JP2009037351A - Image forming apparatus, authentication method, authentication program, and storage medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication system for making efficient use of information recorded in a portable recording medium. <P>SOLUTION: This image forming apparatus 10 is provided with a first information acquisition means 104A for acquiring preliminarily set first information in a plurality of information from a portable recording medium in which a plurality of information is recorded; a second information acquisition means 104B for acquiring second information different from the preliminarily set first information in the plurality of information from the portable storage medium; an authentication means 102 for performing authentication based on the information acquired by the first information acquisition means 104A or the second information acquisition means 104B; and a control means 109 for making the image forming apparatus 10 available when authentication by the authentication means is successful. The first information acquisition means 104A is given priority over the second information acquisition means 104B to acquire information. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an image forming apparatus, an authentication method, an authentication program, and a storage medium.

  In recent years, IC (Integrated Circuit) cards have become widespread, and ID cards that identify individuals such as employee ID cards and student ID cards have been introduced using IC cards. Further, in use of a general computer device (PC) or the like, a user restriction function of a device using such an IC card has been realized.

  At present, it is proposed to use such an IC card for personal authentication of a user in consideration of security not only in a PC but also in use of an office device having a plurality of copy and facsimile functions. In addition, an authentication system using a biometric authentication device that performs personal authentication based on personal biometric information has been proposed.

  There are various types of IC cards, but most of them store authentication information for identifying an individual in a storage area in the IC card, and the device performs authentication by reading the authentication information. This authentication information storage area may be equipped with functions such as mutual authentication between the IC card and the device when data is accessed. Furthermore, information such as a procedure for accessing the authentication information is handled as confidential information, and it is devised so that a third party cannot easily obtain the authentication information from the IC card.

  In order to implement an authentication function using an IC card in a device, it is necessary to access authentication information recorded on the IC card, which requires disclosure of confidential information to the device developer. This has been an obstacle when introducing an authentication function using an IC card into a device. Instead, depending on the IC card system, there is unique information that is uniquely assigned to each IC card, such as a serial number, and this information can be used as authentication information to authenticate the device without disclosing confidential information. It has been proposed to realize

  When the unique information is used as the authentication information in this way, the user needs to input manually in order to handle it in a device that does not have an IC card reader, so that the usability is very poor.

The image forming apparatus disclosed in Patent Document 1 includes an authentication information output unit that outputs such authentication information to an external apparatus, so that an image can be displayed when such unique information is handled by an external apparatus or the like. By applying the authentication information output from the forming apparatus, the burden on the user can be greatly reduced, and the occurrence of problems such as input errors can be prevented.
JP 2006-160570 A

  However, in the invention disclosed in the related art and Patent Document 1, when one piece of authentication information recorded on the IC card becomes invalid, the device cannot be used effectively. That is, a plurality of information such as authentication information and unique information such as a manufacturing number is recorded on the IC card, but the plurality of information recorded on the IC card is not effectively used. there were.

  The present invention has been invented in order to solve this problem in view of the above points, and an image forming apparatus, an authentication method, an authentication program, and a recording medium that effectively use information recorded on a portable recording medium The purpose is to provide.

  In order to achieve the above object, an image forming apparatus according to the present invention acquires first preset first information among the plurality of information from a portable recording medium on which the plurality of information is recorded. Information acquisition means, second information acquisition means for acquiring second information different from the preset first information of the plurality of information from the portable storage medium, and the first information An authentication unit that performs authentication based on information acquired by the information acquisition unit or the second information acquisition unit, and a control unit that enables the image forming apparatus when authentication by the authentication unit is successful. The first information acquisition unit may be configured to acquire information in preference to the second information acquisition unit.

  In order to achieve the above object, the first information acquisition means according to the present invention is configured such that when the acquisition of the first information fails or the authentication based on the first information fails, It can be configured to switch to the second information acquisition means.

  In order to achieve the above object, the second information in the present invention includes information relating to an administrator of the image forming apparatus, and the authentication unit is acquired by the second information acquisition unit. Further, the authentication relating to the administrator of the image forming apparatus can be performed based on the second information.

  In order to achieve the above object, the image forming apparatus according to the present invention provides the first authentication information acquisition unit when the second information is information indicating a predetermined administrator of the image forming apparatus. Information acquisition request presenting means for presenting an information acquisition request related to the predetermined administrator by the information, and information related to the predetermined administrator registered based on the information acquired in response to the presentation by the information acquisition request presenting means An administrator information updating unit for updating information can be further included.

  In order to achieve the above object, the first information and the second information in the present invention are respectively personal authentication information of a user, device-specific information of the portable recording medium, or the portable type. It can be configured to be device-specific information of a recording medium and user personal authentication information.

