[go: up one dir, main page]

WO2019216989A1 - Instruction files in image rendering devices - Google Patents

Instruction files in image rendering devices Download PDF

Info

Publication number
WO2019216989A1
WO2019216989A1 PCT/US2019/022406 US2019022406W WO2019216989A1 WO 2019216989 A1 WO2019216989 A1 WO 2019216989A1 US 2019022406 W US2019022406 W US 2019022406W WO 2019216989 A1 WO2019216989 A1 WO 2019216989A1
Authority
WO
WIPO (PCT)
Prior art keywords
image rendering
instruction
rendering device
toe
user identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2019/022406
Other languages
French (fr)
Inventor
Puranjaya PRADHAN
Rajakishore SAHU
Mahendra SANNAGONAPPLA PAMPANNA
Gopesh BHARDWAJ
ASGHAR, Md
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Publication of WO2019216989A1 publication Critical patent/WO2019216989A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • G06F21/608Secure printing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/12Digital output to print unit, e.g. line printer, chain printer
    • G06F3/1201Dedicated interfaces to print systems
    • G06F3/1202Dedicated interfaces to print systems specifically adapted to achieve a particular effect
    • G06F3/1222Increasing security of the print job
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/12Digital output to print unit, e.g. line printer, chain printer
    • G06F3/1201Dedicated interfaces to print systems
    • G06F3/1223Dedicated interfaces to print systems specifically adapted to use a particular technique
    • G06F3/1237Print job management
    • G06F3/1238Secure printing, e.g. user identification, user rights for device usage, unallowed content, blanking portions or fields of a page, releasing held jobs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/12Digital output to print unit, e.g. line printer, chain printer
    • G06F3/1201Dedicated interfaces to print systems
    • G06F3/1278Dedicated interfaces to print systems specifically adapted to adopt a particular infrastructure
    • G06F3/1285Remote printer device, e.g. being remote from client or server
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/12Digital output to print unit, e.g. line printer, chain printer
    • G06F3/1201Dedicated interfaces to print systems
    • G06F3/1202Dedicated interfaces to print systems specifically adapted to achieve a particular effect
    • G06F3/1203Improving or facilitating administration, e.g. print management

