JP2011138493A - Authentication system, management device, and processing method and program therefor - Google Patents

Authentication system, management device, and processing method and program therefor Download PDF

Info

Publication number
JP2011138493A
JP2011138493A JP2010264251A JP2010264251A JP2011138493A JP 2011138493 A JP2011138493 A JP 2011138493A JP 2010264251 A JP2010264251 A JP 2010264251A JP 2010264251 A JP2010264251 A JP 2010264251A JP 2011138493 A JP2011138493 A JP 2011138493A
Authority
JP
Japan
Prior art keywords
information
user information
storage medium
authentication
image forming
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2010264251A
Other languages
Japanese (ja)
Other versions
JP5659731B2 (en
JP2011138493A5 (en
Inventor
Atsushi Daigo
敦 醍醐
Original Assignee
Canon Software Inc
キヤノンソフトウェア株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to JP2009274898 priority Critical
Priority to JP2009274898 priority
Application filed by Canon Software Inc, キヤノンソフトウェア株式会社 filed Critical Canon Software Inc
Priority to JP2010264251A priority patent/JP5659731B2/en
Publication of JP2011138493A publication Critical patent/JP2011138493A/en
Publication of JP2011138493A5 publication Critical patent/JP2011138493A5/en
Application granted granted Critical
Publication of JP5659731B2 publication Critical patent/JP5659731B2/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Abstract

<P>PROBLEM TO BE SOLVED: To provide a scheme for improving security in using an image formation device by restricting the use of a storage medium to be used for authentication according to the use of an authentication system without using the storage medium to be used for authentication. <P>SOLUTION: A management device communicable with the image formation device receives user information inputted by the formation device, and restricts and sets storage medium information of the storage medium corresponding to the user information so as to restrict the use of the formation device using the storage medium corresponding to the user information according to authentication depending on the received user information. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an authentication system, a management apparatus, a processing method thereof, and a program related to authentication when using an image forming apparatus.

  In recent years, as security awareness in offices has increased, security related to multifunction devices, which are information output parts, has been required.

  Therefore, products and various technologies related to authentication for specifying user information for use in multifunction devices as well as PCs have been devised.

  In particular, recently, due to the high usability, an authentication mechanism using an IC card has been used in multi-function peripherals. As disclosed in Patent Document 1, this authentication mechanism includes keyboard authentication based on a user name and a password so that a user who has forgotten the IC card can log in in addition to the authentication based on the IC card.

JP 2006-99714 A

  By using the above authentication mechanism, it becomes possible to specify the user of the multifunction machine as with the PC. However, although authentication with an IC card has high usability, there is a concern that information may be leaked when the card is lost because the user logs in only by holding the IC card.

  Generally, when an IC card is lost, it is necessary to contact the administrator of the authentication server that manages the IC card and stop the IC card. However, there are users who do not contact immediately after the IC card is lost, which is a security problem. There are users who do not contact immediately after IC card loss, “may have forgotten at home” “may be found soon” “is troublesome to contact the administrator” “no need to take responsibility It comes from various factors such as.

  In addition to the above, when the IC card is lost, the administrator of the authentication server must deal with the loss of the IC card (maintenance of the authentication table of the authentication server), which takes time for the administrator. I got it.

  For this reason, when the IC card is lost, the IC card is less likely to be stopped at an appropriate timing, and there are many cases where there is a risk of information leakage when the IC card is lost.

  Therefore, the present invention provides a mechanism for improving security when using an image forming apparatus by restricting the use of a storage medium used for authentication in accordance with the use of an authentication method that does not use a storage medium used for authentication. The purpose is to do.

  The present invention includes a management apparatus that associates and manages user information for identifying a user, storage medium information of a storage medium used when the image forming apparatus is used, and an image forming apparatus that can log in through authentication. In the authentication system, the image forming apparatus includes a user information acquisition unit that acquires user information according to a user operation, and a user information output unit that outputs the user information acquired by the user information acquisition unit to the management apparatus. The management apparatus includes an image using a user information receiving unit that receives the user information from the image forming apparatus and a storage medium corresponding to the user information in accordance with authentication by the user information received by the user information receiving unit. In order to restrict the use of the forming apparatus, a restriction setting for restricting the storage medium information of the storage medium corresponding to the user information is provided. Characterized in that it comprises a means.

