[go: up one dir, main page]

GB2454211A - Printing secure documents using security feature(s) stored on a printer - Google Patents

Printing secure documents using security feature(s) stored on a printer Download PDF

Info

Publication number
GB2454211A
GB2454211A GB0721395A GB0721395A GB2454211A GB 2454211 A GB2454211 A GB 2454211A GB 0721395 A GB0721395 A GB 0721395A GB 0721395 A GB0721395 A GB 0721395A GB 2454211 A GB2454211 A GB 2454211A
Authority
GB
United Kingdom
Prior art keywords
printer
document
security
module
language
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0721395A
Other versions
GB0721395D0 (en
Inventor
Heng Wai Foong
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CODETRUST Pte Ltd
Original Assignee
CODETRUST Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CODETRUST Pte Ltd filed Critical CODETRUST Pte Ltd
Priority to GB0721395A priority Critical patent/GB2454211A/en
Publication of GB0721395D0 publication Critical patent/GB0721395D0/en
Publication of GB2454211A publication Critical patent/GB2454211A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B41PRINTING; LINING MACHINES; TYPEWRITERS; STAMPS
    • B41MPRINTING, DUPLICATING, MARKING, OR COPYING PROCESSES; COLOUR PRINTING
    • B41M3/00Printing processes to produce particular kinds of printed work, e.g. patterns
    • B41M3/14Security printing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • G06F21/608Secure printing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/12Digital output to print unit, e.g. line printer, chain printer

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Accessory Devices And Overall Control Thereof (AREA)
  • Editing Of Facsimile Originals (AREA)

Abstract

The apparatus for printing secure documents includes a server-side apparatus 100 and a client-side apparatus 102. Apparatus 100 includes a generator module configured to generate document data representing a document in printer language (eg PCL SCL KPDL PS), an embedding module 106 configured to embed an activation code and an identifier of a security feature into the document data, a forwarding module 108 configured to forward the document data with the embedded activation code and identifier to a printer 112 via a client module 114 to print the document and a security feature (eg a watermark or microprint) corresponding to the embedded identifier based on one or more security features stored in printer language on the printer 112. The apparatus 100 may include a design module 110 that is configured to allow a user to create and convert a security feature into printer language and forward it to the embedding module 106. The security feature is thereby sent separately from the document to the printer. The embedding module may be further configured to embed printing restrictions (e.g. the number of permitted copies of may be printed) into the document.

