JP2012018570A - Image forming device, authentication system, authentication method, authentication program, and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an image forming device, an authentication system, an authentication method, an authentication program, and a recording medium which can perform authentication even if authentication information loses its validity.SOLUTION: A card ID acquisition unit 151 acquires a card ID of an IC card. A user ID acquisition unit 153 acquires a user ID associated with the acquired card ID. A connection information management unit 155 acquires connection information associated with the acquired user ID. A first connection unit 159 tries a connection with an authentication device 200 by using the acquired connection information. A display control unit 165 displays an input screen for the user ID and a password when the connection is failed. An input reception unit 167 receives input of the user ID and the password. A second connection unit 161 tries the connection with the authentication device by using the input user ID and the input password as the connection information. An authentication unit 163 requires the authentication of the user ID to the authentication device when the connection is successful.

Description

  The present invention relates to an image forming apparatus, an authentication system, an authentication method, an authentication program, and a storage medium.

  Conventionally, in an organization such as a company, an image forming apparatus such as a printing apparatus or a multifunction peripheral is connected to an in-house network such as a LAN (Local Area Network) to which a plurality of computer terminals are connected, and the image forming apparatus is shared. is doing.

  In such an image forming apparatus that can be used by an unspecified number of users, a technique is known in which an image forming apparatus can be used only when authentication is performed successfully by performing authentication using an IC card in order to ensure security. It has been. For example, in Patent Document 1, IC card identification information is acquired from an image forming apparatus, a user ID corresponding to the acquired IC card identification information is extracted, and whether or not the extracted user ID exists in the AD server is confirmed. Discloses a technique for performing user authentication.

  However, in the conventional technology as described above, user authentication is performed using authentication information rather than identification information of the IC card itself, but the authentication information loses its validity and may not be authenticated. .

  The present invention has been made in view of the above circumstances, and provides an image forming apparatus, an authentication system, an authentication method, an authentication program, and a storage medium capable of performing authentication even if authentication information has lost its validity. The purpose is to do.

  In order to solve the above-described problems and achieve the object, an image forming apparatus according to one aspect of the present invention is an image forming apparatus connected to an authentication apparatus via a network, and medium identification information of an information storage medium Medium identification information acquisition means for acquiring the medium identification information, user ID storage means for storing the medium identification information and the user ID in association with each other, and the user ID associated with the acquired medium identification information from the user ID storage means The connection information storage means for storing the user ID acquisition means, the user ID, and the connection information including the connection ID and password in association with each other, and the connection information associated with the acquired user ID in the connection Connection information management means acquired from the information storage means, first connection means for attempting to connect to the authentication device using the acquired connection information, and the first connection hand When the connection fails, a display control unit that displays a user ID and password input screen on the display unit, an input receiving unit that receives the user ID and the password, and the input user ID and the password Second connection means for trying to connect to the authentication apparatus using connection information, and authentication means for requesting the authentication apparatus to authenticate the user ID when the connection is successful. And

  An authentication system according to another aspect of the present invention is an authentication system including a first image forming apparatus and a second image forming apparatus connected to an authentication apparatus via a network, and the first image forming apparatus includes: User ID storage means for storing the medium identification information and user ID in association with each other, connection information storage means for storing the user ID and connection information including the connection ID and password in association with each other, and the second image A connection information management unit that acquires connection information associated with a user ID notified from the forming device from the connection information storage unit, and a first connection that attempts to connect to the authentication device using the acquired connection information And a second connection means that attempts to connect to the authentication apparatus using the user ID and password notified from the second image forming apparatus as connection information. An authentication unit that requests the authentication device to authenticate the user ID, and the second image forming device includes a medium identification information acquisition unit that acquires medium identification information of an information storage medium; When the user ID acquisition unit that acquires the user ID associated with the acquired medium identification information from the user ID storage unit and notifies the first image forming apparatus and the first connection unit fail to connect A display control unit that displays a user ID and password input screen on a display unit, and an input reception unit that receives the user ID and the password and notifies the first image forming apparatus. And

  An authentication system according to another aspect of the present invention is an authentication system including a server device and an image forming device connected to an authentication device via a network, the server device including medium identification information, a user ID, Corresponding to the user ID storage means for storing the user ID, the connection information storing means for storing the user ID, the connection information including the connection ID and the password, and the user ID notified from the image forming apparatus Notified from the image forming apparatus, connection information management means for acquiring attached connection information from the connection information storage means, first connection means for attempting to connect to the authentication apparatus using the acquired connection information, and Second connection means that attempts to connect to the authentication device using the user ID and password to be connected as connection information, and if the connection is successful, the authentication device Authentication means for requesting authentication of the user ID, and the image forming apparatus corresponds to the medium identification information acquisition means for acquiring the medium identification information of the information storage medium, and the acquired medium identification information A user ID acquisition unit that acquires the attached user ID from the user ID storage unit and notifies the server device, and a display unit for displaying a user ID and password input screen when the first connection unit fails to connect. And a display control unit that receives the input of the user ID and the password and notifies the image forming apparatus of the input.

  An authentication method according to another aspect of the present invention includes a medium identification information acquisition step in which medium identification information acquisition means acquires medium identification information of an information storage medium, and a user ID acquisition means includes medium identification information and user ID. A user ID acquisition step of acquiring a user ID associated with the acquired medium identification information from a user ID storage unit that stores the user ID, a connection information management unit, and a user ID, a connection ID, and a password. A connection information management step for acquiring connection information associated with the acquired user ID from connection information storage means for storing the connection information in association with the acquired connection information; The first connection step that attempts to connect to the authentication device using the user ID and the password input screen when the display control unit fails to connect A display control step for displaying on the display means, an input receiving means for receiving the input of the user ID and the password, and a second connecting means using the input user ID and the password as connection information. A second connection step for attempting to connect to the authentication device, and an authentication step for requesting the authentication device to authenticate the user ID when the authentication means is successfully connected. To do.

  An authentication program according to another aspect of the present invention is for causing a computer to execute the authentication method.

