JP2009223609A - Authentication sequence setting device and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce operation loads on an operator for forming an authentication macro for an authentication output device. <P>SOLUTION: An authentication server 14 detects an authentication output device 12X with an authentication macro being unset by acquiring information for model number, authentication mode, authentication device or the like from authentication output devices 12X and 12Y within a system 10, and searching corresponding authentication macros from an authentication macro DB 54. From the model number and authentication mode of the unset authentication output device 12X, an authentication item necessary for authentication (user ID, password, mail address, or the like) is specified. A template of authentication macro for the specified authentication item is searched from template DBs 56 and 82. A similar authentication macro of the other model related to the specified authentication item is searched from an authentication macro DB 54. A user can form an authentication macro for the unset authentication output device 12X by altering the searched template or similar authentication macro. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

The present invention relates to a technique for facilitating a troublesome work for an administrator of setting an authentication sequence in an authentication output system in which only the person can perform an output operation such as printing or folder storage by performing authentication.

In an output system including a printer or multifunction device, printing a document, storing it in a folder,
There is known a system (hereinafter referred to as an authentication output system) having an authentication output function that permits only a user identified by an authentication process to use various output functions such as facsimile transmission and electronic mail transmission. There is also known an authentication output system that includes a plurality of authentication devices corresponding to different authentication methods and can perform any of the authentication methods (for example,
Patent Document 1).

JP 2002-183093 A

There are many different environments where authentication output systems are installed. For example, what type of authentication output device (for example, a printer or a multifunction device) exists, what authentication item (for example, user ID, password, fingerprint, e-mail address, or the like) in each authentication output device Input from the user whether authentication is required for each type of output operation (for example, printing, sending e-mail, storing data in a folder, etc.) There may be various different environments in terms of what kind of user information management system is accessed to confirm the authenticity of the user information of each authentication item.

If the environment where the authentication system is installed is different, the authentication sequence (authentication processing procedure) used in the authentication system must be different. By the way, the inventor of the present invention applied the patent application 200.
No. 7-082782 proposed that an authentication sequence applied to a specific environment is set in the system in advance in a macro format (this is not known on the filing date of the present application). FIG. 1 shows an example of such a macro.

However, constructing an authentication macro as illustrated in FIG. 1 according to a specific environment is time-consuming and burdensome for the system administrator, and requires advanced knowledge and attention. There is a problem that configuration omissions and setting mistakes are likely to occur.

Accordingly, an object of the present invention is to make it easier for a person to set an authentication sequence (for example, a macro) in an authentication output system.

According to one aspect of the present invention, communication is possible with one or more authentication output devices that are configured to perform user authentication by inputting user information of one or more authentication items, respectively, and are applied to each authentication output device. An authentication sequence setting device for setting an authentication sequence; means for accessing an authentication sequence database storing an already set authentication sequence applicable to a certain type of authentication output device model; and a plurality of predetermined authentication items Means for accessing a template database storing a plurality of templates each representing a predetermined plurality of exemplary authentication sequences respectively associated with each of the authentication output devices; and specifying a model of each authentication output device from the one or more authentication output devices Device information is acquired, and the acquired device information and the authentication sequence in the authentication sequence database are acquired. Authentication output device detection means for detecting an unset authentication output device for which an applicable authentication sequence has not yet been set from among the one or more authentication output devices based on the certain model to which an application is applicable; Authentication item specifying means for specifying one or more authentication items necessary for the unset authentication output device based on the device information acquired from the unset authentication output device detected by the authentication output device detecting means; Template search means for searching a recommended template associated with the required authentication item specified by the authentication item specifying means from the template database; causing a user to create an authentication sequence applicable to the unset authentication output device A user interface for the user, and the template search method is provided on the user interface. Authentication sequence setting apparatus having an authentication processing setting means for displaying a retrieved the recommended template by is provided.

The above authentication sequence setting device has one or more authentication output devices (for example,
Device information (which specifies at least the type of each device) from the device or the like, and based on the device information, an unset authentication output device for which an authentication sequence has not yet been set Automatically detects. The authentication sequence setting device provides the user with a user interface for a user (for example, a system administrator) to create and set an authentication sequence (for example, a macro) for the unset authentication output device. At that time, the authentication sequence setting device, based on the device information of the unset authentication output device, has one or more authentication items (for example, user ID, password, biometric information, A recommended template associated with the identified authentication item is searched from the template database, and the recommended template is displayed on the user interface. In the template database, a plurality of templates respectively associated with a plurality of authentication items are stored in advance. Each template represents an example of an authentication sequence for handling each authentication item. By using the recommended template for the required authentication items displayed on the user interface, the user can create an authentication sequence for an unset authentication output device. Therefore, the burden of creating an authentication sequence for the user is reduced, and creation errors can be prevented.

The authentication sequence setting device according to an embodiment of the present invention may be further configured as follows. That is, an authentication sequence search means for searching for a similar authentication sequence for handling the required authentication item specified by the authentication item specifying means from the already set authentication sequences in the authentication sequence database is further provided. And the authentication process setting means displays the similar authentication sequence searched by the authentication sequence search means on the user interface.

According to this embodiment, a similar authentication sequence related to an authentication item necessary for an unconfigured authentication output device is automatically searched from authentication sequences of authentication output devices of other models that have already been set, Displayed on the user interface. The display of the similar authentication sequence may be performed instead of the template display described above (that is, either one of the displays is selectively performed), or the similar authentication sequence display and the template display described above may be performed. May be performed together. By using the displayed similar authentication sequence, the burden and mistake of creating an authentication sequence for the user are reduced.

