JP2004157845A - Authentication system in maintenance - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication system in carrying out maintenance capable of switching a device to a maintenance mode without providing any recoding media in emergency even though maintenance authentication is basically carried out by using the recording media in which a password is recorded. <P>SOLUTION: This authentication system in carrying out maintenance is provided with an authenticating part 32 for issuing authentication confirmation when received data for authentication are valid, a maintenance program starting part 35 for starting a maintenance program on the basis of the issue of authentication confirmation and an authentication data acquisition part 31 having a function for acquiring a basic password from portable recording media set in a media reader and a function for acquiring a one-time password inputted through data input devices 18 and 19. The authentication data acquisition part transfers either the basic password or the one-time password as the data for authentication to the authenticating part. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a maintenance-time authentication system for performing authentication performed on a device side when maintenance of the device is performed by a serviceman or the like, an authentication unit that issues an authentication confirmation when received authentication data is valid, A maintenance program starting unit that starts the maintenance program based on the issuance of the confirmation is provided.
[0002]
[Prior art]
In particular, periodic or non-periodic maintenance work is required for devices that involve control operations.To simplify this maintenance work, the device is equipped with a maintenance mode that can display the status of various sensors and the like. This maintenance mode is realized by driving a maintenance program. Since various control parameters can be adjusted in such a maintenance mode, it is necessary to avoid unnecessary or illegal entry into such a maintenance mode.
[0003]
In one of the conventional authentication systems at the time of maintenance, a maintenance start password is input by operating a dial button on a specific guidance screen, and when the input password matches the password read from the recording unit, the apparatus starts a maintenance operation. It switches (for example, refer to Patent Document 1).
[0004]
The use of password authentication makes it impossible for anyone who does not know the password to put the device into maintenance mode, but in order to improve the confidentiality of the password, it is necessary to use a long and hard to imagine the password. In addition, inputting such a password for each maintenance operation imposes a considerable burden. Also, if the password is leaked, a third party who knows the password can illegally switch the device to the maintenance mode.
[0005]
In a business field such as a network service, as an authentication system for distinguishing a registrant from a non-registrant, user information for authentication such as a user ID and a password is recorded in a recording medium such as a floppy disk in advance, and the recorded information is recorded. There is known a technique in which when a medium is set in an apparatus, the apparatus automatically reads out user information (authentication information) from a recording medium and performs an authentication operation (for example, see Patent Document 2). This saves the user from having to memorize the user ID and password and inputting them.
[0006]
In order to prevent unauthorized access to the maintenance mode with higher reliability, authentication is performed using both the password entered from the keyboard and the password recorded on the magneto-optical disk. There is an authentication system during maintenance in which the maintenance program is executed as long as the authentication is recorded and the authentication confirmation is recorded in the license file (for example, see Patent Document 3).
[0007]
[Patent Document 1]
JP-A-09-116644 (paragraphs 0005, 0010, FIG. 3)
[0008]
[Patent Document 2]
JP-A-2000-057098 (paragraphs 0012 and 0024, FIG. 5)
[0009]
[Patent Document 3]
JP 2000-311085 A (paragraph number 0021, FIG. 3)
[0010]
[Problems to be solved by the invention]
In any case, recording the password on a recording medium such as a floppy disk and eliminating the trouble of entering the password using a keyboard or the like contributes to simplifying frequent maintenance work. However, in cases such as when a service person performs maintenance work while patroling devices scattered in various places, if the user forgets to carry the recording medium on which the password is recorded, the maintenance work cannot be performed, and the service will be required to retrieve the recording medium again. I have to return to the center. Further, in an emergency, it is expected that a service person without such a recording medium will go to the device site for maintenance, but in such a case, there is a disadvantage that only the recording medium must be separately delivered.
[0011]
In view of the above situation, an object of the present invention is to perform maintenance authentication basically using a recording medium on which a password is recorded, but to be able to switch the apparatus to the maintenance mode even in the case of emergency without such a recording medium. Is to provide an authentication system.
[0012]
[Means for Solving the Problems]
In order to solve the above problem, the present invention includes an authentication unit that issues an authentication confirmation when received authentication data is valid, and a maintenance program activation unit that activates a maintenance program based on the issuance of the authentication confirmation. The maintenance authentication system further includes an authentication data obtaining unit having a function of obtaining a basic password from a portable recording medium set in a media reader and a function of obtaining a one-time password input through a data input device. The authentication data acquisition unit transfers one of the basic password and the one-time password to the authentication unit as the authentication data.
