JP2008041044A - Confidential printing device and confidential printing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To easily notify a sender of information on an access to confidential printing data to be stored. <P>SOLUTION: A confidential printing device has a storage for storing the confidential printing data, MFP10A and 10B for printing the confidential printing data, and PC20A and PC20B connected to MFP10A and MFP10B for receiving operation inputs, and the PC20A and PC20B comprise displays for displaying screens for setting relating to notification about the access to the confidential printing data stored in the storage, operation sections for receiving inputs for setting relating to notification of the access, and control sections for directing the MFP10A and MFP 10B to notify the sender of the confidential printing data of the information of the access when the notification relating to the access is set up and there is an access to the confidential printing data stored in the storage. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a confidential printing apparatus and a confidential printing system.

  Conventionally, confidential printing (confidential printing) has been performed in a system having an operation device and an image printing device. In confidential printing, the user who receives the printed matter is specified by the operation device, the print data is transmitted to the image printing device, the specified user is authenticated by the image printing device, and only the user who has been successfully authenticated prints the print data. The printing can be executed (see, for example, Patent Document 1).

A configuration is also conceivable in which, after confidential printing is executed, a message indicating that confidential printing has been completed is sent by e-mail from the image printing apparatus to a sender (operating apparatus) of print data (see, for example, Patent Document 2).
Japanese Patent Laid-Open No. 11-249848 JP 2001-251470 A

  However, in the above-described conventional configuration, the sender of print data can only know that confidential printing (confidential printing) has been completed. For this reason, there is a request to know information regarding access to confidential print data stored (held) in the image printing apparatus.

  Further, in the configuration of the above-mentioned patent document 2, when confidential printing is performed, a confidential printing completion notification is automatically transmitted by e-mail, so that the sender of the print data knows the existence of the confidential printing completion notification. If there is not, the state of the confidential print data cannot be known when the confidential print data is stored in the image printing apparatus in an unprinted state.

  An object of the present invention is to easily notify a sender of information relating to access to stored confidential print data.

In order to solve the above problem, the confidential printing system of the invention according to claim 1 provides:
A confidential printing device having a storage unit for storing confidential print data, and printing the confidential print data;
An operation device that is communicatively connected to the confidential printing device and receives an operation input,
The operating device is:
A display unit for displaying a notification setting screen regarding access to confidential print data stored in the storage unit;
An operation unit that accepts a setting input for notification regarding the access;
Instructing the confidential printing apparatus to notify the sender of the confidential print data of the information regarding the access when the confidential print data stored in the storage unit is accessed when the notification regarding the access is set. And a control unit.

According to a second aspect of the present invention, there is provided a confidential printing device.
A storage unit for storing confidential print data;
A first authentication unit for performing user authentication;
When the recipient of the printed matter of the confidential print data authenticated by the first authentication unit is allowed to access the confidential print data, the access is performed when the recipient performs access to the confidential print data. A control unit that generates information about
A notification unit configured to notify the sender of the confidential print data of the generated access information.

According to a third aspect of the present invention, in the confidential printing apparatus according to the second aspect,
The recipient is plural,
The control unit transmits information regarding access to the confidential print data of each of the logged-out recipients to the sender when the recipients log out.

According to a fourth aspect of the present invention, in the confidential printing device according to the second or third aspect,
A second authentication unit that repeatedly authenticates a recipient who has instructed execution of the access during access to the confidential print data is provided.

The invention according to claim 5 is the confidential printing apparatus according to any one of claims 2 to 4,
The control unit determines whether or not printing of all recipients permitted to access the confidential print data is finished. When the printing of all recipients is finished, the control unit The confidential print data that has been executed is deleted from the storage unit,
The notification unit notifies the sender of the erasure of the confidential print data.

The invention according to claim 6 is the confidential printing device according to any one of claims 2 to 5,
The control unit executes at least one of erasure and editing of the stored confidential print data based on an instruction from the sender.

The invention according to claim 7 is the confidential printing device according to any one of claims 2 to 6,
The control unit permits the recipient to transfer at least one of transfer and editing of the stored confidential print data based on the instruction from the sender.

The invention according to claim 8 is the confidential printing device according to any one of claims 2 to 7,
A photographing unit for photographing an operating user and generating image data;
The notification unit transmits the information related to the access to the sender together with the image data of the photographed user.

The invention according to claim 9 is the confidential printing device according to any one of claims 2 to 8,
An identifier reading unit that reads the identifier of the print recording medium on which the confidential print data is printed or the information storage medium on which the confidential print data is stored, and acquires identifier information;
The notification unit notifies the sender of the read identifier information.

The confidential printing system of the invention described in claim 10 is provided.
A confidential printing device for performing confidential printing;
An operation device that is connected to the confidential printing device and receives an operation input of the sender of the confidential printing data;
An authentication server that communicates with the confidential printing device and authenticates a user who operates the confidential printing device;
A print server that is communicatively connected to the confidential printing device and the operation device, and causes the confidential printing device to print confidential print data received from the operation device,
The print server includes a storage unit that stores confidential print data received from the operation device;
Based on the sender's instruction from the operation device, the recipient of the printed matter of the confidential print data authenticated by the authentication server is allowed to access the confidential print data, and the recipient receives the confidential print data. A control unit that generates information about the access when the access is executed;
The information processing apparatus includes a notification unit that notifies the sender of information related to the generated access.

The invention according to claim 11 is the confidential printing system according to claim 10,
The recipient is plural,
The controller is configured to notify the sender of information related to access to the confidential print data of each recipient who has logged out when the recipient logs out.

The invention according to claim 12 is the confidential printing system according to claim 10 or 11,
The confidential printing apparatus includes an authentication unit that repeatedly authenticates a recipient who instructed to execute the access during access to the confidential print data.

The invention according to claim 13 is the confidential printing system according to any one of claims 10 to 12,
The control unit determines whether or not printing of all recipients permitted to access the confidential print data is finished. When the printing of all recipients is finished, the control unit The confidential print data that has been executed is deleted from the storage unit,
The notification unit notifies the sender of the erasure of the confidential print data.

The invention described in claim 14 is the confidential printing system according to any one of claims 10 to 13,
The control unit executes at least one of deletion and editing of the stored confidential print data based on an instruction from the sender from the operation device.

The invention according to claim 15 is the confidential printing system according to any one of claims 10 to 14,
The control unit permits the recipient to transfer at least one of the stored confidential print data and edit based on the sender's instruction from the operation device.

The invention according to claim 16 is the confidential printing system according to any one of claims 10 to 15,
The confidential printing apparatus includes a photographing unit that photographs a user to operate,
The notifying unit notifies the sender of information related to the access together with the photographed user image data.

