JP4650789B2 - Authentication device and management device - Google Patents

Description

  The present invention relates to an authentication device that authenticates a user based on information read from a recording medium and a management device that manages the operation of the device based on information read from a storage medium. The present invention relates to an authentication apparatus and a management apparatus that can use a recorded recording medium as a user authentication recording medium.

  Various systems are known as a system for selecting an image forming apparatus to be used or a system for restricting use of an image forming apparatus to only authorized users.

  For example, Japanese Patent Application Laid-Open No. 2004-151620 discloses a technique that uses a plurality of image forming apparatuses to copy images by using a plurality of external storage devices and freely select a collation between the image forming apparatus and the external storage device. It is disclosed.

  Further, in Patent Document 2 below, when a user operating a computer is identified and registered by reading an IC card of a reader / writer, the user registers an image formation command, and selects an image formation mode at the time of detection. Discloses a technique for starting image formation when the identity of a registered user of a user in the vicinity of the image forming apparatus is confirmed.

  Among these, as in the image forming system described in Patent Document 2, the image forming apparatus is used only for authorized users by using an authentication recording medium (such as an IC card) and an authenticator (such as a reader / writer). The construction and operation of a management system that manages the system is usually performed according to the following procedure.

  First, an authentication storage medium (hereinafter referred to as an authentication card) is distributed to users who are permitted to use, and an authenticator is attached to the image forming apparatus.

  When using the image forming apparatus, the authentication card is read into the authenticator, and when the authenticator recognizes it as a regular authentication card, the use permission is notified to the image forming apparatus.

  After receiving and confirming the use permission signal from the authentication device, the image forming apparatus shifts to an available state. Thereafter, at the timing when the authentication card is taken out from the authenticator, the authenticator notifies the image forming apparatus of the use prohibition.

An authentication system that authenticates users using an authenticator, such as this image forming apparatus management system, can be expanded to a totaling system and output restriction service, which has great merit for the user side. Widely used regardless.
Japanese Patent Laid-Open No. 04-362964 JP 2004-223990 A

  In the image forming apparatus management system described above, because the authenticator recognizes the user and controls the image forming apparatus, the manufacturer of the image forming apparatus develops an authenticator and an authentication card and provides them to the user. It is common.

  In this case, the interface between the image forming apparatus and the authenticator and the authentication card are defined by the manufacturer's original specification, and this specification is not disclosed to the outside for ensuring security.

  On the other hand, in recent years, the spread of IC cards, which are non-contact type recording media, has increased, and the number of cases where IC cards are used for employee cards, student cards, admission cards, and the like is increasing.

  Reflecting this situation, for example, even in a management system that manages the operation of the image forming apparatus based on the result of authenticating information read from an authentication card by an authenticator, it is distributed as an authentication card from the manufacturer (manufacturer) There is an increasing demand for using an IC card that a user currently has as an authentication card rather than using a specified authentication card.

  In response to such a request, in a conventional management system using an authentication card specified by a manufacturer, even if the user wishes to use, for example, an employee ID card as an authentication card, the employee ID card (user-specified authentication card) Because the authentication process using cannot be performed, it is necessary to change the specifications of the authenticator according to the specifications of the user-specified authentication card, or to prepare an authenticator that meets the specifications, which increases the system cost. There was a problem.

  It is an object of the present invention to provide an authentication device and a management device that solve the above-described problems and make it possible to use an existing recording medium as a user authentication recording medium.

  In order to achieve the above object, the invention according to claim 1 has a reading unit for reading information recorded on a recording medium, and authenticates a user based on the information read from the recording medium by the reading unit. In the authentication apparatus, when the system identification code that matches the system identification code read from the recording medium is set by the reading unit, the system identification code that sets the system identification code and the reading target area of the recording medium is set. The information of the reading target area set corresponding to the code is read from the recording medium, the identification information generating means for generating user identification information based on the read information, and the identification information generating means Based on registration means for registering user identification information, user identification information generated by the identification information generation means, and registered user identification information registered by the registration means. Characterized by comprising an authentication means for authenticating the user can.

  According to a second aspect of the present invention, in the first aspect of the invention, the setting unit sets a plurality of the reading target areas corresponding to the system identification code, and the identification information generation unit includes the system identification. The user identification information is generated based on the read information from the plurality of read target areas set corresponding to the codes.

  The invention according to claim 3 is the invention according to claim 1 or 2, wherein the setting means sets a system identification code and a reading target of each recording medium for each of a plurality of different types of recording media, The identification information generating means generates the user identification information for each of the plurality of different types of recording media.

  According to a fourth aspect of the present invention, in a management apparatus that manages the operation of the apparatus based on user identification information, a recording medium on which information including a system identification code is recorded, and information recorded on the recording medium are read. A reading unit, a setting unit that sets a system identification code of a recording medium and a reading target area, and a system identification code that matches the system identification code read from the recording medium by the reading unit; The information of the reading target area set corresponding to the code is read from the recording medium, the identification information generating means for generating user identification information based on the read information, and the identification information generating means Authentication means for authenticating a user who permits the operation of the apparatus based on the user identification information and the registered user identification information registered, and the operation of the apparatus is permitted by the authentication means. When authenticating that the user who, characterized by comprising a control means for performing control to allow the operation of the device.

  According to a fifth aspect of the present invention, in the fourth aspect of the invention, when the identification information registration mode is set by the mode setting means for setting the identification information registration mode and the mode setting means, the identification information generation mode is set. And registration means for registering the user identification information generated by the means.

  The invention according to claim 6 is the invention according to claim 4 or 5, wherein the setting means sets a plurality of the reading target areas corresponding to the system identification code, and the identification information generating means Information is read from the plurality of read target areas set corresponding to system identification codes, and the user identification information is generated based on the read information.

  The invention according to claim 7 is the invention according to any one of claims 4 to 6, wherein the setting means sets a system identification code and a reading target of each recording medium for each of a plurality of different types of recording media. The identification information generating means generates the user identification information for each of the plurality of different types of recording media.

