AU2004242414A1 - Prefeteching user credentials on a reproduction device - Google Patents
Prefeteching user credentials on a reproduction device Download PDFInfo
- Publication number
- AU2004242414A1 AU2004242414A1 AU2004242414A AU2004242414A AU2004242414A1 AU 2004242414 A1 AU2004242414 A1 AU 2004242414A1 AU 2004242414 A AU2004242414 A AU 2004242414A AU 2004242414 A AU2004242414 A AU 2004242414A AU 2004242414 A1 AU2004242414 A1 AU 2004242414A1
- Authority
- AU
- Australia
- Prior art keywords
- user
- reproduction device
- reproduction
- information
- personal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Landscapes
- Accessory Devices And Overall Control Thereof (AREA)
- Facsimiles In General (AREA)
Description
S&F Ref: 693280
AUSTRALIA
PATENTS ACT 1990 COMPLETE SPECIFICATION FOR A STANDARD PATENT Name and Address of Applicant: Actual Inventor(s): Address for Service: Invention Title: Canon Information Systems Research Australia Pty Ltd, an Australian Company, ACN 003 943 780, of 1 Thomas Holt Drive, North Ryde, New South Wales, 2113, Australia Jeremy Lamplough Muhammad Majid Spruson Ferguson St Martins Tower Level 31 Market Street Sydney NSW 2000 (CCN 3710000177) Prefeteching user credentials on a reproduction device The following statement is a full description of this invention, including the best method of performing it known to me/us:- 5845c cK, PREFETECHING USER CREDENTIALS ON A REPRODUCTION DEVICE
U
Field of the Invention The present invention relates to reproduction devices, including printers and multifunction devices (MFDs) such as those that integrate facsimile, scanner, copier and printer functions. In particular the present invention relates to improved methods of CI 5 authenticating users at the reproduction device and managing user's personal information at the reproduction device.
Background Multifunction print devices (MFDs) are devices that integrate a number of hardcopy reproduction functions, such as facsimile transceiver, scanner, copier and printer, in a single device. MFDs have become commonplace in the modem office environment and find particular application in the so-called "home office" where the need for each function often exists but the workload for each function does not justify a stand-alone or dedicated device.
In a computer network environment, a document may be printed from a personal computer in one location to a printer or MFD at another location. Users often wish to prevent un-authorised viewing of confidential documents prior to the user arriving at the printer or MFD to retrieve their hard-copy printout. Some printers and many MFDs incorporate a secure print feature which commences the print job only when the sender arrives at the print device. The document is printed only when the sender is authenticated at the device.
To allow authentication to occur, a user provides some unique credentials (such as a pin number, swipe card or usemame and password) at the printer or MFD. These credentials are compared to reference security information. If the credentials provided 693280
O
by the user matches the reference security information, the user is successfully authenticated.
N, One conventional approach is to store the security reference information in a central networked location. An example of a networked location is Microsoft T M Active Directory server (Microsoft Corp). When the user presents their credentials at the printer ,I or MFD, the device contacts the central networked location containing the referenced security information. This approach makes authentication of each user time-consuming and may involve a great deal of network communication and server processing. If the central networked location is not currently accessible, then the authentication fails or another location needs to be contacted.
Another conventional approach is to store the security reference information at the MFD itself. However this approach suffers from the drawback that every user who ever uses the device needs to be programmed into the device. Many printers and MFDs have limited resources for storing information, and limit the number of users whose security reference information can be stored at the printer or MFD. Also, many office environments have a number of printers and MFDs and administering each one is timeconsuming.
Another conventional approach is to store the reference information in portable memory, such as a smart card, memory stick or some other portable device such as a PDA or mobile telephone (cell phone), which is carried by the user. The unique identification presented by the user at the print device is compared with the secure reference information stored in the portable memory. However this approach is cumbersome since it requires complex memory readers and the user to carry specialised devices with them whenever they wish to access the print device.
693280
O
It would be beneficial to be able to store the security reference information on the print device itself so that users can be quickly authenticated, with the ease of N administration that a centrally networked storage location provides.
Once authenticated it is advantageous if the user also has access to their personal information on the print device, typically a MFD. This personal information may r, include things such as address books, screen preference information or personal documents such as fax cover letters.
One conventional approach is to store and maintain the information locally on the MFD. This may include for example a "Personal Address Book" which is only available to that particular user. Alternatively the user may have a password protected 'mailbox' on the MFD which can be used to store information. However this approach makes it difficult to maintain the information on the MFD. Also, MFDs have limited storage facilities and users may need the information on multiple different MFDs.
