JP2007094614A - Computer server and digital composite machine - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technology for preventing more strictly an illegal act such as posing as a user, in a server used by a plurality of users. <P>SOLUTION: A digital composite machine 2 and a personal computer 3 are connected to a LAN in an office. When the user inputs a log-in name and a password in the digital composite machine 2 to perform log-in operation and succeeds in log-in, the digital composite machine 2 transmits electronic mail notifying that log-in operation was performed with an electronic mail address of the user who logged in, as a destination. The regular user receives the electronic mail in the personal computer 3 and knows that log-in operation was performed in the digital composite machine 2 with his or her own log-in name. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a user management technique for a computer server.

  In recent offices, a digital multi-function machine having a multi-function such as a fax machine, a copy machine, a printer, and a scanner is prevalent. Unlike conventional single devices such as fax machines and copiers, digital multi-function machines have come to play a role as network servers. For this reason, as with computer servers connected to the Internet and intranets, user management is also an important function for digital MFPs shared by multiple users, and permission for use and identification of users are performed. Therefore, a function for requesting a user to perform a login operation is provided.

  Computer servers connected to networks such as the Internet and managing users take various measures to prevent acts such as impersonation and unauthorized access. In addition, with regard to a digital multi-function peripheral that is used alternately by a plurality of users by performing login operations, the user is not always near the device, so that it is difficult to be noticed even if an act such as impersonation is performed. is there. Therefore, the login history of the user and the operation history information executed during login are stored in the apparatus main body.

  Patent Literature 1 below relates to a technique for authenticating a user who logs in to a business application. When an incorrect user ID and password are input a predetermined number of times or more, the user authentication application transmits an email notifying unauthorized access to the registered user's email address.

JP 2001-175600 A

  As described above, it is possible to leave a history of fraud etc. by saving the user's login history and operation history information. There is a problem that must be done. In the first place, if it is used impersonating a legitimate user, the legitimate user is not aware of the unauthorized access, so the confirmation procedure is delayed.

  Moreover, it is possible to prevent fraud by using the technique of Patent Document 1. For example, it is effective against an illegal act of inputting a plurality of expected passwords in order. However, it is impossible to deal with an illegal act in which a legitimate password has already been stolen and the user is logged in correctly.

  Also, in the case where the login operation is performed directly on the apparatus instead of the login via the network as in the case of a multifunction machine, there is a problem that when another user forgets to log out, it can be used as it is. In this case, since a regular login operation is performed by a regular user, a considerable amount of time elapses until a subsequent fraud is confirmed.

  In view of the above problems, an object of the present invention is to provide a technique for more strictly preventing fraud such as impersonation.

  In order to solve the above-mentioned problem, the invention according to claim 1 is a computer server connected to a network, and generates a relevant event when a predetermined event occurs in the computer server and means for managing a login user Means for sending an event occurrence notification mail to the e-mail address of the logged-in user.

  According to a second aspect of the present invention, in the computer server according to the first aspect, the predetermined event includes a login.

  The invention according to claim 3 is the computer server according to claim 1 or 2, wherein the predetermined event includes logout.

  According to a fourth aspect of the present invention, in the computer server according to any one of the first to third aspects, the predetermined event includes a state in which no operation is performed for a predetermined time.

  According to a fifth aspect of the present invention, in the computer server according to the fourth aspect, the event occurrence notification mail is transmitted and the logged-in user is automatically logged out.

  A sixth aspect of the present invention is the computer server according to any one of the third to fifth aspects, wherein the event occurrence notification mail includes history information of operations performed during login. To do.

  A seventh aspect of the present invention relates to a digital multi-function peripheral having a function as a computer server according to any one of the first to sixth aspects.

  Since the computer server of the present invention transmits an event occurrence notification mail to the email address of the logged-in user, user management can be performed strictly. And a legitimate user can discover fraud etc. at an early stage.

  In addition, since an e-mail is transmitted in response to the login operation, it is possible to detect an act such as impersonation at an early stage.

  In addition, since an electronic mail is transmitted in response to the logout operation, user management can be performed more strictly.

