JP5365115B2 - DEVICE MANAGEMENT SYSTEM, DEVICE MANAGEMENT DEVICE, LICENSE AUTHENTICATION METHOD, LICENSE AUTHENTICATION PROGRAM, AND RECORDING MEDIUM CONTAINING THE PROGRAM - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an equipment management system which can perform license authentication of an equipment mounting program, even if a network to which an authentication server is connected and a network to which a management object apparatus is connected are in a separated status, and to provide an equipment management device, a license authentication method, a license authentication program, and a recording medium which records the program. <P>SOLUTION: The equipment management system 1 is a system which manages equipment 200 by the equipment management device 100 in a state where a first network 90<SB>2</SB>to which an authentication device 300 is connected, and a second network 90<SB>1</SB>to which the equipment 200 is connected are separated. The equipment management device 100 has a determination means 21 to determine a processing stage of license authentication, and a determination means 22 to determine whether a license authentication request can be made to the authentication device 300, and controls license authentication processing to be performed between separated networks 90 based on a determination result of the authentication processing stage, and a determination result on propriety of the authentication request. <P>COPYRIGHT: (C)2010,JPO&amp;INPIT

Description

  The present invention relates to a device management system and a device management apparatus that manage at least one device connected via a data transmission path such as a network, and in particular, license authentication of an application program that operates on a device to be managed ( (Activation).

  A system for monitoring the status of an image processing apparatus such as a multifunction peripheral or a printer via a predetermined data transmission path such as a network (hereinafter referred to as “device management system”) is already known, and the user manages it. It is possible to detect (know) the abnormality of the management target device without going to the target device (hereinafter referred to as “management target device”) (see, for example, “Patent Document 1”).

  In the managed device, various application programs for realizing functions provided to the user are operating. General-purpose basic software such as UNIX (registered trademark) has come to be used as a platform on which these programs operate.

  For this reason, devices to be managed in recent years have an environment with high function expandability, and there are increasing cases of introducing application programs developed by other companies (third vendors).

  What is concerned about this is that an unauthorized program is installed and used in the managed device.

  Therefore, in the device management system, the program that operates in the device based on the license code (certificate) that certifies that the program is a legitimate program (a program that may run on the managed device) is a legitimate program. A license authentication function (activation function) for authenticating whether or not is one of the device management functions.

As the technology relating to the above-mentioned license authentication, for example, Japanese Patent Application Laid-Open No. 2004-133840 is configured from a client PC (Personal Computer) and a license authentication server (hereinafter referred to as “authentication server”) connected via a network. There has been proposed a software license authentication system in which license authentication of an operating program is performed by a server having a license management function capable of issuing and canceling a license.
JP 2003-131663 A JP 2007-34389 A

  However, in a conventional device management system, it is assumed that a management target device on which an authentication target program operates and an authentication server that performs license authentication are installed in the same network.

  In license authentication, an authentication request is made to the authentication server based on information necessary for authentication, and as a result, a license code is issued from the server to the authentication request source.

  For this reason, a system environment in which a device that makes an authentication request and a device that performs authentication are arranged in the same network and can exchange data (bidirectional communication) with each other is assumed.

  However, the environment in which the device management system is installed is a highly confidential environment that prevents unauthorized access from the outside, such as an office environment. In many cases, the management target device is connected to a local area network (LAN) separated from other networks that can be connected to the outside.

  Therefore, when the authentication server is connected to another network, the device that makes the authentication request, the device that runs the authentication target program, and the device that performs the authentication are not necessarily in a communicable state. Absent.

  If the device management system constructed by the local area network (hereinafter referred to as “network”) tries to perform license authentication, in the conventional system configuration, each device management system authenticates one device at a time. A server will be installed, and there are problems in terms of maintenance / operation and cost, which is not realistic.

  As described above, in the conventional system configuration, when the device that operates the authentication target program and the device that performs the authentication cannot communicate with each other (the network is disconnected), The license could not be activated.

  The present invention has been proposed in view of the above-described problems of the prior art. The object of the present invention is to manage a device in which the network to which the authentication server is connected and the network to which the management target device is connected are disconnected. Device management system, device management apparatus, license authentication method, license authentication program, and recording medium on which the program can be recorded, which can perform license authentication for an authentication target program that operates on a management target device even in a system Is to provide.

  In order to achieve the above object, according to the present invention, the first network to which the authentication device that performs software license authentication is connected and the second network to which the device on which the software to be authenticated is connected are disconnected. In this state, the device management system monitors the state of the device with the device management apparatus and manages the device based on the device information including the state information. Authentication processing stage determination means for determining the authentication request, authentication request availability determination means for determining whether or not a license authentication request can be made to the authentication apparatus, a determination result by the authentication processing stage determination means, and the authentication request availability determination Based on the determination result by the means, the network to be performed between the separated first network and the second network It is summarized in that the activation control means for controlling a sense authentication process, a system having a.

  In order to achieve the above object, a device management system according to the present invention includes a first device management device connected to the first network, capable of writing and reading data to and from a storage device, and the second device. A second device management device connected to the network, wherein the license authentication control means requests the license authentication from the authentication device in the first device management device, and obtains license information as an authentication result. Processing for recording the license acquisition program to be acquired in the storage device, and starting the license acquisition program recorded in the storage device in the second device management apparatus, and recording the license information acquired from the authentication device in the storage device Processing to read the license information recorded in the storage device in the first device management apparatus, Controls switching the process of transmitting license information to the device, the activation process consisting of the processing stage.

  In order to achieve the above object, the device management system according to the present invention performs license authentication on the authentication device based on authentication request information required when the first device management device requests the license authentication. Requesting, acquiring the license information, and recording the license acquisition program for realizing the process of recording the acquired license information in the storage device, and recording the program by executing the license acquisition program License information reading means for reading the license information read from the storage device, and license information transmitting means for transmitting the license information read by the license information reading means to the device.

  With such a configuration, the device management system according to the present invention performs the following process control according to the license authentication processing stage and the determination result of whether or not the authentication request is possible.

  First, in the first device management apparatus connected to the same network as the device to be managed, if it is determined that a license authentication request cannot be made to the authentication server, a license acquisition program for making a license authentication request is recorded.

  Next, in the second device management apparatus connected to the same network as the authentication server, by executing the program recorded by the first device management apparatus, a license authentication request is made to the authentication server and a license code is obtained And record the information required when registering the license to the managed device.

  Next, in the first device management apparatus, the information recorded by the second device management apparatus is read, and based on the read information, the license code is transmitted and registered to the management target device on which the authentication target program runs.

  In order to achieve the above object, in the device management system according to the present invention, the license authentication control unit controls the recording of the license acquisition program by the program recording unit based on the determination result by the authentication request availability determination unit. To do.

  In order to achieve the above object, in the device management system according to the present invention, the first device management apparatus includes device information acquisition means for acquiring device information from the device, and the program recording means includes: The license acquisition program including the authentication request information including the device information acquired by the device information acquisition unit and a product key held in advance is recorded in a storage device.

  In order to achieve the above object, a device management system according to the present invention includes a device management device capable of writing / reading data to / from a storage device, and the license authentication control unit includes the license in the device management device. A process for recording authentication request information necessary for requesting authentication in the storage device, a process for reading the authentication request information recorded in the storage device, and performing license authentication on the authentication device based on the read authentication request information The process includes: a process of requesting and recording the license information acquired from the authentication device in a storage device; and a process of reading the license information recorded in the storage device and transmitting the license information to the device Switch the license authentication process.

  In order to achieve the above object, the device management system according to the present invention is recorded by the device management apparatus by the authentication request information recording means for recording the authentication request information in a storage device and the authentication request information recording means. The authentication request information reading means for reading the authentication request information from the storage device, and the license requesting the authentication device for license authentication and acquiring the license information based on the authentication request information read by the authentication request information reading means Obtaining means; license recording means for recording the license information obtained by the license obtaining means in a storage device; license information reading means for reading the license information recorded by the license recording means from the storage device; and the license information License information read by the reading means Having a license information transmission means for transmitting to the device.

  With such a configuration, the device management system according to the present invention performs the following process control according to the license authentication processing stage and the determination result of whether or not the authentication request is possible.

  First, in the first device management apparatus connected to the same network as the management target device, when it is determined that a license authentication request cannot be made to the authentication server, information necessary for requesting the license authentication (authentication request information) is recorded. To do.

  Next, in the second device management apparatus connected to the same network as the authentication server, the information recorded by the first device management apparatus is read, and based on the read information, a license authentication request is made to the authentication server, and the license Get the code and record the information required when registering the license for the managed device.

  Next, in the first device management apparatus, the information recorded by the second device management apparatus is read, and based on the read information, the license code is transmitted and registered to the management target device on which the authentication target program runs.