  According to the present invention, when the system identification code of the recording medium and the reading target area are set in association with each other, and then the system identification code that matches the system identification code read from the recording medium is set, A recording medium system for reading information on a reading target area set corresponding to an identification code from the recording medium, generating user identification information based on the read information, and performing user authentication processing. After a preparation stage for setting an identification code and a desired reading target area, an existing recording medium such as an employee ID card or student ID card can be used as a user authentication recording medium.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a conceptual diagram showing the overall configuration of a management system according to the present invention.

  This system includes a multifunction peripheral (for example, having a function of a printer, a copy, a FAX, etc.) 10 that is an image forming apparatus to be managed, and a non-contact type IC card that is placed at or close to a predetermined reading position by a user. (Hereinafter referred to as an IC card) 30 reads information, authenticates whether or not the user is permitted to use the multifunction device 10 based on the read information, and uses the multifunction device 10 according to the authentication result. It consists of a management device 20 that controls to a permission state or a use prohibition state, a notebook computer, and the like, and is connected to the management device 20 to perform various settings such as information settings necessary for carrying out the authentication process. And a setting device 40 to be configured.

  Here, the multifunction device 10 and the management device 20 may be always connected by a cable or the like, and the setting device 40 may be connected to the management device 20 only when setting is necessary.

  The management device 20 is provided with a card placement unit 221 for placing an IC card 30 to be read within a readable range of a non-contact type IC card communication unit 22 to be described later on the upper surface of the management device 20 in terms of appearance configuration.

  In addition, on the upper part of the card placement unit 221, the multifunction device 10 uses a readable state display LED (Light Emitting Diode) 211 indicating a readable state of the IC card 30 and information read from the IC card 30. An LED 212 is provided that is controlled to be turned on and off in response to being controlled to a permitted state or a prohibited state.

  Further, an operation unit 23 having a release button or the like for canceling the usable state of the multifunction machine 10 is provided at a position adjacent to the card placement unit 221.

  In this management system, in a standby state, a use prohibition command is sent from the management apparatus 20 to the multifunction device 10, and the multifunction device 10 cannot operate. At this time, the use permission state display LED 212 is in an extinguished state.

  In this state, when using the multifunction device 10, the user confirms that the readable state display LED 211 is lit, and puts the IC card 30 carried by the user into the card placement unit 221 of the management device 20. The information recorded on the IC card 30 is read by the management device 20 by placing or holding (proximate) it.

  In the management apparatus 10, when the user is authenticated as a user who is permitted to use the multifunction device 10 based on the information read from the IC card 30 (in the case of authentication OK), the command (use of the multifunction device 10 is permitted. The user can perform operations such as printing, copying, and FAX using the multi-function device 10 while the use permission command is sent.

  While the multifunction machine 10 is in the use permission state, the readable state display LED 211 and the use permission state display LED 212 are controlled to be turned off.

  FIG. 2 is a block diagram showing functional configurations of the multifunction machine 10 and the management apparatus 20 in the system of FIG.

  As shown in FIG. 2, the multifunction device 10 includes a display unit 11, an operation unit 12, an image forming unit 13, a management device connection unit 14, and a multifunction device control unit 15.

  The display unit 11 displays various types of information such as the operation state of the multifunction device 10 and a message prompting the user to operate when the multifunction device 10 is in a usage-permitted state.

  The operation unit 12 inputs various commands and information such as a start command operation related to printing, copying, FAX, or the like when the multifunction machine 10 is in a usage-permitted state.

  The image forming unit 13 prints out image information to be printed on paper as an image by an electrophotographic process under the control of the multifunction device control unit 15 in response to activation commands related to various functions in the operation unit 10.

  The management device connection unit 14 is connected to the multifunction device control unit 25 of the management device 20 and controls the exchange of data and control signals with the management device 20.

  The multifunction device control unit 15 performs overall control of the entire multifunction device 10 through the control of each unit described above. In this control, in the state where the use prohibition command is given from the management device 20, the command operation acceptance such as the start of copying from the operation unit 11 is prohibited, while in the state where the use permission command is given from the management device 20. Control for switching to a state where the command operation can be accepted from the operation unit 11 (use permission state). In the use permission state, the image forming unit 13 is driven in response to a command such as a copy start from the operation unit 11 to display an image. This includes printing operation control for printing out.

  On the other hand, the management apparatus 20 performs communication related to reading of information between the display unit 21 having the readable state display LED 211 and the use permission state display LED 212 and the IC card 30 mounted on or close to the card mounting unit 221. Connection with a non-contact type IC card communication unit (hereinafter referred to as an IC card communication unit) 22 to be performed, an operation unit 23 including a release button (not shown) for canceling the use permission state of the multifunction device 10, and a setting device 40 Various information such as a setting device connection unit 24 that controls the interface, a multifunction device control unit 25 that is connected to the management device connection unit 14 of the multifunction device 10 and controls the multifunction device 10, and an operation control program of the management device 20 is stored. The storage unit 26 includes a management device control unit 27 that performs overall control of the entire management device 20 based on an operation control program stored in the storage unit 26.

  The display unit 21 controls lighting of the readable state display LED 211 and the usage permission state display LED 212 based on a predetermined control signal from the management device control unit 27, and the management device 20 can read or read the IC card 30. The user is notified of the prohibited state and that the multifunction device 10 is in a use-permitted state or a use-prohibited state.

  The IC card communication unit 22 reads the information recorded on the IC card 30 by placing or holding the IC card 30 in a predetermined space including the surface of the card placement unit 221. The information is transferred to the management device control unit 27.

  The setting device connection unit 24 controls transmission and reception of data and control signals between the management device 20 and a setting device 40 connected via a cable [for example, Ethernet (registered trademark) cable].

  The multifunction device control unit 25 receives a control signal output from the management device control unit 27 according to a user authentication result performed by the management device control unit 27 based on the information read from the IC card 30, and receives the control signal. A command signal such as use permission or use prohibition is transmitted to 20 to control the operation of the multifunction device 20.

  The storage unit 26 performs processing for authenticating whether or not the management device control unit 27 is a user registered to be able to use the multifunction device 10 based on information read from the IC card 30 through the IC card communication unit 22. Necessary information and various setting information set from the setting device 40 in association with the execution of the authentication process are held together with the above-described operation control program.

