Secure printing
First Claim
1. A method of printing a document in a distributed computer system having a client, a print server, printing apparatus and a network for interconnecting components of the distributed computer system, the method comprising the steps of:
- a sender selecting a document to be printed, identifying an intended recipient for the document and causing the client to transmit to the print server the document accompanied by a first identifier for the intended recipient;
receiving and storing the document and the associated first identifier on the print server;
a recipient providing the printing apparatus with a second identifier, the printing apparatus receiving the second identifier and transmitting to the print server a request, including the second identifier, to receive documents from the print server;
the print server receiving the request, then comparing the second identifier with the stored first identifier and for only matching identifiers, forwarding the document associated with the first identifier to the printing apparatus; and
the printing apparatus receiving and printing the document.
2 Assignments
0 Petitions
Accused Products
Abstract
In a distributed computing environment, a user is able to send a document to a secure printer (140) in such a way that only a specified intended recipient can print the document.
When the user specifies that the document is to be printed securely, a special print job is created in which the document is encrypted using a session key and a bulk encryption algorithm, and the session key is encrypted using the intended recipient'"'"'s public key. Then, the encrypted session key, the encrypted document and an indication of the intended recipient'"'"'s identity is transmitted to a print server (130), where the print job is held.
When the recipient'"'"'s smart card (145) is inserted into a smart card reader of the secure printer (140), the recipient'"'"'s identity, taken from the smart card (145), is transmitted to the print server (130). The print server uses the identity to search for and retrieve documents intended for the recipient. If the recipient is the intended recipient, the encrypted document and encrypted session key are transmitted to the secure printer (140). The secure printer (140) then forward the encrypted session key to the smart card (145), which decrypts the session key using an embedded private key. Then secure printer (140) receives and uses the session key to decrypt the encrypted document and, finally, prints the document for the recipient.
363 Citations
25 Claims
-
1. A method of printing a document in a distributed computer system having a client, a print server, printing apparatus and a network for interconnecting components of the distributed computer system, the method comprising the steps of:
-
a sender selecting a document to be printed, identifying an intended recipient for the document and causing the client to transmit to the print server the document accompanied by a first identifier for the intended recipient;
receiving and storing the document and the associated first identifier on the print server;
a recipient providing the printing apparatus with a second identifier, the printing apparatus receiving the second identifier and transmitting to the print server a request, including the second identifier, to receive documents from the print server;
the print server receiving the request, then comparing the second identifier with the stored first identifier and for only matching identifiers, forwarding the document associated with the first identifier to the printing apparatus; and
the printing apparatus receiving and printing the document. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
encrypting the document using a first key, the first key being the key of a symmetric encryption algorithm;
encrypting the first encryption key using a second key, the second key being the public key of an asymmetric encryption algorithm; and
transmitting to the print server the encrypted document and the first identifier accompanied by the associated encrypted first key.
-
-
8. A method according to claim 6, wherein the client obtains the second key from a key repository on the basis of the identity of the intended recipient.
-
9. A method according to claim 7, further comprising the printing apparatus:
-
receiving the encrypted first key from the print server in response to the request;
forwarding the encrypted first key to the smart card such that the smart card decrypts the encrypted first key using the secret and returns the first key tot he printing apparatus, the secret being the private key of the asymmetric encryption algorithm; and
using the first key to decrypt the encrypted document.
-
-
10. Printing apparatus configured for operation according to the method of claim 1.
-
11. A client configured for operation according to the method of claim 1.
-
12. A print server configured for operation according to the method of claim 1.
-
13. A distributed computing system configured for operation according to the method of claim 1.
-
14. Printing apparatus for use in a distributed computer system responding to a client, and having (a) a print server, (b) the printing apparatus and (c) a network for interconnecting components of the distributed computer system, the system enabling (a) a sender to select a document to be printed, (b) an intended recipient for the document to be identified, (c) the client to transmit to the print server the document accompanied by a first identifier for the intended recipient, and (d) the print server to receive and store the document and the associated first identifier;
-
the printing apparatus comprising a receiver for a second identifier and a transmitter for transmitting to the print server a request, including the second identifier, to receive documents from the print server;
the print server being arranged for receiving the request, then comparing the second identifier with the stored first identifier and, for only matching identifiers, forwarding the document associated with the first identifier to the printing apparatus; and
the printing apparatus receiver being arranged for receiving and printing the document forwarded to the print server. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
the receiver is arranged to receive from the print server, in response to the request, an encrypted first key;
the transmitter is arranged to forward the encrypted first key to the smart card such that the smart card decrypts the encrypted first key using the secret and returns the first key; and
further including adecrypter for the encrypted document using the first key.
-
-
21. Printing apparatus according to claim 17, further comprising a casing configured to contain the components of the printing apparatus including an integrated smart card reader, the casing having a slot therein for receiving a smart card through the casing into the smart card reader.
-
22. Printing apparatus according to claim 17, further including an interface and a smart card reading device connected to the printer via the printer interface.
-
23. Printing apparatus according to claim 22, wherein the smart card reading device comprises an interface for connecting the device to the smart card reading network.
-
24. Printing apparatus according to claim 23, wherein the smart card reading device comprises:
-
an extractor of the user identity from the smart card;
a generator and transmitter of the request via the network to the print server;
a receiver from the print server of an encrypted document and an encrypted key;
a transmitter of the encrypted key to the smart card, such that the smart card decrypts and returns the key;
a decrypter of the encrypted key to the smart card, such that the smart card decrypts and returns the key; and
a transmitter to the printer of the document to be printed.
-
-
25. A smart card reading device configured for operation with printing apparatus according to claim 22.
Specification