  In order to achieve the above object, the image forming apparatus according to the present invention performs authentication information input means for a user to input authentication information, and user input authentication based on the authentication information input by the authentication information input means. Authentication setting means for setting whether the user input authentication is set by the authentication setting means, the authentication means further includes authentication information input by the authentication information input means It can be configured to perform authentication based on.

  In order to achieve the above object, the authentication setting means according to the present invention is configured such that the user input authentication is not performed by a predetermined operation input even when the user input authentication is not performed. Can be configured to release.

  In order to achieve the above object, the authentication setting means according to the present invention changes the setting relating to the first or second information even when the user input authentication is not set. In such a case, the setting for not performing the user input authentication can be canceled.

  In order to achieve the above object, the image forming apparatus according to the present invention includes an external authentication server device connected to the image forming apparatus via a network, instead of the image forming apparatus having the authentication unit. An authentication unit may be included.

  In order to achieve the above object, an authentication method according to the present invention is an authentication method in an image forming apparatus, and is preset from among a portable recording medium on which a plurality of information is recorded. A first information acquisition step of acquiring the first information, and a second information different from the preset first information of the plurality of information from the portable storage medium A second information acquisition step, an authentication step for performing authentication based on the information acquired in the first information acquisition step or the second information acquisition step, and the authentication in the authentication step, the image forming apparatus The first information acquisition step can be configured to acquire information in preference to the second information acquisition step.

  In order to achieve the above object, in the authentication method according to the present invention, in the first information acquisition step, the acquisition of the first information fails or the authentication based on the first information fails. In this case, it can be configured to switch to the second information acquisition step.

  In order to achieve the above object, the authentication program according to the present invention can be configured to be an authentication program for causing a computer to execute processing relating to each unit of the image forming apparatus.

  In order to achieve the above object, the recording medium in the present invention can be configured to be a computer readable recording medium characterized by recording the above authentication program.

  According to the present invention, it is possible to provide an image forming apparatus, an authentication method, an authentication program, and a recording medium that effectively use information recorded on a portable recording medium.

  The best mode for carrying out the present invention will be described below with reference to the drawings.

(System configuration)
FIG. 1 is a diagram showing an example of an authentication system configuration according to an embodiment of the present invention. In FIG. 1, the authentication system 1 is configured to include an image forming apparatus 10, a network terminal apparatus 20, and an external authentication server apparatus 30 connected via a network such as a LAN (Local Area Network).

  The image forming apparatus 10 is an apparatus such as a general MFP (Multi Function Peripheral) having a plurality of functions such as a scanner function, a copy function, and a facsimile function. For example, it is connected to the IC card R / W device 11 via a USB cable (not shown). The IC card R / W device 11 can interface with the IC card, and is a device that reads information recorded on the IC card or writes information to the IC card.

  The network terminal device 20 is a general computer device including a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like (not shown). Here, like the image forming apparatus 10, the IC card R / W device 21 is connected.

  The external authentication server device 30 is a device that performs authentication processing. For example, the authentication information input by the IC card in the IC card R / W device 11 is acquired via the image forming apparatus 10 and data processing such as converting the acquired authentication information into authentication data that can be collated is performed. Then, the authentication process is performed by inquiring the converted authentication data to an authentication database (not shown).

  With the above system configuration, in the authentication system 1, the user possesses a portable recording medium such as an IC card in which his / her personal authentication information issued in advance by the system administrator is recorded, and operates the image forming apparatus 10. When the portable recording medium is set in the IC card R / W device 11 or the like at the start, authentication processing is performed in the image forming apparatus 10 (or the external authentication server apparatus 30). When the authentication is successful, use of the image forming apparatus 10 can be started.

  Note that an IC card as an example of a portable recording medium is set with a key for accessing each storage area, and authentication is performed using this key when reading / writing information from / to the IC card. Thereby, the confidentiality of the data in the IC card is maintained.

  By the way, the IC card holds information such as a serial number uniquely assigned to the IC card, and a special access method is not necessary for reading (hereinafter, such a special card can be easily used). Information that does not require an access method is referred to as “first information”).

  In addition, the IC card stores, for example, a user ID and a password, which are components of authentication information, and it is necessary to authenticate using an individual access key in order to access (hereinafter, this is the case). In order to distinguish information requiring a special access method from "first information", it is referred to as "second information"). And).

  There are generally two types of IC cards, contact type and non-contact type, but either type may be used.

(Hardware configuration)
FIG. 2 is a diagram illustrating an example of a hardware configuration of an image forming apparatus according to an embodiment of the present invention. 2, the image forming apparatus 10 includes a controller unit 110, an operation unit 130, a fax control unit 140, a plotter 150, a scanner 160, and other hardware resources 170 that are other hardware resources.

  Further, the controller unit 110 includes a CPU 111, N.I. B. (North Bridge) 112, RAM 113, ASIC (Application Specific Integrated Circuit) 114, RAM 115, HDD (Hard Disk Drive) 116, serial bus 117, NIC (Network Interface Card) 118, USB (Universal Serial Bus) 119, USB host 120 And a memory card I / F 121 or the like.

