 Method and device for protecting sensitive information on media processing devices
专利摘要:
Methods and apparatus for protecting sensitive information on media processing devices are disclosed. An example of a media processing device includes a processing engine for processing media processing instructions received by the media processing device, the media processing instructions comprising a command and data to make a component of the media processing device perform a function; and a data protector configured to determine whether the command is a data protection command; and when the command is a data protection command, adjusting the function for providing protection of the data. 公开号:BE1026135B1 申请号:E20195129 申请日:2019-03-01 公开日:2020-05-25 发明作者:Andrew J Pekarske;James M Rehberger 申请人:Zebra Tech Corp; IPC主号:
专利说明:
FIELD OF REVELATION This disclosure generally relates to media processing devices and, more specifically, methods and devices for protecting sensitive information on printers. BACKGROUND A printer is an example of a media processing device that receives data (e.g., from a network) and generates indicia on media (e.g., by printing the indicia on a surface of the media) in accordance with the received data. Additionally or alternatively, the printer reads from and / or writes the printer to machine-readable memory embedded in the media in accordance with the received data (e.g., by reading and / or writing to a chip from a radio frequency identification (RFID) transponder). In some cases, one or more parts of the received data is representative of sensitive information. RESUME According to a first aspect of the invention, there is provided a media processing device comprising a processing engine configured to process a media processing instruction received by the media processing device, the media processing instruction comprising a command and data to function a component of the media processing device to do it; and a data protector configured to determine whether the command is a data protection command, and when the command is the data protection command, adjusting the function to provide protection of the data, wherein at least one of the processing engine and the data protector is implemented via a logic circuit. BE2019 / 5129 The data protector can be configured to, if the command is not a data protection command, cause the component to execute a function without modification. The memory of the component can be configured to store at least one of an image and a format generated by the processing engine and based on the command and the data; and the function may include storing at least one of the image or format in memory. When the data protection command is of a first type, customizing the function may preferably include requiring user authentication to store at least one of the image or format in memory. When the data protection command is of a second type, different from the first type, customizing the function may preferably include preventing at least one of the image and format from being stored in memory. For example, the component may be a printhead, the function may include generating indicia on media located in the media processor, and customizing the function may include requiring user authentication to generate the indicia on the media. The media processing device may further include a user authenticator, whereby requiring user authentication may include receiving input from a user and using the input to determine whether the user is an authorized user of the media processing device. The memory of the component may be configured to store a log indicative of the operations performed by the media processor, the function may include storing the BE2019 / 5129 log in memory, and customizing the function may include editing a portion of the log including the data. The data protector may be advantageously configured to request a data structure with a type of the data protection command, the data structure comprising a plurality of modifications to the function depending on the type of the data protection command. According to another aspect of the invention, there is provided a method for use in a media processing device, the method comprising processing a media processing instruction received by the media processing device, the media processing instruction comprising a command and data to process a component of the media processing device to perform a function, determining whether the command is a data protection command, when the command is the data protection command, adjusting the function to provide protection of the data. If the command is not a data protection command, the method may preferably cause the component to perform a function without modification. The memory of the component can be configured to store at least one of an image and a format generated by the processing engine based on the command and the data, and the function can preferably store at least one of the image or include the format in memory. When the data protection command is of a first type, customizing the function may include requiring user authentication to store the at least one of the image or format in memory. When the data protection command of a second type is different from the first, customizing the function may prevent it BE2019 / 5129 include storing at least one of the image and format in memory. For example, the component may be a printhead, the function may include generating indicia on media located in the media processor, and customizing the function may include requiring user authentication to generate indicia on the media. Requiring the user authentication may include receiving input from the user and using the input to determine whether the user is an authorized user of the media processor. The memory of the component may be configured to store a log indicative of the operations performed by the media processor, the function may include storing the log in memory, and the customization of the function may include editing a portion of the log containing the data. The method may further include requesting a data structure with a type of the data protection command, the data structure comprising a plurality of modifications to the function depending on the type of the data protection command. According to a further aspect of the invention, there is provided a tactile machine-readable medium comprising machine-readable instructions which, when executed, cause a machine to process at least one media processing instruction received by the media processing device, the media processing instruction comprising a command and data to make the component of the media processing device perform a function, when the command is the data protection command, adjusting the function to provide protection of the data. BE2019 / 5129 The instruction, when executed, can preferably cause the machine to execute the component function without modification, if the command is not a data protection command. BRIEF DESCRIPTION OF THE FIGURES FIG. 1 is a perspective view of an example of a media processing device according to the teaching of this disclosure. FIG. 2 is a block diagram representation of the example of the media processing apparatus of FIG. 1 comprising a data protector constructed in accordance with the teaching of this disclosure. FIG. 3 is a block diagram representative of an exemplary implementation of the data protector of FIG. 2. FIG. 4 is a table representative of exemplary protection functions provided by the exemplary data protector of FIGS. 2 and / or 3. FIG. 5 is a flowchart representative of exemplary operations that can be performed to implement the example of the media processing device of FIGS. 1 and / or 2. DETAILED DESCRIPTION Teachings of this disclosure are described below in relation to media processing devices. However, teachings of this disclosure are applicable to any suitable type of device that performs one or more operations involving data. For example, although teachings of this disclosure are described below in relation to printers and data associated with printer components, teachings of this disclosure can also be implemented in scanners that have machine-readable indicia (e.g., barcodes, QR codes, codes stored in radio frequency identification (RFID - transponders), mobile computers that communicate and display information, automatic counting machines (ATMs), kiosks, point-of-sale devices, and / or any other type of device that processes, stores and / or communicates data. BE2019 / 5129 A printer is an example of a type of media processing devices (media processing devices MPD) configured to receive media processing instructions and to perform one or more operations in accordance with the media processing instructions. An example type of a media processing instruction is a printing instruction. Some printers are configured to receive print instructions, generate an image according to the print instructions, save the generated image, and print the generated image on media. For example, a thermal barcode printer receives printing instructions for a label including barcode and / or text, generates an image of the barcode and / or text in accordance with the printing instructions, stores the generated image of the barcode and / or text, and generates the image as indicia on media via thermal transfer printing techniques or direct thermal printing techniques. The printing instructions include commands (eg, field commands, format commands, settings commands, and status commands) and data. For some types of commands, such as field data commands, the accompanying data is representative of information such as, for example, a name, a product number, a product code, a date, a credit card number, a transaction number, a sequence number, an address, a telephone number, or a social security number. For example, in Zebra Programming Language (ZPL), A FD is a field data command that indicates that field data follows for a field. Other examples can be found in the Programming Guide for ZPLII, ZBI 2, SetGet-Do, Mirror, and WML ©, Zebra Technologies Corporation, January 31, 2018. An example print instruction including a field data command and the corresponding data is: FD John Smith BE2019 / 5129 where “ A FD” is the data field command and “John Smith” is field data. Another example type of a print instruction is a format command. With format