JP2010170541A - Image forming apparatus, authentication processing system, authentication method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a mechanism for improving security when an image forming apparatus is used by performing appropriate user authentication of the third party in addition to user authentication of a user who uses the image forming apparatus, and to provide a mechanism for improving security when the image forming apparatus is used by limiting a function to be used by the image forming apparatus in accordance with the user authentication of the third party. <P>SOLUTION: In the image forming apparatus communicable with an authentication server for storing identification information for identifying a user, first identification information for identifying a first user and second identification information for identifying a second user, which are input to the image forming apparatus in response to a user's operation, are obtained, the first identification information and the second identification information are transmitted, and the image forming apparatus is logged in as the first user when the first identification information and the second identification information are authenticated by the authentication server according to the transmission. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an image forming apparatus that performs authentication processing, an authentication processing system, an authentication method, and a program.

  In recent years, when using a multi-function device, for the purpose of limiting the user, for example, an authentication information management device (IC card authentication) is used for authentication information read from the IC card by holding the IC card over the card reader of the multi-function device. Server), if authentication information has been registered, there is already a system that responds to the multifunction peripheral with a successful authentication and can use the multifunction peripheral.

  There is also a mechanism for linking this system with the printing function. This mechanism includes, for example, a printing system in which print data is stored without printing until the authentication is successful, and security is ensured to print the print data of the authenticated user when the authentication is successful. .

  However, in the system using the IC card, when the IC card is dropped, there is a problem that it is used by other users. For example, when a malicious user picks up an IC card that has been dropped, authentication can be performed using the IC card, and the multifunction device can be operated by impersonating the user who originally holds the IC card. In particular, when using a printing system that ensures security as described above, print data that includes confidential information may be accumulated. In such a case, print data including confidential information is printed by a malicious user, and security cannot be ensured.

  Therefore, in addition to the conventional authentication, a technique for permitting use by performing additional authentication by a third party and improving security is disclosed. (Patent Document 1)

JP 2005-149237 A

  However, although the technology of Patent Document 1 can strengthen the security by performing third party additional authentication, the third party additional authentication of Patent Document 1 uses other contact methods such as e-mail and telephone. Therefore, even though we wanted to use the multifunction device immediately, we had to wait for a reply from e-mail or telephone that we couldn't get a response immediately, which was not suitable for actual operation.

  In particular, since there is a demand for the user to use the multi-function device as soon as he / she is in front of the multi-function device, it takes time to perform additional authentication after the user hits the multi-function device and holds the IC card. Waiting until this has been inconvenient for users who actually operate.

  In addition, with recent advances in IT technology, the response of various systems has become faster, so the situation where it takes a long time to authenticate and use a multifunction device is not convenient for users and is not suitable for operation. There wasn't.

  SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to provide a mechanism for improving security during use of an image forming apparatus by performing appropriate third-party user authentication in addition to user authentication of a user who uses the image forming apparatus. Also,

  Another object of the present invention is to provide a mechanism that increases security when using an image forming apparatus by restricting functions used in the image forming apparatus in accordance with third-party user authentication.

  The present invention is an image forming apparatus that can communicate with an authentication server including a user information storage unit that stores identification information for identifying a user via a communication medium. Identification information acquisition means for acquiring first identification information for identifying the first user and second identification information for identifying the second user, the first identification information, and the input When the first identification information and the second identification information are authenticated by the authentication server in accordance with the transmission by the identification information transmission means for transmitting the second identification information and the identification information transmission means, the first identification information Login means for logging in to the image forming apparatus by the user.

  According to the present invention, when the first identification information is authenticated and the second identification information is identification information of a user who can permit the use of the image forming apparatus, the login unit includes the first identification information. One user logs in to the image forming apparatus.

In the invention, it is preferable that the identification information acquisition unit acquires the first identification information, and acquires the second identification information when the authentication server authenticates the first identification information. And

  According to the present invention, a use function setting unit for setting a use function of the image forming apparatus and a use function of the image forming apparatus for the first user are controlled according to the use function set by the use function setting unit. And a use function control means.

  Further, according to the present invention, a permitted function information acquisition unit that acquires permitted function information that allows a user corresponding to the second identification information to permit a function of the image forming apparatus, and the used function setting unit acquires the permitted function information. The setting is made according to the permitted function information acquired by the means.

  Further, according to the present invention, the use function setting means includes detailed use restriction setting means for setting detailed use restrictions of the use function, and the detailed use restriction setting means sets an upper limit value included in the permitted function information as an upper limit. As described above, detailed usage restrictions are set.

  According to the present invention, the log-in means includes a storage medium corresponding to the first identification information and the second identification information read by the reading means capable of reading the plurality of storage media. In the case of a storage medium corresponding to the above, the first user logs in.

  According to the present invention, when a plurality of storage media read by a reading unit capable of reading a plurality of storage media are storage media corresponding to the first identification information, the image forming apparatus is logged in. The information processing apparatus further includes selection means for selecting a first user, wherein the login means logs in the first user selected by the selection means.

  Further, the present invention is characterized in that the first identification information and the second identification information are identification information obtained by a user holding a storage medium over the image forming apparatus.

  Furthermore, the present invention is an authentication processing system in which an authentication server including user information storage means for storing identification information for identifying a user and an image forming apparatus can communicate with each other via a communication medium, the image forming apparatus Is an identification for acquiring first identification information for identifying the first user and second identification information for identifying the second user, which are input to the image forming apparatus in response to the user's operation. In accordance with transmission by the information acquisition means, the first identification information and the second identification information, and transmission by the identification information transmission means, the authentication server transmits the first identification information and the second identification information. Log-in means for logging in to the image forming apparatus by the first user when the identification information is authenticated, and the authentication server receives the first identification information and the second from the image forming apparatus. An identification information receiving means for receiving the identification information, characterized in that it comprises an authentication means for authenticating the first identification information and second identification information received by said identification information reception unit.

  According to the present invention, in addition to user authentication of a user who uses the image forming apparatus, appropriate third-party user authentication can be performed, so that security during use of the image forming apparatus can be improved.

  Further, according to third-party user authentication, functions used in the image forming apparatus can be restricted to increase security when using the image forming apparatus.

1 is a block diagram schematically showing a system configuration of an authentication system according to an embodiment of the present invention. It is a block diagram which shows roughly the hardware constitutions of the authentication server and client PC in FIG. FIG. 2 is a block diagram schematically showing a hardware configuration of the multifunction machine in FIG. 1. FIG. 2 is a block diagram schematically illustrating a configuration of functions included in each device of the multifunction peripheral, the authentication server, and the client PC in FIG. 1. It is a flowchart which shows an example of the authentication process of the authentication system concerning this embodiment. It is a flowchart which shows an example of the authentication process of the authentication system concerning this embodiment. It is a flowchart which shows an example of the authentication process of the authentication system concerning this embodiment. It is a flowchart which shows an example of the search process of the authentication system concerning this embodiment. It is a flowchart which shows an example of the authentication table concerning this embodiment. FIG. 6 is a diagram illustrating an example of an authentication screen displayed on the multifunction peripheral. FIG. 6 is a diagram illustrating an example of a screen displayed on the multifunction peripheral and screen transition. 6 is a diagram illustrating an example of a function setting screen displayed on a multifunction peripheral. FIG. 5 is a diagram illustrating an example of a detailed function setting screen displayed on the multifunction peripheral. FIG. It is a figure which shows an example of the permission management information managed with an authentication server. It is a figure which shows an example of the permission management information managed with an authentication server. It is a figure which shows an example of the search result (operation log) of permission management information displayed with a client PC. It is a figure which shows an example of the search result (approval log) of permission management information displayed with a client PC. It is a figure which shows an example of the authentication result management information managed with an authentication server. Example of search result (authentication log) of authentication result management information displayed on client PC 10 is a flowchart illustrating an example of authentication processing of the authentication system in the third embodiment. 14 is a flowchart illustrating an example of authentication processing when a plurality of IC cards are read in the third embodiment. 10 is a flowchart illustrating an example of authentication processing of the authentication system in the third embodiment. 6 is a diagram illustrating an example of a login card notification screen displayed on a multifunction peripheral. FIG. 6 is a diagram illustrating an example of a login card selection screen displayed on the multifunction peripheral. FIG. FIG. 10 is a diagram illustrating an example of a login confirmation screen when authenticating a plurality of cards to be displayed on the multifunction peripheral.

[Embodiment 1]
Hereinafter, a preferred embodiment of a screen forming system according to the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a system configuration diagram illustrating an example of an image forming system (information processing system) of the present embodiment.

