JP2007141172A - Authentication device, management system, management method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To attain authentication processing by which only functions required for each user can be used using one authentication card by each user. <P>SOLUTION: In a management device 20, an authentication information setting control part 271 associates card identification information of an IC card 30 used by the user with information about an operation mode with use authority among a plurality of operation modes owned by a complex machine 10 to register the pieces of information in an authentication information table 261. An IC card communication part 22 reads the card identification information from the IC card 30 loaded on a card loading part 221, an authentication control part 272 specifies the operation mode information corresponding to the card identification information from the authentication information table 261 and transmits a use permission instruction for the operation mode to the complex machine 10. The complex machine 10 performs control so as to permit use of the operation mode for use permission instruction received from the management device 20. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an authentication apparatus that authenticates a user of a device having a plurality of operation modes and a use operation mode based on information read from a recording medium, a management system that manages the operation of the device using the same, and a management More particularly, the present invention relates to an authentication apparatus, a management system, a management method, and a program that allow each user to authenticate an available user and an operation mode of the apparatus using one authentication card.

  Various systems are known as a system for selecting various devices to be used by a user or a system for limiting the use of devices to only authorized users.

  For example, in Patent Document 1 below, authentication is performed using an LC-ID that identifies a user with a usage right control server in order to prevent unauthorized use of a digital content distribution service using a network without paying a fee. By generating the data, encrypting it with the encryption key and sending it to the user terminal, sending the authentication data decrypted with the encryption key at the user terminal back to the usage right control server and comparing it with the authentication data before encryption A technique for authenticating a user is disclosed.

  Patent Document 2 below stores the type of application together with an ID assigned when a user inserts a coin (or inserts a card) into a charging device in a network printer with a charging device. A technique for enabling use of a printer according to the type of application is disclosed.

  These technologies described in Patent Documents 1 and 2 are technologies for authenticating users of digital content distribution services and Internet printers, respectively, and have a plurality of functions such as an image forming apparatus, particularly a copy function and a printer function. Authentication processing technology applied to the use of multifunction devices has also been proposed.

  For example, in Patent Documents 3 and 4 below, a technique for referring to preset information and authenticating a user of an application of an image forming apparatus (multi-function peripheral) using means corresponding to the information, The set information includes the address of the server that registered the user identification information. Based on the address, the user identification information input to the image forming apparatus is transmitted to the server, and the authentication result is received from the server. Technology is disclosed.

  In an authentication system that allows only a function permitted to a user who is permitted to use the multifunction device and only a permitted function for the multifunction device as disclosed in Patent Documents 3 and 4, a multifunction device is provided. As users (users) to be used, there are not only general users but also device managers and device maintainers.

  Here, in addition to various functions such as a copy function and a print function used by general users, the device administrator needs to use a setting function such as copying or the number of prints, and the device maintainer also uses a multifunction device. It is also necessary to use the maintenance function for all functions.

Conventionally, an authentication system that can change the usable function for each authentication card has been proposed on the premise that an authentication card such as an IC card or a magnetic card is used in such a usage environment of the multifunction device.
JP 2003-316913 A JP-A-9-259351 JP 2004-5408 A JP 2004-5409 A

  However, in the above-described conventional authentication system, usable functions differ depending on information stored in the authentication card, and when a plurality of functions are used by one person, it is necessary to use a plurality of authentication cards.

  In particular, a device administrator who needs to use various setting functions in addition to using the same functions as a general user, and a device maintainer who needs to use maintenance functions for each function in addition to the various setting functions. Therefore, there is a problem that it is necessary to have more authentication cards, and management of the authentication cards becomes complicated.

  The present invention solves the above problems, and any of general users, device managers, and device maintainers can use only the functions required for each user using a single authentication card, An object of the present invention is to provide an authentication device, a management system, a management method, and a program that can prevent complication of card management.

  In order to achieve the above object, the invention described in claim 1 is characterized in that, in the authentication device that authenticates the user of the device having a plurality of operation modes and the use operation mode based on the information read from the recording medium, the unique identification is performed. A recording medium on which information is recorded, a reading means for reading the information recorded on the recording medium, the identification information recorded on the recording medium, and an operation having use authority among a plurality of operation modes of the device Based on the authentication information table registered in association with the mode information and the identification information read from the recording medium, the use authority operation mode corresponding to the identification information is identified from the authentication information table, and the identified use authority And an authentication control means for sending a use permission command for the operation mode to the device.

  According to a second aspect of the present invention, in the first aspect of the present invention, the authentication information table includes an arbitrary device management mode among a plurality of device management modes of the device as the operation mode information having the use right. And the authentication control means specifies the device management mode corresponding to the read identification information from the authentication information table and sends the use permission command for the device management mode. Features.

  According to a third aspect of the present invention, in the first or second aspect of the present invention, the authentication information table is an arbitrary functional mode among a plurality of functional modes of the device as the operation mode information having the authority to use. And the authentication control means specifies the function mode corresponding to the read identification information from the authentication information table and sends the use permission command for the function mode. To do.

  The invention according to claim 4 is a management system comprising a device having a plurality of operation modes and a management device that manages the operation of the device based on identification information of a user. A recording medium on which the information is recorded, reading means for reading the information recorded on the recording medium, the identification information recorded on the recording medium, and an operation mode with use authority among a plurality of operation modes of the device Based on the authentication information table registered in association with the information and the identification information read from the recording medium, the usage right operation mode corresponding to the identification information is identified from the authentication information table, and the identified usage authority Authentication control means for sending a use permission command for the operation mode to the device, and the device is a target of the use permission command received from the management device. Characterized by comprising control means for controlling so as to allow the use of the operation mode.

  The invention according to claim 5 is the invention according to claim 4, wherein the authentication information table includes any device management mode among a plurality of device management modes of the device as the operation mode information having the authority to use. And the authentication control means specifies the device management mode corresponding to the read identification information from the authentication information table and sends the use permission command for the device management mode. Features.

  The invention according to claim 6 is the invention according to claim 4 or 5, wherein the authentication information table is an arbitrary function mode among a plurality of function modes of the device as the operation mode information having the authority to use. And the authentication control means specifies the function mode corresponding to the read identification information from the authentication information table and sends the use permission command for the function mode. To do.

  The invention according to claim 7 is the invention according to claim 6, wherein the authentication information table registers one mode for each of the device management mode and the function mode, and the authentication control means reads the mode. One device management mode and one function mode corresponding to the identification information are specified from the authentication information table, and the use permission command for the specified mode is sent, and the device receives from the management device The image processing apparatus includes a display unit that displays an operation screen corresponding to a mode that is a target of the use permission command.

  The invention according to claim 8 is the invention according to claim 6, wherein the authentication information table registers one mode and a plurality of modes for each of the device management mode and the function mode, and the authentication control means The device management mode and the plurality of function modes corresponding to the read identification information are specified from the authentication information table, and the use permission instruction for the specified mode is sent, and the device includes: The image processing apparatus includes a display unit configured to display a mode selection screen capable of selecting a desired mode among a plurality of modes that are targets of the use permission command received from the management device.