commands, the accompanying data checks an aspect of a print format. For example, in ZPL, A ADN is a format command indicating that a font size will follow. An example print instruction including a format command and the corresponding format data is: A ADN, 36.20 Where “ A AND” is a format command and “36.20” is format data. The printer interprets the print instruction to generate an image that includes the field data according to the format. Other format command examples in ZPL are A XA for indicating a format start, A FO for indicating a format origin location, A FS for separating fields, and A XZ for indicating an end of a format. format. For example, to have the printer generate an image containing the text string “John Smith” in font size '36, 20 ”at location“ 50.50 ”of a coordination format, the following printing instructions are sent to the printer: A XA A F050.50 A ADN, 36.20 A FD John Smith A FS A XZ As described in detail below, the printer includes a processing engine for generating an image according to the printing instructions. Another example type of media processing instructions is an encoding instruction. Some printers are configured for it BE2019 / 5129 receive coding instructions and for reading / writing to, for example, an RFID transponder embedded in media loaded in the printer. The coding instructions include commands (e.g., write commands, read commands, read / write commands) and data. For some types of coding instructions, the associated data is representative of information such as, for example, a name, a product number, a product code, a date, a credit card number, a transaction number, a sequential number, an address, a telephone number, or a social security number. For example, in ZPL, A RF is a read / write command indicating that field data will follow for a read / write operation. An example coding instruction with a read / write command and field data is: A RFw A FDJohn Smith where “ A RF” is the read / write data command, “w” indicates that the operation involves writing (instead of reading), A FD is the field data command, and “John Smith” is field data. Another example type of coding instruction is a setting command. With setting commands, the associated data determines a value of an institution. For example, in A ZPL, A RS is a setup command indicating that a type of RFID transponder will follow. An example coding instruction with a setting command is: A RS8 where “ A RS” is a setting command and “8” is setting data. The printer interprets the coding instruction for encoding an RFID transponder. For example, to have the printer write the text string “John Smith” to an EPC Class 1, Gen 2 label, the following coding instructions are sent to the printer: BE2019 / 5129 Λ ΧΑ A RS8 A RFw A FD John Smith A FS A XZ As described in detail below, the printer includes a transceiver for encoding the RFID transponder according to the encoding instructions. Depending on the environment and the tasks assigned to the printer, data to be processed by the printer, such as field data and / or format data, may be representative of sensitive information. For example, field data received by the printer may include personally identifiable information (PII) (eg, social security numbers), healthcare related information, and / or details of financial transactions. Additionally or alternatively, format data received by the printer may include format aspects are considered confidential by an entity, while network devices (eg, routers and servers associated with a wired local area network (LAN), a wireless LAN, and / or a cellular network) and other machines (eg, a portable mobile computer, a laptop, and / or a desktop computer) that transfer data to the printer may provide one or more security measures (e.g., firewalls, virtual private network protections, encryption, security protocol transfers, etc.) to protect the transfer of media processing instructions to the printer, improve sample systems , working methods and equipment hereby discloses the ability of the printer (and any other suitable MPD) to protect and secure data (e.g., field data, format data, etc.) when, for example, a user has indicated that the corresponding media handling instructions include sensitive information. BE2019 / 5129 In particular, example systems, methods and apparatus disclosed herein allow the printer (and any other suitable MPD) to distinguish between data associated with sensitive information and other data associated with non-sensitive information. The sensitivity of the information is determined by, for example, appointments made by a user and / or a machine associated with the data. As described in detail below, examples disclosed herein provide specific commands to allow users and / or machines to identify certain media handling instructions as comprising or otherwise associated with sensitive information. In addition, in order to provide one or more measures for protecting sensitive information, exemplary systems, methods and apparatus disclosed herein permit the printer to treat the data associated with sensitive information differently than the data associated with non-sensitive information. In particular, examples herein disclose protective functions that modify one or more behaviors of the printer when sensitive information is encountered (e.g., received and / or processed at the printer). As an example protection function disclosed herein, when sensitive print information is encountered in conjunction with a print instruction, the printer prohibits the use of the corresponding data for any purpose other than printing. The printer prints the sensitive print information on a label and securely removes and erases (eg, completely removes from memory) the data representative of the sensitive information immediately after the printing operation so that the data is not accessible (eg, read and / or requested) from the printer following the print operation. In contrast, when non-sensitive information is encountered, the printer stores the corresponding data accessible after printing. Consequently, saving BE2019 / 5129 data on the printer after printing differently executed for sensitive information and for non-sensitive information. As another example protection function disclosed herein, when sensitive information is encountered in connection with an encoding instruction, the printer prevents the use of the corresponding data for any purpose other than encoding. This is, the printer encodes (eg, writes wirelessly) the sensitive information to the memory embedded in the media and deletes the data representative of the sensitive information immediately after the encoding operation (eg, writing) so that the data is not accessible or can be retrieved by the printer following the coding operation. In contrast, when non-sensitive information is encountered, the printer stores the corresponding data accessible after encoding. Accordingly, storing data on the printer after encoding is performed differently for sensitive information and non-sensitive information. As another example protection function disclosed herein, when sensitive information is encountered, the printer deletes or edits parts of a log (e.g., a text file that tracks operations performed by the printer) associated with the sensitive information. In contrast, when non-sensitive information is encountered, the printer retains the entire log. As such, tracking is performed differently by the printer when dealing with sensitive information versus non-sensitive information. As another example protection function disclosed herein, when sensitive information is encountered, the printer refuses requests to resize the corresponding print job and / or an image generated from the corresponding data. In addition, when sensitive information is encountered, the prints (e.g., sign in memory) record any unauthorized attempt to resize or otherwise BE2019 / 5129 access sensitive information along with details associated with attempts such as, for example, a date, a time, and a user identity. In contrast, when non-sensitive information is encountered, the printer allows requests for resizing and / or image. Accordingly, the ability to change data associated with print operations is differently controlled for sensitive information and non-sensitive information. Other example protection features presented in this disclosure are described in detail below. To allow users and / or machines providing data to the printer to inform the printer of the presence of sensitive information, examples disclosed herein provide new commands to be sent to the printer in conjunction with sensitive data, such as field data and / or format data. The new commands disclosed herein are collectively referred to as data protection commands. The data protection commands provided in this disclosure are included in media processing instructions when a generator (e.g., author or machine) of the media processing instructions considers the associated information sensitive and wishes to take protective measures in connection with the corresponding data. That is, when a user (eg, a person or machine) is preparing media processing instructions that include data representative of sensitive information (eg, Pill, details of a financial transaction, or any type of information considered sensitive by the user), then examples disclosed herein will enable the user to add one or more of the data protection commands to inform the printer that the corresponding data is to be protected through one or more of the protection functions disclosed herein. BE2019 / 5129 In some examples disclosed herein, a plurality of data protection commands are made available to accommodate information of varying levels of sensitivity and, thus, varying levels of protection functionality across the corresponding data. For example, a first data protection command can be used for very sensitive information, and a second data protection command can be used for less sensitive information. When the printer receives data (e.g., field data or format data) with the first of the data protection commands, the printer performs a first set of one or more protection functions. When the printer receives data (e.g., field data or format data) with the second of the data protection commands, the printer performs a second set of one or more protection functions. In some examples, the first