JP2011048483A - Peripheral device, network system, communication processing method, and communication processing control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow a manager or user of a device to save time and effort for setting in advance the device, and allow for smooth operation of the device. <P>SOLUTION: A peripheral device (image forming device 1) includes a NIC 106 or WLAN 107 for connection to a network 8 and an NFC-R/W 11 connected to a USB host 109 for wireless connection. The peripheral device further includes a CPU 102 for determining the right of connection to the own device or the right of application use based on capability information or ACL right information added to association information held by the device with a near field wireless communication function, based on the access attempted through near field wireless communication by an NFC mobile terminal 6 through the NFC-R/W 11. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention provides a peripheral device including an image forming apparatus having an authentication function by data communication using a proximity wireless communication technology, a network system in which the peripheral device is connected via a wired or wireless network, and the authentication of the peripheral device. And a communication processing control program for executing communication processing control executed by the communication processing method by a computer.

  In recent years, employee cards, student ID cards, commuter passes, wallets, etc. use IC cards that use near field communication technology (NFC) as ID cards to identify individuals. There is a lot going on. The standard called NFC is a communication protocol that uses a 13.56 Hz frequency band by an electromagnetic induction method and is used for short-distance communication at a relatively low speed with a communicable distance of about 10 cm. This standard is set as NFC IP-1 (ISO / IEC18092) and NFC IP-2 (ISO / IEC214484). The NFC functions include a card emulation function, a reader / writer emulation function, and an inter-terminal communication function, as well as an NFC inter-terminal pairing function and a Bluetooth (Bluetooth) handover function as extended functions.

  The card emulation function functions as a non-contact IC card, and corresponds to an IC card / tag of FeliCa standard, Type A standard, Type B standard, and RFID (ISO15693 standard). The reader / writer emulation function functions as a reader / writer, can read and write IC cards and tags corresponding to the above standards, and can be used with mobile phones and PDAs (Personal Digital Assistants) that incorporate NFC in smart card chips. This is a function that enables transfer of predetermined information when the standard IC or tag is used. The inter-terminal communication function is a function for transmitting and receiving data between NFC-compatible devices. The pairing function between NFC terminals is a function of performing only pairing or authentication between NFC-compatible devices by NFC, and after pairing or authentication, a large amount of data is communicated by another high-speed standard. As described above, the Bluetooth handover function performs only pairing or authentication between NFC-compatible devices using NFC, and then transmits and receives a large amount of data via Bluetooth. A similar function is a WiFi handover function.

  In the field of computers, device users are restricted using an IC card having an NFC communication function, or network pairing or association has been realized. Furthermore, this NFC function is proposed not only for the computer field but also for network pairing and association at NFC in consideration of security for the use of office equipment with multiple copy and facsimile functions. Yes.

  That is, when transmitting and receiving information wirelessly, radio waves propagate over a wide range, so unless the other device is specified accurately, the security of data transmission between devices will be reduced. There is. This problem is no exception even in NFC with a communication distance of about 10 cm. Therefore, in an IC card or the like, a digital certificate stored in a protected area called a token is used. This token is referred to as an NFC token when used for NFC.

  There are various NFC token methods themselves, but in many cases, information necessary for using the device is recorded in a storage area in the NFC token, and the information is read before starting communication. High security functions are ensured by performing authentication processing such as associations that exchange and share information such as encryption methods and encryption keys to establish a secure communication path, pairing using pairing encryption, or IC card authentication. Like to do. This information storage area may be equipped with a function for performing mutual authentication between the NFC token and the device at the time of data access. In the NFC token, setting information necessary for network connection and information necessary for authenticating an individual are held, and can be acquired by the device. The area in which the information in the NFC token is held differs depending on the function to be used. For this reason, it is necessary to select an area to be accessed according to the function used by the user. In some cases, the equipment settings had to be changed for this selection. The change of the setting needs to be executed by the user, and the setting changing operation is complicated for the user.

