JP2003233596A - Authentication system, server device and electronic equipment - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication system, a server device and electronic equipment superior in security and convenient in use. <P>SOLUTION: The authentication system comprises an image forming device 1 having an authentication function, a card reader 2 for reading a user ID out of a card, and portable equipment 3 adaptable for short-distance radio communication with the image forming device 1. The portable equipment 3, when located near the image forming device 1, can receive a polling command transmitted from the image forming device 1 and reply a self identification number. The image forming device 1 collates the user ID read by the card reader 2 with the identification number replied by the portable equipment 3 and permits the use of the image forming device 1 if ascertaining that the user is identical with authorized one. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an authentication system, a server device and an electronic device for authenticating whether or not to permit the use of an electronic device. More specifically, the present invention relates to an authentication system, a server device, and an electronic device in which double authentication is performed to enhance security.

[0002]

2. Description of the Related Art Conventionally, when using an image forming apparatus such as a copying machine, various authentication methods have been used to confirm that the user is an authorized person. As one of them, there is a method in which each user possesses a medium such as a magnetic card or an IC card in which the ID of the individual is registered, and the medium is inserted into the device for authentication. The device reads the ID of the user from the inserted medium, and the ID is registered as the authorized user.
By checking whether it is D or not, it is determined whether or not the use is permitted. Alternatively, as a highly secure authentication system, there is an authentication method using biometric information such as a fingerprint, a voiceprint, and a face image.

[0003]

However, the above-mentioned conventional authentication system has the following problems. That is, in an authentication method using a medium such as a magnetic card or an IC card, there is a possibility that the medium may be stolen or copied, and the security is low.
On the other hand, in the authentication method using biometric information, although the security is very high, the authentication device is very expensive. In addition, a device used by a large number of people is not convenient because it takes a lot of time to register the biometric information of each person and it takes a long time to perform authentication.

The present invention has been made to solve the problems of the above-mentioned conventional techniques. That is, the problem is to provide an authentication system, a server device, and an electronic device that have high security and are easy to use.

[0005]

The authentication system of the present invention, which has been made for the purpose of solving this problem, is capable of communicating with a first terminal that obtains identification information from a recording medium and with the first terminal. In an authentication system including a server device that obtains position information from two terminals, a first authentication means that authenticates by the identification information acquired from the first terminal, and a authentication by the position information acquired from the second terminal It is characterized by having two authentication means and a permitting means for permitting the use of the first terminal when the authentication results of the first authenticating means and the second authenticating means are both good.

That is, in the present invention, the first terminal obtains the identification information from the recording medium and the second terminal obtains the position information. If both the authentication result of the first authenticating means based on the identification information and the authentication result of the second authenticating means based on the position information are good, the use of the first terminal is permitted. A user who desires authentication has a recording medium and a second terminal, and sets the recording medium in the first terminal. As a result, the identification information is acquired from the first terminal, and the identification information is authenticated together with the position information acquired from the second terminal. Therefore, the security is much higher than that of the authentication using only the recording medium. On the other hand, it is not necessary to use an expensive system such as biometric information, which requires time for registration and authentication, so that a system with good usability can be obtained.

Further, in the authentication system of the present invention, it is preferable that the first terminal is an image forming apparatus and an ID card on which user identification information is recorded is used as a recording medium. For the authentication of the image forming apparatus, a too expensive authentication system is disproportionate and it may be used by a relatively large number of users one after another. Therefore, a system that requires less time for authentication is desired. Further, the ID card is easy to own and carry, and in many cases already used by companies and organizations, registration is easy.

Furthermore, in the authentication system of the present invention, it is desirable to use, as the second terminal, a mobile terminal that acquires position information by communicating with the outside. Mobile terminals such as mobile phones that acquire location information by communicating with the outside
It has become widespread in recent years. By using these mobile terminals as the second terminal, it is possible to easily configure the system without adding a new device.

According to the present invention, in the server device which can communicate with the first terminal which obtains the identification information from the recording medium and which obtains the position information from the second terminal, the authentication is performed by the identification information obtained from the first terminal. Use of the first terminal when the first authenticating means, the second authenticating means for authenticating the position information obtained from the second terminal, and the authentication results of the first authenticating means and the second authenticating means are both good And a permitting means for permitting

Further, according to the present invention, in an electronic device which obtains identification information from a recording medium and also obtains position information from an external terminal, first authentication means for performing authentication by the identification information obtained from the recording medium; A second authentication means for performing authentication based on the position information acquired from the terminal; and a permission means for permitting the use when the authentication results of the first authentication means and the second authentication means are both good. It also extends to electronic devices that operate.