set of protection function (s) at least partially overlaps with the second set of protection function (s). Similarly, examples disclosed herein enhance MPDs by allowing users to designate specific data as sensitive and by providing protection functions executable by the MPD for processing sensitive data in a desired manner. FIG. 1 illustrates an example MPD 100 constructed in accordance with the teachings of this disclosure. The example MPD 100 illustrated in FIG. 1 is a printer. Nevertheless, as written above, the teachings of this disclosure apply to any device configured to receive data and to perform one or more operations based on the data. The example MPD 100 of FIG. 1 includes a media cover 102 configured to open and close. With the media cover 102 open, thermal media is loaded into a media receiving space of the example MPD 100 and the media cover 102 is closed, protecting the media from the external environment. In the illustrated example of FIG. 1, includes the thermal BE2019 / 5129 media dye that changes color (e.g., from white to black, from clear to black, etc.) in response to an application of energy (e.g., heat) to the thermal media. The example MPD 100 includes communication ports (e.g., one or more wired interfaces and one or more wireless interfaces) configured to receive media processing instructions that cause the MPD 100 to process the media contained in the media receiving space. For example, the media processing instructions may be printing instructions (e.g., ZPL) that include form commons and field data for a barcode and / or text to be printed on a label. Additionally or alternatively, the media processing instructions may be encoding instructions which include encoding commands and field data to be written to a radio frequency identification (radio frequency identification) transponder embedded in the media. The example MPD 100 of FIG. 1 includes a processor for receiving and executing media processing instructions that cause the media processing components of the MPD 100, for example, to generate an image on the thermal media and / or write data to an RFID transponder embedded in the thermal media. In particular, the MPD 100 includes a media transport system that transfers the thermal media from the media receiving space to one or more media processing spaces such as, for example, an encoding space and a printing space. The media coding space includes a transceiver for wireless writing and / or reading data to, for example, RFID transponders embedded in the thermal media. The print room includes a thermal print head to transfer heat to parts of the thermal media. The thermal print head of the MPD 100 includes a plurality of heating elements (i.e., dots) arranged in rows. The heating elements of the printhead are individually selectable so that subsets of the heating elements are active at a time, allowing the BE2019 / 5129 printhead generates an image of the thermal media. While the example MPD 100 of FIG. 1 is a direct thermal printer, alternative printing techniques include thermal transfer printing technology and paint sublimation thermal printing technology. After being processed (eg, encoded and / or printed), the thermal media is moved by the media transport system to a media outlet 104 from which a front portion of the media can be removed from the MPD 100. In the illustrated example, media that is encoded and / or printed by the MPD 100 as processed media. FIG. 2 is a block diagram representation of the example MPD 100 of FIG. 1. The example MPD 100 of FIG. 2 includes a control system 200 configured to control components of the MPD 100. In particular, the example control system 200 of FIG. 2 and / or the exemplary control system 200 of FIG. 2 with memory 202, media processing hardware 204, communication interfaces 206 and input / output interfaces 208. In the illustrated example of FIG. 2, the control system 200 is performed by a logic circuit (e.g., one or more processors, microprocessor (s), coprocessor (s) and / or integrated circuit (s) (e.g., an ASIC (application specific integrated circuit), or a FPGA (field programmable gate array)). The exemplary control system 200 of FIG. 2 includes a print controller 210 configured to control components of the media processing hardware 204 associated with generating indicia on media loaded into the MPD 100. In the example of FIG. 2, the print controller 210 sends a media transport system 212 to delivery units (e.g., labels) of the media to a printhead 214. The media transport system 212 includes a motor, one or more motor-driven drive elements, and sensors for detecting a media. position and / or status of the media. The example print controller 210 controls the motor for drawing the media BE2019 / 5129 through the one or more drive elements, such as a glass plate, to a print room where the print head 214 generates indicia on the media unit currently in the print room. The exemplary printhead 214 of FIG. 2 includes a plurality of heating elements referred to as points. Activation of individual points is controlled by a printhead drive, which is implemented via a logic circuit that communicates with the points. For example, the printhead drive is implemented as a programmable port array or processor capable of executing machine-readable instructions stored in memory. Corresponding to signals received from the print controller 210, the print head drive selectively energizes the tips of the print head 214 to change the appearance of the media fed along the print head 214 by the media transport system 212. The points of the sample print head 214 are arranged linearly. . Based on the content to be printed, different points can be turned on or off for a given time. For example, if a solid line is to be printed over the media, all dots of the printhead 214 are turned on to print that line as a solid line of dot images. Each line of a given print job can be printed by moving the media (e.g., through the media transport system 212) relative to the printhead 214 and by changing which points are turned on and which points are turned off. The speed at which media is printed is often measured in inches per second (ips). In the illustrated example, the MPD 100 is configured for direct thermal printing (e.g., labels that include heat sensitive paint / paints). As such, direct thermal media is loaded into the MPD 100. Direct thermal printing media is designed and manufactured in such a way that when a certain amount of energy is applied to a surface of the media, a chemical reaction is BE2019 / 5129 which leads to a change in appearance e.g., a change in color from white to black). In the example of FIG. 2, the direct thermal media is fed from the media receiving space to the printhead 214 via the transport system 212. The printhead 214 selectively transfers heat directly to the direct thermal media fed over the printhead 214, causing a change in appearance of the media on selected on the direct thermal media. Depending on the type of media, a threshold of joules per square inch or Watt * second per square inch is required for a chemical reaction to occur in the direct thermal media to cause a change in appearance in one or more portions of the media . The example MPD 100 may be configured for additional or alternative printing techniques such as, for example, thermal transfer printing. The exemplary control system 200 of FIG. 2 includes a coding controller 218 for controlling operations of the coding machine 216. In the illustrated example, the coding machine 216 comprises one or more transceivers for wirelessly reading and / or writing data to, for example, RFID transponders embedded in the media. For example, a coding instruction, the coding controller 218 may direct the coding machine 216 to wirelessly couple an antenna from an RFID transponder in the coding space and to communicate data received along with the coding instruction to the RFID transponder. Additionally or alternatively, a coding instruction may cause the coding controller 218 to control the coding machine 216 to wirelessly couple the antenna of an RFID transponder in the coding space to read the data stored on the RFID transponder. In the illustrated example, the encoding controller 218 and the exemplary encoding machine 216 are implemented by, for example, methods and apparatus disclosed in U.S. Pat. Patent No. 8,878,652, filed November 13, 2009, issued November 4, 2014. BE2019 / 5129 The exemplary control system 200 of FIG. 2 includes a memory controller 220 for controlling operations associated with the memory 202, which includes an image storage space 222, format storage space 224, and a log 226. In the illustrated example, each of the image storage space 222, the format storage space 224, and the log 226 is an address space in the memory 202. Nevertheless, the individual elements of the memory 202 can be stored in any suitable arrangement or data structure. When printing instructions are received and a corresponding image is generated, the sample memory controller 220, for a print job, transports the image to the image store 222, from which the image (s) can then be retrieved. Alternatively, the MPD 100 can receive one or more images for a print job directly from an external device. In such circumstances, the sample memory controller 220 receives the one or more images via, for example, one of the communication interfaces 206 and transports the received image (s) to the image store 222. In addition, the sample memory controller 220 transfers format data for the print job to the format store 224, from which the format storage 224 can then be retrieved. Alternatively, the MPD 100 can receive one or more formats directly from an external device. In such instances, the sample memory controller 220 receives one or more formats via one of the communication interfaces 206 and transports the received format (s) to the format store (224). In the example of FIG. 2, maintains the memory controller 220 of FIG. 2 the follow-up log 226. In some examples, the memory controller 220 interacts with other components, (e.g., the print controller 210 and / or the encoder controller 218) to track operations and the corresponding data for storage in the follow-up log 226. In particular, when the BE2019 / 5129 print controller 210 and / or the encoder control 218 cause the media processing hardware 204 to perform certain operations for