JP4395832B2 - Printer, print client and printing system - Google Patents

Description

  The present invention relates to a printer, a print client, and a printing system, and in particular, a printer capable of restricting a place where print data can be printed, a print client capable of restricting a place where such a printer can request printing, and And a printing system having such a printer and a print client.

  In recent years, as a business model using a printer, a form in which a printer maker rents a printer free of charge to a user and the user pays the printer maker for the number of copies printed using the printer has been attracting attention. . In such a business model, in addition to charging according to the number of printed sheets, charging according to the usage period, charging according to the amount of ink used, and the like are conceivable.

  In addition, when print data is transmitted from a print client such as a computer to a printer, there is a demand for ensuring the security of the print data by limiting the position of the printer that can print the print data. In response to such a demand, a technique for encrypting print data from a computer and transmitting it to a printer and restricting the position of the printer where the encrypted print data can be decrypted is disclosed in Japanese Patent Application Laid-Open No. 11-331144. (Hereinafter referred to as Patent Document 1).

In the printing system of Patent Document 1, an encryption server manages an encryption key and a decryption key. Then, when acquiring the encryption key from the encryption server, the computer that transmits the data specifies the position where the decryption key may be transmitted, and encrypts the print data with this encryption key, Send to printer. The printer that has received the encrypted print data transmits the printer position to the encryption server. The encryption server only decrypts the decryption key when the printer position matches the position specified by the computer. Is sent to the printer.
JP-A-11-331144

  In the business model for renting printers as described above free of charge, if a user resells a printer lent by a printer manufacturer without permission, or if the user rents the printer to another person, the printer maker charges for the use of the printer. You will not be able to. For this reason, the printer manufacturer wants to limit the place where the lent printer can be used, that is, the place where normal printing can be performed to the rented user's place.

  In the printing system of Patent Document 1, when transmitting encrypted data, only the position of the printer that can decrypt the data can be specified. Even if the printer is moved without permission, the position of the printer can be determined. If you specify it correctly, you can print.

  Similarly to the printer business model, a computer model or the like can be rented free of charge by the manufacturer to collect usage fees. In this case, it is necessary to limit the place where the computer can be used to the place of the rented user.

  Accordingly, the present invention has been made in view of the above problems, and provides a printer, a print client, and a printing system including such a printer and a print client that can print only at a location registered in advance. For the purpose.

In order to solve the above problems, a printer according to the present invention is a printer that performs printing based on print data,
First printer position information acquisition means for acquiring printer position information for specifying a location where the printer is installed from printer position information acquisition means, and using this as first printer position information;
Printer public key generation means for generating a printer public key using a passphrase including at least the first printer position information;
Printer public key holding means for holding the printer public key generated by the printer public key generating means;
A printer public key transmission unit that transmits a printer public key held in the printer public key holding unit to the print client in response to a request from the print client;
An encrypted client random number receiving means for receiving an encrypted client random number generated by encrypting a client random number using the printer public key from the print client;
Second printer position information acquisition means for acquiring printer position information from the printer position information acquisition means and using this as second printer position information;
A printer secret key generating means for generating a printer secret key using a passphrase including at least the second printer position information;
Client random number obtaining means for decrypting the encrypted client random number using the printer private key and obtaining a client random number;
A printer random number generating means for generating a printer random number;
A common key generation means for generating a common key using the printer random number and the client random number;
Encrypted print data receiving means for receiving encrypted print data generated by encrypting print data from the print client;
Print data acquisition means for decrypting the encrypted print data and acquiring the print data using the common key;
It is characterized by providing.

In this case, client public key receiving means for receiving a client public key from the print client;
Encrypted printer random number generation means for generating an encrypted printer random number by encrypting the printer random number using the client public key;
An encrypted printer random number transmission means for transmitting the encrypted printer random number to the print client;
May be further provided.

  In addition, after receiving the encrypted client random number by the encrypted client random number receiving unit and / or after receiving the encrypted print data by the encrypted print data receiving unit, the second printer position information acquiring unit The printer position information may be acquired from the printer position information acquisition means.

  Further, even when the printer public key is generated when the printer public key generation unit generates the printer public key, the printer private key may be discarded without being saved.

  Further, even when a printer public key is generated when the printer private key generation unit generates the printer private key, the printer public key may be discarded without being saved.

  Further, the printer secret key generated by the printer secret key generation unit may be discarded after the client random number acquisition unit decrypts the encrypted client random number.

  The common key generated by the common key generation unit may be discarded after the encrypted print data is decrypted by the print data acquisition unit.

The printer public key generation unit generates a printer public key using a passphrase including device specific information that is unique information of the printer in addition to the first printer position information.
The printer secret key generation means may generate a printer secret key using a passphrase including the device specific information in addition to the second printer position information.

The printer control method according to the present invention includes:
A method for controlling a printer that performs printing based on print data,
Acquiring printer position information for specifying a place where the printer is installed from the printer position information acquiring means, and using the acquired position information as first printer position information;
Generating a printer public key using a passphrase including at least the first printer position information;
Holding the generated printer public key in a printer public key holding unit;
Transmitting a printer public key held in the printer public key holding unit to the print client in response to a request from the print client;
Receiving an encrypted client random number generated by encrypting a client random number using the printer public key from the print client;
Acquiring printer position information from the printer position information acquisition means, and using this as second printer position information;
Generating a printer private key using a passphrase including at least the second printer position information;
Decrypting the encrypted client random number using the printer private key to obtain a client random number;
Generating a printer random number;
Generating a common key using the printer random number and the client random number;
Receiving encrypted print data generated by encrypting print data from the print client;
Using the common key to decrypt the encrypted print data to obtain print data;
It is characterized by providing.

The print client according to the present invention includes:
A print client that generates print data,
First client position information acquisition means for acquiring client position information for specifying a place where the print client is installed from printer position information acquisition means, and using this as first client position information;
Client public key generation means for generating a client public key using a passphrase including at least the first client position information;
Client public key holding means for holding the client public key generated by the client public key generating means;
In response to a request from the printer, a client public key transmission unit that transmits the client public key held in the client public key holding unit to the printer;
An encrypted printer random number receiving means for receiving an encrypted printer random number generated by encrypting a printer random number using the client public key from the printer;
Second client position information acquisition means for acquiring client position information from the client position information acquisition means and using this as second client position information;
Client secret key generating means for generating a client secret key using a passphrase including at least the second client position information;
A printer random number obtaining means for decrypting the encrypted printer random number using the client secret key and obtaining a printer random number;
A client random number generating means for generating a client random number;
A common key generation means for generating a common key using the printer random number and the client random number;
Encrypted print data generation means for generating encrypted print data by encrypting the print data using the common key;
Encrypted print data transmission means for transmitting the encrypted print data to the printer;
It is characterized by providing.

The print client control method according to the present invention includes:
A method of controlling a print client that generates print data,
Acquiring client position information for specifying the location where the print client is installed from the printer position information acquisition means, and using the client position information as first client position information;
Generating a client public key using a passphrase including at least the first client location information;
Holding the generated client public key in a client public key holding unit;
Transmitting a client public key held in the client public key holding means to the printer in response to a request from the printer;
Receiving, from the printer, an encrypted printer random number generated by encrypting a printer random number using the client public key;
Acquiring client position information from the client position information acquiring means, and setting it as second client position information;
Generating a client secret key using a passphrase including at least the second client location information;
Decrypting the encrypted printer random number using the client secret key to obtain a printer random number;
Generating a client random number;
Generating a common key using the printer random number and the client random number;
Generating encrypted print data by encrypting the print data using the common key;
Transmitting the encrypted print data to the printer;
It is characterized by providing.