Definitions

  • Image rendering devices such as printers and photocopying devices render content onto media.
  • An image rendering device may receive a print command from a user and execute the print command to render the content on a medium.
  • the image rendering device may be implemented in a network environment where multiple users connect to toe image rendering device over a network.
  • an administrative authority may define rights for the users, such that toe image rendering device may execute a print command from a user in accordance with the defined rights for toe user.
  • Figure 1 illustrates a secure printing environment, in accordance with an example of the present subject matter
  • Figure 2 illustrates an image rendering device, in accordance with an example of the present subject matter
  • Figure 3 illustrates an image rendering device, in accordance with an example of the present subject matter
  • Figure 4 illustrates a method to control execution of instruction files by an image rendering device, in accordance with an example of the present subject rhatten
  • Figure 5 illustrates a method to control execution of instruction files by an image rendering device, in accordance with an example of the present subject matter
  • Figure 6 illustrates a computing environment implementing a non- transitory computer-readable medium for controlling execution of instruction files in an image rendering device, according to an example of toe present subject matter.
  • a user may provide a (Mint command to an image rendering device, such as a printer or a photocopier, through a user device.
  • a print driver on the user device interfaces the user device to the image rendering device.
  • the print driver allows toe user to select toe various settings and options for execution of the print command and accordingly sends toe print command to the image rendering device to print toe data.
  • the print command comprises various details, such as a user name of the user initiating the print command; various instructions, such as instructions for printing on one side or both sides of a page, instructions for printing in color or monochrome; along with data to be printed.
  • multiple users may be registered with an image rendering device, such that the registered users alone may use the image rendering device.
  • each user may have defined rights and may use toe image rendering device in accordance with their respective rights.
  • a user may have a right for color printing as well as monochrome printing while another user may have a right for printing in monochrome alone.
  • the rights may define a volume of data that a user may print in a session. For instance, a user may be allowed to print data on a predefined number of sheets of paper.
  • the image rendering device executes print commands in accordance with toe rights of the users to prevent instances of unauthorized use of the image rendering device. For example, if the image rendering device assesses that a user 'ABC' does not have the rights for color printing, toe image rendering device may not execute a print command having instruction for color printing from toe user 'ABC' to prevent unauthorized color printing.
  • a malicious user may, however, breach the security of toe secure printing environment, for instance, by emulating another user who is authorized with rights which are denied to the malicious user. For instance, the malicious user may use a print driver on a user device to generate a pint command having a user identifier, such as a username of the authorized user. For the purpose* the malicious user may create an instruction file, such as a‘print to file’ type of instruction file to generate the print command.
  • an instruction file generated by a user indudes the username of the user.
  • the malicious user may edit the instruction file to replace his username with the username of the authorized user to tircumvent restrictions that may be assodated with his rights. Since the Image rendering device executes the print command based on foe rights assodated with the username in the instruction file, the malicious user may use the image rendering device in accordance with the rights afforded to the authorized user. In such scenarios, the authorized user may not be aware of the illegitimate use of his username by tire malicious user.
  • Example techniques to control execution of instruction files by image rendering devices for preventing unauthorized use of the image rendering devices are described.
  • Example techniques described herein provide for notifying a user erf a print command initiated using toe user’s user identifier in an instruction file. Accordingly, the user may be made aware of the use of his user identifier by a malicious user.
  • an instruction file comprising data to be printed and instructions for printing the data is received at an image rendering device.
  • the image rendering device determines a user identifier specified in the instruction file and retrieves a contact identity corresponding to the determined user identifier. Thereafter, a notification is sent to the retrieved contact identity. The notification is indicative of a pint command associated with the determined user identifier being initiated.
  • toe notification may serve as an alert to the authorized user.
  • Figure 1 shows a secure printing environment 100 implementing an image rendering device 102, according to an example of toe present subject matter.
  • the image rendering device 102 may include, printers, photocopier, and any other electronic devices that may execute print commands to print data based on instruction files.
  • toe image rendering device 102 may be accessed by multiple users through their respective user devices 104-1, 104-2,..,, 104-n.
  • Examples of the user devices 104-1, 104-2 » ⁇ ' * > 104-n may include, but are not limited to, an electronic device, such as a desktop computer, a laptop, a smartphone, a personal digital assistant (PDAs), and a tablet that may allow a user to a provide a print command to toe image rendering device 102.
  • Users may be registered with the image rendering device 102 to enable them to use the image rendering device 102. Further, access control rights may be defined for each of toe users, accordingly which the users can use the image rendering device 102.
  • the user devices 104-1, 104-2,..., 104-n may each include a [Mint driver 106-1, 106-2 * » * * » 106-n, respectively, to interface toe user devices 104-1, 104-2i» ⁇ # 104-n with toe image rendering device 102.
  • toe user devices 104-1, 104-2 104-n may communicate with toe image rendering device 102 over a network 108 to provide toe print command to toe image rendering device 102.
  • the network 108 may be a single network or a combination of multiple networks and may use a variety of different communication protocols.
  • the network 108 may be a wireless or a wired network, or a combination thereof. Examples of such individual networks include, but are not limited to, Global System for Mobile Communication (GSM) network, Universal Mobile telecommunications System (UMTS) network, Personal Communications Service (PCS) network, Time Division Multiple Access (TDMA) network, Code
  • GSM Global System for Mobile Communication
  • UMTS Universal Mobile telecommunications System
  • CDMA Code Division Multiple Access
  • NON Next Generation Network
  • PSTN Public Switched Telephone Network
  • the communication network 108 includes various network entities, such as gateways, routers; however, such details have been omitted for sake of brevity of the present description.
  • a user device such as the user device 104-1 may provide a print command for executing an instruction file to the image rendering device 102.
  • the instruction file may be understood as a type of file which can be read by the image rendering device 102 and may be executed by the image rendering device 102 to print data, included in the instruction file.
  • the instruction file comprises instructions for printing the data and a user identifier.
  • the user identifier captured in the instruction file may be associated with a user of a user device, such as the user device 104-1.
  • a user may generate an instruction file for various purposes. For example, in cases where a user has to print a given data at multiple instances following a set of instructions, such as applying a given page layout settings or a color setting, the user may create an instruction file comprising the data and the set of instructions at foe first instance and may execute the instruction file for printing at multiple future instances.
  • the first user may create and share an instruction file which may enable the second user to print the data contained within toe instruction file.
  • An instruction file may be generated by a user using a print driver installed in a user device, such the print driver 106-1 installed in toe user device 104-1.
  • the user may provide, to tee print driver 106-1 , the data to be printed and instructions for printing tee data.
  • the user may provide tee data to tee print driver 106-1 through a print command interface of the of the print driver 106-1.
  • the instructions may define, for example, a number of sheets to be printed and a layout for the data to be printed.
  • the instructions may also define if tee data is to be printed in monochrome or color.
  • Hie user may thereafter utilize a‘print to file’ option provided by the print driver to create tee instruction file.
  • types of instmction files include, but not limited to, a pm file, a rti file, a gra file, and a pit file.
  • the instruction file generated by the print driver may be sent to the image rendering device 102 for printing or may be stored in tee user device, for example, for printing at a later instance of time.
  • the instruction file and a print command to print the instruction file may be sent to tee image rendering device 102.
  • a print engine 110 of tee image rendering device 102 receives the instmction file.
  • a security engine 112 erf the image rendering device 102 determines a user identifier included in the instruction file and retrieves a contact identity associated with the user identifier.
  • the contact identity associated with the user identifier may be retrieved by accessing a directory 114, comprising information regarding users registered with tee image rendering device 102, that may be present in the secure printing environment 100.
  • the directory 114 may be accessible over tee network 108 in an implementation.
  • the security engine 112 transmits a notification to the contact identity associated with the user identifier.
  • the notification may indicate teat a print command has been initiated.
  • a user receiving a notification despite not having initiated a print command may be a réelled.
  • tee notification may atert tee authorized user.
  • Figure 2 shows the image rendering device 102, according to another example of the present subject matter.
  • tee print engine 110 of the image rendering device 102 receives an instruction file.
  • the instruction file comprises a user identifier.