Another conventional approach is for MFDs to retrieve the necessary information from a centrally networked location once the user has been authenticated. This approach only works if there is a limited amount of information that needs to be retrieved, otherwise it is very slow. If there is a large amount of information to be retrieved, such as a number of personal documents or a large address book, or the information is stored across multiple enterprise systems, this approach is too slow. This approach is even slower if the MFD is to perform some data processing on the retrieved data, such as combining standard document templates with retrieved personal data or creating customised user interfaces based on the personal data.
693280 SSummary of the Invention It is an object of the present invention to substantially overcome or at least Ni ameliorate one or more deficiencies of existing arrangements.
In accordance with one aspect of the present disclosure there is provided a method of authenticating a user on a reproduction device, said method being performed C at the reproduction device and comprising the steps of: receiving a reproduction job of a document at the reproduction device, said reproduction job including identification data of a user who instigated the reproduction job; upon receipt of said identification data, retrieving from a storage device remote from said reproduction device at least reference security information for the user based on the identification data; detecting unique security information of the user indicating a presence of the user at the reproduction device; and authenticating the presence of the user at the reproduction device by matching the retrieved reference security information against the detected unique security information.
In accordance with another aspect of the present disclosure there is provided a method of retrieving personal user information at a reproduction device, said method being performed at said reproduction device and comprising the steps of: receiving a reproduction job of a document with identification data of a user who instigated the job at the reproduction device; 693280 S(b) on receipt of said identification data, retrieving from a storage device remote from said reproduction device, at least personal data for the user based on the N identification data of the user; and presenting said personal data to the user upon successful authorisation of user at the reproduction device.
N, Other aspects are also disclosed. The described arrangements have particular Capplication to using MFDs in office or other networked environments where many users
(N
may have access to one or only a small number of MFDs.
Brief Description of the Drawings At least one embodiment of the present invention will now be described with reference to the drawings, in which: Fig. 1 is a schematic representation of a generalized networked printing system including a MFD; Fig. 2 is a detailed schematic representation of another printing system; Fig. 3 is a flowchart of a generating a print job to a print device; Fig. 4 is a flowchart of a method of handling a print job at the print device; Fig. 5 is a flowchart of a method of handling user authentication at the print device; and Fig. 6 is a schematic block diagram representation of a personal computer device useful in the described arrangements.
Detailed Description including Best Mode Fig. 1 shows one example of a networked computing environment 8 in which documents may be generated and printed. The networked computing environment 8 includes a personal computer 5, one or more MFDs 15 and a variety of enterprise servers 693280 25 arranged for performing various functions. The environment 8 is interconnected by a network 10 which is preferably a physical bus-type architecture such as Ethernet. Other N forms of network are possible, such as Wi-Fi, intranet or intemrnet.
The personal computer 5 is formed by a computer module 601, input devices such as a keyboard 602 and mouse 603, output devices including a local printer 615, a display device614 and loudspeakers617. A Modulator-Demodulator (Modem) transceiver device 616 is used by the computer module 601 for communicating to and from the communications network 10, for example connectable via a telephone line 621 or other functional medium. The modem 616 can be used to obtain access to the Internet, and other network systems, such as a Local Area Network (LAN) or a Wide Area Network (WAN), and may be incorporated into the computer module 601 in some implementations.
The computer module 601 typically includes at least one processor unit 605, and a memory unit 606, for example formed from semiconductor random access memory (RAM) and read only memory (ROM). The module 601 also includes an number of input/output interfaces including an audio-video interface 607 that couples to the video display 614 and loudspeakers 617, an I/O interface 613 for the keyboard 602 and mouse 603 and optionally a joystick (not illustrated), and an interface 608 for the modem 616 and the local printer 615. In some implementations, the modem 6116 may be incorporated within the computer module 601, for example within the interface 608.
A storage device 609 is provided and typically includes a hard disk drive 610 and a floppy disk drive 611. A magnetic tape drive (not illustrated) may also be used. A CD- ROM drive612 is typically provided as a non-volatile source of data. The components 605 to 613 of the computer module 601, typically communicate via an 693280 interconnected bus 604 and in a manner which results in a conventional mode of d operation of the computer system 600 known to those in the relevant art. Examples of N computers on which the described arrangements can be practised include IBM-PC's and compatibles, Sun Sparcstations or alike computer systems evolved therefrom.
The servers 25 are typically a number of computer devices dedicated to r, performing significant functions within the environment 8, such as retaining databases usable by client applications executable by one or more of the personal computer 5 and file and printer servers that act as simple repositories of files and to manage output of documents to print devices through the management of queues and security protocols.
Structurally, the servers 25 may be formed by computing devices akin to the personal computer 5 described above but typically executing different software applications to perform desired functions.