  As shown in FIG. 1, the image forming system (information processing system) includes, for example, one or a plurality of multifunction peripherals (image forming apparatuses) 300, an authentication server 200 for one or two IC cards, and one or a plurality of client PCs 100. Are connected via a local area network (LAN) 400 (communication medium).

  The multi-function device 300 transmits a card number read from a card held over a card reader 319 described later to the authentication server 200 as an authentication request. In addition, the user name and password input by the operation unit 308 of the multi-function device to be described later are transmitted to the authentication server 200 as an authentication request.

  The authentication server 200 stores an IC card authentication table (FIG. 9), which will be described later, for IC card authentication in response to an authentication request by the IC card from the multifunction device 300 or an authentication request by the user name and password. Authentication processing is performed using a table.

  The authentication server 200 is configured to be communicable with, for example, a directory server (not shown), and when there is an authentication request using a user name and password, the directory server is inquired and the user name is stored in the directory server. If it is determined that the authentication is successful, the authentication result can be transmitted from the authentication server 200 to the multi-function device 300. That is, the authentication server 200 is a device having a directory server function.

  In addition, the client PC 100 performs print settings for the MFP 300.

  Next, the hardware configuration of the client PC 100 and the authentication server 200 shown in FIG. 1 will be described with reference to FIG.

  FIG. 2 is a block diagram illustrating a hardware configuration example of an information processing apparatus applicable to the authentication server 200. The block diagram of FIG. 2 can also be applied to the client PC 100.

  As shown in FIG. 2, the authentication server 200 includes a CPU (Central Processing Unit) 201, a RAM (Random Access Memory) 203, a ROM (Read Only Memory) 202, an input controller 205, a video controller 206, a system bus 204, and the like. A configuration in which a memory controller 207, a communication I / F controller 208, and the like are connected is adopted.

  The CPU 201 comprehensively controls each device and controller connected to the system bus 204.

  Further, the ROM 202 or the external memory 211 will be described later, which is necessary for realizing the functions executed by each server or each PC, such as BIOS (Basic Input / Output System) and OS (Operating System) which are control programs of the CPU 201. Various programs are stored. Further, information necessary for carrying out the present invention (for example, the authentication table in FIG. 9, the permission management information for managing the permission information and the operation information in FIGS. 13 to 15) is stored. The external memory may be a database.

  The RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for executing the processing from the ROM 202 or the external memory 211 to the RAM 203 and executing the loaded program.

  The input controller 205 controls input from a keyboard (KB) 209 or a pointing device such as a mouse (not shown).

  The video controller 206 controls display on a display device such as the display 210. The display device may be a display device such as a liquid crystal display. These are used by the administrator as needed.

  The memory controller 207 is an external storage device (hard disk (HD)), flexible disk (FD), or PCMCIA (Personal Computer) that stores a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 211 such as a Compact Flash (registered trademark) memory connected to a Memory Card International Association (Card Memory) card slot via an adapter.

  The communication I / F controller 208 is connected to and communicates with an external device via a network (for example, the LAN 400 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP (Transmission Control Protocol / Internet Protocol) is possible.

  The CPU 201 can display on the display 210 by executing an outline font rasterization process on a display information area in the RAM 203, for example. Further, the CPU 201 enables a user instruction using a mouse cursor (not shown) on the display 210.

  Various programs to be described later for realizing the present invention are recorded in the external memory 211 and executed by the CPU 201 by being loaded into the RAM 203 as necessary. Furthermore, a definition file and various information tables used when executing the program are also stored in the external memory 211, and a detailed description thereof will be described later.

  Next, the hardware configuration of the multifunction machine 300 as the information processing apparatus of the present invention will be described with reference to FIG.

  FIG. 3 is a block diagram illustrating a hardware configuration example of the multifunction peripheral 300.

  In FIG. 3, a controller unit 316 is connected to a scanner 314 functioning as an image input device and a printer 312 functioning as an image output device, and is connected to a local area network such as the LAN 400 shown in FIG. By connecting to a public line (WAN) such as ISDN, image data and device information are input and output.

  As shown in FIG. 3, the controller unit 316 includes a CPU 301, a RAM 302, a ROM 303, an external storage device (hard disk drive (HDD)) 304, a network interface (Network I / F) 305, a modem (Modem) 306, an operation unit interface ( Operation unit I / F) 307, external interface (external I / F) 318, image bus interface (IMAGE BUS I / F) 320, raster image processor (RIP) 310, printer interface (printer I / F) 311, scanner interface (Scanner I / F) 313, an image processing unit 317, and the like.

  The CPU 301 is a processor that controls the entire system.

  A RAM 302 is a system work memory for the operation of the CPU 301, and is a program memory for recording a program and an image memory for temporarily storing image data.

  The ROM 303 stores a system boot program and various control programs.

  An external storage device (hard disk drive HDD) 304 stores various programs for controlling the system, image data, and the like.

  An operation unit interface (operation unit I / F) 307 is an interface unit with the operation unit (UI) 308, and outputs image data to be displayed on the operation unit 308 to the operation unit 308.

The operation unit I / F 307 serves to transmit information (for example, user information) input by the system user from the operation unit 308 to the CPU 301. Note that the operation unit 308 includes a display unit having a touch panel, and various instructions can be given by a user pressing (touching with a finger or the like) a button displayed on the display unit.

  A network interface (Network I / F) 305 is connected to a network (LAN) and inputs / outputs data.

  A modem (MODEM) 306 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  An external interface (external I / F) 318 is an interface unit that accepts external inputs such as USB, IEEE 1394, printer port, RS-232C, etc. In this embodiment, a card reader for reading an IC card required for authentication is used. 319 is connected.

  The CPU 301 can control reading of information from the IC card by the card reader 319 via the external I / F 318, and can acquire information read from the IC card. Note that the storage medium is not limited to an IC card, and any storage medium that can identify a user may be used.

In this case, identification information for identifying the user is stored in the storage medium. This identification information may be a production number of the storage medium or a user code given by the user within the company.
The above devices are arranged on the system bus 309.

  On the other hand, an image bus interface (IMAGE BUS I / F) 320 is a bus bridge that connects a system bus 309 and an image bus 315 that transfers image data at high speed and converts a data structure.

  The image bus 315 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 315.

  A raster image processor (RIP) 310 develops vector data such as a PDL code into a bitmap image, for example.

  A printer interface (printer I / F) 311 connects the printer 312 and the controller unit 316 to perform synchronous / asynchronous conversion of image data.

  A scanner interface (scanner I / F) 313 connects the scanner 314 and the controller unit 316, and performs synchronous / asynchronous conversion of image data.

  An image processing unit 317 corrects, processes, and edits input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 317 performs image data rotation and compression / decompression processing such as JPEG for multi-valued image data and JBIG, MMR, MH for binary image data.

  A scanner 314 connected to the scanner I / F 313 illuminates an image on paper as a document and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 308, the CPU 301 gives an instruction to the scanner, and the feeder feeds the original paper one by one to read the original image. I do.

  The printer 312 connected to the printer I / F 311 is a part that converts raster image data into an image on paper. The method is an electrophotographic method using a photosensitive drum or a photosensitive belt, and ink is supplied from a micro nozzle array. There is an ink jet method for ejecting and printing an image directly on a sheet, but any method may be used. The activation of the printing operation is started by an instruction from the CPU 301. The printer 312 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  The operation unit 308 connected to the operation unit I / F 307 includes a liquid crystal display (LCD) display unit. A touch panel sheet is affixed on the LCD to display a system operation screen, and when a displayed key is pressed, the position information is transmitted to the CPU 301 via the operation unit I / F 307. The operation unit 308 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

  Here, the start key of the operation unit 308 is used when starting a document image reading operation. There are green and red LEDs in the center of the start key, and indicates whether or not the start key can be used depending on the color. In addition, the stop key of the operation unit 308 functions to stop the operation being performed. The ID key of the operation unit 308 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit 308.

  A card reader 319 connected to the external I / F 318 reads information stored in an IC card (for example, Sony Felica (registered trademark)) under the control of the CPU 301, and reads the read information to the external I / F. The CPU 301 is notified via F318.

  Next, functions of the client PC 100, the authentication server 200, and the multifunction peripheral (image forming apparatus) 300 according to the present invention will be described with reference to FIG.

  FIG. 4 is a functional block diagram illustrating an example of functions of the multifunction peripheral 300, the authentication server 200, and the client PC 100. Details of the processing of each function will be described with reference to the flowcharts of FIGS.

