1. Field of the Invention
The present invention relates to a printing system in which image data generated by a host computer is transmitted to an image processing apparatus via a network so as to perform printing.
2. Description of the Related Art
In conventional printing systems, reduction in TCO (Total Cost of Ownership) including costs for consumable supplies such as print paper, colorants such as toner or the like has been drawing more attention from a standpoint of reduction in office expenses and protection of global environment.
With a current network printer, all users who have access to the network can use the printer, no user is subject to print restriction and no print history is recorded. Therefore unnecessary printing is often performed, leading to an increase in office expenses.
In order to prevent such an increase, it has been proposed to place print restrictions based on address information such as IP addresses in TCP/IP and to manage the number of printings by recording print logs. However, in the former proposal, it has been impossible to perform detailed management, such as limiting the number of output printings by a particular user. Also, the latter proposal goes against the goal of TCO reduction since a high labor cost is incurred when monitoring print logs to check for unauthorized printing.
In order to solve the above issues, Japanese Patent Laid-Open No. 2003-150336 (paragraph No. 0160) proposes a user-specific restriction function that restricts the number of output printings for each user. Conventionally, management has been possible for restriction of the number of printings only. However, Japanese Patent Laid-Open No. 2003-150336 discloses a system in which it is possible to manage restrictions on two-sided printing and N-up printing that are capable of reducing the number of sheets outputted from the printer, and also restrictions on color/monochrome printing for suppressing toner consumption, on a user-by-user basis.
Furthermore, conventionally there have been cases in which although a user is required to output a work report using a work management application and submit the report, the remaining number of printings allocated to that user is zero. In such cases, there has been a demand for ability to disable the restriction on the number of printings. There has also been demand for the ability to disable the restriction of a print function such as N-up printing when outputting from a certain application for the reason of output appearance.
In order to meet these demands, Japanese Patent Laid-Open No. 2007-293703 (paragraph No. 0080) discloses a system in which detailed management of printing is possible, that is, management is specific to each application used for printing, each document to be printed, each host computer that executes printing and the like, in addition to management specific to each user.
FIG. 13 is a diagram illustrating an operation sequence in a conventional system composed of a host device 100 and a printer 200. In step S401, a user who desires to perform printing inputs account information with the host device 100. The account information used herein contains a user name for identifying a user and a password for authenticating the user. In step S402, the host device 100 acquires a condition other than the user account information subject to print function restriction. Here, the host device 100 acquires the print module name of an application used for printing. In step S403, the host device 100 sends the user account information and the condition subject to the print function restriction to the printer 200. Next, in step S404, the printer 200 confirms that the user account information is valid. Description on conventional user account information will be given below. FIG. 14 illustrates an example of user account information managed by the printer 200. Numeral 800 indicates user authentication information. The user authentication information manages user names, a password for each user, and groups to which the users belong. Based on the user authentication information 800, validity of the user account information is confirmed. Based on the user account information and the condition subject to print function restriction, a printing authorization token is generated. Numeral 810 in FIG. 14 indicates group-specific print permission information. Permissions for printing, one-side printing, color printing, and N-up printing are managed for each group. Numeral 820 in FIG. 14 indicates application-specific print restriction information. Permissions for printing, one-side printing, color printing, and N-up printing are managed for each application. The printer 200 generates a printing authorization token by performing an operation using the user authentication information 800, the group-specific print permission information 810 and the application-specific print restriction information 820.
FIG. 15 illustrates examples of a conventional printing authorization token. For example, when a user A performs printing with a word processor, the printer 200 generates a printing authorization token 900 based on the print permission information 810 of a supervisor group. When the user A desires to use a scheduler, the printer 200 generates a printing authorization token 910 based on the print permission information of the scheduler. In this manner, the printer 200 generates printing authorization tokens through computation based on the user account information and print function restriction. The printing authorization token is affixed with a digital signature in order to prevent falsification.
Referring to FIG. 13 again, in step S405, the printer 200 transmits the printing authorization token generated in step S404. In step S406, the host device 100 reads content of the acquired printing authorization token, and places a restriction on the print function in the print job. In step S407, a PDL command containing the print function restriction placed in step S406 is generated.
FIG. 16 illustrates an example of a generated PDL command. A PDL command 1000 is made up of a PDL header 1001, a printing authorization token 1002, and a PDL body 1003. The PDL header 1001 contains print function settings for the entire print job. The printing authorization token 1002 is supplied from the printer 200 in step S405, and based on the information therein, it is verified whether the print function is properly restricted in the printer 200. The PDL body 1003 contains information on the print function, drawing content and so on for the print page. In step S408, the host device 100 transmits the PDL command 1000 generated in step S407 to the printer 200. In step S409, the printer 200 confirms whether the printing authorization token 1002 exists in the PDL command 1000, refers to the content thereof, and verifies whether or not the PDL header 1001 and print functions in PDL body 1003 are properly applied. In step S410, when determined that print functions are properly applied, printing for the PDL command 1000 is performed.
The operation of a conventional printing system has been described above. In a typical user environment, however, the number of host devices is larger than the number of printers. The process for generating the printing authorization token in step S404 is made up of user authentication processing, database access, printing authorization synthesizing processing, and affixing a digital signature to the printing authorization token, which involve data search and computational load. Also, it is required to perform the process for generating the printing authorization token separately for each condition subject to print function restriction. Therefore, when a plurality of host devices simultaneously request for authorization of print user and acquiring the printing authorization token, processing load is concentrated on the printer, and sometimes response from the printer is delayed.
Here, a method is conceived in which information on all conditions are generated in advance and stored for the purpose of reducing the load for generating printing authorization tokens. However, even with such a method, an issue of storage capacity remains and thus the method is not practical. A method is also conceived in which a conventional technique is improved such that an authentication server is separately provided so as to distribute the computational load. However, even with such a method, provision of a separate host device for operating a server is required and the purchase cost and management cost increases, which poses the problem that the TCO is not reduced. As another method, a method is conceived in which the host device caches printing authorization tokens for reuse. However, since printing authorization tokens differ for each condition subject to print function restriction, the capacity required to cache the printing authorization tokens in the host device increases, which makes the management of the device complicated.