  The controller unit 110 controls each unit of the image forming apparatus 10. The CPU 111 that is a microprocessor that controls the entire control of the image forming apparatus 10, the NB 112 that is a chip that connects the CPU 111 to a PCI bus, etc., and the CPU 111 temporarily store programs and intermediate processing data when controlling the image forming apparatus 1. RAM 113, which is a volatile memory used for storing, ASIC 114, which is an integrated circuit manufactured for a specific application, temporarily storing programs and intermediate processing data when the ASIC 114 performs processing, etc. RAM 115, which is a volatile memory used for HDD, HDD 116, which is a hard disk reader, serial bus 117 that connects image forming apparatus 10 and peripheral devices (not shown), and an expansion card that is connected to an expansion slot (not shown). NIC 118, image forming apparatus 10, and peripheral device (not shown) A USB 119 for connecting the IC card R / W device 11 (to be described later) to the controller unit 110 by a USB cable, and a memory card I / F 121 for connecting a memory card as a card-type storage device to the controller unit 110. To perform the above control.

  The operation unit 130 is, for example, an operation panel for inputting various operations by the user. The fax control unit 140 performs control when the image forming apparatus 10 performs various operations related to fax transmission / reception with an external device (not shown). The plotter 150 is a device that visually outputs data. A printer can be used instead of the plotter 150. The scanner 160 is a device that reads original paper as electronic data.

  With the above apparatus configuration, the image forming apparatus 10 according to the present exemplary embodiment is connected to the IC card R / W apparatus 11 via the USB host 120 via a USB cable.

  In addition, reading / writing of the information with respect to an IC card is implement | achieved when control is performed by transmitting a command packet to the IC card R / W device 11, and the IC card R / W device 11 communicates with the IC card. . Data such as user authentication information and key information for accessing the authentication information is transmitted and received through the USB communication path. For this reason, there is a concern about leakage of information due to the USB bus being monitored. For this reason, transmission and reception of commands and data on the USB are encrypted. Before encryption, authentication is performed with the IC card R / W device 11, and a common key obtained from the result is generated. The USB bus is secured by performing encryption (and decryption) using a common key.

(Software configuration)
FIG. 3 is a diagram illustrating an example of a software configuration of the image forming apparatus according to the embodiment of the present invention.

  As shown in FIG. 3, the software in the image forming apparatus 10 includes an application layer 210, a service layer 220, an OS layer 230, an engine control board (engine control layer) 240, and the like. In addition, the vertical relationship of each layer in the drawing is based on the calling relationship between layers. That is, basically, the upper layer in the figure calls the lower layer.

  The application layer 210 is a part in which an application program that realizes functions provided in the image forming apparatus 10 (for example, copying, fax transmission / reception, printer, Web communication) is mounted. For example, a copy application 210a that realizes a function related to copying, a fax application 210b that realizes a function related to fax transmission, a printer application 210c that realizes a function related to printer output, a Web application 210d that realizes a function related to Web communication, and the like. included.

  The service layer 220 is a part on which lower functions commonly used by each application in the application layer 210 are mounted. For example, a system control service 220a, a fax control service 220b, an engine control service 220c, a memory control service 220d, an operation unit control service 220e, a network control service 220f, and an authentication control service 220g are included.

  The authentication control service 220g performs authentication for using each application of the application layer 210 described above. Each application can be used only after successful authentication. In addition, it is possible to select an application that can be used for each registered user, and it is possible to perform function restriction for each user by performing personal authentication.

  The OS layer 230 is a part on which lower functions commonly used by each service in the service layer 220 are mounted. The engine control board 240 is a part where a program group for controlling the engine (hardware) such as the plotter engine 150, the scanner engine 160, and other hardware resources 170 is mounted.

  With the software configuration described above, in the image forming apparatus 10 according to the present embodiment, as described above, the authentication control service 220g performs authentication for using each application of the application layer 210. A detailed example of the authentication control service 220g will be described later with reference to FIG.

(Example of authentication control service)
FIG. 4 is a diagram illustrating an example of a software module configuration focusing on the authentication control service. Here, an example regarding the details of the authentication control service 220g of FIG. 3 will be described.

  The authentication control service 220g receives an authentication request from each application in the application layer 210. The authentication control service 220g that has received the authentication request performs, for example, the following operation.

  The authentication control service 220g performs display processing on the operation panel via the drawing processing module 390 and the graphic driver 400. In response to this authentication request, the authentication result notified from the external authentication server device 30 (see FIG. 1) is made receivable, and the authentication result is acquired via the NIC device driver 350 and the network library 340. Whether the authentication has succeeded or failed is output to the application in the application layer 210. Note that authentication information can also be obtained directly from the IC card R / W device 180 or the like locally connected to the USB host card via the IC card resource manager 310 to perform authentication.