  In order to achieve the above object, in the device management system according to the present invention, the license authentication control unit records the authentication request information by the authentication request information recording unit based on a determination result by the authentication request availability determination unit. To control.

  In order to achieve the above object, the device management system according to the present invention has device information acquisition means for acquiring device information from the device, and stores in advance the device information acquired by the device information acquisition means. The authentication request information including the stored product key is recorded in a storage device.

  In order to achieve the above object, in the device management system according to the present invention, the authentication request propriety determining unit is configured to allow the authentication device to determine whether or not the data communication between the authentication device and the device management device is possible. It is determined whether or not a license authentication request can be made.

  In order to achieve the above object, in the device management system according to the present invention, the license authentication control unit controls reading of the license information by the license information reading unit based on a determination result by the authentication processing stage determination unit. To do.

  In order to achieve the above object, the device management system according to the present invention includes a series of processes related to the license authentication process performed by the authentication process stage determination unit based on the presence of data and / or programs recorded in the storage device. Determine the processing stage.

  In order to achieve the above object, the device management system according to the present invention includes a storage device for writing and reading data, and a storage device provided in the device management device and / or an external storage detachable from the device management device. Device.

  As a result, the device management system according to the present invention enables the authentication that operates on the managed device even when the network to which the authentication server is connected and the network to which the managed device is connected are disconnected. License authentication can be performed for the target program, and execution of an unauthorized program (expired or unauthenticated program) in the managed device can be prevented.

  In order to achieve the above object, a device management apparatus according to the present invention includes a first network to which an authentication device that performs software license authentication is connected and a second network to which a device on which the software to be authenticated operates is connected. A device management apparatus that monitors the state of the device in a disconnected state and manages the device based on device information including state information, and determines a series of processing steps related to license authentication processing. A determination means, an authentication request availability determination means for determining whether a license authentication request can be made to the authentication device, a determination result by the authentication processing stage determination means, and a determination result by the authentication request availability determination means. Based on the license authentication processing performed between the separated first network and the second network. Has a sense authentication control means, the.

  In order to achieve the above object, the device management apparatus according to the present invention is connected to the first network and is capable of writing and reading data with respect to a storage device, wherein the license authentication control means includes the authentication A process of recording the license acquisition program for requesting the license authentication to the apparatus and acquiring the license information which is the authentication result in the storage device, and the license acquisition program being executed to acquire the license acquisition program from the authentication apparatus and store the storage The license information recorded in the apparatus is read out, and the license authentication process consisting of the respective processing steps of the process of transmitting the license information to the device is switched and controlled.

  In order to achieve the above object, the device management apparatus according to the present invention requests the license authentication from the authentication apparatus based on the authentication request information required when requesting the license authentication, and acquires the license information. A program recording means for recording the license acquisition program in the storage device for realizing the process of recording the acquired license information in the storage device, and the license information recorded by executing the license acquisition program in the storage device. License information reading means for reading from the license information, and license information transmitting means for transmitting the license information read by the license information reading means to the device.

  In order to achieve the above object, the device management apparatus according to the present invention is connected to the first network or the second network and can write and read data to and from a storage device, and the license authentication control Means for recording authentication request information necessary for requesting the license authentication in a storage device, processing for reading the authentication request information recorded in the storage device, and the authentication based on the read authentication request information A process of requesting license authentication from a device, recording license information acquired from the authentication device in a storage device, and reading license information recorded in the storage device and transmitting the license information to the device. The license authentication process consisting of each process stage is switched and controlled.

  In order to achieve the above object, the device management apparatus according to the present invention includes an authentication request information recording unit that records the authentication request information in a storage device, and authentication request information recorded by the authentication request information recording unit. An authentication request information reading unit that reads from the storage device; a license acquisition unit that requests license authentication from the authentication device and acquires the license information based on the authentication request information read by the authentication request information reading unit; and the license License recording means for recording the license information acquired by the acquisition means in the storage device, license information reading means for reading the license information recorded by the license recording means from the storage device, and the license read by the license information reading means A license that sends information to the device It has a Nsu information transmitting means.

  With such a configuration, the device management apparatus according to the present invention is in two separated network environments, that is, a network to which an authentication server is connected and a network to which a management target device on which an authentication target program operates is connected. The processing related to license authentication can be continued.

  As a result, the device management apparatus according to the present invention enables the authentication that operates on the managed device even in the device management system in which the network to which the authentication server is connected and the network to which the managed device is connected are disconnected. License authentication can be performed for the target program, and execution of an unauthorized program (expired or unauthenticated program) in the managed device can be prevented.

  In order to achieve the above object, a license authentication method in a device management system according to the present invention includes a first network to which an authentication device that performs software license authentication is connected and a second network to which a device on which the software to be authenticated operates is connected. A license authentication method in a device management system that monitors the state of the device with a device management apparatus and manages the device based on device information including the state information when the network is disconnected from the network An authentication processing stage determination procedure for determining a series of processing stages relating to processing, an authentication request availability determination procedure for determining whether or not a license authentication request can be made to the authentication apparatus, and a determination result by the authentication processing stage determination procedure And the separated first network based on the determination result of the authentication request availability determination procedure. Having a activation control procedure for controlling the activation process performed with the over-click and the second network.

  In order to achieve the above object, a license authentication method in a device management system according to the present invention includes a first device connected to the first network in which the device management system can write data to and read data from a storage device. 1 device management device and a second device management device connected to the second network, wherein the license authentication control procedure performs the license authentication on the authentication device in the first device management device. Requesting and recording a license acquisition program for acquiring license information as an authentication result in the storage device, and in the second device management apparatus, starting the license acquisition program recorded in the storage device and acquiring it from the authentication device Recorded license information in the storage device, and in the first device management device, recorded in the storage device It reads license information and transmits the license information to the device and switching control of the activation process consisting of the processing stage.

  In order to achieve the above object, a license authentication method in a device management system according to the present invention includes a device management apparatus capable of writing and reading data to and from a storage device, and the license authentication control procedure However, the device management apparatus records the authentication request information necessary for requesting the license authentication in the storage device, reads the authentication request information recorded in the storage device, and based on the read authentication request information Each process of requesting license authentication from the authentication device, recording license information acquired from the authentication device in a storage device, reading out the license information recorded in the storage device, and transmitting the license information to the device Switch the license authentication process consisting of stages.

  In order to achieve the above object, the license authentication method in the device management apparatus according to the present invention connects the first network to which the authentication device that performs software license authentication is connected to the device on which the software to be authenticated operates. A license authentication method in a device management apparatus that monitors a state of the device and manages the device based on device information including the state information in a state where the second network is disconnected, and relates to a license authentication process An authentication processing stage determination procedure for determining a series of processing stages; an authentication request availability determination procedure for determining whether or not a license authentication request can be made to the authentication apparatus; a determination result by the authentication processing stage determination procedure; Based on the determination result by the authentication request availability determination procedure, the disconnected first network and the first network Having a activation control procedure for controlling the activation process performed with the network.

  In order to achieve the above object, the license authentication method in the device management apparatus according to the present invention requests the license authentication from the authentication apparatus based on the authentication request information required when requesting the license authentication. A program recording procedure for recording the license acquisition program in the storage device for realizing the process of acquiring information and recording the acquired license information in the storage device, and license information recorded by executing the license acquisition program A license information reading procedure for reading from the storage device, and a license information transmitting procedure for transmitting the license information read by the license information reading procedure to the device.

  In order to achieve the above object, a license authentication method in the device management apparatus according to the present invention includes an authentication request information recording procedure for recording authentication request information necessary for requesting the license authentication in a storage device, and the authentication Based on the authentication request information read procedure for reading the authentication request information recorded by the request information recording procedure from the storage device, and the authentication request information read by the authentication request information read procedure, request the license authentication from the authentication device, A license acquisition procedure for acquiring the license information, a license recording procedure for recording the license information acquired by the license acquisition procedure in a storage device, and license information for reading out the license information recorded by the license recording procedure from the storage device Reading procedure and reading the license information It has a license information transmission step of transmitting the license information read into the device by the procedure, the.

  By such a procedure, the license authentication method according to the present invention is performed in two separated network environments, that is, a network to which an authentication server is connected and a network to which a management target device on which an authentication target program operates is connected. Then, the authentication operation that the processing related to license authentication can be continued is realized.

  Accordingly, the license authentication method according to the present invention enables the authentication that operates on the managed device even in the device management system in which the network to which the authentication server is connected and the network to which the managed device is connected are disconnected. It is possible to provide an authentication environment capable of performing license authentication for the target program.

According to the present invention, processing related to license authentication is continued in two separated network environments, that is, a network to which an authentication server is connected and a network to which a managed device on which an authentication target program operates is connected. By being able to do it,
Even in a device management system in which the network to which the authentication server is connected and the network to which the managed device is connected are disconnected, license authentication can be performed on the authentication target program that runs on the managed device. it can.

