Abstract: A system that uses three different wireless technologies to print a document from a mobile device. The invention is comprised of a server and a client. The server is comprised of a controller, an 802.11x transceiver, a Bluetooth transceiver and a modem. The server waits for a connection from a mobile device and once a connection is detected determines the type of connection. The server uses the proper protocol to extract the print control data and interpret the print type. The server proceeds as normal, converts to printable format, and prints the document. The client can be a personal computer, a laptop, a personal data assistant, or a cellular telephone. The client operating systems include all versions of Windows, Palm OS, Handspring, and Simbian.

Abstract: The subject application is directed to a method and system for notifying an administrator when a user of a document processing device requests a change in the configuration of the device. A user accesses the device via a user interface, requesting alteration of the device configuration. The user then provides identification information and an authentication server determines whether the identified user is authorized to make the configuration change. Access is denied to unverified or unauthorized users attempting to change the configuration of the device. When the user is verified, but not authorized to make the requested change, the authentication server rejects the request and notifies the administrator of the attempt. When the user is both verified and authorized to make a change, the device configuration is altered, conforming to the requested configuration, and a notice is transmitted to the administrator containing information about the change in configuration.

Abstract: A system and method for controlled monitoring of pending document processing operations is provided. Each document processing request received by a document processing device is assigned a job name, which is then encrypted using a random static encryption key, resulting in a job identification. A user then logs onto the document processing device to view pending jobs, which are displayed to the user by only job identification. Those jobs with which the user is associated are then decrypted by the document processing device, allowing the user to view job information including status and file name. The user is thereby also able to modify or delete those pending jobs with which the user is associated. Once the job queue is empty, the random static encryption key is deleted and a new key is generated when a document processing request is received into the empty queue.

Abstract: A system and method for enabling secure communications from a shared multifunction peripheral device is provided. The shared multifunction peripheral device first receives identification data representative of an associated user requesting a document processing operation. Upon authentication of the user, a key pair is generated by the shared multifunction peripheral device. The shared multifunction peripheral device also generates a limited operation certificate, restricting the user to a particular function offered by the shared multifunction peripheral device. The certificate is then stored by the shared multifunction peripheral device and the private key is encrypted using the received identification data. The public key and encrypted private key are then stored by the shared multifunction peripheral device. An electronic mail message is then generated by the shared multifunction peripheral device and digitally signed using the private key, whereupon it is transmitted to one or more designated recipients.

Abstract: A system and method for secure handling of scanned documents is provided. Electronic document data is received by a document processing device and assigned an identifier unique to the document. A user ID or electronic mail address is then received corresponding to the selected output operation. The user ID or address is then transmitted, along with the identifier, to an encryption key generator, which then generates a symmetric encryption key. The encryption key is then returned to the document processing device, whereupon the electronic document data is encrypted and the key is deleted by the document processing device. The encrypted document is then stored or transmitted via electronic mail, in accordance with the selected output operation. Decryption is thereafter accomplished using the document identifier, user ID or email address, and key generator identification data.

Abstract: The subject application is directed to a system and method for generating verifiable device user passwords. More particularly, the subject application is directed to a system and method for authenticating a document processing device with a client device without either device possessing any previous authentication certificate or information.

Abstract: A system and method for certificate-based client registration via a document processing device is provided. A client device, having an operating system disparate from a document processing device on a computer network, connects to the document processing device to procure a valid digital certificate. The document processing device receives authentication data from the client device, which is then verified by a trusted authentication server. The document processing device, based upon the verification by the authentication server, authenticates the certificate request made by the client device. The document processing device then forwards the authenticated certificate request to a trusted certificate server for issuance of a digital certificate. The certificate server issues the digital certificate, which is then returned to the document processing device.

Abstract: A system and method for secure inter-process data communication is provided. Identification data corresponding to a user is received and used to generate a symmetric encryption key. The symmetric encryption key is then used to encrypt job data. A token associated with the encrypted job data is then generated. Expiration data corresponding to the validity period of the token is then associated with the token, whereupon the token is stored. The generated symmetric key is then encrypted using a static symmetric encryption key, whereupon the encrypted symmetric key is also stored in association with the token. When a process receives the encrypted job data, the process retrieves the token and determines, based on the expiration data whether the token is still valid. When the token is valid, the static key is retrieved and used to decrypt the encrypted encryption key.

Abstract: The subject application is directed to a system and method for the secure and correct deletion of data files from a data storage that bypasses the file system of an operating system. A secure erase service receives a request from a system interceptor, which has intercepted a system call from an application. The interceptor component communicates with the secure erase service via an interprocess communication module. The erase service receives the erase request from the communication module and communicates the erase request to a secure erase library. Using the file information within the secure erase request, the secure erase library queries the file system of the data storage device to determine the location of data blocks containing the data for deletion. Upon locating the data blocks, the secure erase library then instructs the device driver, via a virtual file system, to overwrite the data blocks a predetermined number of times.