The MFP 300 includes an identification information acquisition unit 401, an identification information transmission unit 402, a permitted function setting unit 403, a permitted function information transmission unit 404, an operation information transmission unit 405, and a login unit 406.
Each functional unit is processed by the CPU 301.

  The identification information acquisition unit 401 acquires card information read from, for example, an IC card (storage medium) held over the card reader 319. The identification information acquisition unit 401 can also acquire the user name (user identification information) obtained by transmitting the card information to the authentication server 200 and performing authentication.

  The identification information transmission unit 402 transmits the card information acquired by the identification information acquisition unit 401 to the authentication server 200. When the identification information acquisition unit 401 receives a user name (user identification information), the identification information transmission unit 402 can also transmit the user name (user identification information).

  The permitted function setting unit 403 displays a permitted function selection screen 1100 on the operation unit 308, and sets functions that can be used by the user who uses the multifunction device 300 in accordance with the user's operation on this screen. In addition, the permitted function setting unit 403 can set detailed restrictions on the function to be used on the upper limit setting screen shown in FIG.

  The permitted function information transmission unit 404 transmits the permitted function information set by the permitted function setting unit 403 to the authentication server 200. The operation information transmission unit 405 transmits, to the authentication server, a log (history) operated (used) by a user who has logged in to the multi-function peripheral 300 with respect to the functions set by the permitted function setting unit 403 and made usable.

  For example, the login unit 406 notifies the OS (operating system) stored in the HDD 304 of the user name so that the MFP 300 can be used with the user name (user identification information) corresponding to the IC card held over. (Login instruction function). Note that the login unit 406 can log in (access) by controlling the functions that can be used by the MFP 300 according to the authority given to the logged-in user, for example, the function set by the permitted function setting unit 403. is there. More specifically, the login unit 406 includes a login processing unit included in the MFP 300 and a login instruction unit included in an application that executes the steps of the flowchart of the present embodiment, and the login instruction unit stores the user name in the login processing unit. By notifying, the MFP 300 is logged in.

  The authentication server 200 includes an identification information reception unit 407, an authentication unit 408, a login permission determination unit 409, a permission function information reception unit 410, an operation information reception unit 411, a permission management information storage unit 412, and a search unit 413. Are processed by the CPU 201.

  The identification information receiving unit 407 receives the card information and the user name (user identification information) transmitted by the identification information transmitting unit 402. The authentication unit 408 refers to the card information received by the identification information receiving unit 407 with reference to the authentication table of FIG. 9, and determines whether there is matching card information. In addition, an authentication result is generated so as to return the determined result to the MFP 300. Further, the authenticated authentication result is stored in the external memory 211.

  The login permission determination unit 409 determines whether the authority level of the card information that the authentication unit 408 has determined to be successful is the card information having the authorization (permission) authority to permit login (access) to the MFP 300 by the first user. Determine whether or not. In other words, it is determined whether or not the user of the IC card held over the second sheet is a user who has authorization authority.

  The permitted function information receiving unit 410 receives the permitted function information transmitted from the permitted function information transmitting unit 404 and stores it in the RAM 203. The operation information receiving unit 411 receives a log (history) that is operated (used) by a user who has logged into the multi-function peripheral 300 and transmitted by the operation information transmitting unit 405.

  The permission management information storage unit 412 stores the permission function information received by the permission function information receiving unit 410 or the log (history) operated (used) by the user received by the operation information receiving unit 411 in the external memory 211.

  The search unit 413 searches the information stored by the permission management information storage unit 412 according to a request from the client PC 100, and transmits the search result. For example, the search unit searches the database serving as the external memory 211 using an SQL command according to the search information included in the request from the client PC 100. The search unit stores a log (history) that has been operated (used), for example, searches for permission management information in FIG. 14, and for example, searches for authentication result management information in FIG. 18, for example, in which the authentication unit 408 stores authentication results. I do.

  The client PC 100 includes a search request unit 414 and a search result display unit 415, and each functional unit is processed by the CPU of the client PC 100.

  The search request unit 414 requests the authentication server 200 for a search condition input by a user operation in order to search for information stored in the external memory of the authentication server 200. Further, the search result display unit 415 displays the search result obtained in accordance with the request of the search request unit 414 on a display using, for example, a browser as shown in FIGS.

  Next, an authentication process when the first card of the embodiment according to the present invention is held over will be described with reference to FIG.

  Note that the processes of steps S501 to S506, steps S511 to S512, and steps S515 to S518 are processes of the multifunction peripheral 300, and are executed by the CPU 301. Further, the processes of steps S507 to S510 and steps S513 to S514 are processes of the authentication server 200, and are executed by the CPU 201.

  First, in step S501, in order to prompt the user to hold the IC card of the user who logs in (accesses) the MFP 300, the CPU 301 stores in advance the first card holding notification screen (not shown) (not shown). A message such as “Hold the first card (card of the login person)” is displayed on the operation unit 308.

  In step S <b> 502, the CPU 301 determines whether an IC card is held over the card reader 319. The determination is made based on a card holding event that can be acquired when an IC card is held over the card reader 319. If the IC card is held up, the process proceeds to step S503. If the IC card is not held up, the process waits to obtain a card holding event. The IC card stores card information (card manufacturing number and a unique identification number to be arbitrarily stored).

  In step S503, the identification information acquisition unit 401 acquires card information (card information of the first user) included in the card holding event obtained by holding the IC card over the card reader 319 (acquisition of identification information).

  In step S504, the CPU 301 requests the card reader 319 to stop reading so that the card information is not read even when another IC card is held over. This process is to prevent the card information of other IC cards from being read during the authentication process of the card information acquired in step S503.

  In step S505, the card information acquired in step S503 is stored in the RAM 302. By storing the card information, it is possible to determine that the first card and the second card are different cards in the process of step S608 described later.

  In step S506, the card information (first user card information) acquired in step 503 by the identification information transmission unit 402 via the network I / F 305 or stored in step 505, the IP address of the MFP 300, and the composite The product name of the machine and the device name of the multifunction machine are transmitted to the authentication server 200 (transmission of identification information).

  In step S507, the identification information receiving unit 407 receives the card information and IP address transmitted in step 506, the product name of the multifunction device, and the device name of the multifunction device via the communication I / F controller 208 (identification information reception). ). The received card information, IP address, product name of the multifunction device, and device name of the multifunction device are stored in the RAM 203.

  Note that the IP address transmitted and received in steps S506 and S507 may be an IP address transmitted and received by TCP / IP communication, and the program that executes this process may not be actively transmitted and received.

  In step S508, the authentication unit 408 compares the card information received by the identification information receiving unit 407 with the card number 901 of the authentication table of FIG. 9, and the authentication unit 408 determines whether there is a card number that matches the authentication table. Determine if it is successful. If the card number exists in the authentication table of FIG. 9, it is determined that the authentication has succeeded, and if the card number does not exist in the authentication table of FIG. 9, it is determined that the authentication has failed. If the authentication is successful, the process proceeds to step S513. If the authentication is unsuccessful, the process proceeds to step S509. Note that the authentication method may be configured to perform authentication with respect to an LDAP (Lightweight Directory Access Protocol) server that exists in a separate housing (not shown). When performing authentication for the LDAP server, the card information is registered in advance as data managed by the LDAP server, and the authentication is performed based on whether or not the corresponding card information exists with reference to the LDAP server. I do. In step S509, the CPU 201 stores the authentication (failure) result in step S508 in the external memory 211. In step S509, the authentication time, authentication failure flag, number of authentications, card information, product name, device name, and IP address of the MFP 300 are stored as information when authentication fails (FIG. 18). . In addition, the card information received in step S507, the product name of the MFP 300, and the device name are stored.

  The permission management information storage unit 412 stores the authentication time at the authentication time management information authentication time 1801 in FIG. 18, stores “failure” information in the authentication result 1802, and sets the authentication count 1803 to “first time”. And the card information is stored in the user card information 1805. Further, the product name, device name, and IP address of the MFP 300 received in step S507 are stored in the product name 1809, device name 1810, and IP address 1811, respectively.

  Note that the user 1804, the approver 1806, the approver card information 1807, and the authentication failure reason 1808 are stored when the second IC card is held over. The authentication result can be viewed from the administrator's client PC 100.

  In step S <b> 510, the CPU 201 transmits authentication failure information to the multifunction device 300. In step S511, when the CPU 301 receives the authentication failure information from the authentication server 200, an authentication failure notification screen (message such as “authentication failed”) stored in advance in the HDD 304 is displayed on the operation unit 308. Display time.