  The invention according to claim 9 is the invention according to claim 8, wherein the device holds holding relation information that defines an inclusion relation relating to use authority between the plurality of device management modes, and the management apparatus. Determining means for determining the inclusion relationship between the device management mode that is the target of the use permission command received from the other device management mode based on the inclusion relationship information, and the display means includes In accordance with the determined inclusion relationship, the mode selection screen is displayed that allows a desired mode to be selected between the device management mode that is the target of the use permission command and another device management mode included in the device management mode. It is characterized by that.

  According to a tenth aspect of the present invention, in the management method in which the management apparatus manages the operation of the apparatus having a plurality of operation modes based on the identification information of the user read from the recording medium, the uniqueness recorded on the recording medium is recorded. Is registered in the authentication information table of the management device in association with the information on the operation mode with the right to use among the plurality of operation modes of the device, and read from the recording medium by the reading means of the management device. On the basis of the identification information, the authentication control means of the management device specifies the use authority operation mode corresponding to the read identification information from the authentication information table, and uses permission for the specified use authority operation mode. A command is sent to the device, and the device is controlled by the control means to permit the use of the operation mode that is the target of the use permission command received from the management device. And controlling.

  The invention described in claim 11 is implemented in a management device, and causes the management device to perform processing for managing the operation of a device having a plurality of operation modes based on identification information of a user read from a recording medium. The authentication information registration process for registering the unique identification information recorded on the recording medium and the information on the operation mode having the authority to use among the plurality of operation modes of the apparatus in the authentication information table in association with each other, and reading Based on the identification information read from the recording medium by the means, the authentication control means specifies the use authority operation mode corresponding to the read identification information from the authentication information table, and targets the specified use authority operation mode. The management device is caused to perform a use permission command sending process for sending a use permission command to the device.

  According to the present invention, the management device associates the unique identification information stored in the recording medium used by the user with the information on the operation mode with the use right among the plurality of operation modes of the device to be managed. Based on the identification information that is registered in the authentication information table and read from the recording medium, the usage authority operation mode corresponding to the identification information is specified from the authentication information table, and a usage permission instruction for the specified usage authority operation mode is issued. On the other hand, since the managed device is controlled to permit the use of the operation mode that is the target of the use permission command received from the management device, each user has one recording medium. Can be used to transmit a use permission command related to the operation mode with the use right associated with the identification information of the recording medium from the management device to the managed device. Selectively eliminates the need for holding a driving plural sheets of recording medium in order (the card), it is easy to card management.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a conceptual diagram showing the overall configuration of a management system according to the present invention.

  This system is a multifunctional machine (having a plurality of functions such as a copy function, a scan function, a printer function, and a FAX (facsimile) function) 10 which is an image forming apparatus to be managed, and is placed at a predetermined reading position by a user. Alternatively, whether or not the user is permitted to use the multifunction device 10 based on the read information (card information) based on the information read from the adjacent non-contact type IC card (hereinafter referred to as an IC card) 30 And a management device 20 that controls the multifunction machine 10 to a use-permitted state or a use-prohibited (unusable) state according to the authentication result, and a notebook computer, etc., and connected to the management device 20 And a setting device 40 for performing various settings such as setting of information necessary for performing the authentication process.

  In this system, the multifunction machine 10 and the management apparatus 20 are always connected by a cable or the like, and the setting apparatus 40 is connected to the management apparatus 20 only when setting is necessary.

  The management device 20 is provided with a card placement unit 221 for placing an IC card 30 to be read within a readable range of a non-contact type IC card communication unit 22 to be described later on the upper surface of the management device 20 in terms of appearance configuration.

  In addition, on the upper part of the card placement unit 221, the multifunction device 10 uses a readable state display LED (Light Emitting Diode) 211 indicating a readable state of the IC card 30 and information read from the IC card 30. Corresponding to being controlled to a permission state or a use prohibition state, a use permission state display LED 212 controlled to be turned on and off is provided.

  Further, an operation unit 23 having a release button or the like for canceling the usable state of the multifunction machine 10 is provided at a position adjacent to the card placement unit 221.

  In this management system, in a standby state, a use prohibition command is sent from the management apparatus 20 to the multifunction device 10, and the multifunction device 10 cannot operate. At this time, the use permission state display LED 212 is in an extinguished state.

  In this state, when using the multifunction device 10, the user confirms that the readable state display LED 211 is lit, and puts the IC card 30 carried by the user into the card placement unit 221 of the management device 20. The information recorded on the IC card 30 is read by the management device 20 by placing or holding (proximate) it.

  In the management apparatus 10, when the user is authenticated as a user who is permitted to use the multifunction device 10 based on the information read from the IC card 30 (in the case of authentication OK), the command (use of the multifunction device 10 is permitted. The user can perform operations such as copying, printing, and FAX using the multifunction machine 10 while the use permission command is sent.

  While the multifunction machine 10 is in the use permission state, the readable state display LED 211 and the use permission state display LED 212 are controlled to be turned off.

  FIG. 2 is a block diagram showing functional configurations of the multifunction peripheral 10 and the management apparatus 20 of the management system in FIG.

  As shown in FIG. 2, the multifunction device 10 includes a display unit 11, an operation unit 12, an image forming unit 13, a management device connection unit 14, and a multifunction device control unit 15.

  The display unit 11 displays various types of information such as the operation state of the multifunction device 10 and a message prompting the user to operate when the multifunction device 10 is in a usage-permitted state.

  The operation unit 12 inputs various commands and information such as a start command operation related to copying, printing, FAX, and the like when the multifunction machine 10 is in a usage-permitted state.

  The image forming unit 13 prints out image information to be printed on paper as an image by an electrophotographic process under the control of the multifunction device control unit 15 in response to activation commands related to various functions in the operation unit 10.

  The management device connection unit 14 is connected to the multifunction device control unit 25 of the management device 20 and controls the exchange of data and control signals with the management device 20.

  The multifunction device control unit 15 performs overall control of the entire multifunction device 10 through the control of each unit described above. In this control, in the state where the use prohibition command is given from the management device 20, the command operation acceptance such as the start of copying from the operation unit 11 is prohibited, while in the state where the use permission command is given from the management device 20. Control for switching to a state where the command operation can be accepted from the operation unit 11 (use permission state). In the use permission state, the image forming unit 13 is driven in response to a command such as a copy start from the operation unit 11 to display an image. This includes printing operation control for printing out.

  On the other hand, the management apparatus 20 performs communication related to reading of information between the display unit 21 having the readable state display LED 211 and the use permission state display LED 212 and the IC card 30 mounted on or close to the card mounting unit 221. A non-contact type IC card communication unit (hereinafter referred to as an IC card communication unit) 22 to be performed, an operation unit 23 including a release button (not shown) for canceling the use permission state of the multifunction device 10, and a setting device 40 Various information such as a setting device connection unit 24 that controls the connection interface of the device, a multifunction device control unit 25 that is connected to the management device connection unit 14 of the multifunction device 10 and controls the multifunction device 10, and an operation control program of the management device 20 A storage unit 26 that stores data, and a management device control unit 27 that controls the entire management device 20 based on an operation control program stored in the storage unit 26 are provided. .