which the memory controller 220 is configured to log, the memory controller 220 (e.g., adds the operation and the corresponding data to a data structure, such as a list ) the corresponding information in the follow-up log 226. In some examples, follow-up log data may be retrieved from memory 202, for example, one or more of the communication interfaces 206 and / or one or more of I / O interfaces 208. The exemplary control system 200 of FIG. 2 includes an encryption driver 228 configured to apply one or more encryption protections to data stored in memory 202. In some examples, encryption driver 228 adds password protections to one or more pieces of data in memory 202. Additionally or alternatively, encrypts the example encryption controller 228 data groups such as, for example, the entire follow-up log 226 or a segment of the follow-up log 226. For encrypting data, the example encryption controller 228 implements one or more encryption algorithms such as, for example, Advanced Encryption Standard 128, (AES-128) , AES-256, and / or another suitable encryption algorithm. In some examples, the encryption controller 228 interacts with the I / O interfaces 208 to obtain a password from, for example, a user and changes aspects of the memory 202 to require the password for subsequent actions. In some instances, such as when data arrives to the media processor 100 in encrypted form, a session decoding key is securely delivered (e.g., over an authenticated or otherwise secured connection) to the media processor 100 and securely stored in memory 202. The exemplary control system 200 of FIG. 2 includes a user authenticator 230 for determining an identity of a BE2019 / 5129 user of the MPD 100. In the illustrated example, the user authenticator 230 interacts with one or more of the I / O interfaces 208 to receive data provided by the user. In the example of FIG. 2, the I / O interfaces 208 include a keypad, a touch screen and an RF-based wireless communication module. The keypad and touch screen are configured to receive manual user input such as, for example, a touch of a key or icon. As such, the user can use the keypad and / or touch screen to provide, for example, a user identification number and password. In the illustrated example, the RF-based wireless communication module is a near field communication (NFC) module comprising a transceiver to communicate with a field near the MPD 100. As such, the user can insert an NFC card in the near field of the place transceiver to communicate with the NFC module. In some examples, the NFC card includes a user identification number, password and / or key. The pre-user authentication 230 of FIG. 2 processes the received input to determine the identity of the user and an authority level of the user with respect to the MPD 100. For example, the user authenticator 230 compares the received user identification numbers and passwords to determine whether the MPD 100 is aware of the user and has authorized the user to use the MPD 100. Additionally, or alternatively, the user authenticator 230 determines whether a provided key is authentic (e.g., matches an issued authentication key). The user authenticator 230 maintains a list of persons and their corresponding authority level in, for example, the memory 202. As described below, various functions of the MPD 100 may be available to some authorized users while other functions of the MPD 100 are not. For example, a user of a BE2019 / 5129 first authority level may be able to print a label with sensitive information, while another user with a second authority level is prevented from printing such a label. The exemplary control system 200 of FIG. 2 includes a processing engine 232 for processing media processing instructions received on the MPD 100 through the communication interfaces 206, which are implemented, for example, via wired and / or wireless communication ports. As described above, the media processing instructions include commands and data interpreted by the processing engine 232 to execute the instructions. For example, when the processing engine 232 receives print instructions, the processing engine 232 generates an image corresponding to the commands and associated data. The image is used by the print controller 210 to cause the media processing hardware 204 to generate indicia on media in the form of an image. When the processing engine 232 receives coding instructions, the processing engine 232 provides corresponding data to the coding controller 218, which controls the coding machine 216 to communicate with, for example, an RFID transponder in the media. Thus, the processing engine 232 is configured to interpret the received media processing instructions such that the control system 200 can perform the corresponding operation. In the illustrated example of FIG. 2, the processing engine 232 is configured to understand ZPL instructions and, in the illustrated example of FIGS. 2-5 and the corresponding descriptions below, data protection commands are disclosed herein in ZPL format. However, the sample processing engine 232 is configured to understand additional programming languages such as, for example, Eltron Programming Language (EPL), Extensible Markup Language, Set-Get-Do (SGD), Comtec Printer Control Language BE2019 / 5129 (CPCL), JavaScript Object Notation, Hypertext Markup Language (HTML), and / or one or more internal application programming interfaces (APIs). In some examples, the processing engine 232 communicates with the memory controller 220 such that the memory controller 220 can perform one or more operations using the data generated by the processing engine 232. For example, the memory controller 220 may be the image generated by the processing engine 232 and / or encode data generated by the processing engine 232 and can store it in an appropriate area of the memory 202. The exemplary control system 200 of FIG. 2 includes a data protector 234 configured according to the teaching in this disclosure. The example data protector 234 is configured to recognize data protection commands disclosed herein. As described above, examples disclosed herein include data protection commands that allow users (e.g., persons and / or machines) to designate certain data as representative of sensitive information. In the illustrated example, the data protector 234 is configured to recognize data protection commands in ZPL. However, the example data protector 234 can be configured to recognize data protection commands in any suitable language or protocol. This is understood to mean that the data protection commands disclosed herein are language diagnostic so that the data protection commands and the benefits associated therewith can be tailored and configured for any suitable programming language or protocol. When the example data protector 234 of FIG. 2 recognizes a data protection command in media processing instructions received on the MPD 100, the data protector 234 implements one or more security functions disclosed herein. In the illustrated BE2019 / 5129, the data protector 234 receives the media processing instruction before, after or in parallel with the processing engine 232 such that the media processing instructions can be analyzed by the data protector 234. An exemplary implementation of the data protector 234 is illustrated in FIG. 3. The exemplary data protector 234 of FIG. 3 includes a command detector 300, a control table 302, and a function manager 304. In the illustrated example, the command detector 300 is configured to analyze media processing instructions received on the MPD 100 and determine whether one of the media processing instructions includes a data protection command. The example command detector 300 of FIG. 3 is configured to detect a first data protection command hereinafter referred to as a protective data command, and to detect a second type of data protection command hereinafter referred to as a restrictive data command. The command detector 300 detects the protective data command by recognizing the following characters in media processing instructions: A PD The command detector 300 detects the restrictive data command by recognizing the following characters in media processing instructions: A RD While the above characters are exemplary characters for data protection commands disclosed herein, any other suitable characters may be used to allow the user to BE2019 / 5129 denotes a media processing instruction as including sensitive information. If a generator (eg, author) of media processing instructions corresponding to, for example, a label with sensitive information desires that the MPD 100 protect the associated data in a first protective manner, then A PD is used in a printing instruction instead of, for example, , A FD. For example, if a label is to include a social security number (SSN) and the SSN is considered sensitive information, one of the following printing instructions may be used depending on the desired level and / or type of protection: A PD SSN: ########## A FS, where “ A PD” is the protective data command and “SSN: ##########” is the protective data, or A RD SSN : ////////// ##### A FS Where “ A RD” is the restrictive data command and “SSN: ## ////////////// #” is the limited data. It is noted that the protective data command ( A PD) or the restrictive data command ( A RD) is used instead of, for example, the field data command ( A FD). The command detector 300 thus recognizes either the protective data command ( A PD) or the restrictive data command ( A RD) as an indication for sensitive information and other command types, such as the field data command ( A FD), as an indication for non-sensitive information. BE2019 / 5129 When the example command detector 300 of FIG. 3 determines that a data protection command (e.g., A PD or A RD) is encountered, then the command detector 300 queries the control table 302 with a type of the protective data command. An example of the control table 302 is shown in FIG. 4. While the example control table 302 of FIG. 4 is stored on the MPD 100, the MPD 100 can communicate with a remote device via, for example, a network for obtaining the information from the control table 302. The example control table 302 lists a plurality of functions performed by components of the MPD 100. Depending on the type of command detected by the example command detector 300, the control table returns