  The management apparatus further includes restriction information output means for outputting first restriction information indicating that restriction is set by the restriction setting means to the image forming apparatus, and the image forming apparatus includes: Restriction information receiving means for receiving the first restriction information; and notification means for notifying the image forming apparatus that use of the storage medium is restricted in accordance with the first restriction information received by the restriction information receiving means. It is further provided with the feature.

  The image forming apparatus further includes a login unit for logging in to the image forming apparatus, and the login unit logs in according to the notification by the notification unit.

  The image forming apparatus further includes a storage medium information output unit that outputs the storage medium information of the storage medium read by the reading unit to the management apparatus, and the restriction information receiving unit is connected to the storage medium from the management apparatus. Receiving the second restriction information indicating that the information is restricted, and the notifying means notifies that the use of the storage medium is restricted in accordance with the second restriction information; The apparatus further comprises storage medium information receiving means for receiving storage medium information from the image forming apparatus, and restriction setting determining means for determining whether or not the storage medium information received by the storage medium information receiving means is restricted. The limit information output means sets the limit of the storage medium information when the limit setting determination means determines that the storage medium information is limit set. And outputting a second restriction information indicating that is.

  In addition, if the management apparatus determines that the storage medium information is not restricted by the restriction setting determination unit, is another storage medium information of the user corresponding to the storage medium information set to be restricted? The image forming apparatus further comprises authentication permission information transmitting means for transmitting authentication permission information including the storage medium information that is restricted and set when there is storage medium information that is restricted and set. An authentication permission information receiving means for receiving the authentication permission information; and a display means for displaying the storage medium information included in the authentication permission information so as to notify that there is a restricted storage medium. It is characterized by.

  In addition, the notifying means notifies that the use of the storage medium is restricted according to the second restriction information, and requests input of user information for releasing the restriction on the use of the storage medium, The image forming apparatus further includes a cancellation request output unit that outputs a cancellation request including the user information input by the notification unit and the storage medium information in order to cancel the restriction on the use of the storage medium. An apparatus includes: a release request receiving unit that receives the release request from the image forming apparatus; and a restriction setting that releases a restriction setting specified according to user information and storage medium information included in the release request received by the release request receiving unit. And a release unit.

  In addition, the management apparatus further includes cancellation information output means for transmitting cancellation information indicating cancellation when the restriction setting is canceled by the restriction setting cancellation means, and the image forming apparatus includes: , Further comprising release information receiving means for receiving the release information, wherein the login means logs in the storage medium in accordance with the release information received by the release information receiving means.

  In addition, the management device further includes a deletion unit that deletes the restricted storage medium information at a predetermined timing.

  Further, the management apparatus and the image forming apparatus are the same casing.

  According to the present invention, security when using an image forming apparatus can be improved by restricting the use of a storage medium used for authentication according to the use of an authentication method that does not use a storage medium used for authentication. .

The figure which shows the structure of the system of embodiment of this invention. The figure which shows the hardware constitutions of client PC100 of embodiment of this invention, and the authentication server 200 1 is a diagram showing a hardware configuration of a multifunction machine 300 according to an embodiment of the present invention. Functional block diagram showing the configuration of the system according to the present invention The flowchart which shows an example of an authentication process in embodiment of this invention. Flowchart 1 showing an example of creation and output of encrypted printing in an embodiment of the present invention Flowchart 2 showing an example of creation and output of encrypted printing in the embodiment of the present invention Flowchart 3 showing an example of creation and output of encrypted printing in the embodiment of the present invention The figure which shows the authentication table managed in the authentication server 200 An image diagram showing an example of a keyboard authentication screen displayed on the touch panel of the multifunction machine 300 An image diagram showing an example of an IC card authentication screen displayed on the touch panel of the multifunction machine 300 An image diagram showing an example of a lockout notification screen displayed on the touch panel of the multifunction machine 300 An image diagram showing an example of a lockout release screen displayed on the touch panel of the multifunction machine 300 An image diagram showing an example of a lockout release error screen displayed on the touch panel of the MFP 300 An image diagram showing an example of a successful lockout release displayed on the touch panel of the multifunction machine 300 The flowchart which shows an example of the authentication process in Embodiment 2 of this invention. The flowchart which shows an example of the lockout card deletion process in Embodiment 2 of this invention. The figure which shows the authentication table managed in the authentication server 200 in Embodiment 2 of this invention. The figure which shows the lockout setting file managed in the authentication server 200 in Embodiment 2 of this invention. An image diagram showing an example of a lockout release screen (when login is successful) displayed on the touch panel of the MFP 300