The printing system according to the present invention includes:
A printing system having a printer that performs printing based on print data and a print client connected to the printer,
The printer is
First printer position information acquisition means for acquiring printer position information for specifying a location where the printer is installed from printer position information acquisition means, and using this as first printer position information;
Printer public key generation means for generating a printer public key using a passphrase including at least the first printer position information;
Printer public key holding means for holding the printer public key generated by the printer public key generating means;
With
The print client includes a printer public key transmission request transmission unit that transmits a printer public key transmission request for requesting transmission of the printer public key to the printer;
The printer is
A printer public key transmission request receiving means for receiving the printer public key transmission request transmitted from the print client;
A printer public key transmission unit that transmits a printer public key held in the printer public key holding unit to a print client when the printer public key transmission request is received;
With
The print client
A printer public key receiving means for receiving the printer public key transmitted from the printer;
A client random number generating means for generating a client random number;
An encrypted client random number generating means for generating an encrypted client random number by encrypting the client random number using the printer public key;
An encrypted client random number transmission means for transmitting the encrypted client random number to the printer;
With
The printer is
An encrypted client random number receiving means for receiving the encrypted client random number transmitted from the print client;
Second printer position information acquisition means for acquiring printer position information from the printer position information acquisition means and using this as second printer position information;
A printer secret key generating means for generating a printer secret key using a passphrase including at least the second printer position information;
Client random number obtaining means for decrypting the encrypted client random number using the printer private key and obtaining a client random number;
A printer random number generating means for generating a printer random number;
A common key generation means for generating a common key using the printer random number and the client random number;
Encrypted print data receiving means for receiving encrypted print data generated by encrypting print data from the print client;
Print data acquisition means for decrypting the encrypted print data and acquiring the print data using the common key;
It is characterized by providing.

A control method of a printing system according to the present invention includes:
A control method for a printing system, comprising: a printer that performs printing based on print data; and a print client connected to the printer.
Acquiring printer position information for specifying a place where the printer is installed from a printer position information acquisition unit, and using the printer position information as first printer position information;
Generating a printer public key using a passphrase including at least the first printer position information;
Holding the printer public key generated by the printer public key generating means;
Transmitting a printer public key transmission request for requesting transmission of the printer public key from the print client to the printer;
Receiving the printer public key transmission request transmitted from the print client in the printer;
Transmitting the printer public key held in the printer public key holding means from the printer to the print client when the printer public key transmission request is received;
Receiving the printer public key transmitted from the printer at the print client;
Generating a client random number in the print client;
Generating an encrypted client random number by encrypting the client random number using the printer public key;
Transmitting the encrypted client random number from the print client to the printer;
Receiving the encrypted client random number transmitted from the print client in the printer;
Acquiring printer position information from the printer position information acquisition means, and using this as second printer position information;
Generating a printer private key using a passphrase including at least the second printer position information;
Decrypting the encrypted client random number using the printer private key to obtain a client random number;
Generating a printer random number in the printer;
In the printer, using the printer random number and the client random number to generate a common key;
Transmitting encrypted print data generated by encrypting print data from the print client to the printer;
Receiving the encrypted print data in the printer;
Using the common key to decrypt the encrypted print data to obtain print data;
It is characterized by providing.

  According to the present invention, it is possible to provide a printer, a print client, and a printing system including such a printer and a print client that can print only at a location registered in advance.

  First, an outline of processing of the printing system according to the present embodiment will be described with reference to FIG. As shown in FIG. 1, in this embodiment, when the printer 30 is installed, a printer public key and a printer private key are generated using a passphrase including at least printer position information indicating the position where the printer 30 is installed. The printer 30 holds the printer public key but discards the printer private key (step [1]). When a printer public key is requested from the print client 20 that wants to transmit print data, the printer 30 transmits the held printer public key to the print client 20 (step [2]).

  The print client 20 uses a random number generator to generate an appropriate random number, which is used as a client random number (step [3]). Then, the print client 20 encrypts the client random number using the received printer public key, and generates an encrypted client random number (step [4]). Subsequently, the print client 20 transmits the encrypted client random number to the printer 30 (step [5]).

  The printer 30 that has received the encrypted client random number acquires printer position information again, and generates a printer public key and a printer private key using a passphrase including at least the printer position information (step [6]). . Then, the printer 30 uses the printer private key generated here to decrypt the encrypted client random number and obtain the client random number (step [7]). The printer public key is discarded without being saved, and the printer private key is also discarded after the process of step [7].

  On the other hand, the print client 20 generates a client public key and a client secret key using a passphrase including at least client position information indicating a position where the print client 20 is installed when the print client 20 is installed. 20 holds the client public key but discards the client private key (step [8]). When the printer client 30 requests a client public key, the print client 20 transmits the held client public key to the printer 30 (step [9]).

  In the printer 30, an appropriate random number is generated using a random number generator, and this is set as a printer random number (step [10]). Then, the printer 30 encrypts the printer random number using the received client public key, and generates an encrypted printer random number (step [11]). Subsequently, the printer 30 transmits the encrypted printer random number to the print client 20 (step [12]).

  The print client 20 that has received the encrypted printer random number acquires the client position information again, and generates a client public key and a client secret key using a passphrase including at least the client position information (step [13]). ). Then, the print client 20 decrypts the encrypted printer random number using the client secret key generated here, and acquires the printer random number (step [14]). The client public key is discarded without being saved, and the client secret key is also discarded after the process of step [14].

  Subsequently, the print client 20 generates one variable based on the client random number and the printer random number, and generates a common key using this variable (step [15]). The variable generation method includes, for example, multiplying the client random number and the printer random number, calculating the exclusive OR of the client random number and the printer random number, and multiplying appropriately.

  Subsequently, the print client 20 generates print data, encrypts the print data using this common key, and generates encrypted print data (step [16]). The encrypted print data is transmitted to the printer 30 (step [17]).

  On the other hand, in the printer 30, one variable is generated based on the client random number acquired in step [7] and the printer random number generated in step [10], and a common key is generated using this variable. (Step [18]). Here, the variable generation method needs to be the same as step [15] of the print client 20. In other words, the variable generated here must be the same as the variable generated in step [15]. Subsequently, the printer 30 uses the generated common key to decrypt the received encrypted print data and obtain the print data (step [19]). Then, the printer 30 performs printing based on the acquired print data.

  Eventually, if the printer 30 has not moved from the position where the printer public key is generated, the encrypted client random number can be decrypted, and therefore an appropriate common key can be generated. On the other hand, if the print client 20 has not moved from the position where the client public key has been generated, the encrypted printer random number can be decrypted, and therefore an appropriate common key can be generated. If both the printer 30 and the print client 20 can generate an appropriate common key, the printer 30 and the print client 20 have the same common key. That is, the encrypted print data encrypted using the common key by the print client 20 can be decrypted by the printer 30 using the same common key.

  As can be seen from this description, the timing at which the printer public key is transmitted from the printer 30 to the print client 20 may be any timing after the printer 30 is installed until a print request is generated. However, in order to limit the positions where the printer 30 can be used, it is desirable to generate the printer private key in step [6] after a print request is generated in the print client 20. Specifically, the generation of the printer private key in step [6] is preferably performed after the printer 30 receives the encrypted client random number and / or after receiving the encrypted print data.