  • the security engine 112 of tee image rendering device 102 retrieves a contact identity associated with the user identifier to provide tee notification to tee contact identity.
  • the contact identity associated with tee user identifier may be an email address, an instant messenger identifier, a mobile number, a pager number of any other contact number or address which may be used to communicate with a user corresponding to the user identifier.
  • the notification may comprise a password.
  • the security engine 112 transmits a password to the retrieved contact identity associated with the user identifier.
  • the image rendering 102 may allow printing of data in the instruction file upon a user entering the password.
  • the password is transmitted to tee retrieved contact identity which corresponds to the user identifier within tee instruction file.
  • a malicious user who may have included the user identifier of the authorized user is prevented from obtaining tee printed data since he is not tee recipient of tee password.
  • the authorized user receives tee password on his contact identity.
  • the authorized user may enter tee password in the image rendering 102 to enable the security engine 112 to allow printing of data.
  • Figures 3 illustrates an image rendering device 102, in accordance with another example of the present subject matter.
  • the image rendering device 102 includes and a memory 302, interface ⁇ ) 304, and engine(s) 306.
  • the memory 302 may include any computer-readable medium including, for example, volatile memory (e.g., RAM), and/or non-volatile memory (e.g., EPROM, flash memory, etc.).
  • the interface 304 may include a variety of software and hardware interfaces that allow toe image rendering device 102 to interact with other devices, such as the user devices 104-1, 104-2. 104-n or other input/output (I/O) devices that may be used to provide inputs, such as credentials, passwords, print selection to the image rendering device 102.
  • I/O input/output
  • the engine(s) 306 may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement certain functionalities of the engine(s) 306, such as transmitting a password and executing an instruction in response to receiving the password.
  • programming for example, programmable instructions
  • the programming ter the engine(s) 306 may be processor executable instiuctions stored on a non- transitory machine-readable storage medium and the hardware for the engine(s) 306 may include a processing resource (for example, implemented as either a single processor or a combination of multiple processors), to execute such instructions.
  • the machine-readable storage medium may store instructions that, when executed by the processing resource, implement engine(s) 306.
  • toe image rendering device 102 may include toe machine-readable storage medium storing toe instructions and the processing resource to execute toe instructions, or the machine-readable storage medium may be separate but accessible to image rendering device 102 and the processing resource, in other examples, engine(s) 306 may be implemented by electronic circuitry.
  • the englne(s) 306 may also comprise other engine(s) 310 that supplement functions of toe image rendering device 102.
  • the data 308 serves, amongst other things, as a repository for storing data that may be fetched, processed, received, or generated by the engine(s) 306.
  • the data 308 comprises other data 312 corresponding to the other engine(s) 310.
  • toe data 308 of the image rendering device 102 also comprises instruction file data 314, user data 316 and user rights data 316*.
  • the other data 318 may store foe data pertaining to foe other engine(s) 310.
  • the print engine 110 receives an instruction file for execution.
  • the instruction file may be saved in foe instruction file data 314, for instance, for printing at a later instance of time.
  • foe printing may be deferred until such time that a password is received by the image rendering device 102.
  • a security engine 112 of the image rendering device 102 determines foe use identifier within foe instruction file and retrieves a contact identity associated with determined user identifier.
  • contact identity may be retrieved from user data 316.
  • a contact identity such as, an email address, an instant messenger identifier, or a mobile number of a user may be captured against a user identifier during registration of foe user with the image rendering device 102 and may he stored as foe user data 316.
  • contact identities corresponding to each of the user identifier may be stored In external data store 320 such as foe above- mentioned directory 114.
  • the security engine 112 may communicate with the data store 320 to retrieve the contact identity for foe user identifier.
  • the security engine 112 may communicate with foe data store 320 using a lightweight directory access protocol (LDAP).
  • LDAP lightweight directory access protocol
  • the security engine 112 Upon determining the contact identity of the user Identifier, the security engine 112 transmits a notification to foe contact identity.
  • the notification may comprise information, such as number of sheets to be printed, whether the printing Is to be done in color or monochrome.
  • foe notification may comprise a message, for example,‘[instruction file name ⁇ comprising‘n’ pages received for color printing'.
  • foe notification may comprise the details about number of copies of foe data is to be printed.
  • the notification which is transmitted to foe contact identity of the user Identifier may include a password corresponding to foe instruction file generated by foe user.
  • the notification may include the password in addition to the message while in another example, toe notification may include a password alone without toe message.
  • the transmitted password may be a onetime password (OTP).
  • OTP may be composed of numerals, characters, special characters or a combination thereof.
  • toe OTP may be stored temporarily in user data 316.
  • the notification transmitted to the contact identity may not indude the password, such as the OTP.
  • the notification may include a prompt for user to enter a password for executing the instruction file to print the data.
  • toe prompt to enter the password may accompany or be independent of the above explained message.
  • the password may be a registered password, that may be used multiple times in contrast to the OTP that may be rendered obsolete after one use.
  • the registered password may be assigned to a user during registering his user identifier with the image rendering device 102 and may be stored in user data 316.
  • the registered password allotted to toe user during the registration may be stored in an external location that is accessible to toe image rendering device 102.
  • toe registered password may be stored in the data store 320.
  • the user may retrieve the same from his contact identity.
  • the contact identity is an email address
  • the password is transmitted to the email address
  • the contact identity is a mobile number
  • the password may be transmitted to the mobile number and so on.
  • the password may be sent to both the email address and the mobile number corresponding to the user identifier.
  • user may access the password transmitted to his contact identity and may provide the password, such as the OTP to the image rendering device 102 via the interface 304 of the image rendering device 102.
  • the user may provide the password, such as the registered password to the image rendering device 102 via the interface 304 of the image rendering device 102.
  • the security engine 112 upon receiving the password, matches the received password with the password stored in toe user data 316 and in case of successful matching, executes the instruction to print the data. If toe user inputs a password which is different from the password transmitted to his contact identity or assigned to him during registration, and the password received by the image rendering device 102, the password in the user data 316 do not match and the security engine 112 may not execute the instruction to print the data, in an example, an administrator of toe image rendering device 102 may be notified in such a case.
  • toe notification is provided to the user identifier mentioned in the instruction file
  • the authorized user may be made aware of an attempt to print an instruction file using his user identifier.
  • printing toe instruction file based on receipt of toe password also prohibits unauthorized use of toe image rendering device 102.
  • Further examples describe implementations that enable use of the image rendering device 102 in accordance with toe access control rights assigned to the users to use the image rendering device 1(32.
  • users may be assigned access control rights to use the image rendering device 102.
  • the access control rights assigned to the users may be associated with the respective user identifier and the corresponding access control rights may be stored in the data store 320 as rights data 322.
  • the access control rights may define the terms and conditions for a user identifier for using the image rendering device 102.
  • toe access control rights may be stored in toe user rights data 316' within the data 308 of toe image rendering device 102.
  • a right for a first user identifier may define that toe first user identifier may execute print commands for odor printing.
  • a right for a second user identifier may define that toe second user identifier is not allowed to execute print commands for color printing.
  • a secure color print list may be implemented to define which of the users In the secure printing environment 100 may use toe image rendering device 102 for color printing based on their assigned access control rights.
  • the secure color print list may be stored in the rights data 322 that may be maintained in toe data store 320.
  • toe secure color pint list may be stored in the user rights data 316*
  • the security engine 112 may communicate with the data store 320 to analyze the rights data 322 to determine the access control rights defined for the user identifier to provide for further execution of toe print command in accordance with the access control righto.
  • the security engine 112 may assess whether the user identifier‘A * is enabled for executing print commands for color printing based on the access control rights. In an example, the security engine 112 may look-up the secure color print list to assess whether the user identifier is allowed for executing print commands for color printing. If the security engine 112 assess that the user identifier W is enabled for executing print commands for color printing, the security engine 112 transmits a password * ac9542’ to the contact identity associated with the user identifier * A ⁇ for example, an email address corresponding to the user identifier‘A’.
  • the user corresponding to the user identifier ⁇ ’ may access toe password on his email and may enter the password ‘ac9542‘ in the image rendering device 102.