  DESCRIPTION OF EMBODIMENTS Hereinafter, preferred embodiments of the present invention (hereinafter referred to as “embodiments”) will be described in detail with reference to the drawings.

[First Embodiment]
<System configuration>
Now, the configuration of the device management system (license authentication system) according to the present embodiment will be described. 1 and 2 are diagrams showing a configuration example of a device management system 1 according to the first embodiment of the present invention.

In the equipment management system 1 shown in FIG. 1, a MFP (Multifunction Peripheral) 200 ₂ and LP (Laser Printer) 200 ₁ and at least one or more managed devices 200 said, the device management apparatus 100, and the authentication server 300 Are connected to each other by a network (predetermined data transmission path) 90 such as a LAN.

  In each device, the device management device 100 operates a program that controls processing related to license authentication (license authentication request, license code acquisition, etc.) of a program that operates on the managed device 200, which is one of the device management functions. In the management target device 200, an application program (authentication target software) that realizes various functions operates, and in the authentication server 300, a program that performs license authentication (issues information related to a license) operates in response to a request.

  In the system configuration described above, the device management apparatus 100 acquires information necessary for a license authentication request from the management target device 200, and transmits the acquired information to the authentication server 300 to request program license authentication. In this way, information on the license issued from the authentication server 300 is acquired, and the acquired information is transmitted to the management target device 200 to register the license.

  As described above, when the device management apparatus 100 that performs the license authentication request, the management target device 200 that operates the authentication target program, and the authentication server 300 that performs the license authentication are communicable, License authentication can be performed.

  However, in the case of the system configuration as shown in FIG. 2, the license authentication as described above cannot be controlled by the device management apparatus 100.

2 shows a system S1 constructed by the network 90 _1, Example two systems configured equipment management system 1 to the system S2, which is constructed by the network 90 ₂ is shown, system S1 and system S2 is not connected by a predetermined data transmission path, and cannot communicate with each other connected to each system S.

In the above system configuration, managed for the program running on the managed device 200 ₂ connected to the system S2, but it is possible to control the activation by the device management apparatus 100 _2, which is connected to the system S1 License authentication cannot be performed on a program that runs on the device 200 ₁ because the device management apparatus 100 ₁ and the management target device 200 ₁ cannot communicate with the authentication server 300.

This is because, the device management apparatus 100 ₁ is the authentication server 300, because it is impossible to request activation. As a result, the target management device 200 ₁ can not obtain a license code necessary to program operating the self-device.

  Therefore, in the present embodiment, an authentication target program that operates on the management target device 200 even in the device management system 1 (system in which the authentication server 300 and the management target device 200 are not connected) as in the system configuration described above. Provides an environment (authentication environment) in which license authentication can be performed.

<Hardware configuration>
Next, a hardware configuration of the device management apparatus 100 that performs device management including the license authentication control function for controlling the license authentication processing according to the present embodiment in the device management system 1 will be described. FIG. 3 is a diagram illustrating a hardware configuration example of the device management apparatus 100 according to the first embodiment of the present invention.

  As shown in FIG. 2, the device management apparatus 100 includes an input device 101, a display device 102, a drive device 103, a RAM (Random Access Memory) 104, a ROM (Read Only Memory) 105, a CPU (Central Processing). Unit) 106, network I / F device 107, HDD (Hard Disk Drive) 108, and external storage I / F device 109, which are connected to each other via a bus.

  The input device 101 includes a keyboard and a mouse, and is used to input each operation signal to the device management apparatus 100. The display device 102 is configured by a display or the like, and displays a processing result by the device management device 100 (for example, “various information related to a state acquired from the management target device 200”).

  The network I / F device 107 is an interface that connects the device management apparatus 100 to the network 90. As described in the above system configuration, the device management apparatus 100 is connected to each device as long as it is connected to the management target device 200, the authentication server 300, and the like through the network 90 via the network I / F device 107. Data communication is possible.

  The HDD 108 controls the entire device management apparatus 100 and provides an information processing system (for example, an OS (Operating System) that is basic software such as “Windows (registered trademark)” and “UNIX (registered trademark)), Stores programs and data (for example, “application programs” and “application data”) that provide various functions (for example, “device management function” and “data communication function”) on the information processing system. It is a non-volatile storage device. The HDD 108 manages the stored programs and data by a predetermined file system or DB (Data Base).

  The program and data are provided to the device management apparatus 100 by a recording medium 103a such as a CD (Compact Disk), for example, or downloaded from the network 90 via the network I / F apparatus 107. For example, when provided from the recording medium 103a, it is installed in the HDD 108 via the drive device 103 that can read the recording medium 103a.

  The external storage I / F device 109 is an interface that connects the external storage device to the device management apparatus 100. An example of the external storage device is a flash memory 109a which is a nonvolatile semiconductor memory.

  The ROM 105 is a nonvolatile semiconductor memory (storage device) that can retain internal data even when the power is turned off. The ROM 105 stores data such as a basic input / output system (BIOS) that is executed when the device management apparatus 100 is activated, and system settings and network-related settings of the device management apparatus 100.

  The RAM 104 is a volatile semiconductor memory (storage device) that temporarily holds programs and data read from the various storage devices, and the CPU 106 executes a program read on the RAM 104 to execute a device management device. Various functions installed in the overall control 100 and the device management apparatus 100 are operated.

  With such a hardware configuration, the device management apparatus 100 executes, for example, a program for realizing a device management function read from the HDD 108 onto the RAM 104 by the CPU 106, and the managed device 200 connected to the same network 90. It is possible to perform status monitoring, collection of various information, provision of information to a user terminal (PC), control of license authentication processing described later, and the like.

<License authentication control function>
As described above with reference to FIG. 2, the device management system with the network 90 ₂ by the authentication server 300 are connected, the state of the managed devices 200 ₁ and the network 90 ₁ to be connected, disconnected (the state not connected) 1, in order to perform license authentication for a program operating on the management target device 200 ₁ , a series of processing related to license authentication is performed in two separated network environments (the network 90 ₂ and the network 90 ₁ ). This can be done by continuing to do so.

  As described above, in the device management apparatus 100, the following series of processing relating to license authentication is performed by the operation of the program for controlling the license authentication processing of the program operating on the management target device 200.

(Procedure 1)
Information necessary for a license authentication request (hereinafter referred to as “authentication request information”) is acquired from the managed device 200.
(Procedure 2)
The acquired authentication request information is transmitted to the authentication server 300 to request license authentication.
(Procedure 3)
Information related to the license issued from the authentication server 300 (hereinafter referred to as “license information”) is acquired.
(Procedure 4)
The acquired license information is transmitted to the management target device 200 to register the license.

As can be seen from the above processing contents, (Procedure 1) and (Procedure 4) are procedures that can be processed in the environment of the network 90 ₁ to which the managed device 200 ₁ is connected, while (Procedure 2) and (Procedure) 3) it is can be processed by the network 90 ₂ by the authentication server 300 to connect environmental procedures.

Therefore, in the present embodiment, paying attention to the above points, a series of processing related to license authentication is performed in stages in each of the separated networks 90 ₁ and 90 ₂ .

Therefore, in the device management apparatus 100 according to the present embodiment, an external storage device that is detachable from the device management apparatus 100 for requesting license authentication from the authentication server 300 based on the authentication request information and acquiring the license information. recorded on a further license acquisition program, the license information acquired by being executed in the network 90 ₂ environments the authentication server 300 is connected, read from the external storage device, manages read license information target device 200 License authentication control function to transmit to

  In addition, the device management apparatus 100 performs switching control to perform either “record license acquisition program” or “read license information” depending on the processing stage of license authentication and the determination result of whether or not the authentication request is possible. To do.

Thereby, the device management apparatus 100 according to this embodiment, the network 90 ₂ by the authentication server 300 are connected, the network 90 ₁ managed device 200 is connected, a device management system 1 of the detached state In addition, it is possible to perform license authentication for an authentication target program operating on the management target device 200.

  Now, the configuration and operation of the license authentication control function will be described.

<Functional configuration>
FIG. 4 is a diagram illustrating a configuration example of the license authentication control function according to the first embodiment of the present invention.

Activation control function is mainly a function realized by the program related to activation control functions of the device management component (application) to be mounted (installed) in the device management apparatus 100 ₁ is executed. That is, it is realized by a program (activation tool) that controls the license authentication process.

  As shown in FIG. 5, the license authentication control function mainly includes an authentication processing stage determination unit 21, a device information acquisition unit 22, a first authentication request availability determination unit 23, and a first license acquisition unit 24. The license registration unit 25, the first recording unit 26, and the first reading unit 27.