In the present description, which the printing arrangements to be described have general applicability to all printing devices, and preferred implementations utilize MFDs for the networked printing of documents as such devices typically are provided with more complex and interactive user interfaces than most traditional stand-alone printers.
Nevertheless, the arrangements described may be implemented with any print device having suitable levels of user interface.
The MFD 15 is coupled to the network 10 and thus represents a target device for the printing of documents in the environment 8, for example source from the personal computer 5 either directly, or via a file and print server representing one of the servers The MFD 15 has associated therewith a user recognition device 20 which may be integrated into the MFD 15 or alternatively may be coupled to the MFD 15 as illustrated 693280 -8-
O
,I in Fig.1. Such coupling may be via a USB port or similar connection, and which affords a) coupling to a stand-alone printer where such functionality is supported. The user N recognition device for example may be a swipe card reader, a magnetic reader, a bar code reader, a smart card reader, or a USB port into which portable memory may be inserted. The user recognition device 20 typically has a limited keyboard or keypad permitting text data entry by a user and a display for visual feedback to the of text entered, command indications and instructions. The display may be formed as a touch panel thus permitting tactile entry, for example via a displayed menu or graphical user interface.
Fig. 2 shows the networked environment of Fig. 1 in more detail. In particular Fig. 2 shows examples networked services such as security 55, personal contacts 60, user interface 70, document repository 75 and corporate directory 80 available from within the servers 25 which may be accessible from the MFD 15 and from the personal computer 5. In Fig. 2, the example networked services are shown as discrete components. Typically each will be formed by or associated with a corresponding application program, and often some database.
Fig. 2 also illustrates a schematic structure of the MFD 15 which is seen to include an input/out controller 95 which interfaces the MFD 15 to the network 10 and which couples to a multifunction controller 90 which manages overall operation of the MFD 15 via an internal bus 98. The bus 98 couples to a user interface controller 97 configured to receive user commands input via a touch screen 96. The touch screen 96 may also be used to display messages and the like a proximate user of the MFD 15. The user interface controller 97 arranges user commands which are sent to the multifunction controller 90 for interpretation and form the issuing of control signals and the like via the 693280
O
C1 bus 98 to other modules of the MFD 15. Those other modules include a scanner 91, a printer 92, a facsimile 93, a copier 94 and a user recognition device 100. Each of the N modules 91-94 perform traditional functions well known in MFDs under control of the multifunction controller 90. The user recognition device 100 provides user identification information to the multifunction controller 90. The modules 95, 90, 97 and 96 of the N, MFD 15 may be considered functional modules which, to a large extent, may be implemented by software applications executable within a hardware platform similar to that of the computer module 601 of the personal computer 5, but typically of reduced size and complexity but nevertheless retaining the traditional programmable functionality and storage capabilities of modem computing devices.
The methods of secure printing are preferably practiced using the personal computer 5, the networked locations of the servers 25 and the MFD 15 wherein the processes of Figs. 3 to be described may be implemented as software, such as an application program executing within the computer system 5 and the processes of Figs. 4 and 5 may be implemented as one or more application programs executing within the MFD 15. In particular, the steps of the secure printing methods effected by instructions in the software that are carried out by the computer 5 or MFD 15. The instructions may be formed as one or more code modules, each for performing one or more particular tasks. The software may also be divided into two separate parts, in which a first part performs the security and authentication functions and a second part manages a user interface between the first part and the user. The software may be stored in a computer readable medium, including the storage devices described above, for example. The software is loaded into the computer from the computer readable medium, and then executed by the computer. A computer readable medium having such software or 693280
O
computer program recorded on it is a computer program product. The use of the computer program product in the computer preferably effects an advantageous apparatus ,I for secure networked printing.
Typically, in the case of the personal computer 5, the application program is resident on the hard disk drive 610 and read and controlled in its execution by the Ni processor 605. Intermediate storage of the program and any data fetched from the Snetwork 620 may be accomplished using the semiconductor memory 606, possibly in concert with the hard disk drive 610. In some instances, the application program may be supplied to the user encoded on a CD-ROM or floppy disk and read via the corresponding drive 612 or 611, or alternatively may be read by the user from the network 10 via the modem device 616. Still further, the software can also be loaded into the computer 5 from other computer readable media. The term "computer readable medium" as used herein refers to any storage or transmission medium that participates in providing instructions and/or data to the computer 5 for execution and/or processing.