The invention according to claim 17 is the confidential printing system according to any one of claims 10 to 16,
The confidential printing apparatus includes an identifier reading unit that reads an identifier of a recording medium to be printed and acquires identifier information.
The notification unit notifies the sender of the read identifier information.

The invention according to claim 18 is the confidential printing system according to any one of claims 10 to 17,
The control unit can print the additional print information when the confidential print data is transmitted from the operation device to the print server together with additional print information for performing additional printing on the confidential print data. It is characterized by permitting confidential printing.

The invention according to claim 19 is the confidential printing system according to claim 18,
The notifying unit notifies the sender of whether or not printing of the additional print information by the control unit is permitted by a confidential printing apparatus.

  According to the first aspect of the present invention, it is possible to easily set notification of information related to access to stored confidential print data, and it is possible to easily notify the sender of information related to the access.

  According to the second and tenth aspects of the present invention, it is possible to easily notify the sender of information relating to access to stored confidential print data.

  According to the third and eleventh aspects of the present invention, it is possible to easily notify the sender of information regarding access to the confidential print data stored for each recipient.

  According to the invention described in claims 4 and 12, the security of the confidential print data being accessed can be improved.

  According to the fifth and thirteenth aspects of the present invention, unnecessary confidential print data can be deleted to improve the security of the confidential print data, and the sender can be notified of the end of printing by all recipients.

  According to the invention described in claims 6 and 14, the sender can execute at least one of erasure and editing of the confidential print data, and can be operated flexibly.

  According to the seventh and fifteenth aspects of the present invention, the recipient can execute at least one of transfer and editing of the confidential print data, and convenience can be improved.

  According to the eighth and sixteenth aspects of the present invention, it is possible to easily identify the person who has accessed the confidential print data from the captured image data, and to improve the security of the confidential print data.

  According to the ninth and 17th aspects of the present invention, it is possible to easily track the distribution destination of the confidential print data or the printed matter by using the identifier information, and the security of the confidential print data can be improved.

  According to the invention described in claim 18, the security of the confidential print data can be improved by the additional print information of the confidential print data, the distribution destination of the printed matter of the confidential print data can be easily traced, and the additional print information is permitted. It is possible to easily identify the confidential printing device.

  According to the nineteenth aspect of the present invention, it is possible to notify the sender whether or not printing of the additional print information is permitted by the confidential printing apparatus.

  Hereinafter, first and second embodiments of the present invention will be described in detail in order with reference to the drawings. However, the scope of the invention is not limited to the illustrated examples.

(First embodiment)
A first embodiment according to the present invention will be described with reference to FIGS. First, the features of the apparatus according to the present embodiment will be described with reference to FIGS. FIG. 1 shows the configuration of the confidential printing system 100. FIG. 2 shows the internal configuration of the MFP 10A. FIG. 3 shows the internal configuration of the PC 20A.

  First, a confidential printing system 100 according to the present embodiment will be described with reference to FIG. The confidential printing system 100 includes MFPs (Multi Function Printers) 10A and 10B as confidential printing apparatuses and PCs (Personal Computers) 20A and 20B as operation apparatuses, and each apparatus is connected via a communication network N. Are connected.

  The confidential printing apparatus is not limited to the MFP, and may be an apparatus having at least a printing function, such as a copying machine or various printers. The operation device is not limited to a PC, and may be a device having at least a print data transmission (print job input) function, such as a server device or a portable terminal. Further, the number of MFPs and PCs is not limited to two, but may be configured to include at least one each.

  The communication network N is, for example, a LAN (Local Area Network), but may be a WAN (Wide Area Network), such as a telephone line network, an ISDN (Integrated Services Digital Network) line network, a broadband communication line network, a dedicated line, a mobile line. A configuration including a body communication network, a communication satellite line, a CATV (Community Antenna Television) line, an optical communication line, a wireless communication line, and an Internet service provider for connecting them may be used.

  The configuration of the MFP 10A will be described with reference to FIG. The MFP 10B is the same as the MFP 10A. As illustrated in FIG. 2, the MFP 10 </ b> A includes a control unit 11, an operation unit 12, an HDD (Hard Disk Drive) 13, a display unit 14, a memory 15, an authentication unit 16, an image reading unit, and a printing unit. 19, each part is connected by a bus 19a.

  The control unit 11 includes a central processing unit (CPU), a random access memory (RAM), a read only memory (ROM), and the like, and programs specified from various system programs and application programs stored in the ROM are stored in the RAM. Various processes are executed in cooperation with the expanded program and the CPU. The control part 11 shall have the notification part 11a.

  The control unit 11 prints the received print job data based on a first print job reception program described later, and stores the received confidential print data in the storage unit 13. Further, the control unit 11 authenticates the recipient based on a first confidential print data access program to be described later, receives access to the confidential print data stored in the storage unit 13 by the authenticated recipient, In response to access, the confidential print data printed by all recipients is erased and an access confirmation mail is created. The notification unit 11a transmits an access confirmation mail to the sender (for example, the PC 20A).

  The operation unit 12 includes input keys and the like, receives information input by a user as an input signal, and outputs the input signal to the control unit 11. The display unit 14 is configured by an LCD (Liquid Crystal Display) or the like, and displays various types of information based on display signals from the control unit 11, and particularly displays various operation screens. The display unit 14 may be integrated with the operation unit 12 to configure a touch panel.

  The storage unit 13 is configured by an HDD (Hard Disk Drive) or the like, and stores various information in a readable and writable manner. In the present embodiment, the storage unit 13 stores a confidential BOX as a folder for storing confidential print data.

  The authentication unit 16 is a finger vein authentication module having a finger vein sensor and a verification unit. The authentication unit 16 reads the veins of the user's finger with the finger vein sensor, extracts the feature points of the finger vein data with the matching unit, and the feature point data and the registered feature points of the user's finger veins. Are generated, and authentication result information indicating success / failure of the authentication due to the match or mismatch is generated and output to the control unit 11. The authentication unit 16 is not limited to the configuration having the finger vein sensor and the collation unit, and has only the finger vein sensor, and outputs the finger vein data input from the finger vein sensor to the control unit 11, The control unit 11 may be configured to perform fingerprint data collation and authentication success / failure determination. Further, the authentication unit 16 is not limited to the configuration for performing finger vein authentication, and acquires and authenticates at least one of biometric information such as fingerprints, irises, faces, veins, and voiceprints, and information such as passwords as authentication information. It is good also as composition which performs.