(Function configuration example)
FIG. 5 is a diagram illustrating an example of a functional configuration of an authentication system according to an embodiment of the present invention. 5, the image forming apparatus 10 includes an information acquisition unit 101, an authentication unit 102, an authentication reference information holding unit 103, an authentication setting unit 104, a communication unit 105, an authentication request reception (answer) unit 106, a display control unit 107, and an input. Unit 108 and control unit 109. The authentication setting unit 104 includes a first information acquisition unit 104A, a second information acquisition unit 104B, and a user input authentication setting unit 104C.

  The IC card R / W device (authentication information input device) 11 includes a communication unit 111, an information acquisition unit 112, and a control unit 113. The external authentication server device 30 includes an authentication unit 301, an authentication reference information holding unit 302, a communication unit 303, and a control unit 304.

  The information acquisition unit 101 acquires information input by the user. For example, when the image forming apparatus 10 has an operation panel or the like, authentication information such as a user name and a password input on the operation panel is acquired.

  The authentication unit 102 uses the authentication information acquired by the information acquisition unit 101 or the information acquired by the information acquisition unit 112 described later via the communication unit 105 and the authentication reference information held by the authentication reference information storage unit 103 described later. Authentication process. It is also possible to instruct authentication with the acquired information to the external authentication server device 30.

The authentication standard information holding unit 103 holds authentication standard information for performing authentication processing. The authentication setting unit 104 performs various settings related to authentication. Detailed examples of various settings in the authentication setting unit 104 will be described later with reference to FIG.
When the first information acquisition unit 104A acquires the information recorded on the IC card by the IC card R / W device 11, the first information acquisition unit 104A acquires which information among the plurality of information recorded on the IC card as the first information. Set whether to do.
When acquiring information recorded on the IC card by the IC card R / W device 11, the second information acquisition unit 104 </ b> B acquires which information among the plurality of information recorded on the IC card as the second information. Set whether to do. The setting in the first information acquisition unit 104A has priority over the setting in the second information acquisition unit 104B.
The user input authentication setting unit 104C performs settings related to user input authentication for performing authentication based on a user name, a password, and the like input by the input unit 108 described later. In particular, the authentication based on the information recorded on the IC card using the first information acquisition unit 104A and the second information acquisition unit 104B described above and the user input authentication using the user input authentication setting unit 104C are used in combination. The authentication method to be used can be used together.

  The communication unit 105 performs various communication processing such as acquiring information recorded in the IC card from the IC card R / W device 11 and transmitting an authentication instruction to the external authentication server device 30. .

  The authentication request reception (reply) unit 106 performs an operation of receiving an authentication request from the application layer 210 and performing a response to the authentication request to the application layer 210. For example, when the image forming apparatus 10 includes a display unit such as an operation panel, the display control unit 107 controls the content displayed on the display unit.

  The input unit 108 performs various operation inputs by the user. For example, when the image forming apparatus 10 has an operation panel or the like, information such as a user name and a password input on the operation panel is input.

  The control unit 109 includes an information acquisition unit 101, an authentication unit 102, an authentication reference information holding unit 103, an authentication setting unit 104, a communication unit 105, an authentication request reception unit 106, a display control unit 107, an input unit 108, and the like. Various controls of the apparatus 10 are performed.

  The communication unit 111 performs various communication processes such as transmitting information acquired by an information acquisition unit 112 described later to the image forming apparatus 10. The information acquisition unit 112 acquires information recorded on the IC card set by the user. The control unit 113 performs various controls of the IC card R / W device 11 including the communication unit 111, the authentication information acquisition unit 112, and the like.

  The authentication unit 301 performs authentication processing by comparing authentication information received from the image forming apparatus 10 via a communication unit 303 described later and authentication standard information held by an authentication reference information holding unit 302 described later. In the authentication process, a data process for converting the data into a collable state is performed according to the authentication information received from the image forming apparatus 10.

  The authentication standard information holding unit 302 holds authentication standard information for performing authentication processing. The communication unit 303 performs various communication processes such as transmitting authentication success / failure information related to the success / failure of authentication performed by the authentication unit 301 to the image forming apparatus 10 as an authentication result. The control unit 304 performs various controls of the external authentication server device 30 including the authentication unit 301, the authentication reference information holding unit 302, the communication unit 303, and the like.

  With the configuration of the functions described above, in the authentication system 1 according to the present embodiment, the user performs an operation (authentication information input) for performing authentication on the IC card R / W device 11, thereby forming an image. When the authentication process is performed in the apparatus 10 (or the external authentication server apparatus 30) and the authentication is successful, the use of the image forming apparatus 10 can be started.