  • the security engine 112 verifies the password‘ac9542’ and executes the instruction file to pint the data in color if the password is correct. However, if the password is incorrect, the security engine 112 may, In an example, discard the instruction file.
  • the Instruction file may be stored for printing in monochrome.
  • an administrator of foe image rendering device 102 may be notified about the user identifier W initiating a color printing while not having foe corresponding access control rights,
  • the example implementations may also enable use of the image rendering device 102 for controlling amount of data that may be printed by foe users.
  • a malicious user who may wish to avoid a print command for printing data, for instance, that may be large in volume or large in terms of the numbers of copies of the data to be made, to be associated with his user identifier, may create an instruction file containing the data. Accordingly, the malicious user may replace the user identifier within the instruction file with a user identifier of another user. However, upon receipt of foe instruction file, the security engine 112 may send a notification to foe user identifier included in the instruction file.
  • the notification may alert the user corresponding to the user identifier of the attempt to execute the instruction file, in another example, a notification may also be sent to an administrator of foe image rendering device 102 to alert the administrator when a number of sheets of medium to be printed is more than a threshold or more than what is allowed for foe user identifier within foe instruction file.
  • Figure 4 illustrates a method 400 for executing an instruction file by an image rendering device, according to an example of the present subject matter.
  • the method 400 and may be implemented in a variety of image rendering device, for foe ease of explanation, foe present description of the example method 400 to control the execution of print command is provided in reference to the above-described image rendering device 102 implemented in foe secure printing environment 100.
  • blocks of the method 400 may be performed by the Image rendering device 102.
  • the blocks of the method 400 may be executed based on instructions stored in a non -transitory computer- readable medium, as will be readily understood.
  • the non-transitory computer- readable medium may indude, for example, digital memories, magnetic storage media, such as magnetic disks and magnetic tapes, hard drives* or optically readable digital data storage media.
  • an image rendering device such as die image rendering device 102 receives an instruction file for execution.
  • the instruction file comprises data to be printed and instruction for printing of the data.
  • the instruction may include details like layout of the data, number of copies of data to be printed, whether the printing is to be done in color or monochrome.
  • the instruction file may be received by a print engine, such as print engine 110 of the image rendering device 102.
  • a user identifier included in the instruction file is determined.
  • a security engine such as security engine 112 may determine the user identifier.
  • the method thereafter, proceeds to block 406, where the security engine 112 retrieve a contact identity corresponding to user identifier.
  • the security engine 112 may access a directory, where contact details of the users of die image rendering device 1Q2are stored, to retrieve the contact identity corresponding to the determined user identifier.
  • the security engine 112 transmits a notification to the contact identity of the determined user identifier.
  • the notification may indicate that the instruction file has received by the image rendering device 102 for printing. Further, in an example, the notification may comprise details, such as number of sheets of a medium to be printed, whether in the instruction file is fry color or monochrome printing.
  • Figure 5 illustrates a method 500 for executing an instruction file by an image rendering device, according to an example of the present subject matter.
  • the method 500 and may be implemented in a variety of image rendering device, for the ease of explanation, tire present description of the example method 500 to control the execution of print command is provided in reference to the above-described image rendering device 102.
  • blocks of the method 500 may be performed by the image rendering device 102.
  • the blocks of the method 500 may be executed based on instructions stored in a non-transitory computer- readable medium, as will be readily understood.
  • the non-transitory computer- readable medium may indude, for example, digital memories, magnetic storage media, such as magnetic disks and magnetic tapes, hard drives, or optically readable digital data storage media.
  • an instruction file is received by the image rendering device 102.
  • a print engine such as print engine 110 of the image rendering device 102 receives the instruction file.
  • the instruction file is executed by the image rendering device 102 to print the data contained in the instruction file in accordance with toe instructions within toe instruction file.
  • toe user identifier within toe instruction file is determined.
  • a security engine such as security engine 112 determines the user identifier.
  • toe security engine 112 rriay access a directory to retrieve a contact identity corresponding to the user identifier.
  • toe contact identity corresponding to each of toe users in toe secure printing environment 100 may be stored within the image rendering device 102 or an external data store.
  • toe contact identity may be a mobile number, an email address, or an instant messenger address of a user associated with the user identifier. The method then proceeds to block 508.
  • the instruction within toe instruction file comprises details of whether the data is to be printed in color or monochrome.
  • the security engine 112 may analyze toe instruction to determine if toe instruction file is to be executed for color printing or monochrome printing. If the determination made at block 508 is in the affirmative the method 500 proceeds to block 510 whereas if the determination made at block 508 is not affirmative, the method proceeds to block 512.
  • the instruction file may be stored for monochrome printing. From block 512, toe method 500 may proceed to block 514 where toe instruction file may be executed to print toe data in monochrome as a result of the assessment made at block 508.
  • the security engine 112 may determine, based on the access control rights defined for the user identifier, for example, in the secure color print list, whether the user identifier is allowed for color printing. If the determination made at block 510 is in the affirmative, the method 500 proceeds to block 514. On toe other hand, If the determination made at block 510 is not affirmative, the method 500 proceeds to block 512,
  • the security engine 112 gemmates and transmits a password to the retrieved contact identity (as retrieved in block 506).
  • the user receives the password on his contact Identity.
  • the user thereafter enters the password in the image rendering device 102 at block 516.
  • the security engine 112 determines if toe entered password is correct. If the determination made the block 518 is in the affirmative, toe method 500 proceeds to block 520 and the instruction file is executed to print the data. While, if the determination made toe block 518 is negative, the method 500 proceeds to block 522 where toe data is printed in monochrome.
  • Figure 6 illustrates a computing environment implementing a non- transitory computer-readable medium for controlling execution of instruction files in an image rendering device, according to an example.
  • toe computing environment 600 may comprise an image rendering device, such as image rendering device 102.
  • the computing environment 600 includes a processing resource 604 communicatively coupled to the non-transitory computer-readable medium 602 through a communication link 606.
  • the processing resource 604 may be a processor of the image rendering device that fetches and executes computer-readable instructions from the non-transitory computer-readable medium 602.
  • the non-transitory computer-readable medium 602 can be, for example, an internal memory device or an external memory device.
  • the communication link 606 may be a direct communication link, such as any memory read/write interface.
  • the communication link 606 may be an indirect communication link, such as a network interface.
  • the processing resource 604 can access the non-transitory computer- readable medium 602 through a network 608.
  • the network 608 may be a single network or a combination of multiple networks and may use a variety of different communication protocols.
  • the processing resource 604 and the non-transitory computer- readable medium 602 may also be communicatively coupled to data sources 610.
  • the data source(s) 610 may be used to store the user access control rights, passwords, such as OTP and registered passwords, contact identity, in an example.
  • the non-transitory computer-readable medium 602 comprises executable instructions 612 for controlling execution of instruction files by the image rendering device 102.
  • the non-transitory computer-readable medium 602 may comprise instructions executable to implement the previously described driver engine 110 and control engine 112.
  • the inductions 612 may cause the processing resource 604 to receive, at an image rendering device, an instruction file executable for color printing of data in the instruction file.
  • the instruction file is a type of file which may be executed by tiie image rendering device 102 to print data in the instruction file in accordance with the instruction therein.
  • the instruction file received at the image rendering device may be executable for color printing of data in the instruction file if the instructions in the instruction file are defined so.
  • the instructions 612 may further cause the processing resource
  • the contact identity may be stored in a directory, such as the above-mentioned directory 114 and the instructions 612 may cause the processing resource 604 to access the directory to retrieve the contact identity.
  • the processing resource 604 may use a lightweight directory access protocol (LADP) to access the directory to retrieve the contact identity.
  • LADP lightweight directory access protocol
  • the instruction 612 may cause the processing resource
  • the instructions 612 may cause the processing resource to execute the instruction file to print the data.
  • the instruction 612 may cause the processing resource 604 to assess if the user identifier is enabled to execute print commands fix’ color printing. If it is identified that the user identifier is not enabled for color printing, the instruction 612 may cause the processing resource 604 to store the instruction file for ⁇ Minting In monochrome.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Accessory Devices And Overall Control Thereof (AREA)

