JP2006227761A - Communication equipment - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable communication equipment to be used comfortably while protecting security even when used by a plurality of users by controlling data or the propriety of access to the other terminal according to user setting information. <P>SOLUTION: Communication equipment 0200 authenticates a user by a user authentication part 0203, and controls functions according to the authenticated user. Also, user setting information can be set and managed only by a manager who has a management right. Furthermore, a user who tries to execute the specific function may judge whether or not the execution of the function is restricted. Furthermore, an exclusive control instruction for restricting functions is outputted based on only the user setting information of a user authenticated by use start authentication, and the release of the exclusive control instruction is outputted according to use end authentication. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a communication device.

  Conventionally, in order to prevent access to data stored in a communication apparatus, a method of performing authentication using a password or the like and limiting users has been taken.

An apparatus that divides data and stores it in another area to avoid unauthorized access to the entire data has already been proposed (see Patent Document 1).
JP 2003-223368 A

  However, in the method of limiting users, inconvenience arises when it is desired to share a plurality of people and use one communication device. Further, in the method of dividing the data and storing it in another area, it is difficult to say that it is perfect from the viewpoint of maintaining the confidentiality of the data, and there is a problem that complicated processing is necessary.

  In view of such circumstances, the present invention proposes a communication device that authenticates a user and controls functions according to the authenticated user. Further, only the administrator having the management right may be able to set and manage the user setting information. Furthermore, it may be determined whether a user who intends to execute a specific function is restricted from executing that function.

  Further, when the authentication result is an authentication result indicating that there is no registration information for personal authentication, the administrator may be able to set and manage the unregistered person setting information. In addition, when a special notification is received when it is an authentication result that there is no registration information for personal authentication, communication with a special communication destination may be performed based on the special notification.

  Also, management information for managing user setting information is obtained from the administrator, and based on this management information, the user setting information describing the function control that is being executed according to the authenticated user is changed. You may do that.

  Further, there is a case where a dedicated control command for restricting the function is output based only on the user setting information of the user who has been authenticated by the use start authentication, and the release of the dedicated control command is output by the use end authentication. . In addition, when it is detected that there is a reception from a specific user, a specific message is transmitted to the specific user via the communication unit after the use start authentication and before the use end authentication. can do.

  As described above, the communication device according to any one or two or more of the present inventions can control the availability of access to data and other terminals according to the user setting information. Even when a plurality of persons are used, the communication device can be comfortably used while maintaining security. In addition, if only the administrator who has the management right can set and manage the user setting information, only the administrator who has the management right can rewrite the user setting information, so the security should be maintained. Can do. Furthermore, when determining whether a user who wants to execute a specific function is restricted from executing that function, the function restriction is not set for each individual one by one, but according to a previously distinguished rank. It can be set easily because it can be set.

  In addition, even if the authentication result is an authentication result indicating that there is no registration information for personal authentication, the administrator performs setting management based on the unregistered person setting information or communicates with a special communication destination. Can do. In such a case, it is possible to cope with the case where the user cannot be authenticated because the user is not registered in advance or the hand is injured. In addition, even if the user needs to use a function that is higher than the currently determined authority due to the occurrence of an unforeseen situation, the user setting information can be changed based on the management information. It is beneficial because it is possible.

  Further, when outputting a dedicated control command for restricting the function based only on the user setting information of the user authenticated by the use start authentication, and outputting the release of the dedicated control command by the use end authentication By performing user authentication at the start of use and at the end of use, certain user setting information is applied during that time, so that it is possible to save the trouble of performing user authentication for each access. This is also beneficial because it reduces the processing load on the communication device. In addition, security can be maintained by excluding use by a specific user for a certain period.

  In addition, when it is detected that there has been reception from a specific user or to a specific user, the communication is made to the specific user after the use start authentication and before the use end authentication. If a specific message can be sent via the department, even if the user is using the communication device, sending a specific message to a call or mail that is sent to another user Yes. Even when a single communication device is used by a plurality of people, there is an advantage that important calls and mails are not missed.

