SYSTEM, METHOD, AND PROGRAM FOR PROVIDING WILL-CALL CERTIFICATES FOR GUARANTEEING AUTHORIZATION FOR A PRINTER TO RETRIEVE A FILE DIRECTLY FROM A FILE SERVER UPON REQUEST FROM A CLIENT IN A NETWORK COMPUTER SYSTEM ENVIRONMENT
First Claim
1. A method for printing, across the internet, a file residing at a file server, the method comprising:
- requesting authorization, by a first computer system to the file server, to print the file;
issuing, from the file server to the first computer system, in response to the request, a certificate capable of being passed on to a print server and containing information needed by the print server, including an Internet address of the first computer system and an identifier of the print server to print the file, to request the file;
sending the certificate from the first computer system to the print server;
sending a message, from the print server to the file server, requesting the file and including the certificate as an authorization to receive the file; and
sending the file from the file server to the print server after verifying, from the contents of the certificate, that the included certificate is the same certificate issued to the first computer system and that the print server sending the message requesting the file is the print server identified in the certificate.
5 Assignments
0 Petitions
Accused Products
Abstract
The system, method, and program of this invention enables a client system to pass authorization, received from a file source, to a printer to retrieve and print a file directly from the file source without the client system ever receiving a copy of the file. The client system, print server, and file source are communicatively connected across a network. When the client system requests authorization from the file source, the file source creates a “will-call” certificate which contains the distinguished name of the file source, a path to the file, a digital signature of the file source, a validity date, and a unique tracking number for that certificate created by that file source. The will-call certificate is sent to the client, which sends it on to the print server. The print server uses the distinguished name of the file source and path to the file in the will-call certificate to locate the file and request the file directly from the file source. The print server'"'"'s request to the file source also includes the will-call certificate. The file source can verify various aspects of the will-call certificate'"'"'s validity through the digital signature, the validity date, and/or the tracking number. If the request is valid, the file source sends the file directly to the print server.
214 Citations
51 Claims
-
1. A method for printing, across the internet, a file residing at a file server, the method comprising:
-
requesting authorization, by a first computer system to the file server, to print the file;
issuing, from the file server to the first computer system, in response to the request, a certificate capable of being passed on to a print server and containing information needed by the print server, including an Internet address of the first computer system and an identifier of the print server to print the file, to request the file;
sending the certificate from the first computer system to the print server;
sending a message, from the print server to the file server, requesting the file and including the certificate as an authorization to receive the file; and
sending the file from the file server to the print server after verifying, from the contents of the certificate, that the included certificate is the same certificate issued to the first computer system and that the print server sending the message requesting the file is the print server identified in the certificate. - View Dependent Claims (2, 3)
encrypting the file with the file server, wherein a file server key is needed to decrypt the file, wherein the encrypted file is sent to the print server; and
encrypting, with the file server, the file server key with the print server public key; and
sending the encrypted file server key to the printer server, wherein the print server decrypts the file server key using the print server private key and then decrypts the file using the decrypted file server key to access the file to print.
-
-
4. A network system including a first computer system, a print server, and a file server communicatively connected across the Internet, the network system comprising:
-
means for requesting authorization, by a first computer system to the file server, to print a file;
a certificate, issued by the file server to the first computer system, in response to the request, containing a digital signature of the file server and containing information needed by the print server, including the Internet address of the first computer system and an identifier of the print server to print the file, to request the file;
means for sending, from the first computer system, the certificate to the print server;
means for sending a message, from the print server to the file server, requesting the file and including the certificate as an authorization to receive the file; and
means for verifying, from the contents of the certificate, by the file server that the included certificate is the same certificate issued to the first computer system and that the print server sending the message requesting the file is the print server identified in the certificate; and
means for sending the file from the file server to the print server. - View Dependent Claims (5, 6)
means for encrypting the file with the file server, wherein a file server key is needed to decrypt the file, wherein the encrypted file is sent to the print server; and
means for encrypting, with the file server, the file server key with the print server public key; and
means for sending the encrypted file server key to the printer server, wherein the print server decrypts the file server key using the print server private key and then decrypts the file using the decrypted file server key to access the file to print.