Abstract

Examples techniques to control execution of instruction files by an image rendering device are described. In an example, an instruction file is received at an image rendering device. The user identifier included in the instruction file is determined and a contact identity corresponding to the user identifier is retrieved. A notification is sent to the contact identity.

Description

INSTRUCTION FILES IN IMAGE RENDERING DEVICES
BACKGROUND
[0001] Image rendering devices, such as printers and photocopying devices render content onto media. An image rendering device may receive a print command from a user and execute the print command to render the content on a medium.
[0002] The image rendering device may be implemented in a network environment where multiple users connect to toe image rendering device over a network. In some cases, an administrative authority may define rights for the users, such that toe image rendering device may execute a print command from a user in accordance with the defined rights for toe user.
BRIEF DESCRIPTION OF FIGURES
[0003] The following detailed description references the drawings, wherein:
[0004] Figure 1 illustrates a secure printing environment, in accordance with an example of the present subject matter;
[0005] Figure 2 illustrates an image rendering device, in accordance with an example of the present subject matter;
[0006] Figure 3 illustrates an image rendering device, in accordance with an example of the present subject matter;
[0007] Figure 4 illustrates a method to control execution of instruction files by an image rendering device, in accordance with an example of the present subject rhatten
[0008] Figure 5 illustrates a method to control execution of instruction files by an image rendering device, in accordance with an example of the present subject matter; and [0009] Figure 6 illustrates a computing environment implementing a non- transitory computer-readable medium for controlling execution of instruction files in an image rendering device, according to an example of toe present subject matter.
DETAILED DESCRIPTION
[0010] To print content on a medium, a user may provide a (Mint command to an image rendering device, such as a printer or a photocopier, through a user device. A print driver on the user device interfaces the user device to the image rendering device. When a user initiates a print command, the print driver allows toe user to select toe various settings and options for execution of the print command and accordingly sends toe print command to the image rendering device to print toe data. The print command comprises various details, such as a user name of the user initiating the print command; various instructions, such as instructions for printing on one side or both sides of a page, instructions for printing in color or monochrome; along with data to be printed.
[0011] In a secure printing environment, multiple users may be registered with an image rendering device, such that the registered users alone may use the image rendering device. Further, each user may have defined rights and may use toe image rendering device in accordance with their respective rights. For example, a user may have a right for color printing as well as monochrome printing while another user may have a right for printing in monochrome alone. Further, in an example, the rights may define a volume of data that a user may print in a session. For instance, a user may be allowed to print data on a predefined number of sheets of paper.
[0012] Accordingly, the image rendering device executes print commands in accordance with toe rights of the users to prevent instances of unauthorized use of the image rendering device. For example, if the image rendering device assesses that a user 'ABC' does not have the rights for color printing, toe image rendering device may not execute a print command having instruction for color printing from toe user 'ABC' to prevent unauthorized color printing. [0013] A malicious user may, however, breach the security of toe secure printing environment, for instance, by emulating another user who is authorized with rights which are denied to the malicious user. For instance, the malicious user may use a print driver on a user device to generate a pint command having a user identifier, such as a username of the authorized user. For the purpose* the malicious user may create an instruction file, such as a‘print to file’ type of instruction file to generate the print command.
[0014] Generally, an instruction file generated by a user indudes the username of the user. In the above described scenario, the malicious user may edit the instruction file to replace his username with the username of the authorized user to tircumvent restrictions that may be assodated with his rights. Since the Image rendering device executes the print command based on foe rights assodated with the username in the instruction file, the malicious user may use the image rendering device in accordance with the rights afforded to the authorized user. In such scenarios, the authorized user may not be aware of the illegitimate use of his username by tire malicious user.
[0015] According to an example of the present subject matter, techniques to control execution of instruction files by image rendering devices for preventing unauthorized use of the image rendering devices are described. Example techniques described herein provide for notifying a user erf a print command initiated using toe user’s user identifier in an instruction file. Accordingly, the user may be made aware of the use of his user identifier by a malicious user.
[0016] In an example, an instruction file comprising data to be printed and instructions for printing the data is received at an image rendering device. The image rendering device determines a user identifier specified in the instruction file and retrieves a contact identity corresponding to the determined user identifier. Thereafter, a notification is sent to the retrieved contact identity. The notification is indicative of a pint command associated with the determined user identifier being initiated. In situations where a malicious user attempts to use the image rendering device in accordance with access control rights, for example, for obtaining color print or for printing a large volume of data, assigned to an authorized user, toe notification may serve as an alert to the authorized user.
[0017] The above techniques are further described with reference to
Rgure 1 to Figure 6. it should be noted that toe description and the figures merely illustrate the principles of toe present subject matter along with examples described herein and should not be construed as a limitation to the present subject matter. It is thus understood that various arrangements may be devised that, although not explicitly described or shown herein, embody toe principles of the present subject matter. Moreover, all statements herein reciting principles, aspects, and implementations of the present subject matter, as well as specific examples thereof, are intended to encompass equivalents thereof.
[0018] Figure 1 shows a secure printing environment 100 implementing an image rendering device 102, according to an example of toe present subject matter. Examples of the image rendering device 102 may include, printers, photocopier, and any other electronic devices that may execute print commands to print data based on instruction files.
[0019] In the secure printing environment 100, toe image rendering device 102 may be accessed by multiple users through their respective user devices 104-1, 104-2,..,, 104-n. Examples of the user devices 104-1, 104-2 » · ' * > 104-n may include, but are not limited to, an electronic device, such as a desktop computer, a laptop, a smartphone, a personal digital assistant (PDAs), and a tablet that may allow a user to a provide a print command to toe image rendering device 102. Users may be registered with the image rendering device 102 to enable them to use the image rendering device 102. Further, access control rights may be defined for each of toe users, accordingly which the users can use the image rendering device 102.
[0020] The user devices 104-1, 104-2,..., 104-n may each include a [Mint driver 106-1, 106-2 * » * * » 106-n, respectively, to interface toe user devices 104-1, 104-2i»··# 104-n with toe image rendering device 102. In an example, toe user devices 104-1, 104-2 104-n may communicate with toe image rendering device 102 over a network 108 to provide toe print command to toe image rendering device 102. [0021] The network 108 may be a single network or a combination of multiple networks and may use a variety of different communication protocols. The network 108 may be a wireless or a wired network, or a combination thereof. Examples of such individual networks include, but are not limited to, Global System for Mobile Communication (GSM) network, Universal Mobile telecommunications System (UMTS) network, Personal Communications Service (PCS) network, Time Division Multiple Access (TDMA) network, Code
Division Multiple Access (CDMA) network, Next Generation Network (NON), Public Switched Telephone Network (PSTN). Depending on the technology, the communication network 108 includes various network entities, such as gateways, routers; however, such details have been omitted for sake of brevity of the present description.
[0022] In an example, a user device, such as the user device 104-1 may provide a print command for executing an instruction file to the image rendering device 102. The instruction file may be understood as a type of file which can be read by the image rendering device 102 and may be executed by the image rendering device 102 to print data, included in the instruction file. In addition to the data to be printed, the instruction file comprises instructions for printing the data and a user identifier. The user identifier captured in the instruction file may be associated with a user of a user device, such as the user device 104-1.
[0023] A user may generate an instruction file for various purposes. For example, in cases where a user has to print a given data at multiple instances following a set of instructions, such as applying a given page layout settings or a color setting, the user may create an instruction file comprising the data and the set of instructions at foe first instance and may execute the instruction file for printing at multiple future instances. In another example, when a first user has data in his user device, such as user device 104-1, in a format that may not be supported by a user device of a second user, to share toe data with the second user, the first user may create and share an instruction file which may enable the second user to print the data contained within toe instruction file.
[0024] An instruction file may be generated by a user using a print driver installed in a user device, such the print driver 106-1 installed in toe user device 104-1. For «eating an instruction file, the user may provide, to tee print driver 106-1 , the data to be printed and instructions for printing tee data. The user may provide tee data to tee print driver 106-1 through a print command interface of the of the print driver 106-1. The instructions may define, for example, a number of sheets to be printed and a layout for the data to be printed. The instructions may also define if tee data is to be printed in monochrome or color. Hie user may thereafter utilize a‘print to file’ option provided by the print driver to create tee instruction file. Examples of types of instmction files include, but not limited to, a pm file, a rti file, a gra file, and a pit file.
[0025] The instruction file generated by the print driver may be sent to the image rendering device 102 for printing or may be stored in tee user device, for example, for printing at a later instance of time. When tee data in tee instruction file is to be printed, the instruction file and a print command to print the instruction file may be sent to tee image rendering device 102.
[00263 According to an example of the present subject matter, a print engine 110 of tee image rendering device 102 receives the instmction file. In an example, a security engine 112 erf the image rendering device 102 determines a user identifier included in the instruction file and retrieves a contact identity associated with the user identifier. For example, the contact identity associated with the user identifier may be retrieved by accessing a directory 114, comprising information regarding users registered with tee image rendering device 102, that may be present in the secure printing environment 100. The directory 114 may be accessible over tee network 108 in an implementation. Further, the security engine 112 transmits a notification to the contact identity associated with the user identifier.