  Similarly, the timing for transmitting the client public key from the print client 20 to the printer 30 may be any timing after the installation of the print client 20 until a print request is generated. However, in order to limit the positions where the print client 20 can be used, it is desirable to generate the client private key in step [13] after a print request is generated in the print client 20. Specifically, the generation of the client secret key in step [13] is preferably performed after the user instructs the print client 20 to execute printing.

  Next, the configuration of the printing system according to the present embodiment will be described with reference to FIG. FIG. 2 is a block diagram illustrating a hardware configuration of the printing system according to the present embodiment.

  As shown in FIG. 2, the printing system according to the present embodiment includes a print client 20 connected to the network 10 and a printer 30 also connected to the network 10. In the present embodiment, the network 10 is configured by the Internet using TCP / IP (transmission control protocol / internet protocol). However, the form of the network 10 is not limited to the Internet, and may be configured by a LAN such as Ethernet (registered trademark).

  The print client 20 is composed of various computers called a host computer and a personal computer, for example. In the present embodiment, in particular, the print client 20 generates encrypted print data obtained by encrypting print data with a common key, and transmits the encrypted print data to the printer 30 via the network 10. The number of print clients connected to the network 10 is arbitrary, and may be one or plural. The print client is not limited to a computer, and may be, for example, a digital camera that needs to print a captured image, a content server that stores print image data as content, or the like.

  In the present embodiment, the printer 30 is a so-called network printer. In the present embodiment, in particular, the printer 30 receives the encrypted print data from the print client 20, decrypts the encrypted print data with the common key, and performs printing.

  In the present embodiment, the printer 30 is directly connected to the network 10, and the printer 30 has a unique network address. Therefore, the print client 20 can transmit the encrypted print data to the printer 30 by designating this network address.

  In FIG. 2, the printer 30 is directly connected to the network 10, but may be connected via a printer server. The number of printers connected to the network 10 is arbitrary, and may be one or a plurality.

  FIG. 3 is a block diagram for explaining the internal configuration of the printer 30. As shown in FIG. 3, the printer 30 includes a central processing unit (CPU) 40, a random access memory (RAM) 42, and a read only memory (ROM) 44. Connected through. In addition, a communication interface 48 is connected to the internal bus 46, and the printer 30 is connected to the network 10 through the communication interface 48. Further, an interface 50 is connected to the internal bus 46, and a print engine 52 is connected to the interface 50.

  In addition, a position detector 54 is connected to the internal bus 46. The position detection unit 54 has a function of specifying the position where the printer 30 is installed. In the present embodiment, for example, a GPS (global positioning system) is used, and the latitude, longitude, and altitude of the position where the printer 30 is installed can be specified. It is said that the current GPS accuracy is about ± 10 m in each of latitude, longitude, and altitude.

  However, the position detection unit 54 is not limited to the configuration using the GPS. For example, when the printer 30 is connected to the network 10 by a wireless LAN, the position detection unit 54 is connected to the wireless base station in which the printer 30 is accommodated. Based on this, the position of the printer 30 may be specified. Alternatively, the position of the printer 30 may be specified using mobile communication technology such as PHS (Personal Handyphone System).

  In addition, both the GPS function and the PHS function are mounted on the position detection unit 54, and the installation position is normally detected using the GPS. However, if the position cannot be detected using the GPS due to radio wave conditions or the like, You may make it detect.

  Furthermore, the printer 30 according to the present embodiment includes an EEPROM (Electrically Erasable Programmable ROM) 56 connected to the internal bus 46 as a nonvolatile semiconductor memory device. The information stored in the EEPROM 56 is retained even when the printer 30 is turned off.

  In FIG. 3, the position detector 54 is built in the printer 30, but the position detector 54 may be externally attached to the printer 30 as shown in FIG. 4. For example, when necessary, a mobile phone equipped with GPS may be connected to the printer 30 so that the printer 30 has a position detection function.

  FIG. 5 is a block diagram for explaining the internal configuration of the print client 20. As shown in FIG. 5, the print client 20 according to this embodiment includes a computer main body 60 and a display 62.

  The computer main body 60 includes a CPU 64, a RAM 66, and a ROM 68, which are connected to each other via an internal bus 70. In addition, a communication interface 72 is connected to the internal bus 70, and the print client 20 is connected to the network 10 via the communication interface 72.

  Further, an interface 74 is connected to the internal bus 70, and a hard disk 76 that is a mass storage device is connected to the interface 74. In addition, a position detection unit 77 is connected to the internal bus 70. The position detection unit 77 has a function of specifying the position where the print client 20 is installed. In the present embodiment, for example, a GPS (global positioning system) is used, and the latitude, longitude, and altitude of the position where the print client 20 is installed can be specified.

  However, the position detection unit 77 is not limited to the configuration using the GPS. For example, when the print client 20 is connected to the network 10 by a wireless LAN, the wireless base in which the print client 20 is accommodated. The position of the print client 20 may be specified based on the station. Alternatively, the position of the print client 20 may be specified using mobile communication technology such as PHS (Personal Handyphone System).

  The position detector 77 is equipped with both a GPS function and a PHS function, and usually detects the installation position using the GPS. However, if the position cannot be detected using the GPS due to radio wave conditions or the like, the position is detected by the PHS. You may make it detect.

  Further, an interface 78 is connected to the internal bus 70, and the above-described display 62 is connected via a cable 80 extending from the interface 78.

  In FIG. 5, the position detection unit 77 is built in the print client 20, but the position detection unit 77 may be externally attached to the print client 20, as shown in FIG. For example, when necessary, a mobile phone equipped with GPS may be connected to the print client 20 so that the print client 20 has a position detection function.

  Next, processing executed by the printer 30 and the print client 20 in order to realize the processing described with reference to FIG. 1 will be described in detail.

  First, a printer public key generation process executed by the printer 30 when the printer 30 is installed will be described with reference to FIG. FIG. 7 is a flowchart for describing printer public key generation processing executed by the printer 30. This printer public key generation process is realized by the CPU 40 reading and executing a printer public key generation program stored in the ROM 44 of the printer.

  As shown in FIG. 7, first, the printer 30 requests the operator of the printer 30 to input installation authorization information (step S100). For example, the printer 30 displays an instruction to input installation authentication information on a display panel provided in the printer 30. For example, the operator operates the operation panel provided in the printer 30 and inputs the installation authentication information. For example, in the present embodiment, this installation authentication information is configured by a combination of an ID and password for installation authentication information. Therefore, the operator inputs the ID and password for the installation authentication information from the operation panel.

  Next, the printer 30 determines whether or not the input installation authentication information matches the installation authentication information registered in advance in the printer 30 (step S102). Specifically, as described above, it is determined whether the ID and password for installation authentication information input by the operator match the ID and password for installation authentication information registered in the printer 30 in advance. In the present embodiment, for example, when the printer 30 is shipped, the installation authentication information ID and password are stored in the EEPROM 56. The printer 30 can know the installation authentication information ID and password. It is a structure that only manufacturers of

  If the installation authentication information does not match (step S102: No), the printer 30 displays on the display panel of the printer 30 that the installation authentication information does not match (step S104), and generates this printer public key. The process ends.

  On the other hand, when the installation authentication information matches (step S102: Yes), the printer 30 acquires device-specific information of the printer 30 (step S106). Here, the device unique information is identification information uniquely assigned to the printer 30 and includes, for example, a manufacturing serial number and a MAC address of the printer 30.

  Next, the printer 30 acquires the printer position information of the printer 30 at that time from the position detection unit 54 (step S108). Subsequently, the printer 30 creates a passphrase using the device specific information and the printer position information (step S110). Various methods for creating the passphrase can be considered. In this embodiment, the passphrase is created by simply connecting the printer position information to the device specific information. The passphrase may include data other than the device specific information and the printer position information.