  The authentication processing stage determination unit 21 is a function that determines which stage of processing is to be performed in a series of processing related to license authentication.

  The authentication process stage determination unit 21 determines whether there is license information recorded by a first recording unit 26 and a second recording unit 36 described later.

As described above, in a series of processing related to activation, (Step 1) and (Step 4) is can be processed by the network 90 ₁ environment managed device 200 ₁ is connected procedures.

Therefore, the license authentication processing stage determined by the authentication processing stage determination unit 21 operating in the device management apparatus 100 ₁ connected to the same network 90 ₁ as the management target device 200 ₁ includes “(Procedure 1) Management target device”. 200 ₁ acquires "authentication request information from, and sends" the (step 4) obtained license information to the management target device 200 _1, there are two stages of the license registration ", these steps are external storage The determination can be made based on whether or not the license information acquired from the authentication server 300 is recorded in the apparatus. Specifically, if the license information is recorded, it is determined that the (procedure 4) is performed in a series of processes related to license authentication. On the other hand, if the license information is not recorded, the (procedure 1) is performed. Judge.

Device information acquiring unit 22 is a function of acquiring device information from the managed device 200 _1.

The device information acquisition unit 22 functions when the authentication processing stage determination unit 21 determines that the (procedure 1) is performed. This way, the device information acquired by, device name, serial number, and basic information about the managed devices 200 _1, such as option configuration, managed devices 200 _1, such as the application name and the like information about the function to be mounted . Products in this embodiment, as an example of the authentication request information, the serial number that identifies the managed device 200 _1, and an application name corresponding to the authentication target program, the device management component, held in advance as a software component Use with key.

Device information acquiring part 22 acquires the device information, for example, according to a communication scheme such as SNMP (Simple Network Management Protocol), a MIB (Management Information Base) that managed device 200 ₁ is mounted.

The first authentication request determination unit 23, the device control apparatus 100 ₁ is a function of determining whether it is possible to activation requests to the authentication server 300.

  The first authentication request availability determination unit 23 determines whether or not an authentication request is possible depending on whether or not communication is possible with each other. For example, when the IP address of the authentication server 300 that is to be checked for mutual communication is designated by a network diagnosis program such as “ping”, predetermined data is transmitted using ICMP (Internet Control Message Protocol), and the authentication server It can be determined based on whether there is a reply from 300 or the like.

  In this way, the determination result of whether or not the authentication request is determined by the first authentication request enable / disable determining unit 23 is used to control whether or not the license acquisition program is recorded in the external storage device by the first recording unit 26 described later. Used for.

For example, the device control apparatus 100 _1, when the authentication server 300 and the environment that are connected to the same network 90 _2, based on the authentication request information, are possible request for activation to the authentication server 300 from the self-device, There is no need to record the license acquisition program in the external storage device.

  Therefore, it is controlled whether or not the license acquisition program is recorded in the external storage device based on the determination result of whether or not the authentication request is possible.

First license acquiring unit 24, based on the authentication request information is a function of the device control apparatus 100 ₁ to obtain the license information from the authentication server 300.

  The first license acquisition unit 24 transmits a request for license authentication by transmitting device information such as “serial number” and “application name” and authentication request information such as a product key to the authentication unit 41 of the authentication server 300. I do. As a result, the license authentication process is performed by the authentication unit 41 of the authentication server 300, and the license information issued by the license issuing unit 42 is acquired.

  The first license acquisition unit 24 functions based on a determination result of whether or not the device management apparatus 100 can request license authentication from the authentication server 300 by the first authentication request permission determination unit 23. To do.

Licenses unit 25 is a function for registering the license information to the management target device 200 ₁ the application program AP (authenticated software) operates. Thus, the management target device 200 _1, it is possible to operate the application program AP.

Licenses 25 by sending the obtained license information by the first license acquisition unit 24, or the license information read by the first readout unit 27 to be described later to the management target device 200 _1, the managed in apparatus 200 _1, and stores the license information received in a predetermined storage area and registers.

The first recording unit 26 has a function of recording a license acquisition program for requesting license authentication from the authentication server 300 based on the authentication request information and acquiring the license information. That is, the authentication server 300 are processed in the network 90 ₂ environment to connect "(Step 2) transmits the acquired authentication request information to the authentication server 300, request activation", "(Step 3) the authentication server The program for executing the two steps of “obtaining license information issued from 300” is recorded.

The first recording unit 26 via the external storage I / F unit 109, an external storage device such as a removable flash memory 109a from the device control apparatus 100 _1, and records the license acquisition program (the flash memory 109a In a predetermined storage area). At this time, not only the license acquisition program but also the authentication request information used when requesting license authentication when the program is executed is recorded.

  Also, the license acquisition program is held in advance by the device management component as a software component, like the product key.

  In the following description, a flash memory 109a that can be recorded (written) / read via the external storage I / F device 109 will be described as an example of the external storage device.

The first recording unit 26 by the first authentication request determination unit 23, the device control apparatus 100 _1, based on the determination result of the authentication request enabling request of license authentication is not possible to the authentication server 300 Function.

  The first reading unit 27 has a function of reading license information recorded by a second recording unit 36 described later.

  The first reading unit 27 reads license information from a predetermined storage area in the flash memory 109a.

(Functional parts realized when executing the license acquisition program)
By the first recording unit 26, a license acquisition program recorded in the flash memory 109a is performed in the network 90 ₂ environments the authentication server 300 are connected.

Specifically, the flash memory 109a which the license acquisition program was retained, is removed from the device control apparatus 100 ₁ is attached to the device managing apparatus 100 ₂ connected to the same network 90 ₂ and the authentication server 300. As a result, the detected flash memory 109a is in the device management apparatus 100 _2, and bootable license acquisition program.

  In this way, when the license acquisition program is executed, the following functions are realized. In other words, the license acquisition program has the following functional units in addition to the activation unit.

The second authentication request determination unit 33, the device control apparatus 100 ₂ for license acquisition program is executed, a function of determining whether the license authentication request can to the authentication server 300. It is determined whether or not the license authentication request is possible by the same method as the first authentication request permission determination unit 23 described above.

  The second reading unit 37 has a function of reading the authentication request information recorded by the first recording unit 26 described above.

The second reading unit 37 reads the authentication request information recorded in the same manner when recording the license acquisition program from a predetermined storage area in the flash memory 109a. The second reading unit 37, the second authentication request determination unit 33, the device control apparatus 100 _2, based on the determination result of a possible request for license authentication to the authentication server 300 authentication request availability Function.

Second license acquiring unit 34 is a functional based on the authentication request information read by the second reading unit 37 described above, the device managing apparatus 100 ₂ is to obtain the license information from the authentication server 300. License information is acquired by a method similar to that of the first license acquisition unit 24 described above.

  The second recording unit 36 has a function of recording the license information acquired by the second license acquisition unit 34 described above.

  The second recording unit 36 stores the license information in a predetermined storage area in the flash memory 109a.

  Each of the recording units 26 and 36 and the reading units 27 and 37 determines whether or not the flash memory 109a serving as a recording destination / reference destination is accessible before performing each functional operation. And start the operation of each functional unit when it is accessible.

In this manner, the flash memory 109a which license information is held is removed from the device managing apparatus 100 _2, again, attached to the device managing apparatus 100 ₁ is connected to the management target device 200 ₁ and the same network 90 _1. As a result, the flash memory 109a in the device management apparatus 100 ₁ is detected, the license information is read by the first readout unit 27.

Recording / Reading Operation via External Storage Device (Flash Memory) FIG. 5 is a diagram showing an example of recording / reading operation via the flash memory 109a according to the first embodiment of the present invention.

In the present embodiment, (including programs) and the network 90 ₁ environment managed device 200 ₁ is connected, between the network 90 ₂ by the authentication server 300 are connected environment, data corresponding to the processing stage of activation Are exchanged via the flash memory 109a.

For example, as shown in FIG. 5, first, the managed devices 200 ₁ and the device control apparatus 100 ₁ is connected to the same network 90 _1, the first recording unit 26, the flash memory 109a, a license acquisition program 51 (FIG. (Including device information and authentication request information such as a product key).

Flash memory 109a from the device management apparatus 100 _1, the authentication server 300 the same network 90 ₂ attached to the device managing apparatus 100 ₂ is connected to the (connected), the license acquisition program 51 is executed, which is recorded in the flash memory 109a Then, the second license acquisition unit 34 makes a license authentication request to the authentication server 300, and the license code 61 is acquired.

As a result, the device managing apparatus 100 _2, the license code 61 obtained by the second recording unit 36 is recorded in the flash memory 109a.

Flash memory 109a is again attached to the device managing apparatus 100 _1, the device management apparatus 100 _1, the first read unit 27 reads out the license code 61 recorded in the flash memory 109a, based on the read information, The license code 61 is transmitted and registered to the management target device 200 on which the application program AP operates.

