JP2009099086A - Service providing system, service providing device, and method for managing service providing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a service providing system for preventing services from being illegally used, a service providing device, and a method for managing the service providing system. <P>SOLUTION: The service providing system 1 is provided with a first authentication device 2a and a second authentication device 2b, and the service providing device 4. The service providing device 4 allows providing a printing service (referred to Fig.5(a)) when a user U1 owning both the first authentication device 2a and the second authentication device 2b exists within the range of a communication range H by a radio communication unit 3. When either the first authentication device 2a or the second authentication device 2b is outside the range of the communication range H, the device 4 does not allow providing a service to the user (Fig.5(b) and (c) are referred to). Thus, when either of the authentication devices 2 is lost or stolen, a printing service by using the lost or stolen authentication device is prevented from being illegally used. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a service providing system that provides a user with a service such as a printing service, a service providing apparatus, and a management method for the service providing system.

  Conventionally, if a user who has a legitimate right to receive a service is authenticated by an ID card and can be authenticated as a legitimate user, a service such as a print service can be provided to provide unauthorized services A system for preventing the use is widely known (for example, see Patent Document 1).

JP 2000-31382 A

  However, in the conventional technology, when the ID card is stolen or when the user loses the ID card, a person who does not have the right to receive services can use the ID card that has been stolen or lost. Can receive service on behalf of the person. As described above, there is a possibility that the service is illegally used when the ID card is stolen or lost.

  SUMMARY An advantage of some aspects of the invention is to solve at least a part of the problems described above, and the invention can be implemented as the following forms or application examples.

  Application Example 1 A service providing system comprising a predetermined number of authentication devices of two or more that a user should possess and a service providing device that provides a service, wherein the service providing device provides the service Service means for communication, communication means capable of communicating with the authentication device within a predetermined communication range, and communication through the communication means to detect the authentication device within the communication range. And a service management means for permitting service provision by the service means when a predetermined number of the authentication devices are detected.

  According to this configuration, service provision is permitted when the user has a predetermined number of authentication devices of 2 or more and is within the communication range of the communication means. On the other hand, service provision is not permitted when any one of the predetermined number of authentication devices is out of the communication range. Thereby, for example, even if any of the plurality of authentication devices is stolen or lost, service provision is not permitted only with a stolen authentication device or a lost authentication device. A person who possesses a stolen authentication device or a lost authentication device cannot receive the service. As described above, since the service cannot be received unless the user possesses a predetermined number of authentication apparatuses, unauthorized use of the service can be prevented.

  Application Example 2 In the service providing system, each of the predetermined number of the authentication devices includes a storage unit that stores authentication information for receiving authentication, and the communication unit is within the communication range. The authentication information stored in the storage means is received from each authentication device, and the service management means performs authentication based on the received authentication information for each authentication device, and all the authentication devices of a predetermined number of the authentication devices are A service providing system characterized by permitting service provision when authentication is successful.

  According to this configuration, the authentication is performed for each device of the predetermined number of authentication devices, and the service is provided when all the devices of the plurality of authentication devices can be authenticated, thereby preventing unauthorized use of the service more reliably. be able to.

  Application Example 3 In the service providing system, the service management unit is configured to receive authentication via the communication unit when at least one authentication device of a predetermined number of the authentication devices cannot be authenticated. A service providing system, wherein a command for invalidating a function is transmitted to each authentication device.

  According to this configuration, when at least one authentication device of a predetermined number of authentication devices cannot be authenticated, the function for receiving authentication of each authentication device within the communication range is invalidated. Unauthorized use of services can be prevented more reliably. For example, when a person who possesses a stolen or lost authentication device tries to receive service, the authentication device that has been stolen or lost is invalidated. become.

  Application Example 4 In the service providing system, when the service management unit cannot authenticate at least one of the authentication devices of a predetermined number of the authentication devices, the service management unit stores the storage unit via the communication unit. A service providing system in which a function for receiving authentication is invalidated by transmitting a command for deleting the authentication information to each authentication device.

  According to this configuration, the authentication information stored in the storage unit of the authentication device is deleted, and the authentication unit is not stored in the disabled storage unit of the authentication device. Accordingly, for example, it is possible to prevent leakage of authentication information due to unauthorized acquisition of authentication information from a stolen or lost authentication device, so that unauthorized use of the service can be prevented more reliably.

  Application Example 5 In the service providing system, the service providing apparatus further includes operation input means for receiving an operation input, and the service management means includes the predetermined number of authentications including the invalidated authentication apparatus. In addition to the device, when a predetermined number of authentication devices can be authenticated, when an instruction operation for canceling the invalidation of the invalidated authentication device is input to the operation input means, the communication means And a command for canceling the invalidation of the function for receiving authentication to the invalidated authentication device.

  According to this configuration, when a predetermined number of authentication devices can be authenticated in addition to the predetermined number of authentication devices including the disabled authentication device, an instruction operation from a user who owns the authenticated authentication device The function of the disabled authentication device is restored. As a result, the function of the authentication device once invalidated can be recovered without lowering the security level of the system, so that convenience in system operation is improved. For example, when the lost authentication device is found after the other authentication device of the lost authentication device is invalidated, the function of the invalidated authentication device is restored, and the found authentication device and function are restored. The service can be received again by the authentication device.

  Application Example 6 In the service providing system, the service providing apparatus further includes a registration unit in which the authentication information for each device of the predetermined number of the authentication devices is registered, and the service management unit includes a predetermined number of When at least one authentication device of the authentication device cannot be authenticated, correspondence information associated with authentication information registered in the registration unit is generated, and the authentication information stored in the storage unit is erased and Sending a command to store the correspondence information in the storage means to each authentication device via the communication means, thereby invalidating the function for receiving authentication and canceling the invalidation of the invalidated authentication device When doing so, the correspondence information is obtained from the storage means of the invalidated authentication device via the communication means, and the correspondence information is obtained. Certificate information is read from the registration means, and the correspondence information stored in the storage means is erased, and a command for storing the read authentication information in the storage means is transmitted to the authentication device via the communication means. Service providing system characterized by

  According to this configuration, since the authentication information is erased and the correspondence information is stored in the invalidated authentication device storage means, leakage of the authentication information from the authentication device is prevented, and unauthorized use of the service is ensured. Can be prevented. Further, when canceling the invalidation, the authentication information corresponding to the disabled authentication device correspondence information is stored in the storage unit of the disabled authentication device, and the invalidation is canceled. Can do.