Examples of storage media include floppy disks, magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, a magneto-optical disk, or a computer readable card such as a PCMCIA card and the like, whether or not such devices are internal or external of the computer module 601. Examples of transmission media include radio or infra-red transmission channels as well as a network connection to another computer or networked device, and the Internet or Intranets including e-mail transmissions and information recorded on Websites and the like. With respect to the MFD 15, functionality corresponding to the above also applies with respect to software associated with the processes of Figs. 4 and 693280 -11- Fig. 3 shows the process 300 of a user generating a print job. In step S301 the user logs onto a computer, such as the personal computer 5, which can be used to C, generate a print job via the network 10. The login would commonly involve a username and password for authentication. The process 300 however may also be implemented using a smart-card or other authentication system. Once logged-in, the user generates at step S302 a print job destined for a particular MFD, such as the MFD 15. In step S303 a print driver operating within the personal computer 5 associates the generated print job with data identifying the submitter of the print job (ie. the particular user). An example of this data is the login name of the person who initiated the print job. However this functionality may be also implemented in another way, such as using a Smart-Card ID or employee ID. The print driver forwards the job to the destination, along with the associated data identifying the submitter of the job. In this example, the destination is the network MFD 15. The process 300 is therefore one that may be implemented as an application program executing from within the personal computer Fig. 4 shows a process 400 executable as an application program from within the destination MFD 15 when a print job arrives at the MFD 15. In step S401 the print job and associated identifying data is received at the MFD 15 via the IO controller 95 and retained in temporary memory (not illustrated, but understood by skilled persons given the above) within the multifunction controller In step S402 the MFD 15 retrieves this associated identifying data from the print job.
In step S403 the MFD 15 determines from the associated identifying data whether to retrieve security reference information for the submitter of the print job. For example, if the associated identifying data were empty or null with respect to the security 693280 -12reference information, no security procedures need be implemented and processing may
O
proceed to step S405. The security reference information may be any information that Sthe MFD 15 can use to authenticate the user when the user physically arrives at the MFD to retrieve the document to be printed. The MFD 15 performs the user authentication N by comparing unique security information provided by the user on arrival at the MFD and detected via the user recognition device 100, with the reference security information.
To ensure that the security reference information is simple to maintain, such information is generally stored in a networked location, accessible from multiple locations. An example of a networked location is an LDAP server or Microsoft Domain Controller for example implemented a further applications within the servers An association must exist between the information which identifies the user, being the submitter of the print job, and that user's security reference information. For example, the submitter of the print job may be identified by their Windows T m Login User Name, and this data may be sent with the print job. The corresponding reference security information may be stored as an Active Directory as part of the user's account in the networked environment 8. Thus an association exists between the identity data sent with the print job and the reference security information.
The reference security information may take many different forms. Any data that can be utilised by the MFD 15 for authentication may be used as reference security information. For example, the security reference information may be a password which has been encrypted with a one-way hash function. Alternatively, the reference information may be an ID intended to match a card ID obtained when the user swipes and ID card in a card reader operating as the user recognition device 100 when the user arrives at the MFD 15. A further alternative is that the reference information may be iris 693280 -13-
O
,scan data for the user, such data being matched with data extracted from an iris scanner operating as the user recognition device 100. Once the MFD 15 has retrieved the Sreference security information for the submitter of the print job, the MFD 15 is then able to authenticate the user at the MFD 15 without the need for further contact with a networked location.
1 There are many different algorithms the MFD 15 may use to decide whether to Cretrieve the reference security information. For example, the MFD 15 may choose to retrieve this information only if the MFD 15 has not done so previously. Alternatively, the MFD 15 may choose to retrieve this information every single time a user submits a print job. In a further alternative, the MFD 15 may choose to retrieve this information if the last time the information was retrieved was greater than a particular time frame.
In another example, the MFD 15 may choose to retrieve the reference security information based on the type of reference security information itself. For example, if the reference security information is an encrypted password, the MFD 15 may choose to retrieve the password every time the user prints at the MFD 15. However, if the reference security information is finger scan information, the MFD 15 may choose to only retrieve the scan information if the MFD 15 has never retrieved the scan information previously. This is because some forms of reference security information may change regularly whilst others do not. It another example, the MFD 15 may choose to only retrieve the reference security information if such information has changed since the last time the information was retrieved. For example, the MFD 15 may examine a timestamp stored when the user changes their password in Microsoft T M Active directory and only retrieve the encrypted password if the password had been changed since the last retrieval time.
693280 -14- If the MFD 15 determines that retrieval of the user's reference security information is required, this is performed in step S404. The reference security Sinformation is generally stored in a form of networked location. An example of this is as the security database 55 or the corporate directory 80 such as an LDAP server or another form of database. The reference security information is retrieved from the networked Clocation using well known internetworking techniques. For example the MFD 15 may retrieve the information using a standard HTTP request. Alternatively the MFD 15 may use a protocol such as LDAP to retrieve the information. The information may be encrypted between the networked location and the MFD 15, for example using SSL.
