1. Field of the Invention
The present invention relates to a network printing system which performs secure printing on a printer via a network.
2. Description of the Related Art
Conventionally, a user can perform printing from a client personal computer (PC) via a network on a printer connected to the network. In such a case, it is necessary for the client PC to detect the printer on the network, and then to install driver software for using the detected printer. A standard technique such as Web Services on Devices (WSD) previously proposed by Microsoft Corporation is a specification for performing the above-described series of processes in a simplified manner.
Further, secure WSD is a technique in which network data to be communicated using the WSD is encrypted. The secure WSD employs Secure Socket Layer (SSL) defined by Request For Comment (RFC) 2246.
The SSL encrypts the network data and prevents falsification and leakage of the network data. Further, the SSL performs certificate verification and thus prevents spoofing. In the case of performing certificate verification with respect to the printer, an official certificate authority (CA) signs the certificate to assure validity of the certificate. The CA certificate is stored in the client, and the certificate signed by the official CA is stored in the printer. The printer then transmits the certificate thereof to the client, and the client verifies the validity of the certificate.
However, it becomes necessary for the official certificate authority to sign the certificate to realize the above-described operation. As a result, cost and effort is required in performing the operation.
To solve such a problem, Japanese Patent Application Laid-Open No. 2007-323327 discusses an operation in which a self-signed certificate is used in the SSL, so that a configuration load of the above-described environment is reduced. In such an operation method, the self-signed certificate is stored in the printer.
According to an aspect of the present invention, a printer server includes a receiving unit configured to receive a certificate from a printer, a verification unit configured to verify whether the certificate received by the receiving unit is a certificate issued by a certificate authority, an acquisition unit configured to acquire a verification result from a certificate group verification part that verifies whether the certificate received by the receiving unit is included in a certificate group, which is a group of certificates, and a transmission unit configured to transmit print data to the printer in a case where the certificate of the printer is not included in the certificate group, the receiving unit receives the certificate from the printer, and the verification unit verifies that the received certificate is a certificate issued by the certificate authority, and to transmit the print data to the printer in a case where the receiving unit receives a self-signed certificate from the printer and the acquisition unit acquires a verification result of the self-signed certificate that indicates that the self-signed certificate is included in the certificate group.
According to another aspect of the present invention, a printer server that communicates with an external authentication server includes a receiving unit configured to receive a certificate from a printer, a verification unit configured to verify whether the certificate received by the receiving unit is a certificate issued by a certificate authority, an acquisition unit configured to communicate with the authentication server managing a certificate group, which is a group of certificates, and to acquire a verification result from a certificate group verification part that verifies whether the certificate received by the receiving unit is included in the certificate group, and a transmission unit configured to transmit print data to the printer without acquiring a result of verifying the certificate from the acquisition unit in a case where the receiving unit receives the certificate from the printer, and the verification unit verifies that the received certificate is a certificate issued by the certificate authority, and to transmit the print data to the printer in a case where the receiving unit receives a self-signed certificate from the printer and the acquisition unit acquires a verification result of the self-signed certificate that indicates that the self-signed certificate is included in the certificate group.
Further features and aspects of the present invention will become apparent from the following detailed description of exemplary embodiments with reference to the attached drawings.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate exemplary embodiments, features, and aspects of the invention and, together with the description, serve to explain the principles of the invention.
Various exemplary embodiments, features, and aspects of the invention will be described in detail below with reference to the drawings.
If there is no SSL certificate on the client side with which the validity of the certificate transmitted from the server can be verified, the client cannot verify the validity. It is thus previously determined whether to continue the process even when the verification cannot be performed on the client side, or the user is caused to select whether to continue the process when the certificate is received. In either case, when the process is to be continued, it indicates that the server authentication has not been performed, so that there is a risk of spoofing.
In other words, if the SSL uses the self-signed certificate, the operation cost and effort can be reduced. However, there is a risk of spoofing.
The network printing system for avoiding the above-described risk of spoofing when using the self-signed certificate, and the problem arising in the network printing system will be described below.
Referring to
There may be more than two clients and more than four printers. Hereinafter, the client 101 and the printer 105 will represent each of the clients and the printers, respectively. The printer server and the authentication server may be physically separate apparatuses as illustrated in
The authentication server 104 manages the network printing system illustrated in
Referring to
In step S201, the printer server 103 uses a network authentication protocol to request connecting to the network environment managed by the authentication server 104. If there is a response from the authentication server 104 permitting the connection, the printer server 103 becomes capable of connecting to the network environment.