values for various functions, each of which indicates whether a respective function is supported, unsupported, supported with authorization, or supported but with condition (s). For a supported function, it is allowed to be executed in connection with the corresponding command or a print job (e.g., a print label job and / or an encryption label job) to which the command belongs. For an unsupported function, it is forbidden to run in connection with the corresponding command or a print job to which the command belongs. A function supported with authorization is a function supported only when a user of the MPD 100 is authenticated by, for example, the user authenticator 230 of FIG. 2. A function that is supported but with condition (s) is one that is supported with one or more aspects of the function prevented. In the illustrated example, one such obstacle is to only provide an edited version of data stored in the memory 202 of the MPD 100. That is, certain portions of the data are removed before storing the data in the memory 202. BE2019 / 5129 As shown in the example control table 302 of FIG. 4, the protective data command is more protective than commands associated with non-sensitive information, and the restrictive data command is more protective than the protective data command. In response to the interrogation of the command detector 300, the control table 302 returns a plurality of values for the functions corresponding to the command type provided on the control table 302. Thus, when the command detector 300 interrogates the control table 302 with a protected data command ( A PD), the control table 302 returns the values shown in the "Protected" column of the table shown in FIG. 4. Furthermore, when the command detector 300 interrogates the control table 302 with a limiting data command ( A RD), the control table 302 returns the values shown in the "Restricted" column of the table shown in FIG. 4. In some examples, when the command detector 300 does not detect a data protection command, the command detector 300 interrogates the control table 302 with a non-sensitive indicator and the control table returns the values shown in the "Non-Sensitive" column of the table shown in FIG. 4. Alternatively, if the command detector 300 does not detect a data protection command, the command detector 300 does not query the control table 302, but instead obtains a default set of values for the functions and provides the same for the control system 200. Alternatively, when the command detector 300 does not detect a data protection command. detects, the command detector 300 indicates it to the control system 200 so that the standard or current functionalities are maintained. That is, when the command detector 300 does not detect a data protection command, the data protector 234 does not change any functionality of the MPD 100. The example command detector 300 transports the received values to the function manager 304, which includes a plurality of interfaces, depending on the received values from the control table 302, BE2019 / 5129 change the behavior of one or more of the components of the MPD 100, such as the components of the control system 200. In the illustrated example, function manager 304 includes a print control interface 306 configured to change, when certain data protection command (s) are detected by the command detector 300, one or more operations associated with the print control 210 of FIG. 2, which, as described above, controls at least the transport system 212 and the printhead 214. Corresponding to the example control table 302 of FIG. 4, when either a non-sensitive command (e.g., the field data command ( A FD)) or the protective data command is detected, the print control interface 306 allows the print control 210 to print. Thus, the print function is not affected by the protective data command in the example of FIG. 4. However, when the restrictive data command is detected, the print control interface 306 will cause the print controller 210 to require a user to be authenticated for printing a label in the MPD 100. For example, the print controller 210 may require the users to have a removable insert storage device (eg, a flash drive) into one of the communication interfaces 206 (eg, a USB port) or enter a username and password using one of the I / O interfaces 208. If the user is authenticated, printing allowed in connection with the restrictive data command. If the user fails in the authentication, printing due to the limited data will be prevented. In the illustrated example, the function manager 304 includes a coding control interface 308 configured to detect, when certain data protection command (s) are detected by the command detector 300, one or more operations associated with the memory control 220 of FIG. 2, which, as described above, controls at least encoder 216. According to the BE2019 / 5129 example control table 302 of FIG. 4, when either a non-sensitive command (e.g., the field data command ( A FD)) or the protected data command is detected, the encoder control interface 308 causes the encoder control 218 to enable read / write operations of the encoder 216. Thus, the read / write operation is not affected by the protected data command in the example of FIG. 4. However, when the restrictive data command is detected, the encoding control interface 308 causes the encoding control 218 to require a user to be authenticated for reading / writing a transponder in the MPD 100. For example, the encoding control 218 of the require user to insert a removable storage device (eg, a flash drive) into one of the communication interfaces 206 (eg, a USB port) or to enter a username and password using one of the I / O interfaces 208. If the user is authenticated, execution of read / write operations in connection with the restrictive data command is allowed. If the user fails in the authentication, execution of read / write operations in connection with the limited data is prevented. In the illustrated example, the function manager 304 and memory control interface 310 are configured, when certain data protection command (s) are detected by the command detector 300, to modify one or more operations associated with the memory control 220 of FIG. 2, which, as described above, controls access and operations associated with memory 202. According to the example control table 302 of FIG. 4, when a non-sensitive command (e.g., a field data command ( A FD)) is detected, the memory control interface 310 does not affect a record function of the memory controller 220, and thus the memory controller 220 records complete data in the log 226. Furthermore, when becomes the protective data command or the restrictive data command BE2019 / 5129 detected, the memory control interface 310 causes the memory control 220 to store an edited version of the logging function in the log 226. In particular, the memory control interface 310 instructs the memory control 220 to edit data associated with the protective data command or limiting data command such as, for example, personally identifiable information. According to the example control table 302 of FIG. 4, when a non-sensitive command is detected, the memory control interface 310 does not affect an image storage function or a format storage function of the memory controller 220, and thus the memory controller 220 stores a corresponding image (e.g., an image received at the MPD 100 or generated by the processing engine 232). When the protective data command is detected, the memory control interface 310 will cause the memory control 220 to require authorization for the image or format to be stored. When the restrictive data command is detected, the memory control interface 310 causes the memory controller 220 to prevent image storage and format storage. Thus, local storage of the image and local storage of the format is not allowed when the restrictive data command is encountered. In some examples, the example modifications performed on functions by the memory controller 220 apply to any type of memory implemented in the media processor 100. Alternatively, in some examples, when the protective data command and / or the restrict command is detected, the memory control interface 310 causes the memory controller 220 to store data in volatile memory, as opposed to non-volatile memory in which data corresponding to non-sensitive information is stored. BE2019 / 5129 Additionally or alternatively, when the protective data command and / or the restrictive data command are detected and the corresponding function storing corresponding content, the memory control interface 310 causes the memory control 220 to store the data in the memory block with improved protective properties, such as , for example, an Elliptic Curve Digital Signature Algorithm (ECDSA) protected cryptographic memory chip, a secure file system, and / or an encrypted file system. According to the example control table 302 of FIG. 4, when a non-sensitive command is detected, the memory control interface 310 does not affect the access functions of the memory control 220, in particular a first access function that allows the user to change or view the image and a second access function that allows the user to change or view the format. The memory controller 220 thus provides access to stored image and stored formats when the corresponding media processing instruction does not include a data protection command. In contrast, when the protective data command is detected, the memory control interface 310 causes the memory control 220 to require authorization to modify or view stored images and to modify or view stored formats. When the restrictive data command is detected, the memory control interface 310 causes the memory controller 220 to prevent altering or viewing stored images and altering or viewing stored formats. According to the example control table 302 of FIG. 4, when a non-sensitive command is detected, the memory controller 220 does not allow deletion of the corresponding data after the media processing operations caused by the corresponding instructions have been performed. In contrast, when the protective data command BE2019 / 5129 or the restrictive data command is detected, the memory control interface 310 will cause the memory control 220 to delete the data associated with, for example, a print job after the corresponding print operations have been