  A storage medium according to another aspect of the present invention is a computer-readable medium storing the authentication program.

  According to the present invention, there is an effect that authentication can be performed even if information for authentication has lost its validity.

FIG. 1 is a schematic diagram illustrating a configuration example of an authentication system according to the present embodiment. FIG. 2 is a block diagram illustrating a configuration example of the authentication system according to the present embodiment. FIG. 3 is a diagram illustrating an example of data in the user ID storage unit of the present embodiment. FIG. 4 is a diagram illustrating an example of data in the connection information storage unit of the present embodiment. FIG. 5 is a diagram illustrating an example of a user ID and password input screen. FIG. 6 is a diagram illustrating a data example of the connection authentication information storage unit of the present embodiment. FIG. 7 is a flowchart illustrating an example of authentication processing performed in the authentication system of the present embodiment. FIG. 8 is a sequence diagram showing an example of authentication processing performed in the authentication system of the present embodiment. FIG. 9 is a schematic diagram illustrating a configuration example of the authentication system according to the first modification. FIG. 10 is a block diagram illustrating a configuration example of the authentication system according to the first modification. FIG. 11 is a schematic diagram illustrating a configuration example of an authentication system according to the second modification. FIG. 12 is a block diagram illustrating a configuration example of the authentication system according to the second modification. FIG. 13 is a diagram illustrating a data example of the connection information storage unit according to the third modification. FIG. 14 is a diagram illustrating an example of data in the connection authentication information storage unit of the third modification. FIG. 15 is a diagram illustrating an example of data in the connection information storage unit of the fourth modification. FIG. 16 is a block diagram illustrating a hardware configuration example of the authentication device and the server device according to the embodiment and the modification. FIG. 17 is a block diagram illustrating a hardware configuration example of the MFP according to the embodiment and the modification.

  Hereinafter, embodiments of an image forming apparatus, an authentication system, an authentication method, an authentication program, and a storage medium according to the present invention will be described in detail with reference to the accompanying drawings. In each of the following embodiments, an image forming apparatus will be described by taking a multifunction peripheral (MFP) having at least one of a scanner function, a copy function, and a facsimile function as an example in addition to a printer function. It is not limited to this.

  First, the configuration of the authentication system of this embodiment will be described.

  FIG. 1 is a schematic diagram illustrating an example of the configuration of the authentication system 10 of the present embodiment, and FIG. 2 is a block diagram illustrating an example of the configuration of the authentication system 10 of the present embodiment. As shown in FIGS. 1 and 2, the authentication system 10 includes a multifunction device 100 and an authentication device 200. The multi-function device 100 and the authentication device 200 are connected via the network 20. The network 20 may be any network regardless of wired or wireless, LAN (Local Area Network) or public communication line.

  As illustrated in FIG. 2, the multifunction peripheral 100 includes a communication unit 110, an IC card R / W 120, an operation display unit 130, a storage unit 140, a control unit 150, and an image forming unit 170.

  The communication unit 110 communicates with an external device such as the authentication device 200 via the network 20 and can be realized by an existing communication device such as a communication interface. The communication unit 110 receives print data used for image formation from a PC (Personal Computer) (not shown) or the like.

  The IC card R / W 120 mediates communication between the IC card and the multifunction peripheral 100 by performing data read processing and write processing on the IC card (an example of an information storage medium). Note that the communication method may be a contact type or a non-contact type. The IC card R / W 120 reads a card ID (an example of medium identification information) of the IC card from the IC card.

  The operation display unit 130 (an example of a display unit) displays various screens and inputs various operations, and can be realized by an operation panel, a touch panel display, or the like. Note that the operation unit and the display unit may be realized separately.

  The storage unit 140 stores various programs executed by the multifunction device 100, data used for various processes performed by the multifunction device 100, and the like. The storage unit 140 is, for example, magnetic, optical, or electrical such as a hard disk drive (HDD), a solid state drive (SSD), a memory card, an optical disk, a read only memory (ROM), and a random access memory (RAM). This can be realized by at least one of existing storage devices that can be stored in the storage device. The storage unit 140 includes a user ID storage unit 141 and a connection information storage unit 143.

  The user ID storage unit 141 stores a card ID and a user ID in association with each other. FIG. 3 is a diagram illustrating an example of data stored in the user ID storage unit 141. In the example illustrated in FIG. 3, the user ID storage unit 141 stores a card ID “AAA” and a user ID “BBB” in association with each other.

  The connection information storage unit 143 stores a user ID and connection information including a connection ID and a password in association with each other. FIG. 4 is a diagram illustrating an example of data stored in the connection information storage unit 143. In the example illustrated in FIG. 4, the connection information storage unit 143 stores the user ID “BBB”, the connection ID “DDD” of the connection information, and the password “EEE” in association with each other. The connection information is used as a proxy account for connecting to the authentication device 200.

  The control unit 150 controls each unit of the multifunction peripheral 100 and can be realized by an existing control device such as a CPU (Central Processing Unit). The control unit 150 includes a card ID acquisition unit 151, a user ID acquisition unit 153, a connection information management unit 155, a connection authentication unit 157, a display control unit 165, an input reception unit 167, and an authentication management unit 169. Including.

  A card ID acquisition unit 151 (an example of a medium identification information acquisition unit) acquires a card ID read by the IC card R / W 120. The user ID acquisition unit 153 acquires the user ID associated with the card ID acquired by the card ID acquisition unit 151 from the user ID storage unit 141. The connection information management unit 155 acquires connection information associated with the user ID acquired by the user ID acquisition unit 153 from the connection information storage unit 143.

  The connection authentication unit 157 includes a first connection unit 159, a second connection unit 161, and an authentication unit 163. The first connection unit 159 attempts to connect to the authentication device 200 using the connection information acquired by the connection information management unit 155. Specifically, the first connection unit 159 requests connection to the authentication device 200 by transmitting the connection information acquired by the connection information management unit 155 to the authentication device 200 via the communication unit 110. Details of the second connection unit 161 and the authentication unit 163 will be described later.