  The display unit 21 controls lighting of the readable state display LED 211 and the usage permission state display LED 212 based on a predetermined control signal from the management device control unit 27, and the management device 20 can read or read the IC card 30. The user is notified of the prohibited state and that the multifunction device 10 is in a use-permitted state or a use-prohibited state.

  The IC card communication unit 22 reads the information recorded on the IC card 30 by placing or holding the IC card 30 in a predetermined space including the surface of the card placement unit 221. The information is transferred to the management device control unit 27.

  The setting device connection unit 24 controls transmission and reception of data and control signals between the management device 20 and a setting device 40 connected via a cable [for example, Ethernet (registered trademark) cable].

  The multifunction device control unit 25 receives a control signal output from the management device control unit 27 according to a user authentication result performed by the management device control unit 27 based on the information read from the IC card 30, and receives the control signal. A command signal indicating permission or prohibition of use is transmitted to 20 to control the operation of the multifunction device 20.

  The storage unit 26 performs processing for authenticating whether or not the management device control unit 27 is a user registered to be able to use the multifunction device 10 based on information read from the IC card 30 through the IC card communication unit 22. Necessary information and various setting information set from the setting device 40 in association with the execution of the authentication process are held together with the above-described operation control program.

  In the overall control described above, the management device control unit 27 controls the IC card communication unit 22 to read the information on the IC card 30, and the information read from the IC card 30 and the authentication stored in the storage unit 26. Control for verifying whether or not the user is permitted to use the multifunction device 10 by comparing and collating the information, and depending on whether the user is permitted to use (authentication OK) or not (authentication NG). The multifunction device 10 is set in an operation (use) permission state or an operation (use) prohibition state through the device control unit 25, and the multifunction device 20 is operated based on an operation of removing the IC card 30 or pressing the release button of the operation unit 23. The control etc. which switch from a permission state to an operation prohibition state are performed.

  In the operation of the system of the present invention, there are general users, device managers, and device maintainers as users of the multifunction machine 10.

  The general user is a user who can use only a function for which use permission is set in advance among a plurality of functions of the multifunction machine 10.

  The device administrator is a person in charge of managing the use restrictions of each function used by general users. In addition to the authority to use various functions that can be used by general users, the device administrator uses the above use restriction conditions (for example, copy The authority to set the number of prints, the limit value of the number of prints, etc.) to the MFP 10 using the corresponding setting screen is given.

  The device maintainer is a person in charge of maintenance work related to various functions of the multifunction peripheral 10, and in addition to the authority to use the functions that can be used by the device administrator, it further has the authority to display and operate a maintenance screen. Is given.

  In the system of the present invention in which these users with different usage rights have the opportunity to use the multifunction machine 10, the management apparatus 20 uses the same IC card 30 for each user with different usage rights. Authentication processing that can use the functions corresponding to is realized.

  In order to realize this authentication processing, in the configuration of the management apparatus 20 shown in FIG. 2, the storage unit 26 stores identification information unique to the IC card (stored in the IC card 30 owned by each user of the multifunction machine 10) ( For example, an authentication information table 261 is provided in which card identification information) and information on operation modes having use authority (permitted to use) among a plurality of operation modes of the multifunction device 10 are associated and registered as authentication information. .

  Further, the management device control unit 27 of the management device 20 communicates with the setting device 40 connected to the setting device connection unit 24, takes in the information input by the setting operation from the setting device 40, and stores it in the authentication information table 261. An authentication information setting control unit 271 for setting authentication information, card information read by the IC card communication unit 22 from the IC card 30 placed or brought close to the card placement unit 221 by the user, and registered in the authentication information table 261 The authentication information corresponding to the received card information is compared and verified to authenticate the user and the operation mode permitted to be used corresponding to the IC card 30, and the use permitted by the authorized user is permitted. An authentication control unit 272 is provided for controlling the operation of the multifunction machine 10 so that only the operation mode can be activated.

  Hereinafter, the operation of the system according to the present invention will be described step by step with examples.

  In the system of the present invention, an IC card 30 used as an authentication card is issued prior to its operation, and the IC card 30 is compared with the card information read from the IC card 30 in the storage unit 26 of the management device 20. The authentication information used for authenticating the user possessing 30 must be registered in the authentication information table 261 in advance.

  The IC card 30 is issued using a card issuing device (not shown) as follows.

  First, the IC card 30 is attached to the card issuing device, and information including information necessary for authentication by the management device 20 functioning as an authentication device is stored in the IC card 30. The IC card 30 is issued by, for example, a device manager selected from employees of a company that installs and operates the multifunction device 10.

  FIG. 3 is a conceptual diagram showing an information storage structure of the IC card 30 used as an authentication card in the system according to the present embodiment.

  The IC card 30 is used, for example, as an employee ID card of a company that installs and operates this system. The system code “12345, service codes“ 1008h ”,“ 1028h ”,“ 1068h ”,“ 1088h ” Etc. are memorized.

  Among these, for the service code “1008h”, “0 (zero)” bytes (bytes) to 7 bytes are attribute code numbers, 8 to 15 bytes are valid, and 16 to 31 bytes. Up to each name is stored.

  Similarly, for the service codes “1028h”, “1068h”, and “1088h”, each piece of information of the data items shown in FIG. 3 is stored in each byte area for each service code.

  Among these, the attribute code number stored in the 0 to 7 byte area of the service code “1008h” is a card identification number for identifying the IC card 30.

  The number of card issuances stored in the 0-15 byte area of the service code “1068h” is used for card use prohibition control due to loss of the card or other reasons.

  For example, the number of times of issuance = 2 is stored in the IC card 30 that is reissued after a certain user loses the IC card 30, and the IC card 30 in which the number of times of issuance = 3 is stored is issued again. The In this case, the same card identification information is stored in the IC card 30 from the first issued card to the last issued card.

  On the other hand, each time the IC card 30 is issued, the management device 20 also stores the card issuance count of the IC card 30 corresponding to the card identification information of the IC card 30, and each time the IC card 30 is reissued. Updated to the latest card issue count.

  When the card issue count read from the IC card 30 does not match the latest card issue count stored, the management device 20 processes the authentication result by the IC card 30 as an authentication NG, thereby issuing the latest card issue. The unauthorized use of the IC card 30 (lost card, etc.) in which the number of issued cards less than the number of times is stored is prevented.

  Registration of authentication information with respect to the authentication information table 261 of the management apparatus 20 is performed, for example, by using the setting device 40 connected to the setting device connection unit 24 by the device administrator described above.

  During this setting process, if an authentication information setting start operation is performed by pressing a predetermined key in the setting device 40 in a state where the setting device 40 is connected to the management device 20, it is installed in the own device. The web browser (Web Browser) is activated to display a setting screen on the display unit, and necessary information is input on the setting screen.

  On the other hand, the management device 20 receives information input from the setting device 40 through the information input operation through the setting device connection unit 24, and the authentication information setting unit 271 authenticates the received input information in a predetermined form. Information is registered in the authentication information table 261 as information.