  In the overall control described above, the management device control unit 27 controls the IC card communication unit 22 to read the information on the IC card 30, and the information read from the IC card 30 and the authentication stored in the storage unit 26. Control for verifying whether or not the user is permitted to use the multifunction device 10 by comparing and collating the information, and depending on whether the user is permitted to use (authentication OK) or not (authentication NG). The multifunction device 10 is set in an operation (use) permission state or an operation (use) prohibition state through the device control unit 25, and the multifunction device 20 is operated based on an operation of removing the IC card 30 or pressing the release button of the operation unit 23. The control etc. which switch from a permission state to an operation prohibition state are performed.

  In the system of the present invention having such a configuration, the management apparatus 20 satisfies the specifications of the system as a user authentication storage medium (hereinafter referred to as an authentication card) for authenticating that the user can use the multifunction machine 10. An authentication card (IC card) is not newly distributed to each user, but accepts various IC cards 30 already owned by each user.

  In the present invention, the IC card 30 that can be accepted by the management apparatus 20 includes, for example, each employee ID of each employee, contract employee, and part-time employee who can be a user.

  In addition, there are employee ID cards (admission cards) held by affiliated and affiliated company employees entering and leaving the company introducing the system, student ID cards, and ID cards held by students, staff, and teachers. Can be mentioned.

  In order to make these IC cards 30 operable as an authentication card for authenticating the user of the multifunction machine 10, the present invention focuses on the following points.

  That is, each IC card 30 described above stores a system identification code (system code) for identifying the system system for each system, and the configuration of the information storage area in the IC card 30 and the contents of stored information In the present invention, the system code of the IC card 30 that the user wishes to use as an authentication card and the reading target area for the storage area of the IC card 30 are defined. When the IC card 30 is set in advance and held over (hereinafter described in the example of mounting), the system code corresponding to the system code read from the IC card 30 is set in advance. Is registered in the IC card 3, information on the reading area in which a plurality of reading target areas set corresponding to the system code are registered is stored in the IC card 3. Further read from, and generates a new user authentication identification information based on the information taken said read.

  In order to realize such processing functions, in the configuration of the management device 20 shown in FIG. 2, the management device control unit 27 includes an identification information generation condition setting control unit 271, an identification information generation control unit 272, and an authentication control unit 273. .

  The identification information generation condition setting control unit 271 cooperates with the setting device 40 connected to the setting device connection unit 24 to read a system code of an arbitrary IC card 30 and a recording area of the IC card 30. Process to set.

  The identification information generation control unit 272 extracts a system code from information read from an arbitrary IC card 30 placed on the card placement unit 221 through the IC card communication unit 22, and the system code is used for identification information generation condition setting control. If it matches the system code set by the unit 272, the reading area information set by the system code (by the identification information generation condition setting control unit 271) is further read from the IC card 30, Based on the read information, user identification information for making the arbitrary IC card 30 usable as an authentication card of the present system is generated.

  The authentication control unit 273 determines whether the owner of the IC card 30 has the MFP 10 according to whether or not the identification information generated by the identification information generation control unit 272 matches the identification information registered in advance. A process of authenticating whether or not the user is permitted to use is performed.

  If it is determined by the authentication process that the user is not permitted to use the multifunction device 10 (authentication NG), a use prohibition instruction is sent to the multifunction device 10 while the use of the multifunction device 10 is permitted. If it is determined that the user has been authenticated (authentication OK), control is performed so as to send a use permission command to the multifunction device 10.

  Next, the operation of the system of the present invention will be described in order.

  As described above, in the system of the present invention, it is necessary to set identification information generation conditions in the management device 20 prior to its operation.

  FIG. 3 is a flowchart showing the identification information generation condition setting processing procedure in the system of the present invention. The generation condition setting processing in the setting device 40 shown in FIG. 3A and the management device 20 shown in FIG. And the generation condition setting reception process.

  As shown in FIG. 3A, when the setting device 40 is connected to the management device 20 and an identification information generation condition setting start operation is performed by pressing a predetermined key (step S101 YES) Then, a web browser (Web Browser) installed in its own device is activated, and for example, an identification information generation condition setting screen 450a having a configuration as shown in FIG. 5 is displayed on the display unit (step S102).

  Next, using this setting screen 450a, an input of a system code of an arbitrary IC card 30 to be used as an authentication card and an area to be read (reading area) for the storage area of the IC card 30 is accepted. (Step S103) While the setting end operation is not performed due to pressing of a predetermined key (NO in Step S104), the input receiving process is continued.

  During this time, when the setting end operation is performed (YES in step S104), the setting device 40 sends the system code and reading area information input so far to the management device 20 (step S105).

  On the other hand, as shown in FIG. 3B, the management device 20 receives identification information generation condition information including the system code and reading area information sent from the setting device 40 through the setting device connection unit 24. (Step S 201), and passes to the identification information generation condition setting control unit 271 of the management device control unit 27.

  The identification information generation condition setting control unit 271 associates the system code and the reading area in the identification information generation condition information received from the setting device 40 and registers them in the identification information generation condition management table 265 of the storage unit 26 (step S202).

  The identification information generation condition setting process will be described more specifically with reference to FIGS.

  FIG. 4 is a conceptual diagram showing an information storage structure of an IC card 30a to be used as an authentication card for this system through the identification information generation condition setting process shown in FIG.

  This IC card 30a is used, for example, as an employee ID card for a company (including contract employees and part-time employees) who intends to introduce this system, and the system code is “12345”. As “1008h”, “1028h”, “1068h”, and “1088h”.

  Regarding the service code “1008h”, “0 (zero)” bytes (bytes) to 7 bytes are attribute code numbers, 8 to 15 bytes are valid, and 16 to 31 bytes are valid. Each name is remembered.

  Similarly, for the service codes “1028h”, “1068h”, and “1088h”, each piece of information of the data items shown in FIG. 4 is stored in each byte area for each service code.

  When the identification information generation condition is to be set for the IC card 30a having such an information storage structure, the administrator first uses the setting device 40 connected to the management device 20, for example, the identification shown in FIG. An information generation condition setting screen 450a is displayed on the display unit.

