JP2006079253A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To dynamically change user authorities according to access points or user position information in a wireless LAN environment. <P>SOLUTION: This information processor has a network, access points, and a server that can be connected with the network and the access points. The information processor includes a first management means for managing a database that registers devices on the network; a second management means for determining the user authorities of a client terminal and a user ID according to the position information of the access point when the client terminal connects to the network via the access point; and an authentication means for authenticating the user ID obtained by the second management means and for permitting the client terminal to connect with the network. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus, a device, a network system, an information processing method, a device control method, a device search method, and a storage medium, and more particularly to a device search system for easily displaying the searched device and its positional relationship. It is suitable for use.

  2. Description of the Related Art Conventionally, a so-called directory service has been provided as a method for efficiently discovering and using various resources (printers, server devices, scanners, etc.) connected to a network. The directory service is a telephone directory related to the network, and stores various information. A specific example of the directory system using the directory service is, for example, LDAP (Light weight Directory Access Protocol). The above-mentioned LDAP is described in RFC (Request For Comments) 1777, which is a standard specification issued by IETF (Internet Engineering Task Force). By using the directory service to search for device terminal devices connected to the network, for example, it is possible to obtain a list of network addresses of device terminal devices available on the network.

Furthermore, it is known that hierarchical position information of the device terminal device to be used is searched, and that the search result is displayed in an easy-to-understand manner for the user based on the hierarchical position information. For example, taking a device terminal printer as an example, “Where is the printer closest to my location on my floor?” Or “Which printer can output a color image?” It is possible to display a search such as “Is there?” On the client terminal device in a visually easy-to-understand manner. (Patent Document 1)
In addition, proposals have been made to set a user authority for each user ID used when a user logs in to a client terminal device, and to search a device terminal device that can be searched and a range of hierarchical positions that can be searched. (Patent Document 2)
Conventionally, in a wireless LAN system, a client terminal is connected to a network via wireless communication with an access point on the network. In addition, there is a wireless LAN system in which the client terminal is authenticated for connection to the network from an authentication server on the network via an access point, and can be applied to the network device search system based on the user authority as described above. .
JP 2001-084210 A JP 2001-109780 A

  However, when using the above-described search system, if the user authority is set in advance for the user, the user must enter the user ID, password, etc. at any time to indicate that the user authority is possessed. In addition, the user needs to be aware of what his authority is. Furthermore, if you want to obtain higher authority, you must apply to the search system administrator. Further, there is a problem that the administrator has to perform authority setting as needed for the number of users that increase or decrease.

  In order to solve such a problem, an object of the present invention is to dynamically switch user authority based on access point or user position information in a wireless LAN environment.

  An information processing apparatus having a network, an access point, a server connectable to the network and the access point, first management means for managing a database in which devices on the network are registered, and a client terminal When connecting to the network via the access point, the second management means for determining the user authority and user ID of the client terminal based on the location information of the access point, and the second management means An information processing apparatus comprising authentication means for authenticating the obtained user ID and granting network connection permission to the client terminal.

  As described above, in the wireless LAN environment, the user authority is dynamically switched based on the access point or the user position information, so that the user does not need to apply for acquiring the user ID and needs to remember the user ID and password. Also disappear. In addition, the administrator simply creates information that associates position information and authority with the management server first, and the action that has been taken when the number of users increases or when the authority of users is changed becomes unnecessary.

(First embodiment)
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram showing the configuration of a device search system showing an embodiment of an information processing apparatus, device, network system, information processing method, device control method, device search method, and storage medium of the present invention. As shown in FIG. 1, the client device 20, the device 30, the server device 10, and the access point 40 are arranged on the network 50. The client device 20 is configured by, for example, a general-purpose computer, and includes a search request module 21 that transmits a desired device search condition to the server device and receives the result, a display module that visually displays the received search result, and the like. . The server apparatus 10 has a function as a directory server having a database 11 that manages attribute information of devices on the network 50. In the database 11, identification information of devices on the network and various layer information of the devices are registered. The search module 12 searches for a device that matches the condition from the database 11 based on the device search condition received from the client apparatus 20, and transmits the search result to the client apparatus. The device attribute registration module 31 receives device attributes from the device 30 or the like and registers them in the database 11. The device 30 has a function for providing various services to the client apparatus 20 and the like, and is, for example, a scanner, a printer, or a facsimile. The device attribute transmission module 31 sends its own attribute information to the server device 10 to make a registration request. The access point 40 can wirelessly communicate with the client device 20 existing in the communicable range. In this embodiment, a wireless LAN (Local Area Network) based on standards such as IEEE802.11, IEEE802.11b, and IEEE802.11a is used as a wireless communication method. The example of FIG. 1 shows the configuration of the minimum unit of the device search system, and a plurality of client devices and devices are arranged on the network. Further, a device search system in which a plurality of server devices are arranged may be used.

