: RELEASE OF SECURITY INTEREST IN PATENTS AT R/F 062740/0214;ASSIGNOR:CITIBANK, N.A., AS AGENT;REEL/FRAME:063694/0122 Effective date: 20230517 |
|
AS | Assignment |
Owner name: CITIBANK, N.A., AS COLLATERAL AGENT, NEW YORK Free format text: SECURITY INTEREST;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:064760/0389 Effective date: 20230621 |
|
AS | Assignment |
Owner name: JEFFERIES FINANCE LLC, AS COLLATERAL AGENT, NEW YORK Free format text: SECURITY INTEREST;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:065628/0019 Effective date: 20231117 |
|
AS | Assignment |
Owner name: XEROX CORPORATION, CONNECTICUT Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS RECORDED AT RF 064760/0389;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:068261/0001 Effective date: 20240206 Owner name: CITIBANK, N.A., AS COLLATERAL AGENT, NEW YORK Free format text: SECURITY INTEREST;ASSIGNOR:XEROX CORPORATION;REEL/FRAME:066741/0001 Effective date: 20240206 |