  With the above method, license authentication can be continuously performed between the two separated systems S1 and S2.

<Functional operation>
From here, the operation of the license authentication control by each functional unit described above will be described. Activation control functions, each functional unit functions by operating linkage, a program for implementing the activation control functions provided in the device management apparatus 100 ₁ (module group included in the equipment management component) is, This is realized by the CPU 106 reading it from the storage destination (for example, “ROM 105”) into the RAM 104 and executing the following processing.

(Authentication control process in device management function 100 ₁₎
FIG. 6 is a flowchart showing a processing procedure example of license authentication control according to the first embodiment of the present invention.

As shown in FIG. 6, the device management apparatus 100 _1, the authentication processing step determination part 21, a series of processing related to activation, whether the license code acquisition stage before, is connected to the device control apparatus 100 ₁ The flash memory 109a is referred to, and a determination is made based on whether or not a license code is recorded (step S101).

In step S101, if it is determined that the phase before licensing (step S101: YES), the device information acquiring unit 22, an application program AP (authentication target software) device information from the managed device 200 ₁ is operated ( get the serial number and an application name) (step S102), the first authentication request determination unit 23, by using a network diagnostic program ( "ping"), the device control apparatus 100 _1, the authentication server 300 It is then determined whether a license authentication request is possible (step S103).

If it is determined in step S103 that a license authentication request is possible (step S103: YES), the first license acquisition unit 24 acquires the license code 61 from the authentication server 300 based on the authentication request information (step S103). S104), the license registration part 25, an application program AP (authenticated software license code 61) is transmitted to the management target device 200 ₁ that operates to register (step S105).

  On the other hand, if it is determined in step S103 that a license authentication request is not possible (step S103: NO), the first recording unit 26 sends the license acquisition program 51 via the external storage I / F device 109. Then, it is recorded in the flash memory 109a (step S106). The process shown in FIG.

  If it is determined in step S101 that the license has been acquired (step S101: NO), the first reading unit 27 reads the license code from the flash memory 109a via the external storage I / F device 109. 61 is read (step S107), and the process proceeds to step S105.

Thus, in the device management apparatus 100 _1, depending on the processing stage of activation and the judgment result of the authentication request permission, "recording of the license acquisition program 51 'either processes that" read license code 61 " Switching control is performed.

(License acquisition processing in the equipment managing apparatus 100 ₂₎
FIG. 7 is a flowchart showing an example of a license acquisition processing procedure according to the first embodiment of the present invention.

As shown in FIG. 7, the device managing apparatus 100 ₂ via the external storage I / F unit 109, the flash memory 109a is connected, activation unit activates the license acquisition program 51 (step S201).

Device management device 100 _2, the license acquisition program 51 is activated, the second authentication request determination unit 33, by using a network diagnostic program ( "ping"), the device control apparatus 100 _2, authentication It is determined whether a license authentication request can be made to the server 300 (step S202).

  If it is determined in step S202 that a license authentication request is possible (step S202: YES), the second reading unit 37 sends authentication request information from the flash memory 109a via the external storage I / F device 109. Reading (step S203), the second license acquisition unit 34 acquires the license code 61 from the authentication server 300 based on the authentication request information (step S204), and the second recording unit 36 acquires the license code 61 from the outside. The data is recorded in the flash memory 109a via the storage I / F device 109 (step S205). The process shown in FIG.

  On the other hand, if it is determined in step S202 that a license authentication request is not possible (step S202: NO), the processing shown in FIG.

Thus, in the device management apparatus 100 _2, by the license acquisition program 51 provided by the flash memory 109a is performed based on the authentication request information, requesting activation on the authentication server 300, and acquires the license information License acquisition is realized.

Thus, the device control apparatus 100 _2, it is not necessary to previously hold the license acquisition program, as long as the information processing apparatus having a flash memory 109a is readable interface (I / F), any device It may be.

<Summary>
As described above, according to the first embodiment of the present invention, the device management apparatus 100 according to the present embodiment requests license authentication from the authentication server 300 based on the authentication request information, and acquires the license code 61. The acquisition program 51 is recorded in the flash memory 109 a that is removable from the device management apparatus 100. Further, the license acquisition program 51, the license code 61 acquired by being executed in the network 90 ₂ environments the authentication server 300 is connected, read from the flash memory 109a, the read license code 61 to the management target device 200 a Send.

  Further, the device management apparatus 100 determines which of “recording of the license acquisition program 51” and “reading of the license code 61” is performed according to the processing stage of license authentication and the determination result of whether or not the authentication request is possible. Switch control.

  Thus, the device management system 1 according to the present invention performs the following process control according to the process stage of license authentication and the determination result of whether or not the authentication request is possible.

First, in the device management apparatus 100 ₁ connected to the same network 90 ₁ as the management target device 200 ₁ , when the license authentication request cannot be made to the authentication server 300, the license acquisition program 51 for performing the license authentication request is stored in the flash memory 109 a. Record.

Then, the device management apparatus 100 ₂ connected to the authentication server 300 in the same network 90 _2, by executing a license acquisition program 51 recorded in the flash memory 109a by the device management apparatus 100 _1, the license to the authentication server 300 An authentication request is made, the license code 61 is acquired, and the acquired license code 61 is recorded in the flash memory 109a.

Again, the transmission in the device management apparatus 100 _1, reads the license code 61 recorded in the flash memory 109a by the device management apparatus 100 _2, the managed devices 200 ₁ to the application program AP (authenticated software) to operate the license code 61 And register.

That is, the device control apparatus 100 according to this embodiment includes a network 90 ₂ by the authentication server 300 are connected, the network 90 ₁ managed device 200 is connected, even in the device management system 1 of the detached state In addition, it is possible to perform license authentication for an authentication target program operating on the management target device 200, and to prevent execution of an unauthorized program (expired use date or an unauthenticated program) on the management target device 200.

[Second Embodiment]
In the first embodiment, since a series of processing related to license authentication is performed in stages in each of the separated networks 90 ₁ and 90 ₂ , the device management apparatus 100 performs license authentication on the authentication server 300 based on the authentication request information. request, the license acquisition program 51 to acquire license information, recorded on a removable flash memory 109a from the equipment managing apparatus 100, further, the license acquisition program 51, a network 90 ₂ environments the authentication server 300 is connected The license code 61 acquired by the execution is read from the flash memory 109a, and the read license code 61 is transmitted to the management target device 200.

  In the case of the license authentication control function, the storage capacity of the flash memory 109a must be larger than the data amount of the license acquisition program 51.

  Along with the advancement of technology related to semiconductor memory in recent years, there are also semiconductor memories that realize a large-capacity storage area, but the user does not always have them, and in some cases, data of the license acquisition program 51 to be recorded It is conceivable that the storage capacity is smaller than the amount.

Therefore, in the present embodiment, the device management apparatuses 100 ₁ and 100 ₂ connected to the separated networks 90 ₁ and 90 ₂ operate a program (activation tool) that controls the same license authentication, and In the flash memory 109a, only information (authentication request information and license information) necessary in the license authentication processing stage is recorded as a work file.

  As a result, the device management apparatus 100 according to the present embodiment can control license authentication based on a smaller amount of information than in the first embodiment.

  In the following description, differences from the first embodiment will be mainly described, and the same points will be omitted using the same drawings and the same reference numerals for the same points.

<License authentication control function>
<Functional configuration>
FIG. 8 is a diagram illustrating a configuration example of a license authentication control function according to the second embodiment of the present invention.

In the first embodiment, the device management apparatus 100 ₁ connected to the same network 90 ₁ as the device to be managed 200 ₁ has each functional unit of reference numeral 20 shown in FIG. 8, and the reference numeral shown in FIG. each functional unit 30, has been a structure that functions in the device control apparatus 100 ₂ connected to the authentication server 300 in the same network 90 _2.

  However, the device management apparatus 100 according to the present embodiment has a configuration having all the functional units indicated by the reference numerals 20 and 30, and this is a difference in functional configuration from the first embodiment.

  With such a configuration, in the present embodiment, “recording of authentication request information”, “reading of the license code 61”, and reference numeral 30 are indicated according to the processing stage of license authentication and the determination result of whether or not the authentication request is possible. Of the three processes of “recording license code 61” realized by the functional unit group, switching control is performed to determine whether to perform the process.

(Recording authentication request information)
In the first embodiment, the license acquisition program 51 including the authentication request information, the first recording unit 26 records in the flash memory 109a, in the device management apparatus 100 ₂ connected to the authentication server 300 in the same network 90 _2, The license code 61 has been acquired by executing the license acquisition program 51 recorded in the flash memory 109a.