[00273 In an example, the notification may indicate teat a print command has been initiated. A user receiving a notification despite not having initiated a print command may be aierted. For example, in a situation where a malicious user, in an attempt to circumvent restrictions associated with his access control rights, indudes within an instmction file the user identifier of an authorized user who has been afforded the corresponding access control rights, tee notification may atert tee authorized user. [0028] Figure 2 shows the image rendering device 102, according to another example of the present subject matter.
[0029] According to an of tee present subject matter, tee print engine 110 of the image rendering device 102 receives an instruction file. As mentioned above, along with tee data to be printed and the instruction for printing the same, the instruction file comprises a user identifier. According to an example, the security engine 112 of tee image rendering device 102 retrieves a contact identity associated with the user identifier to provide tee notification to tee contact identity. The contact identity associated with tee user identifier may be an email address, an instant messenger identifier, a mobile number, a pager number of any other contact number or address which may be used to communicate with a user corresponding to the user identifier.
[0030] In an example, the notification may comprise a password.
Accordingly, the security engine 112 transmits a password to the retrieved contact identity associated with the user identifier. In an example, the image rendering 102 may allow printing of data in the instruction file upon a user entering the password.
[0031] As apparent, the password is transmitted to tee retrieved contact identity which corresponds to the user identifier within tee instruction file. A malicious user, who may have included the user identifier of the authorized user is prevented from obtaining tee printed data since he is not tee recipient of tee password. However, if the print command is issued by the authorized user, the authorized user receives tee password on his contact identity. The authorized user may enter tee password in the image rendering 102 to enable the security engine 112 to allow printing of data.
[0032] Figures 3 illustrates an image rendering device 102, in accordance with another example of the present subject matter.
[0033] The image rendering device 102, among other things, includes and a memory 302, interface^) 304, and engine(s) 306. The memory 302 may include any computer-readable medium including, for example, volatile memory (e.g., RAM), and/or non-volatile memory (e.g., EPROM, flash memory, etc.). The interface 304 may include a variety of software and hardware interfaces that allow toe image rendering device 102 to interact with other devices, such as the user devices 104-1, 104-2. 104-n or other input/output (I/O) devices that may be used to provide inputs, such as credentials, passwords, print selection to the image rendering device 102.
[0034] The engine(s) 306 may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement certain functionalities of the engine(s) 306, such as transmitting a password and executing an instruction in response to receiving the password. In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming ter the engine(s) 306 may be processor executable instiuctions stored on a non- transitory machine-readable storage medium and the hardware for the engine(s) 306 may include a processing resource (for example, implemented as either a single processor or a combination of multiple processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement engine(s) 306. In such «camples, toe image rendering device 102 may include toe machine-readable storage medium storing toe instructions and the processing resource to execute toe instructions, or the machine-readable storage medium may be separate but accessible to image rendering device 102 and the processing resource, in other examples, engine(s) 306 may be implemented by electronic circuitry. In an example, in addition to toe aforementioned print engine 110 and the security engine 112, the englne(s) 306 may also comprise other engine(s) 310 that supplement functions of toe image rendering device 102.
[0035] The data 308 serves, amongst other things, as a repository for storing data that may be fetched, processed, received, or generated by the engine(s) 306. The data 308 comprises other data 312 corresponding to the other engine(s) 310. In toe illustrated example, toe data 308 of the image rendering device 102 also comprises instruction file data 314, user data 316 and user rights data 316*. The other data 318 may store foe data pertaining to foe other engine(s) 310.
[0036] in operation, the print engine 110 receives an instruction file for execution. In an example, the instruction file may be saved in foe instruction file data 314, for instance, for printing at a later instance of time. In an example, foe printing may be deferred until such time that a password is received by the image rendering device 102.
[0037] A security engine 112 of the image rendering device 102 determines foe use identifier within foe instruction file and retrieves a contact identity associated with determined user identifier. In an example, contact identity may be retrieved from user data 316. For example, a contact identity, such as, an email address, an instant messenger identifier, or a mobile number of a user may be captured against a user identifier during registration of foe user with the image rendering device 102 and may he stored as foe user data 316.
[0038] In other examples, contact identities corresponding to each of the user identifier may be stored In external data store 320 such as foe above- mentioned directory 114. The security engine 112 may communicate with the data store 320 to retrieve the contact identity for foe user identifier. In an example, the security engine 112 may communicate with foe data store 320 using a lightweight directory access protocol (LDAP).
[0039] Upon determining the contact identity of the user Identifier, the security engine 112 transmits a notification to foe contact identity. Ih an example, the notification may comprise information, such as number of sheets to be printed, whether the printing Is to be done in color or monochrome. In an example, foe notification may comprise a message, for example,‘[instruction file name} comprising‘n’ pages received for color printing'. In another example, foe notification may comprise the details about number of copies of foe data is to be printed.
[0040] In an example, the notification which is transmitted to foe contact identity of the user Identifier may include a password corresponding to foe instruction file generated by foe user. In an example, the notification may include the password in addition to the message while in another example, toe notification may include a password alone without toe message.
[0041] in an example, the transmitted password may be a onetime password (OTP). The OTP may be composed of numerals, characters, special characters or a combination thereof. In an example, toe OTP may be stored temporarily in user data 316.
[0042] In an example, the notification transmitted to the contact identity may not indude the password, such as the OTP. in such an example, the notification may include a prompt for user to enter a password for executing the instruction file to print the data. For example, toe prompt to enter the password may accompany or be independent of the above explained message. In such an example, the password may be a registered password, that may be used multiple times in contrast to the OTP that may be rendered obsolete after one use. In an example, the registered password may be assigned to a user during registering his user identifier with the image rendering device 102 and may be stored in user data 316. In an example, the registered password allotted to toe user during the registration may be stored in an external location that is accessible to toe image rendering device 102. For instance, toe registered password may be stored in the data store 320.
[0043] When a notification comprising a password is transmitted to the contact information, the user may retrieve the same from his contact identity. For example, where the contact identity is an email address, the password is transmitted to the email address, likewise, if the contact identity is a mobile number the password may be transmitted to the mobile number and so on. In an example, the password may be sent to both the email address and the mobile number corresponding to the user identifier.
[0044] in an example, user may access the password transmitted to his contact identity and may provide the password, such as the OTP to the image rendering device 102 via the interface 304 of the image rendering device 102. In another example, further to receiving the notification, the user may provide the password, such as the registered password to the image rendering device 102 via the interface 304 of the image rendering device 102.
[0045] The security engine 112, upon receiving the password, matches the received password with the password stored in toe user data 316 and in case of successful matching, executes the instruction to print the data. If toe user inputs a password which is different from the password transmitted to his contact identity or assigned to him during registration, and the password received by the image rendering device 102, the password in the user data 316 do not match and the security engine 112 may not execute the instruction to print the data, in an example, an administrator of toe image rendering device 102 may be notified in such a case.
[0046] Accordingly, as explained above, since toe notification is provided to the user identifier mentioned in the instruction file, the authorized user may be made aware of an attempt to print an instruction file using his user identifier. Further, in an example, printing toe instruction file based on receipt of toe password also prohibits unauthorized use of toe image rendering device 102. Further examples describe implementations that enable use of the image rendering device 102 in accordance with toe access control rights assigned to the users to use the image rendering device 1(32.
[004h As mentioned previously, in an example, users may be assigned access control rights to use the image rendering device 102. The access control rights assigned to the users may be associated with the respective user identifier and the corresponding access control rights may be stored in the data store 320 as rights data 322. The access control rights may define the terms and conditions for a user identifier for using the image rendering device 102. In another example, toe access control rights may be stored in toe user rights data 316' within the data 308 of toe image rendering device 102.
[0048] For example, a right for a first user identifier may define that toe first user identifier may execute print commands for odor printing. In a further example, a right for a second user identifier may define that toe second user identifier is not allowed to execute print commands for color printing. In an example, a secure color print list may be implemented to define which of the users In the secure printing environment 100 may use toe image rendering device 102 for color printing based on their assigned access control rights. In an example, the secure color print list may be stored in the rights data 322 that may be maintained in toe data store 320. In another example, toe secure color pint list may be stored in the user rights data 316*
[0049] In an example, when toe print engine 110 receives the instruction file containing the user identifier, the security engine 112 may communicate with the data store 320 to analyze the rights data 322 to determine the access control rights defined for the user identifier to provide for further execution of toe print command in accordance with the access control righto.
[0050] Consider an example where a user having a user identifier W sends an instruction file comprising instructions for color printing of the data within toe instruction file. The security engine 112 may assess whether the user identifier‘A* is enabled for executing print commands for color printing based on the access control rights. In an example, the security engine 112 may look-up the secure color print list to assess whether the user identifier is allowed for executing print commands for color printing. If the security engine 112 assess that the user identifier W is enabled for executing print commands for color printing, the security engine 112 transmits a password *ac9542’ to the contact identity associated with the user identifier *A\ for example, an email address corresponding to the user identifier‘A’. The user corresponding to the user identifier Ά’ may access toe password on his email and may enter the password ‘ac9542‘ in the image rendering device 102. The security engine 112 verifies the password‘ac9542’ and executes the instruction file to pint the data in color if the password is correct. However, if the password is incorrect, the security engine 112 may, In an example, discard the instruction file.