-
-
7. A method, executed in a first computer system, comprising;
-
sending a request across a network to a file server to print a file residing at the file server by a remote printer via the network;
receiving, across the network, authorization including a digital signature of the file server and an identifier of the printer to print the file; and
passing the authorization across the network to the printer to enable the printer to subsequently fetch the file directly from the file server to print the file, wherein the file server allows the printer to fetch the file if the printer requesting the file is the printer identified in the authorization. - View Dependent Claims (8, 9)
-
-
10. A first computer system, comprising:
-
means for sending a request across a network to a file server to print a file residing at the file server by a remote printer;
an authorization, received across the network from the file server, including a digital signature of the file server and an identifier of the printer to print the file; and
means for passing the authorization across the network to the printer to enable the printer to subsequently fetch the file directly from the file server to print the file, wherein the file server allows the printer to fetch the file if the printer requesting the file is the printer identified in the authorization. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method, executed in a file server, comprising:
-
granting, in response to a request from a first computer system for authorization for access to a file residing at the file server, a certificate of authorization, including within its contents a digital signature of the file server and an identifier of a print server to print the file, capable of being passed to the print server over a network from the first computer system;
receiving, across the network, the certificate of authorization from the print server requesting direct access to the file for printing;
verifying, through the contents of the certificate, that the certificate is a same unchanged certificate that was granted to the first computer system and that the print server requesting direct access to the file is the printer server identified in the data structure; and
sending the file to the print server if the certificate and identity of the requesting print server are verified. - View Dependent Claims (16, 17, 18, 19)
logging an entry when creating the certificate of authorization indicating the serial number of the data structure and the identity of the print server and the file to which the data structure enables access, and wherein verifying the data structure further comprises determining whether the logged information matches the serial number, identity of the print server, and the file to access indicated in the data structure being verified.
-
-
18. The method of claim 15, wherein the request from the first computer system provides information on an identity of the print server that will request the file.
-
19. The method of claim 15, wherein the request from the first computer system includes a print server public key, wherein the print server has a private key that is capable of decrypting data encrypted using the print server public key, farther comprising:
-
encrypting the file, wherein a file server key is needed to decrypt the file, wherein the encrypted file is sent to the print server; and
encrypting the file server key with the print server public key, wherein the print server decrypts the file server key using the print server private key and then decrypts the file using the decrypted file server key to access to print.
-
-
20. A file server comprising:
-
means for receiving a request from a first computer system for authorization for access to a file residing at the file server by a remote print server across a network;
a data structure, on a computer-usable medium, created in response to the request, containing information needed by the print server to access the file and information needed by the file server to guarantee validity of the data structure, wherein the data structure identifies the print server that will request the file for printing;
means for sending the data structure to the first computer system;
means for receiving, from across the network, the data structure from the print server requesting direct access to the file for printing;
means for verifying, through the contents of the data structure, that the data structure is a same unchanged data structure that was sent to the first computer system and that the print server requesting direct access to the file is the printer server identified in the data structure; and
sending the file to the print server if the data structure and identity of the requesting print server are verified. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
logging an entry when creating the data structure indicating the serial number of the data structure and the identity of the print server and the file to which the data structure enables access, and wherein verifying the data structure farther comprises determining whether the logged information matches the serial number, identity of the print server, and the file to access indicated in the data structure being verified.
-
-
23. The file server of claim 20, wherein the request from the first computer system provides information on the remote print server that will request the file.
-
24. The file server of claim 20, wherein the request from the first computer system includes a remote print server public key, wherein the print server has a private key that is capable of decrypting data encrypted using the print server public key, further comprising:
-
encrypting the file, wherein a file server key is needed to decrypt the file, wherein the encrypted file is sent to the print server; and
encrypting the file server key with the print server public key, wherein the print server decrypts the file server key using the print server private key and then decrypts the file using the decrypted file server key to access to print.
-
-
25. The file server of claim 20 wherein the data structure contains a digital signature of the file server.
-
26. The file server of claim 20 wherein the data structure contains a distinguished name of the file server, a path to the file, a digital signature of the file server, a validity date, and a unique number for the data structure created by the file server.
-
27. The file server of claim 20 wherein the data structure contains a printer ID and network address of a print server specified in the request.
-
28. A computer program, on a computer useable medium, wherein the computer program is capable of causing a server including at least one file to perform:
-
receiving a request from a first computer system for authorization for access to a file residing at a file server by a remote print server across a network, wherein the request provides information on the remote print server that will request the file;
creating a data structure in response to the request containing information needed by the print server to access the file and information needed by the file server to guarantee validity of the data structure, wherein the data structure identifies the print server that will request the file for printing;
sending of the data structure to the first computer system;
receiving, from across the network, the data structure from the printer server requesting direct access to the file for printing;
verifying, through the contents of the data structure, that the data structure is a same unchanged data structure that was sent to the first computer system and that the print server requesting direct access to the file is the printer server identified in the data structure; and
enabling the sending of the file to the print server if the data structure and identity of the requesting print server are verified. - View Dependent Claims (29, 30, 31, 32)
logging an entry when creating the data structure indicating the serial number of the data structure and the identity of the print server and the file to which the data structure enables access, and wherein verifying the data structure further comprises determining whether the logged information matches the serial number, identity of the print server, and the file to access indicated in the data structure being verified.