  Instead, due to the information in the NFC token and the area to be accessed, the user can send and receive information necessary for device usage authentication and device network settings without changing the device settings. For example, Patent Documents 1 and 2 have proposed granting device use authority and function authority.

  Among these, Patent Document 1 (Japanese Patent Application Laid-Open No. 2008-160173) discloses a communication system including a management device that manages communication parameters, a base station, and a communication device. Determination means for determining the start of setting processing, and transmission means for transmitting a message for the base station to register the management device in response to the determination by the determination means, the base station, A detecting unit for detecting a message transmitted by the transmitting unit, a registering unit for registering a management device that is a transmission source of the message detected by the detecting unit, and a communication device for the management device registered by the registering unit And a transmission means for transmitting a communication parameter acquisition request from the same.

  Patent Document 2 (Japanese Patent Application Laid-Open No. 2008-131175) discloses an acquisition unit that acquires identification information of a wireless communication device from a portable storage medium, and the wireless communication based on the identification information acquired by the acquisition unit. A management device is disclosed that includes a search unit that searches for a communication device, and a determination unit that determines whether to perform wireless parameter setting processing for the wireless communication device according to a search result by the search unit. .

  However, with conventional technology, personal information such as ID and password for each user is stored in the NFC token in the association information, pairing information, and authentication information for the device to connect to the network, and that information is used. When doing so, it is necessary for the user to change in advance the setting for what the information is used for. This change is for setting authentication settings and function restrictions. If this setting is not made, network connection and authentication for the information cannot be performed, and the device may not be usable.

  Therefore, the problem to be solved by the present invention is that it is possible to omit the trouble of setting the device in advance by the administrator or user of the device and to enable smooth device operation.

  In order to solve the above-described problem, the first means is a peripheral device including an interface for connecting to at least one of a wired LAN and a wireless LAN line and a local interface for connecting using wireless, There is an access by the short-range wireless communication from the device device through the local interface, and the capability information or the ACL authority information added to the association information held by the device equipped with the short-range wireless communication function based on the access Control means for determining the authority to connect to the own machine or the authority to use the application based on the apparatus is provided.

  A second means is characterized in that, in the first means, the control means determines the type of capability information or ACL authority information used for authentication in the authentication information acquisition process.

  The third means is characterized in that, in the second means, the control means communicates with the authentication information held by itself and a server holding the authentication information.

  The fourth means is characterized in that, in the third means, the control means manages the type of capability information or ACL authority information and the registered user in association with each other.

According to a fifth means, in the third or fourth means, the control means provides a function restriction that the peripheral device can use for each capability information or ACL authority information, and a function restriction that the peripheral device can use for each registered user. It is characterized in that the user's function restriction is set in combination.
According to a sixth means, in any one of the first to fifth means, the control means performs the determination when using a peripheral device from a program operating on the client computer, and operates on the client computer. It is characterized by enabling communication with.

  A seventh means is any one of the first to sixth means, wherein the peripheral device is a printer device, a scanner device, a facsimile device, a digital multifunction peripheral having at least two functions of these devices, and It is one of personal computers, and the device device is one of an IC card, RFID, NFC-R / W, and a mobile terminal.

  The eighth means includes a network line including either a wired LAN or a wireless LAN line, and a peripheral device according to any one of the first to seventh means connected to the network line via the interface. It is a network system provided.

  Ninth means is a communication processing method for a peripheral device including an interface for connecting to at least one of a wired LAN and a wireless LAN line and a local interface for connection using radio, wherein the local interface is When the peripheral device accesses the peripheral device through short-range wireless communication, the capability information or ACL added to the association information held by the device equipped with the short-range wireless communication function based on the access It is characterized in that determination of connection authority to the own machine or application use authority is performed based on the authority information.