  Application Example 7 A service providing device corresponding to two or more predetermined number of authentication devices to be possessed by a user, the service means for providing the service, and the service means within the predetermined communication range When the communication device capable of communicating with the authentication device and the authentication device within the communication range are detected by communication via the communication device, and the predetermined number of the authentication devices can be detected, the service device And a service management unit that permits service provision by the service provision apparatus.

  According to this configuration, since the service cannot be provided unless the person has a predetermined number of authentication devices equal to or greater than 2, unauthorized use of the service can be prevented.

  Application Example 8 A service providing system management method comprising a predetermined number of two or more authentication devices to be possessed by a user and a service providing device that provides a service, wherein the service providing device communicates The service providing system management method is characterized in that, when the authentication device within a predetermined communication range within which communication is possible is detected and a predetermined number of authentication devices are detected, service provision is permitted. .

  In this way, the service cannot be provided unless a person possesses a predetermined number of authentication devices equal to or greater than two, so that unauthorized use of the service can be prevented.

(First embodiment)
Hereinafter, a first example according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a diagram illustrating a configuration of a service providing system according to the first embodiment. As shown in FIG. 1, the service providing system 1 includes a plurality of authentication devices 2 and a service providing device 4. This service providing system 1 requires a plurality of authentication devices 2 for a predetermined user registered in advance to use the service providing system 1. In this embodiment, the number of authentication devices 2 is set to “ 2 ”, and the two authentication devices 2 are also referred to as a first authentication device 2a and a second authentication device 2b. Hereinafter, each component of the service providing system 1 will be described.

  First, the authentication device 2 will be described. FIG. 2 is a diagram illustrating a configuration of the authentication apparatus. The 1st authentication apparatus 2a among the authentication apparatuses 2 is an authentication apparatus comprised so that attachment to a user's body was possible. Specific examples of the first authentication device 2a include a watch, glasses, a bracelet, and the like equipped with an authentication IC chip. The second authentication device 2b is a non-contact IC card on which an authentication IC chip is mounted. As shown in FIG. 2, the authentication device 2 (first authentication device 2a, second authentication device 2b) includes a wireless communication I / F 20 for performing wireless communication, a user name and authentication ID that owns the authentication device 2. An EEPROM (storage means) 21 that stores information 100 in advance, a CPU 22 that controls these configurations, a ROM 23, and a RAM 24 are provided. The authentication ID information 100 is a user-specific authentication device 2 (hereinafter also referred to as a “legitimate user”, a user registered in a database, which will be described later) having the right to receive services. Hereinafter, it is also referred to as “authorized authentication device.” This is identification information of an authentication device registered in association with a user in a database to be described later.

  Next, the service providing apparatus 4 will be described. FIG. 3 is a diagram showing a configuration of the service providing apparatus 4. The service providing apparatus 4 of this embodiment is a printer that provides a printing service to a user. As shown in FIG. 3, a controller 40, an operation panel (operation input means) 41, a print engine 42, and wireless communication. A unit (communication means) 43.

  The controller 40 includes a CPU (service management means) 44, a ROM 45, a RAM 46, an EEPROM 47, a panel I / F 48, an engine I / F 49, and an internal I / F 50. The panel I / F 48 is an interface part for the operation panel 41, the engine I / F 49 is an interface part for the print engine 42, and the internal I / F 50 is an interface part for the wireless communication unit 43.

  A user database (registration means) is stored in the storage area of the EEPROM 47, and the user name of the authorized user and the authentication ID information 100 of the authorized authentication device are registered in advance in the user database. Yes. Specifically, as shown in FIG. 4 as an example, the user database DB includes a valid user name of the system, authentication ID information of the first authentication device 2a owned by the user, and a second authentication device. The authentication ID information 2b is registered in association with each other.

  The ROM 45 stores in advance a control program for controlling each component of the service providing apparatus 4 to perform print processing, print service management, and the like. The CPU 44 is a part that mainly controls the service providing apparatus 4, reads out a control program from the ROM 45, and executes the control program using the RAM 46, thereby performing various controls such as print control and security of the print service. Perform management.

  Here, an outline of security management in the service providing system 1 will be described. The service providing apparatus 4 permits the provision of the printing service when a user who possesses both the first authentication apparatus 2a and the second authentication apparatus 2b is within a communication range in which the wireless communication unit 43 can communicate. Security management. For example, as shown in FIG. 5A, when a legitimate user U1 possessing the first authentication device 2a and the second authentication device 2b is within the communication range H of the wireless communication unit 43, the service is provided. The device 4 permits service provision to the user U1.

  FIG. 5B shows a state in which the second authentication device 2b is lost or stolen and the user U1 enters the communication range H in order to receive the service. As shown in FIG. 5B, when only the first authentication device 2a is within the communication range H, the service providing device 4 does not permit the service provision to the user U1.

  Further, FIG. 5 (c) shows that the user U2 who does not have the right to receive the service possesses the second authentication device 2b lost by the user U1 or the second authentication device 2b stolen from the user U1. The state when the communication range H is entered to receive the service is shown. In this case, since the user U2 has only the second authentication device 2b, the service providing device 4 prevents unauthorized use of the service by denying service provision to the user U2.

  That is, the service providing apparatus 4 provides a print service by authenticating a user who possesses both the first authentication apparatus 2a and the second authentication apparatus 2b as a legitimate user. Security management is performed so as not to provide a print service to a user who possesses one of the two authentication devices 2b.

  Although details will be described later, in the security management in this system, as described above, in addition to the authentication process for authenticating a legitimate user, whether or not the service provided by the authentication process is to be continuously provided. A service continuation process for determining the authentication apparatus 2, an invalidation process for invalidating the authentication apparatus 2 when only one of the first authentication apparatus 2 a and the second authentication apparatus 2 b is within the communication range H, or a predetermined process The invalidation cancellation process which cancels invalidation by operation of is included. Hereinafter, various types of security management processing will be described in detail with reference to flowcharts.

(Authentication process)
First, an authentication process performed when service provision to a user is started will be described. FIG. 6 is a flowchart showing the flow of the authentication process. For example, the authentication process is started at the timing when the signal of the authentication device 2 is detected within the communication range H, or at the timing of every predetermined time.

  When the authentication process is started, the service providing device 4 determines whether or not the first authentication device 2a can be detected within the communication range H (step S100). Here, the wireless communication unit 43 transmits a command for causing the first authentication device 2 a to transmit the authentication ID information 100 to each authentication device 2 within the communication range H. When there is a reply from the first authentication device 2a responding to the command, it is determined that the first authentication device 2a has been detected within the communication range H (step S100: Yes), and the process proceeds to step S101. If there is no reply from the first authentication device 2a, it is determined that the first authentication device 2a has not been detected within the communication range H (step S100: No), and the process proceeds to step S106.