Description

APPARATUS AND METHOD FOR PRINTING SECURE DOCUMENTS
TECHNICAL FIELD
The present invention relates to an apparatus and method for printing secure documents.
The disclosed techniques may be used to securely produce physical copies or hardcopies of documents that contain security features, such as watermarks, using conventional printers and papers.
BACKGROUND
At present, information is typically created in digital form. The need to secure such information has seen the rise of the use of digital watermarking. Digital watermarking typically involves encoding information into a digital document without deteriorating the visual quality of the document. While such watermarking is effective in the digital environment, it can be difficult if not impossible to detect once a physical copy or hardcopy of the document is made. As such, once printed, further copies of the document may be made and may be passed off as an original document.
A known technique for indicating that a physical copy of a digital document is an original copy is to provide a visible security feature on the substrate on which the document is printed. For example, the document may be printed on a watermarked paper. This technique is most commonly employed in the production of currencies and identification documents (e.g. passports and visas).
The most common types of security features used in printed documents include overt watermarks, covert watermarks and microprinting. Overt watermarks are security features that are visible when the original document is printed. The security feature of the overt watermark is in its ability to deteriorate when the original document is photocopied or scanned. This is accomplished using a combination of fragile elements and robust elements in the watermark. Upon photocopying or scanning of the original document, the fragile elements would not be detected due to the resolution limits of the
I
photocopier or scanner, thus resulting in a visible change in the overt watermark. For example, an overt watermark of a company logo may become the word copy' upon being photocopied or scanned. Covert watermarks involve encoding a secret message into a robust grayscale watermark. To retrieve the message after printing, the watermarked area is scanned and the hidden data is retrieved. Microprinting, as a security feature, consists in the printing of very fine lettering (typically beyond the resolution of the unaided human eye) that severely deteriorates when it is photocopied or scanned due to the resolution limits of the photocopier or scanner.
There are, however, disadvantages in the known technique of providing security features on the substrate itself. Firstly, as the security feature is fixed on a tangible medium, it is difficult and usually cost prohibitive to change. Also, it is necessary to control the inventory of the substrate to ensure that it does not run out as the documents are printed.
SUMMARY
The present invention is defined in the independent claims. Some optional features of the present invention are defined in the dependent claims.
In general, the present invention relates to the printing of a digital document of any format in a secure way using conventional printers and papers such that the printed copy of the document includes security features. To ensure that such documents are controllably and securely printed, exemplary embodiments of the present invention provide solutions that control one or more of: how security features are made and customised, how security features are sent to a printer, and how documents and the security features are printed.
In one specific exemplary embodiment, the printing is made more secure by separately sending data relating to the security feature and data relating to the actual document to a printer. In this exemplary embodiment, even if a malicious attempt by a hacker results in the document data being captured, the hacker would not be able to print the original document with the security feature since the security feature has been separately sent to the printer. In another exemplary embodiment, the printing is controlled by commands embedded in the document data, the commands controlling various aspects of the final printout (e.g. number of copies, print resolution etc).
By using the disclosed exemplary embodiments of the present invention, users may be able to improve the protection of the authenticity of a printout of a secure document even if it is printed using conventional printers and papers. Also, given that the security features can be customised to the requirements of the user and can be embedded into the document in real-time during the printing process, the need to have a controlled inventory of special watermarked paper for secure documents may be avoided.
BRIEF DESCRIPTION OF THE DRAWINGS
Exemplary embodiments of the apparatus and method will now be described with reference to the accompanying drawings.
In the drawings Figure 1 is a block diagram illustrating an architecture of a server-side apparatus and a client-side apparatus for printing secure documents, Figure 2 is a flow chart illustrating a server-side method of printing secure documents, and Figure 3 is a flow chart illustrating a client-side method of printing secure documents.
DETAILED DESCRIPTION OF EXAMPLARY EMBODIMENTS
Referring to Figure 1, a server-side apparatus 100 and a client-side apparatus 102 for printing secure documents are shown. Typically, the server-side apparatus 100 is remote from the client-side apparatus 102, and communications between the apparatus are carried out over a network (e.g. internet or intranet). This is, however, not essential.
The apparatus 100 and 102 may be in close physical proximity or may be incorporated together. In combination, the apparatus 100 and 102 form a system 103 for printing secure documents.
The server-side apparatus 100 principally comprises a generator module 104 configured to generate document data representing a document 105 in printer language, an embedding module 106 configured to embed an activation code and an identifier of a security feature into the document data, and a forwarding module 108 configured to forward the document data with the embedded activation code and identifier to a printer 112 via a client module 114. The apparatus 100 may optionally include a design module 110 that is configured to allow a user to create and convert a security feature 111 into printer language and forward it to the embedding module 106.
