1. Field of the Invention
The present invention concerns automatic generation of a new encryption keys when existing keys are found to be corrupt. More particularly, the present invention concerns a device determining whether an existing encryption keypair is valid, and if not, automatically deleting the existing encryption keypair from the device, generating a new encryption keypair within the device itself, and notifying another device on a network that a new encryption keypair has been generated.
2. Description of the Related Art
The use of encryption keys for secure network printing applications is known. For example, it has been known to use public/private keypairs for secure printing. With this technique, a public/private keypair for the printer is generally created during the manufacturing process of the printer. The private key is generally maintained within the printer and is not divulged outside of the printer. The public key, on the other hand, is both maintained within the printer and is made available to the general public for use in transmitting secure print jobs to the printer. The printer's public key can be provided to users via any of a number of means including a public key infrastructure (PKI) or by a printer driver simply requesting the public key from the printer itself or from a secure print server. Once the printer's public key has been obtained, a printer driver uses the public key to encrypt a symmetric key, which is used to encrypt print data and transmits the encrypted print job to the printer. Upon receiving the encrypted print job, the printer uses its private key of the public/private keypair to decrypt the public key and to obtain the symmetric key, which the printer then uses to decrypt the print data.
While this system has worked somewhat well, problems arise when the printer's public and/or private keys have become corrupt. In a case where the printer's public key has become corrupt in the printer, the printer will no longer be able to provide the public key to additional clients. While clients already in possession of the printer's original public key will still be able to use it to encrypt future jobs, which the printer will be able to successfully decrypt, no additional clients will be able to obtain the key and thus encrypt print jobs directed to this printer. In a case where the printer's private key has become corrupt, the printer driver may not be aware that the key is corrupt and may send a print job to the printer using the printer's public key, which is associated with the corrupt private key. In this case, the printer will be unable to decrypt the print job using the corrupt private key and as a result, the print job generally fails.
It is also possible that the printer's public key, after having been obtained by a client and stored locally in the client, may become corrupt in the client. To address the concern, it has been proposed to validate the locally stored public key in the client before submitting the print job to the printer. In this case, the printer driver in the client retrieves the locally stored public key and performs a validation (integrity) check on the public key by performing a hashing algorithm over the key and comparing the resultant hash value with a hash value of the key that was generated and stored locally in the client when the key was first created. If the printer driver is unable to validate the printer's public key, the print job is terminated by the printer driver and the user is notified of a printing error. As a result, the printer driver cannot process secure print jobs.
However, in the case where either the printer's public or private key becomes corrupt in the printer, it is generally assumed that a hardware failure has occurred within the printer and that the security hardware needs to be replaced. Of course, it may also be possible for an administrator to correct the problem by installing a new keypair in the printer rather than replacing the hardware, and notifying the public that the printer's public key has changed. However, both of the foregoing correction processes involve relatively significant printer downtime to either replace the printer's hardware or to install new keys. Thus, the printer is unusable, particularly for printing secure print jobs, until the error can be corrected.