  In step S512, the CPU 301 clears (deletes) the card information stored in the RAM 302 in step S505. Further, the card information is cleared and reading of the card reader is started to read the card information. If the card information is cleared, the next card information to be acquired is determined to be the first IC card, and the process proceeds to step S501.

  In step S513, the CPU 201 stores the authentication (success) result in step S508 in the external memory 211. In step S513, the authentication time, the authentication success flag, the authentication count, the card information, the user information, the product name, the device name, and the IP address of the MFP 300 are stored as information when the authentication is successful. (FIG. 18). In addition, the card information received in step S507, the product name of the MFP 300, and the device name are stored.

  The authorization management information storage unit 412 stores the authentication time at the authentication time management information authentication time 1801 in FIG. 18, stores “success” information in the authentication result 1802, and sets the authentication count 1803 to “first”. , The user information is stored in the user 1804, and the card information is stored in the user card information 1805. Further, the product name, device name, and IP address of the MFP 300 received in step S507 are stored in the product name 1809, device name 1810, and IP address 1811, respectively.

  Note that the user 1804, the approver 1806, the approver card information 1807, and the authentication failure reason 1808 are stored when the second IC card is held over. The authentication result can be viewed from the administrator's client PC 100.

  In step S <b> 514, the CPU 201 transmits user information (user name 902) associated with the successfully authenticated card number 901 to the multi-function peripheral 300 via the communication I / F controller 208 as authentication success information. In addition to the user name, an e-mail address, department, etc. may be transmitted.

  In step S515, the CPU 301 receives authentication success information via the network I / F 305.

  In step S516, the CPU 301 has a timer (time count) function (not shown) provided in the MFP 300 in order to limit the time from when the first card is authenticated until the second card is held over. ). Note that the time set in this timer is a time set in advance in the MFP 300, and this time can be changed as appropriate by the administrator. Further, the processing in the case of time-out by this timer will be described in step S602 described later.

  In step S517, the CPU 301 stores the user information (user name) received in step S515 in the RAM 302 in association with the card information saved in step S505.

  In step S518, the CPU 301 requests the card reader 319 to start reading in order to read card information from the second IC card. This makes it possible to read other IC cards.

  Next, with reference to FIG. 6, an authentication process when the second card of the embodiment according to the present invention is held over the process of FIG. 5 will be described.

  This flowchart is processing subsequent to step S518 in FIG. 5, and the processing in steps S601 to S611 and steps S617 to S619 is processing of the multifunction peripheral 300 and is executed by the CPU 301. Further, the processing of steps S612 to S616 is processing of the authentication server 200 and is executed by the CPU 201.

  In step S601, a screen that prompts the user with the first card to hold the second IC card to allow login (access) is displayed. In this case, the CPU 301 reads a screen as shown in FIG. 10 stored in advance in the HDD 304 and displays it on the operation unit 308.

  In step S602, the CPU 301 determines whether the set time has been reached using the timer started in step S516. If the timer has reached the set time, it is determined that a time-out has occurred, and the process proceeds to step S603. If the timer has not reached the set time, it is determined that the time-out has not occurred, and the process proceeds to step S605.

  In step S603, as in step S512, the CPU 301 clears (deletes) the card information stored in the RAM 302 in step S505. In step S517, the user information is also cleared (deleted) in the RAM 302.

  In step S604, since the time-out is determined in step S602, the CPU 301 stops the timer started in step S516. In addition, the timer is stopped and reading of the card reader is started to read the card information. When the card information is cleared and the timer is stopped, the next card information to be acquired is determined to be the first IC card, and the process proceeds to step S501.

  In step S <b> 605, the CPU 301 determines whether an IC card is held over the card reader 319. The determination is made based on a card holding event that can be acquired when an IC card is held over the card reader 319. If the IC card is held over, the process proceeds to step S606, and if the IC card is not held over, the process proceeds to step S602 to enter a waiting state to obtain a card holding event.

  In step S606, the identification information acquisition unit 401 acquires the card information (second card information) included in the card holding event obtained by holding the IC card over the card reader 319 (acquisition of identification information). Although steps S605 and S606 are described as steps different from steps S502 and S503, they are the same processes as steps S502 and S503.

  In step S607, the CPU 301 requests the card reader 319 to stop reading so that the card information is not read even when another IC card is held over. This process is to prevent the card information of other IC cards from being read during the card information authentication process and the login permission determination process acquired in step S606.

  In step S608, the CPU 301 determines whether the card information stored in the RAM 302 in step S505 matches the card information acquired in step S606. If the card information matches, it is determined that the IC card held up as the first card and the IC card held up as the second card are the same, the process moves to step S609, and the card information does not match. In that case, the process moves to step S610.

  In step S609, since it is determined that the first IC card and the second IC card are the same (same card), the CPU 301 stores in advance in the HDD 304, not shown. A warning screen (a message such as “the first card is the same as the second card”) is displayed on the operation unit 308. After displaying the warning screen, the process proceeds to step S603.

  In step S610, it is determined that the card information of the IC card held as the first card in step S605 is different from the card information of the IC card held as the second card, and the CPU 301 stops the timer started in step S516.

  In step S611, the user information (the user name of the IC card held over the first card) and the card information (card number of the IC card held over the first card) stored in the RAM 302 in step S517 are acquired in step S606. The card information (the card number of the IC card held over the second card, that is, the card information of the second user), the IP address of the MFP 300, the product name of the MFP, and the device name of the MFP. The CPU 301 transmits to the authentication server 200 via F305 (identification information transmission).

  In step S612, the CPU 201 transmits the user information (user name of the IC card held over the first sheet) and card information (IC held over the first sheet) via the communication I / F controller 208 in step S611. Card number) and card information (the card number of the IC card held over the second card), the IP address of the MFP 300, the product name of the MFP, and the device name of the MFP (identification information reception) .

  If user information is included in the received data, it is determined as the second authentication, and the following processing is performed.

  In step S613, the authentication unit 408 compares the card information received in step S612 (the card number of the IC card held over the second card) with the card number 901 in the authentication table in FIG. 9, and matches the authentication table. Whether or not the authentication is successful is determined based on whether or not the card number exists. If the card number exists in the authentication table of FIG. 9, it is determined that the authentication has succeeded, and if the card number does not exist in the authentication table of FIG. 9, it is determined that the authentication has failed. If the authentication is successful, the process proceeds to step S614. If the authentication is unsuccessful, the process proceeds to step S616. If the authentication is successful, the user name 902 corresponding to the matched card number is stored in the RAM 203. Further, the authentication method may be configured to execute authentication with respect to an LDAP (Lightweight Directory Access Protocol) server existing in a separate housing (not shown).

  In step S614, the login permission determination unit 409 refers to the authority level 903 stored corresponding to the card number 901 determined to be successful in step S613, and logs in to the MFP 300 with the first user ( It is determined whether or not the card number has authorization (permission) authority to permit (access). In other words, it is determined whether or not the user of the IC card held over the second sheet is a user who has authorization authority. For example, if the authority level 903 is “KanriUser”, it is determined that there is an approval authority, and the process proceeds to step S615. If it is “Guest”, it is determined that there is no approval authority, and the process proceeds to step S616.

  In step S615, the login permission determination unit 409 determines whether or not the user name held in the RAM 203 when the authentication is successful in step S613 matches the user name of the first card received in step S612. . If it is determined that the user names match, the process moves to step S616. If the user names do not match, the process moves to step S701 in FIG. By determining whether or not the user names match in this step, for example, when the user uses a plurality of cards, the MFP 300 is used without obtaining permission from other users. Can be prevented. If the card authentication fails in step S613, if there is no approver authority in step S614, or if the user name does not match in step S615, the time when it is determined as information to that effect is stored in the RAM 203.

  In step S616, the CPU 201 stores the authentication (failure) result in steps S613 to 615 in the external memory 211. In step S616, the authentication time, the authentication failure flag, the number of authentications, the card information, the reason for the authentication failure, the product name, the device name, and the IP address of the MFP 300 are stored as information when the authentication has failed. (Authentication result management information in FIG. 18). The card information, the product name of the MFP 300, and the device name use the data received in step S612.

  The permission management information storage unit 412 stores the authentication time at the authentication time 1801 of the authentication result management information in FIG. 18, stores “failure” information in the authentication result 1802, and sets the authentication count 1803 to “second”. The first user information is stored in the user 1804, the first card information is stored in the user card information 1805, the second user information is stored in the approver 1806, and the approver card is stored. The card information of the second person is stored in the information 1807, and the reason for the authentication failure is stored in the authentication failure reason 1808. If the authentication fails in step 613, the information of the approver 1806 is not saved.