The authentication sequence setting device according to an embodiment of the present invention may be further configured as follows. That is, the device information acquired from each authentication output device further specifies an authentication mode indicating the type of output operation that requires authentication in each authentication output device; a predetermined plurality of models and a predetermined plurality of Means for accessing an authentication item database storing a plurality of predetermined authentication items each associated with a combination with the authentication mode; and wherein the authentication item specifying means is obtained from the unset authentication output device. Based on the combination of the model and the authentication mode specified by the device information, the authentication item associated with the specified combination is selected from the plurality of predetermined authentication items in the authentication item database. The item is selected.

According to this embodiment, among one or more output operations that can be performed by an unconfigured authentication output device (for example, printing, scan image e-mail transmission, or scan image folder storage), an output operation type that requires authentication Is automatically specified (that is, the authentication mode). Then, based on the combination of the specified model and the authentication mode, it is specified what authentication items are necessary for the unset authentication output device. Therefore, for example, if authentication is required for storing a folder but authentication is not required for sending an e-mail, an authentication sequence for handling a folder path needs to be created, but an e-mail address is not required. Accordingly, selection of authentication items is automatically controlled. Therefore, the burden and mistakes of creating the user authentication sequence are reduced.

In the authentication sequence setting device according to the embodiment of the present invention, the above-described authentication item database may be provided in a database server installed outside the authentication sequence setting device. As an example of such an external database server, a server (for example, a server provided by the manufacturer of the authentication output apparatus) existing on the Internet or the like can be cited. By using the authentication item database provided on such an external server, the authentication sequence setting device database can be stored in a situation where various new types of authentication output devices are being released from various manufacturers. It is possible to flexibly cope with the authentication mode used in the new model and the corresponding authentication item without manually updating according to the situation.
Therefore, the burden and mistakes of creating the user authentication sequence are reduced.

The authentication sequence setting device according to an embodiment of the present invention may be further configured as follows. That is, the template database includes a first template database provided in the authentication sequence setting device and a second template database provided in a database server installed outside the authentication sequence setting device; the recommended template is the first template There is further provided a template acquisition means for checking whether the database exists in one database and, if the result of the check does not exist, acquiring the recommended template from the second template database and storing it in the first database; The template searching means searches the recommended template from the first template database.

According to this embodiment, since the recommended template is searched from the first template database in the authentication sequence setting device, the recommended template can be displayed in a short time. On the other hand, when an authentication output device of a new model is added, it is normal that there is no recommended template corresponding to the new model in the first template database. In such a case, an authentication sequence is output. A recommended template is retrieved from a second template database on a database server installed outside the apparatus, and stored in the first template database in the authentication sequence setting apparatus. As an example of such an external database server, a server (for example, a server provided by the manufacturer of the authentication output apparatus) existing on the Internet or the like can be cited. By using a template database provided on such an external server, various new models of authentication output devices are being released from various manufacturers. It is possible to automatically acquire a template corresponding to the new model without manually updating it to match each. Therefore, the burden and mistakes of creating the user authentication sequence are reduced.

The authentication sequence setting device according to an embodiment of the present invention may be configured as follows. That is, an authentication module detecting means for detecting an authentication module that can be used from an authentication sequence for handling the necessary authentication items is further provided; and the predetermined plurality of templates in the template database includes the predetermined plurality of authentications. Each of which is associated with a combination of an item and a predetermined one or more authentication modules; and the template search means detects the required authentication items and the available authentication detected by the authentication module detection means from the template database. A template associated with a combination with a module is searched as the recommended template.

According to this embodiment, an authentication module (for example, from a predetermined user information management server, which can be used in an authentication sequence for necessary authentication items of unconfigured authentication devices,
It is automatically detected what kind of program module for reading the reference user information corresponding to the necessary authentication item. Then, a template associated with the combination of the necessary authentication item and the detected authentication module is retrieved from the template database and displayed on the user interface. Thus, for example, if a new authentication module is added to the authentication output system, the user can always know the presence of the new authentication module when creating the authentication sequence, and the new authentication module An authentication sequence using a new authentication module can be easily created using a template corresponding to.

Furthermore, if the configuration for accessing the template database on the external database server as described above is adopted, even if a new authentication module is added, the database in the authentication sequence setting device does not have to be manually updated each time. In addition, a template suitable for the added authentication module can be obtained and an authentication sequence can be easily created.

According to the second aspect of the present invention, it is possible to communicate with one or more authentication output devices that are configured to perform user authentication by inputting user information of one or more authentication items, respectively. An authentication sequence setting device for setting an authentication sequence defining an authentication process to be performed; an authentication sequence database storing an already set authentication sequence applicable to an authentication output device of a certain model; and the one or more authentications Acquire device information specifying the type of each authentication output device from each of the output devices, the acquired device information, and the certain model to which the authentication sequence in the authentication sequence database can be applied. An authentication output device that detects an unset authentication output device for which an applicable authentication sequence has not yet been set from the one or more authentication output devices An authentication item that specifies one or more authentication items required by the unset authentication output device based on the device information acquired from the unset authentication output device detected by the authentication output device detection means Authentication for searching for a similar authentication sequence for handling the required authentication item from the authentication sequence in the authentication sequence database based on the required authentication item specified by the authentication item specifying unit; Providing a user interface for allowing a user to create an authentication sequence applicable to the unconfigured authentication output device, and the similar authentication searched by the authentication sequence search unit on the user interface; Authentication sequence setting device comprising authentication processing setting means for displaying a sequence , It is provided.