These techniques are well known.
Once obtained from the networked location, the reference security information is stored locally at the MFD 15 for at least a predetermined period of time. The reference security information may be stored in non-volatile memory such as a hard-disk, or it may be stored in volatile memory such as RAM. The storage location is unimportant, as long as the location is easily accessible by the MFD 15 without a need to re-contact the networked location. In a preferred implementation, the reference security information is stored at least until the user to whom the information refers is authenticated at the MFD After the required period of time, the security reference information may or may not be deleted from the MFD In step S405 the MFD 15 determines whether the user's personal data should be retrieved. The order of steps S405 and S403 in this regard are not important and may be swapped. Further, a particular implementation may only implement one of steps S405 or S403, without the other.
693280
O
The MFD 15 may use a number of different criteria to determine whether or not to retrieve the user's personal data. For example, the MFD 15 may choose to retrieve the I personal data every time the user prints to the MFD 15. Alternatively, the MFD 15 may choose to retrieve the personal data if the MFD 15 has not done so within a certain period of time. In a further alternative, the MFD 15 may initially retrieve the user's preference information and then utilise the preference information to determine any other Stypes of personal information that should be retrieved.
There are many types of personal information which can be obtained by the MFD 15. The types of personal information that are listed here are examples of personal information that can be retrieved, however the list of examples shown here should not limit possibilities. The personal data may be stored across the many networked systems locations that exist in a typical office environment.
One example user's personal data is their contacts which are retrieved from an
TM
address book such as Microsoft OutlookTM Address Book or Microsoft Exchange m Retrieving a user's address book prior to the user physically arriving at the MFD ensures the user will have the latest information available for presentation via the touch screen 96 when the user authenticates themselves at the MFD 15 via the user recognition device 100. The user of the MFD 15 can then email or fax documents from the MFD to contacts within their address book, simply and easily.
Personal data may also include information stored in a corporate document management system, such as the corporate directory 80. For example, the headers of relevant documents in a document management system associated with the repository could be retrieved. These relevant documents may be the most recent documents that the user has saved in the document management system. Alternatively, if the user works in a 693280 -16firm such as an accounting or legal firm, the headers of documents relevant to the user's
U
clients may be downloaded. Downloading the headers of these documents would allow the user, when authenticated, to easily retrieve a print document at the MFD Personal data may also include Graphical User Interface (GUI) or application preferences that have been saved by the user. For example, a user may customize their N copy setting so that the default is for a two-page copy. This preference can then be stored in a networked location. These preferences can be retrieved by the MFD 15 prior to user authentication at the MFD 15. At each print or reproduction device, in the user's User Interface and preferences will be quickly and correctly displayed upon authentication.
Personal data may also include documents and forms that have already been partially or fully filled out by the user. For example, a fax cover sheet that has already been filled out with the user's Name, Address, Company and Return Fax Number Personal data may also include a personal documents folder which contains documents or information for the user. From the personal computer 5, a user can place documents into this folder and have them automatically retrieved and available for printing on the MFD 15. This allows the user to easily ensure up to date personal data is always available at the MFD The examples shown here are only examples of personal data that may be retrieved by the MFD 15. The possible types of personal data is highly varied and these examples should not limit the possibilities.
In step S406 the user's personal data is retrieved. This personal data may be spread across multiple enterprise services as shown in Fig. 2 and the retrieval of this data from a networked location would normally be done using well known internetworking 693280 -17principles. For example, it may be done using a HTTP request/response, using a direct database query, or with some other form of network access. The transfer of this 1 information may be over a secure or non-secure connection and may or may not be encrypted. The retrieval may also involve multiple steps. For example, the user's preference data may be retrieved first, and then depending on the settings in the preference data, other data may then be retrieved. The personal information retrieved by the MFD 15 in step S406 is the user's own personal information and is not ordinarily shared by other users of the networked environment 8.
The personal information retrieved at step S406 is retained by the MFD 15 for at least a predetermined period of time. There are many different criteria the MFD 15 may use to determine how long to retain the information at the MFD 15. For example, the MFD 15 may choose to retain the information for a fixed period, after which it is then removed. In another example, the MFD 15 may keep a record of when a user prints to the MFD 15. When a storage location of the MFD 15 is full, the MFD 15 may then removes the information corresponding to the user who printed the least recently. In this way, the MFD 15 only retains the information corresponding to most recent users of the MFD After retrieving either the user's personal data or the user's security reference information or both, the MFD 15 may perform some data processing on the retrieved information, as shown in step S407. Where no security reference information or personal data are retrieved in steps S403 and S405, step S407 may perform no function other than to authorise performance of the job requested of the MFD 15, such a printing the print job via the printer 92 without regard to security procedures, since none had been established.