In step S202, the client 101 also connects to the network environment using the same authentication unit.
In step S203, the printer 105 connects to the network environment using the same authentication unit.
In step S204, upon connecting to the network environment, the printer 105 registers in the authentication server 104, certificate information to be used in the secure WSD. The authentication server 104 thus stores in a hard disk drive (HDD) 412 (illustrated in
The certificate information is information on the certificate, and includes attribute information as illustrated in
In step S205 illustrated in
According to the present exemplary embodiment, the print request includes the information indicating the printer which is used to perform printing, the print data, and print setting information.
According to the present exemplary embodiment, the client 101 transmits to the printer server 103 the print data generated by performing rendering. However, the client 101 may transmit to the printer server 103 the information necessary for performing rendering, and the printer server 103 may perform rendering.
In step S206, upon receiving the print request from the client 101, the printer server 103 connects to the printer 105. More specifically, an SSL session is established to connect to the printer 105.
In step S207, the printer 105 transmits to the printer server 103 the self-signed certificate to be used in the SSL.
In step S208, the printer server 103 performs a certificate verification process to determine whether the received certificate is reliable. The printer server 103 thus acquires the certificate information from the certificate, and transmits the acquired certificate information to the authentication server 104.
In step S209, the authentication server 104 verifies whether the received certificate information matches the certificate information registered therein. The authentication server 104 then transmits the verification result to the printer server 103 as a response.
If the certificate information is the attribute information, the authentication server 104 performs verification by determining whether the attribute information in the received certificate information matches the attribute information in the registered certificate information. If the certificate information is the hash information, the authentication server 104 performs verification by determining whether the hash information in the received certificate information matches the hash information in the registered certificate information.
If verification is successful, in step S210, the printer server 103 determines that the printer 105 is a reliable terminal and continues to communicate, so that the printer server 103 transmits the print data to the printer 105. If the verification has failed, the printer server 103 determines that the printer 105 is an unreliable terminal, and stops communicating.
According to the present exemplary embodiment, the printing system uses the SSL and thus encrypts a communication path to deal with leakage and falsification. Further, according to the present exemplary embodiment, the printing system employs the authentication server to perform certificate verification, so that the risk of spoofing can be avoided.
Hereinafter, the system which verifies the certificate and performs printing according to the procedure illustrated in
In step S208 of the procedure performed by the above-described certificate verification system, the printer server 103 transmits to the authentication server 104 the certificate information for verifying whether the received certificate is reliable. However, if the certificate received by the printer server 103 is a certificate issued by an official certificate authority, verification can be performed using the CA certificate in the printer server 103. It is thus unnecessary for the authentication server 104 to perform verification.
If the authentication server 104 verifies the received certificate information even in the above-described case, the authentication server 104 sequentially verifies each piece of the certificate information. Time required for performing the verification thus becomes longer as the number of certificate information increases. The results are the same regardless of whether the certificate information is the attribute information, or is the hash of the certificate.
Further, according to the present exemplary embodiment, the authentication server in the network printing system does not support a printer which is SSL-incompatible. Furthermore, the authentication server does not support a printer which is certificate verification system-incompatible and having a certificate issued by an official certificate authority or a self-assigned certificate. Such printers thus cannot connect to the network environment. Even if the printers are allowed to connect to the network environment, such printers do not include a certificate or cannot register the certificate information in the authentication server 104. In other words, if the printer is SSL-incompatible, the authentication server cannot verify the certificate. As a result, if such a printer is to be processed according to the same procedure as the above-described network printing system, the certificate cannot be verified and printing cannot be performed.
According to a first exemplary embodiment of the present invention, the present invention is applied to the authentication server 104 to solve the above-described problem.
The configuration of the network printing system will be described below with reference to
Further, according to the present exemplary embodiment, an Active Directory (AD) Server is employed as the authentication server 104, and an Active Directory (AD) environment will be employed as the network environment. Furthermore, according to the present exemplary embodiment, each device in the network printing system can connect to the network environment even if the authentication server 104 has not performed the authentication.
As described above, according to the present exemplary embodiment, the AD Server is employed as the authentication server 104. However, the authentication server 104 may be a Radius authentication server.