  The best mode for carrying out each invention will be described below. Note that the present invention is not limited to these embodiments, and can be implemented in various modes without departing from the spirit of the present invention.

  The first embodiment will mainly describe claims 1, 2, 3, 11 and the like. The second embodiment will mainly describe claims 4 and 5. The third embodiment will mainly describe claim 6 and the like. The fourth embodiment will mainly describe Claim 7 and the like. The fifth embodiment will mainly describe Claim 8 and the like. The sixth embodiment will mainly describe claim 9 and the like. The seventh embodiment will mainly describe Claim 10 and the like.

  << Embodiment 1 >>

  <Embodiment 1: Overview> Embodiment 1 will be described. The present embodiment is a communication device that authenticates a user and performs function control according to the authenticated user.

  FIG. 1 shows an example of the concept of this embodiment. In the upper part of the figure, the communication apparatus of the present embodiment and the user who uses it are shown. First, the communication device authenticates the user based on the input registration information (1). The communication device identifies the user by inputting a password, fingerprint, iris, or the like by the user. On the other hand, the communication device holds user setting information which is setting information for performing function control according to the authenticated user. The user setting information includes, for example, information indicating that the file “a” can be used by the user A but the file “b” cannot be used, and the user “c” can access the server “c”. The server d corresponds to information indicating that access is not possible. In accordance with such user setting information, the communication device controls the function (2). That is, in the previous user setting information, the user A is permitted to execute the file a and access to the server c, and can execute it. However, the user A can open the file b and access the server d. Is prohibited. Although the case where a personal computer is used as the communication device is illustrated in the figure, the present invention is not limited to this, and a portable terminal device such as a mobile phone can also be used as the communication device.

  <Embodiment 1: Configuration> FIG. 2 shows an example of functional blocks in the present embodiment. The “communication device” (0200) of this embodiment shown in FIG. 2 includes a “data storage unit” (0201), a “communication unit” (0202), a “user authentication unit” (0203), and a “user”. A setting information storage unit "(0204) and a" control unit "(0205).

  Each unit, which is a component of the present invention, is configured by either hardware, software, or both hardware and software. For example, as an example for realizing these, when a computer is used, hardware composed of a CPU, a memory, a bus, an interface, a peripheral device, and the like and software executable on these hardware are listed. be able to. Specifically, the functions of the respective units are realized by sequentially executing the programs developed on the memory, by processing, storing, and outputting data on the memory and data input through the interface. (The same applies throughout this specification.)

  The “communication device” (0200) assumes a device capable of communicating with other devices, and corresponds to a terminal device such as a personal computer connected to a network, a server device, or the like. The communication device may also include a portable terminal device such as a mobile phone or a PDA. Note that a plurality of communication devices are assumed to be shared and used.

  The “data storage unit” (0201) stores a plurality of data. The stored data may correspond to data such as a file created by the user, information related to personal settings of the communication device, and data for user authentication described later. The data storage unit can be realized by a hard disk, a DVD, a semiconductor memory, or the like.

  The “communication unit” (0202) performs processing for enabling access to a plurality of access destinations. This processing includes access processing for communication with an external server device for authentication as will be described later, in addition to access for performing normal communication such as data transmission / reception. May be applicable. The communication unit can be realized by the Internet, a telephone line, or a dedicated line.

  The “user authentication unit” (0203) authenticates the user based on the registration information. “Registration information” is information necessary for user authentication. As a method for authenticating the user, there are methods such as password input and one or a combination of two or more of face recognition, iris recognition, fingerprint recognition, voice recognition, palm vein recognition, etc. Registration information includes information that associates necessary authentication information with a user. User registration information is input and accumulated in advance, and is compared with the data input at the time of authentication to determine the user. The user registration information may be stored in advance in the communication device, or may be stored in an external server device or the like. Further, when the user is identified, it may be determined whether the user has the authority of the administrator. This will be described in the second embodiment. Settings may be made based on each person's data after successful authentication.