The client-side apparatus 102 principally comprises a printer 112 having memory to store one or more security features in printer language, and a client module 114 configured to receive document data representing a document in printer language. The printer 112 is configured to detect the activation code and the identifier that are embedded in the document data, retrieve the security feature that corresponds to the identifier from memory, and print the document and the retrieved security feature on the document. The resulting printed document is shown as 116.
In one example embodiment, the apparatus 100 and 102 are implemented in hardware, for instance using individual or separate processors programmed to carry out the disclosed functions of the modules. In another example embodiment, one or more modules of the apparatus 100 and 102 could be implemented in software, as a series of instructions which, when executed by a processor or other computing device, perform the same function as the hardware embodiment described above or the method described below. A combination of hardware and software implementation may also be used. For instance, the apparatus 100 and 102 may be a hardware arrangement configured to read from a computer readable medium, or to obtain from a network, executable code for implementing the disclosed method.
Referring now to Figure 2, the process flow of an example server-side method of printing secure documents is shown. When the process begins at 200, document data is generated to represent a document in printer language. At 202, an activation code and an identifier of a security feature are embedded into the document data. The document data and the embedded activation code and identifier are then forwarded (204) to a printer to print the document incorporating the security feature that corresponds to the embedded identifier and that is selected from one or more security features stored in printer language on the printer.
The process flow of the client-side method of printing secure documents is shown in Figure 3. At 300, document data representing a document in printer language is received. At 302, the activation code and identifier embedded in the document data are detected. The security feature corresponding to the identifier is then retrieved from printer memory at 304. Finally, the document and the retrieved security feature are printed at 306.
Returning now to Figure 1, details of the server-side apparatus 100 will now be described. As noted earlier, the generator module 104 is configured to generate document data representing a document in printer language. The term document' as used in this description and claims is intended to cover digital/electronic documents, data or work of any format that can be printed for viewing. As for printer language', the term is intended to cover any page description language that describes the appearance of a printed page for use by a printer. Data expressed in printer language can be streamed directly to a printer for printing. Examples of printer language include PCL (Printer Command Language), PostScript, and proprietary protocols such as SPL (Samsung Printer Language) or KPDL (Kyocera Page Description Language). In one embodiment, therefore, the generator module 104 is configured to convert a document (e.g. a Microsoft Word document) into PCL.
Once the generator module 104 generates the document data, the embedding module 106 embeds an activation code and an identifier into the document data. The activation code is used to inform a printer that a security feature must be incorporated and printed with the document. The identifier is used to inform the printer of the exact security feature to print. The security feature may be an overt watermark and/or a microprint that provides a visual mechanism to ensure the authenticity of the printed document.
An example document data in PCL including an activation code and an identifier of a security feature is shown below. The activation code and identifier are bolded, with the identifier being the four-digit number 1637'.
%-12345x@PJL JOB NAME"Documentl.pdf" @PJL SET STRINGCODESET=UTF8 @PJL COMMENT "HP LaserJet 3052 PCL5 (61.53.25.9); Windows Vista (TM) Home Premium 6.0.6000.1; Unidrv 0.3.6000.16386" @PJL DMINFO ASCIIHEX="04000401o1o2oD1o100115323o3o373o393l323o3s3o323l3l,, @FJL SET tJSERNPNE="SC" @PJL SET JOBNAME="Documentl.pdf" @PJL SET ECONOMODE=OFF @PJL SET RESOLUTION12OO @PJL ENTER LANGUAGE=PCL E&f1637y4X(sl2HHello World &a900V(sl2HThis is the second row E Although only a four-digit numerical identifier is shown, skilled persons will appreciate that any length or form may be used for the identifier. The identifier should, however, be unique to ensure that each identifier corresponds to a specific security feature. For instance, the identifier may be randomly assigned and may be deleted after a random number of print jobs. Alternatively or additionally, the identifier may be refreshed after a predetermined period has elapsed (whether or not the corresponding security feature has been printed).
Once the above information is embedded, the document data is forwarded by the forwarding module 108 to a printer 112 via the client module 114. The printer 112 would include one or more security features in printer language (herein referred to as security template data') that are stored in memory. The following is an example security template data.
&f1637y0X&16d0e66F(slp22vOsOb4 197T *p475x285YC0deTRUST Pte Ltd. (shy *p475x342y3 Science Park Drive, #03-22 The Franklin *p300x385Y*c1960a7bp *p60x85y&f100y3X&flX&fl636 lOX The above security template data is in the form of a macro PCL, which is essentially a series of PCL commands that provide specific instructions to a printer. In the example above, the commands instruct the printer to print the present applicant's name and address in a certain format on a document. The security template data also includes the identifier 1637'.
When a printer having the above macro PCL in memory receives the example document data noted earlier, the printer would be alerted to the need to print a security feature by the activation code, and would be informed that the security feature to be printed has the identifier 1637'. By checking its memory and retrieving the macro PCL that has the same identifier, the printer is then able to print the document (i.e. using the document data in PCL) and, in real-time, print the security feature (i.e. using the macro PCL) on the document.
Given the above, the generator module 104, embedding module 106 and forwarding module 108 can be considered to be the main processing components of the apparatus 100. As such, it may be desirable or advantageous to combine these three modules into a single hardware or software implementation. Preferably, the three modules are provided as an internet-based application that is able to controllably receive secure documents from a user and send the documents for printing at a remote location.