  FIG. 2 is a block diagram of the access point.

  An access point is a device that serves as a parent device in a wireless LAN, and can use a file sharing between wireless LAN adapters connected to a plurality of personal computers in a wireless environment.

  A wireless unit 201 transmits and receives wireless data. The wireless unit 201 includes a transmission unit 210, a reception unit 211, and an antenna 212. A signal processing unit 202 detects a signal received by the receiving unit 211, converts the signal into a digital signal, and modulates the digital signal transmitted from the data processing unit 203 for wireless transmission. In addition, the signal processing unit 202 attaches a header or the like to make the data sent from the data processing unit 203 data for wireless transmission, or removes the header from the received data and sends it to the data processing unit 203. Has the function of

  A data processing unit 203 includes a transmission data processing unit 205 that performs encryption processing on data from the network interface 208 using the WEP encryption method, and a reception data processing unit 206 that decrypts the encrypted data. A control unit 204 determines the presence of a new client terminal and controls the entire access point. A storage unit 207 stores information such as an encryption key for performing WEP encryption processing and an ID of a client terminal. A network interface unit 208 is an interface between the access point and the network.

  FIG. 3 shows a layout bitmap of a floor having a wireless LAN environment according to the present embodiment. On this floor 1F, the device search system can operate. Here, the floor 1 </ b> F has rooms 301 and 302. Reference numerals 303 and 304 denote MFPs (Multi Function Peripherals, which are copiers, but can also be used as network color printers, scanners, and fax machines) installed in the rooms 301 and 302, respectively. Here, the MFP is shown as a representative network device, but it may be a monochrome printer or a scanner. Reference numerals 305 and 306 denote notebook PCs owned by the user. These are PCs that can execute network client programs. These notebook PCs can be connected to a wireless LAN as the client terminal device described above, and have a function of issuing inquiry information regarding a device that satisfies a desired condition to a server device connected on the network, as will be described later. , Has a display function for displaying the search results. Reference numeral 307 denotes a workstation WS that can execute the network server program of the present embodiment. The workstation WS112 is connected to the network as the server terminal device described above, and stores various information related to the network devices 303 and 304, as will be described later, and the client device 305 connected to the network. Alternatively, it has a function of receiving a device search inquiry from 306 and returning the result.

  FIG. 4 is a schematic configuration diagram showing the internal configuration of a general personal computer. The basic internal configuration of the notebook PCs 305 and 306 and the server terminal device 307 in FIG. 3 is as described above. In FIG. 4, reference numeral 400 denotes a PC on which client device software or network server device software (hereinafter collectively referred to as network device terminal device search software) operates, and is equivalent to 305, 306, or 307 in FIG. . The PC 400 includes a CPU 402 that executes network device search software stored in a ROM 403 or a hard disk (HD) 411 or supplied from a floppy disk drive (FD) 412, and is connected to the system bus 401. Control the device as a whole. Reference numeral 404 denotes a RAM which functions as a main memory, work area, and the like for the CPU 402. A keyboard controller (KBC) 405 controls instruction input from the keyboard (KB) 409. A CRT controller (CRTC) 406 controls display on a CRT display (CRT) 410. A disk controller (DKC) 407 is used to access a hard disk (HD) 411 and a floppy (registered trademark) disk controller (FD) 412 that store a boot program, various applications, editing files, user files, a network management program, and the like. Control. A network interface card (NIC) 408 is used for bidirectionally exchanging data with a network printer, another network device, or another PC via the LAN 420. A mouse controller (MC) 413 controls the mouse (MS) 414.