  Hereinafter, preferred embodiments of an authentication system according to the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a system configuration diagram showing an example of the configuration of the present authentication system using a multifunction machine 300 (image forming apparatus), a card reader 500, an authentication server 200 (management apparatus), and a client PC 100 according to the present invention. The MFP 300, the authentication server 200, and the client PC 100 are connected via a LAN 400 so that each device can communicate.

  The authentication server 200 is an authentication server that holds an IC card number (manufacturing number) used by a user, a user name and a password, and has a function of searching (authenticating) the user from the card number or user name and password of the IC card. is there.

  The multifunction device 300 transmits the card number of the IC card (storage medium used for authentication) read by the card reader 500 (reading unit) to the authentication server 200, and when the authentication is obtained, the IC card with which the authentication is obtained. The user corresponding to (storage medium) logs in to the multifunction device 300 and executes various functions of the multifunction device 300.

  Hereinafter, the hardware configuration of the information processing apparatus applicable to the client PC 100 and the authentication server 200 illustrated in FIG. 1 will be described with reference to FIG.

  In FIG. 2, reference numeral 2001 denotes a CPU that comprehensively controls each device and controller connected to the system bus 2004. Further, the ROM 2003 or the external memory 2011 is necessary to realize a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as an OS) which is a control program of the CPU 2001, and a function executed by each server or each PC. Various programs are stored.

  Reference numeral 2002 denotes a RAM that functions as a main memory, work area, and the like of the CPU 2001. The CPU 2001 implements various operations by loading a program or the like necessary for execution of processing from the ROM 2003 or the external memory 2011 to the RAM 2002 and executing the loaded program.

  An input controller 2005 controls input from a keyboard (KB) 2009 or a pointing device such as a mouse (not shown). A video controller 2006 controls display on a display device such as a CRT display (CRT) 2010. In FIG. 2, although described as CRT2010, the display may be not only a CRT but also other display such as a liquid crystal display. These are used by clients as needed.

  A memory controller 2007 is connected to the hard disk (HD), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, etc. via an adapter. The access to the external memory 2011 such as a compact flash (registered trademark) memory is controlled.

  A communication I / F controller 2008 is connected to and communicates with an external device via a network (for example, the LAN 400 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP is possible.

  Note that the CPU 2001 enables display on the CRT 2010 by executing outline font rasterization processing on a display information area in the RAM 2002, for example. Further, the CPU 2001 enables a user instruction with a mouse cursor (not shown) on the CRT 2010.

  Various programs that operate on the hardware are recorded in the external memory 2011, and are executed by the CPU 2001 by being loaded into the RAM 2002 as necessary. Furthermore, definition files and various information tables used when executing the program are also stored in the external memory 2011.

  Next, the hardware configuration of the controller unit that controls the multifunction peripheral 300 as the information processing apparatus of the present invention will be described with reference to FIG.

  FIG. 3 is a block diagram illustrating a hardware configuration example of the controller unit 5000 of the multifunction machine 300.

  In FIG. 3, a controller unit 5000 is connected to a scanner 5015 functioning as an image input device and a printer 5014 functioning as an image output device, and a local area network such as the LAN 400 shown in FIG. By connecting to a public line (WAN) such as ISDN, image data and device information are input and output.

  As shown in FIG. 3, the controller unit 5000 includes a CPU 5001, a RAM 5006, a ROM 5002, an external storage device (hard disk drive (HDD)) 5007, a network interface (Network I / F) 5003, a modem (Modem) 5004, an operation unit interface ( Operation unit I / F) 5005, external interface (external I / F) 5009, image bus interface (IMAGE BUS I / F) 5008, raster image processor (RIP) 5010, printer interface (printer I / F) 5011, scanner interface (Scanner I / F) 5012, an image processing unit 5013, and the like.

  A CPU 5001 is a processor that controls the entire system.

  A RAM 5006 is a system work memory for the CPU 5001 to operate, and is a program memory for recording a program and an image memory for temporarily storing image data.