  When the first connection unit 159 fails to connect to the authentication device 200, the display control unit 165 causes the operation display unit 130 to display a user ID and password input screen. FIG. 5 is a diagram illustrating an example of a user ID and password input screen. The input receiving unit 167 receives the user ID and password input on the input screen displayed by the display control unit 165 from the operation display unit 130.

  Here, the second connection unit 161 and the authentication unit 163 will be described. The second connection unit 161 attempts to connect to the authentication device 200 using the user ID and password accepted by the input accepting unit 167 as connection information. That is, the second connection unit 161 tries to connect to the authentication device 200 using the user ID received by the input receiving unit 167 as the connection ID. Specifically, the second connection unit 161 transmits the user ID and password accepted by the input accepting unit 167 as connection information to the authentication device 200 via the communication unit 110, thereby allowing the authentication device 200 to Request a connection.

  The authentication unit 163 requests the authentication device 200 to authenticate the user ID used for connection with the authentication device 200 when the second connection unit 161 succeeds in connection with the authentication device 200. Specifically, the authentication unit 163 requests the authentication device 200 for authentication by transmitting the user ID used for connection with the authentication device 200 to the authentication device 200 via the communication unit 110.

  The authentication management unit 169 controls authentication processing with the authentication apparatus 200 performed by the multifunction peripheral 100. For example, when authentication of the user ID by the authentication apparatus 200 is successful, image formation can be executed.

  The image forming unit 170 executes image formation on a recording medium such as recording paper when image formation can be executed by the authentication management unit 169. For example, the image forming unit 170 prints print data received by the communication unit 110 on a recording medium and executes image formation.

  As illustrated in FIG. 2, the authentication device 200 includes a communication unit 210, a storage unit 220, and a control unit 230.

  The communication unit 210 communicates with an external device such as the multifunction device 100 via the network 20 and can be realized by an existing communication device as with the multifunction device 100.

  The storage unit 220 stores various programs executed by the authentication apparatus 200, data used for various processes performed by the authentication apparatus 200, and the like. The storage unit 220 can be realized by at least one of existing storage devices, like the multi-function device 100. The storage unit 220 includes a connection authentication information storage unit 221.

  The connection authentication information storage unit 221 stores lock information, connection information, and a user ID in association with each other. The lock information is information indicating whether or not the connection information used for connection with the multifunction device 100 is locked (whether or not it can be used).

  FIG. 6 is a diagram illustrating an example of data stored in the connection authentication information storage unit 221. In the example illustrated in FIG. 6, the connection authentication information storage unit 221 stores the lock information “ON”, the connection ID “DDD” and the password “EEE” of the connection information, and the user ID “BBB” in association with each other. ing. Similarly, the connection authentication information storage unit 221 stores lock information “OFF”, connection ID “BBB” and password “CCC” of the connection information, and user ID “BBB” in association with each other. The lock information “ON” indicates that the connection information is locked (cannot be used), and the lock information “OFF” indicates that the connection information is not locked (can be used). . That is, in the example shown in FIG. 6, the connection information of the connection ID “DDD” and the password “EEE” cannot be used because the lock information is “ON”, and the connection information of the connection ID “BBB” and the password “CCC” is used. Can be used because the lock information is “OFF”.

  The control unit 230 controls each unit of the authentication device 200 and can be realized by an existing control device, like the multifunction machine 100. The control unit 230 includes a connection unit 231 and an authentication unit 233.

  The connection unit 231 controls connection with the multifunction device 100. Specifically, the connection unit 231 receives connection information from the multifunction peripheral 100 via the communication unit 210, and displays connection information that matches the received connection information in the connection information stored in the connection authentication information storage unit 221. Search from inside. If the connection unit 231 searches for connection information that matches the received connection information, the connection unit 231 establishes a connection with the multifunction peripheral 100, notifies the connection success via the communication unit 210, and matches the received connection information. If no search is performed, a connection error is notified via the communication unit 210 without establishing a connection with the MFP 100. However, even when the connection unit 231 searches for connection information that matches the received connection information, if the searched connection information is locked (when the lock information associated with the connection information is “ON”). Notifies the connection error without establishing a connection with the multifunction peripheral 100.

  The authentication unit 233 authenticates the user ID requested for authentication from the multi-function device 100. Specifically, the authentication unit 233 receives a user ID from the multifunction peripheral 100 via the communication unit 210, and a user ID that matches the received user ID is a user ID stored in the connection authentication information storage unit 221. The search is made from the user IDs associated with the connection information used for connection with the multifunction device 100. If the authentication unit 263 searches for a user ID that matches the received user ID, the authentication unit 263 notifies the MFP 100 of successful authentication via the communication unit 210. If the user ID that matches the received user ID is not searched, the authentication unit 263 The authentication failure is notified to the machine 100 via the communication unit 210.

  The control unit 230 sets “ON” and “OFF” of the lock information in the connection authentication information storage unit 221. For example, it is assumed that a periodic correction of the connection information password is set in a security policy (not shown) stored in the storage unit 220. In this case, if the password for the connection information is not updated within a predetermined period, the control unit 230 sets the lock information for the connection information to “ON”.

  Next, the operation of the authentication system of this embodiment will be described.

  FIG. 7 is a flowchart illustrating an example of authentication processing performed by the multifunction peripheral 100 according to the present embodiment.

  First, the card ID acquisition unit 151 acquires the card ID of the IC card read by the IC card R / W 120 (step S100).

  Subsequently, the user ID acquisition unit 153 acquires the user ID associated with the card ID acquired by the card ID acquisition unit 151 from the user ID storage unit 141 (step S102).

  Subsequently, the connection information management unit 155 acquires connection information associated with the user ID acquired by the user ID acquisition unit 153 from the connection information storage unit 143 (step S104).

  Subsequently, the first connection unit 159 attempts to connect to the authentication device 200 using the connection information acquired by the connection information management unit 155 (step S106).

  If the first connection unit 159 fails to connect to the authentication device 200 (No in step S108), the display control unit 165 causes the operation display unit 130 to display a user ID and password input screen (step S110).