Abstract: A method and system for notifying an administrator when a user of a document processing device, such as a multifunction peripheral device, requests a change in the configuration of the document processing device. A user accesses the document processing device via a user interface, requesting that the configuration of the device be altered. The user then provides identification information verifying the identity of the user. An authentication server then determines whether or not the identified user is authorized to make the change in the device configuration. Access is denied to unverified or unauthorized users attempting to change the configuration of the document processing device. In the event that the user is verified, but not authorized to make the requested change, the authentication server rejects the requested change and notifies the administrator of the attempt to change the configuration.

Abstract: The present invention is directed to a system and method for the secure and correct deletion of data files from a data storage that bypasses the file system of an operating system. A secure erase service receives a secure erase request from a system interceptor component, which has intercepted a system call from an application. The system call interceptor component communicates with the secure erase service via an interprocess communication module. The secure erase service receives the secure erase request from the interprocess communication module and communicates the secure erase request to a secure erase library. Using the file information contained in the secure erase request, the secure erase library queries the file system of the data storage device to determine the location of data blocks containing the to be deleted data.

Abstract: The present invention is directed to a system and method for secure document transmission. The method begins by receiving first and second key portions into a data storage associated with a document processing device. The first key portion suitably includes data representing a user of the document processing device and the second key portion suitably includes data representing a source of at least one electronic document directed for transmission to the document processing device. Next, at least one encrypted electronic document is received into the document processing device, wherein the document includes the second key portion. The received electronic document is then decrypted using the second key portion and the first key portion, which was retrieved from the data storage. Following decryption, a document processing operation is commenced on the decrypted electronic document.

Abstract: An extensible device-independent and scalable modular software layer in a peripheral device. The modular software layer facilitates communication between components of the peripheral device. A hardware abstraction layer (HAL) of the peripheral device is configured in accordance with interface parameters of the modular software layer such that hardware characteristics of the peripheral device are abstracted therefrom and passed to the modular software layer.

Abstract: The present invention is directed to a system and method for propagation of security information for secure information exchange. Existing and new authentication information are gathered and combined into the same header. The header is attached to electronic document data encrypted by a client device and sent via a computer network to a document processing device. The document processing device, upon receipt of the header and document first decrypts the header and uses the existing authentication information to qualify the new authentication information by validating the existing authentication information through a trusted authentication mechanism. Once validated, the new authentication information is available for future document processing operations by the document processing device and other trusted document processing devices.

Abstract: A system and method for certificate-based document processing authority is provided. Upon receipt of a request for access for document processing operations, an administrator selects a set of allowable functions corresponding to the requesting user. A document processing device is then designated for performing any requested operations and a certificate is generated by the administrator. The certificate is then sent to the designated document processing device, which functions as a certificate authority, for signing. Once signed, the certificate is issued to the requesting user. When a document processing request is received by the document processing device, a comparison is made between the requested operation and the set of allowable functions contained in the certificate associated with the user sending the request. The operation is then selectively performed based upon the results of the comparison.

Abstract: The present invention is directed to a system and method for secure transmission of electronic document data on a network. The method begins with the receipt of user identification data associated with the identity of a user of document processing devices on the associated network. A password key, composed of a first share and a second share, is then generated from the user identification data. The first share is then communicated to an associated storage area. Electronic document data is then received, and an encryption key is randomly generated. The electronic document data is then encrypted using the encryption key. The second share is then appended to the encrypted electronic document and the combined data is communicated to an associated document processing device.

Abstract: The present invention is directed to a system and method for secure inter-domain document transmission. Encrypted electronic document data is received from a source domain into a target domain. The encrypted electronic document includes header data containing encrypted user authentication data and data representing an identified file server associated with the target domain. Next, key data is retrieved from the identified file server. Decryption of the encrypted electronic document is then commenced using the retrieved key data.

Abstract: A system and method is provided for providing a file based job request queue for digital imaging devices. Job requests are stored in a section of file-based queue having a plurality of sections, wherein each section corresponds to a function of a multi-function digital image device. A key is assigned to each job request such that each job request in a section has a different key. Values are then computed for each job request based on the assigned job request key. The computed values are then stored such that they are searchable to determine the current state of the queue.

Abstract: This invention is directed to a document audit trail system and method for tracking and auditing document processing operations performed on and distribution of an electronic document. This invention allows information relating to the source of an electronic document, whether the document is an original, document processing operations performed on the document, distribution of the document, and other historical characteristics be extracted from indicia applied to the document.

Abstract: The present invention is directed to a system and method for secure communication of electronic documents to a document processing device. A document processing request containing electronic document data is received containing document data in an unencrypted form. A seed value is then received and used to generate a random number. The random number is used to encrypt the electronic document. The seed value, in a header, is transmitted, along with the encrypted electronic document, to a document processing device. The document processing device extracts the seed value from the header and uses the seed value to generate a random number. The encrypted document is then decrypted using the random number generated from the seed value. The document processing device subsequently performs the selected document processing operation on the decrypted electronic document.