  In addition, since an e-mail is transmitted when no operation is performed for a predetermined time, it is effective when a logout operation is forgotten. In addition, fraud can be prevented in advance.

  Furthermore, when an operation is not performed for a predetermined time, an event occurrence notification mail is transmitted and the logged-in user is automatically logged out, so that the occurrence of an illegal act can be further suppressed.

  In addition, since the event occurrence notification email includes history information of operations performed during login, fraudulent acts can be immediately detected even when the logout operation is delayed.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a diagram showing a network configuration in an office. A LAN 1 is constructed in the office. Connected to the LAN 1 are a digital multifunction device 2, a plurality of personal computers 3 (hereinafter abbreviated as PC 3), and an LDAP server 4.

  The digital multifunction peripheral 2 has a copy function, a FAX function, a printer function, a scanner function, and the like, and also has a network function. Accordingly, the PC 3 connected to the LAN 1 can use various functions of the digital multifunction peripheral 2 via the LAN. In this way, employees working in the office can use the digital multifunction device 2 via the LAN using the PC 3 or actually move to the location of the digital multifunction device 2 and perform a copy operation, etc. One multifunction device is shared by multiple employees.

  LDAP (Lightweight Directory Access Protocol) is a protocol used between a server that provides a directory service and a client that receives the service, and the PC 3 or the digital multifunction peripheral 2 that is a client is connected to the LDAP server 4, Various information managed in the office can be used.

  FIG. 2 is a functional block diagram of the digital multifunction device 2. Since the present invention relates to a user management technique for the digital multifunction peripheral 2, only functional blocks related to user management are illustrated. Therefore, the blocks showing the original functions of the multifunction machine such as the copy function and the FAX function are not shown.

  The digital multifunction machine 2 includes an operation unit 21, a display unit 22, a user management unit 23, a mail transmission / reception unit 24, and a storage unit 25. The operation unit 21 is used to input various operation instructions to the digital multi-function peripheral 2 and includes various buttons. Further, a part thereof may be constituted by a touch panel display. The display unit 22 is for displaying various types of information such as the operating state of the digital multi-function peripheral 2 and is configured by a liquid crystal display or the like. When the display unit 22 is a touch panel display, the display unit 22 also functions as the operation unit 21.

  The user management unit 23 manages users who use the digital multi-function peripheral 2. Specifically, the user management unit 23 refers to user name information and password information input from the operation unit 21 and user registration information 51 stored in the storage unit 25 to determine whether or not login is possible. Further, the user management unit 23 acquires the operation history of the logged-in user and records it in the storage unit 25 as operation history information 52.

  The mail transmission / reception unit 24 transmits / receives electronic mail. The digital multi-function peripheral 2 has a function of transmitting / receiving an electronic mail with FAX data attached, and the mail transmitting / receiving unit 24 is used when executing these functions. As will be described later, in the present embodiment, an email is transmitted to the logged-in user when an event occurs. At that time, the mail transmission / reception unit 24 is used.

  As described above, the storage unit 25 stores the user registration information 51 and the operation history information 52. In the user registration information 51, registered user name information, password information, e-mail address information, and the like are recorded.

  Here, the e-mail address registered in the user registration information 51 is a dedicated e-mail address used when the digital multi-function peripheral 2 is used. For example, when the user transmits FAX data by e-mail using the digital multi-function peripheral 2, the e-mail address is used as the transmission source address. In the present embodiment, the e-mail address of each user dedicated to the digital multi-function peripheral is used as a source address of an e-mail to be transmitted when an event occurs.

  On the other hand, an e-mail address generally used by the user in daily work (mostly an e-mail address used when the user uses the PC 3 on the desk) is the LDAP server 4 in this embodiment. Is centrally managed. In the present embodiment, the e-mail address of each user managed by the LDAP server 4 is used as a destination address of an e-mail to be transmitted when an event occurs.

  Based on the above configuration, the user management procedure of the digital multifunction peripheral 2 will be described with reference to the flowcharts of FIGS.