  When the process proceeds to step S101, the service providing apparatus 4 is registered as a valid first authentication apparatus 2a by collating the received authentication ID information 100 with the authentication ID information registered in the user database DB. Judge whether or not. When the matching authentication ID information is registered in the user database DB (step S101: Yes), the process proceeds to step S102. If the matching authentication ID information is not registered in the user database DB (step S101: No), the process proceeds to step S106.

  When the process proceeds to step S102, the service providing apparatus 4 determines whether or not the second authentication apparatus 2b corresponding to the user of the first authentication apparatus 2a authenticated in step S101 can be detected. Here, as in step S100, a command for causing the second authentication device 2b to transmit the authentication ID information 100 is transmitted to each authentication device 2 within the communication range. If there is a reply from the second authentication device 2b corresponding to the user of the first authentication device 2a authenticated in step S101, it is determined that the second authentication device 2b can be detected within the communication range H ( Step S102: Yes), the process proceeds to Step S103. If there is no reply from the second authentication device 2b, it is determined that the second authentication device 2b has not been detected within the communication range H (step S102: No), and the process proceeds to step S105.

  When the process proceeds to step S103, the service providing apparatus 4 receives the authentication ID information 100 of the received signal and the second authentication registered in the user database DB corresponding to the user of the first authentication apparatus authenticated in step S101. By comparing with the authentication ID information for the device, it is determined whether or not the device is registered as a valid second authentication device 2b (step S103). If the matching authentication ID information is registered in the user database DB (step S103: Yes), the valid first authentication device 2a and second authentication device 2b are detected within the communication range H of the wireless communication unit 43. Then, since it can be determined that the state shown in FIG. 5A is obtained, the service start to the user is permitted (step S104). Here, the CPU 44 controls each component of the service providing apparatus 4 to make the functions of the printer, such as printing by the print engine 42, available to the user, thereby providing the printing service. If the service start is permitted, the authentication process is terminated.

  If the matching authentication ID information is not registered in the user database DB (step S103: No), the process proceeds to step S105, where the service providing apparatus 4 invalidates the function of the first authentication apparatus 2a. Process. The invalidation processing is performed when the communication range H is detected when only one of the first authentication device 2a and the second authentication device 2b of the predetermined user of the service providing system 1 is detected within the communication range H. The function for receiving authentication as a valid authentication device for the first authentication device 2a (see FIG. 5B) and the second authentication device 2b (see FIG. 5C) within the range of It is a process which makes it the state which cannot receive a service. By this invalidation processing, as shown in FIG. 5B, when the second authentication device 2b of the two authentication devices 2 is stolen or lost, the paired first authentication device 2a is invalidated. Thus, the print service cannot be received using the stolen second authentication device 2b or the lost second authentication device 2b. The details of the invalidation process will be described later.

  On the other hand, when the process proceeds from step S100 or S101 to step S106, the service providing apparatus 4 determines whether or not the second authentication apparatus 2b has been detected. If the second authentication device 2b can be detected (step S106: Yes), the process proceeds to step S107. When the second authentication device 2b cannot be detected (step S106: No), since there is no legitimate first authentication device 2a and second authentication device 2b within the communication range H, provision of a print service is provided. The authentication process is terminated without permission.

  When the process proceeds to step S107, it is checked whether or not it is registered as a valid second authentication device by checking the authentication ID information 100 of the received signal with the authentication ID information registered in the user database DB. Judgment is made (step S107). If the received authentication ID information 100 is registered as a valid second authentication device (step S107: Yes), as shown in FIG. 5C, the stolen second authentication device 2b or the lost second authentication device 2 After performing the invalidation process of the authentication device 2b (step S108), the process of FIG. 6 is terminated. When the received authentication ID information 100 has not been registered (step S107: No), since there is no valid first authentication device 2a and second authentication device 2b within the communication range H, The authentication process is terminated without permitting the print service.

(Service continuation processing)
Although the authentication process has been described above, the service providing apparatus 4 performs a service continuation process at predetermined time intervals after the start of service provision in step S104. FIG. 7 is a flowchart showing the flow of service continuation processing. Note that steps S110 to S113 of the service continuation process are the same as steps S100 to S103 of the authentication process, and S115 to S118 of the service continuation process are the same as S105 to S108 of the authentication process, and thus description thereof is omitted.

  When it is determined in step S113 that the second authentication device 2b is registered as a valid authentication device 2 and the process proceeds to step S114, the service continuation process permits continuation of service provision. Here, the CPU 44 controls each component of the service providing apparatus 4 so that the user can continue to use the functions of the printer, and the service continuation process is terminated.

  Further, after the invalidation process of step S115 or the invalidation process of step S118, or when the second authentication device 2b cannot be detected (step S116: No), it is registered as a valid second authentication device 2b. If not (step S117: No), the process proceeds to step S119, and the service provision ends. Here, the service provision is terminated when the CPU 44 controls each component of the service providing apparatus 4 so that the user cannot use the printer function. When the continuation of service provision is permitted in step S114 or the service provision is terminated in step S119, the service continuation process is terminated.

  By this service continuation process, a legitimate user possessing the first authentication device 2a and the second authentication device 2b can continue to receive the print service while in the communication range H. In addition, when a legitimate user leaves the communication range H, the service providing apparatus 4 cannot use the print service. Therefore, after the legitimate user leaves, another person illegally uses the print service. Can not be.

(Disabling process)
Next, the invalidation processing will be described with reference to the flowcharts of FIGS. FIG. 8 is a flowchart showing a flow of processing performed by the service providing apparatus in the invalidation processing, and FIG. 9 is a flowchart showing a flow of processing performed by the authentication apparatus. The processing contents of the invalidation process (step S105) of the first authentication device 2a and the invalidation process (step S108) of the second authentication device 2b are the same, and will be described below as the invalidation process for the authentication device 2. .

  When the invalidation process is started, first, the service providing apparatus 4 transmits an invalidation request to the authentication apparatus 2 to be invalidated via the wireless communication unit 43 (step S120).

  Here, when the authentication apparatus 2 receives the invalidation request from the service providing apparatus 4 via the wireless communication I / F 20, the authentication apparatus 2 starts the process of FIG. 9 and determines whether or not the authentication apparatus 2 itself functions effectively. Is determined (step S220). If it has already been revoked and does not function as an authentication device (step S220: No), the service providing device via the wireless communication unit 43 without revoking the authentication device 2 in response to the received revocation request The invalidation completion notification is transmitted to 4 (step S222), and the process of FIG. If the authentication device is functioning effectively (step S220: Yes), the authentication device 2 is invalidated (step S221). The invalidation at this time is performed by changing the setting of the authentication function to invalid by using the function for switching the validity / invalidity of the authentication function provided in the authentication device 2. More specifically, for example, a flag area indicating validity / invalidity is prepared in the EEPROM 21, and the valid / invalid state of the authentication device 2 is determined by switching the validity / invalidity of this flag. Good.