The above authentication sequence setting device automatically detects an unset authentication output device for which an authentication sequence has not yet been set, and an authentication item (for example, a user ID) required by the unset authentication output device.
, Password, biometric information, e-mail address or folder path, etc.) and similar to handle the specified required authentication items from the authentication sequence of other authentication output devices already set And the similar authentication sequence is presented to the user. Therefore, the user can easily create an authentication sequence in the unset authentication output device using the similar authentication sequence, and the number of creation errors can be reduced.

According to a third aspect of the present invention, there is provided a computer readable computer program for causing a computer to function as the authentication sequence setting device according to the first or second aspect of the present invention.

According to the present invention, it becomes easier for a person to create an authentication sequence (for example, a macro) for an authentication output device.

  FIG. 2 shows an overall configuration of an authentication output system according to an embodiment of the present invention.

As shown in FIG. 2, the authentication output system 10 according to this embodiment includes one or more authentication output devices 12X and 12Y, an authentication server 14, a template server 16, a user database server 18, and an LDAP (Light Weight Directory Access Protocol). A server 20 is included, and these can communicate with each other via a communication network 22 (for example, an intranet or the Internet).

Each of the authentication output devices 12X and 12Y is, for example, a printer or a multifunction peripheral, and can perform one or more types of output operations determined according to each model. The types of output operation include
For example, printing, e-mail transmission of a scan image (hereinafter referred to as “scan to mail”), storage of a scan image in a folder (hereinafter referred to as “scan to folder”), and / or facsimile transmission, and the like. In the present embodiment, as an example, there are at least two authentication output devices 12X and 12Y, each of which has a different model (the former model number is “LP-XXXX
The latter model number is “LP-YYYY”. ).

In each of the authentication output devices 12X and 12Y, the type of output operation that requires authentication (referred to as “authentication mode” in this specification) is preset. What authentication items must be handled in the authentication process differs depending on the authentication output devices 12X and 12Y and the authentication mode.

The authentication server 14 has a function of an authentication sequence setting device according to the present invention, that is, a function of causing a user to create an authentication sequence for each of the authentication output devices 12X and 12Y and storing the created authentication sequence. Further, the authentication server 14 performs an authentication process for each of the authentication output devices 12X and 12Y stored therein to each device 12 stored in the authentication server 14.
It has a function to execute according to the authentication sequence for X and 12Y. In this embodiment, each authentication sequence is created in the form of a macro (referred to herein as an “authentication macro”).

The template server 16 stores a number of templates that can be used by the user when the user creates an authentication macro on the authentication server 14. Each of these templates handles each of information types (for example, user ID, password, email address, folder path, etc.) (referred to as “authentication item” in this specification) included in user information input at the time of authentication. An example authentication macro for (ie, an example authentication sequence)
Represents.

Any template in the template server 16 can be downloaded to the authentication server 14 and displayed on an authentication macro creation user interface of the authentication server 14. Authentication that is applied to the user's specific environment for the user by utilizing (eg, modifying) an exemplary authentication macro (ie, an exemplary authentication sequence) represented by the displayed template. It becomes easy to create a sequence. Template server 1
6 may be provided, for example, by the manufacturer of the authentication output devices 12X and 12Y. If so, it is easy to store templates for all types of authentication output devices manufactured by the manufacturer. It is.

The user database server 18 and the LDAP server 20 are servers that provide reference user information for confirming the authenticity of user information input at the time of authentication. There may be an environment where both the user database server 18 and the LDAP server 20 are available, and there may be an environment where only one is available. In addition, the user database server 18 and the LDAP according to the authentication item
If there is an environment where the server 20 is used properly, both servers 18, 2 for the same authentication item
There may be environments where 0 can be used together. In the present embodiment, as an example, both servers 18,
An environment where 20 can be used is adopted.

The authentication output device 12X includes an authentication device 30, an authentication request unit 32, and an output device 34.
An authentication mode setting unit 36, a model number providing unit 38, an authentication mode providing unit 40, and an authentication device information providing unit 42. The other authentication output device 12Y also has the same functional elements (not shown).
.

The authentication device 30 is a device for inputting user information necessary for authentication. Examples of the authentication device 30 include a card reader, a biometric authentication device, and a key input panel. One authentication output device may include only one type of authentication device 30 or may include a plurality of types of authentication devices 30. In this embodiment, as an example, the authentication output device 12X
However, it is assumed that only one type of authentication device 30 (for example, a card reader) is provided.

The authentication request unit 32 transmits an authentication request for performing an authentication process using the user information input from the authentication device 30 to the authentication server 14, receives an authentication process result from the authentication server 14, and receives the authentication process result. In response to this, it is controlled whether or not the output operation requested by the user is permitted.

The output device 34 outputs an operation requested by the user (for example, printing, scan to email,
Scan-to-folder and / or facsimile transmission). When an output operation corresponding to a preset authentication mode is requested by the user, the output device 3
4 executes the output operation only when the authentication request unit 32 permits it.

The authentication mode setting unit 36 allows the user to set an authentication mode and stores the set authentication mode.

The model number providing unit 38, the authentication mode providing unit 40, and the authentication device information providing unit 42 each store a model number indicating the model of the authentication output device 12X and the authentication mode setting unit 36 in response to an inquiry from the authentication server 14. The authentication mode and the authentication device information indicating the type of the authentication device 30 are returned to the authentication server 14. Hereinafter, the set of the model number, the authentication mode, and the authentication device information returned to the authentication server 14 is referred to as “apparatus information”.