  The setting screen 450a includes a system code setting field and a reading area setting field. The reading area setting field includes a reading area type (service code), a specific value of the service code, and a service code of the value. A column for inputting a start address and an end address of an area (reading area) desired to be read is provided.

  The administrator grasps the information storage structure of the IC card 30a in FIG. 4, and inputs an information area corresponding to the information to be read out as a reading area using the identification information generation condition setting screen 450a.

  According to the example of FIG. 4, on the identification information generation condition setting screen 450a, the system code = 12345 of the IC card 30a is input to the system code setting field, and 0 bytes of service code = 1008 is input to the reading area setting field. 7 bytes, 0 bytes of service code = 1028, and 0 to 3 bytes of service code = 1088 are input as reading areas.

  When the system code of the value shown in this example and the reading area information are input from the setting device 40 and transmitted to the management device 20, the identification information generation condition setting control unit 271 of the management device 20 receives the received system code and The information of the reading area is registered in the identification information generation condition management table 265 of the storage unit 26 as the identification information generation condition information 265a having the contents shown in FIG.

  As can be seen from the figure, the identification information generation condition information 265a in this example is for the IC card 30 having the system code = 12345, from 0 bytes to 7 bytes of service code = 1008, and 0 bytes of service code = 1028. , The content indicates that each information area of 0 to 3 bytes of service code = 1088 is read.

  Processing operations in the management apparatus 20 after setting the identification information generation conditions in this way will be described with reference to FIG.

  First, a process for registering the IC card 30a as an authentication card based on the identification condition generation condition information registered in the identification information generation condition management table 265 as described above will be described.

  In this case, the administrator operates the setting device 40 to send the identification information generation / registration mode instruction information to the management device 20, and in the management device 20, the management device control unit 27 receives the identification information generation / registration mode instruction signal. To set the identification information generation registration mode.

  After completion of the identification information generation registration mode, the administrator deposits the IC card 30a to be registered as an authentication card from the owner (or by the owner's own hand) and places it on the card placement unit 221. To do.

  On the other hand, the management apparatus 20 repeatedly performs an operation of wirelessly transmitting a polling command from the IC card communication unit 22 (step S301) and receiving a response command to the polling command (step S302) after the system is activated. The IC card communication unit 22 is driven.

  In this state, when the IC card 30a is placed on the card placement unit 221, the IC card 30a wirelessly transmits a response command including the system code of the own card in response to the polling command from the IC card communication unit 22. To do.

  In response to the operation of the IC card 30a, when the management device 20 receives a response command from the mounted IC card 30a (step S302), the identification information generation control unit 272 extracts a system code from the response command. (Step S303), it is checked whether or not the system code matches the system code registered in the identification information generation condition management table 265 (Step S304).

  If there is no matching system code (NO in step S304), an error process (step S331) is performed, and then the process ends.

  On the other hand, when the matching system code is registered (YES in step S304), the identification information generation control unit 272 displays the reading area set corresponding to the system code in the identification information generation condition management table 265. Recognize and read information from the storage area corresponding to the reading area in the IC card 30a through the IC card communication unit 22 (step S305).

  Subsequently, it is checked whether or not a next reading area is set (step S306). If there is a next reading area (YES in step S306), reading of information in the reading area is continued (step S305).

  If there is no next reading area (NO in step S306), the identification information generation control unit 272 uses the user identification ID used as the identification information of the IC card 30a based on the information read from each reading area in step S305 so far. Is newly generated (step S307).

  The operation up to this point will be described in more detail with reference to FIG. FIG. 9 is a diagram showing a control sequence between the management device 20 and the IC card communication unit 22 when reading the IC card.

  As shown in FIG. 9, the management device 20 repeatedly performs an operation of wirelessly transmitting a polling command from the IC card communication unit 22 (step S301) and receiving a response command to the polling command (step S302) during standby. ing.

  During this time, when the IC card 30a is placed on the card placement unit 221 and the IC card 30a wirelessly transmits a response command including the system code of the own card in response to the polling command from the IC card communication unit 22, the management device 20, the response command is received (step S302), and the reading area corresponding to the system code included in the response command is confirmed by checking the identification information generation condition information 265a, and then the polling method with the IC card 30 is performed. The information of the reading area is read from the IC card 30a through the communication.

  Here, when there are three reading areas, for example, the management device 20 sequentially transmits a polling signal instructing reading of the reading area 1, the reading area 2, and the reading area 3, and an IC card is sent to each of the polling signals. Each response signal sent from 30a each time (respectively reading and sending information of reading area 1, reading area 2 and reading area 3 instructed at that time) is received.

  Thus, after reading each information of the reading area 1, the reading area 2, and the reading area 3 from the IC card 30a (step S305), a new user identification ID is generated based on the read information (step S305). S307).

  The management device control unit 27 generates the identification information by the setting device 40 after reading the information of the reading area set in advance from the IC card 30a and generating a new user identification ID by the processing from step S301 to S307 described above. It is checked whether or not the registration mode is set (step S308).

  If the identification information generation / registration mode is set as in this case (YES in step S308), the process proceeds to the identification information registration process.

  FIG. 8 is a flowchart showing the identification information registration process following YES in step S308 of FIG.

  In this identification information registration process, the management device control unit 27 receives the input of the user name from the setting device 40 by a method such as performing a display prompting the user name to be input on the display unit of the connected setting device 40. Processing is performed (step S321).

  Here, by operating the input unit of the setting device, the administrator inputs the name of the user (for example, employee A, employee B, contract employee C, etc.) to be associated with the IC card 30a read this time, After the input is completed, a key operation for instructing that is performed.

  On the other hand, when the management apparatus 20 recognizes that the input of the user name has been completed by the key operation or the like (YES in step S322), the user name received in step S321 is the identification information (user identification ID) generated in step S307. For example, the new user identification ID is stored in the identification information management table 267 of the storage unit 26, and the series of identification information generation and registration processing is terminated.

  FIG. 10 is a diagram showing an example of registered information contents in the identification information management table 267. As shown in FIG.

