The preferred embodiment concerns a method and a device for printing of sensitive data.
Different methods are known for transmission of sensitive data to a printing device for printing of these data. For example, a system and a method in which an authorized person at a printing device must authenticate himself via input of a PIN before the respective printing process is executed arises from U.S. Pat. No. 5,633,932. It is here assumed that the authorized person is present next to the printing device and can monitor the printing process during the printing process. The data to be printed are transmitted encrypted to the printing device and, as soon as the authentication has been effected by the authorized person, they are decrypted in the printer and stored in a print queue for processing. This method is very appropriate for small print jobs that are respectively monitored and executed by a specific person. When larger print jobs are executed at a printing device, the danger exists that an authorized person routinely authenticates himself without the necessary care being taken in the individual case. The function of the security device can thus be eliminated. Additionally, the encrypted data are stored in a readable format in the print queue in the printing device such that the printing device can be specifically manipulated and the sensitive data can be extracted.
A method similar to this is described in EP 1 091 285 A2, in which an authorized person has to authenticate himself at a printing device so that the print job is executed. The authentication thus occurs by means of a smart card.
A printing device that comprises a decoder module with which coded data can be decoded or decrypted arises from the US published patent application US 2001/0037462 A1. The encrypted data are transmitted to a driver device for printout on a recording medium. The driver device converts the decrypted print data into control signals for activation of a print head of the printing device.
In the printing of sensitive data such as, for example, the PIN for check cards or credit cards, a print file that contains the sensitive data is initially created and this file is encrypted. This process occurs in a security zone, i.e. in a hermetically sealed room on a computer system that can be separated from further networks during the operation, such that it is ensured that no unauthorized third parties can access the data to be processed. The print file so created is, for example, transferred onto a printing device with a data medium. The printout in turn occurs in a hermetically sealed room since, in the known printing devices, the encrypted data are decrypted and exist in a readable, decrypted form in the printing device. It is therefore necessary that, during the printing process, only a few authorized persons have access to the device and that the room in which the printing device is located is sealed. However, this also has the consequence that a print job with sensitive print data cannot simply be executed between two print jobs that merely contain non-sensitive data since extensive security measures must be taken for printing of the sensitive data. This applies even when the data are printed on a recording medium given which the printed data cannot be read after the printing process without destroying a casing, a seal, or a corresponding other security mechanism. Such recording media are, for example, envelopes with an insert sheet that can be mechanically printed from the outside. Recording media with a security mechanism that makes a reading of sensitive data impossible without detectable alteration of the security mechanism are designated in the following as safety paper. Furthermore, safety paper is developed that can not just be mechanically printed but can also be printed with an electrophotographic printing device.
US 2002/0032703 A1 discloses a printing in which confidential data are buffered on a fixed disc. After a successful printing of the data, these data on the fixed disc are deleted again, whereby the confidential handling of the data should be assured.
A network system that comprises a printer arises from EP 0 858 021 A2. Confidential print jobs are secured by a PIN. In order that a confidential print job is printed by a printer, a user must input the PIN at the printer such that he can ensure that the print copy does not arrive at unauthorized hands.
A similar network system is known from U.S. Pat. No. 5,633,932, in which the print jobs must also be authenticated before the printout.
Since, in the known printing devices, the encrypted data is present in readable form in the printer, it is not possible to execute a print job of such sensitive data without hermetic sealing of the printing device.
A significant requirement exists for a printing device with which sensitive data can be printed without the printing device having to be hermetically sealed for printout of the data.
A printer that is provided for printout of sensitive data arises from US 2002/0184495. This printer comprises a device with which it is determined whether received data to be printed are stored in a volatile or non-volatile memory. If the data should be stored in a non-volatile memory, it is assessed whether they are sensitive data that are then encrypted before they are stored on the non-volatile memory. If the data are stored in the volatile storage medium, an encryption is not necessary since the data are lost given a theft of the printer or of the storage medium.
If sensitive data should be printed in large quantities, it is thus appropriate to use an electrophotographic printing device because corresponding high-capacity printers offer a high throughput, whereby every single page can be printed individually. In electrophotographic printers, a character generator is activated by means of a controller, which character generator exposes (with a laser or with light-emitting diodes) a photoconductor drum with which ink particles are transferred onto a recording medium. In “Das Druckerbuch—Technik und Technologien der OPS-Hochleistungsdrucker, edition 5a, October 2000, ISBN-3-00-001019-X, such optical character generators are described in chapter 4 and a corresponding controller (the SRA controller) for activation of character generators is described in chapter 9. Raster techniques and their effect on the print quality are explained in chapter 6.