The authentication server 14 includes an authentication processing setting unit 50, an authentication output device detection unit 52, an authentication macro database 54, a first template database 56, a model number database 58, an authentication module database 60, an authentication item specification unit 62, an authentication module detection unit 64, A template search unit 66, a template acquisition unit 68, and an authentication macro search unit 70 are provided. Authentication server 14
Is, for example, a computer, and the various functional units 50 to 70 are realized by a computer program installed therein.

The authentication processing setting unit 50 performs processing for causing the user to create an authentication macro (authentication sequence) and setting the authentication macro (authentication sequence) in the authentication server 14, and a graphical user interface for causing the user to create an authentication macro (authentication sequence). Is displayed on the screen of the authentication server 14.

The authentication output device detection unit 52 communicates with the authentication output devices 12X and 12Y in the authentication system 10 and acquires respective device information (a set of model, authentication mode and authentication device information) from the authentication output devices 12X and 12Y. To do. The authentication output device detection unit 52 includes an authentication output device 12X,
On the basis of the device information from 12Y and the information of the already set authentication macro stored in the authentication macro database 54, applicable authentication macros are still out of the authentication output devices 12X and 12Y in the authentication system 10. An unset authentication output device that is not set is detected.

The authentication macro database 54 (see FIG. 6) stores one or more authentication macros already set by the authentication processing setting unit 50. Each authentication macro in the authentication macro database 54 is associated with each combination of a model (authentication output device) to which it can be applied and an authentication item. Incidentally, in the description of the operation of the present embodiment, which will be described later, a plurality of authentications applicable respectively to the model “LP-YYYY” of one authentication output device 12Y in the authentication system 10 and a plurality of authentication items used in the model. The macro is already set in the authentication macro database 54, but the authentication macro applicable to the model “LP-XXXX” of the other authentication output device 12X has not been set yet. It will be exemplarily described how the authentication server 14 provides assistance for creating an authentication macro of the output device 12X.

The first template database 56 (see FIG. 6) stores one or more templates. Each template represents an exemplary authentication macro for handling each authentication item in the authentication process. In the first template database 56, each template is associated with each authentication item that it handles. In order to handle the same authentication item, different authentication modules (described later) may be selectively used, or different authentication devices 30 may be selectively used. In such a case, even if the authentication items are the same, the contents of the authentication macro differ depending on the authentication module to be used and the authentication device 30 to be used. Therefore, in such a case, in the first template database 56, each template is associated with a combination of each authentication item that it handles, each authentication module used, and each authentication device 30 used.

The model number database 58 (see FIG. 6) stores model numbers indicating the types of authentication output apparatuses to which the authentication macros stored in the authentication macro database 54 can be applied.

The authentication module database 60 (see FIG. 6) stores one or more authentication modules (program modules that can be called and used by an authentication macro for a certain authentication item). As the authentication module, for example, a database module for acquiring the reference user information corresponding to the specified authentication item from the user database server 18 or the reference user information corresponding to the specified authentication item is acquired from the LDAP server 20. There are LDAP modules for that.

Based on the device information acquired from the unset authentication output device detected by the authentication output device detecting unit 52, the authentication item specifying unit 62 is what authentication item is necessary for authentication in the unset authentication output device. Is identified. That is, the authentication item specifying unit 62 performs authentication associated with the combination from the authentication item database 80 in the template server 16 based on the combination of the model and the authentication mode specified by the device information from the unset authentication output device. An item is searched, and the searched authentication item is specified as the necessary authentication item.

The authentication module detection unit 64 detects what authentication module can be called and used in the authentication macro for the required authentication item. That is, the authentication module detection unit 64 determines from the second template database 82 in the template server 16 what kind of authentication the template associated with the required authentication item is based on the required authentication item specified by the authentication item specifying unit 62. Detect if it is associated with a module. The authentication module detected as a result is the authentication module that can be used for the necessary authentication items.

The template search unit 66 selects a template associated with each combination of the identified one or more required authentication items and the detected one or more available authentication modules as the first.
Search from the template database 56 and search. Since each retrieved template is an exemplary authentication macro for each required authentication item of the unset authentication output device, if this is used (for example, by modification), it is for the unset authentication output device It would be easy to create an authentication macro. Each retrieved template can be displayed on the user interface by the authentication processing setting unit 50.

The template acquisition unit 68, when at least one of the templates searched by the template search unit 66 is not found in the first template database 56,
If the user desires, the template is retrieved from the second template database 82 of the template server 16 and downloaded to the first template database. Each downloaded template can be used (for example, by modifying)
It would be easy to create an authentication macro for an unconfigured authentication output device. Each downloaded template can be displayed on the user interface by the authentication processing setting unit 50.

The authentication macro search unit 70 searches for authentication macros (referred to as “similar authentication macros” in this specification) associated with the required authentication items from the already set authentication macros stored in the authentication macro database 54. To do. The similar authentication macro searched is an authentication macro for a model different from the model of the unconfigured authentication output device, but it is related to the same authentication item.
If this is used (for example, by modifying), an authentication macro for an unset authentication output device can be easily created. The retrieved similar authentication macro is stored in the authentication processing setting unit 50.
Can be displayed on the user interface. One of the similar authentication macro and the above template may be selectively displayed, or both may be combined together. In a specific example used in the operation description of the present embodiment to be described later, either a similar authentication macro or a template is displayed for each authentication item in response to a user request.

The template server 16 includes an authentication item database 80, a second template database 82, and a template providing unit 84. The template server 16 is, for example,
The various functional units 80 to 84 are realized by a computer program installed in the computer.