  The image reading unit 17 reads an image recorded on a document and generates image data of the image. The image reading unit 17 is a light source that irradiates light on a document, an image sensor such as a CCD (Charge Coupled Device) or a CMOS (Complementary Metal-Oxide Semiconductor) that photoelectrically converts reflected light from the document, and light that irradiates the document. Scanning means for scanning the image signal, and image processing means for performing various conversions and processes on the electrical signal read by the image sensor and outputting image data.

  The communication unit 18 is configured by a NIC (Network Interface Card) or the like, and transmits / receives various data to / from an external device such as the PC 20A via the communication network N.

  The printing unit 19 is an electrophotographic type, ink jet type, thermal transfer type, dot impact type printer or the like, and forms and records an image on a recording medium such as recording paper based on image data input from the CPU 11 or the like. To do.

  The configuration of the PC 20A will be described with reference to FIG. The PC 20B has the same configuration as the PC 20A. As shown in FIG. 3, the PC 20 </ b> A includes a control unit 21, an operation unit 22, a storage unit 23, a display unit 24, and a communication unit 25, and each unit is connected by a bus 26.

  The control unit 21 includes a CPU, a RAM, and the like. A program designated from various system programs and application programs stored in the storage unit 23 is expanded in the RAM, and the expanded program and the CPU cooperate with each other. As a result, various processes are executed. In the present embodiment, the control unit 21 prints the confidential print job data by setting the confidential print recipient, the password, and the necessity of the access confirmation mail based on the first confidential print job input program described later. It is transmitted to the destination (for example, MFP 10A).

  The operation unit 22 includes a keyboard, receives various key operation inputs from the user, and acquires the operation information. The operation unit 22 may include a pointing device such as a mouse, and may receive position information from a user and acquire position information.

  The storage unit 23 is an HDD or the like, and stores various kinds of information so as to be read and written. The display unit 24 includes an LCD, a CRT, and the like, and performs various displays based on display information input from the control unit 21. The communication unit 25 includes a modem, a network card, and the like, and transmits and receives information with various devices on the communication network N.

  Next, the operation of the confidential printing system 100 will be described with reference to FIGS. With reference to FIG. 4, the operation of the PCs 20A and 20B will be described. The operation of the PC 20A will be described as a representative, but the operation of the PC 20B is the same.

  With reference to FIGS. 4 and 5, the first confidential print job input process executed in the PC 20A will be described. FIG. 4 shows a flow of the first confidential print job input process executed in the PC 20A. FIG. 5 shows a confidential print setting screen 24a.

  The first confidential print job submission process is a process for transmitting confidential print job data to a printing destination (for example, MFP 10A). For example, the control unit 21 is triggered by the input of the execution instruction of the first confidential print job input process from the user (the person who is the transmission source of the confidential print data, hereinafter referred to as the sender) via the operation unit 22. The first confidential print job submission process is executed in cooperation with the first confidential print job submission program read from the storage unit 23 and expanded in the RAM.

  First, a general print setting screen for confidential print target data is displayed on the display unit 24, and input of general print setting information such as the number of prints from the sender based on the general print setting screen is received by the operation unit 22 (step S22). S1). Then, a confidential print setting screen is displayed on the display unit 24 (step S2). For example, in the confidential print setting screen 24a shown in FIG. 5, when there is an access to a confidential printed matter receiving user (hereinafter referred to as a recipient) ID, a password for authenticating the recipient, and MFP confidential print data. This is a setting screen for whether or not to send an access confirmation mail indicating the access contents to the sender. The recipient can designate one or more persons.

  Then, input of confidential print setting information from the sender based on the confidential print setting screen is accepted through the operation unit 22 (step S3). The confidential printing setting information includes a user ID as identification information of the recipient of the confidential printing, a password required for the reception, and setting information regarding whether or not to send an access confirmation mail of the confidential printing data to the sender. If the access confirmation mail is set to be sent to the sender, inputs such as a mail destination and mail contents are accepted via the operation unit 22 and included in the confidential print setting information.

  Then, it is determined whether or not the confidential print setting information has been input (step S4). For example, the determination is made based on whether or not an input end instruction for the confidential print setting information is input by the user via the operation unit 22. If the confidential print setting information has not been input (step S4; NO), the process proceeds to step S3.

  When the input of the confidential print setting information is completed (step S4; YES), the confidential print data, the general print setting information, and the confidential print setting information are transmitted as confidential print job data to the MFP 10A via the communication unit 25 and the communication network N. (Step S5), the first confidential print job input process ends.

  Next, operations of the MFPs 10A and 10B will be described with reference to FIGS. The operation of the MFP 10A will be described as a representative, but the operation of the MFP 10B is the same.

  First, the first print job reception process executed in the MFP 10A will be described with reference to FIG. FIG. 6 shows the flow of the first print job reception process executed in the MFP 10A.

  The first print job reception process is a process for performing normal print job data reception and printing, confidential print job data reception, storage, and confidential print setting. For example, the control unit 11 reads out from the ROM and develops it in the RAM, triggered by the start of reception of print job data from the transmission source (for example, PC 20A) via the communication network N and the communication unit 18. The first print job reception process is executed in cooperation with the first print job reception program and the CPU.

  First, it is determined whether or not reception of print job data has been completed (step S11). If the print job data has not been received (step S11; NO), the process proceeds to step S11. When the reception of the print job data is completed (step S11; YES), it is determined whether the received print job data is a confidential print job (step S12).

  If it is a confidential print job (step S12; YES), the confidential print data (image data) of the confidential print job data is rasterized and stored in the confidential BOX of the storage unit 13 (step S13). The confidential print data may be stored in the confidential BOX as PDL (Page Description Language) data.

  Then, various settings for confidential printing are executed based on the print setting information of the confidential print job data (step S14), and the first print job reception process ends. If the print job is not a confidential print job (step S12; NO), normal printing is executed by the printing unit 19 based on the received print job data (step S15), and the first print job reception process ends.

  Next, the first confidential print data access process executed in the MFP 10A will be described with reference to FIGS. FIG. 7 shows the flow of the first confidential print data access process. FIG. 8A shows the configuration of the confidential print confirmation screen 14a. FIG. 8B shows the configuration of the authentication confirmation screen 14b. FIG. 9 shows the configuration of the access confirmation mail M.

  The first confidential print data access process is a process for performing various accesses to the confidential print data stored in the storage unit 13 in accordance with the logged-in user. For example, the control unit 11 uses the first confidential print data access program read from the ROM and expanded in the RAM as triggered by the input of the execution start of the login printing process from the user via the operation unit 12. A first confidential print data access process is executed in cooperation with the CPU.