  Next, the printer 30 generates a public key (printer public key) and a private key (printer private key) by public key cryptography using the created passphrase (step S112). Public key cryptography has the property that if the same passphrase is used, the same key is generated even if the public key and the private key are generated again. Subsequently, the printer 30 stores and holds only the printer public key among the generated printer public key and printer private key (step S114). Note that the printer private key is discarded without being saved. Thereby, the printer public key generation process according to the present embodiment is completed.

  FIG. 8 is a diagram illustrating an example of the printer public key storage unit TB10 in which the printer public key is stored in step S114. In the present embodiment, the printer public key storage unit TB10 is formed in the EEPROM 56. Therefore, the printer public key stored in the printer public key storage unit TB10 is held in a nonvolatile manner even when the printer 30 is turned off.

  Next, a client public key generation process executed by the print client 20 when the print client 20 is installed will be described with reference to FIG. FIG. 9 is a flowchart for explaining client public key generation processing executed by the print client 20. This client public key generation process is a process realized by the CPU 64 reading and executing a client public key generation program stored in the ROM 68 or the hard disk 76 of the print client 20.

  As shown in FIG. 9, first, the print client 20 requests the operator of the print client 20 to input installation authorization information (step S150). For example, the print client 20 displays an instruction to input installation authentication information on the display 62 of the print client 20. For example, the operator operates the keyboard of the print client 20 to input the installation authentication information. For example, in the present embodiment, this installation authentication information is configured by a combination of an ID and password for installation authentication information. Therefore, the operator inputs the ID and password for the installation authentication information from the operation panel.

  Next, the print client 20 determines whether or not the input installation authentication information matches the installation authentication information registered in the print client 20 in advance (step S152). Specifically, as described above, it is determined whether the ID and password for installation authentication information input by the operator matches the ID and password for installation authentication information registered in the print client 20 in advance. . In this embodiment, for example, when the print client 20 is shipped, the installation authentication information ID and password are stored in the hard disk 76, and the ID and password for the installation authentication information can be known. Only the manufacturer of the print client 20 is configured.

  If the installation authentication information does not match (step S152: No), the print client 20 displays on the display 62 of the print client 20 that the installation authentication information does not match (step S154), and this client disclosure. The key generation process ends.

  On the other hand, when the installation authentication information matches (step S152: Yes), the print client 20 acquires the device unique information of the print client 20 (step S156). Here, the device unique information is identification information uniquely assigned to the print client 20 and includes, for example, a manufacturing serial number and a MAC address of the print client 20.

  Next, the print client 20 acquires the client position information of the print client 20 at that time from the position detection unit 77 (step S158). Subsequently, the print client 20 creates a passphrase using the device specific information and the client position information (step S160). Various methods for creating the passphrase can be considered. In the present embodiment, the passphrase is created by simply connecting the client position information to the device specific information. The passphrase may include data other than the device specific information and the client position information.

  Next, the print client 20 generates a public key (client public key) and a private key (client private key) by public key cryptography using the created passphrase (step S162). Public key cryptography has the property that if the same passphrase is used, the same key is generated even if the public key and the private key are generated again. Subsequently, the print client 20 stores and holds only the client public key among the generated client public key and client secret key (step S164). The client secret key is discarded without being saved. Thereby, the client public key generation process according to the present embodiment is completed.

  FIG. 10 is a diagram illustrating an example of the client public key storage unit TB20 in which the client public key is stored in step S164. In the present embodiment, the client public key storage unit TB20 is formed in the hard disk 76. Therefore, the client public key stored in the client public key storage unit TB20 is held in a nonvolatile manner even when the print client 20 is turned off.

  FIGS. 11 to 13 are flowcharts illustrating print request processing executed by the print client 20. This print request processing is realized by the CPU 64 reading and executing a print request program stored in the ROM 68 or the hard disk 76 of the print client. In the present embodiment, this print request process is a process that is started when the user creates data to be printed and instructs the print client 20 to perform printing with the printer 30.

  As shown in FIG. 11, first, the print client 20 transmits a printer public key acquisition request for requesting the printer 30 to transmit a printer public key (step S200). Subsequently, the print client 20 determines whether a printer public key has been received from the printer 30 (step S202). If the printer public key has not been received (step S202: No), the process of step S202 is repeated and waits.

  On the other hand, when the printer public key is received (step S202: Yes), the print client 20 generates a random number and sets this as a client random number (step S204). In the present embodiment, the CPU 64 generates a random number in software.

  Next, the print client 20 encrypts the client random number generated in step S204 using the printer public key received in step S202, and generates an encrypted client random number (step S205). Then, this encrypted client random number is transmitted to the printer 30 (step S206).

  Next, the print client 20 determines whether or not a deciphering notification has been received from the printer 30 (step S208). When this unbreakable notification is received (step S208: Yes), the user is notified that the printer 30 has not been able to decrypt the encrypted client random number (step S210), and this print request process is terminated.

  On the other hand, if the unbreakable notification has not been received in step S208 (step S208: No), it is determined whether a client public key acquisition request has been received from the printer 30 (step S212). If the client public key acquisition request has not been received (step S212: No), the above-described step S208 is repeated.

  On the other hand, when the client public key acquisition request is received (step S212: Yes), the print client 20 acquires the client public key from the client public key storage unit TB20 (step S214). Subsequently, the print client 20 transmits this client public key to the printer 30 (step S216).

  Next, as shown in FIG. 12, the print client 20 determines whether an encrypted printer random number has been received from the printer 30 (step S250). If the encrypted printer random number has not been received (step S250: No), this step S250 is repeated to stand by.

  On the other hand, when the encrypted printer random number is received (step S250: Yes), the print client 20 acquires device specific information of the print client 20 (step S252). Subsequently, the print client 20 acquires the client position information of the print client 20 at that time from the position detection unit 77 (step S254). In this way, the client position information is acquired from the position detection unit 77 each time, because there is a possibility that the print client 20 has been moved from the place where it was originally installed to another place. In this case, the print client 20 is prevented from performing printing.

  Next, the print client 20 creates a passphrase based on the device specific information and the client position information (step S256). This passphrase creation method needs to be the same as step S160 in the client public key generation process described above. This is because if the passphrase is different, the encrypted printer random number transmitted from the printer 30 cannot be decrypted with the client secret key.

  Next, the print client 20 generates a client public key and a client secret key by public key cryptography using the passphrase generated in step S256 (step S258). Subsequently, the print client 20 decrypts the received encrypted printer random number using the generated client private key, and acquires the printer random number (step S260). Subsequently, the print client 20 discards the client public key and client secret key generated in step S258 (step S262).

  Next, the print client 20 determines whether or not the encrypted printer random number has been decrypted in step S260 and the printer random number has been acquired (step S264). If the encrypted printer random number cannot be decrypted (step S264: No), the user is notified that the encrypted printer random number cannot be decrypted because the print client 20 has been moved (step S266). This print request process is terminated.

  On the other hand, if the encrypted printer random number can be decrypted (step S264: Yes), one variable is generated using the client random number generated in step S204 and the printer random number acquired in step S260 (step S264). S268). There are various variable generation methods. In the present embodiment, for example, (1) the client random number and the printer random number are multiplied, and (2) the exclusive OR of the client random number and the printer random number is calculated. , (3) Multiply appropriately combined formulas to generate.