  In particular, in FIG. 10, according to the identification information generation condition information 265a (see FIG. 6) registered in the identification information generation condition management table 265, employees A and B, contract employees C and D, and part-time employees E to be registered as users. , F respectively, and a registration example of a user identification ID corresponding to each IC card 30a on which system code = 123345 is recorded.

  Here, the user names such as “employee A”, “employee B”,... In the registration information of the identification information management table 267 are displayed during the processing operation in the identification information generation registration mode in FIG. This is input by the administrator in FIG.

  In this example, with respect to the IC card 30a held by the employee A, according to the identification information generation condition information 265a shown in FIG. 6, from the area 1 of the IC card 30a (0 to 7 byte area of service code = 1008), by attribute code Number (see FIG. 4) = 0001 is read, attribute code (see FIG. 4) = 1 is read from area 2 (0-byte area of service code = 1028), and area 3 (service code = 1088 0-3) The identification number (see FIG. 4) = 000 is read from the byte area), and the user identification ID of the employee A “00011000” generated by combining these read values is newly registered.

  Similarly, regarding the IC card 30a held by each of the employee B, contract employee C, D, and part-time employee E, F, the attribute code number read from each IC card 30a (0-7 bytes of service code = 1008) Area), attribute code (0-byte area of service code = 1028), and identification number (0-3 byte area of service code = 1088), “01021000”, “01002003”, “00012004”, respectively. , “00001001” and “00009022” are registered.

  Next, returning to FIG. 7 again, the authentication processing in the system of the present invention will be described.

  After completing the registration of the user identification ID corresponding to the IC card 30a possessed by each user through the above-described identification information generation / registration process, the management device 20 operates in response to the instruction to cancel the identification information generation / registration mode from the setting device 40. Returning to the mode (authentication mode), in this operation mode, each user can use the multifunction device 10 by using each person's IC card 30a as an authentication card.

  When the user uses the multifunction device 10, the readable state display LED 221 is turned on and the available state display LED 222 is turned off, so that the IC card 30 a can be read and the multifunction device 10 is in a prohibited state. After confirming that it exists, the IC card 30 a registered as an authentication card is placed on the card placement unit 221 of the management device 20.

  Thereby, the management apparatus 20 performs the process of step S301-S307 of FIG. 7 as already demonstrated.

  That is, the identification information generation control unit 272 of the management device 20 reads information from the IC card 30a placed on the card placement unit 221 (step S302 YES), extracts a system code (step S303), and then Information such as a service code is read from the storage area of the IC card 30a corresponding to the reading area set in correspondence with the system code (step S304 YES), and the read information such as the service code is read. Based on this, a user identification ID is generated (step S307).

  Next, the authentication control unit 273 of the management device control unit 27 checks whether or not the identification information generation registration mode is set by the setting device 40 (step S308).

  If it is determined that the identification information generation / registration mode has not been set because the identification information generation / registration process has already been completed and the operation mode has been entered (NO in step S308), Move to authentication process.

  In this user authentication process, the authentication control unit 273 determines that the user identification ID generated in step S307 based on the information read from the preset reading area of the IC card 30a currently placed is the identification information management table. It is determined whether or not the identification information (user identification ID) registered in 267 matches (step S309).

  Here, when the generated identification information does not match the registered identification information (NO in step S309), the authentication control unit 273 performs authentication error processing (step S331) by determining that the user is authenticated NG. Thereafter, the process ends.

  Here, for example, the authentication control unit 273 sends an authentication NG display command to the multifunction device 10 by instructing the multifunction device control unit 25 as the authentication error processing.

  As a result, in the multifunction device 10, the multifunction device control unit 15 receives the authentication NG display command through the management device connecting device 14, and based on the authentication NG display command, the display unit 11 “authentication NG cannot be used” or the like. Display a message.

  On the other hand, if the user identification ID generated in step S307 matches the registered user identification ID (YES in step S309), the authentication control unit 273 determines that the user authentication is OK, and the multifunction device control unit 25 is sent to the multifunction machine 10 (step S310).

  At this time, for the display unit 21, the usable state display LED 222 is changed from the light-off state (indicating that it is in a use-prohibited state) to the light-on state (use-permitted state) with the readable state display LED 221 turned off. Control).

  On the other hand, in the multifunction device 10, the multifunction device control unit 15 receives the use permission command through the management device connecting device 14 and switches the operation unit 12 from the operation reception disabled state to the operation reception enabled state based on the use permission command. Or a message such as “Authentication OK is available. Start the operation” is displayed on the display unit 11, and the MFP 10 is controlled to be usable.

  Accordingly, the user can operate the operation unit 12 to cause the multifunction device 10 to perform operations such as printing, copying, and faxing, and can perform a desired operation.

  When the multifunction device 10 is executing an operation by a user's operation, the multifunction device control unit 15 transmits information (the number of prints, the number of copies, etc.) indicating the operation status via the management device connection unit 14 to the management device 20. Send to.

  In the management device 20, the management device control unit 27 receives the operation status information via the multifunction device connection unit 25, and determines the user identification ID (identification information management table 267) of the IC card 30 a determined to be authenticated in step S 309. The user management ID registered in the print management process for counting and updating the number of printed sheets, the number of copies, etc., in association with the registered user identification ID: generated and registered based on the information read from the set reading area (step S341) ).

  According to the user authentication process of the management device 20 described above, for example, when the employee A places the IC card 30a of the system code = 1345 that the employee A has on the card placement unit 221 of the management device 20, FIG. Are read from the IC card 30a in the 0-7 byte area of service code = 1008, the 0 byte area of service code = 1028, and the 0-3 byte area of service code = 1088. Then, a new user identification ID is generated from each of the read information, and the generated user identification ID is generated and registered by reading a preset reading area of the IC card 30a. As a result of matching with the ID “00011000” (see FIG. 10), it is determined that the authentication is OK, and the MFP 10 is used It can be.