[0013]
In the maintenance authentication system with this configuration, the basic password read from the recording medium for authentication is usually used as input data for authentication. However, in an emergency such as when a service person forgets the recording medium for authentication, the basic password is used. Alternatively, a one-time password input through a data input device can be used. This one-time password is also called a "one-time password", and can be used only once for authentication, or for a very short period of time, or both, and if it is used, Even if it is known to a third party, it is virtually impossible to use the password, so that high security can be obtained.
[0014]
It is convenient to employ a key matrix such as a keyboard attached to many control devices as the data input device, in which case, the one-time password is obtained by using a keyboard by a maintenance technician such as a serviceman. Although the input is performed, the one-time password itself uses a dedicated device or a password calculated by a predetermined algorithm.
[0015]
As a preferable one-time password that can be easily created at a maintenance site, a numerical value that can be calculated as a function value of current date and time data and specific numerical data is proposed as the one-time password. In this case, the function that derives such a one-time password is stored in a scientific calculator or the like, or a simple function is stored by a service person, and the numerical value corresponding to the date and time at that time and a specific value are stored. By substituting a numerical value, a numerical value to be a one-time password can be obtained.
[0016]
Further, at this time, if the specific numerical data is set to a numerical value based on an ID number assigned to a service person in advance, not only the advantage that the specific numerical value is easy to remember but also a service person who performs maintenance from the one-time password. Can also be specified.
[0017]
Further, as a preferred embodiment of the present invention, when a device to be maintained has a network communication function, a data communication unit that receives a one-time password transmitted through a network is adopted as the data input device. Is also possible. In this case, the service person who did not carry the recording medium on which the basic password was recorded will contact the service center or the like by telephone and have the one-time password transmitted to the device via a network such as the Internet. Since the transmitted password is a one-time password, even if the password is intercepted by a third party, there is substantially no security problem.
[0018]
As described above, in the authentication system for maintenance according to the present invention, in addition to the authentication process performed by reading the basic password from the portable recording medium, an authentication process using a one-time password is prepared. Even if the user forgets the portable recording medium on which the basic password is recorded, the device can be switched to the maintenance mode.
Other features and advantages according to the present invention will become apparent from the following description of embodiments with reference to the drawings.
[0019]
BEST MODE FOR CARRYING OUT THE INVENTION
FIG. 1 is an external view of a photographic printing apparatus incorporating a maintenance authentication system according to the present invention. This photographic printing apparatus exposes and develops a silver halide photographic paper P (hereinafter referred to as photographic paper P). And a control station 1A that performs setting and maintenance of each function of the print station 1B and generation and transfer of print data used in the print station 1B. .
[0020]
This photographic printing apparatus is also called a digital minilab. As can be clearly understood from FIG. 2, the printing station 1B transports the rolled photographic paper P stored in two photographic paper magazines 11 into the station 1B. The printing paper P thus cut is exposed to light by an exposure engine 12 as a print engine, and the photographic printing paper P thus exposed is subjected to development using a plurality of developing tanks. It is sent to the processing unit 13 and developed. The photographic papers P, that is, the photographic prints P sent from the horizontal conveyor 14a at the upper portion of the apparatus to the sorter 14b after the drying are stacked on the plurality of trays of the sorter 14b in an order unit.
[0021]
The exposure engine 12 irradiates the photographic paper P with light rays of three primary colors of R (red), G (green) and B (blue) while sending the photographic paper P based on the print data sent from the operation station 1A. During exposure, the photographic paper P is conveyed in the sub-scanning direction, and is exposed in a line along the main scanning direction in synchronization with the conveying speed. In addition, as the exposure head, a laser beam system, a fluorescent beam system, a liquid crystal shutter system, a DMD system, or the like can be employed according to the exposure specification. Here, the laser beam system is employed. The developing section 13 has a transport system having a number of pressure rollers (not shown) so as to continuously send the exposed photographic paper P to a plurality of developing tanks.
[0022]
The operation station 1A includes a film scanner 2 for obtaining photographed image data from the photographic film F at a position above the desk-shaped console, and a monitor 16 for displaying various information. Further, on the operation table, a keyboard 18 used for performing various settings and adjustments for the photo printing apparatus, a mouse attached to the keyboard 18, and the like are arranged.