  However, in the present embodiment, in consideration of the storage capacity of the memory flash 109a, only the minimum data necessary for the license authentication request is recorded, and the license acquisition program is included in the program (activation tool) that controls the license authentication. The configuration is as follows.

  Therefore, the first recording unit 26 according to the present embodiment records the device information (serial number and application name) acquired by the device information acquisition unit 22 and the product key as a work file. That is, these pieces of information are stored as work files in a predetermined storage area of the flash memory 109a.

  In addition, the second reading unit 37 according to the present embodiment has a function of reading the authentication request information of the work file recorded by the first recording unit 26.

  Thereby, in the present embodiment, “recording of the license acquisition program 51” controlled in the first embodiment is “recording of authentication request information”.

Recording / Reading Operation via External Storage Device (Flash Memory) FIG. 9 is a diagram showing an example of recording / reading operation via the flash memory 109a according to the second embodiment of the present invention.

In the present embodiment does not include the network 90 ₁ environment managed device 200 ₁ is connected, between the network 90 ₂ by the authentication server 300 connects environment, the data (program corresponding to the processing stage of activation ) Are exchanged via the flash memory 109a.

For example, as shown in FIG. 9, first, the management subject device 200 ₁ and the device management apparatus 100 ₁ is connected to the same network 90 _1, the first recording unit 26, the flash memory 109a, the working file 51a (in the figure Then, authentication request information such as device information and product key is recorded.

Flash memory 109a from the device management apparatus 100 _1, the authentication server 300 the same network 90 ₂ attached to the device managing apparatus 100 ₂ is connected to the (connected), the work file 51a is recorded in the flash memory 109a, first 2, and the second license acquisition unit 34 makes a license authentication request to the authentication server 300 based on the authentication request information of the work file 51 a, and the license code 61 is acquired.

As a result, the device managing apparatus 100 _2, the license code 61 obtained by the second recording section 36 records in the flash memory 109a as a working file 52b.

Flash memory 109a is again attached to the device managing apparatus 100 _1, the device management apparatus 100 _1, the first read unit 27 reads out the license code 61 working file 52b recorded in the flash memory 109a, the read Based on the information, the license code 61 is transmitted and registered to the management target device 200 on which the application program AP operates.

  With the above method, license authentication can be continuously performed between the two separated systems S1 and S2.

(Control according to the license authentication processing stage)
In the first embodiment, in a series of processes related to license authentication, “(Procedure 1) Acquire authentication request information from the managed device 200 ₁ ” and “(Procedure 4) use the acquired license information as the managed device 200 _1. Only the two stages of “Send to and register license” are determined.

  In the first embodiment, “(Procedure 2) transmits the acquired authentication request information to the authentication server 300 and requests license authentication” and “(Procedure 3) acquires license information issued from the authentication server 300. Is recorded in the flash memory 51 as the license acquisition program 51.

  Therefore, in the first embodiment, it is not particularly necessary to determine each stage of (Procedure 2) and (Procedure 3).

  However, in this embodiment, since all the series of processing steps related to license authentication are operated by the same software environment, it is necessary to determine and control each of these steps.

Therefore, the authentication processing stage determination unit 21 according to the present embodiment first determines “(Procedure 1) managed device 200 _{1 according} to the presence or absence of the license information recorded by the first recording unit 26 and the second recording unit 36. and acquiring "an authentication request information from," (step 4) and transmits the acquired license information to the management target device 200 ₁ determines two stages of the license registration ".

  If the authentication process stage determination unit 21 determines in the above determination that it is a stage to perform (Procedure 1), it further transmits “(Procedure 2) the acquired authentication request information to the authentication server 300 to perform license authentication. It is determined whether or not “request” and “(procedure 3) obtaining license information issued from the authentication server 300” are performed.

  The authentication processing stage determination unit 21 performs (Procedure 2) and (Procedure 3) depending on the presence / absence of device information acquired by the device information acquisition unit 22 and recorded as authentication request information by the first recording unit 26. Judge whether or not.

  The fact that the device information is recorded in the flash memory 109a when the authentication processing stage judgment unit 21 judges that it is the stage for performing (Procedure 1) means that the license acquisition program 51 in the first embodiment also has the fact that the equipment information is recorded in the flash memory 109a. As described, the steps (procedure 2) and (procedure 3) are performed in a series of processes related to license authentication, and the license code 61 acquired from the authentication server 300 is recorded in the flash memory 109a.

  As described above, the authentication process stage determination unit 21 determines each stage of a series of processes related to license authentication based on the license information and the device information recorded in the flash memory 109a.

Thereby, the device management apparatus 100 according to the present embodiment, in the network 90 ₁ environment managed device 200 ₁ is connected, the network 90 ₂ environments the authentication server 300 are connected, the same for controlling the activation By operating the program (same activation tool), the minimum necessary information is recorded in the flash memory 109a, and the license authentication can be continuously performed between the two separated systems S1 and S2. it can.

<Functional operation>
FIG. 10 is a flowchart showing an example of a processing procedure of license authentication control according to the second embodiment of the present invention.

  As illustrated in FIG. 10, the device management apparatus 100 determines whether the authentication processing stage determination unit 21 is in a stage before license code acquisition in a series of processes related to license authentication. The rush memory 109a is referred to, and a determination is made based on whether or not a license code is recorded (step S301).

  If it is determined in step S301 that the stage is before the license acquisition (step S301: YES), whether or not the stage is before the acquisition of the device information is determined based on whether or not the device information is recorded (step S302). .

  In step S302, if it is determined that the device information is before acquisition (step S302: YES), the device information acquisition unit 22 receives device information (from the management target device 200 on which the application program AP (authentication target software) operates). Serial number and application name) (step S303), and the first authentication request availability determination unit 23 uses the network diagnostic program ("ping") or the like to cause the device management apparatus 100 to authenticate the authentication server 300. It is then determined whether a license authentication request is possible (step S304).

  If it is determined in step S304 that a license authentication request is possible (step S304: YES), the first license acquisition unit 24 acquires the license code 61 from the authentication server 300 based on the authentication request information (step S304). In step S305, the license registration unit 25 transmits and registers the license code 61 to the management target device 200 on which the application program AP (authentication target software) operates (step S306).

  On the other hand, if it is determined in step S304 that a license authentication request is not possible (step S304: NO), the first recording unit 26 uses the authentication request information as a work file to set the external storage I / F device 109. Then, it is recorded in the flash memory 109a (step S307). The process shown in FIG.

  If it is determined in step S301 that the license has been acquired (step S301: NO), the first reading unit 27 reads the license code from the flash memory 109a via the external storage I / F device 109. 61 is read (step S308), and the process proceeds to step S306.

  If it is determined in step S302 that the device information has been acquired (step S302: NO), the second authentication is performed when the flash memory 109a is connected via the external storage I / F device 109. The request availability determination unit 33 determines whether the device management apparatus 100 can make a license authentication request to the authentication server 300 using a network diagnosis program (“ping”) or the like (step S309).

  If it is determined in step S309 that a license authentication request is possible (step S309: YES), the second reading unit 37 sends authentication request information from the flash memory 109a via the external storage I / F device 109. Reading (step S310), the second license acquisition unit 34 acquires the license code 61 from the authentication server 300 based on the authentication request information (step S311), and the second recording unit 36 acquires the license code 61 from the external The data is recorded in the flash memory 109a via the storage I / F device 109 (step S312). The process shown in FIG.

  On the other hand, if it is determined in step S309 that a license authentication request is not possible (step S309: NO), the processing shown in FIG.

  As described above, the device management apparatus 100 performs “recording of authentication request information”, “reading of the license code 61”, and “recording of the license code 61” according to the processing stage of the license authentication and the determination result of whether or not the authentication request is possible. ”Is switched, and license authentication is realized by requesting the authentication server 300 for license authentication based on the authentication request information and acquiring the license information.

  Therefore, any device can be used as long as the device management apparatus 100 is an information processing apparatus having an interface (I / F) that can be read by the flash memory 109a without having to hold the license acquisition program 51 in advance. It may be.

<Modification of recording destination>
In the above embodiment, data (including a program) necessary for continuously performing license authentication between the two separated systems S1 and S2 in the flash memory 109a that is removable from the device management apparatus 100. The recording configuration was described.

  The configuration of recording in such an external storage device is excellent in that the user can easily carry necessary information and is highly convenient.

  However, the present invention is not limited to this configuration. For example, a functional configuration as shown in FIG. 11 may be used.

<Functional configuration>
FIG. 11 is a diagram showing a configuration example of a license authentication control function according to a modification of the present invention. As shown in FIG. 11, in this modification, for example, an HDD 108 that is a storage device included in the device management apparatus 100 is used instead of the external storage device of the flash memory 109a.