  Similarly, when employee B, contract employee C, E, and part-time job E, F place each IC card 30a of their own system code = 12345 on the card placement unit 221 of the management apparatus 20, Information of preset areas [0 to 7 byte area of service code = 1008, 0 byte area of service code = 1028, 0 to 3 byte area of service code = 1088] is read from each IC card 30a. Each new user identification ID is generated based on the user ID, and each generated user identification ID is generated by reading a preset reading area of each IC card 30a and registered. 01021000 ”,“ 01002003 ”,“ 00012004 ”,“ 00009011 ”,“ 00009022 ”(see FIG. 10), respectively. To a result, it is determined that the authentication OK, it is possible to utilize the MFP 10.

  As described above, in the present invention, the reading area for the system code of the IC card 30 of any system and the storage area of the IC card 30 is set in the management device 20 in advance, and the IC card 30 reads the predetermined number. If a system code corresponding to the system code read from the IC card 30 when placed at the position is set, information on the reading area set corresponding to the system code is read from the IC card 30. In order to perform identification processing by generating identification information corresponding to the IC card 30 based on the read information of each read area, the system code and a desired reading area are set for an arbitrary IC card 30 After a quasi-stage, the IC card 30 for another system owned by the user can also be used as the user authentication card of the system of the present invention. To become.

  In addition, when the IC card 30 for another system can be used, it is not necessary to customize the management apparatus 20 according to the specifications of the other system, and an increase in system cost can be avoided.

  In the present invention, since a plurality of reading areas are set corresponding to the system code, data is read from a plurality of storage areas of one IC card 30 having the system code, and a new user identification ID is set. Can be generated.

  According to such a configuration, all users cannot be identified from the fixed area of the IC card 30 due to differences in user attributes (employee, affiliated company employee, partner company employee, contract employee, part-time job, employee, student, teacher, etc.) In this case, the IC card 30 can be used as a user authentication card by reading data from a plurality of preset areas and generating a new user identification ID.

  Further, in the present invention, the existing ID of the user's affiliation (user) is obtained through the process of reading the information of the preset area from the existing IC card 30 that the user currently has and generating a new user identification ID. Information group recorded on the existing IC card 30a) can be used, so that it is not necessary to newly provide an ID for authentication of the image forming apparatus 10, and the work load of the copy volume manager and the card issue manager is reduced. Can be greatly reduced.

  In FIGS. 7 and 8, an example is given in which the user identification ID corresponding to the IC card 30a is newly registered in the identification information management table 267 through the reading operation of the preset reading area of the existing IC card 30a. The registration processing of the user identification ID corresponding to the existing IC card 30a is not limited to this. For example, the configuration and storage contents of the storage area of the existing IC card 30 are analyzed, and the identification information generation condition setting control unit 271 is analyzed. This can also be realized by a method in which the administrator himself / herself inputs the information in the same storage area as each reading area set in (1) and registers the information in the identification information management table 267 as a user identification ID.

  In the system configuration described so far, an example is given in which each employee (including contract employees and part-time employees) can use only the IC card 30a (system code = 12345), for example, as an employee card as an authentication card. The present invention can also be configured so that a plurality of types of existing IC cards 30 can be used as authentication cards.

  Here, for example, an example in which each of the three types of IC cards 30b, 30c, and 30d shown in FIG. 11 can be used as a user authentication card will be described.

  FIGS. 11A, 11B, and 11C are conceptual diagrams illustrating information storage structures of existing IC cards 30b, 30c, and 30d, respectively.

  The IC card 30b shown in FIG. 5A is, for example, some membership card held by an employee of the introduction destination of this system, and the system code is “11111”.

  The service code has “1008h”, the user number from “0 (zero)” byte to 7 bytes, the expiration date from 8 bytes to 15 bytes, and the expiration date from 16 bytes to 31 bytes. Up to each name is stored.

  The IC card 30c shown in FIG. 5B is, for example, an affiliated company employee ID card owned by an affiliated company employee of the company to which this system is introduced, the system code is “22222”, and the service code is “1008h”. ”And“ 1028h ”.

  For the service code “1008h”, the company code is stored from “0 (zero)” bytes to 3 bytes, the expiration date is stored from 4 bytes to 15 bytes, and the name is stored from 16 bytes to 31 bytes. The

  As for the service code “1028h”, an employee code is stored from “0 (zero)” bytes to 15 bytes, and spare information is stored from 16 bytes to 51 bytes.

  The IC card 30d shown in FIG. 6C is, for example, a partner company employee ID of a partner company employee of the company where the system is introduced, the system code is “33333”, and the service code is “1008h”. ”,“ 1028h ”, and“ 102Ch ”.

  Regarding the service code “1008h”, the user number is from “0 (zero)” bytes to 7 bytes, the user classification is from 8 bytes to 15 bytes, and the spare information is from 16 bytes to 31 bytes. Remembered.

  With regard to the service code “1028h”, the company code is stored from “0 (zero)” to 3 bytes.

  Regarding the service code “102Ch”, the department code 1 is from “0 (zero)” bytes to 3 bytes, the department code 2 is from 4 bytes to 7 bytes, and the department code 3 is from 8 bytes to 13 bytes. Are stored respectively.

  Even when these three types of IC cards 30b, 30c, and 30d are used as user authentication cards, it is necessary to set identification information generation conditions in advance by the identification information generation condition setting process shown in FIG.

  In this case, the administrator first causes the display unit to display an identification information generation condition setting screen 450b as shown in FIG. 12, for example, using the setting device 40 connected to the management device 20.

  The identification information generation condition setting screen 450b includes a plurality of setting columns (setting 1, setting 2, setting 3) each having a system code setting column and a reading area setting column.

  The administrator understands the information storage structure of the IC cards 30b, 30c, and 30d in FIG. 11, sets the reading area for the IC card 30b using the setting 1 column, and uses the setting 2 column to set the IC card. A reading area related to the IC card 30d is set using the setting 3 column.

  In the example of FIG. 12, on the identification information generation condition setting screen 450b, in the setting 1 column, the system code = 11111 of the IC card 30b is input to the system code setting column, and the service code is input to the reading area setting column. A value such that 0 to 7 bytes of 1008 is set as a reading area is input.

  Also, in the setting 2 column, system code = 22222 of the IC card 30c is input to the system code setting column, and 0 to 3 bytes of service code = 1008 in the reading area setting column, and 0 of service code = 1028. A value such that 15 bytes from the byte are used as a reading area is input.