  The “user setting information storage unit” (0204) stores user setting information. “User setting information” is setting information for performing function control according to the user authenticated by the user authentication unit (0203). FIG. 3 shows an example of user setting information. When the user setting information includes data usage information that determines which of a plurality of data stored in the data storage unit the user can use, for example, the user A can use the file a. There is information indicating that the file b cannot be used. Further, detailed setting information may be used such that the file a can be browsed but cannot be overwritten. Further, when the user setting information includes accessible information that determines which of a plurality of access destinations the user can access in the communication unit, for example, the user A can access the server c. There is information indicating that the server d is inaccessible. Not only the destination but also the destination may be restricted.

  It is assumed that such user setting information is determined according to the user's affiliation, job title, business scope, and the like. In addition, it may happen that data and access to other terminals are different for each person. Such restrictions may be set for each individual, or may be set according to a rank that is distinguished in advance. The user setting information needs to be managed by an administrator or the like so that the user setting information is not rewritten. This will be described in the second and subsequent embodiments.

  The “control unit” (0205) controls the function according to the setting information in the user setting information storage unit (0204). In the user setting information in the previous example, Mr. User A is allowed to open the file a and access the server c, and can execute it. However, the user A can open the file b and access the server d. Is prohibited. In the control unit, it is identified which function execution instruction is issued, it is determined whether the user is permitted to execute the function, and the execution instruction is output to the interface according to the determination result. Or, control to not output.

  <Embodiment 1: Process Flow> FIG. 4 shows an example of a process flow in the first embodiment. First, the user is authenticated based on the registration information (user authentication step S0401). If the authentication result indicates that there is no registration information for personal authentication, the process ends. The processing in this case will be described in the fourth embodiment. Next, user setting information, which is setting information for performing function control according to the user authenticated in the user authentication step (S0401), is acquired (user setting information acquisition step S0402). It is determined from the user setting information in the user setting information acquisition step (S0402) whether the function to be executed is executable (executability determination step S0403). In the case of the determination result that it is executable, the function is controlled according to the executable instruction (control step S0404). On the other hand, if it is determined that the execution is impossible, the process is terminated.

  The above processing can be executed by a program for causing a computer to execute, and the program can be recorded on a recording medium readable by the computer. (The same applies throughout the specification.)

  <Embodiment 1: Effect> This embodiment is a communication apparatus that authenticates a user and controls functions according to the authenticated user. Even when multiple communication devices are used, data and access to other terminals can be controlled according to user setting information, so the communication device can be used comfortably while maintaining security can do.

  << Embodiment 2 >>

  <Embodiment 2: Overview> Embodiment 2 will be described. The present embodiment is a communication device characterized in that only an administrator having management rights can set and manage user setting information.

  <Embodiment 2: Configuration> FIG. 5 shows an example of functional blocks in the present embodiment. The “communication device” (0500) of this embodiment shown in FIG. 5 includes a “data storage unit” (0501), a “communication unit” (0502), a “user authentication unit” (0503), and a “user”. A “setting information storage unit” (0504), a “control unit” (0505), and a “user setting information management unit” (0506). The user setting information management unit (0506) Management means "(0507).

  The “user setting information management unit” (0506) manages user setting information stored in the user setting information storage unit (0504). Specifically, management of user setting information corresponds to addition, deletion, correction, etc. of user setting information. Since the setting management of the user setting information is limited to only the administrator, security can be maintained.

  The “manager setting management unit” (0507) performs processing for enabling only the administrator who is recognized as having the management right by the user authentication unit (0503) to set and manage the user setting information. The user authentication unit may check whether the user has the management right after the user authentication is completed, and the administrator may acquire the management right. An administrator who is recognized as having management rights can manage user setting information. It should be noted that the user information used for authentication and the presence / absence of management rights are set for a SIM card (Subscriber Identity Module), etc., and the SIM card is inserted when the communication device is a portable terminal device, etc. The user who uses the communication apparatus that has been registered may be deemed to have management rights.