The ROM 5002 stores a system boot program and various control programs.

An external storage device (hard disk drive HDD) 5007 stores various programs for controlling the system, image data, and the like.

  An operation unit interface (operation unit I / F) 5005 is an interface unit with the operation unit (UI) 5018, and outputs image data to be displayed on the operation unit 5018 to the operation unit 5018.

  The operation unit I / F 5005 serves to transmit information (for example, user information) input by the system user from the operation unit 5018 to the CPU 5001. Note that the operation unit 5018 includes a display unit having a touch panel, and various instructions can be given by a user pressing (touching with a finger or the like) a button displayed on the display unit.

  A network interface (Network I / F) 5003 is connected to a network (LAN) and inputs / outputs data.

A modem (MODEM) 5004 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  An external interface (external I / F) 5009 is an interface unit that accepts external inputs such as USB, IEEE 1394, printer port, and RS-232C. In the present embodiment, a card reader for reading an IC card required for authentication is used. 500 is connected.

Then, the CPU 5001 can control reading of information from the IC card by the card reader 500 via the external I / F 5009, and can acquire information read from the IC card. Note that the storage medium is not limited to an IC card, and any storage medium that can identify a user may be used. In this case, identification information for identifying the user is stored in the storage medium. This identification information may be a production number of the storage medium or a user code given by the user within the company.
The above devices are arranged on the system bus.

  On the other hand, an image bus interface (IMAGE BUS I / F) 5008 is a bus bridge that connects a system bus 5016 and an image bus 5017 that transfers image data at high speed and converts a data structure.

  The image bus 5017 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 5017.

  A raster image processor (RIP) 5010 develops, for example, vector data such as a PDL code into a bitmap image.

  A printer interface (printer I / F) 5011 connects the printer 5014 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

  A scanner interface (scanner I / F) 5012 connects the scanner 5015 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

  An image processing unit 5013 corrects, processes, and edits input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 5013 performs rotation of image data and compression / decompression processing such as JPEG for binary image data and JBIG, MMR, MH for binary image data.

  A scanner 5015 connected to the scanner I / F 5012 illuminates an image on paper as a document and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 5018, the CPU 5001 gives an instruction to the scanner, and the feeder feeds the original paper one by one to read the original image. I do.

  A printer 5014 connected to the printer I / F 5011 is a part that converts raster image data into an image on paper. The method is an electrophotographic method using a photosensitive drum or a photosensitive belt, and ink is supplied from a micro nozzle array. There is an ink jet method for ejecting and printing an image directly on a sheet, but any method may be used. The printing operation is started in response to an instruction from the CPU 5001. Note that the printer unit 5014 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  An operation unit 5018 connected to the operation unit I / F 5005 includes a liquid crystal display (LCD) display unit. A touch panel sheet is affixed on the LCD and displays a system operation screen. When a displayed key is pressed, the position information is transmitted to the CPU 5001 via the operation unit I / F 5005. The operation unit 5018 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

  Here, the start key of the operation unit 5018 is used when starting a document image reading operation. There are green and red LEDs in the center of the start key, and indicates whether or not the start key can be used depending on the color. The stop key of the operation unit 5018 serves to stop the operation being performed. The ID key of the operation unit 5018 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit 5018.

  A card reader 500 connected to the external I / F 5009 reads information stored in an IC card (for example, Sony FeliCa (registered trademark)) under the control of the CPU 5001, and reads the read information to the external I / F 5009. The CPU 5001 is notified via F5009.

  Next, functions of the client PC 100, the authentication server 200, and the MFP 300 according to the present invention will be described with reference to FIG.

  FIG. 4 is a block diagram showing a schematic configuration of a system according to the embodiment of the present invention. The system according to the embodiment of the present invention has a configuration in which a client PC 100, an authentication server 200, and a multifunction peripheral 300 are connected via a predetermined communication medium capable of bidirectional communication, for example, a LAN 400. A card reader 500 is connected to the multifunction device 300.

Since the operation flow between the respective functions will be described later, an explanation of functional block diagrams described in various terminals will be given here.
First, functional units of the client PC 100 will be described.

The print data generation unit 150 on the client PC can generate print data (job) based on the data received from the application program, and can transmit the print data to the MFP 300 or the like.
Next, functional units of the authentication server 200 will be described.