  In the setting 3 column, the system code = 33333 of the IC card 30d is input to the system code setting column, and the 0 to 7 bytes of the service code = 1008 are set as the reading area in the reading area setting column. A value has been entered.

  On the identification information generation condition setting screen 450b, when the setting completion operation is performed after inputting the system code and reading area as shown in FIG. It is sent to the management device control unit 27 of the management device 20 through the setting device connection unit 24, and the identification information generation condition setting control unit 271 of the management device control unit 27 converts the setting contents into the identification information generation condition of the mode shown in FIG. It is registered in the identification information generation condition management table 265 as information 256b.

  As can be seen from the figure, the identification information generation condition information 265b in this example reads the information area from 0 bytes to 7 bytes of the service code = 1008 for the IC card 30b having the system code = 11111. Targeting an IC card 30c having system code = 22222, reading each information area of 0 to 3 bytes of service code = 1008 and 0 to 15 bytes of service code = 1028, IC having system code = 33333 Information contents indicating that an information area of 0 to 7 bytes of service code = 1008 is read is registered for the card 30d.

  After setting the identification information generation conditions regarding the IC cards 30b, 30c, and 30d in this way, the IC cards 30b, 30c, and 30d are set in the state in which the setting information generation registration mode is set from the setting device 40 to the management device 20. When each is placed on the card placement unit 221 of the management device 20, the respective IC cards 30b, 30c are processed through the processes of steps S301 to S307 and S308 in FIG. 7 and steps S321 to S323 in FIG. , 30d corresponding to each user ID ID is registered.

  That is, in this registration process, when the IC card 30b is placed, the No. in the identification information generation condition information 265b shown in FIG. In accordance with the identification information generation condition in the first column, the user number [see FIG. 11 (a)] is read from the 0-7 byte area of the service code = 1008 of the IC card 30b, and a new one is created based on the read user number. The generated user identification ID is registered corresponding to the corresponding user name.

  Regarding the IC card 30c, the No. in the identification information generation condition information 265b shown in FIG. According to the identification information generation conditions in the second column, the company code [see FIG. 11 (b)] from the 0 to 3 byte area of the service code = 1008 of the IC card 30c, and the 0 to 15 byte area of the service code = 1028 The employee code (see FIG. 11B) is read, and a user identification ID newly generated based on the read company code and employee code is registered corresponding to the corresponding user name.

  Regarding the IC card 30d, No. in the identification information generation condition information 265b shown in FIG. In accordance with the identification information generation conditions in the third column, the user number [see FIG. 11 (c)] is read from the 0-7 byte area of the service code = 1008 of the IC card 30d, and a new one is created based on the read user number. The generated user identification ID is registered corresponding to the user name.

  Thereafter, when each of the IC cards 30b, 30c, and 30d is placed on the card placement unit 221 of the management device 20 in a state where the identification information registration mode is canceled from the setting device 40 and the management device 20 is set to the operation mode, The user authentication processing for each of the IC cards 30b, 30c, and 30d is performed through the processing of steps S301 to S307, S308NO, S309, and S310 shown in FIG.

  That is, in this user authentication process, when the IC card 30b with the system code = 11111 is placed on the card placement unit 221 of the management apparatus 20, the No. in the identification information generation condition information 265b shown in FIG. In accordance with the identification information generation condition in the first column, the user identification ID generated based on the user number read from the 0-7 byte area of the service code = 1008 of the IC card 30b is designated in advance by the IC card 30b. As a result of matching the identification information generated and registered by reading the area, it is determined that the authentication is OK, and the multifunction machine 10 can be used.

  When the IC card 30c with the system code = 22222 is placed on the card placement unit 221 of the management apparatus 20, the No. in the identification information generation condition information 265b shown in FIG. Based on the identification information generation conditions in the second column, based on the company code read from the 0 to 3 byte area of the service code = 1008 of the IC card 30c and the employee code read from the 0 to 15 byte area of the service code = 1028 As a result of the user identification ID generated in step S3 matching the identification information generated and registered in advance by reading the designated reading area of the IC card 30c, it is determined that the authentication is OK, and the MFP 10 can be used. .

  When the IC card 30d with the system code = 33333 is placed on the card placement unit 221 of the management apparatus 20, the No. in the identification information generation condition information 265b shown in FIG. In accordance with the identification information generation conditions in the third column, the user identification ID generated based on the user number read from the 0-7 byte area of the service code = 1008 of the IC card 30d is designated in advance by the IC card 30d. As a result of matching the identification information generated and registered by reading the area, it is determined that the authentication is OK, and the multifunction machine 10 can be used.

  Thus, in the present invention, for each different type of IC card 30, a system code and a reading area for the storage area of the IC card 30 are set in the management device 20 in advance, and the system code is read from the IC card 30. If a system code corresponding to the read system code is set, the information of the reading area set corresponding to the system code is read from the IC card 30 and each read Since identification information corresponding to the IC card 30 is generated based on the area information and authentication processing is performed, a plurality of existing types of IC cards 30 can be used as the user authentication card of the system of the present invention.

  As an operation mode of the management system according to the present invention, for example, when a plurality of companies share the image forming apparatus 10, the management apparatus such as changing the IC card 30 depending on the user attribute (which company employee, etc.) It is desired that 20 corresponds to a plurality of types of IC cards 30.

  In response to such a demand, in the configuration of the present invention, a system code and a reading area for the storage area of the IC card 30 are set for each of different types of IC cards 30 to thereby have different system codes. The type of IC card 30 can be accepted to deal with the generation of a new user identification ID, and the authentication process for a plurality of types of IC cards 30 can be realized by a single management device 20.

  In addition, the present invention is not limited to the embodiment described above and shown in the drawings, and can be implemented by being appropriately modified within a range not changing the gist thereof.

  For example, in the above-described embodiment, the configuration in which the management device 20 is connected to the multifunction device 10 has been described as an example. However, the management device 20 may be built in the multifunction device 10 in advance.