According to the present exemplary embodiment, the network printing system includes the clients 101 and 102, the printer server 103, the authentication server 104, and the printers 105, 106, 107, and 108. There may be more than two clients and more than four printers. Hereinafter, the client 101 and the printer 105 will represent each of the clients and the printers respectively. The printer server and the authentication server may be physically separate apparatuses as illustrated in
Referring to
The CRT is illustrated as an example of the display device in
A disk controller (DKC) 407 is used for accessing the HDD 412 and a floppy disk (FD) 413. A network interface card (NIC) 408 is used for connecting to the network and communicating information via the network. The HDD 412 stores an operating system (OS) and various application programs which run on the OS.
If the user switches on the above-described printer server 103, the CPU 401 reads the OS from the HDD 412 to the RAM 403 according to the boot program stored in the ROM 402, and thus functions as an information processing apparatus.
Further, the CPU 401 performs the processes based on the programs stored in the HDD 412, so that the software configuration of the printer server 103 illustrated in
Referring to
An authentication server transmission unit 507 transmits the certificate to the authentication server 104 for verifying the certificate. An authentication server receiving unit 508 performs control of receiving the verification result from the authentication server 104. An authentication server verification unit 509 determines whether the received result indicates that the verification has been successful or unsuccessful. A print request receiving unit 510 performs control of receiving a print request from the client. A printing unit 511 executes printing on the printer 105.
A flow of the process for creating the printer performed in the network printing system will be described below. According to the present exemplary embodiment, when the printer is to be created, the printer types are classified according to the functions of the printer. The printers are classified into four types as illustrated in
Referring to
A certificate verification system-compatible printer having a self-signed certificate is a certificate verification system-compatible printer which performs SSL communication using a self-signed certificate. Such a printer includes the function to register the certificate information in the authentication server. The printer may include the function to register the certificate instead of the certificate information to be described below.
The self-signed certificate is a certificate which is not issued by an official certificate authority.
The SSL-WSD-compatible printer is a certificate verification system-incompatible printer which performs SSL communication using a self-signed certificate.
A SSL-incompatible printer is a printer which is not SSL-compatible and communicates using plain text.
The printer type determination unit 505 illustrated in
Referring to
When the printer server 103 initially communicates with the printer 105, the printer server 103 acquires the printer unique information from the printer 105.
In step S701 illustrated in
Even in such a case, the processes from step S705 and thereafter are continuously performed. In step S704, upon logging into the AD environment, the printer 105 registers in the authentication server 104 the certification information to be used in the secure WSD.
The certificate information may include the attribute information as illustrated in
The certificate information may include attributes such as an authority key identifier or a certificate revocation list (CRL) distribution point other than those illustrated in
The printer 105 may also register in the authentication server 104 the certificate instead of the certificate information, so that the authentication server 104 performs verification by comparing the certificates. The example in which verification is performed using the certificate information will be described below.
In step S705, if the user requests printer creation, the client 101 transmits the printer creation request to the printer server 103. The printer creation request includes the information indicating the printer to be created.
In step S706, upon receiving the printer creation request from the client 101, the printer server 103 connects to the printer 105.
The process performed in the printer server 103 illustrated in the flowchart of
In step S707 illustrated in
The process performed in the printer server 103 corresponding to the process of step S707 is as follows. In step S803 illustrated in
In step S804, the session confirmation unit 504 determines whether the SSL session is established when the communication response receiving unit 503 receives the response from the printer 105.
If the SSL session is not established between the printer server 103 and the printer 105 (NO in step S804), the process proceeds to step S805. In step S805, the printer type determination unit 505 stores in the printer type storing unit 520 in the HDD 412 that the printer type of the printer is the SSL-incompatible printer.
If the SSL session is established between the printer server 103 and the printer 105 (YES in step S804), the certificate is included in the received result of the communication response receiving unit 503. The process then proceeds to step S806. In step S806, the certificate verification unit 506 sequentially reads the CA certificate thereof stored in the CA certificate storing unit 521 in the HDD 412. The certificate verification unit 506 then confirms whether the certificate received from the printer 105 can be decoded using the CA certificate.
If the certificate received from the printer 105 can be decoded (YES in step S806), the process proceeds to step 807. In step S807, the printer type determination unit 505 stores in the printer type storing unit 520 in the HDD 412 the printer type of the printer as a printer having a certificate issued by an official certificate authority.