[0023]
Below this operation table, a general-purpose computer functioning as a controller 4 that processes image data read from the photographic film F through the film scanner 2, generates print data, and performs various settings and adjustments for the print station 1B ( (Hereinafter simply referred to as a personal computer). The controller 4 includes a memory card reader for acquiring photographed image data from semiconductor media such as smart media and compact flash used as a photographed image memory of a digital camera, and a floppy disk functioning as a hardware key for maintenance access described later. It has a floppy drive for reading. Since a semiconductor medium can be used as a hardware key for maintenance access, FIG. 17 is given here without distinguishing between a semiconductor media reader and a floppy drive. Is used. Further, the controller 4 is also equipped with a data communication unit 19 for receiving data transmitted using a communication line such as the Internet or a dedicated line.
[0024]
As shown schematically in FIG. 2, the film scanner 2 includes a light source 20 located above the film transport line and a slit 21 extending below and perpendicular to the film transport line. An optical lens 22 located below and a CCD sensor unit 23 for photoelectrically converting the transmitted light of the film F formed by the optical lens 22 are provided. The sensor unit 23 is connected to an image input board mounted on a personal computer, and the digital image data converted by the sensor unit 23 is sent to the memory of the controller 4 via the image input board.
[0025]
The controller 4 of the photographic printing apparatus is substantially a personal computer, and a functional unit for performing various operations of the photographic printing apparatus is constructed by hardware and / or software using the CPU as a core member. As shown in FIG. 3, as the functional units particularly related to the present invention, various photo retouching processes such as color tone correction, filtering (blur, sharpness, etc.) and trimming are performed in a user-friendly user interface environment. The image processing unit 41 performs a photo retouching process on the image data that has been subjected to the photo retouching process in order to match the color represented by the image data with the color of the photo print P output by the photo printing device, using a lookup table. A gradation correction unit 42 for performing various corrections, A print data generating unit 43 for converting print data into a print data having a format suitable for the exposure engine 12 of the lint station 1B; a print information managing unit 44 for allocating print information such as a print size and the number of prints to the generated print data; A video control unit 46 for displaying image data generated by the graphic interface for various processes in the photo printing device on the monitor 16 and a maintenance work execution unit 30 for monitoring and executing various processes during maintenance work of the photo printing device. No.
[0026]
The maintenance work execution unit 30 plays a central role in the authentication system at the time of maintenance according to the present invention. The maintenance work execution unit 30 is substantially a program that operates on an OS program of a personal computer as the controller 4, such as a floppy disk set in the media reader 17. Authentication data acquisition having a function of acquiring a basic password from a portable recording medium such as a portable semiconductor memory, and a function of acquiring a one-time password entered from a keyboard or a one-time password transmitted via the data communication unit 19. Unit 31, an authentication unit 32 that determines whether the basic password or the one-time password received as authentication data from the authentication data acquisition unit 31 is valid, and a one-time password used when the authentication unit 32 determines that the one-time password is valid. Raw A unit 33, a basic password file 34 used when the validity of the basic password is determined by the authentication unit 32, a maintenance program starting unit 35 for starting the maintenance program based on the authentication confirmation of the input password by the authentication unit 32, and permission to switch to the maintenance mode. It comprises a maintenance history recording unit 36 for managing the password and the log file at the time of maintenance work.
[0027]
In addition to the OS program of the personal computer as the controller 4, programs and maintenance programs used for creating the above-described functions, and the above-mentioned maintenance operation log file are stored in the hard disk 15.
[0028]
The controller 4 having such various functions cooperates with the controller on the print station 1B side to control the exposure engine 12 and the development processing unit 13 to produce the photographic print P. The state of the control sensor can also be checked from the controller 4. Examples of such a sensor include a temperature sensor and a liquid level sensor provided in the developing tank of the developing unit 13, a sensor for detecting the rotation amount of a replenishing pump for the developing solution, and three colors of RGB of the exposure engine 12. Examples include a photometric sensor for checking the amount of light, a sensor for detecting paper jam, and the like.
[0029]
In order to stably produce high-quality photographic prints P using such a photographic printing apparatus, it is necessary to switch the apparatus to a maintenance mode and perform regular or irregular maintenance work. For example, during maintenance work, if it is determined that the temperature data of the developing solution is too high and high-quality printing cannot be performed, internal data (such as the heater control temperature, etc.) must be adjusted so that the developing solution temperature is appropriate. ) Is changed and rewritten or the sensor is adjusted. As described above, specialized knowledge is required for the maintenance work, and if a person with little knowledge performs maintenance, the condition of the apparatus may be deteriorated. Also, if the user enters the maintenance mode carelessly and performs an erroneous operation, the normally operating device may suddenly malfunction.