  FIG. 3 is a flowchart showing the operation of the digital multifunction peripheral 2 at the time of login. First, when the user touches the operation unit 21 or the display unit 22 of the digital multifunction machine 2, the digital multifunction machine 2 displays a login screen on the display unit 22 (step S11). The login screen is a screen that prompts the user to input a user name and a password. Accordingly, when the user operates the operation unit 21 to input a user name and password (step S12), the user management unit 23 refers to the user registration information 51 and performs an authentication process (step S13). ). That is, the user management unit 23 authenticates whether the input user name and password match the user name and password registered in the user registration information 51.

  When it is necessary to acquire the user's e-mail address from the LDAP server 4, the user management unit 23 accesses the LDAP server 4 and acquires the e-mail address of the user who logs in. In the present embodiment, as described above, the digital multi-function peripheral 2 stores the e-mail address dedicated to the multi-function peripheral, but the e-mail address generally used by the user is centralized by the LDAP server 4. It is managed. Therefore, it is necessary to obtain an e-mail address from the LDAP server 4. If the user name and password do not match, the processing to the LDAP server 4 may be omitted.

  In step S14, it is determined whether the authentication process has succeeded or failed. If the authentication process fails, the process returns to step S11 to display the login screen again. As described above, as long as the user name and the password do not match, the login screen continues to be displayed and the digital multifunction peripheral 2 cannot be used. If the authentication process is successful, the mail transmitting / receiving unit 24 transmits an e-mail notifying that the login process has been performed with the e-mail address acquired from the LDAP server 4 as a destination (step S15). Then, the digital multi-function peripheral 2 goes into the login state with the input user name, and the logged-in user can use various functions.

  A user who uses the digital multifunction peripheral 2 while logged in will then return to the desk and operate the PC 3. At this time, since the electronic mail is transmitted in step S15, the user receives the electronic mail transmitted from the digital multi-function peripheral 2. Then, by referring to the e-mail, the user knows that a login operation has been performed on the digital multi-function peripheral 2 with his login name. At this time, if the authorized user is truly after logging in and operating the digital multifunction peripheral 2, the authorized user can determine that it is his / her own action and there is no problem. If the user does not remember logging in to the digital multi-function peripheral 2, it can be determined that there is a possibility of an illegal act by another person. In particular, when a legitimate user is operating the PC 3 on the desk, if someone else impersonates and logs in, the e-mail arrives at the legitimate user immediately after logging in. Can be confirmed immediately.

  As described above, according to the present embodiment, when the user has successfully logged in, an e-mail notifying that the user has logged in is transmitted with the e-mail address of the logged-in user as a destination. For this reason, even when another person logs in by performing an illegal act such as impersonation, since the information that the user has logged in is notified to a legitimate user, it is possible to detect the illegal act early. In addition, by constructing such a mechanism, it is possible to check and prevent the occurrence of fraud.

  FIG. 4 is a flowchart showing the operation of the digital multi-function peripheral 2 when logging out. First, the user operates the operation unit 21 to execute a logout operation (step S21). In response to this, the mail transmitting / receiving unit 24 transmits an e-mail notifying that the user has logged out using the e-mail address acquired from the LDAP server 4 as a destination. Further, the mail transmission / reception unit 24 refers to the operation history information 52, acquires operation history information performed during the current login period, and includes this information in the e-mail (step S22). Then, after transmitting the e-mail, the digital multi-function peripheral 2 executes log-out processing for the logged-in user (step S23).

  As described above, according to the present embodiment, when a user performs a logout operation, an e-mail notifying that the user has logged out is transmitted with the e-mail address of the logged-in user as a destination. It is possible to carry out more strictly. In addition, if the user who operates the digital multi-function peripheral 2 notices that an e-mail notifying logout does not arrive after that, it is possible to reduce the problem of forgetting to log out.

  Furthermore, the e-mail address to be notified is useful because it includes history information of operations performed during login. For example, it is assumed that a legitimate user forgets a logout operation and leaves the MFP main body, and then the user notices it or a good faith person performs a logout operation. In this case, there is a possibility that unauthorized use was performed by another person after the person left the device until he / she logged out, but even in that case, the operation history information is included in the received e-mail. Therefore, it is possible to immediately determine whether fraud has been performed.