Further, in the authentication operation of the present invention, the first authenticating means by the first terminal is performed by the user manually setting the recording medium, and the second authenticating means by the second terminal is It is desirable that the power supply be automatically performed if the second terminal is energized. The user only needs to set the recording medium when using the electronic device.
Since the second authentication by the second terminal need not be troublesome, the system becomes more convenient.

[0012]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A first embodiment embodying the present invention will be described in detail below with reference to the accompanying drawings. In the present embodiment, the device to be permitted / not permitted to use is the image forming device 1, and the image forming device 1 also performs the authentication process.

First, the system according to the present embodiment is constructed as shown in FIG. That is, the present system includes an image forming apparatus 1 corresponding to the first terminal and a server apparatus 1, a card reader 2 capable of communicating with the image forming apparatus 2, and a second terminal.
Corresponding to a terminal, each device includes a mobile device 3 capable of short-range wireless communication with the image forming device 1 and a base station system 4 capable of communicating with the mobile device 3. The image forming apparatus 1 is an apparatus having an image forming function such as a copying machine, and the image forming function portion is omitted in FIG. The card reader 2 is a general card reader capable of reading a magnetic card or an IC card (hereinafter, simply referred to as a card). Here, the card reader 2 is configured separately from the image forming apparatus 1, but may be built in the image forming apparatus 1. The mobile device 3 is a communication device such as a general mobile phone that each user carries and moves. The base station system 4 is composed of a plurality of base stations for wireless communication that can communicate with the mobile device 3 and acquire its position information.

As shown in FIG. 1, the image forming apparatus 1 has a ROM 12 and a DR 12 for a CPU 11 which controls the entire operation.
The AM 13, NV-RAM 14, I / O input / output 15, card reader I / F 17, and short-range wireless communication I / F 18 are connected. The ROM 12 is a storage device that stores programs and data that describe the control procedure of the image forming apparatus 1. The DRAM 13 is a volatile storage device used for temporary storage of image forming conditions such as magnification, density, and double-sided copy relating to image forming processing, and as a working area. The NV-RAM 14 is a non-volatile storage device that stores various settings related to image forming processing.

An operation panel 16 is connected to the I / O input / output 15. The operation panel 16 includes various key switches and a liquid crystal display device. As various key switches, a copy button for designating the start of the image forming process and a numeric keypad for inputting numerical values are provided. Further, the liquid crystal display device displays various messages to the user as necessary, or displays soft keys for inputting various settings such as paper size, print density, scaling, and paper ejection mode. It is for the purpose. The card reader I / F 17 is connected to the external card reader 2 and communicates with the card reader 2. Short-range wireless communication I / F
Reference numeral 18 is a device that transmits and receives radio waves to perform short-distance wireless communication. The short-range wireless communication I / F 18 can communicate with the short-range wireless communication I / F of another nearby device.

The card reader 2 is a device for reading a card inserted by a user and obtaining identification information such as a user ID. When a card is inserted into the card reader 2 in front of and behind the card insertion slot, the card is physically turned off.
An N switch is provided so that the insertion state of the card can be detected. The card reader 2 also includes a liquid crystal display device for notifying a user of a card reading error or the like.

The mobile device 3 has a CPU 3 that controls the entire operation.
ROM 32, DRAM 33, NV-RAM for 1
34, short-range wireless communication I / F 35, wireless communication I / F 36
Are connected. ROM 32, DRAM 33, NV-
The RAM 34 includes the ROM 12 of the image forming apparatus 1,
Although the device is almost the same as the DRAM 13 and the NV-RAM 14, data for communication is stored instead of data for image formation. Further, the short-range wireless communication I / F 35 can communicate with the short-range wireless communication I / F 18 of the image forming apparatus 1 when the mobile device 3 is near the image forming apparatus 1. In addition, here, although a calling device such as a mobile phone is used as the mobile device 3, a wireless communication I / F 3 for calling is used.
6 is provided separately from the short-range wireless communication I / F 35. Therefore, even if communication is performed by the short-range wireless communication I / F 35, the call state is not affected, and short-range communication by the short-range wireless communication I / F 35 is possible even during a call. Further, the wireless communication I / F 36 can communicate with the base station system 4 for calling.