  FIG. 5 is a flowchart showing user authentication in a general wireless LAN environment. First, the user makes a connection request to the access point. (501) Next, the access point requests a user ID from the user. (502) Next, the user transmits a user ID given in advance, for example, ““ A ”” to the authentication server via the access point. (503) After receiving the user ID, the authentication server determines whether or not the user ID is correct, and if it is correct, makes a password request to the user. (504) The user transmits a password registered in advance with respect to the user ID, for example, ““ XXX ”” to the authentication server. (505) After receiving the password, the authentication server determines whether or not the password is correct, and if it is correct, issues a connection permission to the user. (506) Through the above process, the user can connect to the network for the first time. (507) Here, the user can connect to the server apparatus 10 having the database 11 for managing the device attribute information in FIG. 1, and display the network device list on the notebook PC.

  Here, for example, when setting the authority of a user in order to restrict the display of the network device list, the administrator can realize it by setting the authority for each user ID on the authentication server. Since the user makes an application for acquiring the user ID to the administrator, the administrator needs to respond as needed when the number of users increases or when the user authority is changed. Moreover, the user needs to memorize | store a user ID and a password.

  Next, FIG. 6 shows a flowchart for obtaining user authority from the location information of the access point that is the point of the first embodiment and displaying the device list (layout).

First, the user makes a connection request to the management server via the access point. (601)
The management server has a database associating position information, user ID, and authority as shown in FIG. The position information is information indicating where the access point is located as coordinates, and the authority is information indicating the authority given to the user. The authority is higher in the order of admin, user, and guest. In response to the connection request (601) from the access point, the management server makes a request for the access point location information that transmitted the connection request. (602) Next, the access point transmits its location information registered in advance, for example, ““ P0 ”” to the management server. (603) Next, the management server searches for the user ID (the user ID of the position information P0 is “ID0”) based on the information shown in FIG. 7, and transmits it to the authentication server. (604) After receiving the user ID, the authentication server issues a connection permission to the user via the access point. (605) Through the above process, the user can connect to the network. Since the user ID “ID0” is given “admin” authority as shown in FIG. 7, the user can display the network device list on the notebook PC as “admin”. Thus, it can be seen that the authority of the user is dynamically changed according to the location information of the access point to which the user is connected.

  Next, a display method of the network device list according to the user authority will be described with reference to FIGS. In FIG. 3, when the user is at the position 305, the access point to be connected is 308, and when the user is at the position 306, the access point to be connected is 309. Further, the user authority obtained from the location information of the access point 308 is “admin”, and the user authority obtained from the location information of the access point 309 is “guest”. When the user is at the position 305, “admin” authority is acquired according to the flowchart of FIG. 6 described above, and the floor layout and the network device are displayed on the browser on the notebook PC, for example, as shown in FIG. . Here, the “admin” authority can display the layout of all floors (all rooms) and all network devices. Further, when the user is at the position 306, the “guest” authority is acquired according to the flowchart of FIG. 6 described above, and the floor layout and the network device are displayed on the browser on the notebook PC, for example, as shown in FIG. . Here, the “guest” authority can display the layout of some floors (some rooms) and some network devices. According to this, it is understood that the user who has acquired the “guest” authority cannot display the room 301 and the MFP 303 in FIG.

  As described above, in the wireless LAN environment, the user authority can be dynamically switched based on the location information of the access point.

(Second embodiment)
In the first embodiment, the user authority is dynamically switched based on the position information of the access point. In the second embodiment, the user authority is dynamically switched based on the user position information. Will be described.

  In this embodiment, GPS is used as an example of means for acquiring user location information. GPS (Global Positioning System) is a global positioning system GPS that orbits a satellite orbit and receives a radio wave transmitted from an artificial satellite to obtain a position of a station. FIG. 10 is a diagram for explaining a portable terminal for receiving GPS. The mobile terminal 1002 includes a GPS receiving unit 1003, a manager 1004, a control system 1005, and a wireless communication unit 1006. The GPS receiving unit 1003 is a receiving unit that receives information from the GPS 1001 and acquires coordinate data as longitude and latitude. The manager 1004 is a manager that receives coordinate information from the GPS receiver 1003 and receives control from the control system 1005 and performs communication with the wireless communication unit 1006. The control system 1005 is a control system that controls portable terminals including a GPS receiver 1003, a manager 1004, and a wireless communication unit 1006. The wireless communication unit 1006 is a part that performs wireless communication of the mobile terminal 1002. In this embodiment, it is assumed that the notebook PC includes these means, and the user's position information is acquired.