(Example of authentication processing operation)
FIG. 6 is a sequence diagram illustrating an example of an authentication process according to an embodiment of the present invention. Here, when the user performs an operation for authenticating the IC card R / W device 11 (input of authentication information), authentication processing is performed in the image forming apparatus 10 (or the external authentication server apparatus 30). When the authentication is successful, the use of the image forming apparatus 10 can be started. This series of operations will be described with reference to the block diagram of FIG.

  The first information acquisition unit 104A shown in FIG. 5 is set in advance to acquire unique information such as a manufacturing number uniquely assigned to the IC card as the first information. Assume that 104B is set to acquire personal authentication information (user name, password, etc.) recorded on the IC card as second information.

  First, the image forming apparatus 10 displays an authentication request screen (S1). Here, the authentication request receiving unit 106 receives an authentication request from the application layer 210. Furthermore, the display control unit 107 displays a screen for prompting input of authentication information as shown in FIG. 7 on a display unit such as the operation unit 130 (see FIG. 2). FIG. 7 is a diagram illustrating a screen display example of a copy application that prompts input of authentication information. FIG. 7 shows a screen displayed on the screen display unit or the operation panel of the image forming apparatus 10 and is displayed by enabling the authentication function in the image forming apparatus 10. Authentication information can be acquired by setting an authentication token corresponding to an authentication method in the IC card R / W device 11, for example, an IC card for authentication based on an IC card, or a finger or palm for biometric authentication. Done. Note that a screen as shown in FIG. 8 can be displayed instead of the screen as shown in FIG. FIG. 8 is a diagram illustrating another example of a screen display of a copy application that prompts input of authentication information. In FIG. 8, the user is prompted to set an authentication card (IC card).

  Further, the authentication request screen displayed in step S1 can be switched between the screen of FIG. 7 and the screen of FIG. An example of this switching operation will be described later with reference to FIG.

  Subsequently, the process proceeds to step S2, and the IC card R / W device 11 acquires information recorded on the IC card set by the user as authentication information (S2). Here, the information acquisition unit 112 acquires unique information such as a manufacturing number uniquely assigned to the IC card, which is the first information recorded on the IC card according to the first authentication information acquisition unit 104A. Further, the communication unit 111 transmits the acquired information to the image forming apparatus 10.

  In step S3, the image forming apparatus 10 determines whether or not the authentication information has been successfully acquired in step S2 (S3). When acquisition of authentication information is successful (S3, YES), the process proceeds to step S4. When acquisition of authentication information fails (S3, NO), the process proceeds to step S15.

  When the process proceeds to step S4, the image forming apparatus 10 displays an authenticating screen (S4). Here, the display control unit 107 displays that the authentication is being performed on the screen display unit or the operation panel of the image forming apparatus 10.

  Subsequently, the process proceeds to step S5, and the image forming apparatus 10 performs an authentication process (S5). Here, the authentication unit 102 performs authentication using the authentication information acquired in step S <b> 2 and the authentication standard information stored in the authentication standard information storage unit 103. Alternatively, the authentication can be performed by instructing the external authentication server device 30 to receive an authentication result.

  In step S6, the image forming apparatus 10 determines whether the authentication process is successful (S6). If the authentication process is successful (S6, YES), the process proceeds to step S7, and the image forming apparatus 10 can use the application screen that can be used on the display unit such as the operation panel because the authentication process performed in step S5 is successful. Is displayed and the authentication waiting state is canceled (S7). Here, the control unit 109 switches the image forming apparatus 10 from the unusable state to the usable state according to the authentication result performed in step S5. That is, the control unit 109 causes the authentication request answering unit 106 to make a response indicating that the authentication is successful to the application layer 210, and the application layer 210 switches the application to a usable state according to this answer. For example, by displaying a screen as shown in FIG. 9, the use of the image forming apparatus 10 is permitted and the function is enabled. FIG. 9 is a diagram illustrating a screen display example of the copy application after the authentication is completed.

  When the authentication process fails in step S6 (S6, NO), the process proceeds to step S8, and the image forming apparatus 10 switches to another authentication information acquisition method and acquires authentication information from the IC card (S8). Here, since the authentication based on the first information recorded in the IC card has failed, the second information acquisition unit 104B is switched to the setting of the second information acquisition unit 104B and the second information different from the first information acquired in step S2, IC The personal authentication information recorded on the card is acquired as authentication information.

  Subsequently, the process proceeds to step S9, and the image forming apparatus 10 determines whether or not the authentication information has been successfully acquired in step S8 (S9). When acquisition of authentication information is successful (S9, YES), the process proceeds to step S10. When acquisition of authentication information fails (S9, NO), the process proceeds to step S13.