  In the above embodiment, the management apparatus 20 has a configuration including an identification information generation function and an authentication function. However, the management apparatus 20 generates user identification information and sends the identification information to the multifunction machine 10. The MFP 10 may be configured to receive the user identification information generated by the management apparatus 20 from the management apparatus 20 and perform authentication by comparing with the registered identification information registered in advance.

  In the above embodiment, the application example to the system that manages the operation of the apparatus such as the image forming apparatus by authenticating whether the user is an appropriate user based on the information read from the IC card 30 has been described. However, the present invention is not limited to controlling the operation of the apparatus when authenticated as a user, but can be applied to an authentication system that simply authenticates a user based on information read from the IC card 30, for example.

  The authentication system in this case is, for example, a setting unit (corresponding to the identification information generation condition setting control unit 271 of the management device 20) for setting the system code and the reading target area of the IC card 30 as in the management device 20 described above. When a system code that matches the system code read from the IC card 30 by the IC card communication unit 22 is set, the information of the reading target area set corresponding to the system code is read from the IC card 30; Identification information generation means for generating user identification information based on the read information (corresponding to the identification information generation control unit 272), and registration means for registering user identification information generated by the identification information generation means ( This corresponds to the identification information management table 265), user identification information generated by the identification information generation means, and registration by the registration means. Registered user identification information authentication means for authenticating the user based on can be realized by the configuration and a (same, corresponding to the authentication control unit 273).

  Further, in this system, the setting means sets a plurality of reading target areas corresponding to one system code, and the identification information generating means sets information from the plurality of reading target areas set corresponding to the system code. The user identification information can be generated based on the read information.

  The setting means sets the system code and reading target of each IC card 30 for each of a plurality of different types of IC cards 30, and the identification information generating means identifies the user for each of the plurality of different types of IC cards. A configuration for generating information may be adopted.

  The present invention can be applied to an authentication device that authenticates a user based on information read from a recording medium, and to a general management device that manages the operation of the device based on information read from a storage medium. When a system identification code that matches the identification code is set, the information of the reading target area set corresponding to the system identification code is read from the recording medium to generate user identification information. The recording medium already owned by the user can be used as the user authentication recording medium.

The conceptual diagram which shows the whole structure of the management system concerning this invention. The block diagram which shows the function structure of the multifunctional device and management apparatus in a management system. The flowchart which shows the identification information generation condition setting process sequence in a management system. The conceptual diagram which shows the information storage structure of IC card utilized as an authentication card. The figure which shows the structural example of an identification information generation condition setting screen. The figure which shows the structural example of an identification information generation condition management table. The flowchart which shows the processing operation of the management apparatus after setting identification information generation conditions. The flowchart which shows the identification information registration process after step S308 YES of FIG. The figure which shows the control sequence between the management apparatus at the time of IC card reading, and an IC card communication part. The figure which shows an example of the registration information content in an identification information management table. The conceptual diagram which shows the information storage structure of three types of IC cards utilized as an authentication card. The figure which shows another structural example of an identification information generation condition setting screen. The figure which shows another structural example of an identification information generation condition management table.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 ... Multi-function device, 11 ... Display part, 12 ... Operation part, 13 ... Image forming part, 14 ... Management apparatus connection part, 15 ... Multi-function machine control part, 20 ... Management apparatus, 21 ... Display part, 211 ... Readable state Display LED, 212 ... Usage permission status display LED, 22 ... Non-contact type IC card communication unit, 221 ... Card placement unit, 23 ... Operation unit, 24 ... Setting device control unit, 25 Multifunction device control unit, 26 ... Storage unit 265 ... Identification information generation condition management table, 265a, 265b ... Identification information generation condition information, 267 ... Identification information management table, 27 ... Management device control section, 271 ... Identification information generation condition setting control section, 272 ... Identification information generation control , 273 ... authentication control part, 30, 30a, 30b, 30c, 30d ... non-contact type IC card, 40 ... setting device, 450a, 450b ... identification information generation condition setting screen

Claims (7)

In an authentication apparatus that has reading means for reading information recorded on a recording medium and authenticates a user based on information read from the recording medium by the reading means,
Setting means for setting the system identification code of the recording medium and the reading target area;
When a system identification code that matches the system identification code read from the recording medium by the reading unit is set, the information of the reading target area set corresponding to the system identification code is read from the recording medium, Identification information generating means for generating user identification information based on the read information;
Registration means for registering user identification information generated by the identification information generation means;
An authentication apparatus comprising: authentication means for authenticating a user based on user identification information generated by the identification information generation means and registered user identification information registered by the registration means. The setting means includes
A plurality of the reading target areas are set corresponding to the system identification code,
The identification information generating means
The authentication apparatus according to claim 1, wherein information is read from the plurality of read target areas set corresponding to the system identification code, and the user identification information is generated based on the read information. . The setting means includes
For each of a plurality of different types of recording media, set the system identification code and reading target of each recording medium,
The identification information generating means
The authentication apparatus according to claim 1, wherein the user identification information is generated for each of the plurality of different types of recording media. In the management device that manages the operation of the device based on the identification information of the user,
A recording medium on which information including a system identification code is recorded;
Reading means for reading information recorded on the recording medium;
Setting means for setting the system identification code of the recording medium and the reading target area;
When a system identification code that matches the system identification code read from the recording medium by the reading unit is set, the information of the reading target area set corresponding to the system identification code is read from the recording medium, Identification information generating means for generating user identification information based on the read information;
Authentication means for authenticating a user who permits operation of the apparatus based on user identification information generated by the identification information generation means and registered user identification information registered;
And a control unit that performs control to permit the operation of the apparatus when the authentication unit authenticates the user as permitting the operation of the apparatus. Mode setting means for setting an identification information registration mode;
The registration means for registering the user identification information generated by the identification information generation means when the identification information registration mode is set by the mode setting means. Management device. The setting means includes
A plurality of the reading target areas are set corresponding to the system identification code,
The identification information generating means
6. The user identification information is generated based on the read information by reading information from the plurality of read target areas set corresponding to the system identification code. Management device. The setting means includes
For each of a plurality of different types of recording media, set the system identification code and reading target of each recording medium,
The identification information generating means
The management apparatus according to claim 4, wherein the user identification information is generated for each of the plurality of different types of recording media.

Images