  The authentication result can be viewed from the administrator's client PC 100.

  In step S 617, the CPU 201 transmits authentication failure information indicating the reason for the authentication failure to the multi-function device 300 via the communication I / F controller 208.

  In step S618, the CPU 301 receives the authentication failure information transmitted in step S617 via the network I / F 305.

  In step S619, when the authentication failure information is received, an authentication failure screen (not shown) stored in advance in the HDD 304 by the CPU 301 (in the case of NO in step S613, “the authentication of the second card has failed”, If NO in step S614, “the second card user does not have approver authority”, if YES in step S615, “log in because the first card user is the same as the second card user. A message such as “It cannot be permitted” is displayed on the operation unit 308. After displaying the authentication failure screen, the process moves to step S620.

  In step S620, the CPU 301 clears (deletes) the card information stored in the RAM 302 in step S505. In step S517, the user information is also cleared (deleted) in the RAM 302. Further, the card information is cleared and reading of the card reader is started to read the card information. If the card information is cleared, the next card information to be acquired is determined to be the first IC card, and the process proceeds to step S501.

  Next, with reference to FIG. 7, a description will be given of permission processing when the user of the first card permits login by the second card of the embodiment of the present invention following the processing of FIG.

  This flowchart is processing subsequent to the case of NO in step S615 in FIG. 6, and the processing in steps S704 to S716 and steps S719 to S724 is processing of the multifunction peripheral 300 and is executed by the CPU 301. Further, the processes of steps S717 to S718 and steps S725 to S726 are processes of the authentication server 200, and are executed by the CPU 201.

  In step S701, the CPU 201 acquires use authority information 904 corresponding to the second card information from the authentication table of FIG.

  In step S702, the permission management information storage unit 412 stores the authentication time at the authentication time 1801 of the authentication result management information in FIG. 18, stores “success” information in the authentication result 1802, and goes to the authentication count 1803. “Second time” information is stored, the first user information is stored in the user 1804, the first card information is stored in the user card information 1805, and the second user information is stored in the approver 1806. The card information of the second person is stored in the approver card information 1807. The authentication time 1801 is overwritten and saved because it was saved in step S513, but may be saved separately from the authentication time saved in step S513.

  Also, this authentication result can be viewed from the administrator's client PC 100 as shown in FIG. 19, for example.

  Further, the user information (user name) of the first card received in step S612 or the user information (user name) stored in the user 1804 is stored in the user 1301 of the permission management information in FIG. The authentication time 1801 is stored in the approval time 1302. Also, the user information (user name) of the second IC card of the approver 1806 is stored in the approver 1303 of the permission management information in FIG. Further, the product name, device name, and IP address of the MFP 300 stored in the product name 1809, device name 1810, and IP address 1611 are stored in the permission management information 1304 to 1306 in FIG.

  In step S703, the second card is authenticated in step S613, the user of the second IC card has an authorization (permission) authority in step S614, and two users and the first IC card user are authorized in step S614. As a result of determining that the users of the first IC cards do not match, the CPU 201 transmits the user name 902 and the usage authority information 904 corresponding to the second card information to the multi-function device 300.

  In step S704, the CPU 301 receives the use authority information (permitted function information) transmitted in step S703. In other words, information (permitted function information) that allows the user of the second IC card to permit the function of the MFP 300 is acquired from the authentication server 200 (permitted function information acquisition).

  In step S705, the CPU 301 reads the user information (user name corresponding to the first IC card) stored in the RAM 302 in step S517, and the MFP 300 can use the user information with this user information. The user name is notified to the OS (operating system) stored in the HDD 304 and login is performed (login instruction function).

  In step S <b> 706, in response to the login in step S <b> 705, the CPU 301 displays a permitted function selection screen 1100 for selecting a function to be used by the logged-in user among functions that can be used in the multifunction peripheral 300. The permitted function selection screen 1100 is stored in the HDD 304.

  In step S <b> 707, the permitted function setting unit 403 determines whether there is an instruction to permit the function of the multifunction device 300 according to the operation of the permitted function selection screen 1100 by the user. If it is determined that there is an instruction to permit, the process proceeds to step S708. If there is no instruction to permit, the process proceeds to step S709. The instruction to permit is an instruction to press 1101 or 1102 in the state of the permitted function selection screen 1100.

  In step S708, it is determined that there is an instruction to permit, and the permitted function setting unit 403 turns on the check for the function for which the permission instruction has been issued. More specifically, when there is a permission instruction, for example, a check is displayed on 1107 of the permitted function selection screen 1106 (use function setting).

  In step S <b> 709, the permitted function setting unit 403 determines whether there is an instruction to prohibit the function of the multifunction device 300 according to the operation of the permitted function selection screen 1100 by the user. If it is determined that there is an instruction to prohibit, the process proceeds to step S710, and if there is no instruction to prohibit, the process proceeds to step S711. The instruction to prohibit is an instruction to press 1107 or 1103 in the state of the permitted function selection screen 1106.

  In step S710, it is determined that there is an instruction for prohibition, and the permitted function setting unit 403 turns off the check for the function for which the prohibition instruction has been issued. More specifically, when there is a prohibition instruction, for example, check 1101 on the permission function selection screen 1100 is hidden (use function setting).

  In step S711, the permitted function setting unit 403 determines whether or not the detailed setting button 1104 has been pressed in accordance with a user operation in the state of the permitted function selection screen 1100. If the detailed setting button 1104 is pressed, the process proceeds to step S712. If the detailed setting button is not pressed, the process proceeds to step S714.

  In step S712, after the detail setting button 1104 is pressed, the upper limit value setting screen shown in FIG. 12 is displayed. 12 is stored in the HDD 304.

  In step S713, the permitted function setting unit 403 sets permission / non-permission of color copying, function use upper limit, and copy printing upper limit number of copies input by user operation in FIG. 12 (detailed use restriction setting). ). In this upper limit setting, the upper limit value (for example, the print upper limit number of sheets in FIG. 9) included in the received use authority information (permitted function information) can be set as an upper limit.

  In step S714, the permitted function setting unit 403 determines whether the OK button 1105 is pressed on the permitted function selection screen 1106. If the OK button 1105 is pressed, the process proceeds to step S715. If the OK button 1105 is not pressed, the process is awaited.

  In step S715, permission information set on the permission function selection screen 1106 or the upper limit value setting screen in FIG. 12 is acquired and stored in the RAM 302.

  In step S716, the permitted function information transmission unit 404 transmits the permission information stored in the RAM 302 to the authentication server 200 via the network I / F 305. In the permission information, the function name of the permitted function, the upper limit value (number of pages and the number of times the function is used) when the permitted function is used, and color printing and color copying are permitted for the copy and print functions. Information of the first card, the user name (user) of the first card, the user name (authorizer) of the second card, and the permission time.

  In step S 717, the permitted function information receiving unit 410 receives permission information via the communication I / F controller 208.

  In step S718, the permission management information storage unit 412 stores the permission information function name and the upper limit value received in step S717 in the permission management information permission function 1401 and permission function details 1402 in FIG.

  In step S719, the CPU 301 reads from the HDD 304 an operation screen (not shown) that is displayed as a default on the MFP 300, and displays it on the operation unit 308 so that unauthorized functions cannot be executed (use function control). More specifically, functions that are not permitted are grayed out so that they cannot be operated. In addition, you may make it hide the display which concerns on the function which is not permitted except grayout. If the permitted function setting unit 403 sets an upper limit value in step S713, it is assumed that a function exceeding the upper limit value cannot be used, and information indicating that there is a function upper limit value is sent to the operation unit 308. It may be displayed.

  In step S720, the CPU 301 determines whether a print, copy, or transmission function has been executed on an operation screen (not shown) of the operation unit 308. If it is determined that the function has been executed, the process proceeds to step S721. If it is determined that the function has not been executed, the process is awaited.

  In step S <b> 721, the CPU 301 stores operation information related to functions executed on an operation screen (not shown) of the operation unit 308 in the RAM 302. The operation information includes a function name of the executed function, detailed information of the executed function (for example, the number of printed sheets and a printed document name), a login time (time) (not shown), a logout time (time), an operation (Function execution) Time (time) and the like are included.

  In step S722, the CPU 301 determines whether or not a logout process for a user who has logged in to the multifunction peripheral has been performed. If the user has logged out, the process proceeds to step S723. If the user has not logged out, the process is awaited. The logout process is performed when the user presses a logout button provided in the multifunction machine 300 or when there is no operation for a certain period of time.