The authentication item database 80 (see FIG. 7) stores a plurality of predetermined authentication items that can be used by a plurality of predetermined (authentication output device) models. In the authentication item database 80, each model is combined with one or more authentication modes that can be set for the model, and one or more authentication items necessary for each combination are stored in association with each combination. .

The second template database 82 (see FIG. 7) stores a plurality of predetermined templates. Similar to the first template database 56, the second template database 8
Even within 2, each template is associated with each authentication item that it handles. Different authentication modules (see below) can be used selectively to handle the same authentication items,
In some cases, different authentication devices 30 can be selectively used. For such cases,
As in the first template database 56, the second template database 80
Each template is associated with a combination of each authentication item that it handles, each authentication module used, and each authentication device 30 used.

The second template database 80 has more types of accumulated templates than the first template database 56. It is desirable that templates corresponding to all types of authentication output apparatuses existing in the market are accumulated in the second template database 80, and a new template is added without delay when a new model is released.

The template providing unit 84 searches the second template database 80 for the template requested to be searched by the template acquisition unit 68 of the authentication server 14 and returns the template to the template acquisition unit 68.

A support operation for creating an authentication macro in the authentication system 10 according to the present embodiment configured as described above will be described below.

FIG. 3 shows a flow of operations from when the authentication processing setting unit 50 is activated in the authentication server 14 until a template necessary for creating an authentication macro is prepared. FIG. 4 shows a flow of operations until a creation of an authentication macro is executed after a necessary template is prepared in the authentication server 14.
FIG. 5 shows an operation flow when authentication processing according to the authentication macro is performed. 6 and 7 respectively show specific examples of accumulated data of the authentication server 14 and the template server 17 at the start of the flow of FIG. FIG. 8 shows a specific example of the window transition of the user interface displayed by the authentication processing setting unit 50 of the authentication server 14 in the flow of FIG. 9 and 10
These show specific examples of information transmitted and received by the authentication server 14 in the flow of FIG. 11 to 14 show specific examples of user interface window transitions displayed by the authentication processing setting unit 50 of the authentication server 14 in the flow of FIG.

First, referring to FIG. When the authentication processing setting unit 50 is activated in the authentication server 14 in step S1 of FIG. 3, the authentication output device detection unit 52 of the authentication server 14 searches for authentication output devices 12X and 12Y that can communicate with the authentication server 14. . At this time, a search request 92 as illustrated in FIG.
Is created in the communication network 22. As a search result for the search request 82, each of the authentication output devices 12X and 12 returns the respective device information (model number, authentication mode, and authentication device information) to the authentication server 14. For example, a search result (device information) 94 as illustrated in FIG. 9 is returned from the authentication output device 12X. During this process, the authentication processing setting unit 50 displays a window 100 as illustrated in FIG.

Thereafter, in step S2 of FIG. 3, the authentication output device detection unit 52 of the authentication server 14 specifies the model numbers (models) of the authentication output devices 12X and 12Y from the device information acquired from the authentication output devices 12X and 12Y. Then, the authentication macro database 54 is searched for an authentication macro applicable to each model number. At this time, only the authentication macro applicable to the model number “LP-YYYY” of one authentication output device 12Y exists in the authentication macro database 54, for example, as shown in FIG.
If there is no authentication macro applicable to the model number “LP-XXXX” of the other authentication output device 12X, the authentication output device detection unit 52 authenticates the model number “LP-XXXX” for which no authentication macro has been set yet. The output device 12X is specified as an unset authentication output device. At this time, the authentication processing setting unit 50 displays a window 102 as illustrated in FIG.

Thereafter, when the user clicks the “OK” button on the window 102 illustrated in FIG. 8, the authentication item specifying unit 62 of the authentication server 14 displays the model number “LP” of the unset authentication output device 12X in step S4 of FIG. -XXXX ", the authentication item database 80 of the template server 16 is used.
The authentication mode and authentication items (hereinafter referred to as “template items”) that can be used with the model number “LP-XXXX” are searched. At this time, a template item request 96 as illustrated in FIG. 9 is sent from the authentication item specifying unit 62 of the authentication server 14 to the authentication item database 80 of the template server 16.

Then, in step S4 of FIG. 3, the result representing the template item of the model number “LP-XXXX” is returned from the authentication item database 80 of the template server 16 to the authentication item specifying unit 62 of the authentication server 14. For example, if the stored contents of the authentication item database 8 are as shown in FIG. 7, a template item result 98 as illustrated in FIG. 9 is returned. According to the exemplified template item result 98, when the authentication mode is “scan to mail”, the authentication items are “user ID (USER_ID)” and “mail address (MAIL)”.
”And the authentication item when the authentication mode is“ Scan to Folder ”is“ User ID (USER_I
D) ”and“ save folder path (FOLDER) ”, and the authentication item when the authentication mode is“ print ”is“ user ID (USER_ID) ”.

Thereafter, in step S6 of FIG. 3, the authentication item specifying unit 62 of the authentication server 14 outputs an unset authentication output from the combination of the authentication mode and the authentication item set indicated in the template item result 98 received from the template server 16. By extracting information corresponding to the authentication mode indicated in the device information (authentication output device search result) 94 acquired from the device 12X, authentication items actually required by the unconfigured authentication device 12X are specified. For example, the device information illustrated in FIG.
According to the authentication output device search result) 94, there are only two types of authentication modes “scan to mail” and “print” that are actually set in the unset authentication output device 12X. Among the authentication items described in the template item result 98, “user ID (USER_ID)” and “email address (MAI), which are authentication items used in“ scan to email ”and“ print ”.
L) "will be specified as the required authentication item.