  A tenth means is a communication for executing communication processing control of a peripheral device having an interface for connecting to at least one of a wired LAN and a wireless LAN line and a local interface for connecting by wireless using a computer. A processing control program, when the peripheral device is accessed from a device device by short-range wireless communication via the local interface, and when the use of the peripheral device is started based on the access, the device device A procedure for recognizing a token used in short-range wireless communication, a procedure for determining the type of the token, a procedure for acquiring the token information, and a capability added to association information held by the device device Based on information or ACL authority information Characterized in that it and a procedure for determining the authorization or application usage rights.

  In the embodiment described later, the wired LAN and the wireless LAN line are connected to the network 8, the interface for connecting to at least one of the wired LAN and the wireless LAN line is connected to the NIC 106 and the WLAN 107, and the local interface is an NFC connected to the USB host. -R / W11, peripheral device is image forming apparatus 1 or PC5, device device is IC card 113, RFID114, NFC-R / W115, mobile terminals 6 and 7, near field communication is NFC (Near Field Communication) The control means is the CPU 102, the RAM 103, the ASIC 104, the operation display unit is the code 13, the network is the code 8, the ACL management (or capability information management) server is the code 4, the token information is the code 10, and the communication contents Means for recording and holding the RAM 1 6 and HDD 117, the corresponding.

  ADVANTAGE OF THE INVENTION According to this invention, the administrator and user of the apparatus with a restriction | limiting of the function which can be utilized can eliminate the effort which sets an apparatus in advance, and smooth apparatus operation is attained.

1 is a block diagram showing a system configuration of a network system of an image forming apparatus according to an embodiment of the present invention. FIG. 2 is a block diagram illustrating a hardware configuration of the image forming apparatus 1 in FIG. 1. 3 is a block diagram showing a software configuration of the image forming apparatus 1 according to the present embodiment. FIG. It is a block diagram which shows the software module structure which paid its attention to the service module of an authentication control service. It is a figure which shows the display state of the operation display part of an image forming apparatus, and shows the example in case a capability function is effective with a user authority with an NFC installation apparatus. FIG. 9 is a diagram illustrating a display state of an operation display unit of an image forming apparatus, and illustrates an example in which the capability function is enabled with administrator authority in an NFC-equipped device. It is a figure which shows the display state of the operation display part of an image forming apparatus, and shows the example of a display during recognition of an NFC apparatus. It is a figure which shows the display state of the operation display part of an image forming apparatus, and shows the example of a display during acquisition of NFC apparatus information. It is a figure which shows the display state of the operation display part of an image forming apparatus, and shows the example of a notification when it matches with authority conditions. It is a figure which shows the display state of the operation display part of an image forming apparatus, and shows the example of a notification when not meeting capability conditions. It is a figure which shows the display state of the operation display part of an image forming apparatus, and shows the example of a notification when not meeting ACL authority conditions. It is a flowchart which shows the acquisition operation | movement procedure of NFC token information which concerns on this embodiment.

  In the present invention, when sending / receiving association information, pairing information, and authentication information, the condition of the authentication information varies depending on the type of capability information or ACL authority information in NFC. And the difference in ACL authority information is determined to limit the functions that can be used. At that time, it is possible to associate (link) the function restriction for each capability information or ACL authority information with the function restriction of the registered user.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a block diagram showing a system configuration of a network system of an image forming apparatus according to an embodiment of the present invention. In this figure, this system is configured such that an access point 2, a network terminal device 3, an ACL management (or capability information management) server 4, a PC 5, and the like are communicably connected to an image forming apparatus 1 via a network 8. Yes. Further, NFC reader / writer devices (hereinafter referred to as NFC-R / W) 11, 12 capable of interfacing with the NFC token 10 are connected to the image forming apparatus 1 and the PC 5, respectively. The network 8 is, for example, a wired LAN or a wireless LAN, and a combination thereof may be used.

