JP2005153229A - Image forming apparatus, printing data alteration verifying system, printing data alteration verification method, computer program, and computer readable recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To verify alteration of printing data as quickly as possible. <P>SOLUTION: When a registration request for a printing job is generated by user's operation of an operation panel of a copying machine 104, a printing data decoding part 104 decodes encrypted printing data transmitted from a client PC 102, and a printing data alteration detecting part 124 inspects with the use of the hash function whether or not the decoded printing data is altered. If the printing data is not altered, the decoded printing data is encrypted again and held in a printing job holding part 125. On the other hand, if the printing data is altered, the decoded printing data is destroyed by a printing data destroying part 134. Accordingly, a user authentication process and an alteration verification process can be carried out separately from each other (independently of each other). Alteration of the printing data can be detected without waiting for user authentication. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an image forming apparatus, a print data falsification verification system, a print data falsification verification method, a computer program, and a computer-readable recording medium, and particularly suitable for performing falsification verification of print print data. is there.

  In a conventional system for verifying tampering of print data, the MFP holds the print job including encrypted print data transmitted from the client as it is in the HDD. After the user authentication for the multifunction device is completed, the encrypted print data is decrypted with the secret key of the multifunction device (see, for example, Patent Document 1).

JP 2001-186358 A

However, in the above-described conventional system, after the user authentication is completed, the MFP performs both the decryption work of the encrypted print job and the verification work of falsification of the decrypted print data. There was a problem that it took a long time to output, and the processing capacity (performance) of the multi-function peripheral was reduced. Furthermore, in order for the user to detect falsification of print data, there is a problem that user authentication for a print request must be performed.
As described above, the conventional technique has a problem that it takes time to verify the falsification of the print data.

  The present invention has been made in view of the above-described problems, and an object of the present invention is to enable verification of falsification of print data as quickly as possible.

An image forming apparatus according to the present invention includes a print job acquisition unit that acquires an encrypted print job, and a print data decryption unit that decrypts print data included in the print job acquired by the print job acquisition unit. And print data alteration verifying means for verifying whether or not the print data decrypted by the print data decrypting means has been altered.
A print data alteration verification system according to the present invention includes the above-described image forming apparatus and an information processing apparatus that transmits a print job including encrypted print data to the image forming apparatus.

  The print data alteration verification method of the present invention includes a print job acquisition step for acquiring an encrypted print job, and a print data decryption for decoding the print data included in the print job acquired by the print job acquisition step. And a print data alteration verification step for verifying whether the print data decrypted by the print data decryption step has been altered.

The computer program according to the present invention includes a print job acquisition step for acquiring an encrypted print job, and a print data decryption step for decrypting print data included in the print job acquired by the print job acquisition step. The print data alteration verifying step for verifying whether or not the print data decrypted by the print data decrypting step has been falsified is executed by the computer.
A computer-readable recording medium according to the present invention records the above-described computer program.

  According to the present invention, the print data included in the acquired print job is decrypted, and it is verified whether or not the decrypted print data has been tampered with. Can be performed individually. As a result, when the user completes user authentication for outputting print data, it is possible to have already verified the alteration of the print data. As a result, the printing process can be performed as soon as possible.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing an example of the configuration of a printing system according to an embodiment of the present invention.
In FIG. 1, a printing system (print data alteration verification system) is configured by connecting a client PC (information processing apparatus) 102 and a multifunction peripheral 104 to each other via a network 103.
The client 102 includes a print job generation unit 111, a user authentication unit 112, a public key acquisition unit 113, a print data hash value calculation unit 114, a print data encryption unit 115, and a print job transmission unit 116.

The client PC 102 is used by the user 101. The user 101 operates the input device (keyboard, mouse, etc.) of the client PC 102 to request generation of a print job (hereinafter abbreviated as a print job generation request).
The print job generation unit 111 generates a print job in response to a print job generation request from the user 101. Upon receiving the print job generation request, the print job generation unit 111 requests the user authentication unit 112 for user authentication. In this case, the user authentication is performed using, for example, an ID or password input by the user by operating the input device (keyboard) of the client PC 102. In addition, user authentication may be performed by using data recorded on an IC card connected to the client PC 102.

  If the user authentication is successful in this way, the print job generation unit 111 requests the public key acquisition unit 113 to acquire a public key (hereinafter abbreviated as a public key acquisition request). Upon receiving a public key acquisition request, the public key acquisition unit 113 accesses the public key / private key management unit 126 of the MFP 104 via the network 103 and acquires a public key.