693280 -18-
O
However, where such information does exist, because IFDs may have limited Smemory and CPU processing capability (in comparison to the personal computer it is Sadvantageous to perform any necessary data processing of step S407 prior to the user authentication being performed at the MFD 15 via the user recognition device 100.
There are many different types of processing which may occur at the MFD CFor example the MFD 15 may combine the personal user data with generic company forms which can then be simply and easily printed at the MFD 15. An example form is a Human Resource Timesheet form. The MFD 15 can combine the raw data from a time tracking system with a generic template located in a document repository. This combined document would then be available to the user upon authentication at the MFD Another example of processing that may occur, is the construction of GUI screens based on the user's data. For example, retrieved GUI preference information may be used to construct user interfaces corresponding to the user's personal settings, the user interface being represented via the touch screen 96. Alternatively the MFD 15 may build the GUI screens based on the personal data that is retrieved. For example, in a legal or accounting firm, the MFD 15 may retrieve the list of clients that the user is responsible for and present this to the user, allowing the user to automatically track printing and copying costs directly to the client's account.
Fig. 5 shows a process 500 of authentication and GUI customization which occurs at the MFD 15. In a step S501, the user who is to be authenticated arrives at the MFD 15. At this point in the scenario the user has not been authenticated at the device.
Steps S502 -S510 are operable by a program executable from within the MFD 693280 -19-
O
In step S502 the user recognition device 100 of the MFD 15 detects presentation by the user of some form of unique identification of the user. This detection results in C the user recognition device 100 reading or otherwise providing unique security data sufficient to identify the user. This data or information may or may not be the same information that was sent in step S303. The user recognition device 100 can be formed 1 for example by any one or combination of a smart card reader, magnetic strip card reader, access card reader, finger print reader, iris scanner or other device that can be used to obtain identification from the user. In a preferred implementation, this unique information is obtained by the recognition device 100 in a secure unobtrusive manner, however such information may also be input by the user manually such as entering a usemrname and password, for example via the touch screen 96.
On obtaining the unique information from the user, the MFD 15 checks in step S503 to see if it has the reference security information needed to correctly authenticate the user. This reference information would have been obtained from a networked location as part of step S404. The reference security information is any information which can be compared to the information obtained in step S502. For example, the reference security information may be the user's access card number. This can be compared to the access card number of the user that has swiped for authentication. In another example, reference security information may be the user's password which has been encrypted using a one-way encryption method. The password manually entered by the user can be encrypted using the same method and compared to the reference security information.
693280 c, If the security reference information is not already present at the MFD 15, then
U
that information is retrieved from a networked location in S504, in the same manner as step S404.
In step S505 the MFD 15 compares the unique identity information obtained from the user with the corresponding reference security information. In doing this comparison, the MFD 15 may do some processing on the unique security information obtained from the user or the reference security information so that they can be matched correctly. For example, this may involve well known techniques such as one-way encryption techniques such as DES or modifying card number formats from decimal to hexadecimal. The processing may or may not occur and is used to ensure the matching can occur correctly. The process of matching the information occurs at the MFD The MFD 15 does not need to contact a networked location to perform this process.
Because the matching can occur at the MFD 15, it can occur more rapidly than if an external server was contacted.
If the information obtained from the user matches the security reference information, the user is successfully authenticated as indicated at step S507. If the information does not match, the user is denied access in step S506. If a user is denied access in S506, the user may still have some level of access to the MFD. For example they may still be allowed to perform copying. However they will not have access to the features of the MFD 15 which require authentication. For example they will not have access to their personal contact lists or other personal information.
Once successfully authenticated in step S507, the MFD 15 in step S508 can present a user interface via the touch screen 96 based on the user's identity. For example, the user interface may only allow access to features which the user has 693280 -21permission to access. Alternatively, the MFD 15 may create the user interface using the user's personal data which is available at the MFD 15. There are many different N, examples of customization that can be performed by the device based on the authenticated identity of the user.
In step S509 which follows step S508, the MFD 15 allows the user to access their personal data. This personal data would previously have been retrieved by the MFD from a networked location.
Finally, in step S510 the MFD 15 authorizes printing of the user's documents from the print job. The user may or may not have documents waiting to be printed at the MFD 15. If they do, the user's documents are printed on successful authentication in the user's presence at the MFD Whilst the described arrangements have been described with respect to multifunction print devices, the principles of the present disclosure may be applied to any reproduction device where document security is desired. For example, some fax machines permit user's to electronically deliver documents to the fax machine for subsequent facsimile transmission. The described security arrangements may be used to permit the user to send the document fro a personal computer to the fax machine, and then attend the fax machine to supervise transmission and to prevent unauthorised persons from simultaneously printing a copy of the transmission. The reproduction device also may be a simple display device, for example in a conference room configured for presentation to a group of people or for video conferencing. The present arrangements provide that all necessary documents may be uploaded to the presentation and reproduction arrangements and available for immediate reproduction upon successful user authentication.