  The NFC-R / W 11 connected to the image forming apparatus 1 can perform NFC communication with the NFC token 10, and communication is performed when the NFC token 10 enters the communication distance of the NFC-R / W 11. . The user records the association information necessary for network settings held in the NFC token 10 or the NFC-equipped mobile terminals 6 and 7 (for example, an NFC-equipped mobile phone or PDA) and ACL information and capabilities for each individual or each token. When the operation of the image forming apparatus 1 is started or when the operation by the PC 5 is started, the NFC token 10 is passed to the NFC-R / W 11 or 12. Thereby, when the network association or the authentication process is successfully performed, the communication with the image forming apparatus 1 or the PC 5 and the installed application can be started. That is, when the information recorded in the NFC token 10 is acquired by the NFC-R / W 11, 12 when the NFC token 10 is transferred to the NFC-R / W 11, 12, the NFC-R / W 11 or 12 is connected. Network association, pairing, or authentication processing is performed in the image forming apparatus 1 or PC 5 that is present. When the network association, pairing, or authentication process is successful, the user who has been authenticated by the NFC token 10 can start using the image forming apparatus 1 or the PC 5. Furthermore, data communication can be performed with a device connected to the network.

  FIG. 2 is a block diagram showing a hardware configuration of the image forming apparatus in FIG. The image forming apparatus 1 basically includes a controller 100, an operation display unit 13, a fax control unit 14, a plotter (plotter engine) 15, a scanner (scanner engine) 16, and other hardware resources 17.

  The controller 100 includes a north bridge (hereinafter referred to as NB) 101, a CPU 102, a RAM 103, and an ASIC 104. The CPU 102, the RAM 103, and the ASIC 104 are connected to the NB 101, respectively. The NB 101 further includes a serial bus 105, a NIC (Network Interface Card) 106, a wireless LAN (Wireless LAN—hereinafter abbreviated as WLAN) 106, a USB device 108, a USB host 109, and a memory card I / F 110. And is used when connecting to serial communication, network communication, wireless communication, or a USB device. NFC-R / W11 is connected to USB host 109 via USB cable (bus) 112, and IC card 113, REID 114, other NFC-R / W115, mobile phone, PDA, etc. are connected by NFC-R / W11. The NFC token 10 of the mobile terminals 6 and 7 can be accessed. The ASIC 104 is connected to the RAM 116 and the HDD 117. Note that the mobile phone 6 and the PDA 7 as mobile terminals are equipped with an NFC chip set using a smart card chip and can communicate using the NFC protocol. In the present embodiment, the NFC chip sets 6a and 7a using smart card chips are mounted on the mobile terminals 6 and 7, and communication using the NFC protocol is possible. In this embodiment, communication with any device connected to the network 8 via the NFC-R / Ws 11 and 12 is possible.

  Hardware such as the fax control unit 14, the plotter 15, the scanner 16, and other hardware resources 17 are connected to the ASIC 104 via the PCI bus 118, and the operation display unit (operation panel) 13 is connected via the PCI bus 118. Without being connected directly to the ASIC 104.

  In the controller 100, the CPU 102 controls each unit connected via the NB 101, and the ASIC 104 executes preset control for the hardware group. The CPU 102 develops a program stored in a ROM or HDD 117 (not shown) in the RAM 103, and executes control based on the program while using the RAM 103 as a work area. The RAM 116 is a storage device for storing temporary data in the process of executing control, and the HDD 107 is a hard disk device as a nonvolatile storage device capable of storing a large amount of data.

  The serial bus 105 is used for serial communication with an external device, the NIC 106 is an expansion card for connecting to a LAN, and the WLAN 107 is an expansion card for connecting to a wireless LAN. Are respectively connected to the LAN. The USB device 108 is a device for USB connection. A memory card is inserted into the memory card I / F 110 as necessary, and connection to the PCI bus 111 is achieved.