[0051] In toe above example, in a situation where toe security engine 112 determines that toe user identifier‘A‘ is not allowed to execute the instruction for printing In color, the Instruction file may be stored for printing in monochrome. Further, in an example, when it is determined that a user identifier is not allowed to execute print commands for color printing, an administrator of foe image rendering device 102 may be notified about the user identifier W initiating a color printing while not having foe corresponding access control rights,
[0052] The example implementations may also enable use of the image rendering device 102 for controlling amount of data that may be printed by foe users.
[0053] In an example, a malicious user who may wish to avoid a print command for printing data, for instance, that may be large in volume or large in terms of the numbers of copies of the data to be made, to be associated with his user identifier, may create an instruction file containing the data. Accordingly, the malicious user may replace the user identifier within the instruction file with a user identifier of another user. However, upon receipt of foe instruction file, the security engine 112 may send a notification to foe user identifier included in the instruction file. The notification may alert the user corresponding to the user identifier of the attempt to execute the instruction file, in another example, a notification may also be sent to an administrator of foe image rendering device 102 to alert the administrator when a number of sheets of medium to be printed is more than a threshold or more than what is allowed for foe user identifier within foe instruction file.
[0054] Figure 4 illustrates a method 400 for executing an instruction file by an image rendering device, according to an example of the present subject matter. Although the method 400 and may be implemented in a variety of image rendering device, for foe ease of explanation, foe present description of the example method 400 to control the execution of print command is provided in reference to the above-described image rendering device 102 implemented in foe secure printing environment 100.
[0055] The order in which foe method 400 is described is not intended to be construed as a limitation, and any number of the described method blocks may be combined in any order to implement the method 400, or an alternative method. [0056] It may be understood that blocks of the method 400 may be performed by the Image rendering device 102. The blocks of the method 400 may be executed based on instructions stored in a non -transitory computer- readable medium, as will be readily understood. The non-transitory computer- readable medium may indude, for example, digital memories, magnetic storage media, such as magnetic disks and magnetic tapes, hard drives* or optically readable digital data storage media.
[0057] Referring to Figure 4, at block 402, an image rendering device, such as die image rendering device 102 receives an instruction file for execution. As explained earlier, the instruction file comprises data to be printed and instruction for printing of the data. The instruction may include details like layout of the data, number of copies of data to be printed, whether the printing is to be done in color or monochrome. The instruction file may be received by a print engine, such as print engine 110 of the image rendering device 102.
[0058] At block 404, a user identifier included in the instruction file is determined. In an example, a security engine, such as security engine 112 may determine the user identifier. The method, thereafter, proceeds to block 406, where the security engine 112 retrieve a contact identity corresponding to user identifier. The security engine 112 may access a directory, where contact details of the users of die image rendering device 1Q2are stored, to retrieve the contact identity corresponding to the determined user identifier.
[0059] At block 408, the security engine 112 transmits a notification to the contact identity of the determined user identifier. The notification may indicate that the instruction file has received by the image rendering device 102 for printing. Further, in an example, the notification may comprise details, such as number of sheets of a medium to be printed, whether in the instruction file is fry color or monochrome printing.
[00603 Figure 5 illustrates a method 500 for executing an instruction file by an image rendering device, according to an example of the present subject matter. Although the method 500 and may be implemented in a variety of image rendering device, for the ease of explanation, tire present description of the example method 500 to control the execution of print command is provided in reference to the above-described image rendering device 102.
[0061] The order in which the method 500 is described is not intended to be construed as a limitation, and any number of toe described method blocks may be combined in any order to implement the method 500, or an alternative method.
[0062] It may be understood that blocks of the method 500 may be performed by the image rendering device 102. The blocks of the method 500 may be executed based on instructions stored in a non-transitory computer- readable medium, as will be readily understood. The non-transitory computer- readable medium may indude, for example, digital memories, magnetic storage media, such as magnetic disks and magnetic tapes, hard drives, or optically readable digital data storage media.
[0063] At block 502, an instruction file is received by the image rendering device 102. In an example, a print engine, such as print engine 110 of the image rendering device 102 receives the instruction file. As explained earlier, the instruction file is executed by the image rendering device 102 to print the data contained in the instruction file in accordance with toe instructions within toe instruction file. At block 504, toe user identifier within toe instruction file is determined. In an example, a security engine, such as security engine 112 determines the user identifier.
[0064] At block 506, toe security engine 112 rriay access a directory to retrieve a contact identity corresponding to the user identifier. As explained previously, toe contact identity corresponding to each of toe users in toe secure printing environment 100 may be stored within the image rendering device 102 or an external data store. In an example, toe contact identity may be a mobile number, an email address, or an instant messenger address of a user associated with the user identifier. The method then proceeds to block 508.
[0065] At block 508 a decision is made as to whether the instruction file is for color printing. In an example, the instruction within toe instruction file comprises details of whether the data is to be printed in color or monochrome. The security engine 112 may analyze toe instruction to determine if toe instruction file is to be executed for color printing or monochrome printing. If the determination made at block 508 is in the affirmative the method 500 proceeds to block 510 whereas if the determination made at block 508 is not affirmative, the method proceeds to block 512. At block 512, the instruction file may be stored for monochrome printing. From block 512, toe method 500 may proceed to block 514 where toe instruction file may be executed to print toe data in monochrome as a result of the assessment made at block 508.
[0066] Referring again to block 508 whose‘yes' branch proceeds to block 510, at block 510, again a determination is made as to whether the user identifier is allowed to fa* color printing. The security engine 112 may determine, based on the access control rights defined for the user identifier, for example, in the secure color print list, whether the user identifier is allowed for color printing. If the determination made at block 510 is in the affirmative, the method 500 proceeds to block 514. On toe other hand, If the determination made at block 510 is not affirmative, the method 500 proceeds to block 512,
[0067] At block 514, the security engine 112 gemmates and transmits a password to the retrieved contact identity (as retrieved in block 506). The user receives the password on his contact Identity. The user thereafter enters the password in the image rendering device 102 at block 516. At block 518, the security engine 112 determines if toe entered password is correct. If the determination made the block 518 is in the affirmative, toe method 500 proceeds to block 520 and the instruction file is executed to print the data. While, if the determination made toe block 518 is negative, the method 500 proceeds to block 522 where toe data is printed in monochrome.
[0068] Figure 6 illustrates a computing environment implementing a non- transitory computer-readable medium for controlling execution of instruction files in an image rendering device, according to an example. In an example, toe computing environment 600 may comprise an image rendering device, such as image rendering device 102. The computing environment 600 includes a processing resource 604 communicatively coupled to the non-transitory computer-readable medium 602 through a communication link 606. In an example, the processing resource 604 may be a processor of the image rendering device that fetches and executes computer-readable instructions from the non-transitory computer-readable medium 602.
[0069] The non-transitory computer-readable medium 602 can be, for example, an internal memory device or an external memory device. In an example, the communication link 606 may be a direct communication link, such as any memory read/write interface. In another example, the communication link 606 may be an indirect communication link, such as a network interface. In such a case, the processing resource 604 can access the non-transitory computer- readable medium 602 through a network 608. The network 608 may be a single network or a combination of multiple networks and may use a variety of different communication protocols.
[0070] The processing resource 604 and the non-transitory computer- readable medium 602 may also be communicatively coupled to data sources 610. The data source(s) 610 may be used to store the user access control rights, passwords, such as OTP and registered passwords, contact identity, in an example. In an example, the non-transitory computer-readable medium 602 comprises executable instructions 612 for controlling execution of instruction files by the image rendering device 102. For example, the non-transitory computer-readable medium 602 may comprise instructions executable to implement the previously described driver engine 110 and control engine 112.
[0071] In an examine, the inductions 612 may cause the processing resource 604 to receive, at an image rendering device, an instruction file executable for color printing of data in the instruction file. As apparent from the previous description, the instruction file is a type of file which may be executed by tiie image rendering device 102 to print data in the instruction file in accordance with the instruction therein. Thus, the instruction file received at the image rendering device may be executable for color printing of data in the instruction file if the instructions in the instruction file are defined so. [0072] The instructions 612 may further cause the processing resource
604 to retrieve a user identifier included in the instruction file and thereafter retrieve a contact identity corresponding to the user identifier. The contact identity may be stored in a directory, such as the above-mentioned directory 114 and the instructions 612 may cause the processing resource 604 to access the directory to retrieve the contact identity. In an example, the processing resource 604 may use a lightweight directory access protocol (LADP) to access the directory to retrieve the contact identity.
[0073] Further, the instruction 612 may cause the processing resource
604 to proride a password to the retrieved contact identity. The user associated with the contact identity may retrieve the password from his contact identity and may enter the password in the image rendering device 102. Upon receiving the password as a user input, the instructions 612 may cause the processing resource to execute the instruction file to print the data.
[0074] In an example, the instruction 612 may cause the processing resource 604 to assess if the user identifier is enabled to execute print commands fix’ color printing. If it is identified that the user identifier is not enabled for color printing, the instruction 612 may cause the processing resource 604 to store the instruction file for {Minting In monochrome.
[0075] Thus, the methods and devices of the present subject matter provide to control execution of instruction files for preventing unauthorized use of image rendering device are described. Although implementations of preventing unauthorized use of image rendering device are described have been described in a language specific to structural features and/or methods, it is to be understood that the appended claims are not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as example for preventing unauthorized use of image rendering device are described.

