1. Field of the Invention
The present invention concerns secure printing by encrypting print data using a verified printer key, without the need for an external certificate authority. In particular, the invention concerns using a user-specific private key to create an encrypted key version of a stored printer public key. When the printer public key is subsequently needed for encryption of print data, the encrypted key version is decrypted using a user-specific public key and is then compared to the stored printer public key to verify that the stored printer public key was not changed or corrupted.
2. Description of the Related Art
In computing environments, a print job generated by a computer at one location in the network can be printed by an image output device at another location. For example, a personal computer (PC) may be connected to a printer at a distant location, or a workstation may be connected to a network on which many devices and workstations reside. If the print job includes confidential or otherwise sensitive information, it is possible that there may be an unauthorized interception of the print job between the origin of the print job and the targeted printer. In particular, the print job may be intercepted by an unauthorized device connected to a local connection between an originating PC and the target printer, or by a device connected to the network on which an originating workstation and the target printer reside. Such an unauthorized device may be a PC or a workstation capable of utilizing network listening, trapping and interception tools.
To avoid unwanted interception or retrieval of print jobs, it is known to use secure printing in which a public printer key is utilized to encrypt print data at the originating computer. In some applications, the public printer key may be used in conjunction with a symmetric key to encrypt the print data. The encrypted print data is sent to the target printer where the printer private key is used to decrypt the print data and to store it. The printer private key is maintained in the printer in a secure fashion to ensure security of encrypted print data. It is preferable for a computing device to obtain the printer public key and store it, but the printer public key should be verified each time it is used to encrypt print data, to make sure that the printer public key has not been corrupted or tampered with.
Certificate authorities are often used to facilitate the secure distribution and verification of public keys for encryption purposes. A certificate authority is a trusted party that can sign a unique public key for a developer or manufacturer, such as a printer manufacturer, for secure distribution to users. For example, a certificate authority can use its own private key to sign a printer public key from a printer manufacturer by placing the printer public key in a certificate for distribution, along with other information related to the source of the printer public key and the certificate authority, and then signing the entire certificate. Users can then access the certificate containing the signed printer public key for use. In such a case, the user obtains the certificate authority's own trusted public key (verification key) and uses it to verify that the signed printer public key is authentic. The printer public key can then be trusted by the user for encryption of the user's print data to be printed on the target printer containing the corresponding printer private key.
In many cases, it is not practical for a user wishing to use a public key for a device, such as a printer public key, to utilize a certificate from a certificate authority to verify the authenticity of the public key. For example, certificate authorities are known to change their verification key from time to time to maintain integrity of the certificates. Additionally, the certificates may expire or be revoked by the certificate authority. In order to ensure the integrity of the certificates, a certificate revocation list (CRL) must be checked before relying on the integrity of the certificates. Unfortunately, it takes time for a user to obtain the certificate authority's verification key every time a user wishes to use a particular public key for encryption purposes.
In addition, not every device necessarily uses a certificate authority for the distribution of the device's public key. Also, a user may be required to store and maintain numerous verification keys from corresponding certificate authorities for supporting different public keys needed by the user's applications. Lastly, certificates from certificate authorities often contain additional information besides a signed public key, and the processing of this additional information can result in greater processing overhead in verification of the signed public key.