  Next, as shown in FIG. 13, the print client 20 generates a common key using the variable generated in step S268 (step S300). Subsequently, the print client 20 generates print data (step S302). This print data is data necessary for the printer 30 to actually perform printing.

  Next, the print client 20 encrypts the generated print data using the common key generated in step S300, and generates encrypted print data (step S304). Subsequently, the print client 20 transmits the encrypted print data to the printer 30 (step S306). Subsequently, the print client 20 discards the common key generated in step S300 (step S308). Subsequently, the print client 20 discards the client random number generated in step S204, the printer random number acquired in step S260, and the variable generated in step S268 (step S310).

  Next, the print client 20 determines whether or not an undecipherable notification is received from the printer 30 (step S312). If this decryption notification is received (step S312: Yes), the user is notified that the encrypted print data could not be decrypted, and the print request process is terminated.

  On the other hand, when the undecipherable notification has not been received (step S312: No), it is determined whether a print completion notification has been received from the printer 30 (step S316). When the print completion notification has not been received (step S316: No), the above-described step S312 is repeated.

  On the other hand, when the print completion notification is received (step S316: Yes), the printing is normally completed, and thus the print request process is ended.

  Next, a print execution process executed by the printer 30 in response to the print request process of the print client 20 will be described with reference to FIGS. 14 to 16 are flowcharts for explaining the print execution process executed by the printer 30. FIG. This print execution process is a process realized by the CPU 40 reading and executing a print execution program stored in the ROM 44 of the printer 30. In the present embodiment, this print execution process is a process that is regularly executed.

  As shown in FIG. 14, the printer 30 determines whether a printer public key acquisition request has been received from the print client 20 (step S350). If the printer public key acquisition request has not been received (step S350: No), the process of step S350 is repeated and waits.

  On the other hand, when the printer public key acquisition request is received (step S350: Yes), the printer 30 acquires the printer public key from the printer public key storage unit TB10 (step S352). Subsequently, the printer 30 transmits this printer public key to the print client 20 (step S354).

  Next, the printer 30 determines whether an encrypted client random number has been received from the print client 20 (step S356). If this encrypted client random number has not been received (step S356: No), the process of step S356 is repeated and waits.

  On the other hand, when the encrypted client random number is received (step S356: Yes), the printer 30 acquires its own device-specific information (step S358). Subsequently, the printer 30 acquires the printer position information of the printer 30 at that time from the position detection unit 54 (step S360). In this way, the printer position information is acquired from the position detection unit 54 each time, because there is a possibility that the printer 30 is moved from the place where it was originally installed to another place. This is to prevent the printer 30 from printing.

  Next, the printer 30 creates a passphrase based on the device specific information and the printer position information (step S362). This passphrase creation method needs to be the same as step S110 in the printer public key generation process described above. This is because if the passphrase is different, the encrypted client random number transmitted from the print client 20 cannot be decrypted with the printer private key.

  Next, the printer 30 uses the passphrase to generate a printer public key and a printer private key by public key cryptography (step S364). Next, as shown in FIG. 15, the printer 30 uses the generated printer private key to decrypt the received encrypted client random number to obtain the client random number (step S400). Subsequently, the printer 30 discards the printer public key and printer private key generated in step S364 (step S402).

  Next, the printer 30 determines whether or not the encrypted client random number has been decrypted in step S400 and the client random number has been acquired (step S404). If the encrypted client random number cannot be decrypted (step S404: No), an unbreakable notification is sent to the print client 20 indicating that the encrypted client random number cannot be decrypted because the printer 30 has been moved. (Step S406), it returns to the process of step S350 mentioned above.

  On the other hand, if the encrypted client random number can be decrypted (step S404: Yes), the printer 30 transmits a client public key acquisition request for requesting transmission of the client public key to the print client 20 (step S408). Subsequently, the printer 30 determines whether a client public key is received from the print client 20 (step S410). If the client public key has not been received (step S410: No), the process of step S410 is repeated and the process waits.

  On the other hand, when the client public key has been received (step S410: Yes), the printer 30 generates a random number and sets this as a printer random number (step S412). In the present embodiment, the CPU 40 generates a random number in software.

  Next, the printer 30 encrypts the printer random number generated in step S412 using the client public key received in step S410, and generates an encrypted printer random number (step S414). Then, this encrypted printer random number is transmitted to the print client 20 (step S416).

  Next, as illustrated in FIG. 16, the printer 30 determines whether or not an undecipherable notification is received from the print client 20 (step S450). If this undecipherable notification is received (step S450: Yes), the printer 30 returns to the process of step S350 described above.

  On the other hand, if an unbreakable notification has not been received in step S450 (step S450: No), it is determined whether encrypted print data has been received from the print client 20 (step S452). When the encrypted print data has not been received (step S452: No), the above-described step S450 is repeated.

  On the other hand, when encrypted print data is received (step S452: Yes), one variable is generated using the client random number acquired in step S400 and the printer random number generated in step S412 (step S454). . The variable generation method in step S454 needs to be the same as the variable generation method in step S268 described above. For this reason, the variable produced | generated here becomes the same as the variable produced | generated by step S268.

  Next, the printer 30 generates a common key using the variable generated in step S454 (step S456). The common key generated in step S456 is the same as the common key generated in step S300. This is because the variables used when generating the common key are the same as those in step S300.

  Next, the printer 30 uses the common key to decrypt the received encrypted print data and obtain the print data (step S458). Subsequently, the printer 30 determines whether or not the encrypted print data has been decrypted (step S459). If the encrypted print data could not be decrypted (step S459: No), the printer 30 sends a decryption notification to the print client 20 (step S470), and returns to the process of step S350 described above.

  On the other hand, if the encrypted print data can be decrypted (step S459: Yes), the printer 30 executes printing with the print engine 52 driven based on the obtained print data (step S460). Specifically, the print data is interpreted in language, and print request data suitable for the print engine 52 is generated. Then, by transmitting this print request data to the print engine 52, the print engine 52 performs printing on a print sheet or the like.

  Next, the printer 30 discards the common key generated in step S456 (step S462). Subsequently, the printer 30 discards the client random number acquired in step S400, the printer random number generated in step S412 and the variable generated in step S456 (step S464). Subsequently, the printer 30 transmits a print completion notification indicating that printing has been normally completed to the print client 20 (step S466). And it returns to the process of step S350 mentioned above.

  FIG. 17 is a functional block diagram showing a configuration when the above-described processes are realized by hardware. As shown in FIG. 17, when the printer 30 is installed, printer position information for specifying the place where the printer 30 is installed is acquired from the position detection unit 54, and this is used as the first printer position information. The printer public key generation unit 100 generates a printer public key using a passphrase including at least the first printer position information. Then, the printer public key generated by the printer public key generation unit 100 is held in the printer public key holding unit 102.

  On the other hand, when the print client 20 is installed, client position information for specifying the place where the print client 20 is installed is acquired from the position detection unit 77, and this is used as the first client position information to generate a client public key. The unit 220 generates a client public key using a passphrase including at least the first client position information. Then, the client public key generation unit 220 holds the client public key in the client public key holding unit 222.

  In this embodiment, when the print client 20 is requested to print by the user, the printer public key transmission request transmission unit 200 sends a printer public key transmission request for requesting transmission of the printer public key to the printer 30. Send to. In the printer 30, the printer public key transmission request received from the print client 20 is received by the printer public key transmission request receiving unit 106. When the printer public key transmission request is received, in the printer 30, the printer public key transmission unit 106 reads out the printer public key held in the printer public key holding unit 102 and transmits it to the print client 20.