  In step S723, the CPU 301 clears (deletes) the card information (card number) stored in the RAM 302 in step S505 and the user information (user name) stored in the RAM 302 in step S517.

  In step S724, the operation information transmission unit 405 transmits the operation information stored in step S721 to the authentication server 200 via the network I / F 305. Note that when the operation information is transmitted, the permission information and the operation information stored in the RAM 302 are deleted.

  In step S725, the operation information receiving unit 411 receives the operation information transmitted in step S724 via the communication I / F controller.

  In step S726, the received operation information is stored in the permission management information in FIG. More specifically, the executed function name included in the operation information is stored in the use function 1501, the detailed information of the executed function is stored in the use function detail 1502, and the printed or transmitted document name is stored in the document name 1503. Further, other (not shown) login time (time), logout time (time), operation (function execution) time (time), and the like are also stored.

  Next, the browsing process of the permission management information according to the embodiment of the present invention will be described with reference to FIG.

  In step S801, the CPU of the client PC 100 accepts input of a user name and password via a browser provided in the client PC 100. In step S <b> 802, the CPU of the client PC 100 transmits the accepted user name and password to the authentication server 200.

  In step S803, the CPU 201 of the authentication server 200 receives the user name and password. In step S804, the CPU 201 of the authentication server 200 performs authentication using the received user name and password, and determines authentication. The authentication is determined by comparing with the authentication table of FIG. As a result of authentication, if it is determined that authentication has been performed, the process proceeds to step S808, and if authentication has not been performed, the process proceeds to step S805.

  In step S805, the CPU 201 of the authentication server 200 transmits a result (authentication failure message) that is not authenticated to the client PC 100. In step S806, a result (authentication failure message) that the CPU of the client PC 100 has not been authenticated is received. In step S807, the received unauthenticated result (authentication failure message) is displayed on the browser. Note that the authentication server 200 generates display control information (HTML file) to be displayed by a browser indicating a result of unauthenticating (authentication failure message).

  In step S808, the CPU 201 of the authentication server 200 transmits an authentication result (authentication success message) to the client PC 100. In step S809, the result of authentication of the CPU of the client PC 100 (authentication success message) is received. In the case of successful authentication, a search screen (HTML file) that can be displayed by a browser and that can specify search conditions for searching for permission management information in FIG. 15 is generated by the authentication server 200 and transmitted to the client PC 100. To do.

  In step S810, the CPU of the client PC 100 receives an input of search conditions for searching for permission management information. As search condition items, an operation time, a user, an approver, a product name, and the like can be designated.

  In step S811, the search request unit 414 of the client PC 100 transmits the search condition accepted in step S810 to the authentication server 200. In step S812, the CPU 201 of the authentication server 200 receives the search condition.

  In step S813, the search unit 413 of the authentication server 200 searches the permission management information in FIG. 15 according to the search condition received from the client PC 100. Also, the search result is acquired.

  In step S814, the authentication server 200 transmits the acquired search result to the client PC 100. As a search result to be transmitted, a search result screen (HTML file) that can be displayed by the browser of the client PC 100 is generated by the authentication server 200 and transmitted.

  In step S815, the CPU of the client PC 100 receives the search result, and in step S816, the search result display unit of the client PC 100 displays the received search result on the browser as shown in FIGS.

  In addition, although FIG. 8 demonstrated in the form which searches the permission management information of FIG. 15, it is applicable also with the form which searches the authentication result management information of FIG. In this case, in step S810, the user is made to select a search target. Examples of search targets include an operation log search (permission management information search) in the MFP 300 and an authentication log search (authentication result management information search) when the IC card is held over the MFP 300. Is received, information to be searched in the authentication server 200 is determined.

  When the authentication result management information in FIG. 18 is retrieved, the browser of the client PC 100 displays a result as shown in FIG.

  Furthermore, in the form of FIG. 8, the search request is made from the client PC 100 and the search result is displayed on the client PC 100. However, the search condition is input from the operation unit 308 of the multi-function device 300, and the search request is made. The search result from the authentication server 200 may be displayed on the operation unit 308 of the multifunction device 300.

  FIG. 9 is a diagram showing an example of an authentication table managed by the external memory 211 of the authentication server 200, which is used in the embodiment according to the present invention.

  The authentication table of FIG. 9 is stored in the external memory 211 of the authentication server 200, and is information for authentication using card information (for example, card number) obtained when it is held over the multifunction device 300.

  The authentication table includes a card number 901, a user name 902, an authority level 903, other user management information such as a password, email address, department, and the like, and a multifunction device 300 for each user managed using the card number as a key. Usage authority information 904 for using the above function is stored.

  The user information stored in the authentication table is imported in advance with user information managed by a directory server (not shown), for example. In addition, the authority information is captured at the time of user import. The form for taking data into the authentication table is not limited to the above-described form.

  10, 11, and 12 are diagrams illustrating examples of screens displayed on the operation unit 308 of the multi-function apparatus 300 that are used in the embodiment according to the present invention, and are stored in the HDD 304.

  FIG. 10 is an example of a screen displayed on the operation unit 308 of the MFP 300, and is a screen displayed when authentication by the first IC card is successful. A user name corresponding to the card number of the first IC card is displayed in 1101.

  FIG. 11 is an example of the transition of the screen displayed on the operation unit 308 of the MFP 300, and is a screen displayed when the authentication by the second IC card is successful. On this screen, a user corresponding to the first IC card can specify an available function among the functions of the multifunction device 300 by the user's operation. For example, when 1101 is pressed on the screen 1100, a check is displayed as in 1107 on the screen 1106, and the use of the copy function can be permitted. Further, when a button for permitting all of 1102 is pressed on the screen of 1100, a check is displayed for all the functions, and settings for using all the functions are made available.

  In addition, when the authority of the user corresponding to the second IC card is low and there is no authority to handle the functions provided in the MFP 300, it is possible to give permission only for the functions that can be handled by the user. Yes. Also, when a button for prohibiting all of 1103 is pressed, the check in 1107 is not displayed, and all functions cannot be used.

  Further, an OK button 1105 for confirming information set on the screen of FIG. 11 and the screen of FIG. 12 to be described later and transmitting the information to the authentication server 200 is provided.

  FIG. 12 is an example of a screen displayed on the operation unit 308 of the MFP 300. The screen displayed when the detailed setting button 1104 in FIG. 11 is pressed, and the use of each function can be set in detail. Note that the screen in FIG. 12 is an example when the copy function detail button is pressed, and setting whether to permit color copying, setting the maximum number of copies that can be made, and setting the maximum number of copies that can be made. Is possible.

  13, FIG. 14, and FIG. 15 are diagrams showing examples of permission management information managed in the external memory 211 of the authentication server 200 used in the embodiment according to the present invention. 13 to 15 show transitions of stored data.

  FIG. 13 is a diagram showing data stored as permission management information when the second IC card is authenticated. The user name of the user corresponding to the first IC card is given to the user 1301. The time (date and time) when the second IC card is authenticated is the approval time 1302, the user name of the user corresponding to the second IC card is the approver 1303, and the MFP 300 that requested the authentication. Is stored in the product name 1304, the device name of the MFP 300 that has requested authentication is stored in the device name 1305, and the IP address of the MFP 300 that has requested authentication is stored in the IP address 1306.

  FIG. 14 is a diagram showing data in which the setting information set in FIG. 11 or FIG. 12 is stored in the data of FIG. 13, and the function name checked in FIG. 11 (for example, copy in the case of 1107) is shown. It is stored in the permission function 1401. Further, the detailed settings set in FIG. 12 are stored in the permitted function details 1402.

  FIG. 15 is a diagram illustrating data in which a use log when a user uses a function of the MFP 300 is stored in the data of FIG. 14, and the function name used in the MFP 300 is used as the use function 1501. The function name 1503 stores the data name (job name, document name, etc.) of the print data printed when the function used is print.

  FIGS. 16 and 17 are diagrams showing an example of a screen displayed on the display 210 of the client PC 100 used in the embodiment according to the present invention.

  FIG. 16 is a screen showing the result of retrieval from the permission management information of FIG. 8 at the operation time (for example, January 2008), and is displayed on the display 210 of the client PC 100 using a browser. Note that it is also possible to display on the operation unit 308 of the MFP 300 as described above.

  FIG. 17 is a screen showing a result of retrieval from the permission management information of FIG. 8 at the approval time (for example, January 2008), and is displayed on the display 210 of the client PC 100 using a browser. Note that it is also possible to display on the operation unit 308 of the MFP 300 as described above.