By the way, in the case of a mobile phone or a simplified mobile phone, each mobile terminal is given a unique identification number for distinguishing it from other terminals and stored in the NV-RAM 34. The format of this identification number is standardized. As an example of this identification number, FIG. 2 shows the format of MSI (Mobile Station Identifier) which is the identification number of the mobile phone. FIG. 3 shows the format of the dedicated cell channel (SCCH) in the control physical slot of the logical control channel (LCCH) of the simplified mobile phone. These identification numbers are uniquely assigned to each terminal by the National Land Radio Association. The mobile device 3 is
When the polling command is received from the outside via the short-range wireless communication I / F 35, this MSI or SCCH is transmitted.

Next, the authentication operation of this system will be described. A user who is permitted to use the image forming apparatus 1 is assigned a different user ID for each individual, and a card in which the user ID is recorded is distributed. Here, the card is, for example, an employee name card or a registration card registered in the facility. This card corresponds to the medium, and the user ID recorded on the card corresponds to the identification information.

Further, the identification number of the portable device 3 personally owned by the user is investigated and registered in the system in association with the user ID. Therefore, a user permission table is created by associating the user ID of the user authorized to use with the identification number of the portable device 3 of the user.
-Store in RAM 14. Table 1 shows an example of the usage permission table.

[0021]

[Table 1]

When using the image forming apparatus 1, the user first inserts his or her card into the card reader 2. When the card is inserted, the card reader 2 automatically reads the user ID, which is the content of the card, and sends it to the image forming apparatus 1. Image forming apparatus 1 that has received the user ID
Sends a polling command via the short-range wireless communication I / F 18. Upon receiving the polling command, the mobile device 3 automatically returns the identification number. Image forming apparatus 1
Receives the identification number returned from the mobile device 3 by the short-range wireless communication I / F 18. Here, the information indicating that the owner of the mobile device 3 is near by the identification number returned from the mobile device 3 corresponds to the position information. By the way, the mobile device 3 acquires the current position information at any time by communicating with the base station system 4 or the GPS system via the wireless communication I / F 36. Therefore, if the position information obtained by this method is also used in addition to the above position information, higher-level authentication is possible.

Next, the image forming apparatus 1 checks the use permission table to see if the user ID of the card is registered. This makes it possible to confirm whether or not the card belongs to a user who is permitted to use the image forming apparatus 1. If the user does not belong to the authorized user, the authentication becomes impossible and the use of the image forming apparatus 1 is not permitted.
Authentication by this card corresponds to the first authentication means.

Further, the image forming apparatus 1 refers to the use permission table and checks whether the identification number returned from the portable device 3 is the identification number corresponding to the user ID. As a result, it is possible to confirm whether the user who owns the mobile device 3 corresponding to the user ID of the card is within the short distance range of the image forming apparatus 1. Authentication by associating the identification number of the mobile device 3 with the user ID is the second
It corresponds to the authentication means.

Then, when the user ID of the card and the identification number are associated and both are registered in the use permission table, the use of the image forming apparatus 1 is permitted. Even if it is a registered card, if the corresponding identification number cannot be received, it indicates that the user's mobile device 3 is not nearby, and the system does not allow the user to use the image forming apparatus 1. . Therefore, by confirming the possession of the card and the portable device 3 at the same time, it is possible to prevent the use of spoofing due to the theft of the card or the like, and the system has an extremely high security compared with the authentication using only the card.

Next, the control of the authentication processing by this system will be explained based on the flow charts of FIGS. Each flowchart shows the processing in the image forming apparatus 1, the card reader 2, and the mobile device 3, respectively. These processes are executed in parallel, and the processes are continued by sending and receiving data to and from each other.

First, the processing in the image forming apparatus 1 will be described with reference to FIG.
A description will be given based on the flowchart. Image forming apparatus 1
The process starts when the power is turned on.
Initialization such as M13 clearing and standard mode setting is performed (S101). After that, the CPU 1 of the image forming apparatus 1
1 waits until the card reader I / F 17 receives the notification of the user ID from the card reader 2 (S10).
3).

When the user ID is notified from the card reader 2 (S103: Yes), the CPU 11 causes the NV-RA
It is determined whether or not the user ID is registered by referring to the use permission ID table stored in M14 (S105). The notified user ID is the usage permission ID
If not registered in the table (S105: N
o), the CPU 11 displays a message indicating that the image forming apparatus 1 cannot be used on the liquid crystal display device of the operation panel 16 (S121). After that, the process waits until a card removal notice is sent from the card reader 2 (S123), and when a card removal notice is sent (S123: Yes), S103.
Return to. Then, it waits until the user ID is notified from the card reader 2 again (S103).

Alternatively, when the user ID notified from the card reader 2 is registered in the use permission ID table (S105: Yes), the CPU 11 sends a polling command via the short-range wireless communication I / F 18. (S107). Then, it waits for a response from the mobile device 3 in the short distance range (S109).