  The authentication device 2 in the invalidated state does not send a reply according to the transmission command even when it receives the authentication ID information transmission command from the service providing device 4 in step S100 or the like. As a result, the invalidated authentication device 2 cannot receive authentication in the authentication process, and cannot receive the print service. That is, the function as an authentication device for receiving the print service is invalidated. When the authentication device 2 is invalidated, the service providing device 4 transmits an invalidation completion notification to the service providing device 4 via the wireless communication unit 43 (step S222), and the processing in FIG.

  Returning to the description of FIG. 8, when the service providing apparatus 4 receives information responding to the invalidation request transmitted in step S120 from the authentication apparatus 2 (step S121), whether or not the received information is an invalidation completion notification. Is determined (step S122). If it is not an invalidation completion notification (step S122: No), there is a possibility that the authentication device 2 has not been invalidated, so the process returns to step S120 and the invalidation request is retransmitted. If it is an invalidation completion notification (step S122: Yes), the invalidation process is terminated.

  As a result of the above-described invalidation process, the authentication device 2 that has received the invalidation request is disabled from the function as the authentication device 2 and is not authenticated as the valid authentication device 2 by the service providing device 4. Further, as described in the authentication process, this invalidation process is performed when one of the first authentication device 2a or the second authentication device 2b of the predetermined user is not within the communication range H. The authentication device 2 within the range of the range H (the first authentication device 2a in the case of FIG. 5B and the second authentication device 2b in the case of FIG. 5C) is invalidated. As a result, service provision to a person who has the authentication devices 2a and 2b including the disabled authentication device 2 is not permitted.

(Disabling cancellation process)
Here, for example, when a legitimate user can find the lost second authentication device 2b as shown in FIG. 5B, the function of the invalidated first authentication device 2a is restored, It is desirable to cancel the invalidation. Therefore, in this system, invalidation can be canceled by invalidation cancellation processing. Hereinafter, the invalidation cancellation process will be described.

  The service providing apparatus 4 performs an authentication process on a user registered in the service providing apparatus such as a system administrator in addition to a user who possesses the invalidated authentication apparatus 2 and registers as a valid user. The invalidation cancellation processing is started in accordance with the instruction from the other user who has been performed. For example, as shown in FIG. 10, the user U1 possesses the invalidated first authentication device 2a and the valid second authentication device 2b, and possesses the valid first authentication device 2a and the second authentication device 2b. The user U3 who is in the communication range H with the user U3 operates the switch of the operation panel 41 by the user U3 who is authenticated by the authentication process, and the user U1 disables the first authentication device 2a which has been disabled. When an instruction for canceling is input, invalidation cancellation processing is started. FIG. 11 is a flowchart showing a flow of processing performed by the service providing apparatus 4 in the invalidation cancellation processing, and FIG. 12 is a flowchart showing a flow of processing performed by the authentication apparatus 2. Hereinafter, the invalidation cancellation process will be described with reference to a flowchart.

  When the invalidation cancellation process is started, first, the service providing apparatus 4 transmits an invalidation cancellation request including the user name to the authentication apparatus 2 via the wireless communication unit 43 (step S130).

  Here, when the authentication device 2 receives the invalidation cancellation request from the service providing device 4 via the wireless communication I / F 20, the processing of FIG. 12 is started, and whether or not the authentication device 2 has already been invalidated. Is determined (step S230). If not invalidated (step S230: No), the invalidation cancellation completion notification is transmitted to the service providing apparatus 4 via the wireless communication unit 43 without performing processing for the invalidation request (step S233). The process of 12 is finished. If it has been invalidated (step S230: Yes), it is determined whether or not the user name registered in the EEPROM 21 of the authentication device 2 itself matches the user name for which invalidation cancellation is being requested (step S231). ). If the user names match (step S231: Yes), the invalidation is canceled (step S232), and then the invalidation cancellation completion notification is transmitted to the service providing apparatus 4 via the wireless communication unit 43 ( Step S233), the process of FIG. If the user names do not match (step S231: No), the invalidation cancellation completion notification is transmitted without canceling the invalidation (step S233), and the process of FIG.

  Returning to the description of FIG. 11, when the service providing apparatus 4 receives information from the authentication apparatus 2 in response to the invalidation cancellation request transmitted in step S130 (step S131), the received information is an invalidation cancellation completion notification. Whether or not (step S132). If it is not the invalidation release completion notification (step S132: No), there is a possibility that the invalidation of the authentication apparatus 2 may not be released, so the process returns to step S130 and the invalidation release request is retransmitted. If it is an invalidation release completion notification (step S132: Yes), it has been confirmed that the invalidation of the authentication device 2 has been released, so the invalidation release processing is terminated.

  In the example of FIG. 10, the first authentication device 2a possessed by the user U1 functions effectively by the above-described invalidation cancellation processing in accordance with an instruction from another valid user U3. The user U1 who has the authentication device 2a and the second authentication device 2b can receive the print service again.

  According to the service providing system 1 described above, the following effects can be obtained.

  (1) In the service providing system 1, when the first authentication device 2a and the second authentication device 2b can be detected within the communication range H, the printing service is provided to the user. Even if a legitimate user loses one of the two authentication devices 2 or is stolen, the third user has only one of the lost authentication device 2 or the stolen authentication device 2. Person cannot receive service. Therefore, unauthorized use of a printing service by a person who does not have the right to receive services, such as a third party who has stolen the authentication device 2 from a legitimate user, or a third party who has picked up the authentication device 2 that the legitimate user has lost. Can be prevented. Therefore, the security level of the system that provides the print service is improved.

  Moreover, since the 1st authentication apparatus 2a is mounted | worn with a user's body, possibility that the 1st authentication apparatus 2a will be stolen with the 2nd authentication apparatus 2b which is an IC card becomes low, and both authentication apparatus 2a, 2b It is possible to effectively prevent unauthorized use of the service due to theft.

  (2) Through the service continuation process, a legitimate user possessing the first authentication device 2a and the second authentication device 2b determines that the service providing system has received from the user while staying within the communication range H. You can continue to receive printing services for jobs such as printing. In addition, after the legitimate user leaves the communication range H, the service providing apparatus 4 cannot use the print service. Therefore, after the legitimate user leaves, the other person who does not have the right to receive the service. Can be prevented from receiving printing services.