  Here, the authentication information set in the authentication information table 261 is based on the card information read from the IC card 30 possessed by the user, that the user possessing the IC card 30 is an appropriate user, It is necessary to have information content that can specify the operation mode (use authority) permitted to use the multifunction device 10 for the user.

  In particular, in this embodiment, users of the MFP 10 are classified into general users, device managers, and device maintainers, and the usable operation modes of the MFP 10 are restricted for each type of user. In order to perform the authentication processing to be performed, the user is any one of a general user, a device administrator, and a device maintenance person based on the card information read from the IC card 30 possessed by each user, and the multifunction device It is necessary to set authentication information having information contents that can identify which of the ten available operation modes.

  FIG. 4 is a table showing an example of registration of authentication information in the authentication information table 261a according to the present embodiment.

  In this authentication information table 261a, the card identification information is information specific to each IC card 30 for identifying the IC card 30 possessed by the user of the multifunction device 10 as an employee card (for example, 0 to 0 of the service code 1008h). The attribute code number stored in the 7-byte area: see FIG.

  In the authentication information table 261a illustrated in FIG. 4, card identification information (“00011000”, “00011005”,..., “,” Corresponding to each IC card 30 possessed by a general user, a device manager, and a device maintenance person. ”,“ 0001015 ”,“ 00013001 ”, etc.), device management restriction mode, function restriction mode, card issuance count, authentication ID, reading range, and setting password.

  As the device management restriction mode, each user (card identification number) has one item in each mode of “general user”, “device administrator”, and “device maintenance person” [for each user. It is possible to selectively specify a device management mode that grants usage authority (permits usage).

  As the function restriction mode, one item of each function mode of “copy”, “print”, “FAX”, “scan”, and “all functions” for each user (card identification number) [each user Can be selectively designated as a function mode for granting use authority (permitting use).

  Also, in the authentication information table 261a illustrated in FIG. 4, among the information other than the restriction mode (device management restriction mode, function restriction mode) registered corresponding to the card identification information, the card issuance count is from the IC card 30. This is information used to process authentication as non-permitted (NG) when the card issuance is verified by comparing with the read card issuance count.

  The ID for authentication is matched by comparing with the input password when a procedure for requesting the password and inputting it to the user when performing authentication processing based on the card information read from the IC card 30 is used. Then, it is information (password) used for processing for proceeding to authentication processing.

  The reading range specifies an information area to be read as information for authentication from the IC card 30 having the information storage structure shown in FIG. In this example, in order to read the card identification information and the card issuance count from the IC card 30, the storage areas of these pieces of information (0 to 7 bytes of 1008h, 0 to 15 bytes of 1068h) are designated as reading areas.

  For example, when the device administrator uses the setting device 40 to register the authentication information in the authentication information table 261, the setting password is requested when the device administrator uses the setting password to input the device administrator. If the input password for comparison is compared and matched, it is information dedicated to setting authority authentication used for processing for accepting authentication information setting processing.

  As described above, in this embodiment, the device manager uses the setting device 40 connected to the management device 20 to configure the devices in the modes of “general user”, “device manager”, and “device maintainer”. Information on one item of each of the two types of restriction modes, ie, the restriction mode and the function restriction mode consisting of the function modes of “copy”, “print”, “FAX”, “scan”, and “all functions”. However, the authentication information table 261a having information contents that can be specified from the card information (card identification information) read from the IC card 30 is registered in the management apparatus 20 in advance.

  In addition, the device manager distributes each IC card 30 issued from the card issuing device by the above procedure to each corresponding user by the following method.

  For example, the IC card 30 with the card identification number = 00011000 storing the “general user” mode with respect to the device management restriction mode of the authentication information table 261a is given the authority as the general user, for example, employee A (the IC card 30 concerned) Employees who match the “name” stored in

  Similarly, regarding the device management restriction mode of the authentication information table 261a, “IC card 30 with card identification number = 00011005 storing general user mode,..., IC card with card identification number = 0.00008015 storing“ device administrator ”mode” 30, the IC card 30 with the card identification number = 00013001 in which the “device maintenance person” mode is stored can be given authority as a general user,..., Device manager, device maintenance person, for example, employees B, C, D Distribute one to each (each employee who matches the “name” stored in each IC card 30).

  As described above, as a result of distributing each IC card 30 storing identification information unique to each card to each user, the identification information stored in each IC card 30 is used as information for identifying each user. It becomes possible.

  Thereafter, each user places one IC card 30 distributed by himself / herself on the card placement unit 221 of the management apparatus 20, and after each authentication process by the management apparatus 20, each user in the multifunction machine 10. Each function corresponding to the authority registered in advance can be used.

  FIG. 5 is a flowchart showing an authentication processing operation in the management apparatus 20 according to the present embodiment after registration of the authentication information table 261a.

  In FIG. 5, the management apparatus 20 starts the card information reading process in steps S101 to S103 after the system is started.

  In the card information reading process, first, the IC card communication is performed so that the polling command is wirelessly transmitted from the IC card communication unit 22 (step S101) and the response command to the polling command is received (step S102). The unit 22 is driven.

  In this state, when the IC card 30 is placed on the card placement unit 221, the IC card 30 responds to a polling command from the IC card communication unit 22 and includes a response command including information stored in the own card. Is transmitted wirelessly.

  In response to the operation of the IC card 30, when the management device 20 receives a response command from the mounted IC card 30 (YES in step S <b> 102), the authentication control unit 272 sets in advance in the authentication information from the response command. The read range information (card identification information, card issuance count) is extracted (step S103). First, it is determined whether or not the card identification information that matches the read card identification information is registered in the authentication information table 261a. Check (step S104).

  Here, when the card identification information that matches the read card identification information is not registered (NO in step S104), the authentication control unit 272 performs an authentication error process (step S121), and then ends the process.

  On the other hand, when the card identification information that matches the read card identification information is registered (YES in step S104), the authentication control unit 272 determines that the read card issuance count corresponds to the card identification information. It is checked whether or not the card issuance count stored in the table 261a matches (step S105).

  If the card issuance times do not match (NO at step S105), an authentication error process (step S121) is performed, and then the process ends.

  On the other hand, if the card issuance times match (YES in step S105), the authentication control unit 272 corresponds to the device management restriction mode registered in the authentication information table 261a corresponding to the card identification information read in step S103. With reference to the registered item (step S106), it is specified which item (mode) of “general user”, “device manager”, and “device maintainer” is registered (step S107).

  Next, the authentication control unit 272 refers to the registration items of the function restriction mode registered in the authentication information table 261a corresponding to the card identification information read in step S103 (step S108), and performs “copy”, “print” "," FAX "," scan ", or" all functions "is specified (step S109).

  Further, the authentication control unit 272 includes the device management restriction mode (any one of the “general user”, “device manager”, and “device maintainer” modes) identified in step S107, and the above A use permission instruction for the function restriction mode (any one of “copy”, “print”, “FAX”, and “scan”) recognized in step S109 is sent to the multifunction device 10 through the multifunction device control unit 25. Send out (step S110).