693280 -22- SIndustrial Applicability SThe above that the arrangements described are applicable to the computer and 1 data processing industries and particularly to the printing and/or document reproduction on networked devices where personal or document security is required.
5 The foregoing describes only some embodiments of the present invention, and modifications and/or changes can be made thereto without departing from the scope and spirit of the invention, the embodiments being illustrative and not restrictive.
(Australia Only) In the context of this specification, the word "comprising" means "including principally but not necessarily solely" or "having" or "including", and not "consisting only of'. Variations of the word "comprising", such as "comprise" and "comprises" have correspondingly varied meanings.
693280
Claims (20)
1. A method of authenticating a user on a reproduction device, said method being performed at the reproduction device and comprising the steps of: N receiving a reproduction job of a document at the reproduction device, said reproduction job including identification data of a user who instigated the Sreproduction job; upon receipt of said identification data, retrieving from a storage device remote from said reproduction device at least reference security information for the user based on the identification data; detecting unique security information of the user indicating a presence of the user at the reproduction device; and authenticating the presence of the user at the reproduction device by matching the retrieved reference security information against the detected unique security information.
2. A method according to claim 1 where the retrieved reference security information is an encrypted password.
3. A method according to claim 1 where the retrieved reference security information is a card number.
4. A method according to claim 1 where the retrieved reference security information comprises arbitrary data for user authentication. 693280 -24- U A method according to claim 1 further comprising the step of: upon successful user authentication in step reproducing the reproduction job on the reproduction device. S6. A method according to claim 1 wherein, upon successful user authentication in step the reproduction device displays a graphical user interface customized for the user.
7. A method according to claim 1 wherein, upon successful user authentication, the reproduction device retains the retrieved reference security information for a period of time.
8. A method according to claim 1 where, upon successful user authentication, the reproduction device discards retrieved security information.
9. A method according to claim 1 wherein said reproduction device is selected from the group consisting of a printer, a copier, a facsimile transceiver, a scanner, and a display. A method according to claiml wherein said reproduction device comprises a multifunction print device incorporating at leats two of a printer, a copier, a scanner and a facsimile transceiver. 693280 25 O N 11. A method of retrieving personal user information at a reproduction device, said method being performed at said reproduction device and comprising the steps of: ,I receiving a reproduction job of a document with identification data of a user who instigated the job at the reproduction device; on receipt of said identification data, retrieving from a storage device remote from said reproduction device, at least personal data for the user based on the 0identification data of the user; and presenting said personal data to the user upon successful authorisation of user at the reproduction device.
12. A method according to claim 11 wherein the retrieved personal information is used to customize a user interface of said reproduction device as presented to the user upon successful authorisation thereof.
13. A method according to claim 11 wherein the retrieved personal information includes at least one of personal user contact data, documents retrieved from a personal document storage location, and arbitrary personal data.
14. A method according to claim 11 wherein the retrieved personal information is retained at the device for a period of time. A method according to claim 11 wherein the retrieved personal information is retained for only the users who have most recently reproduced at said device. 693280 -26-
16. A method according to claim 11 further comprising the step of processing the U received personal data prior to allowing user access in step
17. A method according to claim 16 wherein the processing of retrieved personal data includes the combining of personal data with document templates.
18. A method according to claim 11 wherein step further comprises the sub-steps of: (ba) upon receipt of said identification data, retrieving from a storage device remote from said reproduction device at least reference security information for the user based on the identification data; (bb) detecting unique security information of the user indicating a presence of the user at the reproduction device; and (bc) authenticating the presence of the user at the reproduction device by matching the retrieved reference security information against the detected unique security information.
19. A computer readable medium having a computer program recorded thereon and adapted to authenticate a user on a reproduction device, said program being executable at the reproduction device and comprising: code for receiving a reproduction job of a document at the reproduction device, said reproduction job including identification data of a user who instigated the reproduction job; 693280 27 code, operable upon receipt of said identification data, for retrieving from a storage device remote from said reproduction device at least reference security N information for the user based on the identification data; code for detecting unique security information of the user indicating a presence of the user at the reproduction device; and 1 code for authenticating the presence of the user at the reproduction device by Smatching the retrieved reference security information against the detected unique security information.