  (3) In the invalidation process, when one of the first authentication device 2a or the second authentication device 2b is not within the communication range H, and when the first authentication device 2a or the second authentication device is within the communication range H, When one of the authentication devices 2b is not a valid authentication device, the authentication device 2 within the communication range H is invalidated. Thus, when a person who does not have the right to receive service using the authentication device 2 lost or stolen from a legitimate user tries to receive the service (see FIG. 5C), this person Without being received, the lost or stolen authentication device 2 is invalidated. Therefore, unauthorized use of the service by a person who does not have the right to receive the service can be prevented more reliably.

  If any one of the authentication devices 2 is not authenticated, the authentication device 2 within the range of the communication range H is invalidated. Therefore, the second authentication device 2b such as a non-body-worn IC card It is desirable to use an apparatus that also serves as an authentication for a user to enter and leave an area including the range H.

  (4) In the invalidation cancellation process, the function of the invalidated authentication device 2 can be restored and the service can be used again by an instruction from a valid user such as a system administrator. Increases operational convenience. In addition, the user who possesses the invalidated authentication device 2 can be deactivated by an instruction from another authorized user, so that the security level of the system is not lowered. The function of canceling invalidation can be realized.

  (5) If the user has two authentication devices 2, the user can receive the service without performing an authentication operation such as entering a password. Therefore, the user can prevent unauthorized use of the service. A user-friendly system can be constructed.

(Second embodiment)
Next, a second embodiment will be described. In the second embodiment, the processing method of the invalidation processing and the invalidation cancellation processing is different from the first embodiment, and the authentication ID information 100 of the invalidated authentication device 2 is erased from the EEPROM 21 of the authentication device 2. Management is performed so as to be registered in the user database DB of the service providing apparatus 4. Since the configuration of the second embodiment is the same as that of the first embodiment, the same reference numerals are given and detailed description is omitted.

(Disabling process)
First, the invalidation processing according to the second embodiment will be described with reference to the flowcharts of FIGS. FIG. 13 is a flowchart showing the flow of processing performed by the service providing apparatus 4 in the invalidation processing, and FIG. 14 is a flowchart showing the flow of processing performed by the authentication apparatus 2.

  When the invalidation process is started, the service providing apparatus 4 transmits an ID information transmission request to the authentication apparatus 2 to be invalidated (step S140).

  Upon receiving information from the service providing device 4, the authentication device 2 starts the process of FIG. 14 and determines whether or not the received information is an ID information transmission request (step S240). If it is an ID information transmission request (step S240: Yes), the ID information stored in the EEPROM 21 is transmitted to the service providing apparatus (step S241). Here, since the authentication apparatus 2 is not invalidated, the authentication ID information 100 is stored in the EEPROM 21 and the authentication ID information 100 is transmitted. When the ID information is transmitted, the process of FIG.

  Returning to the description of the flowchart of FIG. 13, when the service providing apparatus 4 receives information responding to the ID information transmission request transmitted in step S140 from the authentication apparatus 2 (step S141), the received information is the authentication ID information 100. It is determined whether or not there is (step S142). If it is not the authentication ID information 100 (step S142: No), it returns to step S140 and retransmits the ID information transmission request.

  If the received information is the authentication ID information 100 of the authentication device 2 to be invalidated (step S142: Yes), the invalidation ID information (corresponding information) is associated with the authentication ID information 100 in the user database DB. Registration is performed (step S143). Here, an index corresponding to the authentication ID information 100 erased by invalidation is set, and the set index is registered as invalidation ID information. FIG. 15 is a diagram showing an example of a user database DB in which invalidation ID information is registered, and shows an example when the first authentication device 2a owned by the user U1 is invalidated. As shown in FIG. 15, when invalidating the first authentication device 2a owned by the user U1, the invalidation is performed by associating with the authentication ID information “bbb” of the first authentication device 2a owned by the user U1. ID information “123” is registered in the user database DB.

  Next, the service providing apparatus 4 transmits an ID information transmission request to the invalidation target authentication apparatus 2 in which the invalidation ID information is registered (step S144), and information that responds to the ID information transmission request from the authentication apparatus 2 is transmitted. When received (step S145), it is determined whether or not the received information is the authentication ID information 100 (step S146). If it is not the authentication ID information 100 (step S146: No), the process returns to step S144, and the ID information transmission request is retransmitted. If the received information is the authentication ID information 100 (step S146: Yes), it is determined whether or not the authentication ID information 100 received in step S141 matches the authentication ID information 100 received in step S145 (step S146). S147). If they do not match (step S147: No), the invalidation ID information registered in the previous step S143 is once deleted from the user database DB, and the process returns to step S140. If they match (step S147: Yes), the process proceeds to step S148. Thus, by collating the authentication ID information received in response to the first ID information transmission request with the authentication ID information received in response to the second ID information transmission request, Incorrect registration of the authentication ID information 100 is prevented.

  When the process proceeds to step S148, the service providing apparatus 4 transmits to the authentication apparatus 2 an authentication ID information deletion request for deleting the authentication ID information in the authentication apparatus to be invalidated.

  At this time, the authentication device 2 to be invalidated starts the flowchart of FIG. 14 at the timing when the information is received from the service providing device 4, and it is determined in step S240 that the received information is not an ID information transmission request. (Step S240: No) When it is determined in Step S242 that the received information is an authentication ID information deletion request in Step S242 (Step S242: Yes), the process proceeds to Step S243. move on. In step S243, the authentication device 2 is invalidated by deleting the authentication ID information 100 stored in the EEPROM 21. Next, when an erasure completion notification is transmitted to the service providing apparatus 4 (step S244), the processing in FIG.

  Returning to the description of the flowchart of FIG. 13, when the service providing apparatus 4 receives information in response to the authentication ID information deletion request transmitted in step S148 (step S149), whether or not the received information is a deletion completion notification. Is determined (step S150). If it is not a deletion completion notification (step S150: No), the process returns to step S148, and the authentication ID information deletion request is retransmitted. If it is an erasure completion notification (step S150: Yes), the invalidation ID information registered in step S143 to the authentication device 2 to be invalidated is transmitted to the authentication device 2 (step S151).