The print data hash value calculation unit 114 inputs the print data to the hash function and calculates the hash value.
The print data encryption unit 115 encrypts the print data using the public key acquired by the public key acquisition unit 113.
The print job transmission unit 116 transmits the print job (user authentication information, print data hash value, and encrypted print data) generated by the print job generation unit 111 to the multifunction peripheral.

  The MFP 104 includes a print job management unit 121, a print job acquisition unit 122, a print data decryption unit 123, a print data alteration verification unit 124, a print job hold unit 125, a public key / private key management unit 126, and a print data output management unit. 131, a user authentication unit 132, a print data output unit 133, and a print job discard unit 134.

The print job management unit 121 determines a request (public key acquisition request, print job registration request, or print data output request) from the user.
When the print job management unit 121 determines that the request from the user is a print job registration request, the print job acquisition unit 122 acquires the print job from the multifunction peripheral 121.
The print data decryption unit 123 acquires the secret key from the public key / private key management unit 126 and decrypts the encrypted print data included in the print job acquired by the print job acquisition unit 122.

The print data alteration verification unit 124 inputs the print data decrypted by the print data decryption unit 123 into the hash function, compares it with the data in the print job, and performs alteration verification. If the calculation result does not match the data in the print job, the print job is discarded. On the other hand, if the calculation results match, the print job that has been encrypted is registered in the print job hold unit 125, and the print data once decrypted is discarded.
If the print job management unit 121 determines that the request from the user is a public key acquisition request, the print job management unit 121 requests the public key / private key management unit 126 to perform processing. The public key / private key management unit 126 returns the public key to the client PC 102.

  When the print job management unit 121 determines that the request from the user is a print data output request, the print job management unit 121 requests the print data output management unit 131 to perform processing. The print data output management unit 131 uses the user authentication unit 132 to perform user authentication. In this case, the user authentication is performed using, for example, an ID or a password input by the user by operating the operation panel of the multifunction peripheral 104. In addition, user authentication may be performed by using data recorded on an IC card connected to the multifunction peripheral 104.

  If the user authentication is successful in this way, the print data output management unit 131 requests the print data output unit 133 to perform processing. The print data output unit 133 accesses the print job hold unit 125 and selects a print job with reference to the user authentication information. Then, the print data decoding unit 123 decodes the selected print job. Then, the print data output unit 133 prints the decrypted print data. After the print data is printed (output), the print job discarding unit 134 discards the corresponding (printed) print job from the print job holding unit 125.

FIG. 2 is a block diagram illustrating an example of an internal configuration of a computer disposed in the client PC 102 and the multifunction peripheral 104.
In FIG. 2, reference numeral 200 denotes a computer system disposed in the client PC 102 and the multifunction peripheral 104. The computer system 200 includes a CPU 201 that executes software stored in a ROM 202 or a hard disk (HD) 204. Further, the CPU 201 comprehensively controls each device 202 to 204 connected to the system bus 206.
Reference numeral 203 denotes a RAM, which functions as a main memory, work area, and the like for the CPU 201. Reference numeral 205 denotes a LAN, which exchanges data bidirectionally with other network devices or other PCs (information processing devices) via the network 207.

FIG. 3 is a diagram illustrating an example of print job data.
Reference numeral 301 denotes print job data generated by the print job generation unit 111. The print job data 301 is stored on the HD 204, for example.

Hereinafter, an example of the operation in the printing system of the present embodiment will be described using a flowchart.
FIG. 4 is a flowchart showing the overall operation of the printing system shown in FIG. 4 is executed by the CPU 201 on the multi-function peripheral 104.

When the program starts, first, in step S401, the multifunction peripheral 104 waits until an event occurs. If an event occurs, the process proceeds to step S402.
Next, in step S402, it is determined whether or not the event acquired (generated) in step S401 is a public key registration request. If it is a public key registration request, the process proceeds to step S405, where the public key is transmitted to the client PC. On the other hand, if it is not a public key registration request, the process proceeds to step S403.

  In step S403, it is determined whether the event acquired (generated) in step S401 is a print job registration request. If it is a print job registration request, the process advances to step S406 to register the print job. On the other hand, if it is not a print job registration request, the process proceeds to step S404. The operation in step 406 will be described in detail with reference to FIG.

  In step S404, it is determined whether or not the event acquired (generated) in step S401 is a print data output request. If it is a print data output request, the process advances to step S407 to output the print data. On the other hand, if it is not a print data output request, the process returns to step S401 to wait for an event input. The operation in step S407 will be described in detail with reference to FIG.