20. A reproduction device having a user authentication function, said device comprising: an interface for receiving a reproduction job of a document at the reproduction device, said reproduction job including identification data of a user who instigated the reproduction job; retrieving means, operable upon receipt of said identification data, for retrieving from a storage device remote from said reproduction device at least reference security information for the user based on the identification data; a detector arrangement for detecting unique security information of the user indicating a presence of the user at the reproduction device; and means for authenticating the presence of the user at the reproduction device by matching the retrieved reference security information against the detected unique security information. 693280 28
21. A computer readable medium having a computer program recorded thereon and adapted to retrieve personal user information at a reproduction device, said program N1 being executable at said reproduction device and comprising: code for receiving a reproduction job of a document with identification data of a user who instigated the job at the reproduction device; 1 code, operable on receipt of said identification data, for retrieving from a storage Sdevice remote from said reproduction device, at least personal data for the user based on the identification data of the user; and code for presenting said personal data to the user upon successful authorisation of user at the reproduction device.
22. A reproduction device adapted to retrieve personal user information at a reproduction device, said reproduction device comprising: an interface for receiving a reproduction job of a document with identification data of a user who instigated the job at the reproduction device; means, operable on receipt of said identification data, for retrieving from a storage device remote from said reproduction device, at least personal data for the user based on the identification data of the user; and means for presenting said personal data to the user upon successful authorisation of user at the reproduction device.
23. A method of authenticating a user at a reproduction device substantially as described herein with reference to any one of the embodiments as that embodiment is illustrated in the drawings. 693280 -29- O
24. A method of retrieving personal user information at a reproduction device, said C, method being performed at said reproduction device and being substantially as described herein with reference to any one of the embodiments as that embodiment is illustrated in the drawings. A reproduction device adapted to perform the method of claim 23 or claim 24.
26. A computer readable medium having a computer program recorded thereon and adapted to make a reproduction device perform the method of claim 23 or claim 24. Dated this TWENTY-FIRST day of DECEMBER 2004 Canon Information Systems Research Australia Pty Ltd Patent Attorneys for the Applicant Spruson&Ferguson 693280
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2004242414A AU2004242414A1 (en) | 2004-12-21 | 2004-12-21 | Prefeteching user credentials on a reproduction device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2004242414A AU2004242414A1 (en) | 2004-12-21 | 2004-12-21 | Prefeteching user credentials on a reproduction device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2004242414A1 true AU2004242414A1 (en) | 2006-07-06 |
Family
ID=36660014
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2004242414A Abandoned AU2004242414A1 (en) | 2004-12-21 | 2004-12-21 | Prefeteching user credentials on a reproduction device |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2004242414A1 (en) |
-
2004
- 2004-12-21 AU AU2004242414A patent/AU2004242414A1/en not_active Abandoned
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2005202405B2 (en) | Management of physical security credentials at a multi-function device | |
| US7957022B2 (en) | Information processing apparatus allowing plurality of users to concurrently log in, and method of controlling the same | |
| US7889369B2 (en) | Image forming apparatus, image processing method, and program | |
| US10070002B2 (en) | Systems and methods for printing a document using a graphical code image | |
| US7284061B2 (en) | Obtaining temporary exclusive control of a device | |
| CN101282399B (en) | Image processing apparatus | |
| JP4386059B2 (en) | Image processing apparatus, information transmission method, and image processing system | |
| US20150229787A1 (en) | Electronic document delivery | |
| US20070146732A1 (en) | Method and system for generating job profiles | |
| JP2008537188A (en) | System and method for authenticating a user of an image processing system | |
| US10148849B2 (en) | Systems and methods for printing a document using a graphical code image | |
| KR20080011660A (en) | Scanning systems and methods | |
| CN104767900B (en) | Information processing unit and information processing method | |
| US8181012B2 (en) | Image processing apparatus transmitting encrypted document to another apparatus, control method thereof, and program product for information processing | |
| US20110197271A1 (en) | Card based authentication system and method for releasing stored rendering jobs | |
| CN103259951A (en) | Network system, information processing apparatus, method for controlling the information processing apparatus | |
| US8392979B2 (en) | Document processing automated system and image forming apparatus | |
| US8578160B2 (en) | Scan-to-home method and system for the delivery of electronic documents to a user home directory | |
| AU2004242414A1 (en) | Prefeteching user credentials on a reproduction device | |
| US8191111B2 (en) | Image forming system and image forming apparatus | |
| JP2007328491A (en) | Server, multi function peripheral and user authentication method | |
| US9019539B2 (en) | Image data transmission apparatus, image data transmission method, and computer-readable storage medium for computer program configured to send image data to a plurality of destinations using separate methods | |
| US10270919B2 (en) | Image forming apparatus, image data transmission method, and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MK1 | Application lapsed section 142(2)(a) - no request for examination in relevant period |