  At this time, the authentication device 2 starts the flowchart of FIG. 14 at the timing when the information is received from the service providing device 4, and it is determined in step S240 that the received information is not an ID information transmission request (step S240: No) Further, it is determined in step S242 that the request is not an authentication ID information deletion request (step S242: No), and in step S245, it is determined whether the received information is invalidation ID information. The information is determined (step S245: Yes). In this case, the authentication device 2 stores the invalidation ID information in the EEPROM 21 (step S246), and then ends the process of FIG. If it is determined in step S245 that the information is not invalidation ID information (step S245: No), since the received information is neither invalidation ID information, an ID information deletion request, or an ID information transmission request, the authentication device 2 The process of FIG. 14 is terminated without performing a process in response to the received information.

  Returning to the description of the flowchart of FIG. 13, when invalidation ID information is transmitted in step S <b> 151, the service providing apparatus 4 transmits an ID information transmission request to the authentication apparatus 2 to be invalidated, to the authentication apparatus 2 ( Step S152). At this time, in response to the ID information transmission request, the authentication device 2 transmits the invalidation ID information stored in the EEPROM 21 to the service providing device 4 (see step S240 in FIG. 14: Yes, step S241). When the service providing apparatus 4 receives information responding to the ID information transmission request from the authentication apparatus 2 (step S153), the service providing apparatus 4 refers to the user database DB and the received information is invalidated registered in the user database DB. It is determined whether it is ID information (step S154). Thereby, it is confirmed whether the invalidation ID information transmitted in step S151 is correctly stored in the EEPROM 21 of the authentication device 2. If the received information is not registered invalidation ID information (step S154: No), the process returns to step S151, and the invalidation ID information is retransmitted. If the received information is registered invalidation ID information (step S154: Yes), the invalidation of the authentication device 2 has been confirmed, and the invalidation process is terminated.

(Disabling cancellation process)
Next, the invalidation cancellation process will be described. 16 is a flowchart showing a flow of processing performed by the service providing apparatus 4 in the invalidation cancellation processing, and FIG. 17 is a flowchart showing a flow of processing performed by the authentication apparatus 2.

  Similar to the invalidation process of the first embodiment described above, the service providing apparatus 4 is a user who is registered in a service providing apparatus such as a system administrator in addition to the user who possesses the invalidated authentication apparatus 2. An invalidation release process is started in response to an instruction from another user who is authorized as a valid user. For example, as shown in FIG. 10, the user U1 possesses the invalidated first authentication device 2a and the valid second authentication device 2b, and possesses the valid first authentication device 2a and the second authentication device 2b. The user U3 is within the communication range H, and the user U3 authenticated by the authentication process operates the switch of the operation panel 41 to invalidate the invalidated first authentication device 2a possessed by the user U1. When an instruction to cancel the invalidation is input, the invalidation cancellation processing is started.

  When the invalidation cancellation process is started, the service providing apparatus 4 sets an initial value “0” for variables of the number of devices M and N related to the number of authentication devices necessary for authenticating itself as a service user ( Step S160).

  Next, the service providing apparatus 4 determines whether or not the value of the number of apparatuses M is less than the number of authentication apparatuses necessary for each user to use the service providing apparatus (in this embodiment, “2”). (Step S161). If the number of devices M is less than the required number of authentication devices (step S161: Yes), the process proceeds to step S162.

  When the process proceeds to step S162, the service providing apparatus 4 determines whether or not the number of determinations in step S161 has reached a predetermined number. If the number of determinations has not reached the predetermined number (step S162: No), a temporary invalidation cancellation request is transmitted to the first authentication device 2a and the second authentication device 2b possessed by the user U1 to be deactivated. (Step S163).

  Here, first, the case where the first authentication device 2a receives information via the wireless communication I / F 20 will be described as an example. The first authentication device 2a starts the process of FIG. 17 and determines whether or not the received information is a provisional invalidation cancellation request (step S260). If it is a provisional invalidation cancellation request (step S260: Yes), the first authentication device 2a determines whether or not itself has already been invalidated (step S261). In the example of FIG. 10, since the first authentication device 2a is invalidated, it is determined that it is invalidated here (step S261: Yes), and the invalidation of the first authentication device 2a is temporarily released ( Step S262), the process proceeds to step S263.

  When the process proceeds to step S263, the first authentication device 2a transmits the ID information stored in the EEPROM 21 to the service providing device. In the example of FIG. 10, since the first authentication device 2a is in a disabled state, the invalidation ID information is transmitted here. When the process of step S263 is completed, the flow of FIG. 17 is terminated and the process returns to FIG.

  Returning to the description of the flowchart of FIG. 16, when the service providing apparatus 4 receives information from the first authentication apparatus 2a in response to the provisional invalidation cancellation transmitted in step S163 (step S164), the received information is the user. It is determined whether it is ID information (authentication ID information or invalidation ID information) registered in the database DB (step S165). Here, invalid ID information is received from the first authentication device 2a, and if the received invalid ID information is registered ID information (step S165: Yes), “1” is added to the value of the number of devices M. (Step S166), the process returns to Step S161. If it is not registered ID information (step S165: No), the process returns to step S161 without changing the value of the number of devices M. When returning to step S161, the same processing is repeated, and in step S163, a provisional invalidation cancellation request is transmitted to an untransmitted authentication apparatus. As described above, when processing is performed on the first authentication device 2a, the unsent authentication device becomes the second authentication device 2b of the user U1.

  Next, a case where the second authentication device 2b receives information via the wireless communication I / F 20 will be described as an example. When the second authentication device 2b receives the information, the processing of FIG. 17 is started, and it is determined whether or not the received information is a provisional invalidation cancellation request (step S260). If it is a provisional invalidation cancellation request (step S260: Yes), the second authentication device 2b determines whether or not it is already invalidated (step S261). As shown in FIG. 10, since the second authentication device 2b has not been invalidated, it is determined that it has not been invalidated (step S261: No), and the second authentication device 2b has the authentication ID information stored in the EEPROM 21. Is transmitted to the service providing apparatus 4 (step S263). When the process of step S263 is completed, the flow of FIG. 17 is terminated and the process returns to FIG.

  When the service providing device 4 receives information from the second authentication device 2b in response to the provisional invalidation cancellation request transmitted in step S163 (step S164), the received information is registered with the ID information (that is, the user database). It is determined whether or not the authentication ID information 100 or the invalidation ID information registered in the DB (step S165). If it is registered ID information (step S165: Yes), 1 is added to the value of the number of devices M (step S166), and the process returns to step S161. If it is not registered ID information (step S165: No), the process returns to step S161 without changing the number M of devices.

