1. Field of the Invention
This invention generally relates to digital image processing and, more particularly, to a system and method for controlling access to an imaging device, while securing the imaging job information when it transmitted between imaging clients and imaging devices.
2. Description of the Related Art
FIG. 1A is a diagram depicting a secure imaging job transmission method (prior art). One conventional method of secured printing uses encryption to prevent unauthorized access to information contained within an imaging job, when the job is transmitted between an imaging client, network server, and an imaging device such as a multifunctional peripheral (MFP). Generally, a public/private key encryption scheme. One such schema involves the generation of a single public/private encryption key by the imaging device, using the RSA algorithm for example. Using this algorithm, information can be encrypted using a public key, but only decrypted using the private key component. Thus, users can encrypt data to a receiver using the receiver's public key, without knowledge of the receiver's private key.
In this method, the imaging device advertises its public key. Generally, the imaging client obtains the advertised public key either directly from the device itself, using a device management protocol such as SNMP for example, or from a key server. In the later case, the imaging device registers itself, using information that uniquely identifies the device, and its public key with a public key server. An imaging client obtains the public key with a query that identifies the imaging device. The key server then transmits the public key associated with the imaging device to the client.
Once the imaging client has received the public key, the imaging client encrypts the imaging job in a manner that is compatible with the imaging device, for example in a compatible format layout, and transmits the imaging job to the imaging device. The imaging device, upon receipt of the imaging job, decrypts the imaging job and performs requested tasks.
Conversely, the imaging device may need to transmit an imaging job, or the result of a job, to an imaging client in a secure manner. In this case, the imaging client generates a public/private encryption key and registers itself and its public key with the key server. The imaging device encrypts the imaging job, or job result in a manner compatible with the imaging client, using the imaging client's public key.
While this method secures the transmission of the imaging job to the imaging device, it does not provide for any access control. That is, anybody, at anytime, can send any imaging job to/from the imaging device.
FIG. 1B is a drawing of a method that combines access control with secure imaging job transmissions (prior art). In this method, encryption is combined with the use of an access server and IP filtering. The imaging device supports IP filtering, restricting access to the imaging device to a specified list of network addresses, for example IP addresses. In one implementation, the imaging device is configured to only accept imaging jobs from a single imaging server. The imaging server then implements both the access control and the despooling of imaging jobs to/from the imaging device. Generally, the following sequence of events occurs:
1. An imaging client makes a request to the imaging server to despool the imaging job to/from imaging device.
2. The imaging server determines whether the request is authorized. If not, the process stops here.
3. The imaging server authorizes the despooling of the imaging job and sends the imaging device public key to the client.
4. The imaging client encrypts the imaging job using the public key and despools the imaging job to the imaging server.
5. The imaging server, either immediately or subsequently, despools the imaging job to the imaging device.
6. Upon receipt of a request to despool an imaging job, the imaging device verifies the network address of the sender against the network filter. This is an example of IP address filtering. If access from the network address is not authorized, the request is denied.
7. Otherwise, the imaging device grants the connection and allows the imaging job to be despooled to the imaging device.
8. The imaging device then decrypts the imaging job using the private key and performs the requested actions.
Conversely, the imaging device can send an imaging job, or job result, to the imaging client via the access/imaging server.
While this method is an improvement over the method of FIG. 1A, it still suffers in that:
1. The IP filter mechanism does not stop unauthorized access to the imaging device via some other print subsystem on the imaging server. For example, an administrator who has access to the print server can originate an imaging job on the imaging server without going through the access control component. The imaging device accepts the imaging job since the origination network address is valid.
2. The authorization method and public key encryption does not guarantee that the authorized job is the actual job sent to the imaging device. For example, the imaging server, after authorizing an imaging job and passing the public key, can replace the authorized imaging job with another imaging job. The alternate imaging job is encrypted with the public key and an imaging job is despooled that might otherwise not be authorized.
3. This method does not allow a more diverse imaging environment, such as a peer-peer despooling, ad-hoc origination from remote locations directly to the device or wirelessly (for example radio frequency (RF) or infrared), or direct despooling.
4. By funneling all imaging jobs through the imaging server, each imaging job is twice despooled over the network, increasing network traffic. The imaging server may become a bottleneck, depending on its bandwidth and processing capabilities.
It would be advantageous if access control and secured communications could be obtained in a network using an authorization server, without the necessity of relaying encrypted communications through the server.