Secure data transmission in a network system of image processing devices

US 7,536,547 B2
Filed: 11/29/2004
Issued: 05/19/2009
Est. Priority Date: 11/27/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securely transmitting digital data relating to a document between a scanner, a printer and a host computer, interconnected by a digital network, the method comprising the steps of:

at a sending station;

generating a document file through a data source, receiving a session-specific user-defined character string from an operator,automatically forming an encryption key based on the user-defined character string,encrypting the document file to produce an encrypted document file, using the encryption key, while automatically leaving one or more predetermined specifying header items in the document file as unencrypted,forming a transmission file including the encrypted document file, andtransmitting the transmission file towards a receiving station; and

at the receiving station;

storing the received transmission file,receiving the same user-defined character string by from operator,automatically forming a decryption key based on the user-defined character string, anddecrypting the encrypted document file to a decrypted document file, using the decryption key,the method further comprising;

at the sending station;

forming an additional file containing metadata relevant for the document file but excluding any decryption clue, the additional file having a first part and a second part, andencrypting only one of the first and second parts of the additional file, using the same encryption key used for encrypting the document file,wherein in the step of forming the transmission file, the additional file is included in the transmission file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for secure transmission of digital document data between multiple devices are provided. At a sending station, a document file is generated and a user-defined character string is inputted by an operator in the local user interface. Then, the sending station automatically forms an encryption key based on the user-defined character string and encrypts the document file therewith. However, one or more predetermined specifying header items of the file are not encrypted, to facilitate recognition and handling of the file. A transmission file, including the encrypted document file, is then transmitted towards a receiving station, where the encrypted document file is decrypted based on the same user-defined character string entered at the sending station, when the latter is entered in the local user interface of the receiving station. Even though the transmission file is encrypted, the unencrypted header items enable file handling, such as routing, and accounting.

Citations

22 Claims

1. A method for securely transmitting digital data relating to a document between a scanner, a printer and a host computer, interconnected by a digital network, the method comprising the steps of:
- at a sending station;
  
  generating a document file through a data source, receiving a session-specific user-defined character string from an operator,automatically forming an encryption key based on the user-defined character string,encrypting the document file to produce an encrypted document file, using the encryption key, while automatically leaving one or more predetermined specifying header items in the document file as unencrypted,forming a transmission file including the encrypted document file, andtransmitting the transmission file towards a receiving station; and
  
  at the receiving station;
  
  storing the received transmission file,receiving the same user-defined character string by from operator,automatically forming a decryption key based on the user-defined character string, anddecrypting the encrypted document file to a decrypted document file, using the decryption key,the method further comprising;
  
  at the sending station;
  
  forming an additional file containing metadata relevant for the document file but excluding any decryption clue, the additional file having a first part and a second part, andencrypting only one of the first and second parts of the additional file, using the same encryption key used for encrypting the document file,wherein in the step of forming the transmission file, the additional file is included in the transmission file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the steps performed at the receiving station are performed without a validity check of the user-defined character string.
  - 3. The method of claim 1, wherein said unencrypted specifying header items are items suitable for accounting purposes.
  - 4. The method of claim 1, wherein said unencrypted specifying header items are items suitable for routing of the transmission file in a multi-printer system.
  - 5. The method of claim 1, wherein the sending station splits the transmission file into two parts and first transmits only one part of the transmission file to the receiving station, andwherein the receiving station, upon an operator selection of the transmission file, sends a request to the sending station, to transmit the remaining part of the transmission file.
  - 6. The method of claim 5, wherein the sending station scrambles transmitted files by block permutation.
  - 7. The method of claim 5, wherein the sending station checks an identity of the requesting receiving station, and only if the requesting station is authorized, transmits the requested transmission file part.
  - 8. The method of claim 1, wherein the sending station splits the transmission file using a splitting algorithm based on the level of an elementary data item.
  - 9. The method of claim 1, wherein the receiving station performs a decryption of the transmission file and a processing of the decrypted document file in volatile memory only.
  - 10. The method of claim 1, wherein the receiving station is a printer having a local user interface for inputting, by an operator, the character string used to form the decryption key.
  - 11. The method of claim 10, wherein the printer extracts the non-encrypted part of the transmission file and uses data contained therein to present the relevant document file at its local user interface to be selected by an operator for printing.
  - 12. The method of claim 10, wherein the sending station includes a printer driver with an optional setting for secure print data transmission, and the method further comprises overruling, from a central place in the network, any optional security setting so that secure data transmission is forcedly selected.
  - 13. The method of claim 10, wherein the sending station first sends only the non-encrypted part of the transmission file to the printer, the receiving station uses data contained in the non-encrypted part to present the relevant document file at its local user interface to be selected by an operator for further processing, and the receiving station, upon an operator selection of a document file, sends a request to the sending station, to transmit the relevant transmission file.
  - 14. The method of claim 1, wherein the sending station is a scanner having a local user interface and requests an operator to input an encryption string in advance of a scanning process.