  In this way, by repeatedly performing the processing of steps S161 to S166, the number M of authentication devices 2 within the communication range H is obtained by successively adding the authentication devices 2 within the communication range H. If the number of devices M has reached the number of required authentication devices (step S161: No), the process proceeds to step S167. Further, when the number of devices M does not reach the number of required authentication devices and the number of determinations in step S161 reaches a predetermined number (step S162: Yes), the process exits the loop of steps S161 to S166 and proceeds to step S167.

  In steps S161 to S166 described above, provisional invalidation cancellation is performed. However, in the processing after step S167, formal invalidation cancellation is performed. When the process proceeds to step S167, the service providing apparatus 4 determines whether or not the value of the device number N is less than the required number of authentication devices. If the number of devices N is less than the required number of authentication devices (step S167: Yes), it is determined whether or not the number of determinations in step S167 has reached a predetermined number (step S168). When the number N of authentication devices 2 within the communication range H has not reached the required number of authentication devices (step S168: No), a formal invalidation cancellation request is transmitted to the authentication device 2 (step S169). . In this formal invalidation cancellation request, the invalidation ID information received for the invalidation cancellation target first authentication device 2a and the authentication ID information corresponding to the invalidation ID information (in the example of FIG. 15, received Authentication ID information “bbb”) corresponding to the invalidation ID information “123”.

  Here, first, the flowchart of FIG. 17 will be described by taking as an example the case where the first authentication device 2a of the user U1 shown in FIG. 10 receives a formal invalidation cancellation request. Since the received information is not a provisional invalidation cancellation request, the first authentication device 2a proceeds from step S260 to step S264, and determines whether the received information is a formal invalidation cancellation request. If it is a formal invalidation cancellation request (step S264: Yes), the authentication ID information 100 and the invalidation ID information included in the formal invalidation cancellation request are compared with the ID information in itself, and either one or itself If the ID information in the EEPROM 21 coincides, the authentication ID information included in the formal invalidation cancellation request is overwritten with the invalidation ID information stored in the EEPROM 21 to cancel the invalidation of the first authentication device 2a. (Step S265). When the invalidation is canceled, an invalidation cancellation completion notification is transmitted to the service providing apparatus 4 (step S266), and the processing of FIG. If it is not a formal invalidation cancellation request (step S264: No), the processing of FIG. 17 is terminated without transmitting the invalidation cancellation completion notification.

  Returning to the description of the flowchart of FIG. 16, when the service providing apparatus 4 receives information from the first authentication apparatus 2a in response to the formal invalidation cancellation transmitted in step S169 (step S170), the received information is invalidated. It is determined whether or not it is a cancellation completion notification (step S171). If it is an invalidation cancellation completion notification (step S171: Yes), “1” is added to the value of the number N of devices (step S172), and the process returns to step S167. Here, the invalidation cancellation completion notification is received from the first authentication device 2a shown in FIG. 10, N = 1, and the process returns to S167. If it is not an invalidation cancellation completion notification (step S171: No), the process returns to step S167 without changing the value of the number N of devices.

  In the above, since the process when the first authentication device 2a of the user U1 receives the formal invalidation cancellation request has been described, when returning to step S167, N = 1 and less than 2 (step S167). : Yes), the process proceeds to step S168 and subsequent steps.

  In step S168, if the number of determinations in step S167 has not reached the predetermined number (step S168: No), a formal invalidation release request is transmitted (step S169).

  Here, it is assumed that after the formal invalidation cancellation request in step S169 is transmitted, the second authentication device 2b (see FIG. 10) of the user U1 has received the formal invalidation cancellation request. The second authentication apparatus 2b starts the processing of the flowchart of FIG. 17 and the received information is not a provisional invalidation cancellation request. Therefore, the process proceeds from step S260 to step S264, and the received information is officially invalidated cancellation. It is determined whether it is a request. If it is a formal invalidation cancellation request (step S264: Yes), the authentication ID information 100 and the invalidation ID information included in the formal invalidation cancellation request are compared with the ID information in itself. Here, the authentication ID information and the invalidation ID information included in the formal invalidation cancellation request are those of the first authentication device 2a and do not match the authentication ID information of the second authentication device 2b. For this reason, it is assumed that the second authentication device 2b has already been deactivated (step S265). When the invalidation is canceled, an invalidation cancellation completion notification is transmitted to the service providing apparatus 4 (step S266), and the processing of FIG. If it is not a formal invalidation cancellation request (step S264: No), the processing of FIG. 17 is terminated without transmitting the invalidation cancellation completion notification.

  Returning to the description of the flowchart of FIG. 16, when the service providing apparatus 4 receives information from the second authentication apparatus 2b in response to the formal invalidation cancellation transmitted in step S169 (step S170), the received information is invalidated. It is determined whether or not it is a cancellation completion notification (step S171). If it is an invalidation cancellation completion notification (step S171: Yes), “1” is added to the value of the number N of devices (step S172), and the process returns to step S167. Here, the invalidation cancellation completion notification is received from the second authentication device 2b shown in FIG. 10, N = 2, and the process returns to S167.

  In this way, by repeatedly performing the processing of steps S167 to S172, the number N of authentication devices 2 within the communication range H is acquired, and the number N of devices does not reach the required number of authentication devices. When the number N of authentication devices 2 within the range reaches the required number of authentication devices (“2” in this embodiment) (step S167: No), a pair of authentication devices 2a within the communication range H, b becomes an effective state, and the invalidation cancellation processing is terminated. On the other hand, if the number of determinations in step S167 has reached the predetermined number in the determination in step S168 (step S168: Yes), the process exits the loop in steps S167 to S172, and the number of required authentication devices is within the communication range H. Since there is no authentication device 2 sufficient for the above, after invalidation processing is performed on each authentication device 2 within the communication range H (step S173), the invalidation cancellation processing is terminated.

  According to the second embodiment, in addition to the effects (1) to (5) of the first embodiment, the following effects can be further obtained.

  (6) Since the authentication ID information 100 of the invalidated authentication device 2 is managed by the service providing device 4 and does not remain in the EEPROM 21 of the authentication device 2, authentication is performed from the invalidated authentication device 2. The ID information 100 cannot be acquired. An authentication device that has been lost or stolen and that has been handed over to a third party is invalidated when it falls within the communication range H, and there is no possibility of authentication ID information leaking from the invalidated authentication device 2. , It will be possible to prevent unauthorized use of the service more reliably.

  The first embodiment and the second embodiment of the service providing system have been described above. However, the present invention is not limited to this mode, and the following modifications may be made.

  (Modification 1) In the above embodiment, the case where the number of required authentication devices required for receiving service is “2” has been described. However, the number of required authentication devices is not limited to this, and the number of required authentication devices is 3 or more. A service may be provided to a user having a predetermined number of authentication devices 2. By increasing the number of authentication devices that the user should have to “3” or more, the security of the service can be further improved, and a system with a high security can be realized with a simple configuration.