As noted earlier, the optional design module 110 is configured to allow a user to create (e.g. design, customise etc.) a security feature. For instance, the user may customise the placement or orientation of a specific watermark or microprint that is intended to be the security feature. The user may also design a form or document layout that includes the security feature. In one form, the design module 110 is a thick client software which runs as a standalone software on a computer or an internet-based application.
In use, the design module 110 will capture the design of the security features in printer language, thus creating security template data. The security template data is then sent to the embedding module 106 so that an identifier may be embedded in the data before it is forwarded to the client-side apparatus 102 for storage in the printer 112. The sending of the security template data may be done manually by an authorised user or via a Public Key Infrastructure (PKI) system. In the PKI system, the security template data is signed with an authorised user's key. The private key for the PKI system is preferably stored securely in a Hardware Security Module (HSM) 107 in the embedding module 106.
Where desired, the design module 110 may be configured to send requirements or details of the user-designed security features to the generator module 104 to generate security template data.
In terms of the embedding module 106, an additional feature may include embedding printing restrictions in the document data. For example, the printing restrictions may be in the form of Printer Job Language (PJL) and may restrict one or more of: the number of copies, the resolution and the paper size of the document to be printed, as shown below. Skilled persons will appreciate that this is not an exhaustive list of restrictions.
%-12345X@pJL JOB @PJL SET COPIES=1 @PJL SET PAPER=A4 @PJL SET RESOLUTION=1200 By using PTh, controlled printing may be carried out. For instance, if an original document is to be printed, the command @PJL SET COPIES=1' will ensure that only one copy of the document is printed. The resolution and paper size of the print may also be specified. Given that restrictions on printing may be specified, it is desirable to first check if the printer to which the document will be sent is capable of meeting the restrictions. For this reason, in Figure 1, the document 105 is not only sent to the generator module 104 but also to the forwarding module 108. In one form, the forwarding module 108 sends the print restriction information (i.e. the PJL commands) to the client module 114. The client module 114 then checks the printer 112 to see if it is operational and if it can comply with the restrictions. The results of the checks are then sent back up to the forwarding module 108. If the printer is operational and compliant, the generator module 104 may begin the document data generation. Where necessary or desired, document data generation may begin once the document 105 is sent to the generator module 104. In this form, document data is pre-generated but is preferably only sent to the forwarding module 108 once the forwarding module 108 confirms the compliance of the printer 112 via the client module 114.
The embedding module 106 may also be configured to determine if the printer 112 is able to process PCL commands. This may be done using the client module 114. If the printer 112 will not be able to process PCL commands, the technique of sending a macro PCL to the printer for printing the security feature will not be feasible. In such a situation, the embedding module 106 is configured to embed the entirety of the security feature (rather than just an identifier) into the document data before the forwarding module 108 sends the data to the printer. As before, PCL, PostScript or any other page description language may be used as the printer language. The generator module 104 would therefore generate document data and security template data in PostScript, the embedding module 106 would embed the security template data into the document data, and the forwarding module 108 would send the combined security template and document data to a printer.
As for the forwarding module 108, it is desirable, but not essential, for the module to be configured such that document data and security template data are separately sent to a printer. This, however, does not apply for cases such as the PostScript embodiment described above, where the document data and security template data are sent together.
Taking the PCL example described earlier, the forwarding module 108 may be configured to send the macro PCL (i.e. the security template data) to the printer first and to send the PCL document data at a later time.
It is also desirable, but not essential, for the forwarding module 108 to forward data (i.e. document data and security template data) to the client module 114 over a secure channel. Where the server-side apparatus 100 and client-side apparatus 102 are connected via the internet, the secure channel may be implemented by encrypting transmissions using SSL (Secure Sockets Layer).
Referring again to Figure 1, the client-side apparatus 102 will now be described in detail. The apparatus 102 include a printer 112. Although only one printer 112 is shown in the figure, skilled persons will appreciate that any number of printers may be used. Also, any type of conventional printer may be used (e.g. inkjet, laser, plotter etc).
The printer 112 includes memory 115 to store one or more security features in printer language. The memory 115 is typically non-volatile memory (e.g. Flash memory, hard disk) but, where necessary or desired, may be volatile memory (e.g. RAM). These security features may have been stored previously by downloading into memory either manually or using the forwarding module 108 via the client module 114.
The apparatus 102 also includes the client module 114. Although the term client' conventionally denotes a remote relationship with a server, the client module 114 need not be remote or a client' device in the conventional sense. That is to say, the client module 114 may form part of the server-side apparatus 100, for example where the system 103 as a whole is integrally implemented.
In one form, the client module 114 is a thick client application that runs as standalone software on a computer or a Java applet or Microsoft ActiveX Control that runs out of a browser, or a plug-in that is installed on applications such as Microsoft Word, Adobe Acrobat Reader, etc. The client module 114 may also be in the form of a hardware that is directly attached to the printer.