  When the process proceeds to step S10, the image forming apparatus 10 performs an authentication process (S10). Here, the authentication unit 102 uses the second information acquired in step S8 and the authentication standard information stored in the authentication standard information storage unit 103 to determine whether the acquired second information belongs to the device administrator. Authenticate. Alternatively, this can be done by instructing the external authentication server device 30 to receive an authentication result and receiving the authentication result. Here, the second information includes information related to the device administrator of the image forming apparatus 10, and the authentication unit 102 authenticates the administrator of the image forming apparatus based on the acquired second information. I do.

  Even if the IC card of the device manager is lost or damaged by retrying with other authentication information acquisition means when acquisition of the set first information fails as in step S10, the device You will be able to log in with another IC card prepared for the administrator. As a result, it is possible to eliminate the adverse effects caused by the fact that the device administrator cannot log in, so that the device can be operated without any problem.

  In step S11, the image forming apparatus 10 determines whether or not the device manager authentication process in step S10 is successful (S11). If the authentication process is successful (S11, YES), the process moves to step S12 and logs in with the device administrator authority (S12).

  If the authentication process fails in step S11 (S11, NO), the process proceeds to step S13, and the image forming apparatus 10 displays an authentication failure screen (S13). Here, the display control unit 107 displays on the screen display unit or the operation panel of the image forming apparatus 10 that the authentication result is unsuccessful. For example, displaying the screen as shown in FIG. 10 indicates that the authentication result of the image forming apparatus 10 has failed. FIG. 10 shows a screen display example when the authentication result is failure.

  In step S14, the image forming apparatus 10 displays an authentication request screen (S14). Here, a screen for prompting input of authentication information as shown in FIG. 7 is displayed, and the process returns to step S1.

  When the process proceeds to step S15, since the acquisition of the authentication information according to step S2 has failed, the image forming apparatus 10 switches to another authentication information acquisition method and acquires the authentication information from the IC card (S15). Here, since the acquisition of the first information recorded in the IC card has failed, the second information acquisition unit 104B is switched to the setting of the second information acquisition unit 104B, and the second information different from the first information acquired in step S2, the IC card The personal authentication information recorded in is acquired as authentication information.

  Subsequently, the process proceeds to step S16, and the image forming apparatus 10 determines whether or not the authentication information has been successfully acquired in step S15 (S16). When acquisition of authentication information is successful (S16, YES), the process proceeds to step S17. If acquisition of authentication information has failed (S16, NO), the process ends here.

  When the process proceeds to step S <b> 17, the image forming apparatus 10 displays an authenticating screen (S <b> 17). Here, the display control unit 107 displays that the authentication is being performed on the screen display unit or the operation panel of the image forming apparatus 10.

  Subsequently, the process proceeds to step S18, and the image forming apparatus 10 performs an authentication process (S18). Here, the authentication unit 102 uses the second information acquired in step S8 and the authentication standard information stored in the authentication standard information storage unit 103 to determine whether the acquired second information belongs to the device administrator. Authenticate. Alternatively, this can be done by instructing the external authentication server device 30 to receive an authentication result and receiving the authentication result. Here, the second information includes information related to the device administrator of the image forming apparatus 10, and the authentication unit 102 authenticates the administrator of the image forming apparatus based on the acquired second information. I do.

  Even if the IC card of the device administrator is lost or damaged by retrying with other authentication information acquisition means when acquisition of the set first information fails as in step S18, the device You will be able to log in with another IC card prepared for the administrator. As a result, it is possible to eliminate the adverse effects caused by the fact that the device administrator cannot log in, so that the device can be operated without any problem.

  In step S19, the image forming apparatus 10 determines whether the device manager authentication process in step S18 is successful (S19). If the authentication process is successful (S19, YES), the process proceeds to step S20, and login is performed with device administrator authority (S20).

  If the authentication process fails in step S19 (S19, NO), the process proceeds to step S21, and the image forming apparatus 10 displays an authentication failure screen (S21). Here, the display control unit 107 displays on the screen display unit or the operation panel of the image forming apparatus 10 that the authentication result is unsuccessful. For example, displaying the screen as shown in FIG. 10 indicates that the authentication result of the image forming apparatus 10 has failed.

  In step S22, the image forming apparatus 10 displays an authentication request screen (S22). Here, a screen for prompting input of authentication information as shown in FIG. 7 is displayed, and the process returns to step S1.

  Through the processing described above, the user performs authentication (input of authentication information) for performing authentication on the IC card R / W device 11, thereby authenticating in the image forming apparatus 10 (or the external authentication server apparatus 30). When the process is executed and the authentication is successful, the use of the image forming apparatus 10 can be started.

  If authentication based on the first information fails or acquisition of the first information fails as in step S8 or S15, the authentication information is acquired from the IC card by switching to the second information acquisition unit 104B. The authentication process is performed again. Therefore, information recorded on the IC card can be used effectively.