  In the print client 20, the printer public key receiving unit 202 receives the printer public key transmitted from the printer 30. Then, the client random number generation unit 204 generates a client random number. Subsequently, the encrypted client random number generation unit 206 generates an encrypted client random number by encrypting the client random number using the printer public key received by the printer public key receiving unit 202. Subsequently, the encrypted client random number transmission unit 208 transmits the encrypted client random number to the printer 30.

  The encrypted client random number receiving unit 110 of the printer 30 receives the encrypted client random number transmitted from the print client 20. Further, in the printer 30, the printer position information is acquired from the position detection unit 54, and this is used as the second printer position information. The printer secret key generation unit 112 uses the passphrase including at least the second printer position information, Generate a printer private key. Then, the client random number acquisition unit 114 decrypts the encrypted client random number using the printer secret key generated by the printer secret key generation unit 112 and acquires the client random number.

  The client public key transmission request transmission unit 120 of the printer 30 transmits a client public key transmission request for requesting transmission of the client public key to the print client 20. This client public key transmission request is received by the client public key transmission request receiving unit 224 of the print client 20. When the client public key transmission request is received, the client public key transmission unit 226 of the print client 20 acquires the public key from the client public key holding unit 222 and transmits it to the printer 30.

  The client public key transmitted from the print client 20 is received by the client public key receiving unit 122 of the printer 30. When the client public key is received, the printer random number generation unit 124 of the printer 30 generates a printer random number. Then, the encrypted printer random number generation unit 126 encrypts the printer random number using the client public key, and generates an encrypted printer random number. Subsequently, the encrypted printer random number transmission unit 128 transmits the generated encrypted printer random number to the print client 20.

  The encrypted printer random number transmitted from the printer 30 is received by the encrypted printer random number receiving unit 240. In the print client 20 that has received the encrypted printer random number, the client secret key generation unit 242 acquires the current client location information from the location detection unit, and uses this as the second client location information. A client secret key is generated using a passphrase including at least information. The printer random number acquisition unit 244 uses the generated client private key to decrypt the encrypted printer random number and acquire the printer random number. Then, the common key generation unit 246 generates one common key using the client random number generated by the client random number generation unit 204 and the printer random number acquired by the printer random number acquisition unit 244.

  Next, the print client 20 generates print data with the print data generation unit 260. Subsequently, the encrypted print data generation unit 262 encrypts the print data using the common key, and generates encrypted print data. Then, the encrypted print data transmission unit 264 transmits this encrypted print data to the printer 30.

  The encrypted print data transmitted from the print client 20 is received by the encrypted print data receiving unit 130 of the printer 30. The common key acquisition unit 132 generates a common key using the printer random number generated by the printer random number generation unit 124 and the client random number acquired by the client random number acquisition unit 114. Then, the print data acquisition unit 134 uses this common key to decrypt the encrypted print data to acquire the print data, and the print execution unit 136 executes printing based on the print data.

  As described above, according to the printing system according to the present embodiment, the print client 20 can make a normal print request only at the location where the client public key is generated, and the printer 30 is where the printer public key is generated. Only normal printing can be done. For this reason, the place where the print client 20 and the printer 30 can be used can be restricted.

  That is, in the printer 30 according to the present embodiment, when the printer 30 is moved to a location different from the location where the printer public key is generated, the encrypted client random number transmitted from the print client 20 cannot be correctly decrypted. Unable to get client random number. For this reason, the printer 30 cannot generate a correct common key.

  On the other hand, in the print client 20 according to the present embodiment, when the print client 20 is moved to a location different from the location where the client public key is generated, the encrypted printer random number transmitted from the printer 30 cannot be correctly decrypted. The correct printer random number cannot be obtained. For this reason, the print client 20 cannot generate a correct common key.

  Moreover, in the present embodiment, the print data is encrypted using a common key. In general, it is said that the speed of decrypting data with a common key using a common key cryptosystem is about 1000 times faster than the speed of decrypting data with a secret key based on a public key cryptosystem. For this reason, print data with a large amount of data can be quickly decrypted using the common key.

  Accordingly, according to the printing system according to the present embodiment, the print client 20 can substantially limit the position of the printer that can print the encrypted print data that has been encrypted and transmitted. Thus, it is possible to avoid printing by a printer in a position not intended by the user of the print client 20.

  In addition, this invention is not limited to the said embodiment, A various deformation | transformation is possible. For example, in the above-described embodiment, the device unique information is used as the passphrase in addition to the printer position information, but the device unique information is not necessarily required.

  Further, although the printer has been described as an example of the data receiving device that restricts the usable position, the present invention is not limited to the printer. Further, the data transmission apparatus is not limited to the print client.

  For example, the data transmission device in the data transmission / reception system may be a digital camera for photographing an image, and the data reception device may be a data server that stores image data photographed by the digital camera. In this case, the random number transmitted from the digital camera is encrypted using the public key received from the data server, and the data server that has received the encrypted random number acquires the random number by the above-described method, Obtain a common key. In addition, the random number transmitted from the data server is encrypted using the public key received from the digital camera, and the digital camera that has received the encrypted random number acquires the random number by the above-described method, and Get the key. The data transmitted from the digital camera is encrypted using the common key, and the data server that receives the encrypted data decrypts the data using the acquired common key and obtains the data. To do. When the data server can decrypt the data, the data server accumulates the data.

  In the above-described embodiment, the case where the print medium of the printer 30 is a print sheet has been described as an example. However, the print medium is not limited to this, and may be another print medium such as an OHP sheet. The present invention can be applied.

  Further, for each process described in the above embodiment, a program for executing each process is recorded on a recording medium such as a flexible disk, a CD-ROM (Compact Disc-Read Only Memory), a ROM, or a memory card. Thus, it can be distributed in the form of a recording medium. In this case, the above-described embodiment can be realized by causing the print client 20 and / or the printer 30 to read and execute the recording medium on which the program is recorded.

  The print client 20 and / or the printer 30 may include other programs such as an operating system and another application program. In this case, other programs provided in the print client 20 and / or the printer 30 are utilized, and processing equivalent to that in the above-described embodiment is realized from the programs provided in the print client 20 and / or the printer 30 on the recording medium. An instruction that calls the program may be recorded.

  Furthermore, such a program can be distributed not as a recording medium but as a carrier wave through a network. The program transmitted in the form of a carrier wave on the network is taken into the print client 20 and / or the printer 30, and the above-described embodiment can be realized by executing this program.

  Also, when a program is recorded on a recording medium or transmitted as a carrier wave on a network, the program may be encrypted or compressed. In this case, the print client 20 and / or the printer 30 that read the program from the recording medium or the carrier wave needs to execute the program after decoding or decompressing the program.

FIG. 3 is a diagram for explaining how to use a common key, a public key, and a secret key in the printing system according to the embodiment of the present invention. 1 is a block diagram illustrating an overall configuration of a printing system according to an embodiment. FIG. 2 is a block diagram illustrating a hardware configuration of the printer according to the embodiment. FIG. 9 is a block diagram for explaining a modified example of the hardware configuration of the printer. FIG. 3 is a diagram illustrating a hardware configuration of a print client according to the present embodiment. The figure explaining the modification of the hardware constitutions of a print client. FIG. 5 is a flowchart illustrating printer public key generation processing according to the present embodiment. FIG. 3 is a diagram illustrating an example of a configuration of a printer public key storage unit according to the present embodiment. The figure which shows the flowchart explaining the client public key production | generation process in this embodiment. The figure which shows an example of a structure of the client public key storage part in this embodiment. FIG. 3 is a first flowchart illustrating a print request process according to the present embodiment. FIG. 9 is a second flowchart illustrating a print request process according to the present embodiment. FIG. 10 is a third flowchart illustrating a print request process according to the present embodiment. FIG. 5 is a first flowchart illustrating a flowchart for explaining print execution processing according to the present embodiment; FIG. 6 is a second flowchart illustrating a print execution process according to the present embodiment. FIG. 6 is a third flowchart illustrating a print execution process according to the present embodiment. The functional block diagram explaining the case where the processing of the printing system concerning this embodiment is realized by hardware.