  On the other hand, the multifunction machine 10 receives the use permission command sent from the management device 20 and operates to permit use only of the operation mode that is the command target of the received use permission command. This operation will be described in detail later with reference to FIG.

  In response to this, the management apparatus 20 transmits a use permission command to the multifunction device 10 in step S110, and then proceeds to a process of managing the operation of the multifunction device 10 (step S111).

  In this operation management, the management device 20 (management device control unit 27) monitors the operation of the function permitted to be used in the multifunction machine 10 by the use permission command sent in step S110 so as not to exceed the use restriction. Control (for example, copy is not allowed when the number of copies made by the copy function exceeds the number set in advance for the user), and the use is permitted by the operation unit 12 of the multifunction machine 10. When an end operation related to a function is performed, or a period during which no operation related to the function is performed continues for a predetermined period, and further, when a release button is pressed on the operation unit 23 of the management apparatus 20, Control such as returning a standby state by transmitting a use prohibition command to the machine 10 is performed.

  FIG. 6 is a flowchart showing the processing operation of the multifunction machine 10 based on the reception of the use permission command sent out by the management apparatus 20 in step S110 of the authentication process in FIG.

  In FIG. 6, the multifunction machine 10 monitors whether or not a use permission command is received from the management apparatus 20 through the management apparatus connection unit 14 (step S <b> 201).

  When a use permission command is received from the management device 20 (YES in step S201), the multi-function device control unit 15 extracts each mode of the device management restriction mode and the function restriction mode that are the target of the received use permission command. Then, each extracted mode (usage permission mode) is stored (step S202).

  Next, the multifunction device control unit 15 displays on the display unit 12 an operation screen that can perform an instruction operation for the functions supported by each mode of the device management restriction mode and the function restriction mode stored in step S202 ( Step S203).

  Thereafter, it is monitored on this operation screen whether or not an instruction operation related to any function has been performed (step S204).

  Here, when an instruction operation is performed (YES in step S204), the multi-function device control unit 15 checks the mode (use permission mode) of the use permission command target from the management apparatus 20 stored in step S202, and step S204. It is checked whether the instruction operation performed in is an instruction operation related to the function in either the use permission mode or the mode included in the use permission mode (step S205).

  If the instruction operation performed in step S204 is an instruction operation related to a function other than the use permission mode or the mode included in the use permission mode (NO in step S205), the multifunction device control unit 15 performs the instruction operation. The acceptance of the operation is rejected (step S206), and the process proceeds to step S208.

  On the other hand, when the instruction operation performed in step S204 is an instruction operation related to the function in either the use permission mode or the mode included in the use permission mode (YES in step S205), the multifunction device. The control unit 15 controls each unit to activate a function corresponding to the instruction operation (step S207).

  Thereafter, the multifunction device control unit 15 monitors whether or not the operation unit 12 has performed an operation for ending either the use permission mode or the mode included in the use permission mode (step S208). While the end operation is not performed (NO in step S208), the processing after step S204 is continued. When the end operation is performed (YES in step S208), the operation management process in step S111 from the management device 20 (see FIG. 5). ) To wait for reception of the use prohibition command (step S209), and the process returns to the standby state (step S210).

  According to the processing operation of the system of the present invention described with reference to FIGS. 5 and 6, when the authentication information having the contents shown in FIG. 4 is registered in the authentication information table 261a of the management apparatus 20, for example, card identification When a user having an IC card 30 in which information = 00011000 is stored places the IC card 30 on the card placement unit 221, the management apparatus 20 reads the card identification information read from the IC card 30 = 00011000. As the device management restriction mode and the function restriction mode corresponding to the “general user” mode and the “copy” mode, the authentication information table 261a is identified (steps S107 and S109 in FIG. 5). The use permission command for the “user” and “copy” modes is sent to the multifunction machine 10 (step S110).

  On the other hand, when the multifunction device 10 receives the use permission command from the management device 20 (step S201 in FIG. 6), the multifunction device 10 performs a function instruction operation regarding the “general user” / “copy” mode that is the target of the use permission command. As an enabling operation screen, for example, as shown in FIG. 7, a copy mode screen 110 capable of instructing various functions related to copying is displayed on the display unit 11 (step S203).

  On this copy mode screen 111, the user (general user) can operate the “magnification” button, the “copy density” button, etc. (step S204 YES → S205 YES) to specify the magnification and copy density. (Step S207), for example, a setting screen used for setting a function mode screen for a function other than the copy function, or for setting the copy limit number, etc. by the device administrator, or a device maintenance work by the device maintainer. Even if the “next candidate selection” button is pressed to open the device maintenance screen used for the operation, it is an instruction operation on a mode other than the current use permission mode (“general user” / “copy” mode) (Step S205 NO) and the instruction operation is rejected (Step S206).

  Similarly, when the IC card 30 storing the card identification information = 00011005 is placed on the card placement unit 221 by the user, it is stored in the authentication information table 261a corresponding to the card identification information = 00011005. A use permission command for each mode of “general user” and “FAX” is sent from the management device 20 to the multifunction device 10, while the multifunction device 10 receives the command according to the use permission command from the management device 20. A FAX mode screen that enables the instruction operation of the function related to the target “general user” / “FAX” mode is displayed on the display unit 11, and the user (general user) can perform the operation on the FAX mode screen. Only the FAX function can be used by an instruction operation.

  On the other hand, when the IC card 30 in which the card identification information = 0000008015 is stored is placed on the card placement unit 221 by the user (device manager), authentication is performed corresponding to the card identification information = 00000015. The use permission command for “device manager” and “print” stored in the information table 261a is sent from the management device 20 to the multifunction device 10, while the multifunction device 10 uses the use permission command from the management device 20. , A print function setting screen that enables various function setting operations relating to the “device administrator” / “print” mode that is the target of the command is displayed on the display unit 11, and the user (device administrator) Various settings related to the print function can be performed on the function setting screen.

  If the device administrator performs an operation to open the print mode screen to actually print to confirm the setting contents, the instruction operation is performed in the current use permission mode (“device administrator” mode). (Step 205 in FIG. 6), the print mode screen is displayed based on the instruction operation, and printing can be performed using the screen (step S206).

  When the IC card 30 storing the card identification information = 00013001 is placed on the card placement unit 221 by the user (device maintenance person), the authentication information table 261a corresponding to the card identification information = 00013001. The use permission command for each mode of “device maintenance person” and “scan” stored in the management device 20 is sent from the management device 20 to the multifunction device 10, while the multifunction device 10 uses the use permission command from the management device 20 Based on the “equipment maintenance person” / “scan” mode that is the target of the command, a maintenance screen capable of performing a maintenance operation related to the scan function is displayed on the display unit 11, and the user (equipment maintenance person) Maintenance work related to the scan function can be performed on the maintenance screen.