performed. Thus, the memory control interface 310 allows the MPD 100 to delete data immediately (e.g., within a second or less) following a printing operation and / or an encoding operation. Thus, the data representative of the sensitive information is not stored on the MPD 100 for a significant period of time, thereby preventing unauthorized access to the sensitive information. The exemplary function manager 304 of FIG. 3 includes an encryption control interface 312 configured for when certain data protection command (s) are detected by the command detector 300, changing one or more operations associated with the encryption control 228 of FIG. 2 which, as described above, encodes data stored in memory 202. According to the example control table 302 of FIG. 4, when a non-sensitive command (e.g., the field data command ( A FD)) is detected, the encryption control interface 312 does not allow the encryption control 228 to encrypt data at a standstill. In contrast, when a the protective data command or the restrictive data command is detected, the encryption control interface 312 causes the encryption control 228 to encrypt the corresponding data. In the illustrated example, the encryption control interface 312 causes the memory encryption control 228 to encrypt the data when the data is not in use (e.g., at a standstill and when the data is not processed by the processing engine 232). When the data is in use, the data is decoded where necessary by the encryption controller 228 for the shortest period of time. In some examples, the encryption control interface 312 causes the encryption control 228 or the memory control 220 to transfer the memory (s) BE2019 / 5129 202 knew where the data was stored before it was decoded. The example encryption control interface 312 causes the encryption control 228 to re-encode the data after it has been used (e.g., processed by the processing engine 232) and is stored in a different location in the memory 202. In some examples, the encryption control interface 312 causes the encryption control 228 encrypts the data in preparation for transfer to another device (eg, over a network to a server) to protect the data on the go. While example modifications to example functions have been described above in connection with the example control table 302, additional or alternative functions of the MPD 100 may be affected by the example data protector 234. For example, when the restrictive data command is detected, the memory control interface 310 may cause the memory control 220 prohibits copying matching data. In such instances, when a non-sensitive command or the protective data command is detected, the memory controller 220 is not affected and copying of the corresponding data is allowed. Additionally or alternatively, when either the restrictive data command or the protective data command is detected, the print control interface 306 may cause the print control 210 to facilitate the printing of a security designation such as, for example, a watermark indicative of an identity of the media processor 100, the current user of the media processor 100 (e.g., based on the user authenticator 230), a time and date when printing took place, and / or any other suitable information. Fig. 5 is a flowchart representative of an exemplary method performed by the exemplary MPD 100 of FIGS. 1-3. In the example of FIG. 5, media processing instructions are received to the MPD 100 via, for example, one of the communication interfaces 206 (block 500). The BE2019 / 5129 received media processing instructions are, for example, printing instructions and / or coding instructions with commands and data. In some instances, the data accompanying the commands is representative of sensitive information for which the vendor (e.g., the dispatcher or generator) of the media handling instructions desires one or more safeguards. The example method of FIG. 5 allows the supplier of the media processing instructions to add one or more types of data protection commands to the media processing instructions, such as a protective data command or a restrictive data command. Alternatively, if the supplier of the media processing instructions does not want additional security of the data, the supplier does not add a data protection command. In the example of FIG. 5, the command detector 300 of the data protector 234 analyzes the media processing instructions to determine the types of the commands thereof (block 502). To do this, the example data protector 234 determines for each command whether the command is a protective data command (eg, A PD), a restrictive data command (eg, A RD), or a non-sensitive command ( A FD). Although the illustrated example is configured to identify these commands, additional and alternative types of data protection commands are possible. If at least one of the commands in the media processing instructions is a data protection command (block 504), the command detector 300 asks the control table 302 to obtain a plurality of values for a plurality of functions corresponding to the type of data protection command detected (block 506). In the illustrated example, when more than one data protection command is detected, the most protective (e.g., according to a hierarchy stored in the audit table 302) set of values is returned by the audit table 302 for use BE2019 / 5129 in connection with the corresponding media processing instructions (e.g., for a print job). In the example of FIG. 5, at least one of the plurality of values returned by the control table 302 is a change to a corresponding function of the MPD 100 with respect to the function when no data protection command is present in the media processing instructions. An example of a change to a function is when the detected data protection command is the protective data command, the memory control interface 310 causes the memory controller 220 to require user authentication to store the image or label in the image repository 222, rather than the memory controller 220 stores the image or a label in the image repository 222 (as would happen in the absence of a data protection command). Another example of a change to a function, when the detected protection command is the limiting data command, is that the memory control interface 310 causes the memory controller 220 to prohibit the storage of the image in the image storage space 222 instead of the memory controller 220 image or label in the image repository (as would happen in the absence of a data protection command). Another example of a change to a function is when the detected protection command is either the protective data command or the restrictive data command, the memory control interface 310 causes the memory control 220 to delete the data from the media processing instructions immediately after the processing engine 232 has processed the instructions , instead of the data remaining in memory 202 (as would happen in the absence of a data protection command). Additional examples of changes to functions related to standard or current BE2019 / 5129 functionalities (as listed in the “Non-Sensitive” column in FIG. 4) are described above in connection with FIG. 4. In the example of FIG. 5, one or more of the interfaces of the function manager 304 modify the respective functions according to the plurality of values received from the control table 302 (block 508). In the illustrated example, the changes implemented by the function manager 304 apply to the print job according to the media processing instructions. After a print job is executed, the changes expire and the standard or previous functionalities resume (e.g., the functions associated with non-sensitive information). Referring back to block 504 of FIG. 5, if the command detector 300 does not detect a data protection command, control passes to block 510 where the processing engine processes the received media instructions. Alternatively, control passes from block 508 to block 510. When the media processing instructions are printing instructions, the processing engine 232 generates an image in accordance with the commands and data from the printing instructions and the print controller 210 controls the transport system 212 and the printhead 214 for printing. generating indicia on media based on the image. When the media processing instructions encode instructions, the processing engine 232 processes them and the encoding controller 218 controls the transport system 212 and the encoding machine 216 to read and / or write to a transponder in the encoding space of the MPD 100. In the example of FIG. 5, the components of the control system 200 perform respective functions in accordance with the media processing instruction and receive the values from the control table 302 (or default values). As described above, in some examples, one or more functions depend on being authenticated by a user of the MPD 100. When encountered such functions BE2019 / 5129 (block 512) then the user authenticator 230 creates a query behind user input generated by one or more of the I / O interfaces 208 (block 514). With the input received, the user authenticator 230 determines whether the user is an authorized user and, in some examples, the user's authority level (block 516). If the user is not authenticated, the associated function (e.g., a request to modify or view a stored image) is denied or prohibited (block 518) and the example of FIG. 5 (block 520). If the user is authenticated, the corresponding function is executed (522) and the example of FIG. 5 (block 520). The above description refers to the block diagrams of the accompanying drawings. Alternative implementations of the examples represented by the block diagrams include one or more additional or alternative elements, processes and / or devices. Additionally or alternatively, one or more of the example blocks of the diagrams can be combined, split, rearranged, or omitted. Components represented by some blocks of the diagrams, such as the control system 200 and its components, are implemented by hardware, software, firmware, and / or any combination of hardware, software, and / or firmware. In the examples disclosed herein, at least one of the components represented by the blocks is implemented by a logic circuit. As used herein, the term "logic circuit" is expressly defined as a physical device with at least one hardware component configured (eg, through