  FIG. 5 is a flowchart showing the operation of the digital multi-function peripheral 2 when no operation is performed for a certain period of time. For example, the e-mail acquired by the mail transmitting / receiving unit 24 from the LDAP server 4 when no operation has been performed for a certain period of time (for example, 5 minutes) since the user last performed some operation on the digital multifunction peripheral 2. An e-mail notifying that the user is logged in is transmitted with the address as the destination. Further, the mail transmission / reception unit 24 refers to the operation history information 52, acquires operation history information performed during the current login period, and includes this information in the e-mail (step S31).

  As a result, even when a legitimate user forgets the logout operation, an e-mail is transmitted to the person himself / herself, so that problems such as leaving the login state for a long time can be avoided. In addition, since the operation history information is included in the e-mail, it is possible to detect the fact at an early stage even when a fraudulent act has been performed by another person while the user is logged in.

  FIG. 6 is a modification of the operation shown in FIG. If the operation is not performed for a certain period of time, the digital multi-function peripheral 2 first transmits an e-mail notifying that the user is logged in including the operation history information as in step S31 of FIG. 5 (step S41). Subsequently, the digital multifunction peripheral 2 executes logout processing for the logged-in user (step S42). As a result, when a legitimate user forgets the logout operation, the state can be notified by e-mail, and by performing the logout operation, illegal acts by others can be prevented in advance.

  In the above-described embodiment described with reference to FIGS. 3 to 6, the e-mail address registered in the user registration information 51 is used as the e-mail address of the e-mail transmitted from the digital multifunction peripheral 2. It was. In other words, the e-mail is transmitted with the e-mail address dedicated to the multifunction machine of the logged-in user as the transmission source. In addition, an e-mail address assigned to the device of the digital multi-function peripheral 2 may be used as the source address.

  In the above embodiment, the destination e-mail address is acquired from the LDAP server 4. However, the destination e-mail address may be registered in the user registration information 51 in advance. That is, both the e-mail address dedicated to the multifunction machine and the general e-mail address used on the PC may be registered in the storage unit 25. In the above embodiment, two types of e-mail are used. However, an e-mail address dedicated to the digital multi-function peripheral can be used as a destination address. In particular, two types of e-mail are used. do not have to.

  The present invention relates to user management of a computer server connected to a network. As an embodiment of the present invention, a digital multifunction machine installed in a LAN in an office has been described as an example. However, the present invention can also be applied to user management of various computer servers connected to the network, and the network may be an open network such as the Internet.

1 is a diagram illustrating a network configuration in an office to which a digital multi-function peripheral is connected. FIG. It is a functional block diagram of a digital multifunction peripheral. 6 is a flowchart illustrating an operation during a login process of the digital multifunction peripheral. 6 is a flowchart illustrating an operation during logout processing of the digital multifunction peripheral. 6 is a flowchart illustrating an operation when the digital multifunction peripheral is not operated for a certain period of time. 6 is a flowchart illustrating an operation when the digital multifunction peripheral is not operated for a certain period of time.

Explanation of symbols

1 LAN
2 Digital MFP 3 Personal Computer 4 LDAP Server 21 Operation Unit 22 Display Unit 23 User Management Unit 24 Mail Transmission / Reception Unit 51 User Registration Information 52 Operation History Information

Claims (7)

A computer server connected to a network,
A means of managing login users;
Means for sending an event notification email to the email address of the login user who generated the event when a predetermined event occurs in the computer server;
A computer server comprising: The computer server according to claim 1,
The predetermined event is:
Login,
A computer server comprising: In the computer server according to claim 1 or 2,
The predetermined event is:
Logout,
A computer server comprising: The computer server according to any one of claims 1 to 3,
The predetermined event is:
A state where no operation is performed for a predetermined time,
A computer server comprising: The computer server according to claim 4,
A computer server characterized by transmitting the event occurrence notification mail and automatically logging out a logged-in user. The computer server according to any one of claims 3 to 5,
The computer server according to claim 1, wherein the event occurrence notification mail includes history information of operations performed during login. A digital multi-function peripheral provided with a function as a computer server according to any one of claims 1 to 6.

Images