[0030]
Therefore, in order to switch the apparatus to the maintenance mode, authentication is performed using a floppy disk or the like containing a basic password assigned to a specific service person or the like. However, this device is equipped with a configuration that allows a service person who forgets such a floppy disk for authentication or a person who does not own it to perform alternative authentication and switch the device to maintenance mode. Have been.
[0031]
Hereinafter, the authentication technique at the time of maintenance employed in the photo printing apparatus will be described with reference to an authentication process flowchart of FIG.
To perform maintenance work on the photo printing apparatus, the maintenance mode is switched to the maintenance mode by clicking a maintenance mode button with a mouse on the start screen displayed on the monitor 16 or by performing a specific key operation through the keyboard 18. Indicate the request.
[0032]
The authentication routine starts based on the request for switching to the maintenance mode. First, it is checked whether a floppy disk is mounted (# 01). Normally, when starting the maintenance, the floppy disk recording the basic password as the authentication data is to be inserted into the media drive 17, so the Yes branch in step # 01 and the further mounting is performed. A check of the volume name of the floppy disk (# 02) and a check of the file name (# 03) are performed. If the disk is a regular floppy disk, the basic password is read from the floppy disk after passing these checks (# 04). If the basic password has been subjected to a confidential process such as encryption, the authentication data acquisition unit 31 performs the decryption process, and the acquired basic password is sent to the authentication unit 32 for authentication. The authentication of the basic password in the authentication unit 32 is performed by checking whether the input basic password matches a password recorded in the basic password file in advance (# 05). When the collation is confirmed as OK (Yes branch in # 06), when the maintenance work is started by the maintenance history recording unit 36, the maintenance history file is opened, and the maintenance ID corresponding to the used basic password is written. Then, preparations are made to record a log of the maintenance work to be performed (# 07). When the authentication is confirmed by the authentication unit 32, a command to start the maintenance program is issued from the authentication unit 32 to the maintenance program starting unit 35, the maintenance program is started, and the maintenance work according to the guidance screen displayed on the monitor 16 is performed. It starts (# 08). At this time, if the key floppy disk as a hardware key to be carried according to the user level, that is, the basic password recorded therein is different, an access level code is assigned according to the type of the basic password, and the access level code is assigned. It is also possible to configure so that an item of the maintenance work that is passed as an argument when the maintenance program is started and that is actually performed according to the level code is partially inaccessible.
[0033]
If the floppy disk inserted into the media drive 17 is not an authorized floppy disk, the branch is made to No at any of the above-described steps # 02, # 03, and # 06, and the monitor 16 displays "this floppy disk is Error processing such as displaying an error message such as "Cannot be used as a key disk"(# 09), and returns to the beginning of the authentication routine.
[0034]
When a service person or an operator performs maintenance work without carrying a floppy disk as a key disk, it takes more time than using a floppy disk, but this can be done by two different recognition methods. One is to enter a one-time password through the keyboard 18. In general, a one-time password is a password that can be used only once and is generated based on the time and the counter value in the computer, and a computer that has an algorithm for calculating such a one-time password is required for the one-time password input side. Must have. For this reason, a program for executing such an algorithm is registered in a PDA or the like, and a one-time password is created when necessary and input from the keyboard 18.
[0035]
In order to eliminate the need for carrying such a PDA, the preferred embodiment of the present invention proposes an algorithm that can calculate a one-time password by a very simple calculation, that is, a calculation that does not require a computer. The algorithm consists of three steps:
(1) Connect the current year, month, day, and number, and turn the digits upside down.
(2) dividing the number obtained in (1) by a specific number, for example, “1234”;
(3) A numerical value from the first to fourth decimal places of the result of the division in (2) is used as a one-time password.
For example, on March 20, 2002,
"20020320" is converted to "2302002"
Divide 2302002 by 1234,
When 1865.4797 is calculated,
“4797” is the current one-time password.
[0036]
By making the specific numerical value “1234” used in the above-mentioned algorithm different according to the user level accessing the authentication system at the time of maintenance, for example, the ID number of the serviceman or the four-digit number of the ID number By using a numerical value or the like, it is possible to specify the user level from the input one-time password.
[0037]
The one-time password thus obtained is input through the keyboard 18. Returning to the flowchart of FIG. 4, the key input is checked when the floppy disk is not mounted (# 10). If the one-time password is input (# 10 Yes branch), the authentication data acquisition unit 31 Thus, a predetermined input key signal sequence is extracted (# 11), and the input one-time password is obtained by code conversion (# 12). In order to check whether the input one-time password is correct, the device also needs a one-time password created using the same algorithm. A password is generated (# 13). The recognizing unit 32 collates the one-time password input by the key with the one-time password generated on the device side (# 14). If the two one-time passwords match, the authentication is confirmed (# 14 Yes branch), and the routine proceeds to the above-described step # 07 to start the maintenance work.