  Subsequently, the input receiving unit 167 receives the user ID and password input on the input screen displayed by the display control unit 165 from the operation display unit 130 (step S112).

  Subsequently, the second connection unit 161 tries to connect to the authentication device 200 using the user ID and password received by the input receiving unit 167 as connection information (step S114).

  When the second connection unit 161 has successfully connected to the authentication device 200 (Yes in step S116), the authentication unit 163 requests the authentication device 200 to authenticate the user ID used for connection to the authentication device 200. (Step S118).

  When the authentication of the user ID by the authentication apparatus 200 is successful (Yes in step S120), the connection information management unit 155 associates the user ID and password received by the input reception unit 167 with connection information and receives the input. The information is registered (stored) in the connection information storage unit 143 in association with the user ID accepted by the unit 167 (step S122).

  Subsequently, the authentication management unit 169 enables image formation (step S124). As a result, the image forming unit 170 executes image formation on the recording medium.

  On the other hand, when the first connection unit 159 succeeds in the connection with the authentication device 200 in step S108 (Yes in step S108), the authentication unit 163 acquires the user acquired by the user ID acquisition unit 153 with respect to the authentication device 200. ID authentication is requested (step S126).

  When the authentication of the user ID by the authentication apparatus 200 is successful (Yes in step S128), the process proceeds to step S124.

  If the second connection unit 161 fails to connect to the authentication device 200 in step S116 (No in step S116), the authentication of the user ID by the authentication device 200 fails (No in step S120 or No in step S128). The display control unit 165 causes the operation display unit 130 to display an error screen indicating that the authentication has failed (step S130).

  FIG. 8 is a sequence diagram illustrating a specific example of authentication processing performed in the authentication system 10 of the present embodiment.

  First, the card ID acquisition unit 151 of the multifunction device 100 acquires the card ID “AAA” of the IC card read by the IC card R / W 120 of the multifunction device 100 (step S200), and the authentication management unit 169 of the multifunction device 100. (Step S202).

  Subsequently, the authentication management unit 169 instructs the user ID acquisition unit 153 of the multifunction peripheral 100 to acquire the user ID (step S204), and the user ID acquisition unit 153 receives the card ID “1” acquired by the card ID acquisition unit 151. The user ID “BBB” associated with “AAA” is acquired from the user ID storage unit 141 of the MFP 100 (step S206).

  Subsequently, the authentication management unit 169 instructs the connection authentication unit 157 of the multifunction peripheral 100 to authenticate the authentication device 200 (step S208).

  Subsequently, the connection authentication unit 157 instructs the connection information management unit 155 of the MFP 100 to acquire connection information (step S210), and the connection information management unit 155 acquires the user ID “1” acquired by the user ID acquisition unit 153. The connection ID “DDD” and the password “EEE” of the connection information associated with “BBB” are acquired from the connection information storage unit 143 of the MFP 100 (step S212).

  Subsequently, the connection authentication unit 157 (first connection unit 159) transmits the connection ID “DDD” and the password “EEE”, which are connection information acquired by the connection information management unit 155, to the authentication device 200, thereby authenticating. A connection request is made to the apparatus 200 (step S214).

  Here, the connection unit 231 of the authentication apparatus 200 receives the connection information having the connection ID “DDD” and the password “EEE” from the multi-function device 100, and the connection information matching the received connection information is connected to the connection authentication information storage unit 221. Search from the connection information stored in. However, since the connection information with the searched connection ID “DDD” and password “EEE” is associated with the lock information “ON”, the connection unit 231 of the authentication apparatus 200 establishes a connection with the MFP 100. A connection error is notified to the multifunction peripheral 100 without being established (step S216).

  Subsequently, the connection authentication unit 157 (first connection unit 159) notifies the connection management error to the authentication management unit 169 (step S218).

  Subsequently, the authentication management unit 169 instructs the display control unit 165 to display a user ID and password input screen (step S220), and the display control unit 165 displays the user ID and password input screen on the operation display unit 130. It is displayed (step S222).

  Subsequently, the input receiving unit 167 receives the user ID “BBB” and the password “CCC” input on the input screen displayed by the display control unit 165 from the operation display unit 130 (step S224), and the authentication management unit. 169 is notified (step S226).

  Subsequently, the authentication management unit 169 instructs the connection authentication unit 157 of the multifunction peripheral 100 to authenticate to the authentication device 200 using the user ID and password (step S228).

  Subsequently, the connection authentication unit 157 (second connection unit 161) transmits the user ID “BBB” and the password “CCC” received by the input reception unit 167 to the authentication device 200 as connection information, thereby authenticating. A connection request is made to the apparatus 200 (step S230). That is, the connection authentication unit 157 (second connection unit 161) regards the user ID “BBB” as the connection ID “BBB”, and transmits connection information that is the connection ID “BBB” and the password “CCC” to the authentication apparatus 200. .

  Here, the connection unit 231 of the authentication apparatus 200 receives the connection information having the connection ID “BBB” and the password “CCC” from the multi-function device 100, and the connection information that matches the received connection information is connected to the connection authentication information storage unit 221. Search from the connection information stored in. Since the connection information with the searched connection ID “BBB” and password “CCC” is associated with the lock information “OFF”, the connection unit 231 of the authentication apparatus 200 establishes a connection with the MFP 100. Then, the successful connection is notified to the multi-function device 100 (step S232).

  Subsequently, the connection authentication unit 157 (authentication unit 163) requests the authentication device 200 to authenticate the user ID “BBB” used for connection with the authentication device 200 (step S234).

  Here, the authentication unit 233 of the authentication apparatus 200 receives the user ID “BBB” from the multifunction device 100. Then, the authentication unit 233 uses the user ID that matches the received user ID “BBB” as the connection ID “BBB” that is the user ID stored in the connection authentication information storage unit 221 and is used for connection with the multifunction peripheral 100. ”And the user ID associated with the connection information having the password“ CCC ”. The authentication unit 233 notifies the MFP 100 of successful authentication in order to retrieve the user ID “BBB” from the connection authentication information storage unit 221 (step S236).

