The present invention relates generally to methods, systems and apparatus for interacting with computers. It relates particularly to a network publishing authorization protocol, for use in a network connected to a printer, a server and a publisher of network publications.
The invention has been developed primarily to allow a large number of distributed users to interact with networked information via printed matter and optical sensors, thereby to obtain interactive printed matter on demand via high-speed networked color printers. Although the invention will largely be described herein with reference to this use, it will be appreciated that the invention is not limited to use in this field.
Cryptography is used to protect sensitive information, both in storage and in transit, and to authenticate parties to a transaction. There are two classes of cryptography in widespread use: secret-key cryptography and public-key cryptography.
Secret-key cryptography, also referred to as symmetric cryptography, uses the same key to encrypt and decrypt a message. Two parties wishing to exchange messages must first arrange to securely exchange the secret key.
Public-key cryptography, also referred to as asymmetric cryptography, uses two encryption keys. The two keys are mathematically related in such a way that any message encrypted using one key can only be decrypted using the other key. One of these keys is then published, while the other is kept private. The public key is used to encrypt any message intended for the holder of the private key. Once encrypted using the public key, a message can only be decrypted using the private key. Thus two parties can securely exchange messages without first having to exchange a secret key. To ensure that the private key is secure, it is normal for the holder of the private key to generate the key pair.
Public-key cryptography can be used to create a digital signature. If the holder of the private key creates a known hash of a message and then encrypts the hash using the private key, then anyone can verify that the encrypted hash constitutes the xe2x80x9csignaturexe2x80x9d of the holder of the private key with respect to that particular message, simply by decrypting the encrypted hash using the public key and verifying the hash against the message. If the signature is appended to the message, then the recipient of the message can verify both that the message is genuine and that it has not been altered in transit.
To make public-key cryptography work, there has to be a way to distribute public keys which prevents impersonation. This is normally done using certificates and certificate authorities. A certificate authority is a trusted third party which authenticates the connection between a public key and someone""s identity. The certificate authority verifies the person""s identity by examining identity documents etc., and then creates and signs a digital certificate containing the person""s identity details and public key. Anyone who trusts the certificate authority can use the public key in the certificate with a high degree of certainty that it is genuine. They just have to verify that the certificate has indeed been signed by the certificate authority, whose public key is well-known.
In most transaction environments, public-key cryptography is only used to create digital signatures and to securely exchange secret session keys. Secret-key cryptography is used for all other purposes.
The invention is in a network connected to a printer and a publisher of network publications, a network publishing authorization protocol for authorizing the printing of a publication at the printer, including the steps of:
Addressing the publication to a user;
Signing the publication using a private key;
Sending the publication to the printer; and
Confirming that the publication may be printed at the printer, by verifying the private key signature.
A user may be registered with a printer by creating a record in a database of a server. Similarly a publisher may be registered with the server. The server may hold the publisher""s public key.
The user may subscribe to a publication of the publisher by creating a record in a database of the server authorizing the publisher to send the publication to the printer. The server may hold subscription record for this purpose, containing details of the publisher""s identity and the user""s alias identity. The server may hold details of the user""s alias identity for this purpose.
The confirmation may be carried out at the printer. It may be accomplished by confirming that the publisher is authorized to print the publication to the printer, by accessing the server to confirm the subscription. It may also involve verifying the publisher""s signature at the printer using the publisher""s public key, obtained from the server. It may also involve verifying at the printer that the printer is registered for the user, by accessing the server.
The confirmation may be carried out at the server. The server may accomplish this by checking that the publisher is authorized to print the publication to the printer, by confirming the subscription. It may also involve verifying the publisher""s signature using the publisher""s public key. It may also involve verifying that the printer is registered for the user.
The publisher may first obtain a document identity for each document to be printed from an identity server. Then it may send each document structure, including its identity and page descriptions to a page server responsible for that document identity. It may include its own identity, the user""s alias identity and a set of multicast channel names, and it may sign the message using its private signature.
The page server may then use the publisher""s identity and the user""s alias identity to obtain the corresponding user""s identity and the user""s printer""s identity from the registration server. The printer may be the user""s default printer or a printer selected for this application.
The confirmation is carried out by the registration server, and fails if the publisher""s identity and the alias identity don""t together identify a subscription.
The page server may then allocate document and page instance identities and forwards the page descriptions, including page identities, to the printer. It may also send the names of the multicast channels for the printer to listen to. Finally it may return the newly allocated page identities to the publisher for future use.
A large number of users may subscribe to a periodical publication. Each user""s edition may be laid out differently, but many users"" editions will share common content such as text objects and image objects. The subscription delivery protocol may therefore deliver document structures to individual printers via pointcast, but deliver shared content objects via multicast.
Once the application has distributed all of the document structures to the subscribers"" selected printers via the relevant page servers, it multicasts the various subsets of the shared objects on the previously selected multicast channels. Both page servers and printers monitor the appropriate multicast channels and receive their required content objects. They are then able to populate the previously pointcast document structures. This allows the page servers to add complete documents to their databases, and it allows the printers to print the documents.
The confirmation may be carried out at a second server to which the publication is sent. It may be accomplished by confirming that the publisher is authorized to print the publication to the printer, by accessing the first server to confirm the subscription. It may also involve verifying the publisher""s signature at the second server using the publisher""s public key, obtained from the first server. It may also involve verifying at the second server that the printer is registered for the user, by accessing the first server. If the confirmation succeeds, the publication may be sent from the second server to the printer.