Secure printing method
First Claim
1. A method for secure printing between a printer client and a printer, comprising:
- the printer generating and storing a session identifier;
the printer sending the session identifier to the printer client;
the printer client encrypting print data;
the printer client sending the encrypted print data to the printer;
the printer client computing a first hash value for the print data and the session identifier and the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer decrypting the encrypted print data;
the printer computing a second hash value for the decrypted print data and session identifier, the printer decrypting the first hash value, and the printer comparing the first hash value to the second hash value; and
if the first and second hash values match and if the session identifier is in storage, the printer deleting the session identifier from storage and printing the data.
2 Assignments
0 Petitions
Accused Products
Abstract
An encryption security system for printer client/printer communications that reduces or eliminates the risk of replay attacks. The validity of a secure print job is determined using a public/private key pair. The printer client encrypts print data using the public key of the public/private key pair or, preferably, a session key. If the print job is determined to be valid, the printer decrypts the print data and prints the data. In one preferred version of the invention, the validity of the print job is determined by (1) the printer generating and storing a print session identifier, (2) the printer sending the session identifier to the printer client, (3) the printer client sending the session identifier back to the printer along with the encrypted print data in a manner that ties the session identifier to the print data, and (4) the printer determining if the session identifier received from the printer client has changed from that originally sent to the printer client and if the session identifier received from the printer client is in storage. If the session identifier has not changed and it is in storage, then the printer deletes the session identifier from storage and prints the print data.
-
Citations
12 Claims
-
1. A method for secure printing between a printer client and a printer, comprising:
-
the printer generating and storing a session identifier;
the printer sending the session identifier to the printer client;
the printer client encrypting print data;
the printer client sending the encrypted print data to the printer;
the printer client computing a first hash value for the print data and the session identifier and the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer decrypting the encrypted print data;
the printer computing a second hash value for the decrypted print data and session identifier, the printer decrypting the first hash value, and the printer comparing the first hash value to the second hash value; and
if the first and second hash values match and if the session identifier is in storage, the printer deleting the session identifier from storage and printing the data.
-
-
2. A method for secure printing between a printer client and a printer, comprising:
-
the printer client computing a first hash value for the print data;
the printer client encrypting the print data and sending the encrypted print data to the printer;
the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer decrypting the encrypted print data;
the printer computing a second hash value for the decrypted print data;
the printer decrypting the first hash value;
the printer comparing the first hash value to the second hash value; and
if the hash values match, printing the print data. - View Dependent Claims (3, 4)
-
-
5. A method for secure printing between a printer client and a printer, comprising:
-
the printer generating a session identifier;
the printer sending the session identifier to the printer client;
the printer client encrypting data to be printed and sending the encrypted print data to the printer;
the printer client computing a first hash value for the print data and the session identifier and the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer decrypting the print data;
the printer computing a second hash value for the decrypted print data and session identifier;
the printer decrypting the first hash value;
the printer comparing the first hash value to the second hash value; and
if the first and second hash values are the same, the printer printing the print data.
-
-
6. A method for secure printing between a printer client and a printer, comprising:
-
initiating a secure print job with a public/private encryption key pair the printer generating and storing a session identifier;
the printer sending the public key and the session identifier to the printer client;
the printer client generating a session key;
the printer client encrypting the session key using the printer'"'"'s public key and sending the encrypted session key to the printer;
the printer client computing a first hash value for the print data;
the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer client encrypting data to be printed using the session key and sending the encrypted print data to the printer;
the printer client sending the session identifier to the printer in a manner that ties the session identifier to the print data;
the printer decrypting the session key using its private key;
the printer decrypting the print data using the session key;
the printer determining if the session identifier has changed;
the printer determining if the session identifier is in storage;
the printer computing a second hash value for the decrypted print data;
the printer decrypting the first hash value;
the printer comparing the first hash value to the second hash value; and
if the hash values match and if the session identifier has not changed and the session identifier is in storage, the printer deleting the session identifier from storage and printing the print data.
-
-
7. A computer readable medium having instructions thereon for:
-
the printer generating and storing a session identifier;
the printer sending the session identifier to the printer client;
the printer client computing a first hash value for the print data and the session identifier and the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer client encrypting print data;
the printer client sending the encrypted print data to the printer;
the printer decrypting the encrypted print data;
the printer computing a second hash value for the decrypted print data and session identifier, the printer decrypting the first hash value, and the printer comparing the first hash value to the second hash value; and
if the first and second hash values match and if the session identifier is in storage, the printer deleting the session identifier from storage and printing the data.
-
-
8. A computer readable medium having instructions thereon for:
-
the printer client computing a first hash value for print data;
the printer client encrypting the print data and sending the encrypted print data to the printer;
the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer decrypting the encrypted print data;
the printer computing a second hash value for the decrypted print data;
the printer decrypting the first hash value;
the printer comparing the first hash value to the second hash value; and
if the hash values match, printing the print data. - View Dependent Claims (9, 10)
-
-
11. A computer readable medium having instructions thereon for:
-
the printer generating a session identifier;
the printer sending the session identifier to the printer client;
the printer client encrypting data to be printed and sending the encrypted print data to the printer;
the printer client computing a first hash value for the print data and the session identifier and the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer decrypting the print data;
the printer computing a second hash value for the decrypted print data and session identifier;
the printer decrypting the first hash value;
the printer comparing the first hash value to the second hash value; and
if the first and second hash values are the same, the printer printing the print data.
-
-
12. A computer readable medium having instructions thereon for:
-
initiating a secure print job with a public/private encryption key pair the printer generating and storing a session identifier;
the printer sending the public key and the session identifier to the printer client;
the printer client generating a session key;
the printer client encrypting the session key using the printer'"'"'s public key and sending the encrypted session key to the printer;
the printer client computing a first hash value for the print data;
the printer client encrypting the first hash value and sending the encrypted first hash value to the printer;
the printer client encrypting data to be printed using the session key and sending the encrypted print data to the printer;
the printer client sending the session identifier to the printer in a manner that ties the session identifier to the print data;
the printer decrypting the session key using its private key;
the printer decrypting the print data using the session key;
the printer determining if the session identifier has changed;
the printer determining if the session identifier is in storage;
the printer computing a second hash value for the decrypted print data;
the printer decrypting the first hash value;
the printer comparing the first hash value to the second hash value; and
if the hash values match and if the session identifier has not changed and the session identifier is in storage, the printer deleting the session identifier from storage and printing the print data.
-
Specification