  Subsequently, the connection authentication unit 157 (second connection unit 161) notifies the authentication management unit 169 of successful authentication (step S238).

  Subsequently, the authentication management unit 169 instructs the connection information management unit 155 to register the user ID and password (step S240), and the connection information management unit 155 has the user ID “BBB” successfully connected to the authentication device 200. And the connection information associated with the password “CCC” as the connection ID “BBB” and the password “CCC”, and are registered (stored) in the connection information storage unit 143 in association with the user ID “BBB” (step S242).

  Subsequently, the authentication management unit 169 enables image formation (step S244). Accordingly, the image forming unit 170 executes image formation on a recording medium such as recording paper.

  As described above, in the present embodiment, when the connection with the authentication device using the connection information associated with the user ID fails, the user ID and password are input, and the input user ID and password are regarded as connection information. A connection with the authentication device is established and the user ID is authenticated. Therefore, according to the present embodiment, even if the connection information associated with the user ID loses its validity for some reason, authentication can be performed.

  In the present embodiment, the connection with the authentication apparatus is established by regarding the input user ID and password as connection information, and when the user ID is successfully authenticated, the user ID and password regarded as connection information are actually connected. Information is registered in association with the user ID. Therefore, according to the present embodiment, the input user ID and password are regarded as connection information, the connection with the authentication device is established, and the user ID is successfully authenticated. Since it is registered as connection information, it is possible to establish a connection with the authentication apparatus and authenticate the user ID without inputting the user ID and password again.

(Modification)
In addition, this invention is not limited to the said embodiment, A various deformation | transformation is possible.

(Modification 1)
In Modification 1, an example will be described in which the MFP of the above embodiment is used as a master device and user authentication of another MFP is performed. In the following, differences from the above embodiment will be mainly described, and components having the same functions as those in the above embodiment will be given the same names and symbols as those in the above embodiment, and description thereof will be omitted. .

  FIG. 9 is a schematic diagram illustrating an example of the configuration of the authentication system 1010 according to the first modification. FIG. 10 is a block diagram illustrating an example of the configuration of the authentication system 1010 according to the first modification. The authentication system 1010 of Modification 1 is different from the above embodiment in that a multifunction device 1300 is added. The multifunction device 1300 is a slave device that performs user authentication by the authentication device 200 using the multifunction device 100 as a master device.

  The multifunction device 1300 is connected to the multifunction device 100 and the authentication device 200 via the network 20. As illustrated in FIG. 10, the multifunction machine 1300 includes a communication unit 1310, an IC card R / W 1320, an operation display unit 1330, a storage unit 1340, a control unit 1350, and an image forming unit 1370.

  The IC card R / W 1320, the operation display unit 1330, the storage unit 1340, and the image forming unit 1370 of the multifunction device 1300 are respectively the IC card R / W 120, the operation display unit 130, the storage unit 140, and the image forming unit 170 of the multifunction device 100. Therefore, detailed description is omitted. However, the storage unit 1340 of the MFP 1300 does not include a user ID storage unit and a connection information storage unit.

  The communication unit 1310 communicates with an external device such as the multifunction device 100 via the network 20 and can be realized by an existing communication device such as a communication interface, like the multifunction device 100. The communication unit 1310 receives print data used for image formation from a PC (Personal Computer) (not shown).

  The control unit 1350 controls each unit of the multifunction device 1300 and can be realized by an existing control device as in the case of the multifunction device 100. The control unit 1350 includes a card ID acquisition unit 1351, a user ID acquisition unit 1353, a display control unit 1365, an input reception unit 1367, and an authentication management unit 1369.

  The card ID acquisition unit 1351 acquires the card ID read by the IC card R / W 1320. The user ID acquisition unit 1353 acquires the user ID associated with the card ID acquired by the card ID acquisition unit 1351 from the user ID storage unit 141 of the multifunction peripheral 100 via the communication unit 1310.

  The display control unit 1365 causes the operation display unit 1330 to display a user ID and password input screen when the MFP 100 fails to connect to the authentication device 200. The input receiving unit 1367 receives the user ID and password input on the input screen displayed by the display control unit 1365 from the operation display unit 1330.

  The authentication management unit 1369 controls authentication processing performed by the multifunction peripheral 1300. For example, when the authentication of the user ID by the authentication apparatus 200 is successful, image formation can be executed. Also, the authentication management unit 1369 notifies the MFP 100 of the user ID acquired by the user ID acquisition unit 1353 via the communication unit 1310, requests authentication with the authentication device 200, or receives it by the input reception unit 1367. The user ID and password are notified to the multi-function device 100 via the communication unit 1310, and authentication with the authentication device 200 is requested.

  Note that the flow of the authentication processing procedure performed in the authentication system 1010 according to the first modification is described in the flowchart shown in FIG. 7 and the sequence diagram shown in FIG. 8 with the IC card R / W 120, operation display unit 130, card ID acquisition unit 151, a user ID acquisition unit 153, a display control unit 165, an input reception unit 167, an authentication management unit 169, and an image forming unit 170, respectively, an IC card R / W 1320, an operation display unit 1330, a card ID acquisition unit 1351, and a user ID. Since the acquisition unit 1353, the display control unit 1365, the input reception unit 1367, the authentication management unit 1369, and the image forming unit 1370 are the same, the detailed description is omitted.

  As described above, according to the first modification, the same effect as that of the above-described embodiment can be obtained even in a multi-function device that does not have an authentication function with an authentication device.

(Modification 2)
In the second modification, an example in which user authentication of the multifunction machine of the first modification is performed using a server device will be described. In the following description, differences from the first modification will be mainly described, and components having the same functions as those of the first modification will be given the same names and symbols as those of the first modification, and the description thereof will be made. Omitted.

  FIG. 11 is a schematic diagram illustrating an example of the configuration of the authentication system 2010 according to the second modification. FIG. 12 is a block diagram illustrating an example of the configuration of the authentication system 2010 according to the second modification. The authentication system 2010 of the second modification is different from the first modification in that a server apparatus 2100 is added instead of the multifunction machine 100. The server device 2100 performs user authentication by the authentication device 200 on behalf of the multifunction device 1300.