  Further, in this operation example, the first information acquisition unit 104A and the second information acquisition unit 104B in FIG. 5 each include unique information such as a manufacturing number uniquely assigned to the IC card in advance. The personal information (user name / password, etc.) recorded on the IC card is set as the second information. However, the present invention is not limited to this.

  For example, the first information acquisition unit 104A is set to acquire personal authentication information (user name, password, etc.) recorded on the IC card as the first information, and the second information acquisition unit 104B has the IC card. It may be set such that unique information such as a serial number assigned uniquely is acquired as the second information.

(Example of switching operation of authentication request screen)
FIG. 11 is a flowchart showing an example of an authentication request screen switching operation according to an embodiment of the present invention. Here, an operation related to switching of the authentication request screen displayed in step S1 and the like of FIG. 5 will be described.

  First, the image forming apparatus 10 displays an authentication request screen “IC card only” as shown in FIG. 8 (S21). Here, a description will be made on the assumption that the setting item “Combination of authentication methods” is set to “No” on the authentication method setting screen shown in FIG. 12 (FIG. 12 will be described in detail later). In this case, the device cannot be used without an IC card, so the security level is high. However, if the device administrator cannot use the IC card due to loss or damage, the device cannot be used. . This state is avoided by steps S22 and S23 described later.

  Subsequently, the process proceeds to step S22, and the image forming apparatus 10 performs a specific operation by the user (S22). The specific operation here is, for example, a combination of hardware keys on the operation panel that only the device administrator can know.

  Subsequently, the process proceeds to step S23, and the image forming apparatus 10 displays an authentication request screen “use together” as shown in FIG. 7 (S23). The screen transitions to an authentication request screen in which characters can be manually input with the IC card as shown in FIG.

  By the processing described above, an operation related to switching of the authentication request screen displayed by the image forming apparatus 10 in step S1 of FIG. 5 is performed. Therefore, when the authentication method is set to IC card only, the situation where the device administrator cannot set the device when the device card is lost or damaged and cannot be used is avoided. It is possible to operate the equipment smoothly.

(Authentication method setting)
FIG. 12 is a diagram illustrating a display example of the authentication method setting screen. The device administrator performs various settings related to the IC card authentication function on the screen as shown in FIG. The executed setting is held by the authentication setting unit 104 (see FIG. 5) or the like.

  On the screen of FIG. 12, a method for acquiring authentication information from the IC card is selected by pressing a setting button of the corresponding IC card (authentication card). For example, when “authentication card A” is set, authentication information acquisition means corresponding to a specific IC card is mounted, and authentication information is obtained by accessing a storage area holding authentication information in the IC card. To get. When “authentication card B” is set, it is an authentication method for acquiring easily readable information uniquely assigned to each IC card such as a manufacturing number as authentication information.

  As a result, it becomes possible to select a plurality of authentication information acquisition methods from the IC card, and the number of compatible IC cards increases, so that the environment in which the authentication function by the IC card can be used increases. Information security is improved.

  In addition, by making information uniquely determined for each IC card from information that can be acquired from a plurality of IC cards as authentication information, a device manufacturer can have access means to the authentication information recorded in the IC card. No need to disclose. In addition, since the device manufacturer does not have to deal with the access method to the authentication information of the IC card which is different for each unit such as a company or a school where the device is introduced, the manufacturing cost can be reduced.

  When the setting of the IC card authentication type is changed on the setting screen of FIG. 12, the setting item “combination of authentication methods” is moved to “Yes”. The combined use of the authentication method indicates that both the authentication method performed by acquiring authentication information from the IC card and the authentication method performed by inputting characters from the operation unit are validated. Here, when the setting of the authentication method combination is set to “Never”, authentication by the IC card of the device administrator is performed, and the setting “No” is valid only when the authentication is successful.

  As a result, it is possible to avoid accidentally setting the authentication method using only the IC card, and the device operation is not hindered.

  FIG. 13 is a diagram illustrating a display example of the authentication information setting screen of the device administrator. On the screen of FIG. 13, it is possible to set the authentication information of the device manager to be acquired from the IC card or acquired by the character input means. When the authentication information such as the login user name and the login password is changed, the authentication of the device administrator with the IC card is requested when the setting button is pressed. When the authentication is successful, the change of the authentication information is confirmed, and when the authentication is unsuccessful, the change is not confirmed. Thereby, when changing the authentication information of the device manager, if the authentication method is set to only the IC card, it is possible to avoid the case where the device manager becomes unable to use the device.

  As described above, the present invention has been described based on the embodiments, but the present invention is not limited to the requirements shown here, such as combinations with other elements listed in the above embodiments. With respect to these points, the present invention can be changed within a range that does not detract from the gist of the present invention, and can be appropriately determined according to the application form.