  First, input of a user ID and password from the user is received by the operation unit 12, login authentication is performed based on the user ID and password, and it is determined whether or not the login is successful (step S21). For comparison of the user ID and password, for example, login authentication is performed based on the user ID and password of the confidential print setting information set in step S14 of the first print job reception process. When the user login fails (step S21; NO), the process proceeds to step S21.

  If the user login is successful (step S21; YES), it is determined whether or not the confidential print data of the login user is stored in the confidential BOX of the storage unit 13 (step S22). When there is confidential print data (step S22; YES), a confidential print confirmation screen is displayed on the display unit 14, and a selection confirmation input of confidential print data from the user is received by the operation unit 12 (step S23). The confidential printing confirmation screen is, for example, a confidential printing confirmation screen 14a shown in FIG. On the confidential print confirmation screen 14a, the data name of the confidential print data to be printed is selected, and after entering the type of access such as printing and display, the selection is confirmed by pressing the OK button.

  In step S23, it is determined whether access to confidential print data is instructed (step S24). For example, it is assumed that access is instructed when at least one confidential print data to be printed is selected. When access is instructed (step S24; YES), an authentication instruction screen is displayed on the display unit 14, and the finger vein input from the user is accepted by the authentication unit 16 (step S25). The authentication instruction screen is, for example, an authentication instruction screen 14b illustrated in FIG. The login user refers to the authentication instruction screen 14 b, and the login user's finger is placed on the finger vein sensor of the authentication unit 16. This finger vein authentication is repeatedly performed continuously during access execution.

  Then, the authentication unit 16 determines whether or not the login user's finger vein authentication is successful (whether or not to be authenticated) (step S26). Specifically, the finger vein feature point of the logged-in user is compared with the finger vein feature point registered in advance corresponding to the user who succeeded in the login authentication in step S21, and the finger vein authentication succeeds if they match. It shall be. When the finger vein authentication is successful (step S26; YES), the designated access to the selected confidential print data is started or continued (step S27). When printing, the confidential print data is printed by the printing unit 19, and when displaying, the confidential print data is displayed by the display unit 14.

  Then, it is determined whether or not access to all selected confidential print data has been completed (step S28). The determination of the end of access is performed according to, for example, an input to the operation unit 12 to the effect that the recipient's access is terminated or a timeout after the recipient's access is terminated.

  If the access has not ended (step S28; NO), the process proceeds to step S25. When the access is completed (step S28; YES), the access history information for the accessed confidential print data stored in the storage unit 13 is updated according to the access execution result of the login user (step S29). Then, it is determined whether or not all the recipients designated by the sender have executed printing on the confidential print data accessed in step S25 (step S30). Specifically, it is determined whether all recipients have performed printing based on the access history information stored in the storage unit 13.

  If all recipients have executed printing (step S30; YES), the confidential print data that has been printed by all recipients is deleted from the storage unit 13 (step S31). At this time, the fact that the confidential print data is to be deleted is added to the access history information in the storage unit 13. Then, a logoff input from the logged-in user is received by the operation unit 12, and it is determined whether or not the logged-in user logs off (step S32). When the logoff is not performed (step S32; NO), the process proceeds to step S22.

  When finger vein authentication fails (step S26; NO), or when all recipients have not executed printing (step S30; NO), the process proceeds to step S32. When there is no confidential print data (step S22; NO), or when access to the confidential print data is not instructed (step S24; NO), normal processing such as normal printing and copying is executed (step S33). The process proceeds to step S32.

  When the logoff is performed (step S32; YES), when the confidential print data is accessed in step S27, it is determined whether or not an access confirmation instruction is set in the confidential setting information of the confidential print data (step S34). ). When there is an access confirmation instruction (step S34; YES), an access confirmation mail for the confidential print data is generated based on the access history information stored in the storage unit 13, and the communication unit 18 and the communication network are notified by the notification unit 11a. The data is transmitted to the sender (the terminal, for example, PC 20A) via N (step S35), and the first confidential print data access process is terminated. If there is no access confirmation instruction (step S34; NO), the first confidential print data access process is terminated.

  The access confirmation mail is, for example, the access confirmation mail M shown in FIG. The access confirmation e-mail includes the destination, e-mail address, e-mail subject, e-mail information, access type, type of access, and the erasure of confidential print data by printing all recipients. .

  As described above, according to the present embodiment, in the PC 20A, 20B, the sender can easily set notification of information (access confirmation mail) regarding access to the confidential print data stored in the MFP 10A, 10B on the confidential print setting screen 24a. it can. Further, it is possible to easily notify the sender of information relating to access to the confidential print data stored in the MFPs 10A and 10B.

  When there are a plurality of recipients, the sender can be easily notified of information regarding access to the confidential print data stored in the MFPs 10A and 10B for each recipient.

  Further, by repeatedly authenticating the logged-in recipient by the authenticating unit 16 being accessed, leakage of confidential print data can be prevented, and security of the confidential print data being accessed can be improved.

  In addition, the confidential print data stored in the storage unit 13 is erased when printing of all recipients is completed, and the fact is transmitted in the access confirmation mail. Therefore, unnecessary confidential print data is erased and the security of the confidential print data is increased. And the sender can be notified of the end of printing by all recipients.

(Second Embodiment)
A second embodiment according to the present invention will be described with reference to FIGS. First, the apparatus configuration of the present embodiment will be described with reference to FIGS. FIG. 10 shows a configuration of the confidential printing system 200 according to the present embodiment. FIG. 11 shows the internal configuration of the print server 30. FIG. 12 shows the internal configuration of the authentication server 40.

  The configuration of the confidential printing system 200 will be described with reference to FIG. As shown in FIG. 10, the confidential printing system 200 includes MFPs 10 </ b> A and 10 </ b> B, PCs 20 </ b> A and 20 </ b> B, a print server 30, and an authentication server 40, and each device is connected by a communication network N.

  The MFPs 10A and 10B, the PCs 20A and 20B, and the communication network N are the same as those of the confidential printing system 100 according to the first embodiment. For this reason, the MFPs 10A and 10B, the PCs 20A and 20B, and the communication network N will be described mainly with respect to differences from the first embodiment.

  The print server 30 includes a control unit 31, an operation unit 32, a storage unit 33, a display unit 34, and a communication unit 35, and each unit is connected via a bus 36. The control unit 31, the operation unit 32, the storage unit 33, the display unit 34, and the communication unit 35 are the same as and different from the control unit 21, the operation unit 22, the storage unit 23, the display unit 24, and the communication unit 25 of the PC 20A, respectively. The part will be mainly described.