  The server device 2100 is connected to the multifunction device 1300 and the authentication device 200 via the network 20. As illustrated in FIG. 12, the server apparatus 2100 includes a communication unit 2110, a storage unit 2140, and a control unit 2150. The storage unit 2140 includes a user ID storage unit 2141 and a connection information storage unit 2143, and the control unit 2150 includes a connection information management unit 2155, a first connection unit 2159, a second connection unit 2161, and an authentication unit 2163. A connection authentication unit 2157.

  The communication unit 2110, user ID storage unit 2141, connection information storage unit 2143, connection information management unit 2155, connection authentication unit 2157, first connection unit 2159, second connection unit 2161, and authentication unit 2163 of the server device 2100 are respectively Communication unit 110, user ID storage unit 141, connection information storage unit 143, connection information management unit 155, connection authentication unit 157, first connection unit 159, second connection unit 161, authentication unit of MFP 100 of Modification 1 Since it is the same as 163, detailed description is abbreviate | omitted.

  Note that the flow of the authentication processing procedure performed in the authentication system 2010 according to the second modification is described in the flowchart shown in FIG. 7 and the sequence diagram shown in FIG. 8 with the IC card R / W 120, operation display unit 130, card ID acquisition unit. 151, a user ID acquisition unit 153, a display control unit 165, an input reception unit 167, an authentication management unit 169, and an image forming unit 170, respectively, an IC card R / W 1320, an operation display unit 1330, a card ID acquisition unit 1351, and a user ID. The acquisition unit 1353, the display control unit 1365, the input reception unit 1367, the authentication management unit 1369, and the image forming unit 1370 are replaced with the user ID storage unit 141, the connection information storage unit 143, the connection information management unit 155, the connection authentication unit 157, the first The 1 connection unit 159, the second connection unit 161, and the authentication unit 163 are connected to the user ID storage unit 2 respectively. 41, the connection information storage unit 2143, the connection information management unit 2155, the connection authentication unit 2157, the first connection unit 2159, the second connection unit 2161, and the authentication unit 2163. .

  As described above, according to the second modification, even when the multifunction device does not have an authentication function with the authentication device, the same effects as those of the above embodiment can be obtained.

(Modification 3)
In the embodiment and the modification, the connection information storage unit may store a user ID and a plurality of connection information in association with each other as illustrated in FIG. In this case, the connection authentication information storage unit also stores a plurality of pieces of connection information stored in the connection information storage unit as shown in FIG.

  In this case, when the first connection unit fails to connect to the authentication device using the connection information, the connection information management unit is connection information associated with the user ID and the first connection unit is connected to the authentication device. Connection information that is different from the connection information that failed is acquired from the connection information storage unit. The first connection unit attempts to connect to the authentication device using the connection information newly acquired by the connection information management unit, and connection information is no longer acquired from the connection information management unit even if the connection fails. The display control unit causes the operation display unit to display an input screen for a user ID and a password.

  For example, in FIG. 13 and FIG. 14, when the first connection unit fails to connect to the authentication device using the connection information whose connection ID is “DDD” and password “EEE”, the connection ID “FFF And the connection information with the password “GGG” is newly acquired. Then, the first connection unit tries to connect to the authentication apparatus using the connection information that is the connection ID “FFF” and the password “GGG” newly acquired by the connection information management unit, and the connection is successful.

  In this way, it is possible to reduce the opportunity to input the user ID and password and try to connect to the authentication device as much as possible, and to increase the convenience for the user.

(Modification 4)
In the third modification, the connection information storage unit may store connection information further including a priority (priority) as shown in FIG.

  In this case, when the first connection unit fails to connect to the authentication device using the connection information, the connection information management unit acquires the connection information associated with the user ID in order of priority.

  For example, in FIG. 15, in the connection information management unit, the first connection unit fails to connect to the authentication device using the connection information with priority 1 (connection ID “DDD” and password “EEE”). In this case, connection information with a priority of 2 (connection information with connection ID “FFF” and password “GGG”) is newly acquired.

  In this way, it is possible to reduce the number of times the user ID and password are input and the connection attempt with the authentication device is repeated as much as possible, and the convenience for the user can be increased.

(Modification 5)
In the embodiment and the modification, the connection information management unit may delete the connection information from the connection information storage unit when the first connection unit fails to connect to the authentication device using the connection information. Good. For example, in the above embodiment and the modification, the connection information management unit, when the first connection unit fails to connect to the authentication device using the connection information having the connection ID “DDD” and the password “EEE”, May be deleted from the connection information storage unit.

  In this way, when user authentication is performed using the authentication device from the next time onward, the number of times of failure to connect to the authentication device can be reduced, and user convenience can be increased.

(Modification 6)
In the above embodiment and the modification, the IC card has been described as an example. However, the present invention is not limited to this, and is a portable information storage medium that can acquire medium identification information for identifying the information storage medium. Anything is acceptable.

(Modification 7)
In the embodiment and the modification, the authentication management unit may take a history of processing for the authentication device. For example, the authentication management unit may store a history such as success / failure of connection to the authentication device and success / failure of authentication in the storage unit.

  In this way, the administrator can check the processing history of the multifunction device and the authentication device.

(Modification 8)
In the embodiment and the modification, the second connection unit may encrypt the input user ID and password as connection information, and attempt to connect to the authentication device using the encrypted connection information. In this case, the connection unit of the authentication device performs connection by decrypting the encrypted connection information.

  In this way, security can be enhanced.

(Hardware configuration)
An example of the hardware configuration of the authentication device, the server device, and the multifunction device of the embodiment and the modification will be described.

  FIG. 16 is a block diagram illustrating an example of a hardware configuration of the authentication device and the server device according to the embodiment and the modification. As shown in FIG. 16, the authentication device and the server device according to the above-described embodiments and modifications include a control device 810 such as a CPU, a storage device 820 such as a ROM and a RAM, and an external storage device 830 such as an HDD and a removable drive device. And a display device 840 such as a display, an input device 850 such as a keyboard and a mouse, and a communication interface 860, and has a hardware configuration using a normal computer.