  The operation display unit 13 is a so-called operation display unit, and is a user interface capable of performing an input operation together with a message display. The fax control unit 14 enables G3 and G4 fax communications, and the plotter 15 prints an image on a recording sheet, and functions as an output resource of the image forming apparatus 1. The scanner 16 is an optical reading device that reads a visible image such as a document or a barcode, and functions as an input resource for read data of the image forming apparatus 1. Other hardware resources 17 include peripheral devices such as a paper feeding device, a finisher, a folding device, a cover feeder, and a mail box.

  As described above, the NFC-R / W 11 connected to the USB host 109 is used for accessing the NFC token 10. At that time, the CPU 102 is connected to the NFC-R / W 11 via the north bridge 101, the PCI bus 111, and the USB host 109 by the USB cable 112, and by transmitting a command from the CPU 102 to the NFC-R / W 11 This is realized by controlling the NFC-R / W 11 to communicate with the NFC token 10 such as the IC card 113 or REID 114. Data such as network association information, pairing information, user authentication information, and key information for accessing the authentication information is transmitted and received through the communication path with the USB host 109. For this reason, there is a concern about leakage of information due to the USB cable 112 being monitored. Therefore, this is dealt with by encrypting the transmission and reception of commands and data on the USB. Before encryption, authentication is performed with the NFC-R / W11, and a common key obtained from the result is generated. The USB cable 112 is secured by performing encryption and decryption using a common key.

  FIG. 3 is a block diagram showing a software configuration of the image forming apparatus 1 according to the present embodiment. The image forming apparatus 1 basically includes a controller unit CR and an engine unit EN, and physical printing, reading, and other processes are executed by the engine unit EN based on the control of the controller unit CR.

  The controller CR has a configuration in which a service layer 20 and an application layer 30 are provided on the operation system OS. The service layer 20 includes a system control service 21, a fax control service 22, an engine control service 23, a memory control service 24, an operation Each unit includes a control service 25, a network control service 26, and an authentication control service 27. The application layer 30 set thereon is provided with a copy application 31, a fax application 32, a printer application 33, and a web application 34. The engine unit EN is connected to the controller unit CR via the engine I / F 18 via the engine control board 19, and the plotter engine 15, the scanner engine 16, and other hardware resources 17 are controlled by the engine control board 19.

  Since it is configured in this way, the image forming apparatus 1 can perform processing by each of the applications 31, 32, 33, and 34 such as copy, fax, printer, and web, and uses these applications. Personal authentication is performed by the authentication control service 27. At that time, the user can use these applications 31, 32, 33, and 34 only after the network association, pairing, or personal authentication is successful by the authentication control service 27.

FIG. 4 is a block diagram showing a software module configuration focusing on the service module of the authentication control service 27.
In this figure, in this software module, an NFC resource manager 27-2, a network library 27-5, an address book DB 27-7, and a drawing processing module 27-10 are arranged under the NFC framework 27-1. Further, an NFC-R / W device driver 27-3 and a USB host device driver 27-4 are located below the NFC resource manager 27-2. Further, the wireless driver 27-6 is located under the network library 27-5, the file system 27-8 and the HDD driver 29-9 are located under the address book DB 27-7, and the drawing processing module 27- The graphic driver 27-11 is located below the application 10, and the application 30 executes the applications 31, 32, 33, and 34 based on the NFC framework 27-1.

  In the present embodiment, the NFC framework 27-1 receives an authentication request from the application 30, and performs display processing on the operation display unit 13 via the drawing processing module 27-10 and the graphic driver 27-11, and the NFC source manager 27- 2 obtains network setting information and authentication information from the NFC token 10 and inquires about the obtained information to the wireless driver 27-6 and / or the external access point 2 using the network library 27-5, or addresses An inquiry is made to the book DB 27-7, or an inquiry is made to the external authentication server 4. Then, the detailed information in the middle of the NFC framework inquiry and the result, the network setting and authentication success or failure are output to the application 30.