  The control unit 31 includes a notification unit 31a. The control unit 31 causes the print destination (for example, the MFP 10A) to print the received print job data based on a second print job reception program described later, and stores the received confidential print data in the storage unit 33. Further, the control unit 31 erases the confidential print data printed by all recipients in response to access to the confidential print data stored in the storage unit 33 based on an access confirmation mail transmission program described later. Create an access confirmation email. The notification unit 31a transmits an access confirmation mail to the sender (for example, the PC 20A). Further, the control unit 31 transmits the confidential print job data information stored in the storage unit 33 and the confidential print data to the request source based on the requests from the MFPs 10A and 10B.

  The storage unit 33 is configured by an HDD or the like, stores various print data, and has a confidential BOX for storing confidential print data. The storage unit 33 stores the access history information in association with the confidential print data.

  The authentication server 40 includes a control unit 41, an operation unit 42, a storage unit 43, a display unit 44, and a communication unit 45, and each unit is connected via a bus 46. The control unit 41, the operation unit 42, the storage unit 43, the display unit 44, and the communication unit 45 are the same as and different from the control unit 21, the operation unit 22, the storage unit 23, the display unit 24, and the communication unit 25 of the PC 20A, respectively. The part will be mainly described.

  In the present embodiment, the control unit 41 performs login authentication based on an authentication request having a user ID and a password received from the MFPs 10A and 10B and the PCs 20A and 20B as login terminals, and determines whether or not the login authentication is successful. Sends the indicated information to the request source. In addition, the control unit 41 transmits user information to the request source in response to a user information request received from the PCs 20A and 20B. In response to a feature data request for the finger vein information of the logged-in user, the control unit 41 transmits the feature data to the request source.

  The storage unit 43 is configured by an HDD or the like, and stores a user ID, a password, and user information as a database that can be registered.

  The PCs 20A and 20B are the same as those in the first embodiment. In the present embodiment, the control unit 21 sets the confidential print recipient and the necessity of the access confirmation mail based on a second confidential print job input program described later, and sets the confidential print job data to the printing destination ( For example, it is transmitted to the MFP 10A).

  MFPs 10A and 10B are the same as those in the first embodiment. In the present embodiment, the control unit 11 authenticates the recipient based on a second confidential print data access program to be described later, and accesses the confidential print data stored in the storage unit 13 by the authenticated recipient. The access history information is generated and transmitted to the print server 30 according to the access.

  Next, the operation of the confidential printing system 200 will be described with reference to FIGS. First, the operation in the PCs 20A and 20B will be described. The operation of the PC 20A will be described as a representative, but the operation of the PC 20B is the same.

  With reference to FIG. 13, the second confidential print job input process executed in the PC 20A will be described. FIG. 13 shows the flow of the second confidential print job input process executed in the PC 20A.

  The second confidential print job submission process is a process for transmitting confidential print job data to the print server 30. For example, when the execution instruction of the second confidential print job input process is input from the user (sender) through the operation unit 22, the control unit 21 reads out the data from the storage unit 23 and expands it in the RAM. The second confidential print job submission process is executed in cooperation with the second confidential print job submission program and the CPU.

  First, an input of a user ID and password from the user is received by the operation unit 12, login authentication is performed based on the user ID and password, and it is determined whether or not the login is successful (step S41). Specifically, the input user ID and password are transmitted to the authentication server 40 via the communication unit 25 and the communication network N. The authentication server 40 performs login authentication using the received user ID and password, and transmits login authentication result information to the PC 20A. In the PC 20A, it is determined whether or not the login is successful based on the received authentication result information.

  When login authentication fails (step S41; NO), the process proceeds to step S41. If the login authentication is successful (step S41; YES), step S42 is executed. Step S42 is the same as step S1 of the first confidential print job input process. Then, the user information registered in the authentication server 40 is received and acquired via the communication network N and the communication unit 25 (step S43). User information is a list of registered user IDs.

  Then, the confidential print setting screen is displayed on the display unit 24 using the user information acquired in step S43 (step S44). In the confidential print setting screen, candidates for the recipient's user ID are acquired from the user information, and a list thereof is included. Others are the same as step S2 of the first confidential print job input process.

  Then, input of confidential printing setting information from the sender based on the confidential printing setting screen is accepted via the operation unit 22 (step S45). At this time, the sender can easily select and input a recipient from a list of candidate user IDs. The recipient password is a password managed by the authentication server 40 and is not set here. However, a new password may be set for each confidential print job. Others are the same as step S3 of the first confidential print job input process. Step S46 is the same as step S4 of the first confidential print job input process.

  When the input of the confidential print setting information is completed (step S46; YES), the confidential print data, the general print setting information, and the confidential print setting information are transferred as confidential print job data to the print server 30 via the communication unit 25 and the communication network N. In step S47, the second confidential print job submission process is completed.

  Next, the operation of the print server 30 will be described. With reference to FIG. 14, the second print job reception process executed in the print server 30 will be described. FIG. 14 shows a flow of second print job reception processing executed in the print server 30.

  The second print job reception process is a process for performing normal print job data reception and printing, and confidential print job data reception, storage, and confidential print setting. For example, triggered by the start of reception of print job data from a transmission source (for example, PC 20A) via the communication network N and the communication unit 35, the control unit 31 reads the print job data from the storage unit 33 and stores it in the RAM. A second print job reception process is executed in cooperation with the developed second print job reception program and the CPU.

  First, it is determined whether or not reception of print job data has been completed (step S51). If the print job data has not been received (step S51; NO), the process proceeds to step S51. When the reception of the print job data is completed (step S51; YES), it is determined whether or not the received print job data is a confidential print job (step S52).

  If it is a confidential print job (step S52; YES), the confidential print data of the confidential print job data is rasterized and stored in the confidential BOX of the storage unit 33 (step S53). The confidential print data may be stored in the confidential BOX as PDL data.

  Then, various settings for confidential printing are executed (stored) based on the print setting information of the confidential print job data (step S54), and the second print job reception process ends. If the print job is not a confidential print job (step S52; NO), the received print job data is transmitted to the print destination (for example, MFP 10A) via the communication unit 35 and the communication network N and printed (step S55). The print job reception process ends. When step S55 is executed, for example, in the MFP 10A, print job data is received and printed by the printing unit 19.

  Next, a second confidential print data access process executed in the MFP 10A will be described with reference to FIG. The operation of the MFP 10A will be described as a representative, but the operation of the MFP 10B is the same. FIG. 15 shows the flow of the second confidential print data access process executed in the MFP 10A.