FIG. 5 is a flowchart showing an example of a series of operations of the client PC 102 in the printing system shown in FIG. Note that the operation shown in FIG. 5 is executed by the CPU 201 on the client PC 102.
When the program starts, first, in step S501, it waits until an event occurs. If an event occurs, it is determined in next step S502 whether the generated event is a print job generation request. If it is a print job generation request, the process advances to step S503 to generate a print job. On the other hand, if it is not a print job generation request, the process returns to step S501. The operation in step S503 will be described in detail with reference to FIG.

FIG. 6 is a flowchart showing an example of a series of operations when generating a print job in the printing system shown in FIG. 1, and is a flowchart showing in detail the processing in step S503 in FIG. Note that the operation shown in FIG. 6 is executed by the CPU 201 on the client PC 102.
When the program starts, first, in step S601, the user authentication unit 112 performs user authentication.
Next, in step S602, the public key acquisition unit 113 acquires a public key from the multi-function peripheral 104 (public key / private key management unit 126).

Next, in step S603, the print data hash value calculation unit 114 calculates a hash value of the print data.
Next, in step S604, the print data encryption unit 115 encrypts the print data.
Finally, in step S605, the print job generation unit 111 generates a print job including the encrypted print data, the hash value of the print data, and the user authentication information, transmits the print job to the multifunction peripheral 104, and ends the program. To do.

FIG. 7 is a flowchart showing an example of a series of operations when registering a print job in the printing system shown in FIG. 1, and is a flowchart showing in detail the processing in step S406 in FIG. 7 is executed by the CPU 201 on the multifunction machine 104.
When the program starts, first, in step S701, the print data decryption unit 123 obtains a secret key from the public / private key management unit 126, and decrypts the print data.
Next, in step 702, the print data alteration verification unit 124 inputs the decrypted print data to the hash function, compares it with the data in the print job, and verifies the alteration of the print data.

In step 703, it is determined whether the print data has been tampered with. If the print data has not been falsified (verification OK), the process proceeds to step S704. In step S704, the print data alteration verification unit 124 re-encrypts the decrypted print data with its own public key.
In step S706, the print data alteration verifying unit 124 holds the encrypted print job in the print job holding unit (HDD) 125, and the program ends.
If it is determined in step S703 that the print data has been tampered with (if verification is not OK), the process proceeds to step S705. In step S705, the print job discarding unit 134 discards the print job and ends the program.

FIG. 8 is a flowchart showing an example of a series of operations when printing data is output in the printing system shown in FIG. 1, and is a flowchart showing in detail the processing of step 407 in FIG. Note that the operation shown in FIG. 8 is executed by the CPU 201 on the multifunction peripheral 104.
When the program starts, first, in step S801, the user authentication unit 132 performs user authentication.
In step S <b> 802, the print data output unit 133 selects a print job from the print job hold unit 125 with reference to the user authentication information. Then, the print data decryption unit 123 acquires the secret key from the public / private key management unit 126 and decrypts the print data included in the selected print job.
In step S803, the print data output unit 133 prints and outputs the decoded print data.
In step S804, the print job discarding unit 134 discards the output print job from the print job holding unit 125, and ends the program.

As described above, according to the present exemplary embodiment, when there is a print job registration request issued when the user operates the operation panel of the multifunction peripheral 104, the encrypted print data transmitted from the client PC 102 is decrypted and decrypted. Whether or not the print data has been altered is verified using a hash function, and if it has not been altered, the decrypted print data is re-encrypted and held, whereas if it has been altered, the decrypted print data is discarded. Therefore, user authentication processing and falsification verification processing can be performed individually (independently), and it is possible to detect falsification of print data without waiting for user authentication. As a result, when the user completes user authentication by operating the operation panel of the multi-function peripheral 104 for printing data output, it is possible to have already verified the alteration of the printing data. Become. Therefore, the multifunction device 104 can decrypt the print data being held with its own secret key and immediately perform the printing process, and can improve (effectively use) the processing capability (performance) of the multifunction device 104. .
In addition, since a falsification detection notification can be sent to the user in advance by e-mail or the like before user authentication, if the print data has been falsified, the user can authenticate the user with the MFP 104 for a print request. Therefore, the usability of the multi-function device 104 can be improved.

(Other embodiments of the present invention)
In order to operate various devices to realize the functions of the above-described embodiments, program codes of software for realizing the functions of the above-described embodiments are provided to an apparatus or a computer in the system connected to the various devices. What is implemented by operating the various devices according to a program supplied and stored in a computer (CPU or MPU) of the system or apparatus is also included in the scope of the present invention.

  In this case, the program code of the software itself realizes the functions of the above-described embodiments, and the program code itself and means for supplying the program code to the computer, for example, the program code are stored. The recorded medium constitutes the present invention. As a recording medium for storing the program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a magnetic tape, a nonvolatile memory card, a ROM, or the like can be used.