Thereafter, in step S7 of FIG. 3, the authentication module detection unit 64 of the authentication server 14 identifies the necessary authentication items “user ID (USER_ID)” and “mail address (MAIL)” specified above, and the unset authentication output device. Device information (authentication output device search result) 94 from 12X (see FIG. 9)
The authentication device information “card” (meaning a card reader) shown in FIG. 2 is used to retrieve the necessary authentication items “user ID (USER_ID)” and “email address (from the second template database 82 of the template server 82). MAIL) ”and the authentication device“ card ”in combination are searched for authentication modules. In step S8, the search result is returned from the second template database 82 of the template server 82 to the authentication module detection unit 64 of the authentication server 14.

For example, if the contents of the second template database 82 are as shown in FIG. 7, a combination of an authentication item “user ID (USER_ID)” and an authentication device “card”,
For both the authentication item “Mail Address (MAIL)” and the authentication device “Card” combination, two types of authentication modules “User Database Module (DatabaseModule)
) ”And“ LDAP module (LdapModule) ”will be detected. Accordingly, authentication module detection information 200 as shown in FIG. 10 is obtained. This is because the unset authentication output device 12X
For the authentication items “user ID (USER_ID)” and “email address (MAIL)”, both authentication macros “User database module (Data
baseModule) ”and“ LDAP module (LdapModule) ”are available.

By the way, in FIG. 7, only the items related to the registered authentication device “card” are shown as items stored in the second template server 82, but actually, other authentication devices “key input panel”, “fingerprint reader” An authentication module, authentication items, and templates related to the above are also registered in the second template server 82.

Thereafter, in step S9 of FIG. 3, the authentication module detection unit 64 of the authentication server 14 uses the authentication module “user database module (Databa
seModule) ”and“ LDAP Module (LdapModule) ”and the templates associated with the combinations of the required authentication items“ User ID (USER_ID) ”and“ Mail Address (MAIL) ”identified in Step S6, respectively. Search from the template database 56. As a result, if a certain template is not found in the first template database 56, the user is asked whether to download the missing template from the template server 16. In particular, the template associated with a certain authentication module is the first.
If it is not found at all from the template database 56, it means that the authentication module is a new authentication module. Therefore, it is determined whether or not all templates related to the new authentication module are downloaded from the template server 16 as missing templates. Ask.

For example, in the authentication module detection information 200 shown in FIG. 10, two types of authentication modules “user database module (DatabaseModule)” and “LDAP module (LdapModule)” are used.
It is found that the authentication module “User Database Module (DatabaseModule)” is new if the contents of the first template database 56 are as shown in FIG. This is an authentication module. Thus, for example, the window 104 of FIG. 8 is displayed, and the user is asked whether or not to download a missing template for the new authentication module “User Database Module (DatabaseModule)”.

Thereafter, if the user clicks the “Yes” button on the window 104 shown in FIG. 8, the template acquisition unit 68 of the authentication server 14 sends the second template database to the template server 16 in step S10 of FIG. Request to search for missing templates from 82. For example, a template request 202 (which requests all templates related to a new authentication module “User Database Module (DatabaseModule)”) as shown in FIG. 10 is sent from the template acquisition unit 68 of the authentication server 14 to the template server 16.

Then, the missing template retrieved from the second template database 82 of the template server 16 in step S11 of FIG.
Reply to For example, a template request result 204 as shown in FIG. 10 (returns all templates related to a new authentication module “User Database Module (DatabaseModule)”) is sent from the template server 16 to the template acquisition unit 68 of the authentication server 14. .

By the way, in the template request result 204 of FIG. 10, the meaning of the example authentication macro represented by the template is described on the right side of each template. This is reference information for facilitating understanding. It is not the contents of the template.

Thereafter, the insufficient template downloaded from the template server 16 is stored in the first template database 56 in step S12 of FIG. As a result, the contents of the first template database 56 illustrated in FIG. 6 are enriched as the second template database 82 illustrated in FIG.

  Thereafter, the flow shown in FIG. 4 is performed.

First, in steps S20 to S22 of FIG. 4, the authentication processing setting unit 50 of the authentication server 14 performs the process shown in FIG.
A macro setting window 108 as illustrated in FIG. In the macro setting window 108 illustrated in FIG. 11, for each authentication item necessary for the unset authentication output device 12X identified in the flow of FIG. 3, an “edit current content” menu 110, another macro reference menu 112
Three types of reference menus are provided: a template reference menu 114.

In step S20, the template search unit 66 associates the authentication items necessary for the unset authentication output device 12X identified in the flow of FIG. 3 with the combinations of the installed authentication device 30 and available authentication modules. The recommended template searched is searched from the first template database 56, and the authentication processing setting unit 50 searches the recommended template searched for the template reference menu 1 in the macro setting window 108 illustrated in FIG.
Set to 14.

In step S21, the authentication macro search unit 70 searches for the similar authentication macro associated with the required authentication item from the authentication macros of the other models “LP-YYYY” stored in the authentication macro database 54, Then, the authentication processing setting unit 50 converts the searched similar authentication macro to
The other macro reference menu 112 in the macro setting window 108 illustrated in FIG. 11 is set.

In step S22, the authentication macro search unit 70 searches the authentication macro database 54 for an authentication macro associated with the model “LP-XXXX” of the unset authentication output device 12X and the required authentication items (not set). In this case, the authentication processing setting unit 50 sets the searched authentication macro in the macro setting window 108 illustrated in FIG. 11. Set to “Edit Current Content” menu 110.