The client module 114 may provide one or more of the following functions: to feedback and query the status (e.g. online, offline, paper/toner issues) and model of the printer to be used for printing, to stream and send the security template data for storage in the printer, to send document data for printing to the printer, and to monitor and feedback on the status of the print.
In one form, the client module 114 queries the status of the printer to determine if it is ready for printing. The client module 114 may also be configured to determine if the printer meets one or more printing restrictions, which may be specified in the document data (e.g. PJL commands relating to print resolution). The client module 114 may also check if the printer is a virtual printer (e.g. PDF printer) so that it can prevent any secure document from being printed on a virtual printer (since a virtual printing may be easily reprinted or duplicated).
Also, the client module 114 may detect the native language of the printer and may S inform the server-side apparatus 100 whether the printer is able to process certain printer languages (e.g. PCL). To ensure only authorised personnel are able to print secure documents, the client module 114 may be configured to determine if the user wishing to print the document is an authorised user. The client module 114 may also be configured to decrypt data received from the forwarding module 108, or where data compression is used for faster data transfer, to decompress data received from the forwarding module 108.
Where the server-side apparatus 100 also provides security template data (e.g. where the design module 110 is used), the client module 114 is also configured to receive the security template data from the apparatus 100. The client module 114 may then store the security template data in the memory of the printer 112, typically after checking that the printer is operational. To ensure that the security template data does not remain on the printer for too long and become susceptible to being intercepted, the client module 114 may be configured to delete the security template data. The deletion can be done after a single print, after a predetermined number of prints or after a random number of prints.
A typical scenario of the application of the apparatus and method of printing secure documents will now be described below. The scenario is, however, only an example embodiment and is not limiting.
1. A designer uses the design module 110 to design and customise a security feature in macro PCL form for its document/report.
2. The design module 110 then encrypts and forwards the macro PCL to the embedding module 106, which decrypts the macro PCL and embeds a unique identifier into the macro PCL.
II
3. The forwarding module 108 then sends the macro PCL securely to the client module 114.
4. The client module 114 checks if the printer 112 is online and Stores the macro PCL in the printer memory.
5. When an authenticated and authorised user desires to produce a document in printed form and wishes to insert a security feature to indicate that it is an original, the user may, for example, click a plug-in icon or the like in Microsoft Word. The user will then click the print icon with a selection of a printer.
6. The information from the user's application (e.g. Microsoft Word) is then sent to the server-side apparatus 100. Based on information of the security feature to be used, the forwarding module 108 checks with the client module 114 if the selected printer is suitable and available.
7. If the printer is suitable and available, the generator module 108 generates PCL document data from the document to be printed, and the embedding module embeds in the PCL document data an activation code and the identifier corresponding to the macro PCL identifier. The PCL document data is then sent to the client module 114 for streaming to the printer.
8. Upon detection of the activation code and the identifier, the printer will activate and overlay the security features on the document in real-time during the printing of the document. The final output will be the document printout with the security features embedded according to the user
specification.
In view of the foregoing description, skilled persons will appreciate that one embodiment of the apparatus and method provides a more secure method of printing a document by separating the security template data and the actual document data. As such, even if a hacker is successful at capturing the document data, the hacker would not be able to print the original document with the security features since this was not sent with the document data. Furthermore, to print a document having the security features, the hacker would need to send the printing to a printer that contains the correct macro PCL with the correct identifier. These features further thwart any effort of capturing the print stream of the secure document. Also, the production of the document data in printer language in a secure and controlled environment (i.e. the server-side apparatus 100) allows the document to be sent directly to the printer 112 via the client module 114 to be printed, thereby eliminating the need to first send the document to a printer driver. Moreover, the use of the client module 114 eliminates the need for a printer spooler. The printing process is thus made more secure by bypassing steps that involve sending the secure document to third-party applications (i.e. drivers and spoolers) that may be hacked. The apparatus and method also allow secure documents to be printed using conventional or commercial off-the-shelf printers (e.g. ink-jet or laserjet) using normal paper.
The foregoing describes exemplary embodiments, which, as will be understood by those skilled in the art, may be subject to many variations or modifications in design, construction or operation without departing from the spirit and scope of the present invention as claimed. For example, while the method has been described with reference to steps to be carried out in a certain order, the method may be modified such that the steps are carried out in a different order, where appropriate. Also, the method may be modified such that additional steps carried out. Moreover, while separate modules have been described, two or more of the modules may be combined into a single module.
Alternatively, where one module is described, two or more modules may be provided to separately carry out the fl.inctions of the described one module. It will also be appreciated that although the apparatus and method described allows printing using conventional printers and papers, this is not essential. Printing using specialist printers and watermarked substrates may also be used. Such variations, for instance, are intended to be covered by the scope of the present invention as claimed.