  The second confidential print data access process is a process for performing various accesses to the confidential print data stored in the storage unit 13 in accordance with the logged-in user. For example, the control unit 11 uses the second confidential print data access program read from the ROM and expanded in the RAM as triggered by the input of the execution start of the login printing process from the user via the operation unit 12. A second confidential print data access process is executed in cooperation with the CPU.

  First, input of a user ID and password from the user is received by the operation unit 12, login authentication is performed based on the user ID and password, and it is determined whether or not the login is successful (step S61). Specifically, the input user ID and password are transmitted to the authentication server 40 via the communication unit 18 and the communication network N. The authentication server 40 performs login authentication using the received user ID and password, and transmits login authentication result information to the MFP 10A. In MFP 10A, based on the received authentication result information, it is determined whether or not the login is successful.

  Then, print job data information corresponding to the login user stored in the print server 30 is requested to the print server 30 via the communication unit 35 and the communication network N, and the information is received and acquired (step S62). ). In response to receiving a request for print job data information corresponding to the logged-in user, the print server 30 transmits print job data information corresponding to the logged-in user stored in the storage unit 33 to the MFP 10A. The print job data information includes the data name of each print job data corresponding to the logged-in user stored in the storage unit 33, information about whether the print job data is confidential, access history information, confidential setting information, and the like. Information.

  Then, the print job data information corresponding to the login user acquired in step S62 is referred to, and it is determined whether or not the confidential print data of the login user is stored in the confidential BOX of the print server 30 (step S63). If there is confidential print data (step S63; YES), a confidential print confirmation screen is generated from the print job data information corresponding to the login user acquired in step S62 and displayed on the display unit 14, and the operation unit 12 allows the user to The selection confirmation input of the confidential print data is accepted (step S64). The confidential printing confirmation screen includes, for example, a list of data names of confidential printing data. In response to the confidential print confirmation screen, the data name of the confidential print data to be printed is selected, and after the type of access such as printing and display is input, the selection is confirmed by pressing the OK button.

  Step S65 is the same as step S24 of the first confidential print data access process. When access is instructed (step S65; YES), the selected confidential print data is requested to the print server 30 via the communication unit 18 and the communication network N, and the confidential print data is received from the print server 30. It is stored in the storage unit 13. (Step S66). In response to the reception of the request for the confidential print data information, the print server 30 transmits the confidential print data stored in the storage unit 33 to the MFP 10A.

  Steps S67 to S70 are the same as steps S25 to S28 of the first confidential print data access process. The feature point information of the finger vein data used for finger vein authentication may be registered in advance in the MFP 10A. The feature server stores and manages the feature point information and transmits it to the request source if requested. It is good also as a structure.

  When the access is completed (step S70; YES), the access history information for the accessed confidential print data received in step S62 is updated according to the access execution result of the login user (step S71). Then, the accessed confidential print data is erased from the storage unit 13 (step S72). At this time, the fact that the confidential print data is deleted is added to the access history information. Then, the log-in input from the login user is received by the operation unit 12, and it is determined whether or not the log-in user logs off (step S73). When not logging off (step S73; NO), the process proceeds to step S63. When the authentication fails (step S68; NO), the process proceeds to step S72.

  When there is no confidential print data (step S63; NO), or when access to the confidential print data is not instructed (step S65; NO), normal processing such as normal printing and copying is executed (step S74). The process proceeds to step S73.

  When the logoff is performed (step S73; YES), the access history information is transmitted to the print server 30 via the communication unit 18 and the communication network N (step S75), and the second confidential print data access process is terminated.

  Next, an access confirmation mail transmission process executed in the print server 30 will be described with reference to FIG. FIG. 16 shows a flow of access confirmation mail transmission processing executed in the print server 30.

  The access confirmation mail transmission process is a process for generating an access confirmation mail based on the access history information and transmitting it to the sender (for example, the PC 20A). For example, in response to step S75, the access read from the ROM and expanded in the RAM in the control unit 31 is triggered by the access history information received from the MFP 10A via the communication network N and the communication unit 35. Access confirmation mail transmission processing is executed in cooperation with the confirmation mail transmission program and the CPU.

  First, the access history information stored in the storage unit 33 is updated based on the received access history information, and all the confidential print data that has been accessed based on the access history information is designated by the transmission source. It is determined whether or not the recipient has executed printing (step S81).

  If all recipients have performed printing (step S81; YES), the confidential print data that has been printed by all recipients is deleted from the storage unit 33 (step S32). At this time, the fact that the confidential print data is to be deleted is added to the access history information in the storage unit 13. Then, it is determined whether or not an access confirmation instruction is set in the confidential setting information of the confidential print data (step S83). If all recipients have not performed printing (step S81; NO), the process proceeds to step S83.

  When there is an access confirmation instruction (step S83; YES), an access confirmation mail for the confidential print data is generated based on the access history information and the like, and the sender 31a and the communication network N are notified by the notification unit 31a. It is transmitted to a person (its terminal, for example, PC 20A) (step S84), and the access confirmation mail transmission process ends. When there is no access confirmation instruction (step S83; NO), the access confirmation mail transmission process ends.

  As described above, according to the present embodiment, in the PCs 20A and 20B, the sender can easily set notification of information (access confirmation mail) regarding access to the confidential print data stored in the print server 30 through the confidential print setting screen. . Further, it is possible to easily notify the sender of information related to access to confidential print data stored in the print server 30.

  In addition, when there are a plurality of recipients, information regarding access to the confidential print data stored in the print server 30 can be easily notified to the sender for each recipient.

  Further, by repeatedly authenticating the logged-in recipient by the authenticating unit 16 being accessed, leakage of confidential print data can be prevented, and security of the confidential print data being accessed can be improved.

  When all the recipients print, the print server 30 deletes the confidential print data stored in the storage unit 33 and transmits the access confirmation mail to that effect, so that unnecessary confidential print data is deleted. Thus, the security of confidential print data can be improved, and the sender can be notified of the end of printing by all recipients.

  In the present embodiment, the print server 30 generates and transmits an access confirmation mail. However, the present invention is not limited to this. For example, the MFPs 10A and 10B may be configured to generate and transmit an access confirmation mail. Specifically, in the MFPs 10A and 10B, after access, an access confirmation mail is generated based on the access history information and transmitted to the sender (for example, the PC 20A).

(Modification)
Various modifications of the first and second embodiments will be described.

  FIG. 17 shows an internal configuration of the MFP 10a. As shown in FIG. 17, an MFP 10a may be used instead of the MFPs 10A and 10B. The MFP 10a includes a photographing unit 19b in addition to the units of the MFPs 10A and 10B. The photographing unit 19b is a digital surveillance camera that photographs a person who operates the MFP 10a as a subject, and generates and stores image data of a still image or a moving image of the photographed person.