Thus, the macro setting window 108 illustrated in FIG. 11 is completed. Then, in step S23 of FIG. 3, the authentication processing setting unit 50 displays the macro setting window 108 and causes the user to set the authentication macro according to the user's operation on the macro setting window 108.

That is, when the user operates the “edit current contents” menu 110 on the macro setting window 108 illustrated in FIG. 11, the authentication processing setting unit 50 displays a macro editing window 120 as illustrated in FIG. Then, the authentication macro for the unset authentication output device 12X searched in step S22 is displayed on the macro editor 122 in the macro edit window 120. In the example of FIG. 12, since such an authentication macro has not yet been set, the macro editor 122 is substantially blank. On the macro editor 122, the user can create an authentication macro related to the target authentication item for the unset authentication output device 12X in the same manner as operating the text editor. User edits macro editing window 1
When the “Yes” button 124 in 20 is clicked, the macro on the macro editor 122 is
The authentication macro database 54 stores the unset authentication output device 12X in association with the model and the target authentication item.

When the user operates the other macro reference menu 112 on the macro setting window 108 illustrated in FIG. 11, the authentication processing setting unit 50 displays a macro editing window 120 as illustrated in FIG. Macro editor 122 in edit window 120
The similar authentication macro of the other model searched in step S21 is displayed. The user can easily change the similar authentication macro on the macro editor 122 to easily set the unset authentication output device 1.
An authentication macro related to the target authentication item for 2X can be created. When the user clicks the “Yes” button 124 in the macro editing window 120, the macro editor 12
2 is stored in the authentication macro database 54 in association with the model of the unset authentication output device 12X and the target authentication item.

When the user operates the template reference menu 114 on the macro setting window 108 illustrated in FIG. 11, the authentication processing setting unit 50 displays a macro editing window 120 as illustrated in FIG. Macro editor 1 in window 120
In 22, the recommended template retrieved in step S20 is displayed. The user can easily change the recommended template on the macro editor 122 to easily set the unset authentication output device 1.
It is possible to create an authentication macro related to the target authentication item for 2X. When the user clicks the “Yes” button 124 in the macro editing window 120, the macro editor 122.
The above macro is associated with the model of the unset authentication output device 12X and the target authentication item,
It is stored in the authentication macro database 54.

As described above, when authentication macros related to all necessary authentication items for the unset authentication output device 12X are set, the unset authentication output device 12X is no longer “not set” and is used for the authentication output device 12X. Authentication processing can be performed.

The authentication process for each of the authentication output devices 12X and 12Y is performed according to the flow shown in FIG.

First, in step S30 of FIG. 5, user information is input to an authentication device 30 of a certain authentication processing apparatus, for example, 12X. Then, in step S31, the authentication request unit 32 of the authentication processing device 12X includes the model number of the authentication processing device 12X and the input user information (the value itself of the input user information and information for specifying the corresponding attribute item). Is sent to the authentication server 14.

Thereafter, in step S32, the authentication macro search unit 70 of the authentication server 14 performs authentication associated with the model number and the attribute item of the input user information based on the model number and input user information included in the received authentication request. The macro is searched from the authentication macro database 54.

Thereafter, in step S33, the authentication server 14 executes an authentication processing procedure instructed by the searched authentication macro. In step S34, the authentication processing result (including the authentication processing result and input user information) is returned to the authentication request unit 32 of the authentication server 14, and the authentication request unit 32 performs an output operation requested by the user. Is determined according to the authentication processing result.

Thereafter, if it is determined that the output operation may be performed, the output device 34 executes the output operation in step S35.

As can be seen from the above description, according to the present embodiment, the user can easily create an authentication macro for an authentication output device for which an applicable authentication macro (authentication sequence) has not been set, and There are few creation mistakes.

As mentioned above, although preferred embodiment of this invention was described, this is an illustration for description of this invention, and is not the meaning which limits the scope of the present invention only to this embodiment. The present invention can be implemented in various modes different from the above-described embodiments without departing from the gist thereof.

For example, the specific configuration of the authentication system 10 shown in FIG. 2 is only an example of an environment to which the present invention can be applied. The system having other configurations, for example, a device that creates an authentication macro and a device that performs authentication processing The present invention can also be applied to a system in which all or part of the functions of the template server 16 are included in the authentication server 14 or a system that does not have the user database server 18 or the LDAP server 20. Applicable.

The figure which shows the example of an authentication macro (authentication sequence). The block diagram which shows the whole structure of the authentication output system according to one Embodiment of this invention. The flowchart which shows the flow of operation | movement after the authentication process setting part 50 is started by the authentication server 14 until the template required for an authentication macro preparation is prepared. The flowchart which shows the flow of operation | movement until preparation of an authentication macro is performed after the template required by the authentication server 14 is prepared. The flow of operation when authentication processing according to the authentication macro is performed is shown. The figure which shows the specific example of the data stored in the authentication server 14 in the time of the start of the flow of FIG. The figure which shows the specific example of the stored data of the template server 17 in the time of the start of the flow of FIG. The figure which shows the specific example of the window transition of the user interface which the authentication process setting part 50 of the authentication server 14 displays in the flow of FIG. The figure which shows the specific example of the information which the authentication server 14 transmits / receives in the flow of FIG. The figure which shows the specific example of the information which the authentication server 14 transmits / receives in the flow of FIG. The figure which shows the window transition specific example of the user interface which the authentication process setting part 50 of the authentication server 14 displays in the flow of FIG. The figure which shows the window transition specific example of the user interface which the authentication process setting part 50 of the authentication server 14 displays in the flow of FIG. The figure which shows the window transition specific example of the user interface which the authentication process setting part 50 of the authentication server 14 displays in the flow of FIG. The figure which shows the window transition specific example of the user interface which the authentication process setting part 50 of the authentication server 14 displays in the flow of FIG.