  The information holding unit 71 in the figure stores and holds a product key, authentication request information such as device information acquired from the management target device 200, and a license code 61 issued from the authentication server 300 in a predetermined storage area. To do.

  Regarding data recording / reading to / from the information holding unit 71, as described in the above embodiment, the first recording unit 26, the first reading unit 27, the second recording unit 36, and the second reading are performed. This is performed by the unit 37.

<Functional operation>
FIG. 12 is a flowchart showing an example of a processing procedure of license authentication control according to the modification of the present invention. As shown in steps S401 to S412 of FIG. 12, the processing procedure of license authentication control according to this modification is the same as the processing procedure shown in steps S301 to S312 of FIG.

  In the case of this modification, the data recording destination / reference destination is not the flash memory 109a but the information holding unit 71 (for example, the internal storage device of the “HDD 108”).

With this configuration, in the present modification, between a network 90 ₁ environment managed device 200 ₁ is connected, the network 90 ₂ by the authentication server 300 are connected environment, according to the processing stage of activation The data is exchanged via the device management apparatus 100 that holds data (not including a program).

For example, first, the device management apparatus 100 connected to the same network 90 _{1 as} the management target device 200 ₁ causes the first recording unit 26 to transfer the work file 51a (in the drawing, device information and product) to the information holding unit 71. Record authentication request information such as keys).

Device management device 100 is connected to the authentication server 300 in the same network 90 _2, working files 51a recorded in the information storage unit 71 is read by the second reading unit 37, the second license acquiring part 34 Based on the authentication request information of the work file 51a, a license authentication request is made to the authentication server 300, and the license code 61 is acquired.

  As a result, the device management apparatus 100 records the acquired license code 61 in the information holding unit 71 as the work file 52b by the second recording unit 36.

The device management apparatus 100 is again connected to the same network 90 ₁ as the management target device 200 _1, and reads and reads the license code 61 of the work file 52 b recorded in the information holding unit 71 by the first reading unit 27. Based on the information, the license code 61 is transmitted and registered to the management target device 200 on which the application program AP operates.

  With the above method, license authentication can be continuously performed between the two separated systems S1 and S2.

  In the present embodiment, the external storage device and the built-in storage device may be switched as a data recording destination in accordance with the free space of the storage area.

  For example, if the free space in the storage area of the flash memory 109a, which is an external storage device, is smaller than the amount of data to be stored, the recording destination is switched to the HDD 108, which is an internal storage device. Then, the user is notified that the switch has been made, and the user uses the device management apparatus 100 in order to continue the license authentication between the two separated systems S1 and S2 after confirming the notification contents. Or whether to use an external storage device.

<Summary>
As described above, according to the second embodiment of the present invention, the device management apparatus 100 according to the present embodiment requests the license authentication from the authentication server 300 and the authentication request necessary when acquiring the license code 61. The information is recorded as the work file 52 in the flash memory 109 a detachable from the device management apparatus 100 or the HDD 108 of the information holding unit 71. Further, in the network 90 ₂ environments the authentication server 300 is connected, based on the authentication request information read from the work file 52, requesting activation on the authentication server 300, the license code 61 acquired, the flash memory 109a or information The license code 61 read from the work file 52 recorded in the HDD 108 of the holding unit 71 is transmitted to the managed device 200.

  Further, in the device management apparatus 100, “recording of authentication request information”, “reading of the license code 61”, and “recording of the license code 61” according to the processing stage of the license authentication and the determination result of whether or not the authentication request is possible. Which process is performed is controlled to be switched.

  Thus, the device management system 1 according to the present invention performs the following process control according to the process stage of license authentication and the determination result of whether or not the authentication request is possible.

First, in the device management apparatus 100 ₁ connected to the same network 90 ₁ as the management target device 200 ₁ , when a license authentication request cannot be made to the authentication server 300, information (authentication request information) required at the time of the license authentication request is flushed. The data is recorded in the memory 109 a or the HDD 108 of the information holding unit 71.

Then, the device management apparatus 100 ₂ connected to the authentication server 300 in the same network 90 ₂ reads the information recorded in the flash memory 109a by the device management apparatus 100 _1, based on the read information, the license to the authentication server 300 An authentication request is made, the license code 61 is acquired, and the acquired license code 61 is recorded in the flash memory 109a or the HDD 108 of the information holding unit 71.

Again, the device management apparatus 100 _1, reads the license code 61 recorded in the HDD108 of the flash memory 109a or the information holding unit 71 by the device management apparatus 100 _2, the management subject device application program AP (authenticated software) operate 200 ₁ transmits the license code 61 and registers it.

  That is, the device management apparatus 100 according to the present embodiment can achieve the same effects as those of the first embodiment, and prevents execution of unauthorized programs (expired usage dates or programs that have not been authenticated) in the management target device 200. Can do.

  Up to this point, the present invention has been described based on each of the above embodiments. However, the “license authentication control function” of the device management apparatus 100 according to each of the above embodiments is the processing procedure described with reference to the drawings. Is executed by the CPU 106 as a program coded in a programming language suitable for the operating environment (platform). Therefore, the program can be stored in the computer-readable recording medium 103a.

  The program is stored in a recording medium 103a such as a floppy (registered trademark) disk, a CD, or a DVD (Digital Versatile Disk), and the device management apparatus can be read via the drive device 103 that can read the recording medium 103a. 100 can be installed. Further, since the device management apparatus 100 includes the network I / F device 107, the program can be downloaded and installed using an electric communication line such as the Internet.

  In the above-described embodiment, the configuration in which authentication request information and the like are recorded as a work file has been described. For example, the work file may include only device information (such as a serial number and application name) and a product key, and may define information in a predetermined description language such as XML (Extensible Markup Language).

  Finally, the present invention is not limited to the requirements shown here, such as combinations of other elements with the shapes and configurations described in the above embodiments. With respect to these points, the present invention can be changed within a range that does not detract from the gist of the present invention, and can be appropriately determined according to the application form.

It is a figure which shows the structural example (the 1) of the apparatus management system (license authentication system) which concerns on the 1st Embodiment of this invention. It is a figure which shows the structural example (the 2) of the apparatus management system (license authentication system) which concerns on the 1st Embodiment of this invention. It is a figure which shows the hardware structural example of the apparatus management apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the structural example of the license authentication control function which concerns on the 1st Embodiment of this invention. It is a figure which shows the operation example of recording / reading via the flash memory which concerns on the 1st Embodiment of this invention. It is a flowchart which shows the example of a process sequence of the license authentication control which concerns on the 1st Embodiment of this invention. It is a flowchart which shows the example of a process sequence of the license acquisition which concerns on the 1st Embodiment of this invention. It is a figure which shows the structural example of the license authentication control function which concerns on the 2nd Embodiment of this invention. It is a figure which shows the operation example of recording / reading via the flash memory which concerns on the 2nd Embodiment of this invention. It is a flowchart which shows the example of a process sequence of the license authentication control which concerns on the 2nd Embodiment of this invention. It is a figure which shows the structural example of the license authentication control function which concerns on the modification of this invention. It is a flowchart which shows the example of a process sequence of the license authentication control which concerns on the modification of this invention.

Explanation of symbols

1 Device management system (license authentication system)
21 Authentication processing stage determination unit 22 Device information acquisition unit 23 First authentication request availability determination unit 24 First license acquisition unit 25 License registration unit 26 First recording unit 27 First reading unit 33 Second authentication request availability Determination unit 34 Second license acquisition unit 36 Second recording unit 37 Second reading unit 41 Authentication unit 42 License issue unit 51 License acquisition program 52 Work file 61 License code 71 Information holding unit 90 Network (LAN)
DESCRIPTION OF SYMBOLS 100 Device management apparatus 101 Input apparatus 102 Display apparatus 103 Drive apparatus (a: Recording medium)
104 RAM (volatile semiconductor memory)
105 ROM (nonvolatile semiconductor memory)
106 CPU (Central Processing Unit)
107 Network I / F device (NIC: Network I / F Card)
108 HDD (nonvolatile storage device)
109 External storage I / F device (a: flash memory)
200 Device to be managed (image processing device)
300 Authentication server (information processing device)
AP application program (authenticated software)

Claims (23)