  The MFP communication unit 250 on the authentication server has a function of receiving an authentication request from the MFP 300 and returning the authentication result of the authentication unit 251 to the MFP 300 again.

  The authentication unit 251 receives an authentication request from the MFP communication unit 250, accesses the authentication table of FIG. 9 managed on the authentication server, and searches for user information associated with the card number or user name and password requested for authentication. The authentication result is returned to the multi-function peripheral communication unit 250.

Further, at the time of keyboard authentication, the card lockout management unit 252 appropriately performs lock / release processing on the card information of the user.
Next, functional units of the multifunction machine 300 will be described.

The card reader control unit 351 on the multifunction peripheral acquires card information (manufacturing number) held over the card reader 500. The authentication server communication unit 352 has a function of transmitting an authentication request to the authentication server 200 using the card number and receiving an authentication result returned from the authentication server 200.

  It is assumed that the authentication unit 350 permits the use of the multifunction device using the user name in accordance with the authentication result returned from the authentication server 200.

  Detailed description of the processing in the present embodiment will be described with reference to the flowcharts of FIGS.

  First, each step will be described with reference to FIG. FIG. 5 is a flowchart illustrating an example of a method (card lockout) for performing keyboard authentication and logging in to the MFP 300 according to the embodiment of this invention.

  Note that in steps S100 to S103 and steps S113 to S120, the CPU 5001 of the multi-function device 300 executes processing of each step, and in steps S104 to S111, the CPU 2001 of the authentication server 200 executes processing of each step.

  In step S100, the authentication unit 350 of the MFP 300 displays a keyboard authentication screen (FIG. 10) and accepts a user name and password.

  In step S101, the authentication unit 350 of the MFP 300 detects that the login button 6000 on the keyboard authentication screen has been pressed.

  In step S102, the authentication unit 350 of the MFP 300 acquires the user name and password input on the keyboard authentication screen of FIG. 10 (acquires user information).

  In step S103, the authentication server communication unit 352 of the MFP 300 transmits an authentication request command to the authentication server 200 (user information output). The authentication request command includes the user name and password acquired in step 102.

  In step S104, the MFP communication unit 250 of the authentication server 200 receives the authentication request command sent from the MFP 300 (accepts user information).

  In step S105, the authentication unit 251 of the authentication server 200 searches (authenticates) whether the user name and password included in the authentication request command acquired in step S104 are included in the authentication table of FIG. If the user exists, the process proceeds to step S106, and if the user does not exist, the process proceeds to step S112.

  In step S106, the authentication unit 251 of the authentication server 200 performs the user information searched in step S105. The user information to be acquired includes the user name, e-mail address, card number of which the lock flag is FALSE (not locked out), etc. in FIG.

  In step S107, the authentication unit 251 of the authentication server 200 includes the card information in the user information acquired in step S106, that is, whether there is a card number that can be used by the user (not locked out). Judging. If the card number is included, the process proceeds to step S108. If the card number is not included, the process proceeds to step S110.

  In step S108, the card lockout management unit 252 of the authentication server 200 sets the lock flag corresponding to the card number searched in step S107 to TRUE (locks out the card) (limit setting). The lockout is to restrict the IC card corresponding to the card number that is locked out. For example, even if it is held over the card reader 500, the authentication is not OK and the MFP 300 cannot be logged in. .

  In this embodiment, lockout will be described. However, not only lockout but also login to the MFP 300 can be performed, but functions available in the MFP 300 can be limited. In this case, authority information (for example, copying is permitted) when the lock flag is TRUE is acquired from the external memory 2011, and the authority information is transmitted to the multi-function apparatus 300. The multifunction device 300 restricts the use of the functions of the multifunction device 300 after login in accordance with the authority information.

  In step S109, the authentication unit 251 of the authentication server 200 acquires the card number locked out in step S108.

  In step S110, the authentication unit 251 of the authentication server 200 generates an authentication OK result command. This command includes the user name and e-mail address acquired in step S106 and the locked-out card number (first restriction information) acquired in step S109. That is, a card number that is restricted so that it cannot be used for login of the MFP 300 is acquired and transmitted in step S111.

  In step S111, the MFP communication unit 250 of the authentication server 200 transmits an authentication result command (authentication OK / authentication NG) to the MFP 300 (output of restriction information).