Explanation of symbols

10: Authentication output system, 12X, 12Y: Authentication output device, 14: Authentication server, 16: Template server, 18: User database server, 20: LDAP (Light Weight
Directory Access Protocol) server, 22: communication network 22, 30: authentication device 30, 32: authentication request unit, 34: output device, 36: authentication mode setting unit, 38
: Model number providing unit, 40: Authentication mode providing unit, 42: Authentication device information providing unit 42, 50: Authentication processing setting unit, 52: Authentication output device detecting unit, 54: Authentication macro database, 56: First
Template database, 58: Model number database, 60: Authentication module database, 62: Authentication item specifying unit, 64: Authentication module detection unit, 66: Template search unit,
68: Template acquisition unit, 70: Authentication macro search unit, 80: Authentication item database, 8
2: Second template database, 84: Template provider, 120: Macro editing window

Claims (8)

An authentication sequence setting device that can communicate with one or more authentication output devices that are configured to perform user authentication by inputting user information of one or more authentication items, and sets an authentication sequence that is applied to each authentication output device In
Means for accessing an authentication sequence database storing an already set authentication sequence applicable to an authentication output device of a certain model;
Means for accessing a template database storing a plurality of templates respectively representing a plurality of predetermined example authentication sequences respectively associated with a plurality of predetermined authentication items;
Device information specifying each type of the authentication output device is acquired from the one or more authentication output devices, and the acquired device information and the authentication sequence in the authentication sequence database are applied. An authentication output device detecting means for detecting an unset authentication output device for which an applicable authentication sequence has not yet been set, from among the one or more authentication output devices, based on the possible model;
Based on the device information acquired from the unset authentication output device detected by the authentication output device detection means, authentication item specifying means for specifying one or more authentication items required by the unset authentication output device;
Template search means for searching a recommended template associated with the required authentication item specified by the authentication item specifying means from the template database;
Authentication processing setting for providing a user interface for allowing a user to create an authentication sequence applicable to the unset authentication output device and displaying the recommended template searched by the template search unit on the user interface Means,
An authentication sequence setting device. In the authentication sequence setting device according to claim 1,
An authentication sequence search means for searching for a similar authentication sequence for handling the required authentication item specified by the authentication item specifying means from among the already set authentication sequences in the authentication sequence database;
The authentication processing setting means displays the similar authentication sequence searched by the authentication sequence search means on the user interface;
Authentication sequence setting device. In the authentication sequence setting device according to claim 1 or 2,
The device information acquired from each authentication output device further specifies an authentication mode indicating the type of output operation that requires authentication in each authentication output device,
Means for accessing an authentication item database storing a plurality of predetermined authentication items respectively associated with a combination of a predetermined plurality of models and a plurality of predetermined authentication modes;
Based on the combination of the model and the authentication mode specified by the device information acquired from the unconfigured authentication output device, the authentication item specifying means is selected from among the predetermined plurality of authentication items in the authentication item database. Selecting an authentication item associated with the identified combination as the required authentication item;
Authentication sequence setting device. In the authentication sequence setting device according to claim 3,
The authentication item database is provided in a database server installed outside the authentication sequence setting device.
Authentication sequence setting device. In the authentication sequence setting device according to any one of claims 1 to 4,
The template database includes a first template database provided in the authentication sequence setting device, and a second template database provided in a database server installed outside the authentication sequence setting device,
Check if the recommended template exists in the first database, and if it does not exist as a result of the check, acquire the recommended template from the second template database and store it in the first database Further comprising means,
The template search means searches the recommended template from the first template database.
Authentication sequence setting device. In the authentication sequence setting device according to any one of claims 1 to 5,
An authentication module detecting means for detecting an authentication module that can be used by an authentication sequence for handling the necessary authentication items;
The predetermined plurality of templates in the template database are respectively associated with a combination of the predetermined plurality of authentication items and a predetermined one or more authentication modules.
The template search means searches the template database for a template associated with a combination of the required authentication item and the available authentication module detected by the authentication module detection means as the recommended template.
Authentication sequence setting device. It is possible to communicate with one or more authentication output devices that have entered user information of one or more authentication items to perform user authentication, and set an authentication sequence that defines the authentication process applied to each authentication output device In the authentication sequence setting device to
An authentication sequence database that stores an already set authentication sequence applicable to an authentication output device of a certain model;
Device information specifying the type of each authentication output device is acquired from each of the one or more authentication output devices, and the acquired device information and the authentication sequence in the authentication sequence database are applicable. An authentication output device detection means for detecting an unset authentication output device for which an applicable authentication sequence has not yet been set from the one or more authentication output devices based on the certain model;
Based on the device information acquired from the unset authentication output device detected by the authentication output device detection means, an authentication item specifying means for specifying an authentication item necessary for the unset authentication output device;
An authentication sequence for searching for a similar authentication sequence for handling the required authentication items from the authentication sequence in the authentication sequence database based on the one or more required authentication items specified by the authentication item specifying means Search means;
Authentication that provides the user with a user interface for allowing the user to create an authentication sequence applicable to the unset authentication output device, and displays the similar authentication sequence searched by the authentication sequence search means on the user interface An authentication sequence setting device comprising processing setting means. A computer-readable computer program for causing a computer to function as the authentication sequence setting device according to claim 1.

Images