Claims (47)

  1. I. An apparatus for printing secure documents comprising: a generator module configured to generate document data representing a document in printer language, an embedding module configured to embed an activation code and an identifier of a security feature into the document data, and a forwarding module configured to forward the document data with the embedded activation code and identifier to a printer via a client module to print the document and the security feature corresponding to the embedded identifier based on one or more security features stored in printer language on the printer.
  2. 2. The apparatus of claim 1 wherein the apparatus further comprises a design module configured to allow a user to create a security feature and to generate security template data representing the security feature in printer language.
  3. 3. The apparatus of claim 2 wherein the design module is further configured to encrypt the security template data and store an encryption key in a Hardware Security Module.
  4. 4. The apparatus of claim 2 or 3 wherein the embedding module is configured to embed an identifier into the security template data, and wherein the forwarding module is configured to forward the security template data and its identifier to the client module for storage in the printer.
  5. 5. The apparatus of claim 4 wherein the forwarding module is configured to forward the document data and the security template data separately to the client module.
  6. 6. The apparatus of any one of claims 1-5 wherein the forwarding module is configured to bypass existing printer drivers or spoolers to forward the document data directly to the printer via client module.
  7. 7. The apparatus of any one of claims 1-6 wherein the embedding module is further configured to embed printing restrictions into the document data.
  8. 8. The apparatus of claim 7 wherein the printing restrictions are provided in the form of Printer Job Language (PJL), and restrict one or more of: the number of copies, the resolution and the paper size of the document to be printed.
  9. 9. The apparatus of any one of claims 1-8 wherein the printer language is Printer Command Language (PCL).
  10. 10. The apparatus of any one of claims 1-9 wherein the embedding module is configured to embed the entirety of the security feature into the document data, and wherein the forwarding module is configured to forward the document data and the embedded security feature to the printer via the client module.
  11. 11. An apparatus for printing secure documents comprising: a printer having memory to store one or more security features in printer language, and a client module configured to receive document data representing a document in printer language, wherein the printer is configured to: detect an activation code and an identifier of a security feature that are embedded in the document data, retrieve the security feature that corresponds to the identifier from memory, and print the document and the retrieved security feature on the document.
  12. 12. The apparatus of claim 11 wherein the client module is further configured to: receive security template data representing a security feature in printer language, the security template data including an identifier, and store the security template data in the memory of the printer.
  13. 13. The apparatus of claim 11 or 12 wherein the client module is configured to determine if the printer is ready for printing and is able to meet one or more printing restrictions specified in the document data.
  14. 14. The apparatus of claim 13 wherein the printing restrictions are provided in the form of Printer Job Language (PJL) and are provided to restrict one or more of: the number of copies, the resolution and the paper size of the document to be printed.
  15. 15. The apparatus of any one of claims 11-14 wherein the client module is further configured to delete the one or more security features stored in the memory of the printer.
  16. 16. The apparatus of any one of claims 11-15 wherein the printer language is Printer Command Language (PCL).
  17. 17. The apparatus of any one of claims 1-16 wherein two or more of the modules are combined together.
  18. 18. A computer-implemented method of printing secure documents comprising: generating document data by converting a document into data representing the document in printer language; embedding an activation code and an identifier of a security feature into the document data, and forwarding the document data arid the embedded activation code and identifier to a printer to print the document incorporating the security feature corresponding to the embedded identifier based on one or more security features stored as printer language on the printer.
  19. 19. The computer-implemented method of claim 18 further comprising: generating security template data representing a security feature in printer language, embedding an identifier into the security template data, and forwarding the security template data and its identifier to a printer for storage.
  20. 20. The computer-implemented method of claim 19 further comprising encrypting the security template data and storing an encryption key in a Hardware Security Module.
  21. 21. The computer-implemented method of claim 19 or 20 further comprising creating a specific security feature and generating security template data representing the specific security feature in printer language.
  22. 22. The computer-implemented method of any one of claims 18-21 further comprising forwarding the document data and the security template data separately to the printer.
  23. 23. The computer-implemented method of any one of claims 18-22 further comprising bypassing existing printer drivers or spoolers to forward the document data directly to the printer.
  24. 24. The computer-implemented method of any one of claims 18-23 further comprising embedding printing restrictions into the document data.