  The authentication program executed by the authentication device and the server device of the embodiment and the modification is a file in an installable format or an executable format, such as a CD-ROM, a CD-R, a memory card, a DVD (Digital Versatile Disk), The program is stored in a computer-readable storage medium such as a flexible disk (FD).

  Further, the authentication program executed by the authentication device and the server device of the embodiment and the modification may be provided by being stored on a computer connected to a network such as the Internet and downloaded via the network. . Further, the authentication program executed by the authentication device and the server device of the embodiment and the modification may be provided or distributed via a network such as the Internet. Further, the authentication program executed by the authentication device and the server device according to the embodiment and the modification may be provided by being incorporated in advance in a ROM or the like.

  The authentication program executed by the authentication device and the server device according to the embodiment and the modification has a module configuration for realizing the above-described units on a computer. As actual hardware, the CPU reads out the printing method determination program from the HDD onto the RAM and executes it, whereby the above-described units are realized on the computer.

  FIG. 17 is a block diagram illustrating an example of a hardware configuration of the MFP according to the embodiment and the modification. As illustrated in FIG. 17, the multifunction peripheral according to the embodiment and the modification has a configuration in which a controller 910 and an engine unit (Engine) 960 are connected by a PCI (Peripheral Component Interconnect) bus. The controller 910 is a controller that controls the entire MFP, drawing, communication, and input from the operation display unit 920. The engine unit 960 is a printer engine that can be connected to a PCI bus, and is, for example, a monochrome plotter, a 1-drum color plotter, a 4-drum color plotter, a scanner, or a fax unit. The engine unit 960 includes an image processing part such as error diffusion and gamma conversion in addition to a so-called engine part such as a plotter.

  The controller 910 includes a CPU 911, a north bridge (NB) 913, a system memory (MEM-P) 912, a south bridge (SB) 914, a local memory (MEM-C) 917, and an ASIC (Application Specific Integrated Circuit). 916 and a hard disk drive (HDD) 918, and the North Bridge (NB) 913 and the ASIC 916 are connected by an AGP (Accelerated Graphics Port) bus 915. The MEM-P 912 further includes a ROM 912a and a RAM 912b.

  The CPU 911 performs overall control of the multifunction peripheral, has a chip set including the NB 913, the MEM-P 912, and the SB 914, and is connected to other devices via the chip set.

  The NB 913 is a bridge for connecting the CPU 911 to the MEM-P 912, SB 914, and the AGP bus 915, and includes a memory controller that controls reading and writing to the MEM-P 912, a PCI master, and an AGP target.

  The MEM-P 912 is a system memory used as a memory for storing programs and data, a memory for developing programs and data, a memory for drawing printers, and the like, and includes a ROM 912a and a RAM 912b. The ROM 912a is a read-only memory used as a memory for storing programs and data, and the RAM 912b is a writable and readable memory used as a program / data development memory, a printer drawing memory, and the like.

  The SB 914 is a bridge for connecting the NB 913 to a PCI device and a peripheral device. The SB 914 is connected to the NB 913 via a PCI bus, and a network interface (I / F) unit and the like are also connected to the PCI bus.

  The ASIC 916 is an IC (Integrated Circuit) for image processing having hardware elements for image processing, and has a role of a bridge for connecting the AGP bus 915, the PCI bus, the HDD 918, and the MEM-C 917, respectively. The ASIC 916 includes a PCI target and an AGP master, an arbiter (ARB) that forms the core of the ASIC 916, a memory controller that controls the MEM-C 917, and a plurality of DMACs (Direct Memory) that perform image data rotation by hardware logic and the like. Access Controller) and a PCI unit that performs data transfer between the engine unit 960 via the PCI bus. The ASIC 916 is connected to an FCU (Fax Control Unit) 930, a USB (Universal Serial Bus) 940, and an IEEE 1394 (the Institute of Electrical and Electronics Engineers 1394) interface 950 via a PCI bus. The operation display unit 920 is directly connected to the ASIC 916.

  The MEM-C 917 is a local memory used as a copy image buffer and a code buffer, and the HDD 918 is a storage for storing image data, programs, font data, and forms.

  The AGP bus 915 is a bus interface for a graphics accelerator card proposed for speeding up graphics processing. The AGP bus 915 speeds up the graphics accelerator card by directly accessing the MEM-P 912 with high throughput. It is.

  Note that the program executed by the multifunction peripheral according to the above-described embodiment and modification is provided by being incorporated in advance in a ROM or the like.

  The authentication program executed by the MFP of the above embodiment and the modification is a file in an installable format or an executable format and can be read by a computer such as a CD-ROM, a flexible disk (FD), a CD-R, and a DVD. It may be configured to be recorded on a simple storage medium.

  Furthermore, the authentication program executed by the MFP of the above embodiment and the modification may be stored on a computer connected to a network such as the Internet and provided by being downloaded via the network. In addition, the authentication program executed by the MFP according to the embodiment and the modification may be provided or distributed via a network such as the Internet.

  The authentication program executed by the multifunction peripheral according to the embodiment and the modification has a module configuration for realizing the above-described units on a computer. As actual hardware, the CPU 911 reads out a program from the ROM 912a onto the RAM 912b and executes it, whereby the above-described units are realized on a computer.