  FIG. 18 is a diagram showing an example of authentication result management information managed by the external memory 211 of the authentication server 200 used in the embodiment according to the present invention.

  In the authentication result management information, the authentication result by the first IC card and the authentication result by the second IC card are stored. It should be noted that the authentication time of authentication by the first or / and second IC card is at the authentication time 1801, the authentication success / failure is at the authentication result 1802, and the first authentication is at the authentication count 1803. If so, the first time is stored, and if it is the second authentication, the second time is stored.

  Also, the user 1804 has the user name of the user corresponding to the first IC card, the user card information 1805 has the card number of the first IC card, and the approver 1806 has the second card. The user name of the user corresponding to the IC card is the card number of the second IC card in the approver card information 1807, and the authentication failure reason 1808 is an authentication failure at the time of authentication of the second IC card. The reason is remembered.

  Further, the product name 1809, the device name 1810, and the IP address 1811 include the product name (for example, model name), device name (optionally) of the MFP 300 that has requested authentication of the first or second IC card. The 1F MFP 1) and the IP address assigned to the MFP 300 are stored.

  18 is configured to be held in the external memory 211 separately from the above-described FIG. 15, but may be configured to hold FIGS. 15 and 18 as one result management information.

  FIG. 19 is a screen showing the result of retrieval from the authentication result management information of FIG. 18 at the authentication time (for example, January 2008), and is displayed on the display 210 of the client PC 100 using a browser. Note that it is also possible to display on the operation unit 308 of the MFP 300 as described above.

[Embodiment 2]
In the first exemplary embodiment, when the first IC card is held over and the first IC card is authenticated, and then the second IC card serving as the approver is held over and authentication is obtained, the multifunction device 300 Configured to be available.

  However, it is also possible to implement a configuration in which the MFP 300 is used by holding the second IC card as an approver before authenticating the first IC card.

  Therefore, in the present embodiment, a mechanism for using the MFP 300 by holding the second IC card as an approver before authenticating the first IC card will be described.

  First, the card number of the first IC card is stored in the RAM 203 in steps S501 to S503. Before obtaining the authentication by transmitting this card number to the authentication server 200, the processing of step S601 to step S610 is executed, and the card number of the second IC card acquired in step S606 and 1 stored in the RAM 203 are stored. The card number of the first IC card is transmitted to the authentication server 200 in step S611. In the case of the present embodiment, the user name 1001 is not displayed on the screen of FIG. 10 displayed in step S601, but “Please hold the second card.” Is displayed.

  Of the card number of the first IC card and the card number of the second IC card received in step S612, the authentication server 200 starts with steps S507 to S507 for the card number of the first IC card. Execute the process and determine whether authentication is possible. If the authentication has failed (N in step S508), the processes in steps S509 to S512 are performed.

  If the authentication is successful (Y in step S508), the process of step S513 is performed, and the processes after step S613 are executed.

  As a result, it is possible to reduce an increase in communication due to holding the IC card twice between the user and the approver.

  In the above embodiment, authentication is performed using a card (IC card), and the user is logged in or permitted to log in. However, authentication is performed by inputting a user name, password, and authentication destination domain name in the operation unit. It is also possible to use a form or a mechanism for authentication using biometric information such as a fingerprint.

  When the biometric information of the fingerprint is used in this embodiment, the card reader 319 is replaced with a fingerprint reader (fingerprint sensor), and the feature point extracted from the fingerprint image obtained by reading the card number 901 of the authentication table of the authentication server 200 with the fingerprint reader is used. It is configured to be converted into data and registered as fingerprint information. Although various techniques are disclosed as a method for extracting feature points, any method (technique) may be used for extraction.

  According to the above embodiment, the multi-function device 300 acquires the card information of the IC card, transmits the card information to the authentication server, and obtains authentication. In addition, when the authentication is obtained, the card information of the next IC card (third-party IC card) held over is sent to the authentication server, and the user is permitted to log in corresponding to the card information obtained previously. obtain.

  In addition, the function of the MFP 300 that can be used by the user who has obtained the login permission is permitted (determined).

  As a result, in addition to user authentication of users who use the multifunction device, it is possible to increase security when using the multifunction device by performing appropriate third-party user authentication.

[Embodiment 3]
In the first embodiment or the second embodiment, the user's card to log in and the user's (authorizer) card to be approved are held over each other.

  The present embodiment provides a mechanism that enables login and approval even when the card of the user who logs in and the card of the user (approver) to be approved are held over the card reader 319 at a time.

  Hereinafter, Embodiment 3 will be described with reference to FIGS.

  In addition, FIG. 5 of Embodiment 1 is replaced with FIG. FIG. 7 of the first embodiment is replaced with FIG. Regarding other drawings, the third embodiment is equivalent to the first or second embodiment, and a description thereof will be omitted.

  Next, the processing of the third embodiment will be described in detail with reference to FIGS.

  FIG. 20 is a flowchart illustrating an example of authentication processing of the authentication system according to the third embodiment.

  Step S2001 is executed by the CPU 301 of the MFP 300, and it is determined whether or not there is a plurality of card information acquired in step S503. If there is a plurality of card information, the process proceeds to FIG. 21. If there is not a plurality of card information (one card), the process proceeds to step S504.

  Note that the card reader 319 used in the third embodiment is a multi-card compatible card reader that can read a plurality of IC cards at a time and acquire card information of the plurality of read IC cards.

  FIG. 21 is a flowchart illustrating an example of authentication processing when a plurality of IC cards are read in the third embodiment.

  Note that the CPU 301 of the multifunction peripheral 300 executes the processing of step S2101 and step S2103 to step S2109. Further, the CPU 201 of the authentication server 200 executes the process of step S2102.

  In step S2101, the identification information transmission unit 402 receives the card information of the plurality of IC cards acquired in step 503, the IP address of the MFP 300, the product name of the MFP, and the device name of the MFP via the network I / F 305. It transmits to the authentication server 200 (identification information transmission).

  In step S2102, the card information of a plurality of IC cards, the IP address of the MFP 300, the product name of the MFP, and the device name of the MFP are received from the MFP 300. Authentication processing is performed on the received card information. In the authentication process, the received card information is compared with the card number 901 in the authentication table of FIG. 9, and it is determined whether or not the authentication is successful depending on whether or not there is a card number that matches the authentication table. If the card number exists in the authentication table of FIG. 9, it is determined that the authentication has succeeded, and if the card number does not exist in the authentication table of FIG. 9, it is determined that the authentication has failed. For each received card information, an authentication result (user name, authority level 903 in the case of authentication success, authentication failure, or authentication success) is transmitted to the requested multifunction device 300.

  In step S2103, the authentication result is received from the authentication server 200. In step S2104, it is determined from the received authentication result whether or not a plurality of pieces of card information are successfully authenticated. If one piece of card information is successful, the process proceeds to step S2105. If two pieces of card information are successful, the process proceeds to step S2106. In the present embodiment, the card information of two IC cards is described as a plurality of card information, but the card information need not be limited to two. For example, when the card information of three IC cards is successfully authenticated and the card information of the approver (for example, card information of authority level KanriUser) is included, in step S2109 described later, the login card of FIG. A selection screen is displayed, and then a login confirmation screen at the time of multiple card authentication shown in FIG. 25 is displayed.

  In step S2105, in order to confirm the IC card (user name) used for login to the user, the login card notification screen of FIG. 23 is displayed on the operation unit 308, and the OK button is pressed by the user operation. If detected, information on the IC card (user name) to log in is acquired, and the process proceeds to step S516. If it is detected that the cancel button has been pressed, the login process is terminated, and the process returns to step S501. Note that the acquired user name is transmitted to the authentication server 200, and various types of information are stored in the authentication result management information of FIG. 18 as in the process of step S513.

  In step S2106, it is determined whether or not there is card information of the approver (for example, card information of authority level KanriUser) in a plurality of card information. If there is approver card information, the process proceeds to step S2109. If there is no approver card information, the process proceeds to step S2107.

  In step S2107, since there are a plurality of IC cards that can be logged in, the login card selection screen shown in FIG. 24 is displayed on the operation unit 308 so that the user can select an IC card (user name) to be used for logging in.

  In step S2108, it is determined whether or not an IC card (user name) for logging in is selected on the login card selection screen in FIG. 24 and the OK button is pressed. If the OK button is pressed, information on the selected IC card (user name) is acquired, and the process proceeds to step S516. If the cancel button is pressed, the login process is terminated, and the process returns to step S501. Note that the acquired user name is transmitted to the authentication server 200, and various types of information are stored in the authentication result management information of FIG. 18 as in the process of step S513.