  Here, for example, when the device maintainer performs an operation for opening a setting screen corresponding to a certain function for maintenance, the instruction operation is performed in the current use permission mode (“device maintainer” mode). ) Is included (device administrator mode) (step 205 YES in FIG. 6), and the corresponding setting screen is displayed based on the instruction operation. Various setting operations related to the function are performed using the screen. (Step S206).

  Further, when the device maintenance person performs an operation to open the function mode screen in order to actually activate the corresponding function in order to confirm the setting content performed using the setting screen, the instruction operation is It is determined that it is a mode (“general user” mode) included in the current use permission mode (“equipment maintenance person” mode) (step 205 YES in FIG. 6), and the corresponding function mode screen is displayed based on the instruction operation. The corresponding function is displayed and the corresponding function can be activated using the screen (step S206).

  As described above, according to the first embodiment, the management device 20 includes the card identification information stored in the IC card 30 issued to the user and the plurality of operation modes provided in the multifunction device 30 that is the managed device. An operation mode corresponding to the card identification information read from the IC card 30 adjacent for authentication is registered in the authentication information table 261a and the correspondence relationship with the operation mode information of which use authority is permitted (permitted to use). Information is identified from the authentication information table 261a and a use permission command for the identified operation mode is sent to the multifunction device 10, while the multifunction device 10 is subject to the use permission command sent from the management device 20. Since control is performed to permit use of a certain operation mode, each user uses one IC card 30 to control card identification information stored in the IC card 30. A use permission command for a plurality of operation modes permitting use can be transmitted to the multifunction device 10, and a plurality of IC cards 30 are held in order to use a plurality of functions of the multifunction device 10. This eliminates the need for card management.

  Further, in the multifunction device 10, an instruction operation corresponding to the operation mode that has received the use permission command is performed in accordance with the control to permit the use of the operation mode that is the target of the use permission command sent from the management device 20. Since the user screen is controlled, the user can immediately use the operation mode to which the user is authorized by performing an instruction operation for a desired function on the screen.

  Further, by associating the card identification information in the authentication information table 261a with the use authority for each of the plurality of operation modes of the multifunction device 10, the use authority and the authority holder can be easily managed.

  FIG. 8 is a table illustrating an example of registration of authentication information in the authentication information table 261b according to the second embodiment.

  The authentication information table 261b registers one item of information (mode) in association with the card identification information stored in the IC card 30 issued to the user, in association with the device management restriction mode, and the function restriction. About the mode, information (mode) of a plurality of items is registered in association with each other.

  Specifically, in the example of FIG. 8, in the device management restriction mode, the card identification number = 00011000, the card identification number = 00011005,..., The card identification number = 0000008015, and the card identification number = 00013001 as in the first embodiment. “General user”, “General user”, “Equipment manager”, and “Equipment maintenance person” are registered in association with each other.

  However, in the present embodiment, as for the device management restriction mode, as shown in the following formula (1), the “device manager” mode includes the “general user” mode, and the “device maintainer” mode is “ Establishing an agreement to include the “device manager” mode.

“General user” <“Device administrator” <“Device maintenance person” …… (1)
This agreement (inclusion relation defining information) of the expression (1) is implemented in the multifunction device 10, and the multifunction device 10 performs operation control (see FIG. 9) based on reception of a device management restriction mode from the management device 20 described later. The display control of the mode selection screen with reference to the inclusion relation defining information is performed.

  In the example of FIG. 8, in the function restriction mode, “copy” and “FAX” are used for the card identification number = 00011000, and “print” and “scan” are used for the card identification number = 00011005. "And" FAX "are registered in association with each other.

  Also in the management apparatus 20 of this embodiment having such a configuration, basically, authentication processing according to the flowchart shown in FIG.

  However, the management apparatus 20 according to the first embodiment includes the authentication information table 261a illustrated in FIG. 4 (one item of information (mode) is registered for each of the device management restriction mode and the function restriction mode). 5, specify one item mode for each of the device management restriction mode and the function restriction mode corresponding to the card identification information read from the IC card 30 in steps S101 to S103 (steps S107 and S109), and issue a use permission command for the mode. In the present embodiment, as shown in FIG. 8, one item of information (mode) is provided for the device management restriction mode, and a plurality of items are provided for the function restriction mode. Because of the configuration using the authentication information table 261b in which the information (mode) is registered, the steps in the authentication process of FIG. In 107 and S109, one item mode and a plurality of item modes are specified for each device management restriction mode and function restriction mode corresponding to the card identification information read from the IC card 30, and in step S110, the specified device management mode is specified. A use permission command targeting one item and a plurality of item modes is sent to the multifunction device 10 for each restriction mode and function restriction mode.

  In response to the use permission command sent out in step S110 by the management device 20 of the present embodiment, the multifunction machine 10 of the embodiment receives the use permission command and performs a control operation according to the flowchart shown in FIG. Execute.

  In FIG. 9, the multi-function device 10 monitors whether or not a use permission command is received from the management device 20 through the management device connection unit 14 (step S301).

  Here, when a use permission command is received from the management device 20 (YES in step S301), the multifunction device control unit 15 performs a device management restriction mode (any one item) that is a command target of the received use permission command, and a function restriction. The mode (multiple items) is stored as a use permission mode (step S302).

  Next, the multifunction device control unit 15 sequentially checks the device management restriction mode and the function restriction mode stored in step S302.

  First, it is checked whether the registration item of the device management restriction mode is “general user”, “device administrator”, or “device maintenance person” (step S303). If it is “general user” (general user in step S303), the “general user” mode includes “copy”, “print”, “FAX”, “scan”, and “all functions”. Since it is a premise that a plurality of function restriction modes are commanded to be used, a plurality of function modes for which the use permission command has been specified are identified from the information stored in step S302, and between these function modes are specified. The selection screen for selecting a desired mode is displayed on the display unit 12 (step S304).

  On the other hand, if the device management restriction mode is “device manager” (device manager in step S303), the mode inclusion relationship of the above equation (1) is referred to, and the current use permission command target mode (“device manager” “Mode”) includes a “general user” mode, and a selection screen for selecting a desired mode between the “device administrator” mode and the “general user” mode is displayed. 12 (step S305).

  If the device management restriction mode is “device maintainer” (device maintainer in step S303), the mode inclusion relationship of the above expression (1) is referred to and the current use permission command target mode (“device maintainer”) is referred to. "Mode") includes the "device manager" mode, and based on the recognition result that the "device manager" mode includes the "general user" mode, the "device maintainer" mode, "device management" A selection screen for selecting a desired mode between the “user” mode and the “general user” mode is displayed on the display unit 12 (step S306).

  When the selection screen is displayed on the display unit 12 in any of the above steps S304, S305, and S306, the multi-function device control unit 15 monitors whether or not a selection operation has been performed on the currently displayed selection screen. (Step S307).

  Here, when the selection operation of the selected mode is performed (YES in step S307), an operation screen capable of instructing the function of the selected mode is displayed on the display unit 12 (step S308).

  Thereafter, the multifunction device control unit 15 receives an operation instruction on the operation screen in the same flow as the processing of steps S204 to S210 shown in FIG. Operation start control (step S310) is performed.