Explanation of symbols

10 Network 20 Print Client 30 Printer 40 CPU
42 RAM
44 ROM
46 Internal bus 48, 50 Interface 52 Print engine 54 Position detector 56 EEPROM
60 Computer body 62 Display 64 CPU
66 RAM
68 ROM
70 Internal buses 72, 74, 78 Interface 76 Hard disk 77 Position detector

Claims (7)

A printer that performs printing based on print data,
Position information printer position information acquiring unit detects, acquired as the printer position information for specifying a location which is installed in the printer, this is the first printer position information, the first printer position information acquiring means When,
A printer public key generating unit that generates a first printer public key and a first printer private key using a passphrase including at least the first printer position information, but discards the first printer private key. When,
Printer public key holding means for holding the first printer public key generated by the printer public key generation means;
A printer public key transmitting means for transmitting the first printer public key held in the printer public key holding means to the print client in response to a request from the print client;
An encrypted client random number receiving means for receiving an encrypted client random number generated by encrypting a client random number using the first printer public key from the print client in which a print request has occurred;
After the encrypted client random number receiving means receives the encrypted client random number, the position information detected by the printer position information acquiring means is acquired as the printer position information , and this is used as second printer position information. Printer position information acquisition means;
The second printer public key and the second printer private key are generated by using the passphrase including at least the second printer position information by the same method as the printer public key generation unit. A printer private key generating means for discarding the printer public key; and
Using the second printer secret key generated by the printer secret key generation means, the encrypted client random number is decrypted to obtain a client random number, and the second printer secret key is not retained. A client random number acquisition means to be discarded;
A printer random number generating means for generating a printer random number;
A client public key receiving means for receiving a client public key from the print client;
Encrypted printer random number generation means for generating an encrypted printer random number by encrypting the printer random number using the client public key;
An encrypted printer random number transmission means for transmitting the encrypted printer random number to the print client;
A common key generating means for generating a common key using the printer random number and the client random number by a method defined in common between the printer and the print client;
Encryption generated by encrypting print data using a common key generated using a printer random number obtained by decrypting the transmitted encrypted printer random number from the print client and the client random number Encrypted print data receiving means for receiving print data;
Print data acquisition means for decrypting the encrypted print data and acquiring the print data using the common key;
A common key discarding unit for destroying the common key generated by the common key generating unit after decrypting the encrypted print data by the print data acquiring unit;
A printer comprising: The printer public key generation means uses the passphrase including device unique information that is unique information of the printer in addition to the first printer position information, and uses the first printer public key and the first printer. Generate a private key and
The printer secret key generation unit also generates the second printer public key and the second printer secret key using a passphrase including the device specific information in addition to the second printer position information.
The printer according to claim 1 . A method for controlling a printer that performs printing based on print data,
A step of position information printer position information acquiring unit detects, acquired as the printer position information for specifying a location which is installed in the printer, to do this the first printer position information,
Generating a first printer public key and a first printer private key using a passphrase including at least the first printer position information;
Holding the first printer public key in a printer public key holding unit;
Destroying the first printer private key;
Transmitting the first printer public key held in the printer public key holding means to the print client in response to a request from the print client;
Receiving an encrypted client random number generated by encrypting a client random number using the first printer public key from the print client in which the print request has occurred;
After receiving the encrypted client random number, acquiring the position information detected by the printer position information acquisition means as the printer position information, and using this as the second printer position information;
The second printer public key and the second printer can be obtained by using the passphrase including at least the second printer position information by the same method as the first printer public key and the first printer private key generation method. Generating a secret key;
Decrypting the encrypted client random number using the second printer private key to obtain a client random number;
Destroying the second printer public key and the second printer private key;
Generating a printer random number;
Receiving a client public key from the print client;
Generating an encrypted printer random number by encrypting the printer random number using the client public key;
Sending the encrypted printer random number to the print client;
Generating a common key using the printer random number and the client random number by a method commonly defined between the printer and the print client;
Encryption generated by encrypting print data using a common key generated using a printer random number obtained by decrypting the transmitted encrypted printer random number from the print client and the client random number Receiving print data; and
Using the common key to decrypt the encrypted print data to obtain print data;
Destroying the common key after decrypting the encrypted print data;
A printer control method comprising: A print client that generates print data,
First client position information acquisition means for acquiring position information detected by the client position information acquisition means as client position information for specifying the location where the print client is installed, and using this as the first client position information When,
A client public key generating means for generating a first client public key and a first client private key using a passphrase including at least the first client location information, but discarding the first client private key; ,
Client public key holding means for holding the first client public key generated by the client public key generating means;
In response to a request from the printer, a client public key transmitting unit that transmits the first client public key held in the client public key holding unit to the printer;
Encrypted printer random number acquisition means for acquiring, from the printer, an encrypted printer random number generated by encrypting a printer random number using the first client public key after a print request is generated in the print client When,
After the encrypted printer random number acquisition means acquires the encrypted printer random number, the position information detected by the client position information acquisition means is acquired as the client position information, and this is used as second client position information. 2 client location information acquisition means;
A second client public key and a second client private key are generated using a passphrase including at least the second client position information by the same method as the client public key generation unit, and the second client public key is generated. A client public key generation means for destroying the client public key; and
Using the second client secret key generated by the client secret key generation means, the encrypted printer random number is decrypted to obtain a printer random number, and the second client secret key is not retained. A printer random number acquisition means to be discarded;
A client random number generating means for generating a client random number;
A printer public key receiving means for receiving a printer public key from the printer;
An encrypted client random number generating means for generating an encrypted client random number by encrypting the client random number using the printer public key;
An encrypted client random number transmitting means for transmitting the encrypted client random number to the printer;
A common key generating means for generating a common key using the printer random number and the client random number by a method defined in common between the printer and the print client;
Encrypted print data generation means for generating encrypted print data by encrypting the print data using the common key;
Encrypted print data transmission means for transmitting the encrypted print data to the printer;
A common key discarding unit for destroying the common key generated by the common key generating unit after encrypting the print data by the encrypted print data generating unit;
A print client comprising: A method of controlling a print client that generates print data,
Acquiring the position information detected by the client position information acquisition means as client position information for specifying the location where the print client is installed, and using this as the first client position information;
Generating a first client public key and a first client private key using a passphrase including at least the first client location information;
Causing the client public key holding means to hold the first client public key;
Destroying the first client private key;
Transmitting the first client public key held in the client public key holding means to the printer in response to a request from the printer;
Obtaining an encrypted printer random number generated by encrypting a printer random number from the printer using the first client public key after a print request is generated in the print client;
After acquiring the encrypted printer random number, acquiring the position information detected by the client position information acquisition means as the client position information, and using this as the second client position information;
The second client public key and the second client using a passphrase including at least the second client location information by the same technique as the first client public key and the first client secret key generation technique Generating a secret key;
Decrypting the encrypted printer random number using the second client private key to obtain a printer random number;
Destroying the second client public key and the second client private key;
Generating a client random number;
Receiving a printer public key from the printer;
Generating an encrypted client random number by encrypting the client random number using the printer public key;
Sending the encrypted client random number to the printer;
Generating a common key using the printer random number and the client random number by a method defined in common between the printer and the print client;
Generating encrypted print data by encrypting the print data using the common key;
Transmitting the encrypted print data to the printer;