If the certificate received from the printer 105 cannot be decoded (NO in step S806), the process proceeds to step S808. In step S708 illustrated in
In step S709, the authentication server 104 verifies whether the received certificate information matches one of the certificate information registered therein, and transmits the verification result to the printer server 103 as the response. More specifically, the authentication server 104 sequentially determines whether the registered certificate information matches the received certificate information for all of the registered certificate information. As a result, the authentication server 104 verifies whether the received certificate is included in the certificate group.
The processes performed in the printer server 103 corresponding to the processes performed in step S707 and step S708 are as follows. In step S808 illustrated in
In step S809, the authentication server receiving unit 508 receives the result of verifying whether the certificate information received by the authentication server 104 matches the certificate information registered in the authentication server 104.
In step S810, the authentication server verification unit 509 confirms the result received in step S809. If verification is successful (YES in step S810), the process proceeds to step S811. In step S811, the printer type determination unit 505 stores in the printer type storing unit 520 in the HDD 412 the printer type of the printer as the certificate verification system-compatible printer having a self-signed certificate. If the verification has failed (NO in step S810), the process proceeds to step S812. In step S812, the printer type determination unit 505 stores in the printer type storing unit 520 in the HDD 412 the printer type of the printer as the SSL-WSD-compatible printer.
The case where the user confirms the created printer on the display device will be described below.
If the printer server 103 is to display the created printers, a display information transmission unit 512 illustrated in
If the client 101 is to display the created printers, the client 101 receives a printer creation completion notice generated in step S710 illustrated in
Referring to
A printer 901 indicates the printer having a certificate issued by an official certificate authority. A printer 902 indicates the certificate verification system-compatible printer having a self-signed certificate. A printer 903 indicates the SSL-WSD-compatible printer. A printer 904 indicates the SSL-incompatible printer.
In an area A illustrated in
In an area B, the printer name and the printer type are displayed to indicate that each printer is of a different type. The display of the printer types is an example, and the printer types may also be displayed in a property display.
In an area C, the printer name and the secure level are displayed by setting the secure level to each printer type. The display of the secure level is an example, and the secure level may also be displayed in the property display. Further, the secure level is determined as follows. A low secure level is set to the SSL-incompatible printer which is not implementing security measures such as encryption using the SSL. A middle secure level is set to the SSL-WSD-compatible printer which performs encryption using the SSL and thus prevents falsification and leakage. A high secure level is set to the certificate verification system-compatible printer having a self-signed certificate and the printer having a certificate issued by an official certificate authority, which perform verification of the certificate to prevent spoofing, in addition performing encryption.
The printing process performed by the network printing system according to the present exemplary embodiment will be described below. When the network printing system performs printing, the system operates according to the printer type identified in creating the printers. The printer type is acquired from the data stored in the printer type storing unit 520 in the HDD 412.
The process performed when the client 101 has instructed printing to the certificate verification system-compatible printer having a self-signed certificate will be described below with reference to
In step S1001 to step S1004 illustrated in
In step S1005, if the user requests printing, the client 101 transmits the print request to the printer server 103 instead of directly to the printer 105. The process performed in the printer server 103 corresponding to the process of step S1005 is as follows. In step S1101 illustrated in
The printer type determination unit 505 then acquires the data stored in the printer type storing unit 520 in the HDD 412. In step S1102, the printer type determination unit 505 confirms the printer type set when the printer was created.
In step S1006, upon receiving the print request from the client 101, the printer server 103 connects to the printer 105 identified based on the print request information.
The process performed in the printer server 103 corresponding to the process of step S1006 is as follows. In step S1103, the communication request unit 502 connects to the printer 105.
In step S1007, the printer 105 transmits to the printer server 103 the certificate to be used in the secure WSD. The printer server 103 thus receives the certificate.
The process performed in the printer server 103 corresponding to the process of step S1007 is as follows. In step S1104, the communication response receiving unit 503 receives the certificate transmitted from the printer 105.
In step S1008, upon receiving the certificate, the printer server 103 transmits to the authentication server 104 the certification information for the authentication server 104 to refer to in verifying whether the received certificate is reliable.
In step S1009, the authentication server 104 verifies whether the received certificate information matches the certificate information registered therein, and transmits the verification result as a response to the printer server 103.