  Further, by executing the program code supplied by the computer, not only the functions of the above-described embodiments are realized, but also the OS (operating system) or other application software in which the program code is running on the computer, etc. It goes without saying that the program code is also included in the embodiment of the present invention even when the functions of the above-described embodiment are realized in cooperation with the embodiment.

  Further, after the supplied program code is stored in the memory provided in the function expansion board of the computer or the function expansion unit connected to the computer, the CPU provided in the function expansion board or function expansion unit based on the instruction of the program code Needless to say, the present invention includes a case where the functions of the above-described embodiment are realized by performing part or all of the actual processing.

1 is a block diagram illustrating an exemplary configuration of a printing system according to an exemplary embodiment of the present invention. 1 is a block diagram illustrating an example of an internal configuration of a computer disposed in a client PC and a multifunction peripheral according to an embodiment of the present invention. FIG. 4 is a diagram illustrating an example of print job data according to an exemplary embodiment of the present invention. 3 is a flowchart illustrating an example of the overall operation in the printing system according to the exemplary embodiment of the present invention. 6 is a flowchart illustrating an example of a series of operations of the client PC in the printing system according to the embodiment of this invention. 6 is a flowchart illustrating an example of a series of operations when generating a print job according to the embodiment of this invention. 5 is a flowchart illustrating an example of a series of operations when registering a print job according to the embodiment of this invention. 5 is a flowchart illustrating an example of a series of operations when outputting print data according to the embodiment of this invention.

Explanation of symbols

101 User 102 Client PC
DESCRIPTION OF SYMBOLS 103 Network 104 MFP 111 Print job generation part 112 User authentication part 113 Public key acquisition part 114 Print data hash value calculation part 115 Print data encryption part 116 Print job transmission part 121 Print job management part 122 Print job acquisition part 123 Print data Decryption unit 124 Print data alteration detection unit 125 Print job hold unit 126 Public key / private key management unit 131 Print data output management unit 131
132 User Authentication Unit 133 Print Data Output Unit 134 Print Job Discarding Unit 200 Computer System 201 CPU
202 ROM
203 RAM
204 HD
205 LAN
206 System bus

Claims (9)

Print job acquisition means for acquiring an encrypted print job;
Print data decoding means for decoding the print data included in the print job acquired by the print job acquisition means;
An image forming apparatus comprising: a print data alteration verifying unit that verifies whether or not the print data decrypted by the print data decrypting unit has been altered. A print data encryption unit that encrypts the print data decrypted by the print data decryption unit when the print data alteration verification unit verifies that the print data has not been tampered with;
Print data holding means for temporarily holding the print data encrypted by the print data encryption means;
A print data discarding unit for discarding the print data decrypted by the print data decrypting unit when the print data alteration verifying unit verifies that the print data has been tampered with; The image forming apparatus according to claim 1. User authentication means for authenticating the user;
Print data output means for selecting and outputting desired print data from print data held in the print data holding means based on the result of user authentication by the user authentication means,
The image forming apparatus according to claim 2, wherein the print data discarding unit discards information related to the print data output from the print data output unit from the print data holding unit.   Print data comprising: the image forming apparatus according to claim 1; and an information processing apparatus that transmits a print job including encrypted print data to the image forming apparatus. Tamper verification system. A print job acquisition step for acquiring an encrypted print job;
A print data decoding step for decoding the print data included in the print job acquired by the print job acquisition step;
A print data falsification verification method comprising: a print data falsification verification step for verifying whether or not the print data decrypted by the print data decryption step has been falsified. A print data encryption step for encrypting the print data decrypted by the print data decryption step when it is verified by the print data alteration verification step that the print data has not been tampered with;
A print data holding step for temporarily holding the print data encrypted by the print data encryption step in a recording medium;
A print data discarding step for discarding the print data decrypted by the print data decryption step when it is verified that the print data has been tampered by the print data modification verifying step; The print data alteration verification method according to claim 5. A user authentication step for authenticating the user;
A print data output step for selecting and outputting desired print data from the print data held in the print data holding step based on the result of user authentication by the user authentication step;
7. The print data alteration verification method according to claim 6, wherein the print data discarding step discards information related to the print data output by the print data output step from the recording medium. A print job acquisition step for acquiring an encrypted print job;
A print data decoding step for decoding the print data included in the print job acquired by the print job acquisition step;
A computer program for causing a computer to execute a print data falsification verification step for verifying whether the print data decrypted in the print data decryption step has been falsified.   9. A computer-readable recording medium on which the computer program according to claim 8 is recorded.

Images