  In step S112, since authentication could not be performed, the authentication unit 251 of the authentication server 200 generates an authentication NG result command. In the case of authentication NG, the card number is not included or a NULL value is included.

  In step S113, the authentication server communication unit 352 of the MFP 300 receives the authentication result command sent from the authentication server 200 (restriction information reception).

  In step S114, the authentication unit 350 of the MFP 300 analyzes the authentication result command acquired in step S113. In the case of authentication OK, the process proceeds to step S115, and in the case of authentication NG, the process proceeds to step 119.

  In step S115, the authentication unit 350 of the MFP 300 acquires the user information from the authentication result command acquired in step S114. The user information includes a user name and an email address. In addition, when the user's card is locked out, the card number is also included.

  In step S116, the authentication unit 350 of the multifunction peripheral 300 determines whether the user information acquired in step S115 includes card information (card number). If card information is included, the process proceeds to step S117. If card information is not included, the process proceeds to step S120.

  In step S117, the authentication unit 350 of the MFP 300 displays the lockout notification screen of FIG. 12 indicating that the authentication has been performed and that the card has been locked out (indicating that the use of the card has been restricted). Yes (notification). The card number acquired in step S115 is displayed on the screen.

  In step S118, the authentication unit 350 of the MFP 300 detects that the OK button on the lockout notification screen in FIG. 12 has been pressed.

  In step S119, the authentication unit 350 of the MFP 300 displays an authentication error screen (not shown).

  In step S120, the authentication unit 350 of the multifunction device 300 performs a login process for making the multifunction device 300 available to the user, using the user information acquired in step S115. After logging in, the MFP transitions to a function screen such as a copy screen. The login process is realized, for example, by storing in a predetermined area of the RAM 5006 or the HDD 5007 managed by the multifunction machine 300.

  Next, each step will be described with reference to FIGS. 6 to 8 are flowcharts illustrating an example of a method of performing IC card authentication and logging in (and releasing lockout) to the multifunction device 300 according to the embodiment of the present invention.

  In step S200, step S201, step S204 to step S206, and step S215 to step S221 in FIG. 6, the CPU 5001 of the multi-function device 300 executes the process of each step. In steps S207 to S214, the CPU 2001 of the authentication server 200 The process of each step is executed.

  Further, in steps S222 to S225 and steps S236 to S238 in FIG. 7, the CPU 5001 of the multi-function device 300 executes processing of each step, and in steps S226 to S235, the CPU 2001 of the authentication server 200 executes processing of each step. .

  Further, in steps S239 to S245 and steps S255 to S258 in FIG. 8, the CPU 5001 of the multi-function device 300 executes processing of each step, and in steps S246 to S254, the CPU 2001 of the authentication server 200 executes processing of each step. .

  In step S200, the authentication unit 350 of the MFP 300 displays the IC card authentication screen in FIG. 11 and waits for reading of the IC card.

  In step S <b> 201, the card reader control unit 351 of the multifunction machine 300 transmits a card reading start command to the card reader 500. That is, a polling start instruction command for reading the IC card is sent to the card reader 500.

  In step S202, the card reader 500 enters the IC card reading state upon receiving the polling start instruction command in step S201.

  In step S <b> 203, the card reader 500 detects that the IC card is held over and transmits a card event to the multi-function device 300. This card event stores the card number held up. The card number may be a card manufacturing number stored in the IC card, or any number that can be arbitrarily stored in the IC card, a serial card name, etc., for identifying the user. May be.

  In step S <b> 204, the card reader control unit 351 of the multifunction machine 300 receives a card event from the card reader 500.

  In step S205, the authentication unit 350 of the MFP 300 acquires a card number from the card event received in step S204.

  In step S206, the authentication server communication unit 352 of the MFP 300 transmits an authentication request command to the authentication server 200 (storage medium information output). The authentication request command includes the card number acquired in step S205.

  In step S207, the MFP communication unit 250 of the authentication server 200 receives the authentication request command transmitted from the MFP 300 (storage medium information reception).

  In step S208, the authentication unit 251 of the authentication server 200 searches (authenticates) whether the card number included in the authentication request command acquired in step 207 exists in the authentication table of FIG. If the card number is registered, the process proceeds to step S209. If the card number is not registered, the process proceeds to step S211.

