The present invention relates to hardcopy production of documents and particularly, but not exclusively, to document printing.
It is well known to generate or design a document using a computer-based text editing or graphics package, for example Microsoft(trademark) Word or Microsoft(trademark) PowerPoint respectively. Once generated, a document can be printed. Typically the package or a print driver formats the document into a printer file that can be received and interpreted by a printer. Example printer file formats are PCL or PostScript. Printer files can be sent directly by the package to a printer to be printed, or can be stored for printing at a later time.
This principle typically applies to all types of printer, for example laser printers, ink jet printers, impact printers and thermal printers, and in general to other hardcopy devices such as plotters or facsimile machines. Conveniently, herein, the term xe2x80x9cprinterxe2x80x9d covers all such different types of printer, or other hardcopy or document rendering apparatus and devices.
Also, for the sake of convenience of description herein, the term xe2x80x9cdocumentxe2x80x9d will hereafter be used to denote a document in any state, including (but not limited to) when viewed on a computer display, when formatted as a printer file ready for printing, and when in hardcopy form. The state the document is in at any point in the description depends on the context. Also, a xe2x80x9cdocumentxe2x80x9d may include text, graphics or mixed representations.
The advent of distributed computer systems made it possible for a single xe2x80x98networkxe2x80x99 printer to be used by multiple users. Typically, network printers are attached to computing platforms operating as print servers within distributed systems. Alternatively, some printers, given appropriate interfaces, can be arranged to connect directly to the network of a distributed system.
Network printers, whether connected directly, or via a print server, to a network, can provide a substantial cost advantage, since each user need not have his own printer connected to, or located near to, his own computer system.
The ability to access network printers, and other devices, from a local computer, is readily supported by operating systems such as Unix, or Microsoft""s(trademark) Windows(trademark) NT, which are designed to be configured to manage distributed operations such as remote printing or data management.
One problem with printing documents on remote network printers is that any person near to the printer could remove or read printed documents containing sensitive information, which do not belong to them, before the intended recipients are able to retrieve the documents. One way around this is for users who need to print sensitive documents to arrange for a trusted person to stand by the printer while the document is printing and collect the document as soon as it has printed. This, of course, is inconvenient.
Another way to increase security is to print sensitive documents only on a local printer. The latter case, however, undermines any cost advantages gained in having a centrally located, network printer, especially if many users need to print sensitive documents.
Another problem associated with remote printing of sensitive documents is that a malicious party could intercept or monitor the transfer of data between the local computer and network printer. For example, anyone with access to a print spooler or print server receiving the document for printing could access the document. This would be highly undesirable and, again, could be overcome by using a local printer attached directly to the originating computer instead.
Aspects of the present invention aim to increase the security of remote printing.
According to a first aspect the present invention provides a method of printing a document in a distributed computer system comprising a client, a print server, printing apparatus and a network for interconnecting components of the distributed computer system, the method comprising the steps of:
a sender selecting a document to be printed, identifying an intended recipient for the document and causing the client to transmit to the print server the document accompanied by a first identifier for the intended recipient;
receiving and storing the document and the associated first identifier on the print server;
a recipient providing the printing apparatus with a second identifier, the printing apparatus receiving the second identifier and transmitting to the print server a request, including the second identifier, to receive documents from the print server;
the print server receiving the request, comparing the second identifier with the stored first identifier and, for matching identifiers, forwarding the document associated with the first identifier to the printing apparatus; and
the printing apparatus receiving and printing the document.
Advantageously, a document is only printed when the intended recipient interacts with the printing apparatus in order to retrieve and print the previously-submitted document. In fact, the intended recipient may be the same person as the sender.
In a preferred embodiment, in order to increase security even further the client encrypts the document prior to transmitting it to the print server and the printing apparatus decrypts the encrypted document prior to printing it.
Thus, even if a document were intercepted during transfer between the client and the printing apparatus, say, it would be a non-trivial task for the intercepting party to decrypt the document.
Preferably, the printing apparatus interacts with a smart card in order to retrieve and/or decrypt the document using information and/or functionality programmed into a smart card provided by the recipient. The smart card may contain the second identifier and may be programmed to assist with document decryption.
According to a second aspect, the present invention provides printing apparatus arranged for receiving and printing documents, comprising:
an interface for connecting the printer to a print server;
an input/output means for interacting with a user and receiving an identity from the user;
processing means for generating a request for a document, the request including the identity of the user, transmitting the request to the print server and receiving a document from the print server; and
means for printing the document for the user.
Further aspects, features and embodiments of the present invention will become apparent to the skilled addressee from the following detailed description and claims.