If there is no response from the portable device 3 or if the received identification number is different from the number corresponding to the user ID (S109: No), authentication is not possible and the CPU 11 of the operation panel 16 For liquid crystal display devices,
A message indicating that the image forming apparatus 1 cannot be used is displayed (S121). After that, the process waits until a card removal notification is sent from the card reader 2 (S123), and when a card removal notification is sent (S123: Yes), the process returns to S103.

Alternatively, when the identification number returned from the portable device 3 is the number corresponding to the user ID (S10)
9: Yes), the CPU 11 sets to permit the use of the image forming apparatus 1 (S111). After that, is there a card removal notice from the card reader 2 (S113: Ye
s) Is the start button pressed by the user (S
115: Yes). If there is no card removal notification from the card reader 2 (S113: No) and the start button is pressed by the user (S11).
5: Yes), image forming processing such as copying is performed (S11).
7). After the processing, the process waits again until a card removal notification is given from the card reader 2 (S113: Yes) or the start button is pressed by the user (S115: Yes).

When there is a card removal notification from the card reader 2 (S113: Yes), the use by this user is terminated and the use prohibition setting is performed (S119). Then, it waits for a new notification of the user ID from the card reader 2 (S103). The image forming apparatus 1 repeats the above processing until the power is turned off.

Next, the processing in the card reader 2 is shown in FIG.
A description will be given based on the flowchart. Card reader 2
When the power is turned on, the processing is started, and first, the initial setting is performed (S201). Then, it waits until the card is inserted by the user (S203).

When the card is inserted by the user (S
203: Yes), the card reader 2 reads the user ID from the card (S205). And user I
It is determined whether the reading of D has succeeded (S20).
7). If the card cannot be read (S207: No), such as when the card is of a different type or the card information is damaged, an error message is displayed on the liquid crystal display device of the card reader 2 (S221). As it is,
It waits until the card is removed (S223), and when the card is removed (S223: Yes), waits until the card is inserted again (S203).

Alternatively, when the reading of the user ID from the card is successful (S207: Yes), the read user ID is transmitted to the image forming apparatus 1 (S209).
This transmission becomes the user ID notification shown in S103 of FIG. After that, the card reader 2 waits until the card is removed (S211). When the card is removed (S211: Yes), a card removal notification is transmitted to the image forming apparatus 1 (S213). This transmission is S in FIG.
This is the card removal notification shown in 113 or S123. After transmitting the card removal notice, the card reader 2 waits until the next card is inserted (S20).
3). The card reader 2 repeats the above processing until the power is turned off.

Next, the processing in the mobile device 3 will be described with reference to the flowchart of FIG. The mobile device 3 starts the process when the power is turned on, and first, the initial setting is performed (S301). Then, it is determined whether a polling command has been received (S303). If the polling command has not been received (S303: No), other processing as a mobile device such as call processing is performed (S311).
Alternatively, when a polling command is received (S30
3: Yes), the identification number is transmitted as a response (S30)
5). The mobile device 3 repeats the above processing until the power is turned off.

Next, a second embodiment of the present invention will be described in detail with reference to the accompanying drawings.

The system according to this embodiment is configured as shown in FIG. That is, this system is a base station system capable of wireless communication with the image forming apparatus 1 corresponding to the first terminal, the card reader capable of communicating with the image forming apparatus 1, the portable device 3 corresponding to the second terminal 3, and the portable device 3. 4, each device of the server device 5 that can communicate with the image forming device 1 is provided. The image forming apparatus 1, the card reader 2, the mobile device 3, and the base station system 4 are the same as those in the first embodiment. The server device 5 is a general device having a CPU, a storage device, and the like. The image forming apparatus 1 can communicate with the server device 5 via the communication I / F 19.

In the present embodiment, the device to be permitted / not permitted to use is the image forming device 1, and the authentication process is performed by the server device 5. Further, the use permission table stored in the NV-RAM 14 of the image forming apparatus 1 in the first embodiment is stored in the storage device of the server device 5.

In this embodiment, the image forming apparatus 1 transmits the user ID acquired from the card reader 2 to the server device 5. Upon receiving the user ID from the image forming apparatus 1, the server apparatus 5 checks whether the user ID is registered in the use permission table. This procedure corresponds to the first authentication means. Further, the server device 5 communicates with the base station system 4, acquires the position of the mobile device 3 having the identification number corresponding to the user ID, and checks whether the mobile device 3 is in the vicinity of the image forming device 1. To do. This procedure corresponds to the second authentication means. Then, if the authentication results of the first and second authenticating means are good, the server device 5 permits the user to use the image forming apparatus 1.