  In step S2109, in order to confirm to the user whether the IC card (user name) to log in and the IC card (user name) to be approved are incorrect, the login confirmation screen at the time of multi-card authentication in FIG. indicate. When it is detected that the OK button has been pressed by the user, information on the IC card (user name) to log in and the IC card (user name) of the approver is acquired, and the process proceeds to step S705. Note that the user name (may be a card ID) corresponding to the IC card to be logged in and acquired here, and the user name (may be a card ID) corresponding to the IC card of the approver are stored in the authentication server 200. The information is transmitted, and various types of information are stored in the authentication result management information of FIG.

  As described above, when there are three or more pieces of card information, FIG. 24 is displayed in step S2109 and FIG. 25 is displayed. If there are a plurality of card information of the approver, the card information of the approver may be selected as shown in FIG.

  Furthermore, when three or more pieces of card information are acquired in step S503, an error may be set.

  FIG. 22 is a flowchart illustrating an example of login processing after a plurality of IC cards are read in the third embodiment.

  FIG. 22 is a diagram for clarifying the transition from step S2108 in FIG. 21, and the processing is the same as that in FIG.

  In step S705, login is performed with user information including the login user name of FIG.

  As described above, the third embodiment has been described. According to the present embodiment, even when the card reader 319 capable of reading a plurality of cards at a time is used, authentication is appropriately performed and login to the multifunction device 300 is performed. It can be carried out.

  More specifically, login and login approval can be appropriately performed even when the card of the user who logs in and the card of the user (approver) to be approved are held over the card reader 319 at a time. .

  Although Embodiment (1-3) was demonstrated above, according to this Embodiment 1-3, in addition to the user authentication of the user who uses a multi-function machine, it combines by performing the user authentication of an appropriate third party. Security when using the machine can be increased.

  Then, it is possible to increase the security when the image forming apparatus is used by obtaining permission from a third party to log in the multifunction machine 300 and restricting the functions used in the image forming apparatus.

  In addition, according to the present embodiment, the MFP 300 cannot be used unless authentication using two users' cards is successful. Therefore, when using the MFP 300, a user other than the user (login user) is used. Users will be present at authentication. The attending user must be a user who has been granted approver authority.

  Then, after authentication of the user having the authorization authority, it is possible to set usable functions of the MFP 300 and an upper limit when using it.

  Further, the result of the authentication of the card and the information of the use (function execution, operation) result of the multifunction device 300 can be transmitted to the authentication server 200, stored, and viewed by the client (administrator) PC 100. is there.

Therefore, compared with the conventional authentication system, security is high and the effect of suppressing information leakage can be enhanced.

  It should be noted that the configuration and contents of the various data described above are not limited to this, and it goes without saying that the various data and configurations are configured according to the application and purpose.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  Further, the program in the present invention is a program capable of executing the processing methods of FIGS. 5 to 8, and the storage medium of the present invention stores the program capable of executing the processing method in FIGS. 5 to 8. ing. The program in the present invention may be a program for each processing method of each apparatus in FIGS.

  As described above, a recording medium that records a program that implements the functions of the above-described embodiments is supplied to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus stores the program stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by executing the reading.

  In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

  As a recording medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, silicon A disk or the like can be used.

  Further, by executing the program read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) operating on the computer based on an instruction of the program is actually It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the processing and the processing is included.

  Furthermore, after the program read from the recording medium is written to the memory provided in the function expansion board inserted into the computer or the function expansion unit connected to the computer, the function expansion board is based on the instructions of the program code. It goes without saying that the case where the CPU or the like provided in the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

  Furthermore, by downloading and reading a program for achieving the present invention from a server, database, etc. on a network by a communication program, the system or apparatus can enjoy the effects of the present invention.

  In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

  In addition, each process realized by the above-described software can be realized as firmware or hardware configuration, and each process can be realized as each means. The technical scope of the present invention is realized by such firmware or hardware configuration. Is also included.

100 client PC
200 Authentication server 300 Multi-function machine 400 LAN
401 Identification Information Acquisition Unit 402 Identification Information Transmitting Unit 403 Permitted Function Setting Unit 404 Permitted Function Information Transmitting Unit 405 Operation Information Transmitting Unit 406 Login Unit 407 Identification Information Receiving Unit 408 Authentication Unit 409 Login Permit Determination Unit 410 Permission Function Information Receiving Unit 411 Operation Information receiving unit 412 Permission management information storage unit 413 Search unit 414 Search request unit 415 Search result display unit

Claims (12)

An image forming apparatus capable of communicating via a communication medium with an authentication server provided with user information storage means for storing identification information for identifying a user,
Identification information acquisition for acquiring first identification information for identifying a first user and second identification information for identifying a second user, which are input to the image forming apparatus in response to a user operation Means,
Identification information transmitting means for transmitting the first identification information and the second identification information;
Login means for logging in the image forming apparatus by the first user when the first identification information and the second identification information are authenticated by the authentication server in accordance with transmission by the identification information transmission means; An image forming apparatus comprising the image forming apparatus. When the first identification information is authenticated and the second identification information is identification information of a user who can permit the use of the image forming apparatus, the login unit performs the login operation with the first user. The image forming apparatus according to claim 1, wherein the image forming apparatus is logged in. The identification information acquisition unit acquires the first identification information, and acquires the second identification information when the authentication server authenticates the first identification information. Or the image forming apparatus according to 2; Use function setting means for setting the use function of the image forming apparatus;
The use function control means for controlling the use function of the image forming apparatus for the first user according to the use function set by the use function setting means. 2. The image forming apparatus according to item 1. Permission function information acquisition means for acquiring permission function information that allows a user corresponding to the second identification information to permit a function of the image forming apparatus;
The image forming apparatus according to claim 4, wherein the use function setting unit sets the function according to the permitted function information acquired by the permitted function information acquisition unit. The use function setting means includes a detailed use restriction setting means for setting a detailed use restriction of the use function,
The image forming apparatus according to claim 5, wherein the detailed usage restriction setting unit sets a detailed usage restriction with an upper limit value included in the permitted function information as an upper limit.   The log-in means includes a storage medium corresponding to the first identification information and a storage medium corresponding to the second identification information, wherein the plurality of storage media read by the reading means capable of reading the plurality of storage media The image forming apparatus according to claim 1, wherein the first user logs in. When a plurality of storage media read by a reading unit capable of reading a plurality of storage media are storage media corresponding to the first identification information, a first user who logs in the image forming apparatus is And further comprising a selection means for selecting,
The image forming apparatus according to claim 1, wherein the log-in unit logs in the first user selected by the selection unit. The image according to any one of claims 1 to 8, wherein the first identification information and the second identification information are identification information obtained by reading a storage medium with a reading unit. Forming equipment. An authentication processing system comprising a user information storage means for storing identification information for identifying a user and an image forming apparatus capable of communicating via a communication medium,
The image forming apparatus includes:
Identification information acquisition for acquiring first identification information for identifying a first user and second identification information for identifying a second user, which are input to the image forming apparatus in response to a user operation Means,
Identification information transmitting means for transmitting the first identification information and the second identification information;
Login means for logging in the image forming apparatus by the first user when the first identification information and the second identification information are authenticated by the authentication server in accordance with transmission by the identification information transmission means; Prepared,
The authentication server is
Identification information receiving means for receiving first identification information and second identification information from the image forming apparatus;
An authentication processing system comprising: authentication means for authenticating the first identification information and the second identification information received by the identification information receiving means. An authentication method in an image forming apparatus capable of communicating via a communication medium with an authentication server comprising user information storage means for storing identification information for identifying a user,
Identification information acquisition for acquiring first identification information for identifying a first user and second identification information for identifying a second user, which are input to the image forming apparatus in response to a user operation Steps,
An identification information transmission step of transmitting the first identification information and the second identification information;
A login instruction step for instructing the image forming apparatus to log in as the first user when the first identification information and the second identification information are authenticated by the authentication server according to the transmission in the identification information transmission step. The authentication method characterized by performing. An image forming apparatus capable of communicating via a communication medium with an authentication server provided with user information storage means for storing identification information for identifying a user,
Identification information acquisition for acquiring first identification information for identifying a first user and second identification information for identifying a second user, which are input to the image forming apparatus in response to a user operation Means,
Identification information transmitting means for transmitting the first identification information and the second identification information;
Function as login means for logging in to the image forming apparatus by the first user when the first identification information and the second identification information are authenticated by the authentication server in accordance with transmission by the identification information transmission means. A program characterized by letting

Images