  The administrator setting management means can set and manage unregistered person setting information. “Unregistered user setting information” is setting information for function control when the authentication result in the user authentication unit is a person who does not have registration information for personal authentication, and is specified among various functions of the user. It is information for using only the function of. This assumes a situation in which a person who has not been registered as a user in advance is permitted to use it in a limited manner in the initial state. In addition, in order to deal with cases where the user cannot be authenticated (for example, forgotten password, hand injury such as hand injury, loss of SIM card, non-carriage, etc.), only some preset functions can be used. . Some of the functions correspond to, for example, an initial registration function for user setting information, registration status confirmation processing, and the like.

  The processing of each other part is the same as in the first embodiment.

  <Embodiment 2: Effect> This embodiment is a communication apparatus characterized in that only an administrator who has a management right can set and manage user setting information. Even when the communication device is used by a plurality of people, only the administrator having the management right can rewrite the user setting information, so that security can be maintained.

  In addition, by making it possible to manage settings for unregistered user settings, it is possible to cope with cases where the user cannot be authenticated because the user has not been registered in advance or the user is injured. It is.

  << Embodiment 3 >>

  <Embodiment 3: Overview> Embodiment 3 will be described. The present embodiment is a communication apparatus characterized by determining whether a user who intends to execute a specific function is restricted from executing the function.

  <Embodiment 3: Configuration> FIG. 6 shows an example of functional blocks in the present embodiment. The “communication device” (0600) of this embodiment shown in FIG. 6 includes a “data storage unit” (0601), a “communication unit” (0602), a “user authentication unit” (0603), and a “user”. It includes a “setting information storage unit” (0604), a “control unit” (0605), and a “user setting information management unit” (0606). Further, the user setting information management unit (0606) has an “manager setting management unit” (0607), the user setting information storage unit (0604) has a “user level information holding unit” (0608), and a control unit ( 0605) includes a “function level information holding unit” (0609) and a “determination unit” (0610).

  “User level information holding means” (0608) holds user level information. “User level information” is information in which function control level information is associated with user identification information. “Function control level information” is information indicating the level of function control performed in accordance with the user. The function control level information corresponds to, for example, information indicating levels divided into 10 levels. If the number of 10 levels is large, the level is high and if there is no restriction in function control, the level of general employees is low, whereas the rank of the upper rank is higher for employees who are in higher positions according to their positions It is assumed that it is prescribed by the law. “User identification information” is information for identifying a user. The user identification information corresponds to information that can uniquely identify the user, such as an employee number. FIG. 7A shows an example of user level information. Thus, it can be seen that the function control level information of the user that can be identified by the user identification information “13070” is “4”.

  "Function level information holding means" (0609) holds function level information. “Function level information” is information in which each function controlled by the control unit (0605) is associated with the function control level information. Functions controlled by the control unit include use of stored data (browsing, adding, overwriting, etc.) and access to each access destination (outgoing, incoming). FIG. 7B shows an example of function level information. The function level information can be exemplified by a pair of information such that all the files can be accessed when the function control level information is “10”. These pieces of information are held for each function control level information.

  The “determination unit” (0610) acquires user level information from the user level information holding unit, acquires function level information from the function level information holding unit, and performs a specific function. Determines whether the function is restricted from being executed. In the above example, the user level information is “4” as the user function control level information that can be identified by the user identification information “13070”, and the user level information is controlled in association with this function control level information “4”. Function level information is acquired to determine the function. For example, if the function level information indicates that the function control level information “4” indicates that the file x cannot be viewed or overwritten, the user identified by the user identification information “13070” It is determined that opening and browsing the file x and overwriting editing are prohibited. In response to this determination, the control unit controls the function of the communication device.

  The processing of each other part is the same as in the second embodiment.