operation in accordance with a predetermined configuration and / or through execution of stored machine-readable instructions) for the controlling one or more machines and / or performing operations on one or more machines. Examples of a logic circuit include one or more processors, one or more BE2019 / 5129 coprocessors, one or more microprocessors, one or more controllers, one or more digital signal processors (digital signal processors, DSPs), and or several application-specific integrated circuits (ASICs) one or more field-programmable gate arrays (field programmable gate arrays, FPGAs), one or more microcontroller units (microcontroller units, MCUs), one or more hardware accelerators, one or more special-purpose computer chips, and one or more system-on-a-chip (SoC) establishments. Some examples of logic circuits, such as ASICs or FPGAs, are specifically configured to perform operations (e.g., one or more of the operations represented by the flowcharts in this disclosure). Some examples of logic circuits are hardware that performs machine-readable instructions to perform operations (e.g., one or more of the operations shown by the flow charts in this disclosure). Some logic circuit examples include a combination of specifically configured hardware and hardware that performs machine-readable instructions. The above description refers to flow charts and the accompanying drawings. The flowcharts are representative of the exemplary methods disclosed herein. In some examples, the methods represented by the flowcharts implement the device represented in the block diagrams. Alternative implementations of the exemplary methods disclosed herein may include additional or alternative operations. Furthermore, operations of alternative implementations of the methods disclosed herein may be combined, split, rearranged, or omitted. In some examples, the operations represented by the flowcharts implemented via machine-readable instructions (e.g., software and / or firmware) stored on a medium (e.g., a tangible machine-readable medium) for execution through one or more logic circuits ( eg, BE2019 / 5129 processor (s)). In some examples, the operations represented in the flowcharts are implemented through one or more configurations of one or more specifically designed logic circuits (e.g., ASIC (s)). In some examples, the operations of the flowcharts are implemented through a combination of specifically designed logic circuit (s) and machine-readable instructions stored on a medium (e.g., a tangible machine-readable medium) for execution via logic circuit (s). As used herein, each of the terms "tactile machine-readable medium," "non-volatile machine-readable medium" and "machine-readable storage device" is expressly defined as a storage medium (eg, a hard disk, a digital versatile disc (DVD ), a compact disc (CD), a flash memory, read-only memory, random-access memory, etc.) on which machine-readable instructions (eg, program code in the form of, for example, software and / or firmware) can be saved. Furthermore, as used herein, each of the terms "tangible machine-readable medium," "non-volatile machine-readable medium" and "machine-readable storage device" is expressly defined to exclude expanding signals. Thus, as used in any claim of this patent, none of the terms "tangible machine-readable medium," "non-volatile machine-readable medium" and "machine-readable storage device" can be read as implemented via expanding signals. As used herein, each of the terms "tactile machine-readable medium," "non-temporary machine-readable medium" and "machine-readable storage device" is expressly defined as a storage medium on which machine-readable instructions are stored for any suitable length of time (eg, permanent, for an extended period of time (eg, while a program associated with the machine-readable instructions is running), and / or a short period of time (eg, while the BE2019 / 5129 machine-readable instructions are cached and / or during a buffer process)). Despite the fact that certain exemplary apparatus, methods, and articles have been disclosed herein, the scope of this patent is not limited to this. Rather, this patent covers all devices, methods, and articles that are reasonably within the scope of the claims of this patent.
权利要求:
Claims (20) [1] CONCLUSIONS A media processing device comprising: a processing engine configured to process a media processing instruction received by the media processing device, the media processing instruction comprising a command and data to make a component of the media processing device perform a function; and a data protector configured to: determine whether the command is a data protection command; and when the command is the data protection command, adjusting the function to provide protection of the data, wherein at least one of the processing engine and the data protector is implemented via a logic circuit. [2] A media processing device according to claim 1, wherein the data protector is configured, when the command is not a data protection command, to cause the component to perform a function without modification. [3] A media processing device according to claim 1 or 2, wherein: the memory of the component is configured to store at least one of an image and a format generated by the processing engine based on the command and the data; and the function includes memorizing at least one of the image or format. [4] A media processing apparatus according to claim 3, wherein, when the data protection command is of a first type, adjusting the function requiring user authentication for the BE2019 / 5129 stores at least one of the image and the format in memory. [5] A media processing apparatus according to claim 4, wherein when the data protection command is of a second type, different from the first type, adjusting the function comprises preventing the storage of the at least one of the image and the format in the memory. [6] A media processing device according to any of the preceding claims, wherein: the component is a printhead; the function includes generating indicia on media located in the media processor; and adjusting the function includes requiring user authentication to generate the indicia on the media. [7] A media processing device according to claim 6, further comprising a user authenticator, wherein requiring user authentication includes receiving input from a user and using the input to determine whether the user is an authorized user of the media processing device. [8] A media processing device according to any of the preceding claims, wherein: the memory of the component is configured to store a log indicative of the operations performed by the media processor; the function includes storing the log in memory; and adjusting the function includes editing a portion of the log containing the data. [9] A media processing device according to any of the preceding claims, wherein the data protector is configured for requesting BE2019 / 5129 of a data structure with a type of the data protection command, the data structure comprising a plurality of modifications to the function depending on the type of data protection command. [10] A method for use in a media processing device, the method comprising: processing a media processing instruction received by the media processing device, the media processing instruction comprising a command and data to make a component of the media processing device perform a function; determining whether the command is a data protection command; when the command is the data protection command, adjusting the function to provide protection of the data. [11] A method according to claim 10, further comprising, when the command is not a data protection command, having the component execute a function without modification. [12] A method according to claim 10 or 11, wherein: the memory configuration of the component is provided to store at least one of an image and a format generated by the processing engine based on the command and the data; and the function includes memorizing the at least one of the image and the format. [13] A method according to claim 12, wherein when the data protection command is of a first type, adjusting the function comprises requiring user authentication to store at least one of the image and format in memory. [14] A method according to claim 13, wherein when the data protection command is of a second type different from the first type, adjusting the function comprises preventing the BE2019 / 5129 storing the at least one of the image and format in memory. [15] A method according to any of the preceding claims 10-14, wherein: the component is a printhead; the function includes generating indicia on media located in the media processor; and adjusting the function to require user authentication to generate the indicia on the media. [16] A method according to claim 15, wherein requiring user authentication includes receiving input from a user and using the input to determine whether the user is an authorized user of the media processing device. [17] A method according to any of the preceding claims 10-16, wherein: the memory of the component is configured to store a log indicative of the operations performed by the media processor; the function includes storing the log in memory; and adjusting the function to edit a portion of the log including the data. [18] A method according to any of the preceding claims 10-17, further comprising requesting a data structure with a type of the data protection command, the data structure comprising a plurality of changes to the function depending on the type of the data protection command. [19] A tactile, machine-readable medium comprising machine-readable instructions which, when executed, at least do a machine: processing a media processing instruction received by the media processing apparatus, the media processing instruction being a BE2019 / 5129 includes command and data to make a component of the media processing device perform a function; determining whether the command is a data protection command; when the command is the data protection command, 5 adjust the function to provide protection of the data. [20] A tactile, machine-readable medium according to claim 19, wherein the instruction, when executed, causes the machine to execute the component function without modification, when the command is not a data protection command.