  (Modification 2) It is good also as a system which performs security management by the wireless communication unit separate from the service provision apparatus 4. FIG. That is, as shown in FIG. 18, the wireless communication unit 3 includes a CPU 30, a ROM 31, a RAM 32, an EEPROM 33, and a wireless communication I / F 34. The service providing device 4 and the authentication device 2 are connected via the wireless communication I / F 34. The wireless communication is configured. The security management of the service providing apparatus 4 is performed by executing the authentication process, the service continuation process, the invalidation process, and the invalidation cancellation process mainly by the CPU 30 of the wireless communication unit 3.

  (Modification 3) In the above embodiment, the communication range for the first authentication device 2a and the communication range for the second authentication device 2b are the same, but the communication range may be different for each authentication device. For example, the second authentication device 2b may be a contact IC card or magnetic card, and the service providing device 4 may be provided with a card contact card reader. In this case, when the second authentication device 2b is held over a card reader, the second authentication device 2b may be authenticated and the first authentication device 2a may be authenticated by wireless communication.

  (Modification 4) In the above embodiment, the system for providing the print service has been described as an example. However, the type of service to be provided is not limited to this, and may be a service such as a bank ATM. In addition, a mobile phone equipped with a non-contact IC card or a non-contact IC chip used in an automatic ticket gate at a station or a cashier settlement machine is combined with a first authentication device 2a that a user wears on the body. By using it, unauthorized use by lost or stolen contactless IC cards and mobile phones can be prevented.

The figure which showed the structure of the service provision system which concerns on a 1st Example. The figure which showed the structure of the authentication apparatus. The figure which showed the structure of the service provision apparatus. The figure which showed an example of the user database. It is a figure for demonstrating security management, (a)-(c) is a figure which showed the example of the case assumed on security management. The flowchart which showed the flow of the authentication process. The flowchart which showed the flow of the service continuation process. The flowchart which showed the flow of the process which a service provision apparatus performs in the invalidation process. The flowchart which showed the flow of the process which an authentication apparatus performs in the invalidation process. The figure for demonstrating the conditions for starting the invalidation cancellation | release process. The flowchart which showed the flow of the process which a service provision apparatus performs in the invalidation cancellation | release process. The flowchart which showed the flow of the process which an authentication apparatus performs in the invalidation cancellation | release process. The flowchart which showed the flow of the process which a service provision apparatus performs in the invalidation process which concerns on a 2nd Example. The flowchart which showed the flow of the process which an authentication apparatus performs in the invalidation process. The figure which showed an example of the user database in which invalidation ID information was registered. The flowchart which showed the flow of the process which a service provision apparatus performs in the invalidation cancellation | release process. The flowchart which showed the flow of the process which an authentication apparatus performs in the invalidation cancellation | release process. Explanatory drawing for demonstrating a 2nd modification.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Service provision system, 2 ... Authentication apparatus, 2a ... 1st authentication apparatus, 2b ... 2nd authentication apparatus, 4 ... Service provision apparatus, 21 ... EEPROM as a memory | storage means, 41 ... Operation panel as an operation input means, 42 ... Print engine as service means, 43 ... Wireless communication unit as communication means, 44 ... CPU as service management means, 100 ... Authentication ID information as authentication information, DB ... User database as registration means, H ... Communication range.

Claims (8)

A service providing system comprising two or more predetermined number of authentication devices to be possessed by a user and a service providing device for providing a service,
The service providing apparatus includes:
Service means for providing the service;
A communication means capable of communicating with the authentication device within a predetermined communication range;
By detecting the authentication device within the communication range by communication via the communication means,
A service providing system comprising: service management means for permitting service provision by the service means when a predetermined number of the authentication devices are detected. The service providing system according to claim 1,
Each of the predetermined number of the authentication devices has storage means for storing authentication information for receiving authentication,
The communication means receives authentication information stored in the storage means from each authentication device within the communication range;
The service management means performs authentication based on the received authentication information for each authentication device, and permits service provision when all authentication devices of a predetermined number of the authentication devices have been authenticated. Offer system. The service providing system according to claim 2,
The service management means instructs each authentication apparatus to invalidate a function for receiving authentication via the communication means when at least one authentication apparatus of a predetermined number of the authentication apparatuses cannot be authenticated. A service providing system characterized by transmitting. The service providing system according to claim 3,
The service management means issues an instruction to delete the authentication information stored in the storage means via the communication means when at least one authentication device of a predetermined number of the authentication devices cannot be authenticated. A service providing system for invalidating a function for receiving authentication by transmitting to an apparatus. The service providing system according to claim 3 or 4,
The service providing apparatus further includes an operation input means for receiving an operation input,
The service management means includes
In addition to the predetermined number of authentication devices including the invalidated authentication device, an instruction operation for canceling the invalidation of the invalidated authentication device when the predetermined number of authentication devices can be authenticated. When input to an operation input unit, a service providing system is configured to transmit a command for canceling invalidation of a function for receiving authentication to the invalidated authentication device via the communication unit. The service providing system according to claim 5,
The service providing apparatus includes:
A registration unit in which the authentication information for each device of the predetermined number of the authentication devices is registered;
The service management means includes
When at least one authentication device of the predetermined number of authentication devices cannot be authenticated, correspondence information associated with the authentication information registered in the registration unit is generated, and the authentication information stored in the storage unit is deleted And invalidating the function for receiving authentication by sending an instruction to store the correspondence information in the storage means to each authentication device via the communication means,
When canceling the invalidation of the invalidated authentication device,
The correspondence information is obtained from the storage means of the invalidated authentication device via the communication means, the authentication information corresponding to the obtained correspondence information is read from the registration means, and the correspondence stored in the storage means A service providing system that transmits an instruction to erase the information and store the read authentication information in the storage means to the authentication device via the communication means. A service providing device corresponding to a predetermined number of authentication devices of two or more that the user should possess,
Service means for providing the service;
A communication means capable of communicating with the authentication device within a predetermined communication range;
By detecting the authentication device within the communication range by communication via the communication means,
A service providing apparatus, comprising: service management means for permitting service provision by the service means when a predetermined number of the authentication apparatuses are detected. A management method of a service providing system comprising a predetermined number of authentication devices of two or more that a user should possess and a service providing device that provides a service,
The service providing apparatus includes:
Detecting the authentication device within a predetermined communication range by communication,
A service providing system management method, wherein service provision is permitted when a predetermined number of the authentication devices are detected.

Images