  <Third Embodiment: Process Flow> FIG. 8 shows an example of a process flow in the third embodiment. First, the user is authenticated based on the registration information (user authentication step S0801). Next, user level information, which is information in which function control level information, which is information indicating the level of function control performed according to the user authenticated in the user authentication step (S0801), is associated with user identification information. (User level information acquisition step S0802). Next, function level information, which is information that associates each function to be controlled with the function control level information, is acquired (function level information acquisition step S0803). Furthermore, a use for executing a specific function based on the user level information acquired from the user level information acquisition step (S0802) and the function level information acquired from the function level information acquisition step (S0803). It is determined whether the person is restricted from executing the function (determination step S0804). Finally, the function is controlled according to the determination result in the determination step (S0804) (control step S0805).

  <Embodiment 3: Effect> This embodiment is a communication apparatus characterized by determining whether a user who intends to execute a specific function is restricted from executing the function. The function restriction can be easily set by not being set for each individual one by one but by being set according to a rank distinguished in advance.

  << Embodiment 4 >>

  <Embodiment 4: Overview> Embodiment 4 will be described. In this embodiment, when a special notification is received when the authentication result is an authentication result indicating that there is no registration information for personal authentication, communication is performed with a special communication destination based on the special notification. Is a communication device characterized by the above.

  <Embodiment 4: Configuration> FIG. 9 shows an example of functional blocks in the present embodiment. The “communication device” (0900) of this embodiment shown in FIG. 9 includes a “data storage unit” (0901), a “communication unit” (0902), a “user authentication unit” (0903), and a “user”. A setting information storage unit "(0904) and a" control unit "(0905). Further, the user authentication unit (0903) is a “special notification unit” (0906), the communication unit (0902) is a “special notification reception unit” (0907), a “special communication destination information holding unit” (0908), "Special communication destination means" (0909). This functional block diagram is based on the first embodiment. However, in the case where the functional block diagram of another embodiment is used as a basis, there may be cases where other configuration requirements are required.

  The “special notification means” (0906) outputs a special notification to the communication unit (0802) when the authentication result is an authentication result indicating that there is no registration information for personal authentication. . This authentication result assumes that the user has not been registered as a user in advance or the user cannot be authenticated (for example, forgotten password, hand injuries such as hand injury, SIM card loss / non-carrying, etc.) It is. The special notification is a notification performed in order to use a communication device exceptionally and enable communication with a specific access destination.

  The “special notification acquisition unit” (0907) acquires the special notification.

  "Special communication destination information holding means" (0908) holds special communication destination information. The “special communication destination information” is information indicating a special communication destination to which communication is to be performed when the special notification acquisition unit (0907) acquires a special notification. The special communication destination information may be acquired along with the acquisition of the special notification, and may be held in the special communication destination information holding unit. Alternatively, the special communication destination information may be stored in advance, and the special communication destination information stored with the acquisition of the special notification may be acquired. The special communication destination may be, for example, a communication device administrator or a certain communication destination such as a department head, or may be a communication destination registered in advance by each person.

  The “special communication destination means” (0909) performs processing for communicating with the special communication destination indicated by the special communication destination information based on the special notification. Even if the authentication result is an authentication result indicating that there is no registration information for personal authentication, only a limited access destination can be accessed based on the special notification.

  The processing of other parts is the same as in the fourth to sixth embodiments.

  <Fourth Embodiment: Process Flow> FIG. 10 shows an example of a process flow according to the fourth embodiment. First, a user is authenticated based on registration information (user authentication step S1001). Next, when the authentication result is an authentication result indicating that there is no registration information for personal authentication, a special notification is output (special notification step S1002). Next, a special notification is acquired (special notification acquisition step S1003). Further, special communication destination information to be communicated when the special notification is acquired in the special notification acquisition step (S1003) is held (special communication destination information holding step S1004). Next, processing for communicating with the special communication destination indicated by the special communication destination information is performed based on the special notification (special communication step S1005).