类似技术:
公开号 | 公开日 | 专利标题 US6367017B1|2002-04-02|Apparatus and method for providing and authentication system CN101334915B|2013-06-19|Biometric authentication apparatus, terminal device and automatic transaction machine US20100046015A1|2010-02-25|Methods and systems for controlled printing of documents including sensitive information US9513858B2|2016-12-06|Printing device, control system, and control method of a control system JP4681053B2|2011-05-11|Data management method for computer, program, and recording medium JP4662138B2|2011-03-30|Information leakage prevention method and system US20060037065A1|2006-02-16|Prevention of unauthorized credential production in a credential production system BE1026135B1|2020-05-25|Method and device for protecting sensitive information on media processing devices JP5482172B2|2014-04-23|Document use management system, temporary use license issuing device, document use device, and program WO2010039139A1|2010-04-08|Secure document creation with a multi-function apparatus JP2006343887A|2006-12-21|Storage medium, server device, and information security system JP2005050041A|2005-02-24|Image output device and encrypted information printing system RU2605914C1|2016-12-27|Method of processing data on cash calculations and/or calculations with use of payment cards during control-teller machines operation with functions of fixation and transmitting information and fiscal data server operator US20070136787A1|2007-06-14|System and method for restricting and authorizing the use of software printing resources JP2005059453A|2005-03-10|Image forming device, program and computer-readable recording medium TWI444849B|2014-07-11|System for monitoring personal data file based on server verifying and authorizing to decrypt and method thereof JP2015087477A|2015-05-07|Color erasing apparatus and security control method in color erasing apparatus JP2008513858A|2008-05-01|Method and equipment for postage payment JP2006350423A|2006-12-28|Data management device and program JP2020013519A|2020-01-23|Financial transaction device and deposit passbook JP2015152998A|2015-08-24|Printer and control method of the same JP2703957B2|1998-01-26|Recording device and recording method for portable medium KR20200038682A|2020-04-14|Security system of secret business output and security method for thereof JP2017033492A|2017-02-09|Information processing apparatus, information processing system, and control method of information processing apparatus JP2003196066A|2003-07-11|Printing processor and printing system
同族专利:
公开号 | 公开日 US20210271434A1|2021-09-02| US20190278539A1|2019-09-12| AU2018411583B2|2021-09-09| US11048454B2|2021-06-29| FR3078794A1|2019-09-13| GB202013242D0|2020-10-07| CA3090488A1|2019-09-12| WO2019172979A1|2019-09-12| DE112018007230T5|2020-11-26| AU2018411583A1|2020-09-03| GB2585154A|2020-12-30| BE1026135A1|2019-10-16|
引用文献:
公开号 | 申请日 | 公开日 | 申请人 | 专利标题 US6226749B1|1995-07-31|2001-05-01|Hewlett-Packard Company|Method and apparatus for operating resources under control of a security module or other secure processor| EP2107453A1|2008-03-31|2009-10-07|Ricoh Company, Limited|Approach for processing print data using password control data| US20100191866A1|2009-01-26|2010-07-29|Seiko Epson Corporation|Information Processing Device, For Controlling The Same Method And Recording Medium| WO2016122975A1|2015-01-29|2016-08-04|Qualcomm Incorporated|Techniques for preventing unauthorized users from controlling modem of mobile device| US6428155B1|1999-05-25|2002-08-06|Silverbrook Research Pty Ltd|Printer cartridge including machine readable ink| US6816274B1|1999-05-25|2004-11-09|Silverbrook Research Pty Ltd|Method and system for composition and delivery of electronic mail| AUPQ439299A0|1999-12-01|1999-12-23|Silverbrook Research Pty Ltd|Interface system| US8543823B2|2001-04-30|2013-09-24|Digimarc Corporation|Digital watermarking for identification documents| JP4387687B2|2002-04-26|2009-12-16|キヤノン株式会社|Image processing apparatus, control method, and program| JP4439187B2|2003-02-10|2010-03-24|シャープ株式会社|Data processing device| US7322677B2|2004-01-21|2008-01-29|Silverbrook Research Pty Ltd|Printhead assembly with communications module| US7243842B1|2004-07-27|2007-07-17|Stamps.Com Inc.|Computer-based value-bearing item customization security| US8065239B1|2004-07-27|2011-11-22|Stamps.Com Inc.|Customized computer-based value-bearing item quality assurance| US8181261B2|2005-05-13|2012-05-15|Xerox Corporation|System and method for controlling reproduction of documents containing sensitive information| WO2007012110A1|2005-07-25|2007-02-01|Silverbrook Research Pty Ltd|Product item having coded data identifying a layout| JP5184458B2|2009-07-17|2013-04-17|京セラドキュメントソリューションズ株式会社|Image forming apparatus and server| US8878652B2|2009-11-13|2014-11-04|Zih Corp.|Encoding module, associated encoding element, connector, printer-encoder and access control system| US20160012445A1|2011-11-10|2016-01-14|Antony-Euclid C. Villa-Real|Customer-controlled instant-response anti-fraud/anti-identity theft devices , methods and systems for secured global applications in personal/business e-banking, e-commerce, e-medical/health insurance checker, e-education/research/invention, e-disaster advisor, e-immigration, e-airport/aircraft security, e-military/e-law enforcement, with or without nfc component and system, with cellular/satellite phone/internet/multi-media functions| US9378352B2|2013-02-08|2016-06-28|Intel Corporation|Barcode authentication for resource requests| US20140365242A1|2013-06-07|2014-12-11|Siemens Medical Solutions Usa, Inc.|Integration of Multiple Input Data Streams to Create Structured Data| US10279583B2|2014-03-03|2019-05-07|Ctpg Operating, Llc|System and method for storing digitally printable security features used in the creation of secure documents|
法律状态:
2020-08-10| FG| Patent granted|Effective date: 20200525 |
优先权:
[返回顶部]
申请号 | 申请日 | 专利标题 US15/914,683|US11048454B2|2018-03-07|2018-03-07|Method and apparatus to protect sensitive information on media processing devices| 相关专利
Sulfonates, polymers, resist compositions and patterning process
Washing machine
Washing machine
Device for fixture finishing and tension adjusting of membrane
Structure for Equipping Band in a Plane Cathode Ray Tube
Process for preparation of 7 alpha-carboxyl 9, 11-epoxy steroids and intermediates useful therein an
国家/地区
|