The processes performed in the printer server 103 corresponding to the processes of S1008 and step S1009 are as follows. In step S1105, the authentication server transmission unit 507 transmits the certificate information to the authentication server 104 for the authentication server 104 to verify whether the received certificate is reliable.
In step S1106, the authentication server receiving unit 508 receives the verification result of whether the received certificate information matches the certificate information registered in the authentication server 104. The printer server 103 confirms the result using the authentication server verification unit 509. If verification is successful, in step S1010 illustrated in
The case where the printer type is determined in step S1102 as the printer having a certificate issued by an official certificate authority will be described below with reference to
Since the process performed in step S1001, step S1002, and step S1005 is the same as that in the case of the certificate verification system-compatible printer having a self-signed certificate, description will be omitted. Further, since the printer is certificate verification system-incompatible, the processes for logging into and registering the certification information in the authentication server performed in step S1003 and step S1004 illustrated in
In step S1201 illustrated in
In step S1202, the printer 105 transmits to the printer server 103 the certificate to be used in the secure WSD. The process performed in the printer server 103 corresponding to the process of step S1202 is as follows. In step S1109 illustrated in
If the printer having a certificate issued by an official certificate authority is certificate verification system-incompatible, the certificate information of the printer 105 is not registered in the authentication server 104. In such a case, if the authentication server verification unit 509 confirms the verification result of the certificate similarly as for the certificate verification system-compatible printer having a self-signed certificate, the authentication server 104 constantly transmits the result that the certificate of the printer 105 is not registered. In step S1110, the certificate verification unit 506 thus instead determines whether the certificate received in step S1202 can be decoded using the CA certificate thereof stored in the CA certificate storing unit 521 in the HDD 412.
If verification of the certificate is successful, then in step S1010 illustrated in
As a result, printing can be performed using the certificate issued by an official certificate authority even when the printer 105 is certificate verification system-incompatible. The case where the printer 105 is certificate verification system-compatible will be described below.
The process performed in the case where the printer type is determined in step S1102 as the SSL-WSD-compatible printer will be described below. Since the process is similar to that of the printer having a certificate issued by an official certificate authority, the process will be described with reference to
In step S1201 illustrated in
In step S1202, the printer 105 transmits to the printer server 103 the certificate to be used in the secure WSD. The process performed in the printer server 103 corresponding to the process of step S1202 is as follows. In step S1112 illustrated in
The process performed in the case where the printer type is determined in step S1102 as the SSL-incompatible printer will be described below with reference to
Referring to
The SSL-incompatible printer is SSL certificate verification system-incompatible, so that the processes of logging into the authentication server 104 in step S1003 and step S1004 and registering the certificate information in step S1004 illustrated in
As described above, according to the present exemplary embodiment, the printer type is set to the printer, and the printing process is changed according to the printer type. As a result, printing can be performed even when the printer having a certificate issued by an official certificate authority is certificate verification system-incompatible. Further, printers such as the SSL-WSD compatible printer and the SSL-incompatible printer, which are certificate verification system-incompatible, can similarly perform printing.
Furthermore, the environment in which the printer server 103 and the authentication server 104 are separate devices will be described below. In such an environment, if the printer 105 having a certificate issued by an official certificate authority or a self-signed certificate is certificate verification system-incompatible, certificate verification fails even when the printer server 103 and the authentication server 104 communicate and verify the certificate of the printer 105. According to the present exemplary embodiment, the authentication server 104 does not verify the certificate for such a printer. As a result, a communication time and a verification time of the printer server 103 and the authentication server 104 can be omitted in the printing process of the printer, and high-speed printing can be realized, as compared to the certificate verification system-compatible printer having a self-signed certificate.
Moreover, in addition to the above, performing print processing according to the printer type enables even the SSL-incompatible printer to perform printing. As a result, since there is no SSL connection with the printer server 103, printing can be performed at higher speed by omitting the time required for performing SSL communication, as compared to the SSL-compatible printer.
A second exemplary embodiment of the present invention will be described below.
According to the first exemplary embodiment, the printer server 103 transmits to the authentication server 104 the certificate received from the printer 105. The authentication server 104 then performs verification, and returns the result.