  <Embodiment 4: Effect> In this embodiment, when a special notification is received when the authentication result is an authentication result indicating that there is no registration information for personal authentication, a special notification is made based on this. It is a communication apparatus characterized by communicating with a communication destination. Even if you are not registered as a user in advance or your user cannot be authenticated due to injury, for example, you will be able to access only limited access destinations based on special notifications, so you can feel safe. .

  << Embodiment 5 >>

  <Embodiment 5: Overview> Embodiment 5 will be described. In the present embodiment, management information for managing user setting information is acquired from an administrator who is recognized as having management rights via the communication unit, and based on this management information, the user is authenticated. The communication apparatus is characterized in that setting information describing function control being executed is changed.

  <Embodiment 5: Configuration> FIG. 11 shows an example of functional blocks in the present embodiment. The “communication device” (1100) of this embodiment shown in FIG. 11 includes a “data storage unit” (1101), a “communication unit” (1102), a “user authentication unit” (1103), and a “user”. A “setting information storage unit” (1104), a “control unit” (1105), and a “user setting information management unit” (1106). Further, the user setting information management unit (1106) includes “user setting information management means” (1107), “management information communication acquisition means” (1108), “remote operator restriction changing means” (1109), Have

  The “management information communication acquisition means” (1108) obtains user setting information from the administrator who is recognized as having the management right by the user authentication unit (1103) via the communication unit (1102) via the communication unit. Acquire management information for management. It is assumed that the client-side communication device used by the user is provided with a function for transmitting data used for user authentication processing. The server-side communication device receives this information via the communication unit, authenticates whether the user has management authority, and passes the acquired management information to the next remote operator restriction changing means. The management information is information for managing the user setting information, and corresponds to a change content corresponding to a temporary change of the user setting information, a change request, or the like. The management information may be generated based on mail from the user or voice.

  The “remote operator restriction changing means” (1109) is executed in accordance with the user who is authenticated by the user authentication unit based on the management information acquired by the management information communication acquiring means (1107). Change user setting information that describes function control. As a result, even if the user needs to use a function that exceeds the currently determined authority due to the occurrence of a situation that cannot be predicted in advance, the user setting information can be changed based on the management information. Yes. Specifically, when a file that cannot be viewed is required at a business trip destination, the user makes a request for changing the user setting information so that the data usage information of the file can be viewed by mail. In response to this, after the user setting information is changed by the communication device, a necessary file can be browsed from a remote location.

  The processing of other parts is the same as in the fourth to seventh embodiments.

  <Embodiment 5: Effect> In this embodiment, management information for managing user setting information is acquired from an administrator who is recognized as having management rights via a communication unit, and authentication is performed based on the management information. It is a communication apparatus characterized by changing the setting information describing the function control being executed according to the user to be executed. As a result, even if the user needs to use a function that exceeds the currently determined authority due to the occurrence of a situation that cannot be predicted in advance, the user setting information can be changed based on the management information. This is beneficial because it can be handled.

  << Embodiment 6 >>

  <Sixth Embodiment: Overview> A sixth embodiment will be described. In the present embodiment, a dedicated control command for restricting the function is output based only on the user setting information of the user authenticated by the use start authentication, and the release of the dedicated control command is output by the use end authentication. This is a communication device having a special feature.

  <Embodiment 6: Configuration> FIG. 12 shows an example of functional blocks in the present embodiment. The “communication device” (1200) of this embodiment shown in FIG. 12 includes a “data storage unit” (1201), a “communication unit” (1202), a “user authentication unit” (1203), and a “user”. A setting information storage unit "(1204) and a" control unit "(1205). Further, the user authentication unit (1203) has a “specific period occupation authentication unit” (1206). This functional block diagram is based on the first embodiment. However, in the case where the functional block diagram of another embodiment is used as a basis, there may be cases where other configuration requirements are required.

  The “specific period occupation authentication means” (1206) restricts the function based only on the user setting information of the user who has been authenticated by the use start authentication, and does not allow the other users to use the function. The command is output to the control unit (1205). Further, the release of the dedicated control command is output to the control unit by use end authentication. By performing user authentication at the start of use and at the end of use, certain user setting information is applied during that time, so that it is possible to save the trouble of performing user authentication for each access. Also, by returning to the initial state by releasing the dedicated control command, it is possible to maintain the security of data management until the next use. In addition, use start authentication and use end authentication may be performed using a SIM card in addition to a password or biometric authentication.