  FIG. 5 is a diagram showing a display state of the operation display unit (operation panel) 13 including the display screen unit of the image forming apparatus 1, and is an example in the case where the capability is valid with the user authority. In this embodiment, the operation display unit 13 itself has a touch panel configuration, and an instruction input or a selection input is performed by touching or pressing a predetermined area of the displayed screen. FIG. 5 shows a screen when the NFC token 10 is assigned to the NFC-R / W 11 and the NFC-R / W 11 recognizes the NFC token 10. On the display screen 13-1 of the operation display unit 13 in FIG. 5, a “copying is possible” display 13-2, a paper size and paper scaling selection button 13-3, and a “user usage permission” display 13-4 Is displayed.

  FIG. 6 is a diagram illustrating a display state of the operation display unit 13 including the display screen unit of the image forming apparatus 1 when the capability function is valid with administrator authority. On this display screen 13-1, a "Copyable" display 13-2, a paper size and paper magnification selection button 13-3, and a "capability / ACL: administrator" display 13-5 are displayed. ing.

  FIG. 7 is a diagram illustrating a display state of the operation display unit 13 including the display screen unit of the image forming apparatus 1 during recognition of the NFC device. On this display screen 13-1, a message 13-6 “NFC token recognized.... Recognizing”, a cancel button 13-7 and a cancel button 13-8 are displayed. The cancel button 13-7 is a button that is pressed when the user recognizes that the recognized NFC token 10 is wrong and uses the correct NFC token 10 again. After pressing this button, if the correct NFC token 10 is transferred to the NFC-R / W 11, the correct NFC token 10 can be recognized continuously. On the other hand, the cancel button 13-8 is wrong in causing the NFC token 10 to be recognized in the first place, and is pressed when the NFC token 10 ends the recognition process.

  FIG. 8 is a diagram illustrating a display state of the display screen of the operation display unit 13 when the NFC token information is acquired after the authentication of FIG. 7 is completed. Here, information in the NFC token 10 is displayed. That is, the standard determination of the NFC token 10 (IC card type determination) is performed from the information in the NFC token 10, and the type of the NFC token being tricked is displayed. Moreover, what information was acquired for is displayed on this screen depending on the information in the NFC token 10 and the area being accessed. Note that the card types of the NFC IC card 113 assumed in this embodiment are FeliCa, Type A, and Type B standards, and in this embodiment, PtoP (Peer to Peer) recognition is also possible. Further, as described above, RFID can also be used.

  In this embodiment, together with the message 13-9 “NFC token information is being acquired” and card type determination, FeliCa 13-9a, Type A 13-9b, Type B 13-9c standards and PtoP (Peer to Peer) 13 -9d and whether the application type used for authentication is association 13-9e, pairing 13-9f, or IC card authentication 13-9g, for example, the corresponding item is highlighted. Is done. Thereby, the user can understand the information in the NFC token 10 at a glance.

  FIG. 9 is a diagram illustrating a display state of the operation display unit 13 when the security conditions are matched from the capability information and ACL authority information in the NFC token 10 processed as described above. In this case, the display screen 13-1 displays a display 13-10 “Security conditions matched with capability or ACL authority in NFC” and an OK button 13-11. If the user presses the OK button 13-11 based on this display, the subsequent processing becomes possible.

  On the other hand, FIG. 10 is a diagram showing a display state of the operation display unit 13 when the security conditions do not match from the capability information in the NFC token 10. Here, a display 13-12 and a return button 13-13 are displayed on the display screen 13-1, "This NFC cannot be used under device capability conditions." When displayed in this way, if the return button 13-13 is pressed, the screen moves to the previous operation screen, for example, the authentication screen.

  Similarly, FIG. 11 is a diagram showing a display state of the operation display unit 13 when the security conditions do not match from the ACL authority information of the NFC token 10. In this case, a return button 13-15 is displayed on the display screen 13-1 together with a display 13-14 "Unavailable under the ACL authority conditions of this NFC device."