  25. 25. The computer-implemented method of claim 24 wherein the printing restrictions are provided in the form of Printer Job Language (PJL), and restrict one or more of: the number of copies, the resolution and the paper size of the document to be printed.
  26. 26. The computer-implemented method of any one of claims 18-25 wherein the printer language is Printer Command Language (PCL).
  27. 27. The computer-implemented method of any one of claims 18-26 further comprising embedding the entirety of the security feature into the document data, and forwarding the document data and the embedded security feature to the printer via the client module.
  28. 28. A computer-implemented method of printing secure documents at a printer, the method comprising: receiving document data representing a document in printer language, detecting an activation code and an identifier of a security feature that are embedded in the document data, retrieving a security feature that corresponds to the identifier from printer memory, the printer memory storing one or more security features in printer language, and printing the document and the retrieved security feature on the document.
  29. 29. The computer-implemented method of claim 28 further comprising: receiving security template data representing a security feature in printer language, the security template data including an identifier, and storing the security template data in the printer memory.
  30. 30. The computer-implemented method of claim 28 or 29 further comprising determining if the printer is ready for printing and is able to meet one or more printing restrictions specified in the document data.
  31. 31. The computer-implemented method of claim 30 wherein the printing restrictions are provided in the form of Printer Job Language (PJL) and are provided to restrict one or more of: the number of copies, the resolution and the paper size of the document to be printed.
  32. 32. The computer-implemented method of any one of claims 28-31 further comprising deleting the one or more security features stored in the printer memory.
  33. 33. The computer-implemented method of any one of claims 28-32 wherein the printer language is Printer Command Language (PCL).
  34. 34. The computer-implemented method of any one of claims 28-33 wherein the document data is received directly by the printer via the client module bypassing existing printer drivers or spoolers.
  35. 35. A computer-readable medium having computer-readable instructions stored thereon for execution by a processor to perform the method of any one of claims 18-34.
  36. 36. A system for printing secure documents comprising: a generator module configured to generate document data representing a document in printer language, an embedding module configured to embed an activation code and an identifier 1 5 of a security feature into the document data, a client module configured to receive document data, a forwarding module configured to forward the document data with the embedded activation code and identifier to the client module, and a printer having memory to store one or more security features in printer language, wherein the printer is configured to: detect the activation code and the identifier, retrieve the security feature that corresponds to the identifier from memory, and print the document and the retrieved security feature on the document.
  37. 37. The system of claim 36 wherein the system further comprises a design module configured to allow a user to create a security feature and to generate security template data representing the security feature in printer language.
  38. 38. The system of claim 37 wherein the design module is further configured to encrypt the security template data and store an encryption key in a Hardware Security Module.
  39. 39. The system of claim 37 or 38 wherein the embedding module is configured to embed an identifier into the security template data, and wherein the forwarding module is configured to forward the security template data and its identifier to the client module for storage in the printer.
  40. 40. The system of claim 39 wherein the forwarding module is configured to forward the document data and the security template data separately to the client module.
  41. 41. The system of any one of claims 36-40 wherein the forwarding module is configured to bypass existing printer drivers or spoolers to forward the document data directly to the printer via the client module.
  42. 42. The system of any one of claims 36-4 1 wherein the embedding module is further configured to embed printing restrictions into the document data.
  43. 43. The system of claim 42 wherein the printing restrictions are provided in the form of Printer Job Language (PJL), and restrict one or more of: the number of copies, the resolution and the paper size of the document to be printed.
  44. 44. The system of any one of claims 36-43 wherein the printer language is Printer Command Language (PCL).
  45. 45. The system of any one of claims 36-44 wherein the embedding module is further configured to embed the entirety of the security feature into the document data, and wherein the forwarding module is further configured to forward the document data and the embedded security feature to the printer via the client module.:
  46. 46. The system of any one of claims 36-45 wherein the client module is configured to determine if the printer is ready for printing and is able to meet one or more printing restrictions specified in the document data.
  47. 47. The system of any one of claims 36-46 wherein two or more of the modules are combined together.
GB0721395A 2007-10-31 2007-10-31 Printing secure documents using security feature(s) stored on a printer Withdrawn GB2454211A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0721395A GB2454211A (en) 2007-10-31 2007-10-31 Printing secure documents using security feature(s) stored on a printer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0721395A GB2454211A (en) 2007-10-31 2007-10-31 Printing secure documents using security feature(s) stored on a printer