Claims

Claims:
1. A method comprising:
receiving, at an image rendering device, an instruction fife, the instruction file comprising data to be printed and an instruction for printing the data;
determining a user identifier included in the instruction file;
retrieving a contact identity corresponding to the determined user identifier; and
transmitting a notification to the retrieved contact identity.
2. The method as claimed in clam 1, wherein the notification comprises a password, and wherein the method further comprises:
receiving, by the image rendering device, the password; and
executing the instruction in response to receiving the password.
3. The method as claimed in claim 1 , wherein retrieving the contact identity associated with the user identifier comprises accessing a directory comprising information regarding users associated with the image rendering device.
4. The method as claimed in claim 1 , further comprising:
determining whether the instruction is for color printing or for monochrome printing; and
wham tiie instruction is for color printing,
assessing, based on a secure color print list that comprises user identifiers enabled to execute print commands for color printing, whether color printing is enabled for the determined user identifier; and
storing the instruction file for printing in monochrome if the color printing is hot «tabled for the determined user identifier.
5. The method as claimed in claim 1 , wherein the notification is indicative of a number of copies of the instruction file to be printed.
6. The method as claimed in daim 1 further comprising:
detennining, based on the instruction, a number sheets of medium to be printed to print the data in the instruction file; and wherein
notifying an administrator of the image rendering device when the number of sheets of medium to be printed is more than a threshold.
7. An image rendering device comprising:
a print engine to:
receive an instruction file, the instruction fife comprising data to be {Minted and an instruction for printing the data, the instruction file comprising a user identifier; and
a security engine to:
retrieve a contact identity associated with toe user identifier;
transmit a password to toe retrieved contact identity; and allow printing of data in the instruction file upon a user entering toe password.
8. The image rendering device as claimed in daim 6, wherein toe instruction file is a‘print to file' instruction file generated by an application.
9. The image rendering device as claimed in daim 6, wherein toe security engine is to:
determine that toe instruction is for color printing;
determine, based on access control rights predefined for the user identifier, if the user identifier is allowed to execute print commands for color printing; and
store the instruction file for printing in monochrome if it is determined that toe user identifier is not allowed to execute print commands for color printing.
10. The image rendering device as daimed In daim 8, wherein toe security engine is to notify an administrator if it is determined that toe user identifier is not allowed for color printing.
11. The image rendering device as claimed In claim 6, wherein foe security engine is to:
determine, based on the instruction, a number of copies of the instruction file to be printed; and
send a notification to die retrieved contact identity when die number of copies is more than a threshold.
12. A non-transitory Computer-readable medium comprising instructions executable by a processing resource to:
receive, at an image rendering device, an instruction file executable for color printing of data in foe instruction file, foe instruction file comprising a user identifier;
retrieve a contact identity corresponding to the user identifier;
provide a password to foe retrieved contact identity; and
execute foe instruction file upon receiving the password as a user input.
13. The non-transitory computer-readable medium as claimed in claim 12 further comprising instructions executable to assess if the user identifier is enabled to execute print commands for color printing.
14. The hoh-trahsitory computer-readable medium as claimed in claim 13 further comprising instructions executable to store foe instruction file for printing in monochrome if it is assessed that foe user identifier is not enabled to execute the print commands for color printing.
15. The non-transitory computer-readable medium as claimed in claim 12 further comprising instructions executable to use a lightweight directory access protocol (LDAP) to access a directory to retrieve foe contact identity.
PCT/US2019/022406 2018-05-07 2019-03-15 Instruction files in image rendering devices Ceased WO2019216989A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201841017201 2018-05-07
IN201841017201 2018-05-07

Publications (1)

Publication Number Publication Date
WO2019216989A1 true WO2019216989A1 (en) 2019-11-14

Family

ID=68467739

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2019/022406 Ceased WO2019216989A1 (en) 2018-05-07 2019-03-15 Instruction files in image rendering devices

Country Status (1)

Country Link
WO (1) WO2019216989A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6310692B1 (en) * 1998-05-15 2001-10-30 Kuji Xerox Co. Ltd. Dynamic, preventive, centralized printer resource management system and method
US20060221375A1 (en) * 2005-04-04 2006-10-05 Ramesh Nagarajan Automatic secure print notification
JP4745478B2 (en) * 1999-01-29 2011-08-10 キヤノン株式会社 Network print system, information processing apparatus and control method therefor
US8185887B2 (en) * 2006-03-31 2012-05-22 Ricoh Company, Ltd. System and method for printer driver distribution with searchable map database
US9059988B2 (en) * 2003-12-01 2015-06-16 Samsung Electronics Co., Ltd. Printing device capable of authorizing printing limitedly according to user level, printing system using the same and printing method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6310692B1 (en) * 1998-05-15 2001-10-30 Kuji Xerox Co. Ltd. Dynamic, preventive, centralized printer resource management system and method
JP4745478B2 (en) * 1999-01-29 2011-08-10 キヤノン株式会社 Network print system, information processing apparatus and control method therefor
US9059988B2 (en) * 2003-12-01 2015-06-16 Samsung Electronics Co., Ltd. Printing device capable of authorizing printing limitedly according to user level, printing system using the same and printing method thereof
US20060221375A1 (en) * 2005-04-04 2006-10-05 Ramesh Nagarajan Automatic secure print notification
US8185887B2 (en) * 2006-03-31 2012-05-22 Ricoh Company, Ltd. System and method for printer driver distribution with searchable map database

Similar Documents

Publication Publication Date Title
US8464075B2 (en) System and method for policy-driven file segmentation and inter-cloud file storage and retrieval
US11487482B2 (en) Information processing apparatus and non-transitory computer readable medium
US9298930B2 (en) Generating a data audit trail for cross perimeter data transfer
US10484353B2 (en) Multiple recipient message encryption
EP1991941A1 (en) Apparatus and methods for managing time sensitive application privileges on a wireless device
US10001955B2 (en) Method of handling a print job submitted to a cloud printing service, and associated user credentials, for processing by an authenticated printing system and system for performing the method
US11611551B2 (en) Authenticate a first device based on a push message to a second device
US11228692B2 (en) Information processing apparatus and non-transitory computer readable medium storing information processing program
US20130191897A1 (en) Field Provisioning a Device to a Secure Enclave
CN105814578A (en) Wireless communication of printed content
US11947849B2 (en) Printing apparatus receiving authentication information, method for controlling the same, server apparatus having an authentication function, method for controlling the same, and storage medium
CN104969176A (en) Managing application access to certificates and keys
US9858016B2 (en) Providing device functionality utilizing authorization tokens
US11347454B2 (en) Controller for a fulfilment service operation
WO2019216989A1 (en) Instruction files in image rendering devices
KR20180064135A (en) A server for providing cloud service and operation method thereof
CN109948362B (en) Data access processing method and system
CN111147235A (en) Object access method and device, electronic equipment and machine-readable storage medium
US20220353385A1 (en) Scan request comprising contact identifiers
EP2790123B1 (en) Generating A Data Audit Trail For Cross Perimeter Data Transfer
US11182116B2 (en) Information processing apparatus and non-transitory computer readable medium
US10812683B2 (en) Information processing apparatus, information processing system, and non-transitory computer readable medium providing concealed history information in accordance with authorization of a viewer
EP3772204A1 (en) Secured validation in network management
US20240256198A1 (en) Server, printing system, information processing method, and non-transitory computer-readable storage medium storing program
US20170063784A1 (en) Information management apparatus, communication management system, information communication apparatus, information management method, and storing medium storing information management program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19800072

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19800072

Country of ref document: EP

Kind code of ref document: A1