10, 1010, 2010 Authentication system 20 Network 100 Multifunction machine 110 Communication unit 120 IC card R / W
130 operation display unit 140 storage unit 141 user ID storage unit 143 connection information storage unit 150 control unit 151 card ID acquisition unit 153 user ID acquisition unit 155 connection information management unit 157 connection authentication unit 159 first connection unit 161 second connection unit 163 Authentication unit 165 Display control unit 167 Input reception unit 169 Authentication management unit 170 Image forming unit 200 Authentication device 210 Communication unit 220 Storage unit 221 Connection authentication information storage unit 230 Control unit 231 Connection unit 233 Authentication unit 810 Control unit 820 Storage device 830 External Storage device 840 Display device 850 Input device 860 Communication interface 910 Controller 911 CPU
912 System memory 912a ROM
912b RAM
913 North Bridge 914 South Bridge 915 AGP Bus 916 ASIC
917 Local memory 918 Hard disk drive 920 Operation display unit 930 FCU
940 USB
950 IEEE 1394 interface 960 Engine unit 1300 Multifunction machine 1310 Communication unit 1320 IC card R / W
1330 Operation display unit 1340 Storage unit 1350 Control unit 1351 Card ID acquisition unit 1353 User ID acquisition unit 1365 Display control unit 1367 Input reception unit 1369 Authentication management unit 1370 Image forming unit 2100 Server device 2110 Communication unit 2140 Storage unit 2141 User ID storage unit 2143 Connection information storage unit 2150 Control unit 2155 Connection information management unit 2157 Connection authentication unit 2159 First connection unit 2161 Second connection unit 2163 Authentication unit

JP 2007-235713 A

Claims (12)

An image forming apparatus connected to an authentication apparatus via a network,
Medium identification information acquisition means for acquiring medium identification information of the information storage medium;
User ID storage means for storing the medium identification information and the user ID in association with each other;
User ID acquisition means for acquiring a user ID associated with the acquired medium identification information from the user ID storage means;
Connection information storage means for storing a user ID and connection information including a connection ID and a password in association with each other;
Connection information management means for acquiring connection information associated with the acquired user ID from the connection information storage means;
First connection means for trying to connect to the authentication device using the acquired connection information;
A display control unit for displaying a user ID and password input screen on the display unit when the first connection unit fails in connection;
Input accepting means for accepting input of the user ID and the password;
Second connection means for attempting to connect to the authentication device using the input user ID and password as connection information;
An authentication means for requesting the authentication device to authenticate the user ID when the connection is successful;
An image forming apparatus comprising: The connection information storage means stores the user ID and a plurality of connection information in association with each other,
The connection information management means is connection information associated with the user ID when the first connection means fails to connect to the authentication device using the connection information, and the first connection means The image forming apparatus according to claim 1, wherein connection information different from the connection information that has failed to connect to the authentication apparatus is acquired from the connection information storage unit. The connection information further includes a priority,
The image forming apparatus according to claim 2, wherein the connection information management unit acquires the plurality of pieces of connection information in the order of the priorities.   The connection information management unit, when the first connection unit fails to connect to the authentication device using the connection information, deletes the connection information from the connection information storage unit. The image forming apparatus according to any one of 1 to 3. The information storage medium is an IC card;
The image forming apparatus according to claim 1, wherein the medium identification information is a card ID of the IC card.   6. The image forming apparatus according to claim 1, further comprising an authentication management unit that takes a history of processing for the authentication apparatus. The second connection means includes
The input user ID and the password are encrypted as connection information, and the connection with the authentication device is attempted using the encrypted connection information. Image forming apparatus. An authentication system comprising a first image forming apparatus and a second image forming apparatus connected to an authentication apparatus via a network,
The first image forming apparatus includes:
User ID storage means for storing the medium identification information and the user ID in association with each other;
Connection information storage means for storing a user ID and connection information including a connection ID and a password in association with each other;
Connection information management means for acquiring connection information associated with a user ID notified from the second image forming apparatus from the connection information storage means;
First connection means for trying to connect to the authentication device using the acquired connection information;
Second connection means for attempting to connect to the authentication device using the user ID and password notified from the second image forming device as connection information;
An authentication unit that requests the authentication device to authenticate the user ID when the connection is successful;
The second image forming apparatus includes:
Medium identification information acquisition means for acquiring medium identification information of the information storage medium;
User ID acquisition means for acquiring a user ID associated with the acquired medium identification information from the user ID storage means and notifying the first image forming apparatus;
A display control unit for displaying a user ID and password input screen on the display unit when the first connection unit fails in connection;
An authentication system comprising: an input receiving unit that receives input of the user ID and the password and notifies the first image forming apparatus. An authentication system comprising a server device and an image forming device connected to an authentication device via a network,
The server device
User ID storage means for storing the medium identification information and the user ID in association with each other;
Connection information storage means for storing a user ID and connection information including a connection ID and a password in association with each other;
Connection information management means for acquiring connection information associated with a user ID notified from the image forming apparatus from the connection information storage means;
First connection means for trying to connect to the authentication device using the acquired connection information;
Second connection means for attempting to connect to the authentication device using a user ID and password notified from the image forming device as connection information;
An authentication unit that requests the authentication device to authenticate the user ID when the connection is successful;
The image forming apparatus includes:
Medium identification information acquisition means for acquiring medium identification information of the information storage medium;
User ID acquisition means for acquiring a user ID associated with the acquired medium identification information from the user ID storage means and notifying the server device;
A display control unit for displaying a user ID and password input screen on the display unit when the first connection unit fails in connection;
An authentication system comprising: an input receiving unit that receives input of the user ID and the password and notifies the image forming apparatus of the input. A medium identification information acquisition means for acquiring medium identification information of the information storage medium;
A user ID acquisition step in which the user ID acquisition means acquires the user ID associated with the acquired medium identification information from the user ID storage means for storing the medium identification information and the user ID in association with each other;
A connection information management step in which the connection information management means acquires the connection information associated with the acquired user ID from the connection information storage means for storing the user ID and connection information including the connection ID and password in association with each other. When,
A first connection step in which the first connection means tries to connect to the authentication device using the acquired connection information;
A display control step for causing the display means to display an input screen for a user ID and a password when the display control unit fails to connect;
An input receiving step for receiving input of the user ID and the password;
A second connection step in which a second connection means tries to connect to the authentication device using the input user ID and password as connection information;
An authentication step for requesting the authentication device to authenticate the user ID when the authentication unit succeeds in the connection;
An authentication method comprising:   An authentication program for causing a computer to execute the authentication method according to claim 10.   A computer-readable storage medium storing the authentication program according to claim 11.

Images