  FIG. 11 is a flowchart showing an operation procedure for acquiring NFC token information according to the present embodiment. The processing in the flowchart mainly includes processing such as NFC token recognition processing, ACL / capability information check processing, network setting processing, association or pairing processing, and screen display processing for an administrator. In this flowchart, first, after the system including the image forming apparatus 1 is activated, when the NFC-R / W 11 is connected to the USB host 109 of the image forming apparatus 1 and the NFC-R / W 11 is usable, When the user brings the mobile terminal 6 having an NFC function such as an IC card 113, an RFID chip 114, a mobile phone, or a PDA to a position close to the NFC-R / W11 and moves it over the NFC-R / W11 The information in the NFC token 10 in the mobile terminal 6 is recognized (step S1). Next, type information of the NFC token 10 being used is determined based on the information on the access area in the NFC token 10 (step S2).

  When the recognition process for the NFC token 10 in step S1 and the type determination process for the NFC token 10 in step S2 are being performed, the in-recognition screen shown in FIG. 7 is displayed to the user (step S3). It is determined from the information in the NFC token 10 whether the information is for network association, pairing, or authentication (step S4), and then capability information or ACL added to the head area or the rear area of the information. Information on acquisition and restriction of authority information is extracted (step S5). Next, since the subsequent processing differs depending on whether it is a general user or an administrator based on capability information or ACL authority information, it is determined whether the user who tricked the NFC token 10 is a general user or an administrator. (Step S6).

  If it is determined in step 6 that the user is a general user, the fact that the network setting has been made is displayed on the display screen 13-1 (step S7), and is necessary for the network setting acquired from the NFC token 10. Using the information, network association or pairing processing is performed (steps S8, S9, S11, and S13). When the network association or pairing process is completed, a message to that effect is displayed on the operation screen 13-1 of the operation display unit 13 (steps S10, S12, S14), and the process is completed. A screen is displayed to the user according to the restriction of the capability information and ACL authority information for the user who has finished pairing or association processing from the capability information and ACL authority information acquired in step S5 (step S18). Examples of this display screen are the above-described FIG. 9, FIG. 10 and FIG.

  On the other hand, if it is determined in step S6 that the user is an administrator user from the capability information or ACL authority information in the NFC token 10, the administrator level is checked (step S15. In this embodiment). If it is a limited administrator (for example, an administrator who can change only the network settings), a screen for the limited administrator is displayed (step S16) Device manager (all settings related to device settings can be made). If it is an administrator, a screen for the device administrator is displayed (step S17), and then the screen display after the determination by these processes is performed, an example of this display screen is shown in FIG. FIG.

  In the present embodiment, an example has been described in which the NFC token R of the NFC-connected mobile terminal 6 is recognized by the NFC-R / W 11 connected to the image forming apparatus 1. When the NFC-R / W recognizes the mobile terminal 7, for example, the NFC token 10 of the PDA, the authentication information is displayed on the display 5a of the PC 5 and the operation display unit 13 of the image forming apparatus 1. In addition, when the NFC-R / W is connected to any device connected to the network 8 and the NFC token 10 of the mobile terminals 6 and 7 is authenticated by the NFC-R / W, the NFC-R / W Authentication information is displayed on the display of the device to which the R / W is connected and on the operation display unit 13 of the image forming apparatus 1.