  When the MFP 10a is used, when the confidential print data is accessed, the person to be accessed is photographed to acquire the image data, and when the access confirmation mail is generated, the photographed image data is attached and transmitted to the sender. To do.

  According to this configuration, it is possible to easily identify the person who has accessed the confidential print data from the captured image data, and the security of the confidential print data can be improved.

  Further, in the confidential printing system 200, the confidential print data stored in the confidential BOX of the storage unit 33 of the print server 30 is assumed to have the authority to delete and edit the sender, and the sender 20 logs in the PC 20A by the sender's operation. At least one of confidential print data erasure instruction and edit instruction is transmitted to the print server 30, and the print server 30 stores the confidential information stored in the confidential BOX of the storage unit 33 based on at least one of the received erasure instruction and edit instruction. The print data is deleted, or the stored confidential print data is edited by accessing the print server 30 from the PC 20A. In this case as well, an access confirmation mail may be generated by the print server 30 and transmitted to the sender.

  According to this configuration, the sender can execute at least one of erasure and editing of the confidential print data, and can be operated flexibly. This configuration can also be applied to the confidential printing system 100 in the same manner.

  Further, in the confidential printing system 200, it is assumed that the confidential print data stored in the confidential BOX of the storage unit 33 of the print server 30 has the authority that the sender has permission to transfer and edit the recipient, and the sender PC 20A logged in. , At least one of the transfer permission instruction and the edit permission instruction for the confidential print data to the designated recipient by the operation of the sender is transmitted to the print server 30, and the print server 30 receives at least one of the received transfer permission instruction and the edit permission instruction. On the basis of one, when the designated recipient logs in, the confidential print data stored in the confidential BOX of the storage unit 33 is transferred to another MFP or the like by an operation input from the operation unit 12 by the recipient, or The stored confidential print data is edited. In this case as well, an access confirmation mail may be generated by the print server 30 and transmitted to the sender.

  According to this configuration, the recipient can execute at least one of transfer and editing of the confidential print data, and convenience can be improved. This configuration can also be applied to the confidential printing system 100 in the same manner.

  Further, an application program for automatically processing an access confirmation mail transmitted to the sender may be executed on the PCs 20A and 20B. For example, the confidential print data stored in the MFPs 10A and 10B and the print server 30 may be automatically deleted after a predetermined time from receiving the access confirmation mail. Further, it may be fair to warn at least one of the sender and the recipient after a certain time from receiving the access confirmation mail.

  According to this configuration, it is possible to automate the processing according to the access confirmation mail, and the usability on the sender side and the recipient side can be improved.

  In each of the above embodiments, the notification of access-related information is performed by mail (access confirmation mail). However, the present invention is not limited to this. For example, the confidential print data of the access confirmation information may be generated so that the recipient is the sender and stored in the confidential BOX. The sender can receive the access confirmation information by performing confidential printing. In addition, it is possible to automatically notify the sender of the access confirmation information by voice telephone. Further, the authentication server 40 may be configured to manage the type of notification means in association with the sender, and freely set and register the access confirmation information contact means according to the sender.

  Further, the MFPs 10A and 10B include a printing unit that performs confidential printing on a recording medium in which RFID (Radio Frequency IDentification) to which different identifier information is assigned for each print recording medium such as transfer paper is embedded, and RFID identifier information And a reading unit. During the confidential printing, the RFID identifier information of each recording medium is read, managed in association with the identifier information of the confidential printing data, and notified to the sender. The confidential print data may be output to an information recording medium such as an IC card in which RFID is embedded.

  According to this configuration, it is possible to easily track the distribution destination of the confidential print data or the printed material by the identifier information, and the security of the confidential print data can be improved.

  Further, regarding the above configuration, the sender may specify a trace for the RFID identifier information included in the recording medium. In this configuration, when the MFPs 10A and 10B in the confidential printing system have a function of reading RFID identifier information, and the RFID identifier information is read and recognized, the content of the job performed using the recording medium is the sender. Will be notified. For example, when an image is read or copied from an RFID transfer paper as a recording medium, or when data stored in an IC card as a recording medium is printed, the image reading, copying or printing job is executed. The sender is notified. For identification of the sender from the RFID identifier information, the identifier information of the corresponding confidential print data is specified from the RFID identifier information, and the sender of the confidential print data of the specified identifier information is specified.

  Further, the MFPs 10A and 10B may be configured to be able to perform confidential printing by adding a background pattern, a watermark (electronic watermark), etc. to the confidential print data. However, when the confidential print data is uploaded from the PCs 20A and 20B to the print server 30 as in the second embodiment, there is a difference in the background pattern and watermark that can be handled by the MFP. And adding a watermark. In this case, the MFP 10A, 10B may take a log indicating what kind of copy-forgery-inhibited pattern or watermark is printed during confidential printing, add the log information to the access confirmation information (access confirmation mail), and notify the sender.

Further, if a background pattern or watermark that satisfies the security level required by the sender cannot be added to the background pattern or watermark, transmission of confidential print data to the MFPs 10A and 10B is stopped, and a message to that effect is displayed on the display unit 14. It is good. An example of the watermark security level is given below.
Upper level: The recipient ID, printing time, and MFP ID are included in the watermark, and copy suppression characters are included in the background pattern.
Medium: The recipient ID, printing time, and MFP ID copy suppression characters are included in the watermark or background pattern.
・ Lower: Include copy suppression characters in the watermark or background pattern.

  According to this configuration, by printing the background pattern and watermark as additional print information together with the confidential print data, the security of the confidential print data can be improved, and the distribution destination of the printed matter of the confidential print data can be easily traced. It is possible to easily identify a confidential printing device for which printing information is permitted. Further, it is possible to notify the sender whether or not the printing of the additional print information is permitted by the confidential printing apparatus.

  Further, the access history information (access confirmation mail) may include the history information when the finger vein authentication during access fails and the access is interrupted.

  The description in each of the above embodiments is an example of a suitable confidential printing apparatus and confidential printing system according to the present invention, and the present invention is not limited to this. Further, the detailed configuration and detailed operation of each part constituting the confidential printing system in the above embodiment can be changed as appropriate without departing from the spirit of the present invention. Moreover, it is good also as combining suitably the at least 2 structure of said each embodiment and each modification.