It is a figure which shows the example of the authentication system structure which concerns on one Embodiment of this invention. 1 is a diagram illustrating an example of a hardware configuration of an image forming apparatus according to an embodiment of the present invention. FIG. 3 is a diagram illustrating an example of a software configuration of an image forming apparatus according to an embodiment of the present invention. It is a figure which shows an example of the software module structure which paid its attention to the authentication control service. It is a figure which shows the 1st example of a function structure of the authentication system which concerns on one Embodiment of this invention. It is a sequence diagram which shows an example of the authentication process which concerns on one Embodiment of this invention. It is a figure which shows the example of a screen display of the copy application which prompts authentication information input. It is a figure which shows another example of the screen display of the copy application which prompts authentication information input. It is a figure which shows the example of a screen display of the copy application after authentication completion. It is a figure which shows the example of a screen display at the time of authentication failure. It is a sequence diagram which shows an example of the switching process of the authentication request | requirement screen which concerns on one Embodiment of this invention. It is a figure which shows the example of a display of an authentication method setting screen. It is a figure which shows the example of a display of a device administrator's authentication information setting screen.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Authentication system 10 Image forming apparatus 11 IC card R / W apparatus 30 External authentication server apparatus 101 Information acquisition part 102 Authentication part 103 Authentication reference information holding part 104 Authentication setting part 104A 1st information acquisition means 104B 2nd information acquisition means 104C User input authentication setting means 105 Communication unit 106 Authentication request reception (answer) unit 107 Display control unit 108 Input unit 109 Control unit 111 Communication unit 112 Authentication information acquisition unit (input unit)
113 Control Unit 301 Authentication Unit 302 Authentication Criteria Information Holding Unit 303 Communication Unit 304 Control Unit 220g Authentication Control Service

Claims (13)

First information acquisition means for acquiring first preset information among the plurality of information from a portable recording medium on which the plurality of information is recorded;
Second information acquisition means for acquiring second information different from the preset first information of the plurality of information from the portable storage medium;
Authentication means for performing authentication based on the information acquired by the first information acquisition means or the second information acquisition means;
A control unit that enables the image forming apparatus when authentication by the authentication unit is successful,
The image forming apparatus, wherein the first information acquisition unit acquires information in preference to the second information acquisition unit.   The first information acquisition unit switches to the second information acquisition unit when acquisition of the first information fails or when authentication based on the first information fails. The image forming apparatus according to 1. The second information includes information relating to an administrator of the image forming apparatus,
The image forming apparatus according to claim 2, wherein the authentication unit performs authentication related to an administrator of the image forming apparatus based on the second information acquired by the second information acquisition unit. When the second information is information indicating a predetermined administrator of the image forming apparatus, an information acquisition request presentation for presenting an acquisition request for information on the predetermined administrator by the first authentication information acquisition unit Means,
An administrator information updating means for updating information related to the registered predetermined administrator based on the information acquired in response to the presentation by the information acquisition request presenting means;
The image forming apparatus according to claim 3, further comprising:   The first information and the second information are user personal authentication information, device specific information of the portable recording medium, device specific information of the portable recording medium, and user personal authentication information, respectively. The image forming apparatus according to claim 1, wherein the image forming apparatus is an image forming apparatus. An authentication information input means for the user to input authentication information;
Authentication setting means for setting whether or not to perform user input authentication based on the authentication information input by the authentication information input means;
Have
The authentication unit further performs authentication based on authentication information input by the authentication information input unit when the user input authentication is set by the authentication setting unit. The image forming apparatus according to claim 5.   The said authentication setting means cancels | releases the setting which does not perform this user input authentication by predetermined | prescribed operation input, even when the setting which does not perform the said user input authentication is carried out. Image forming apparatus.   The authentication setting unit cancels the setting for not performing the user input authentication when the setting for the first or second information is changed even when the setting for not performing the user input authentication is performed. The image forming apparatus according to claim 6, wherein the image forming apparatus is an image forming apparatus.   9. The external authentication server device connected to the image forming apparatus via a network instead of the image forming apparatus having the authentication unit includes the authentication unit. The image forming apparatus described in 1. An authentication method in an image forming apparatus,
A first information acquisition step of acquiring preset first information of the plurality of information from a portable recording medium on which the plurality of information is recorded;
A second information acquisition step of acquiring, from the portable storage medium, second information different from the first information set in advance among the plurality of information;
An authentication step for performing authentication based on the information acquired in the first information acquisition step or the second information acquisition step;
A control step for enabling use of the image forming apparatus when authentication in the authentication step is successful;
In the authentication method, the first information acquisition step acquires information in preference to the second information acquisition step.   The said 1st information acquisition process is switched to said 2nd information acquisition process, when acquisition of said 1st information fails or when authentication based on said 1st information fails. 10. The authentication method according to 10.   An authentication program for causing a computer to execute processing according to each unit of the image forming apparatus according to any one of claims 1 to 9.   A computer-readable recording medium on which the authentication program according to claim 12 is recorded.

Images