A first network device authenticated software works are connected, and a second network authentication device to activate the software is connected, in detached state, the state of the device first A device management system that monitors the device management apparatus and manages the device based on device information including status information,
The first device management apparatus includes :
Authentication processing stage determination means for determining whether or not the predetermined license information acquired from the authentication device is recorded in the external storage device ;
Means for acquiring authentication request information necessary for the license authentication from the device when the authentication processing stage determination means determines that the predetermined license information is not recorded in the external storage device;
When the authentication processing stage determination means determines that the predetermined license information is not recorded in the external storage device, it determines whether or not an authentication request can be made to the authentication device. A determination means;
Means for recording the authentication request information in the external storage device when the authentication request availability determination means determines that license authentication cannot be performed on the authentication device;
When the authentication processing stage determination means determines that the predetermined license information is recorded in the external storage device, the predetermined license information recorded in the external storage device is read and registered in the device Means,
Equipment management system to have a. The equipment management system
The possible data writing and reading with respect to the external storage device, comprising the said is connected to the first network first device management apparatus, and the second device management equipment connected to the second network ,
The second device management apparatus includes :
Wherein based on the recorded authentication request information to an external storage device, the authentication device obtains the predetermined license information from the device management system according to 請 Motomeko 1 that records in the external storage device. The first device management apparatus includes :
Before requesting activation on based-out before Symbol authenticating device Ki認 certificate request information, the program records the predetermined license information to perform processing that Tokusu preparative Lula license acquisition program in the external storage device records Having means ,
The second device management apparatus, by executing the license acquisition program, device management system according to 請 Motomeko 2 for obtaining the predetermined license information from the authentication device. Based on the determination result of the previous SL authentication request determination means,
4. The device management system according to claim 3, wherein recording of the license acquisition program of the program recording unit is controlled. Before Symbol first device management apparatus,
The authentication request information recorded before Symbol external storage device, the authentication request information reading means for reading from said external storage device,
A license acquiring means for the basis of the authentication request information read by the authentication request information reading means, said requesting activation to the authentication device, to obtain said predetermined license information,
License recording means for recording the predetermined license information acquired by the license acquisition means in the external storage device;
The device management system according to claim 1 . The authentication request availability determination means includes:
Any the basis of whether the state of the data communication between the authentication device and the first device management apparatus, according to claim 1 to 5, characterized in that to determine whether the authentication device activation request is performed to the The device management system according to claim 1. The external storage device is
The first device management system according to any one of claims 2 to 4 in the device management equipment and the second device management apparatus is detachable storage peripherals. The state of the device is monitored in a state where the first network to which the device that operates the software to be authenticated is connected and the second network to which the authentication device that performs software license authentication is disconnected are separated. A device management apparatus for managing the device based on device information including status information,
Authentication processing stage determination means for determining whether or not the predetermined license information acquired from the authentication device is recorded in the external storage device ;
Means for acquiring authentication request information necessary for the license authentication from the device when the authentication processing stage determination means determines that the predetermined license information is not recorded in the external storage device;
When the authentication processing stage determination means determines that the predetermined license information is not recorded in the external storage device, it determines whether or not an authentication request can be made to the authentication device. A determination means;
Means for recording the authentication request information in the external storage device when the authentication request availability determination means determines that license authentication cannot be performed on the authentication device;
Means for reading the predetermined license information recorded in the external storage device and registering it in the device when the authentication processing stage determination means determines that the predetermined license information is recorded in the external storage device; When,
A device management apparatus. Requesting the license authentication based-out before Symbol authentication device prior Ki認 certificate request information, comprising program recording means for recording the license acquisition program for executing processing for obtaining said predetermined license information to the external storage device The device management apparatus according to claim 8 . Based on the determination result of the previous SL authentication request determination means,
The device management apparatus according to claim 9 , wherein recording of the license acquisition program by the program recording unit is controlled. Authentication request information reading means for reading the authentication request information recorded in the external storage device from the external storage device;
A license acquiring means for the basis of the authentication request information read by the authentication request information reading means, said requesting activation to the authentication device, to obtain said predetermined license information,
License recording means for recording the predetermined license information acquired by the license acquisition means in the external storage device;
The device management apparatus according to claim 8 , comprising: The authentication request availability determination means includes:
The authentication device and based on the availability status of the data communication between the the device control apparatus, any one of claims 8 to 11, characterized in that to determine whether the authentication device activation request is performed to the The device management apparatus described in 1. Said external storage device,
Device management apparatus according to any one of claims 8 to 12, characterized in that an external storage device detachable from the previous SL device management apparatus. Device management of the state of the device in a state where the first network to which the device on which the software to be authenticated operates is connected and the second network to which the authentication device for performing software license authentication is disconnected A license authentication method in a device management system for monitoring the device and managing the device based on device information including status information,
An authentication processing stage determination procedure for determining whether or not the predetermined license information acquired from the authentication device is recorded in the external storage device ;
A procedure for obtaining authentication request information necessary for the license authentication from the device when it is determined by the authentication processing stage determination procedure that the predetermined license information is not recorded in the external storage device;
An authentication request for determining whether or not a license authentication request can be made to the authentication device when it is determined by the authentication processing stage determination procedure that the predetermined license information is not recorded in the external storage device Adequacy determination procedure;
A procedure for recording the authentication request information in the external storage device when it is determined by the authentication request availability determination procedure that license authentication cannot be performed on the authentication device;
A step of reading the predetermined license information recorded in the external storage device when it is determined by the authentication processing stage determination procedure that the predetermined license information is recorded in the external storage device;
A procedure for registering the predetermined license information read from the external storage device in the device;
A license authentication method comprising: Wherein based on the recorded authentication request information to an external storage device, it acquires the predetermined license information from the authentication device, activation method according to claim 14, comprising the step of recording in the external storage device. Before a process of requesting the license authentication based-out authentication device Ki認 certificate request information, the authentication device to income said predetermined license information issued from the processing and, the external storage license acquisition program to be executed activation process according to claim 15 which have a procedure to be recorded in the device. The state of the device is monitored in a state where the first network to which the device that operates the software to be authenticated is connected and the second network to which the authentication device that performs software license authentication is disconnected are separated. A license authentication method in a device management apparatus for managing the device based on device information including status information,
An authentication processing stage determination procedure for determining whether or not the predetermined license information acquired from the authentication device is recorded in the external storage device ;
A procedure for obtaining authentication request information necessary for the license authentication from the device when it is determined by the authentication processing stage determination procedure that the predetermined license information is not recorded in the external storage device;
An authentication request for determining whether or not a license authentication request can be made to the authentication device when it is determined by the authentication processing stage determination procedure that the predetermined license information is not recorded in the external storage device Adequacy determination procedure;
A procedure for recording the authentication request information in the external storage device when it is determined by the authentication request availability determination procedure that license authentication cannot be performed on the authentication device;
A step of reading the predetermined license information recorded in the external storage device when it is determined by the authentication processing stage determination procedure that the predetermined license information is recorded in the external storage device;
A procedure for registering the predetermined license information read from the external storage device in the device;
A license authentication method comprising: The requesting activation has program recording procedure for recording the license acquisition program for executing processing said that Tokusu preparative license information to the external storage device based-out before Symbol authentication device prior Ki認 certificate request information The license authentication method according to claim 17 . The said authentication request information recorded in the external storage device, the authentication request information reading procedure of reading from the external storage device,
Based on the the authentication request information read by the authentication request information read procedure, the requesting activation on the authentication device, and Licensing Procedures for obtaining the predetermined license information,
A license recording procedure for recording the predetermined license information acquired by the license acquisition procedure in the external storage device ;
Activation process according to claim 18, characterized in that it comprises a. The state of the device is monitored in a state where the first network to which the device on which the software to be authenticated is connected is connected and the second network to which the authentication device for performing software license authentication is disconnected is disconnected. A license authentication program in a device management apparatus for managing the device based on device information including status information,
Computer
Authentication processing stage determination means for determining whether or not the predetermined license information acquired from the authentication device is recorded in the external storage device ;
Means for acquiring authentication request information necessary for the license authentication from the device when the authentication processing stage determination means determines that the predetermined license information is not recorded in the external storage device;
An authentication request for determining whether or not a license authentication request can be made to the authentication device when the authentication processing stage determination means determines that the predetermined license information is not recorded in the external storage device Availability determination means;
Means for recording the authentication request information in the external storage device when it is determined by the authentication request availability determination means that license authentication cannot be performed on the authentication apparatus;
When the authentication processing stage determination means determines that the predetermined license information is recorded in the external storage device, the predetermined license information recorded in the external storage device is read and registered in the device Means to
License authentication program to function as. The license authentication program is
In addition, the computer
Requests before activation to based-out before Symbol authenticating device Ki認 certificate request information, a license acquisition program for executing said that predetermined Tokusu preparative license information processing as a program recording means for recording on the external storage device 21. The license authentication program according to claim 20 , which is made to function. The license authentication program is
In addition, the computer,
The pre-Symbol authentication request information, the authentication request information reading means for reading from said external storage device,
Based on the the authentication request information read by the authentication request information read procedure, and Licensing means the requesting activation to the authentication device, to obtain said predetermined license information,
License recording means for recording the license information acquired by the license acquisition means in a storage device ;
Activation program according to claim 21 to act as a. A computer-readable recording medium on which the program according to any one of claims 20 to 22 is recorded.

Images