Abstract: Authorized printout of an image corresponding to print data received at a print node from a network. The authorized printout comprises encrypting print data by a print node and storing the encrypted print data without printout, receiving authentication of an intended recipient to print the print data, and decrypting the encrypted print data by the print node and printing the decrypted print data by an image forming device, responsive to receipt of authentication in the receiving step. The print node may be the image forming device itself or a gateway to multiple image forming devices. The print node encrypts the print data with either a symmetric key or an asymmetric key.

Abstract: A file format for a secure file having a secure client header and a data block appended to the secure client header. The client header has a client information block comprised of a public information block and a private information block, wherein at least a portion of the private information block is encrypted, and a client information block integrity check value appended to the client information block, the client information block integrity check value being obtained by performing an integrity check on the client information block. The data block is preferably encrypted and is comprised of a plurality of encrypted data blocks each appended with its own respective integrity check result value.

Abstract: A device (such as a printer or a network device that may be connected to the printer) that is connected to a network and which performs secure operations using an existing encryption keypair maintained within the device, generates a new encryption keypair within the device by receiving a request from another device on the network to provide an encryption key of the existing encryption keypair to the another device. In response to the request, the device determines whether an encryption key of the existing encryption keypair within the device is valid. In a case where it is determined that the encryption key of the existing encryption keypair is invalid, the device automatically deletes each key of the existing encryption keypair from the device, generates a new encryption keypair within the device and stores the new encryption keypair in the device. The device then provides a new encryption key corresponding to the requested encryption key of the new encryption keypair to another device.

Abstract: An encryption key is generated in an embedded device that provides encryption functionality to a printer. The embedded device receives a request for the encryption key from a host computer via a network, wherein the request includes a first source of entropy information accumulated in the host computer. In response to receiving the request, the embedded device determines whether the requested encryption key is present in the embedded device. If it is determined that the requested encryption key is not present, the embedded device generates an encryption key utilizing the first source of entropy of the host computer and a second source of entropy accumulated and stored within the embedded device to seed a key generating process. The generated encryption key is then stored in a key storage medium of the embedded device. The embedded device may be internal to a printer or an external device, and the encryption key may be a public/private keypair of the printer.

Abstract: Access control to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user, based on centralized access management information. Access control comprises receiving authenticated information for the walk-up user from the networked peripheral device at a centralized location, determining at a server connected to the network a first level of access to the networked peripheral device, determining at the networked peripheral device a second level of access to the networked peripheral device by the walk-up user based on received access management information for the walk-up user, and allowing the walk-up user to access determined user-available features of the networked peripheral device based on the determined first and second levels of access.

Abstract: Securely storing a public key for encryption of data in a computing device by using a user-specific key pair which is securely stored in the computing device, including receiving a target public key corresponding to a target device, obtaining a user-specific key pair from a secure registry, using a user-specific private key from the user-specific key pair to create a target key verifier based on the target public key, storing the target key verifier and the target public key in a storage area, retrieving the target key verifier and the target public key from the storage area, applying a user-specific public key from the user-specific key pair to the target key verifier for verifying the authenticity of the target public key, and encrypting data with the target public key, in the case that the authenticity of the target public key is verified, thereby creating encrypted data for transmission to the target device.

Abstract: Access control to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user, based on centralized access management information. Access control comprises receiving authenticated information for the walk-up user from the networked peripheral device at a centralized location, determining at the networked peripheral device a level of access to the networked peripheral device by the walk-up user based on received access management information for the walk-up user, and allowing the walk-up user to access the determined user-available features of the networked peripheral device based on the determined level of access.

Abstract: Remotely obtaining exclusive control of a device by remotely establishing communication with the device over a network, requesting to obtain remote exclusive control of the device's capabilities, and determining whether remote exclusive control of the device's capabilities can be obtained based on whether or not another user already has exclusive control of the device's capabilities. In a first case where it is determined that remote exclusive control can be obtained, authenticating a user requesting to obtain remote exclusive control of the device's capabilities, providing the user remote exclusive control of the device's capabilities after the user has been authenticated, and temporarily deferring requests by users other than the user who has obtained remote exclusive control to perform operations utilizing the device's capabilities during a period in which the user maintains remote exclusive control of the device's capabilities.

Abstract: Printing over a network by inputting print data to be printed and associated credit card information at a host terminal, uploading a print job comprising the print data to be printed and the associated credit card information to a print data storage server, inputting credit card information at an input device that communicates with the print data storage server, transmitting print data stored in the print data storage server having associated credit card information that corresponds to the credit card information input at the input device, and printing the print data on a printing device. The uploaded print job may be marked as ready for printing such that the print data transmitted to the printing device is that which has been marked as ready for printing. In addition, a display of pending print jobs may be provided for a user to select a print job to print prior to the print data being transmitted to the input device.

Abstract: A method of renting removable digital storage media for use with a digital image acquisition device includes the steps of loaning removable digital storage media to a customer for storing digital image data captured by a digital image acquisition device, receiving, upon return, the removable digital storage media from the customer and maintaining information associated with the loan and return of the removable digital storage media and the customer.

Abstract: Obtaining exclusive control of a printing device by deferring printing of print data in a print queue. To obtain control, the recipient performs a process which may include authentication of the recipient. Control may be obtained either before the recipient is authenticated or after a successful authentication process. After the recipient has obtained control, print data in the print queue is temporarily deferred from being printed. The recipient may then select a print job to print, including selecting a print job from among the print jobs deferred in the print queue, or selecting a file to print over a network, including the Internet or an intranet. Further, printing device resources utilized in printing data during the period of exclusive control may be tracked and correlated to the recipient who has control.

Abstract: An interface modem for use in a broadband local area data network with collision avoidance protocol. The data link controller features hardware acknowledge circuitry that acknowledges the receipt of a perfect data packet immediately upon receipt thereof without request to or assistance by the client data processing unit. The DLC prepares the acknowledgement packet from the incoming data packet and places it on the data link without going through a line acquisition protocol. Each received acknowledgment packet is placed in a transmit buffer at a known location relative to the data packet which was just transmitted, for which it is an acknowledgment so that each acknowledgment packet may be located in less time by the client data processing unit. The acknowledgment packets are logically part of the transmit process and are therefore placed in the transmit buffer.