In a system that print data is transmitted from a host such as a personal computer or the like to a printer and then printed, there is a potential risk that the print data is wiretapped or falsified on its transmission route.
Moreover, after the print data is received by the printer, if the received data is automatically printed on a recording medium and the data-printed recording medium is automatically discharged as it always has been in the past, there is a potential risk that an attacker (that is; a person who acts maliciously) might take away an output printed material on the printer.
To cope with these risks, it is necessary to improve the system. More specifically, in the improved system, a job is first encrypted, the encrypted job is transmitted to the printer, and the transmitted job is stored in the printer as it is. Subsequently, a user walks up to the printer and confirms the job stored in the printer, and then the stored job is decoded (or decrypted) and printed for the first time.
Incidentally, in a case where the plural jobs are stored and held as a print queue in the printer, the user has to correctly identify or discriminate only the user's own job from among the stored jobs. However, since the stored jobs themselves have been encrypted, it is impossible for the user to use a conventional method of scanning all the stored jobs to extract only the job of which the header portion includes an ID corresponding to a user's own ID.
FIG. 6 is a schematic diagram conceptually showing such a problem as described above. That is, as shown in FIG. 6, host PC's (personal computers) 101 and 105 and a device 102 having a print function are mutually connected to others through a network 104. Here, it is assumed that three encrypted print jobs (jobs 1 to 3) in all are transmitted from the host PC's 101 and 105 to the device 102. In this case, the device 102 holds these encrypted jobs as it is in a job holding area 103 of the device 102 without executing them.
Here, it is further assumed that a certain user A (not shown) who uses the host PC 101 walks up to the device 102 and directly releases the user's own encrypted print job held therein with a view to start printing.
In this connection, a problem in this case is how to recognize which of the three jobs 1 to 3 is the user's own job.
More specifically, since the stored jobs have been encrypted, it is impossible to use a method of extracting from among the stored jobs the job of which the user identifier embedded in the header thereof corresponds to the user's ID. On another front, a method of not encrypting only the portion of the user identifier is devised. However, if this method is used, a secret of the fact that the user A executes the printing cannot be maintained, whereby it is undesirable for a security reason.
As just described, in the case where the plural jobs have been stored and held in the printer, some kind or another method of identifying the job of the relevant user from among the stored jobs is necessary so as to correctly print the relevant job.
Incidentally, as the related background art concerning identification of the job stored and held in the printer, there is a method as described in, e.g., Japanese Patent Application Laid-Open No. 2001-105690 (hereinafter called a patent document 1).
FIG. 7 is a conceptional diagram for simply explaining the method described in the patent document 1. That is, according to the method of the patent document 1, a host PC 201 transmits print data 211 to a device 202. Then, the device 202 which received the print data 211 generates a personal identification code 212 for uniquely identifying the received print data 211, and then transmits the generated personal identification code 212 to the host PC 201. After then, a user who received the personal identification code 212 from the device 202 on the side of the host PC 201 moves to the device 202 and inputs the received personal identification code 212 in the device 202 to identify the user's own job. Subsequently, the user acquires the output result from the user's own job.
However, in the method of the patent document 1, it is necessary to execute an unsafe procedure that a number for protecting the encrypted print job is notified from the device side to the host side on the way.
Moreover, the patent document 1 is silent about job encryption for preventing wiretap. Furthermore, even if a print job has been encrypted, an attacker might attempt to damage print data or falsify the print job. Here, it should be noted that an attacker's purpose of falsification of the print job is to attain wasting of paper and the like on the device side by causing the device side to output a large number of meaningless print results. In any case, although it is further necessary to cope with such attack, the patent document 1 is also silent about this.