  Next, FIG. 11 shows a flowchart for acquiring user authority from the user position information, which is the point of the second embodiment, and displaying a device list (layout). First, the user makes a connection request to the management server via the access point. (1101) The management server has a database associating user location information, user IDs, and authorities as shown in FIG. The user position information is information indicating where the user is located as an area, and the authority is the same as in the first embodiment, and thus the description thereof is omitted.

In response to the connection request (1101) from the access point, the management server makes a request for the user location information that transmitted the connection request. (1102) Next, the position information acquired by the GPS described above, for example, ““ P1 ”” is transmitted to the management server. (1103) Next, the management server searches to which area of the user position information the acquired user position belongs based on the information shown in FIG. The ID is searched for “ID0”) and transmitted to the authentication server. (1104) After receiving the user ID, the authentication server issues a connection permission to the user via the access point. (1105)
As described above, in the wireless LAN environment, the user authority can be dynamically switched based on the user position information.

(Third embodiment)
In the first and second embodiments, the user authority is used for restricting the display of the network device. However, this is not the only case. For example, a user having the “admin” authority uses the color MFP. Although it is possible, the user having the “guest” authority can use only the monochrome MFP as a model of the network device and the function restriction. An example is shown in FIGS. FIG. 13 shows layouts and devices viewed by a user having “admin” authority, where 1301 and 1302 are color MFPs, and 1303 is a monochrome MFP. FIG. 14 shows a layout and a device viewed by a user having “guest” authority. Here, a user who has “guest” authority adds a restriction that the color MFP cannot be used. It can be seen that the layout (room) is displayed, but the color MFP is not displayed.

1 is a schematic diagram of a system in Embodiment 1. FIG. FIG. 2 is a configuration diagram of an access point according to the first embodiment. FIG. 3 is an explanatory diagram of a layout in the first embodiment. 1 is a configuration diagram of a PC in Embodiment 1. FIG. 2 is a flowchart according to the first embodiment. 2 is a flowchart according to the first embodiment. Explanatory drawing of the positional information and authority in the present Example 1. FIG. Explanatory drawing of the device display on the browser in the present Example 1. FIG. Explanatory drawing of the device display on the browser in the present Example 1. FIG. FIG. 6 is a configuration diagram of GPS in the second embodiment. 10 is a flowchart according to the second embodiment. Explanatory drawing of the positional information and authority in the present Example 2. FIG. Explanatory drawing of the device display on the browser in the present Example 3. FIG. Explanatory drawing of the device display on the browser in the present Example 3. FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Server apparatus 11 Database 12 Search module 13 Attribute registration module 20 Client apparatus 21 Search request module 22 Display module 30 Device 31 Search request module 40 Access point 50 Network

Claims (4)

An information processing apparatus having a network, an access point, a server connectable to the network and the access point,
First management means for managing a database in which devices on the network are registered, and when the client terminal connects to the network via the access point, based on the location information of the access point, the client terminal A second management unit that determines a user authority and a user ID; and an authentication unit that authenticates the user ID obtained by the second management unit and gives a network connection permission to the client terminal. A characteristic information processing apparatus.   The first management means includes storage means for storing a plurality of map information corresponding to hierarchical position information that hierarchically represents information related to device positions on the network, and is stored in the storage means. 2. The information processing apparatus according to claim 1, wherein control is performed based on map information and position information, and the information is displayed on a client terminal.   The information processing apparatus according to claim 1, wherein map information displayed on the client terminal and a device are controlled based on a user authority determined by the second management unit. An information processing apparatus having a network, an access point, a server connectable to the network and the access point,
First management means for managing a database in which devices on the network are registered, and when the client terminal connects to the network via an access point, based on the location information of the client terminal, A second management unit that determines a user authority and a user ID; and an authentication unit that authenticates the user ID obtained by the second management unit and gives a network connection permission to the client terminal. A characteristic information processing apparatus.

Images