  The processing of other parts is the same as in the first to fifth embodiments.

  <Sixth Embodiment: Process Flow> FIG. 13 shows an example of a process flow in the sixth embodiment. First, the user's use start authentication is performed based on the registration information (use start authentication step S1301). Next, the function is restricted based only on the user setting information of the user who has been authenticated by the start-up authentication, and a dedicated control command for preventing other users from using the function is output (specific period occupation authentication) Step S1302). The function is controlled according to the dedicated control command (control step S1303). It is determined whether or not use end authentication has been performed (use end authentication determination step S1304). If the use end authentication has been determined, the release of the dedicated control command is output (dedicated control command release step S1305). ).

  <Embodiment 6: Effect> This embodiment outputs a dedicated control command for function restriction based only on user setting information of a user who has been authenticated by use start authentication, and the dedicated control command by use end authentication. A communication device characterized by outputting a release of a control command. By performing user authentication at the start of use and at the end of use, certain user setting information is applied during that time, so that it is possible to save the trouble of performing user authentication for each access. This is also beneficial because it reduces the processing load on the communication device.

  << Embodiment 7 >>

  <Embodiment 7: Overview> Embodiment 7 will be described. In the present embodiment, when it is detected that there is a reception from a specific user, the specific user is specified via the communication unit after the use start authentication and before the use end authentication. A communication apparatus characterized by transmitting a message.

  <Embodiment 7: Configuration> FIG. 14 shows an example of functional blocks in the present embodiment. The “communication device” (1400) of this embodiment shown in FIG. 14 includes a “data storage unit” (1401), a “communication unit” (1402), a “user authentication unit” (1403), and a “user”. A setting information storage unit "(1404) and a" control unit "(1405). Further, the communication unit (1402) includes a “specific user reception detection unit” (1406) and a “specific message transmission unit” (1407). This functional block diagram is based on the first embodiment. However, in the case where the functional block diagram of another embodiment is used as a basis, there may be cases where other configuration requirements are required.

  The “specific user reception detection means” (1406) detects that there is a reception from or to a specific user. It is assumed that whether or not the user is a specific user is determined based on the identification information of the user. Information for identifying whether or not the user identification information is specific may be added to the user identification information as necessary.

  The “specific message transmission unit” (1407) is used when the specific user reception detection unit (1406) performs the detection after the use start authentication and before the use end authentication in the user authentication unit (1403). Transmits a specific message to the specific user via the communication unit (1402). This is based on the assumption that a user receives a call or mail addressed to a specific user who is another user while using the communication device. At this time, a specific message is transmitted to the communication partner. Here, the specific message corresponds to an answering response or the like instead of a normal incoming call. Others include a transmission request that includes a password or the like when sending an e-mail, and a request that adds a sub-address or forwarding destination when making a call. Further, in the case of receiving mail, a request or setting that can be browsed only by a specific user may be included.

  The other processes are the same as in the sixth embodiment.

  <Embodiment 7: Effect> In the present embodiment, when it is detected that there is a reception from a specific user, after the use start authentication and before the use end authentication, It is a communication apparatus characterized by transmitting a specific message via a communication unit. Even when a user receives a call or mail addressed to a specific user who is another user while using the communication device, the user can respond by sending a specific message. Even when a single communication device is used by a plurality of people, there is an advantage that important calls and mails are not missed.