1 is a block diagram illustrating a configuration of a confidential printing system 100. FIG. 2 is a block diagram showing an internal configuration of MFP 10A. FIG. It is a block diagram which shows the internal structure of PC20A. 4 is a flowchart showing a first confidential print job input process executed in the PC 20A. It is a figure which shows the confidential printing setting screen 24a. 3 is a flowchart illustrating first print job reception processing executed in MFP 10A. It is a flowchart which shows a 1st confidential printing data access process. (A) is a figure which shows the structure of the confidential printing confirmation screen 14a. (B) is a figure which shows the structure of the authentication confirmation screen 14b. 4 is a diagram showing a configuration of an access confirmation mail M. FIG. It is a block diagram which shows the structure of the confidential printing system 200 of this Embodiment. 2 is a block diagram illustrating an internal configuration of a print server 30. FIG. 2 is a block diagram showing an internal configuration of an authentication server 40. FIG. 10 is a flowchart showing a second confidential print job input process executed in the PC 20A. 4 is a flowchart illustrating a second print job reception process executed in the print server 30. 10 is a flowchart showing a second confidential print data access process executed in MFP 10A. 4 is a flowchart showing access confirmation mail transmission processing executed in the print server 30. 2 is a block diagram illustrating an internal configuration of the MFP 10a. FIG.

Explanation of symbols

100, 200 Confidential printing system 10A, 10B, 10a MFP
DESCRIPTION OF SYMBOLS 11 Control part 12 Operation part 13 Storage part 14 Display part 15 Memory 16 Authentication part 17 Image reading part 18 Communication part 19 Printing part 19a Bus | bath 19b Imaging | photography part 20A, 20B PC
21 control unit 22 operation unit 23 storage unit 24 display unit 25 communication unit 26 bus 30 print server 31 control unit 32 operation unit 33 storage unit 34 display unit 35 communication unit 36 bus 40 authentication server 41 control unit 42 operation unit 43 storage unit 44 Display unit 45 Communication unit 46 Bus N Communication network

Claims (19)

A confidential printing device having a storage unit for storing confidential print data, and printing the confidential print data;
An operation device that is communicatively connected to the confidential printing device and receives an operation input,
The operating device is:
A display unit for displaying a notification setting screen regarding access to confidential print data stored in the storage unit;
An operation unit that accepts a setting input for notification regarding the access;
Instructing the confidential printing apparatus to notify the sender of the confidential print data of the information regarding the access when the confidential print data stored in the storage unit is accessed when the notification regarding the access is set. And a secret printing system, comprising: A storage unit for storing confidential print data;
A first authentication unit for performing user authentication;
When the recipient of the printed matter of the confidential print data authenticated by the first authentication unit is allowed to access the confidential print data, the access is performed when the recipient performs access to the confidential print data. A control unit that generates information about
A confidential printing apparatus, comprising: a notification unit that notifies the sender of the confidential printing data of the generated access information. The recipient is plural,
The confidential printing apparatus according to claim 2, wherein the control unit transmits, to the sender, information related to access to the confidential print data of each recipient who has logged out when the recipient logs out.   4. The confidential printing apparatus according to claim 2, further comprising a second authentication unit that repeatedly authenticates a recipient who has instructed execution of the access during access to the confidential print data. 5. The control unit determines whether or not printing of all recipients permitted to access the confidential print data is finished. When the printing of all recipients is finished, the control unit The confidential print data that has been executed is deleted from the storage unit,
5. The confidential printing apparatus according to claim 2, wherein the notification unit notifies the sender that the confidential printing data is to be deleted. 6.   6. The confidential information according to claim 2, wherein the control unit executes at least one of erasure and editing of the stored confidential print data based on an instruction from the sender. Printing device.   7. The control unit according to claim 2, wherein the control unit permits the recipient to transfer at least one of the stored confidential print data and edit based on the instruction of the sender. The confidential printing device described. A photographing unit for photographing an operating user and generating image data;
The confidential printing apparatus according to claim 2, wherein the notification unit transmits the information related to the access to the sender together with the image data of the photographed user. An identifier reading unit that reads the identifier of the print recording medium on which the confidential print data is printed or the information storage medium on which the confidential print data is stored, and acquires identifier information;
The confidential printing apparatus according to claim 2, wherein the notification unit notifies the sender of the read identifier information. A confidential printing device for performing confidential printing;
An operation device that is connected to the confidential printing device and receives an operation input of the sender of the confidential printing data;
An authentication server that communicates with the confidential printing device and authenticates a user who operates the confidential printing device;
A print server that is communicatively connected to the confidential printing device and the operation device, and causes the confidential printing device to print confidential print data received from the operation device,
The print server includes a storage unit that stores confidential print data received from the operation device;
Based on the sender's instruction from the operation device, the recipient of the printed matter of the confidential print data authenticated by the authentication server is allowed to access the confidential print data, and the recipient receives the confidential print data. A control unit that generates information about the access when the access is executed;
A confidential printing system comprising: a notification unit that notifies the sender of information relating to the generated access. The recipient is plural,
11. The confidential printing system according to claim 10, wherein when the recipient logs out, the control unit notifies the sender of information related to access to the confidential print data of each recipient who has logged out.   12. The confidential printing system according to claim 10 or 11, further comprising: an authentication unit that repeatedly authenticates a recipient who has instructed to execute the access during access to the confidential print data. . The control unit determines whether or not printing of all recipients permitted to access the confidential print data is finished. When the printing of all recipients is finished, the control unit The confidential print data that has been executed is deleted from the storage unit,
The confidential printing system according to any one of claims 10 to 12, wherein the notification unit notifies the sender that the confidential print data is to be deleted.   14. The control unit according to claim 10, wherein the controller executes at least one of erasure and editing of the stored confidential print data based on an instruction from the sender from the operation device. The confidential printing system described in the section.   15. The control unit according to claim 10, wherein the controller permits the recipient to transfer and edit at least one of the stored confidential print data based on an instruction from the sender from the operation device. The confidential printing system according to any one of the above. The confidential printing apparatus includes a photographing unit that photographs a user to operate,
The confidential printing system according to any one of claims 10 to 15, wherein the notification unit notifies the sender of information related to the access together with the photographed user image data. The confidential printing apparatus includes an identifier reading unit that reads an identifier of a recording medium to be printed and acquires identifier information.
The confidential printing system according to any one of claims 10 to 16, wherein the notification unit notifies the sender of the read identifier information.   The control unit can print the additional print information when the confidential print data is transmitted from the operation device to the print server together with additional print information for performing additional printing on the confidential print data. The confidential printing system according to claim 10, wherein confidential printing is permitted.   19. The confidential printing system according to claim 18, wherein the notification unit notifies the sender whether or not printing of the additional print information by the control unit is permitted by a confidential printing apparatus.

Images