  According to the processing operation of the present embodiment described above, when the authentication information shown in FIG. 8 is registered in the authentication information table 216b of the management apparatus 20, the IC card 30 in which the card identification information = 00011000 is stored When placed on the card placement unit 221 by the user, the “normal user”, “copy”, and “FAX” modes stored in the authentication information table 216b corresponding to the card identification information = 00011000 are targeted. Is sent from the management apparatus 20 to the multifunction device 10.

  On the other hand, the MFP 10 recognizes the “general user” / “copy” / “FAX” mode as the use permission mode based on the use permission command received from the management apparatus 20, and based on the recognition result, for example, As shown in FIG. 10A, a selection screen 115a for selecting each function mode of the copy function and the FAX function is displayed on the display unit 11.

  In this case, the user (general user) selects one of the modes using the selection screen 115a (presses one of the “copy” button and the “FAX” button), and the display unit 11 performs the selection. The copy function and the FAX function can be selectively used by using a copy mode screen or a FAX mode screen that enables an instruction operation of a function related to the copy function or the FAX function displayed on the screen.

  Similarly, when the IC card 30 storing the card identification information = 00011005 is placed on the card placement unit 221 by the user, it is stored in the authentication information table 216b corresponding to the card identification information = 00011005. A use permission command for each mode of “general user”, “print”, “scan”, and “FAX” is sent from the management device 20 to the multifunction device 10, and the multifunction device 10 receives it from the management device 20. Based on the use permission command, each mode of “general user” / “print” / “scan”, “FAX” is recognized as the use permission mode. For example, as shown in FIG. A selection screen 115b for selecting each function mode of the function and the FAX function is displayed on the display unit 11.

  As a result, the user (general user) selects one of the modes on the selection screen 115b (presses one of the “print” button, “scan” button, and “FAX” button) and selects the mode. By using the screen of the corresponding function mode (print mode screen, scan mode screen, FAX mode screen) displayed on the display unit 11 by the above, the print function, scan function or FAX function can be selectively used.

  Further, when the IC card 30 in which the card identification information = 0000008015 is stored is placed on the card placement unit 221 by the user, “?” Stored in the authentication information table 216b corresponding to the card identification information = 00000008015. A use permission command targeting the “device manager” mode is sent from the management device 20 to the multifunction device 10, and the multifunction device 10 uses the “device manager” mode as the use permission mode based on the use permission command received from the management device 20. As shown in FIG. 11, for example, the device management mode of the “device manager” mode and the “general user” mode included in the mode are selected by the processing in step S305 in FIG. A selection screen 115c is displayed on the display unit 11.

  Thereby, the user (device manager) displays the device manager displayed by selecting, for example, the “device manager” mode (pressing the “device manager” button) on the selection screen 115c. Various function settings can be performed using the setting screen for the user, or displayed by selecting the “general user” mode (pressing the “general user” button) on the selection screen 115c, for example, A desired function can be used by selecting any mode using a selection screen for each mode of copy, scan, printer, and FAX.

  Further, when the IC card 30 storing the card identification information = 00013001 is placed on the card placement unit 221 by the user, the authentication information table 216b stores “ A use permission command targeting the “device maintenance person” mode is sent from the management device 20 to the multifunction device 10, and the multifunction device 10 uses the “device maintenance person” mode as the use permission mode based on the use permission command received from the management device 20. 9 is recognized, and the device management mode of the “device administrator” mode and the “device administrator” mode and the “general user” mode included in the mode are selected by the processing in step S306 of FIG. For example, a selection screen 115d as shown in FIG.

  As a result, the user (equipment maintenance person), for example, the equipment maintenance person displayed by selecting the “equipment maintenance person” mode (pressing the “equipment maintenance person” button) on the selection screen 115d. Maintenance for various functions can be performed using the maintenance screen for the device, or for the device administrator displayed by selecting the “device administrator” mode (pressing the “device administrator” button) Various function settings can be performed using the setting screen, or displayed by selecting the “general user” mode (pressing the “general user” button) on the selection screen 115d, for example, A desired function can be used by selecting one of the modes using the copy, scan, printer, or FAX mode selection screen.

  As described above, according to the second embodiment, the management apparatus 20 provides the user with one item of information (mode) for the device management restriction mode and multiple items of information (mode) for the function restriction mode. Using the authentication information table 261b registered in association with the card identification information stored in the IC card 30 to be issued, the device management restriction associated with the card identification information read from the IC card 30 adjacent for authentication A mode of one item related to the mode and a mode of a plurality of items related to the function restriction mode are specified from the authentication information table 261b, and a use permission command targeting the specified plurality of modes (designated as a use permission mode) is combined. On the other hand, the multifunction device 10 selects a plurality of operation modes to be commanded by the use permission command sent from the management device 20.択画 surface 115 (115 a to 115 d) to display, performs control to shift to the selected mode on the selection screen.

  According to the configuration of the second embodiment, in addition to the operational effects of the first embodiment, the following effects are further obtained. That is, in this embodiment, by registering a plurality of operation modes in association with the card identification information stored in the IC card 30, a user who has performed an authentication operation using the IC card 30 The mode permitted to be used by the user can be clearly seen by looking at the selection screen for the plurality of operation modes registered corresponding to the card identification information of the IC card 30 displayed on the MFP 10 side. Thus, a desired mode can be selected and the mode can be quickly shifted to function selection.

  In the above embodiment, the non-contact type IC card 30 is used as an authentication card, but other recording media such as a magnetic card may be used.

  In addition, the present invention is not limited to the embodiment described above and shown in the drawings, and can be implemented by being appropriately modified within a range not changing the gist thereof.

  For example, in the above-described embodiment, the management device 20 and the multifunction device 10 are connected on a one-to-one basis. However, while a plurality of managed devices such as the multifunction device 10 are connected to the management device 20, the management device 20 Corresponding to the card identification information, the authentication information is centrally managed using the authentication information table in which the information of the devices that are permitted to use and the information of the modes that are permitted to be used are registered. Based on the read information, the management apparatus to be used and the operation mode may be authenticated by referring to the authentication information table for centralized management.

  In addition, the plurality of managed devices are connected to the management device 20 via a network, user identification information is input from a PC or the like via the network, and the centralized authentication information table based on the user identification information It is good also as a structure which authenticates the available apparatus and the available mode with reference to.

  In addition, a centralized management device connected to a plurality of management devices via a network is provided, and information on devices permitted to be used among devices managed by the plurality of management devices and usage permission are provided in accordance with the card identification information. The authentication information table in which the mode information is registered is stored in the central management device, the authentication information is centrally managed, and the information read from the IC card 30 by each management device is transmitted to the central management device. The information regarding the non-management device to be used and the operation mode may be returned to the management device by referring to the authentication information table.

  The present invention is applied to an authentication device that authenticates a user of a device having a plurality of operation modes and a use operation mode based on information read from a recording medium, and a management system that manages the operation of the device using the authentication device. And an authentication information table in which the identification information stored in the recording medium used by the user and the information on the operation mode with the authority to use are registered in association with each other are provided on the management apparatus side, based on the identification information read from the recording medium , By specifying the use authority operation mode corresponding to the identification information from the authentication information table and sending the use permission command for the operation mode to the device, each user uses the recording medium of each device. It can authenticate the available users and operation modes.