As described above, according to the present embodiment,
1) When sending / receiving association information, pairing information, and authentication information, after user authentication is established, the difference in capability information and ACL authority information is judged to limit the functions that can be used. The administrator and user of the restricted device can save time and effort for setting the device in advance, and smooth device operation is possible.
2) By delegating the NFC token 10 to the NFC-R / W11, information in the NFC token 10 is acquired, and it is automatically determined whether to perform network setting or authentication processing based on the acquired information. be able to. As a result, it is possible to omit the time and effort required for the device administrator and the user to set the device in advance, and smooth device operation is possible.
3) Capability information or ACL authority information in the NFC token 10 is used to perform network setting, device authentication, and function restriction processing on the device. It is possible to easily set the usage authority for each of the security information and the ACL authority information. This enables secure device operation.
4) By associating (linking) the level of a general user or device administrator with capability information or ACL authority information in advance, the operation of the device can be performed without setting information for each user in advance for the device. It becomes possible.
5) Even when using a peripheral device from a program running on a client PC, similarly, by restricting the functions used for each information in NFC, the device can be secured even when accessing the device remotely. Operation becomes possible.
There are effects such as.

  It should be noted that the present invention is not limited to this embodiment, and various modifications are possible, and all technical matters included in the technical idea of the invention described in the scope of claims are targeted.

DESCRIPTION OF SYMBOLS 1 Image forming apparatus 2 Access point 3 Network terminal device 4 ACL (or capability information management) server 5 Personal computer (PC)
6,7 Mobile terminal 8 Network (LAN)
10 NFC token 11,12 NFC-R / W
13 Operation display unit 102 CPU
103 RAM
104 ASIC
106 NIC
107 WLAN
113 IC card 114 RFID
115 NFC-R / W
116 RAM
117 HDD

JP 2008-160173 A JP 2008-131175 A

Claims (10)

A peripheral device comprising an interface for connecting to at least one of a wired LAN and a wireless LAN line and a local interface for connecting using a wireless connection,
Capability information or ACL authority information added to association information held by a device equipped with a short-range wireless communication function based on the access when there is an access from a device device via the local interface. Peripheral device comprising control means for determining the authority to connect to the device or the authority to use the application based on The peripheral device according to claim 1,
The peripheral device characterized in that the control means determines the type of capability information or ACL authority information used for authentication in the authentication information acquisition process. The peripheral device according to claim 2,
The peripheral means characterized in that the control means communicates with authentication information held by itself and a server holding the authentication information. The peripheral device according to claim 3,
The peripheral device characterized in that the control means manages the type of capability information or ACL authority information in association with a registered user. The peripheral device according to claim 3 or 4,
The control means sets a user function restriction by combining a function restriction that can be used by a peripheral device for each capability information or ACL authority information and a function restriction that can be used by the peripheral device for each registered user. machine. A peripheral device according to any one of claims 1 to 5,
The control device performs the determination when using a peripheral device from a program operating on a client computer, and enables communication with the program operating on the client computer. The peripheral device according to any one of claims 1 to 6,
The peripheral device is one of a printer device, a scanner device, a facsimile device, a digital multifunction device having at least two functions of each of these devices, and a personal computer,
A peripheral device, wherein the device device is one of an IC card, an RFID, an NFC-R / W, and a mobile terminal. A network line including either a wired LAN or a wireless LAN line;
The peripheral device according to any one of claims 1 to 7, connected to the network line via the interface;
A network system comprising: A communication processing method for a peripheral device including an interface for connecting to at least one of a wired LAN and a wireless LAN line and a local interface for connecting using a wireless connection,
When a device device accesses the peripheral device via short-range wireless communication via the local interface, a capaciator added to association information held by a device equipped with a short-range wireless communication function based on the access. A communication processing method for a peripheral device, wherein the connection authority to the own apparatus or the application use authority is determined based on the availability information or the ACL authority information. A communication processing control program for executing communication processing control of a peripheral device provided with an interface for connecting to at least one of a wired LAN and a wireless LAN line and a local interface for connection using wireless with a computer ,
When the peripheral device is accessed from a device device by short-range wireless communication via the local interface, and the use of the peripheral device is started based on the access,
Recognizing a token used in the short-range wireless communication of the device device;
Determining the type of token;
Obtaining the token information;
A procedure for determining connection authority or application use authority to the own device based on capability information or ACL authority information added to association information held by the device device;
A communication processing control program comprising:

Images