15. A system including at least two image processing devices, and adapted for secure transmission of digital data relating to a document between the at least two image processing devices, the system comprising:
- a sending station including;
  
  a user interface for inputting a session-specific user-defined character string by an operator,a key former for automatically forming an encryption key based on the user- defined character string,an encryption module for encrypting a document file to produce an encrypted document file, using the encryption key, while automatically leaving one or more predetermined specifying header items in the document file as unencrypted,a file former for forming a transmission file including the encrypted document file, anda transmitter for transmitting the transmission file towards a receiving station; and
  
  a receiving station including;
  
  a receiver for receiving the transmission file from the sending station,a storage unit for storing the received transmission file,a user interface for inputting a user-defined character string by an operator,a second key former for automatically forming a decryption key based on the input user-defined character string, anda decryption module for decrypting the encrypted document file to a decrypted document file, using the decryption key,wherein the sending station further includes;
  
  a module for forming an additional file containing metadata relevant for the document file but not including any decryption clue, the additional file having a first part and a second part, andwherein the encryption module also encrypts only one of the first and second parts of the additional file using the same encryption key used for encrypting the document file, and the additional file is included in the transmission file.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The system of claim 15, wherein the receiving station excludes means for checking validity of the user-defined character string inputted at the user interface of the receiving station.
  - 17. The system of claim 15, wherein the sending station further includes a file splitter for splitting the transmission file into two parts, the transmitter first transmits only one part of the transmission file to the receiving station, and the receiving station further includes a requester for, upon an operator selection of a transmission file on the user interface of the receiving station, sending a request to the sending station, to transmit the remaining part of the transmission file.
  - 18. The system of claim 15, wherein the decryption module and any module in the receiving station intended for processing the decrypted document file work in volatile memory only.
  - 19. The system of claim 15, wherein the receiving station is a printer.
  - 20. The system of claim 19, wherein the sending station includes a printer driver for secure transmission of print data to the receiving station.
  - 21. The system of claim 15, wherein the receiving station is a multiple-printer system.
  - 22. The system of claim 15, wherein the sending station is a scanner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Océ-Technologies B.V. (Canon Inc.)
Original Assignee
Océ-Technologies B.V. (Canon Inc.)
Inventors
Van Den Tillaart, Robertus C. W. T. M.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Wyszynski; Aubrey H

Application Number

US10/997,960
Publication Number

US 20050154884A1
Time in Patent Office

1,632 Days
Field of Search

713/165, 713/184
US Class Current

713/165
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/608   Secure printing

H04L 63/0435   wherein the sending and rec...

H04L 63/067   using one-time keys cryptog...

H04L 67/02   based on web technology, e....

H04L 69/329   in the application layer [O...

Secure data transmission in a network system of image processing devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data transmission in a network system of image processing devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links