Destroying the common key after encrypting the print data;
A control method for a print client, comprising: A printing system having a printer that performs printing based on print data and a print client connected to the printer,
The printer is
Position information printer position information acquiring unit detects, acquired as the printer position information for specifying a location which is installed in the printer, this is the first printer position information, the first printer position information acquiring means When,
A printer public key generating unit that generates a first printer public key and a first printer private key using a passphrase including at least the first printer position information, but discards the first printer private key. When,
Printer public key holding means for holding the first printer public key generated by the printer public key generation means;
With
The print client
First client position information acquisition means for acquiring position information detected by the client position information acquisition means as client position information for specifying the location where the print client is installed, and using this as the first client position information When,
A client public key generating means for generating a first client public key and a first client private key using a passphrase including at least the first client location information, but discarding the first client private key; ,
Client public key holding means for holding the first client public key generated by the client public key generating means;
Printer public key transmission request transmission means for transmitting a printer public key transmission request for requesting transmission of the first printer public key to the printer;
The printer further includes:
A printer public key transmission request receiving means for receiving the printer public key transmission request transmitted from the print client;
A printer public key transmission unit that transmits the first printer public key held in the printer public key holding unit to a print client when the printer public key transmission request is received;
With
The print client further includes:
A printer public key receiving means for receiving the first printer public key transmitted from the printer;
A client random number generating means for generating a client random number;
An encrypted client random number generating means for generating an encrypted client random number by encrypting the client random number using the first printer public key;
An encrypted client random number transmission means for transmitting the encrypted client random number to the printer after a print request is generated in the print client;
With
The printer further includes:
An encrypted client random number receiving means for receiving the encrypted client random number transmitted from the print client;
After the encrypted client random number receiving means receives the encrypted client random number, the position information detected by the printer position information acquiring means is acquired as the printer position information, and this is used as second printer position information. 2 printer position information acquisition means;
The second printer public key and the second printer private key are generated by using the passphrase including at least the second printer position information by the same method as the printer public key generation unit. A printer private key generating means for discarding the printer public key; and
Client random number obtaining means for decrypting the encrypted client random number using the second printer private key to obtain a client random number and discarding the second printer private key without holding it;
A printer random number generating means for generating a printer random number;
Client public key receiving means for receiving a first client public key from the print client;
An encrypted printer random number generating means for generating an encrypted printer random number by encrypting the printer random number using the first client public key;
An encrypted printer random number transmission means for transmitting the encrypted printer random number to the print client;
A first common key using the printer random number generated by the printer random number generation means and the client random number acquired by the client random number acquisition means by a method defined in common between the printer and the print client. A first common key generating means for generating
With
The print client further includes:
An encrypted printer random number receiving means for receiving the encrypted printer random number from the printer;
After the encrypted printer random number receiving means receives the encrypted printer random number, the position information detected by the client position information acquiring means is acquired as the client position information, and this is used as second client position information. 2 client location information acquisition means;
A second client public key and a second client private key are generated using a passphrase including at least the second client position information by the same method as the client public key generation unit, and the second client public key is generated. A client public key generation means for destroying the client public key; and
Using the second client secret key generated by the client secret key generation means, the encrypted printer random number is decrypted to obtain a printer random number, and the second client secret key is not retained. A printer random number acquisition means to be discarded;
A second common key using the printer random number acquired by the printer random number acquisition means and the client random number generated by the client random number generation means by a method defined in common between the printer and the print client. A second common key generating means for generating
Encrypted print data generating means for generating encrypted print data by encrypting the print data using the second common key;
Encrypted print data transmission means for transmitting the encrypted print data to the printer;
A second common key discarding unit for discarding the second common key generated by the second common key generation unit after the print data is encrypted by the encrypted print data generation unit;
With
The printer further includes:
From the print client, it receives the encrypted print data, and the encrypted print data receiving means,
Print data acquisition means for decrypting the encrypted print data and acquiring print data using the first common key;
A first common key discarding unit for discarding the first common key generated by the first common key generation unit after decrypting the encrypted print data by the print data acquisition unit;
A printing system comprising: A control method for a printing system, comprising: a printer that performs printing based on print data; and a print client connected to the printer.
A step of position information printer position information acquisition means detects the printer, obtains the printer position information for specifying the installation has been that the location of the printer, to do this the first printer position information,
In the printer, the steps of the first and the printer location information using a pass phrase including at least, to generate the first printer public key and the first printer private key,
A step of holding the raw form and the first printer public key to the printer public key holding means,
Destroying the first printer private key;
Acquiring the position information detected by the client position information acquisition means of the print client as client position information for specifying the location where the print client is installed, and using this as the first client position information;
Generating a first client public key and a first client private key using a passphrase including at least the first client location information in the print client;
Holding the generated first client public key in a client public key holding unit;
Destroying the first client private key;
Transmitting a printer public key transmission request for requesting transmission of the first printer public key from the print client to the printer;
Receiving the printer public key transmission request transmitted from the print client in the printer;
Transmitting the first printer public key held in the printer public key holding means from the printer to the print client when the printer public key transmission request is received;
Receiving at the print client the first printer public key transmitted from the printer;
Generating a client random number in the print client;
Generating an encrypted client random number by encrypting the client random number using the first printer public key in the print client ;
Transmitting the encrypted client random number from the print client to the printer after a print request is generated in the print client;
Receiving the encrypted client random number transmitted from the print client in the printer;
After receiving the encrypted client random number, acquiring the position information detected by the printer position information acquisition means as the printer position information, and using this as the second printer position information;
In the printer, by using the same method as the first printer public key and the first printer private key generation method, using a passphrase including at least the second printer position information, the second printer public key and Generating a second printer private key;
In the printer, using the second printer private key, decrypting the encrypted client random number to obtain a client random number;
Destroying the second printer public key and the second printer private key;
Generating a printer random number in the printer;
Receiving the client public key transmitted from the print client in the printer;
Generating an encrypted printer random number by encrypting the printer random number using the client public key in the printer;
Transmitting the encrypted printer random number from the printer to the print client;
Oite the printer, by the method defined in common between the print client and the printer, using said client random number obtained by decrypting the generated said printer random number, generating a first common key And steps to
Receiving the encrypted printer random number transmitted from the printer at the print client;
After receiving the encrypted printer random number, acquiring the position information detected by the client position information acquisition means as the client position information, and using this as the second client position information;
The second client public key and the second client using a passphrase including at least the second client location information by the same technique as the first client public key and the first client secret key generation technique Generating a secret key;
Decrypting the encrypted printer random number using the second client private key to obtain a printer random number;
Destroying the second client private key and the second client public key;
Generating a second common key using the printer random number generated by decrypting the printer random number and the generated client random number by a method commonly defined between the printer and the print client;
Generating encrypted print data by encrypting the print data using the second common key;
Transmitting the encrypted print data from the print client to the printer;
Destroying the second common key after encrypting the print data;
Receiving the encrypted print data in the printer;
In the printer, using the first common key, decrypting the encrypted print data to obtain print data;
Destroying the common key in the printer after the printer decrypts the encrypted print data;
A control method for a printing system, comprising:

Images