According to the second exemplary embodiment, the printer server 103 transmits to the authentication server 104 the request to transmit the certificate information stored in the authentication server 104. The authentication server 104 then transmits the certificate information to the printer server 103. The printer server 103 compares the certificate information with the certificate received from the printer 105 and performs verification, which is different from the first exemplary embodiment.
The configuration of the network printing system according to the second exemplary embodiment will be described below with reference to
The process for creating the printer performed in the network printing system according to the present exemplary embodiment will be described below.
If the certificate received from the printer 105 cannot be decoded using the CA certificates of the printer server 103 stored in the CA certificate storing unit 521 in the HDD 412, the process of step S1401 is performed. In step S1401, the authentication server transmission unit 507 in the printer server 103 issues a request to the authentication server 104 to transmit the certificate information to refer to in verifying whether the received certificate is reliable.
In step S1402, the authentication server 104 transmits to the printer server 103 all of the certificate information registered therein.
The processes performed in step S1401 and step S1402 correspond to the processes performed in the printer server 103 are as follows. In step S1501 illustrated in
In step S1503, the authentication server verification unit 509 verifies whether the certificate received from the printer 105 is included in the certificate information received from the authentication server 104. The authentication server verification unit 509 performs the verification by sequentially comparing the certificate information similarly as in the first exemplary embodiment. The subsequent processes are the same as in the first exemplary embodiment.
The flow of the printing process performed in the network printing system according to the present exemplary embodiment will be described below.
According to the present exemplary embodiment, the case where the printer is the certificate verification system-compatible printer having a self-signed certificate will be described.
According to the present exemplary embodiment, when the printer server 103 receives the print request in step S1005 illustrated in
If the printer type determination unit 505 determines in step S1102 that the printer 105 is the certificate verification system-compatible printer having a self-signed certificate, the process of step S1601 is performed. In step S1601, the authentication server transmission unit 507 in the printer server 103 issues a request to the authentication server 104 to transmit the certificate information to refer to in verifying whether the received certificate is reliable.
In step S1602, the authentication server 104 transmits to the printer server 103 all of the certificate information registered therein.
The processes performed in step S1601 and step S1602 corresponding to the processes performed in the printer server 103 for verifying whether the received certificate is reliable are as follows. In step S1701 illustrated in
In step S1703, the authentication server verification unit 509 verifies whether the certificate received from the printer 105 is included in the certificate information received from the authentication server 104. The subsequent processes are the same as those in the first exemplary embodiment.
Further, since the certificate information is not verified using the authentication server in the case of performing the printing process using the other types of printer, the process is similar to the process according to the first exemplary embodiment.
As described above, according to the present exemplary embodiment, the printer type is set to the printer, and the printing process is changed according to the printer type. As a result, printing can be performed even when the printer having a certificate issued by an official certificate authority is certificate verification system-incompatible. Further, printers such as the SSL-WSD compatible printer and the SSL-incompatible printer, which are certificate verification system-incompatible, can similarly perform printing.
Furthermore, the environment in which the printer server 103 and the authentication server 104 are separate devices will be described below. In such an environment, if the printer 105 having a certificate issued by an official certificate authority or a self-signed certificate is certificate verification system-incompatible, certificate verification fails even when the printer server 103 and the authentication server 104 communicate and verify the certificate of the printer 105. According to the present exemplary embodiment, the authentication server 104 does not verify the certificate for such a printer. As a result, the communication time and the verification time of the printer server 103 and the authentication server 104 in the printer can be omitted in the printing process, and high-speed printing can be realized as compared to the certificate verification system-compatible printer having a self-signed certificate.
Moreover, in addition to the above, performing print processing according to the printer type enables even the SSL-incompatible printer to perform printing. As a result, since there is no SSL connection with the printer server 103, printing can be performed at higher speed by omitting the time required for performing SSL communication, as compared to the SSL-compatible printer.
A case where the printer having a certificate issued by an official certificate authority is certificate verification system-compatible will be described according to the third exemplary embodiment.
According to the present exemplary embodiment, the configuration is similar to the configuration illustrated in
The printer creation process is the same as the process illustrated in the sequence diagram of
The printing process will be described below with reference to
The processes which are similar to the steps described above are assigned the same numbers as the steps described above, and description will be omitted unless otherwise stated.
According to the present exemplary embodiment, the printer 105 is certificate verification system-compatible unlike in the first exemplary embodiment. In step S1003 and step S1004, the printer 105 thus logs in to and registers the certificate information in the authentication server 104.