-
-
31. The computer program of claim 28, wherein the request from the first computer system provides information on the remote print server that will request the file.
-
32. The computer program of claim 28, wherein the request from the first computer system includes a print server public key, wherein the print server has a private key that is capable of decrypting data encrypted using the print server public key, further comprising:
-
encrypting the file, wherein a file server key is needed to decrypt the file, wherein the encrypted file is sent to the print server; and
encrypting the file server key with the print server public key, wherein the print server decrypts the file server key using the print server private key and then decrypts the file using the decrypted file server key to access to print.
-
-
33. A method, executed in a print server, comprising:
-
receiving a request from a first computer system across a network to retrieve a file from a file server across the network for printing by the printer server for the first computer system;
receiving a certificate with the request containing information needed by the print server to locate the file and to guarantee an authorization from the file server to retrieve the file for printing, wherein the certificate identifies the print server, wherein the file server verifies that the print server using the certificate to access the file is the printer server identified in the certificate;
sending the certificate, across the network, to the file server; and
receiving the file from the file server. - View Dependent Claims (34)
receiving a file server key encrypted with a printer server public key, wherein the file received from the file server is encrypted and can be decrypted with the file server key;
decrypting the file server key with the print server public key; and
decrypting the file using the decrypted file server key to access to print.
-
-
35. A print server, comprising:
-
means for receiving a request from a first computer system across a network to retrieve a file from a file server across the network for printing by the printer server for the first computer system;
a data structure, received with the request, resident on a computer-usable medium, containing information needed by the print server to locate the file and to guarantee an authorization from the file server to retrieve the file for printing, wherein the certificate identifies the print server, wherein the file server verifies that the print server using the certificate to access the file is the printer server identified in the certificate;
means for sending the certificate, across the network, to the file server; and
means for receiving the file from the file server. - View Dependent Claims (36, 37)
means for receiving a file server key encrypted with a printer server public key, wherein the file received from the file server is encrypted and can be decrypted with the file server key;
means for decrypting the file server key with the print server public key; and
means for decrypting the file using the decrypted file server key to access to print.
-
-
38. A method executed across a network of a first computer system, a second computer system, and a third computer system, the method comprising:
-
requesting authorization, by the second computer system to the first computer system, to retrieve a file;
issuing, in response to the request, from the first computer system to the second computer system, a certificate including information identifying a third computer system wherein the certificate is capable of being passed on to a third computer system and containing information needed by the third computer system to request the file, and capable of being authenticated by the first computer system;
sending the certificate and a request to retrieve the file from the second computer system to the third computer system;
sending a message, from the third computer system to the first computer system, requesting the file and including the certificate as authorization to receive the file;
verifying, by the first computer system, that the included certificate is a same unchanged certificate that was issued to the second computer system and that the third computer system sending the message is the same third computer system identified in the certificate; and
sending the file to the third computer system if the certificate is verified. - View Dependent Claims (39, 40)
encrypting, with the first computer system, the file, wherein a file key is needed to decrypt the file, wherein the encrypted file is sent to the third computer system; and
encrypting, with the first computer system, the file key with the third computer system public key;
decrypting, with the third computer system, the file key using the third computer system private key;
decrypting, with the third computer system, the file using the decrypted file key to access the file.
-
-
41. A networked system having first, second, and third computer systems communicatively linked to each other for printing, by the third computer system having a printer, a file residing at a first computer system acting as a server with a file source, the system comprising:
-
means for requesting authorization, by the second computer system to the first computer system, to print the file;
means for issuing, in response to the request, from the first computer system to the second computer system, a certificate including information identifying a third computer system, wherein the certificate is capable of being passed on to a third computer system and containing information needed by the third computer system to request the file, and capable of being authenticated by the first computer system;
means for sending the certificate and a request to print the file from the second computer system to the third computer system;
means for sending a message, from the third computer system to the first computer system, requesting the file and including the certificate as authorization to receive the file;
means for verifying, by the first computer system, that the included certificate is a same unchanged certificate that was issued to the second computer system and that the third computer system sending the message is the same third computer system identified in the certificate; and
means for sending the file to the third computer system if the certificate is verified. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
means for encrypting, with the first computer system, the file, wherein a file key is needed to decrypt the file, wherein the encrypted file is sent to the third computer system;
means for encrypting, with the first computer system, the file key with the third computer system public key;
means for decrypting, with the third computer system, the file key using the third computer system private key; and
decrypting, with the third computer system, the file using the decrypted file key to access the file.
-
Specification