Conceptual diagram for explaining the first embodiment Functional block diagram for explaining the first embodiment The figure which showed the example of the user setting information in Embodiment 1 The figure explaining the flow of processing of Embodiment 1. Functional block diagram for explaining the second embodiment Functional block diagram for explaining the third embodiment The figure for demonstrating the user level information and function level information in Embodiment 3 The figure explaining the flow of processing of Embodiment 3. Functional block diagram for explaining the fourth embodiment The figure explaining the flow of processing of Embodiment 4 Functional block diagram for explaining the fifth embodiment Functional block diagram for explaining the sixth embodiment The figure explaining the flow of processing of Embodiment 6. Functional block diagram for explaining the seventh embodiment

Explanation of symbols

0200 Communication device 0201 Data storage unit 0202 Communication unit 0203 User authentication unit 0204 User setting information storage unit 0205 Control unit

Claims (11)

A data storage unit;
A communication department;
A user authentication unit that authenticates the user based on the registration information;
A user setting information storage unit for storing user setting information, which is setting information for performing function control according to the user authenticated by the user authentication unit;
A control unit that controls a function according to setting information in the user setting information storage unit;
A communication device. The data storage unit stores a plurality of data,
The communication apparatus according to claim 1, wherein the user setting information includes data usage information that determines which of the plurality of data the user can use. The communication unit can access a plurality of access destinations,
The communication apparatus according to claim 1, wherein the user setting information includes accessible information that determines which of the plurality of access destinations the user can access. A user setting information management unit for managing user setting information stored in the user setting information storage unit;
4. The user setting information management unit includes an administrator setting management unit that allows only the administrator who is recognized as having management rights by the user authentication unit to set and manage user setting information. 5. The communication apparatus as described in any one. The administrator setting management means includes:
It is possible to set and manage unregistered person setting information which is setting information for function control when the authentication result in the user authentication unit is a person who does not have registration information for personal authentication,
The communication apparatus according to claim 4, wherein the non-registered setting information is information for using only a specific function among its various functions. The user setting information storage unit
User level information holding means for holding user level information which is information in which function control level information which is information indicating a level of function control performed in accordance with a user is associated with user identification information;
The controller is
Function level information holding means for holding function level information that is information in which each function controlled by the control unit is associated with the function control level information;
User level information is acquired from the user level information holding unit, and function level information is acquired from the function level information holding unit, and a user who intends to execute a specific function is restricted from executing the function. A judgment means for judging whether or not
The communication device according to claim 4, comprising: The user authentication unit
If the authentication result is an authentication result indicating that there is no registration information for personal authentication, the communication unit has a special notification means for outputting a special notification;
The communication unit is
Special notification acquisition means for acquiring the special notification;
Special communication destination information holding means for holding special communication destination information which is information indicating a special communication destination to which communication should be performed when the special notification acquisition means acquires a special notification;
Based on the special notification, special communication destination means for communicating with the special communication destination indicated by the special communication destination information;
The communication apparatus according to any one of claims 4 to 6. The user setting information management unit
Management information communication acquisition means for acquiring management information for managing user setting information via the communication unit from an administrator recognized as having management rights by the user authentication unit via the communication unit;
Remote operator restriction for changing user setting information describing function control executed according to the user authenticated by the user authentication unit based on the management information acquired by the management information communication acquiring means Change means,
The communication device according to claim 4, comprising: The user authentication unit
It has a specific period occupation authentication means,
The specific period occupation authentication means includes:
The function is limited based only on the user setting information of the user who has been authenticated by the use start authentication, and a dedicated control command for preventing other users from using the function is output to the control unit,
The communication apparatus according to any one of claims 1 to 8, wherein a release of the dedicated control command is output to the control unit by use end authentication. The communication unit is
A specific user reception detecting means for detecting that there has been reception from a specific user or to a specific user;
In the user authentication unit, when the specific user reception detection means performs the detection after the use start authentication and before the use end authentication,
A specific message transmitting means for transmitting a specific message to the specific user via the communication unit;
The communication device according to claim 9. A user authentication step for authenticating the user based on the registration information;
A user setting information acquisition step for acquiring user setting information which is setting information for performing function control according to the user authenticated in the user authentication step;
A user authentication method comprising: a control step for controlling a function according to setting information in the user setting information acquisition step.

Images