As described in detail above, in the first and second embodiments, the image forming device 1 or the server device 5 is used.
Is the user ID read by the card reader 2 from the card
And wirelessly communicate with the mobile device 3 to obtain the identification number of the mobile device 3. And the user ID of the card
When the identification number of the mobile device 3 and the identification number of the mobile device 3 are both registered in the use permission table, the use of the image forming apparatus 1 is permitted. Therefore, compared to the authentication using only the card, the security is very high. On the other hand, unlike the biometric information, an expensive system that requires time for registration and authentication is not required, and thus a system with good usability is realized.

The first and second embodiments are merely examples and do not limit the present invention. Therefore, naturally, the present invention can be variously improved and modified without departing from the gist thereof. For example, the electronic device whose use is permitted / not permitted is not limited to the image forming apparatus. In addition, in the second embodiment, the server device 5
May perform only authentication, and determination of permission / non-permission may be performed by the image forming apparatus 1. Further, in the second embodiment, the short-distance wireless communication part by sending the polling command is omitted, but it may be sent from the image forming apparatus 1 or from the base station system 4 via the server device 5. You may allow it.

[0043]

As is apparent from the above description, according to the present invention, there is provided an authentication system, a server device and an electronic device which have high security and are easy to use.

[Brief description of drawings]

FIG. 1 is a block configuration diagram of an authentication system according to a first embodiment.

FIG. 2 is a data configuration diagram showing a format of an identification number of a mobile phone.

FIG. 3 is a data configuration diagram showing a format of an identification number of a simplified mobile phone.

FIG. 4 is a flowchart showing processing by the image forming apparatus in the authentication processing.

FIG. 5 is a flowchart showing processing by a card reader in the authentication processing.

FIG. 6 is a flowchart showing a process performed by a mobile device in an authentication process.

FIG. 7 is a block configuration diagram of an authentication system according to a second embodiment.

[Explanation of symbols]

1 Image forming device 2 card reader 3 mobile devices 4 base station system 5 Server device 11 CPU 14 NV-RAM 18 Short-range wireless communication I / F 19 Communication I / F 31 CPU 34 NV-RAM 35 Short-range wireless communication I / F 36 Wireless communication I / F

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ identification code FI theme code (reference) H04Q 7/38 H04L 9/00 673E (72) Inventor Kenichi Matsumoto 2-3-3 Azuchi-cho, Chuo-ku, Osaka-shi No. 13 Osaka International Building Minolta Co., Ltd. (72) Inventor Kazuhiro Araki 2-3-3 Azuchi-cho, Chuo-ku, Osaka F-Term (inside) Osaka International Building Minolta Co., Ltd. 5B058 CA01 CA31 KA02 KA33 YA20 5B085 AE02 AE03 AE04 AE12 BA06 BG02 BG07 5J104 AA07 DA01 KA01 KA20 NA35 PA02 5K067 AA30 BB04 DD17 DD20 EE02 EE16 HH22 JJ52

Claims (5)

[Claims] 1. An authentication system comprising: a first terminal that obtains identification information from a recording medium; and a server device that can communicate with the first terminal and obtain position information from a second terminal. A first authenticating means for authenticating with the identification information acquired from one terminal; a second authenticating means for authenticating with the positional information acquired from the second terminal; and an authentication result of the first authenticating means and the second authenticating means. An authentication system comprising: a permitting unit that permits the use of the first terminal when both are good. 2. The authentication system according to claim 1, wherein the first terminal is an image forming apparatus, and an ID card on which user identification information is recorded is used as a recording medium. 3. The authentication system according to claim 1, wherein a mobile terminal that acquires position information by communicating with the outside is used as the second terminal. 4. A server device capable of communicating with a first terminal that obtains identification information from a recording medium and obtaining position information from a second terminal, wherein authentication is performed using the identification information obtained from the first terminal. The use of the first terminal is permitted when the authentication means, the second authentication means for performing authentication based on the position information acquired from the second terminal, and the authentication results of the first authentication means and the second authentication means are both good. A server device having a permission unit for performing the operation. 5. An electronic device, which obtains identification information from a recording medium and also obtains position information from an external terminal, obtains from a first authenticating means for performing authentication by the identification information obtained from the recording medium and from a second terminal. An electronic device comprising: a second authenticating unit that performs authentication based on position information; and a permitting unit that permits the use when the authentication results of the first authenticating unit and the second authenticating unit are both good.