Publications (2)

Publication Number Publication Date
GB0721395D0 GB0721395D0 (en) 2007-12-12
GB2454211A true GB2454211A (en) 2009-05-06

Family

ID=38834619

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0721395A Withdrawn GB2454211A (en) 2007-10-31 2007-10-31 Printing secure documents using security feature(s) stored on a printer

Country Status (1)

Country Link
GB (1) GB2454211A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8347379B2 (en) * 2006-05-26 2013-01-01 Oki Data Corporation Printing system and image forming apparatus
FR2991795A1 (en) * 2012-06-12 2013-12-13 Data Syscom Method for post-processing original file interpretable by printer, involves modifying original file by incorporation of visible and/or invisible seal to human eye in form, which preserves format interpretable by printer
CN104331259A (en) * 2014-11-27 2015-02-04 上海颐东网络信息有限公司 File protection based document-centralized file printing system
WO2015094946A1 (en) * 2013-12-16 2015-06-25 Ctpg Operating, Llc Methods and systems for ensuring printer looses ability to print security patterns if disconnected from approved system
EP3067816A1 (en) * 2015-03-13 2016-09-14 Troy Group, Inc. A computer-based system and method for adding variable security data in printing operations

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004054462A (en) * 2002-07-18 2004-02-19 Canon I-Tech Inc Print system and printer
US6970259B1 (en) * 2000-11-28 2005-11-29 Xerox Corporation Systems and methods for forgery detection and deterrence of printed documents
US20070058206A1 (en) * 2005-09-09 2007-03-15 Xerox Corporation Special effects achieved by setoverprint/setoverprintmode and manipulating object optimize rendering (OOR) tags and colors

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6970259B1 (en) * 2000-11-28 2005-11-29 Xerox Corporation Systems and methods for forgery detection and deterrence of printed documents
JP2004054462A (en) * 2002-07-18 2004-02-19 Canon I-Tech Inc Print system and printer
US20070058206A1 (en) * 2005-09-09 2007-03-15 Xerox Corporation Special effects achieved by setoverprint/setoverprintmode and manipulating object optimize rendering (OOR) tags and colors

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8347379B2 (en) * 2006-05-26 2013-01-01 Oki Data Corporation Printing system and image forming apparatus
US8850564B2 (en) 2006-05-26 2014-09-30 Oki Data Corporation Printing system and image forming apparatus
FR2991795A1 (en) * 2012-06-12 2013-12-13 Data Syscom Method for post-processing original file interpretable by printer, involves modifying original file by incorporation of visible and/or invisible seal to human eye in form, which preserves format interpretable by printer
WO2015094946A1 (en) * 2013-12-16 2015-06-25 Ctpg Operating, Llc Methods and systems for ensuring printer looses ability to print security patterns if disconnected from approved system
US10007794B2 (en) 2013-12-16 2018-06-26 Ctpg Operating, Llc Methods and systems for ensuring printer looses ability to print security patterns if disconnected from approved system
CN104331259A (en) * 2014-11-27 2015-02-04 上海颐东网络信息有限公司 File protection based document-centralized file printing system
EP3067816A1 (en) * 2015-03-13 2016-09-14 Troy Group, Inc. A computer-based system and method for adding variable security data in printing operations

Also Published As

Publication number Publication date
GB0721395D0 (en) 2007-12-12

Similar Documents

Publication Publication Date Title
US8564804B2 (en) Information processing apparatus that does not transmit print job data when both encryption and saving in a printing apparatus are designated, and control method and medium therefor
US7292355B2 (en) Device and method for securing print jobs stored on a printer
US8953181B2 (en) Virtual print job preview and validation
JP4055807B2 (en) Document management method, document management system, and computer program
US20030009672A1 (en) Method and system for real-time control of document printing
JP4378404B2 (en) Electronic file approval management system
US20120162681A1 (en) Pull printing system and recording medium
US20050259289A1 (en) Print driver job fingerprinting
US7770022B2 (en) Systems and methods for securing an imaging job
JP2007323186A (en) Apparatus for creating print control data, print management device, and printer
US20050052677A1 (en) Print data generation method, client terminal, printer server, print data generation apparatus, image forming apparatus, and computer product
JP4481914B2 (en) Information processing method and apparatus
US8054970B2 (en) Image forming apparatus, image forming method, information processing apparatus and information processing method
US7463380B2 (en) Spooling/despooling subsystem job fingerprinting
GB2454211A (en) Printing secure documents using security feature(s) stored on a printer
KR20100027798A (en) Image forming system and security printing method thereof
JP2007241414A (en) Printing system, printer, printer driver, and printing control method
US8976966B2 (en) Information processor, information processing method and system
US20040111603A1 (en) Document administration apparatus, document administration method, computer program, and computer-readable memory medium
JP2006021525A (en) Image formation device, control method of image formation device, terminal unit, control method of terminal unit and computer program
JP4617780B2 (en) Electronic device and security setting system
JP2008117286A (en) Printing system
US8422057B2 (en) Apparatus and method for manufacturing the same
JP2007058744A (en) Print instruction device, print function restriction method, and authentication print system
JP4595985B2 (en) Document management method, document management system, and computer program

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)