The conceptual diagram which shows the whole structure of the management system concerning this invention. The block diagram which shows the function structure of the multifunctional device and management apparatus in a management system. The conceptual diagram which shows the information storage structure of an IC card. FIG. 3 is a table showing an example of information registration in an authentication information table used in the first embodiment. The flowchart which shows the authentication processing operation | movement of a management apparatus. 3 is a flowchart illustrating processing operations of the image forming apparatus according to the first exemplary embodiment. 6 is a diagram illustrating a display example of a copy mode screen based on reception of a copy function mode use permission command in the image forming apparatus of Embodiment 1. FIG. FIG. 9 is a table showing an example of information registration in an authentication information table used in the second embodiment. 9 is a flowchart illustrating a processing operation of the image forming apparatus according to the second embodiment. FIG. 10 is a diagram illustrating a display example of a function mode selection screen based on reception of use permission commands for a plurality of function modes in the image forming apparatus according to the second embodiment. FIG. 9 is a diagram illustrating a display example of a mode selection screen based on reception of a device manager mode use permission command in the image forming apparatus according to the second embodiment. FIG. 10 is a diagram illustrating a display example of a mode selection screen based on reception of a use permission command in an apparatus maintenance person mode in the image forming apparatus according to the second embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 ... Multifunction machine, 11 ... Display part, 110 ... Copy mode screen, 115a, 115b, 115c, 115d ... Selection screen, 12 ... Operation part, 13 ... Image formation part, 14 ... Management apparatus connection part, 15 ... Multi-function machine control , 20 ... management device, 21 ... display unit, 211 ... readable status display LED, 212 ... use permission status display LED, 22 ... non-contact type IC card communication unit, 221 ... card placement unit, 23 ... operation unit, 24: Setting device control unit, 25 MFP control unit, 26: Storage unit, 261, 261a, 261b ... Authentication information table, 27 ... Management device control unit, 271 ... Authentication information setting control unit, 272 ... Authentication control unit, 30 ... Non-contact IC card, 40 ... Setting device

Claims (11)

In an authentication device for authenticating a user of a device having a plurality of operation modes and a use operation mode based on information read from a recording medium,
A recording medium on which unique identification information is recorded;
Reading means for reading information recorded on the recording medium;
An authentication information table in which the identification information recorded on the recording medium is registered in association with information on an operation mode having authority to use among a plurality of operation modes of the device;
Based on the identification information read from the recording medium, a use authority operation mode corresponding to the identification information is specified from the authentication information table, and a use permission instruction for the specified use authority operation mode is sent to the device. And an authentication control means. The authentication information table includes:
Registering information of any device management mode among a plurality of device management modes of the device as the operation mode information with the use authority,
The authentication control means includes
2. The authentication apparatus according to claim 1, wherein the device management mode corresponding to the read identification information is specified from the authentication information table and the use permission instruction for the device management mode is transmitted. The authentication information table includes:
Registering information on an arbitrary function mode among a plurality of function modes of the device as the operation mode information having the authority to use,
The authentication control means includes
The authentication device according to claim 1 or 2, wherein the function mode corresponding to the read identification information is specified from the authentication information table and the use permission command for the function mode is transmitted. In a management system having a device having a plurality of operation modes and a management device for managing the operation of the device based on user identification information,
The management device
A recording medium on which unique identification information is recorded;
Reading means for reading information recorded on the recording medium;
An authentication information table in which the identification information recorded on the recording medium is registered in association with information on an operation mode having authority to use among a plurality of operation modes of the device;
Based on the identification information read from the recording medium, a usage right operation mode corresponding to the identification information is specified from the authentication information table, and a use permission instruction for the specified usage right operation mode is given to the device. An authentication control means for sending out, and
The device is
A management system comprising: control means for controlling to permit use of an operation mode that is a target of the use permission command received from the management device. The authentication information table includes:
Registering information of any device management mode among a plurality of device management modes of the device as the operation mode information with the use authority,
The authentication control means includes
The management system according to claim 4, wherein the device management mode corresponding to the read identification information is specified from the authentication information table, and the use permission instruction for the device management mode is transmitted. The authentication information table includes:
Registering information on an arbitrary function mode among a plurality of function modes of the device as the operation mode information having the authority to use,
The authentication control means includes
The management system according to claim 4 or 5, wherein the function mode corresponding to the read identification information is specified from the authentication information table, and the use permission instruction for the function mode is transmitted. The authentication information table includes:
Register one mode for each of the device management mode and the function mode,
The authentication control means includes
A device management mode and a function mode respectively corresponding to the read identification information are specified from the authentication information table, and the use permission instruction for the specified mode is sent.
The device is
The management system according to claim 6, further comprising a display unit configured to display an operation screen corresponding to a mode that is a target of the use permission command received from the management device. The authentication information table includes:
Register one mode and a plurality of modes for each of the device management mode and the function mode,
The authentication control means includes
A device management mode and a plurality of function modes corresponding to the read identification information are specified from the authentication information table, and the use permission instruction for the specified mode is sent.
The device is
The management system according to claim 6, further comprising: a display unit configured to display a mode selection screen capable of selecting a desired mode among a plurality of modes that are targets of the use permission command received from the management device. . The device is
Holding means for holding inclusion relationship information that defines an inclusion relationship regarding use authority between the plurality of device management modes;
Determination means for determining an inclusion relationship between the device management mode that is the target of the use permission command received from the management device and another device management mode based on the inclusion relationship information;
The display means includes
The mode selection capable of selecting a desired mode between the device management mode as a target of the use permission command and another device management mode included in the device management mode according to the inclusion relationship determined by the determination unit The management system according to claim 8, wherein a screen is displayed. In the management method in which the management device manages the operation of the device having a plurality of operation modes based on the identification information of the user read from the recording medium.
The unique identification information recorded on the recording medium and the information on the operation mode with the use authority among the plurality of operation modes of the device are associated with each other and registered in the authentication information table of the management device,
Based on the identification information read from the recording medium by the reading unit of the management apparatus, the authentication control unit of the management apparatus specifies a use authority operation mode corresponding to the read identification information from the authentication information table, and A use permission command for the specified use authority operation mode is sent to the device;
The management method, wherein the device is controlled by a control unit to permit use of an operation mode that is a target of the use permission command received from the management device. In a management program implemented in a management device and causing the management device to perform processing for managing the operation of a device having a plurality of operation modes based on identification information of a user read from a recording medium.
Authentication information registration processing for associating unique identification information recorded on the recording medium with information on an operation mode with authority to use among a plurality of operation modes of the device in an authentication information table;
Based on the identification information read from the recording medium by the reading means, the authentication control means specifies the use authority operation mode corresponding to the read identification information from the authentication information table, and targets the specified use authority operation mode. A management program for causing the management device to perform a use permission command sending process for sending a use permission command to the device.

Images