In step S1201, upon receiving the print request from the client 101, the printer server connects to the printer 105.
The process performed in step S1201 corresponds to the process of step S1108 performed in the printer server 103 illustrated in
In step S1202, the printer 105 transmits to the printer server 103 the certificate to be used in the secure WSD, and the printer server 103 receives the certificate.
The process performed in the printer server 103 corresponding to the process of step S1202 is as follows. In step S1109 illustrated in
Since the printer 105 is certificate verification system-compatible, the certificate information of the printer 105 is registered in the authentication server 104. As a result, the authentication server verification unit 509 can confirm the verification result of the certificate by the printer server 103 and the authentication server 104 communicating with each other and exchanging the certificate information. This is similar to the case of the certificate verification system-compatible printer having a self-signed certificate.
However, the certificate verification unit 506 can determine whether the certificate received in step S1202 can be decoded using the CA certificate stored in the CA certificate storing unit 521 in the HDD 412. This is similar to the case of the printer having a certificate issued by an official certificate authority according to the first and second exemplary embodiments. The certificate can thus be verified without the printer server 103 and the authentication server 104 communicating and exchanging the certificate information, or the authentication server 104 verifying the certificate, which is a necessary process for the certificate verification system. As a result, the time required for communication between the printer server 103 and the authentication server 104 and for the verification performed by the authentication server 104 can be omitted.
The process performed in step S1010 is the same as the first exemplary embodiment, so that description will be omitted.
An example in which the user has instructed printing on the SSL-WSD-compatible printer or the SSL-incompatible printer, and a security warning is issued to the user according to the present exemplary embodiment will be described below.
More specifically, the user instructs printing on the SSL-WSD-compatible printer or the SSL-incompatible printer. A warning as illustrated in
If the printer server 103 is to display the warning, a warning information transmission unit 513 illustrated in
A case where the client 101 is to display the warning when printing on the SSL-WSD-compatible printer will be described below.
The processes which are similar to the steps described above are assigned the same numbers as the steps described above, and description will be omitted unless otherwise stated.
In step S2101, the printer server 103 transmits to the client 101 the information needed for issuing the warning.
In step S2102, the client 101 transmits to the printer server 103 the instruction to continue printing after the user has recognized the warning.
The printer server 103 acquires from the information indicating the printer to be used in printing included in the print request received in step S1005, the printer type of the printer on which the user is to print. In step S2111, the printer server 103 determines whether the acquired printer type is the SSL-WSD-compatible printer. If the printer type is the SSL-WSD-compatible printer (YES in step S2111), the process proceeds to step S2112. If the printer type is not the SSL-WSD-compatible printer (NO in step S2111), the process ends.
In step S2112, the warning information transmission unit 513 transmits to the client 101 the information needed for issuing the warning to the user.
The information needed for issuing the warning is a warning message, or information for calling an application program interface (API) for displaying the warning message previously prepared in the client 101.
Step S2113 corresponds to step S1202 in
The case where the client 101 is to display the warning when printing on the SSL-WSD-compatible printer is as described above. The case where the client 101 is to display the warning when printing on the SSL-incompatible printer can also be realized by executing step S2101 and step S2102 illustrated in
According to the above-described exemplary embodiments of the present invention, even a printer having a certificate issued by a certificate authority that is not included in the certificate group becomes capable of performing printing. Further, a printer having a certificate issued by a certificate authority that is included in the certificate group becomes capable of performing printing at a higher speed.
Aspects of the present invention can also be realized by a computer of a system or apparatus (or devices such as a CPU or MPU) that reads out and executes a program recorded on a memory device to perform the functions of the above-described embodiment (s), and by a method, the steps of which are performed by a computer of a system or apparatus by, for example, reading out and executing a program recorded on a memory device to perform the functions of the above-described embodiment(s). For this purpose, the program is provided to the computer for example via a network or from a recording medium of various types serving as the memory device (e.g., computer-readable medium).
While the present invention has been described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all modifications, equivalent structures, and functions.
This application claims priority from Japanese Patent Application No. 2011-198163 filed Sep. 12, 2011, which is hereby incorporated by reference herein in its entirety.
Number | Date | Country | Kind |
---|---|---|---|
2011-198163 | Sep 2011 | JP | national |