[0038]
Even in this case, if the specific numerical value used in the algorithm is determined by the user level as described above, the user level can be grasped by the verified one-time password, which is used as an argument when starting the maintenance program. It is also possible to configure so that the items of the maintenance work that is passed and actually performed according to the level code become partially inaccessible.
[0039]
If the one-time password entered by the key and the one-time password generated on the device side do not match and cannot be verified (No in # 14), an error message such as “The input one-time password is not available” is displayed on the monitor 16. Error processing such as (# 15), and returns to the beginning of the authentication routine.
[0040]
Another prescription when a serviceman or operator performs maintenance work without carrying a floppy disk as a key disk is a one-time password from a maintenance center such as a service center via a network. This is to be sent to a printing device. Request the transmission of a one-time password to the service center in some way. At this time, the serial number of the photo printing device is transmitted at the same time, and the four digits of this serial number are used as the specific numerical value of the algorithm described above. The one-time password unique to the photo printing device can be used.
[0041]
If the floppy disk has not been mounted and no key input has been made (# 01 No branch and # 10 No branch), it is checked whether a one-time password has been received (# 16). If the time password has been received through the data communication unit 19 (# 16 Yes branch), the authentication data acquisition unit 31 extracts a necessary data string from the received data (# 17), and jumps to step # 12 described above to perform code conversion. To create an input one-time password. After that, the procedure is as described above.
[0042]
If the floppy disk is not mounted and neither the key input nor the data communication input is performed (# 01 No branch, # 10 No branch and # 16 No branch), is the maintenance request canceled by a button click operation on the monitor screen or the like? It is checked whether it is (# 18), and if it is canceled, this authentication routine is returned.
[0043]
In the above embodiment, a service person who has forgotten the authentication floppy disk or the like or a person who does not own it can switch the device to the maintenance mode by performing alternative authentication. In the above description, two methods of key input and data communication input can be used. However, either one of them may be used, or a configuration in which a one-time password is input through some other data input device may be adopted. Is possible within the framework of
[0044]
Furthermore, incorporating the authentication system at the time of maintenance according to the present invention is not limited to the photographic printing apparatus taken up in the description of the above embodiment, but also all the apparatuses incorporating the authentication system when shifting the control mode to a special operation such as maintenance. Applicable to
[Brief description of the drawings]
FIG. 1 is an external view of a photographic printing apparatus incorporating a maintenance authentication system according to the present invention.
FIG. 2 is a schematic diagram of the photographic printing device according to FIG. 1;
FIG. 3 is a functional block diagram showing main functions related to the present invention, which are built in a controller incorporated in the photo printing apparatus.
FIG. 4 is a flowchart showing an authentication process based on the maintenance authentication system according to the present invention.
FIG. 5 is a schematic diagram showing a flow of authentication data during an authentication process.
[Explanation of symbols]
1A Operation station
1B print station
2 Film scanner
4 Controller (PC)
12 Exposure engine
17 Media Reader
18 Keyboard (data input device)
19 Data communication unit (data input device)
30 Maintenance work execution unit
31 Authentication Data Acquisition Unit
32 Authentication Department
33 One-time password generator
34 Basic Password File
35 Maintenance program starter
36 Maintenance history recording section
41 Image processing unit
42 Gradation correction unit

Claims (5)

An authentication unit that issues an authentication check when the received authentication data is valid, and a maintenance authentication system including a maintenance program starting unit that starts a maintenance program based on the issuance of the authentication check,
An authentication data obtaining unit having a function of obtaining a basic password from a portable recording medium set in a media reader and a function of obtaining a one-time password input through a data input device is provided, and the authentication data obtaining unit is An authentication system during maintenance, wherein one of a basic password and the one-time password is transferred to the authentication unit as the authentication data. The maintenance authentication system according to claim 1, wherein a keyboard is included as the data input device. The maintenance authentication system according to claim 1 or 2, wherein the data input device includes a data communication unit that receives a one-time password transmitted through a network. The maintenance authentication system according to any one of claims 1 to 3, wherein the one-time password is a numerical value that can be calculated as a function value of current date and time data and specific numerical data. The maintenance-time authentication system according to claim 4, wherein the specific numerical data is a numerical value based on an ID number of a serviceman performing maintenance.

Images