  In step S209, the card lockout management unit 252 of the authentication server 200 determines the lock flag of the card number used in step S208 (limit setting determination). If the lock flag is TRUE (lockout), the process proceeds to step S210. If the lock flag is FALSE (not locked out), the process proceeds to step S212.

  In step S210, the card lockout management unit 252 of the authentication server 200 selects a list of card numbers whose lock flag is TRUE among the card numbers associated with the user information hit in step S208, or in step S209. Get card number determined to be locked out. This is called lockout information (second restriction information).

  In step S211, the authentication unit 251 of the authentication server 200 generates an authentication NG result command. If the card is locked out (step S209 is TRUE), the lockout information (second restriction information) generated in step S210 is included in this command. .

  In step S212, the authentication unit 251 of the authentication server 200 acquires the user information searched in step S208. The acquired user information includes a user name and an email address.

  In step S213, the authentication unit 251 of the authentication server 200 generates an authentication OK result command. This command includes the user name and mail address acquired in step S212.

  In step S214, the MFP communication unit 250 of the authentication server 200 transmits an authentication result command (authentication OK / authentication NG) to the MFP 300. That is, lockout information (second restriction information) is output in step S214.

  In step S215, the authentication server communication unit 352 of the MFP 300 receives the authentication result command sent from the authentication server 200 (restriction information reception). That is, lockout information (second restriction information) is accepted in step S215.

  In step S216, the authentication unit 350 of the MFP 300 analyzes the authentication result command acquired in step S215. In the case of authentication OK, the process proceeds to step 217, and in the case of authentication NG, the process proceeds to step 219.

  In step S217, the authentication unit 350 of the MFP 300 analyzes the authentication result command acquired in step S215, and acquires the user information. The user information includes a user name and an email address.

  In step S218, the authentication unit 350 of the multi-function device 300 performs a login process using the user information acquired in step 217. After logging in, the MFP transitions to a function screen such as a copy screen. The login process is the same process as step S120.

  In step S219, the authentication unit 350 of the MFP 300 analyzes the authentication result command acquired in step S215, and determines whether lockout information is included. If lockout information is included (authentication error due to lockout), the process proceeds to step S221. If lockout information is not included, the process proceeds to step S220.

  In step S220, the authentication unit 350 of the MFP 300 displays an authentication error screen (not shown).

  In step S221, the authentication unit 350 of the MFP 300 displays the lockout release screen in FIG. The card number constituting the lockout information is displayed on the screen (notification). If only the card number currently held over the card reader 500 is canceled, the card number acquired in step S205 is displayed (notification). Note that FIG. 13 has an area for prompting the user name, password, and domain to be input to release the lockout (requesting input of user information).

  In step S222, the authentication unit 350 of the MFP 300 detects that the cancel button 6001 on the screen has been pressed. If it has been pressed, the process proceeds to step S200. If not, the process proceeds to step S223.

  In step S223, the authentication unit 350 of the MFP 300 detects that the lockout release button 6002 on the screen has been pressed. If it has been pressed, the process proceeds to step S224. If not pressed, the user waits for instructions.

  In step S224, the authentication unit 350 of the MFP 300 acquires the user name and password input on the lockout release screen in FIG.

  In step S225, the authentication server communication unit 352 of the MFP 300 transmits a lockout release request command to the authentication server 200 (release request output). The lockout release request command includes the user name and password acquired in step S224 and the card number (storage medium information) acquired in step S205.

  In step S226, the MFP communication unit 250 of the authentication server 200 receives the lockout release request command sent from the MFP 300 (release request reception).

  In step S227, the authentication unit 251 of the authentication server 200 searches (authenticates) whether the user name and password included in the lockout release request command acquired in step S226 are included in the authentication table of FIG. If the user exists, the process proceeds to step S228. If the user does not exist, the process proceeds to step S230.

  In step S228, the card lockout management unit 252 of the authentication server 200 determines whether the card number acquired in step S226 is associated with the user searched in step S227. If not tied, the process proceeds to step S230, and if tied, the process proceeds to step S229.

  In step S229, the card lockout management unit 252 of the authentication server 200 determines the lock flag of the card number searched in step S228. When the lock flag is TRUE (during lockout), the process proceeds to step S231, and when the lock flag is FALSE, the process proceeds to step S230.

  In step S230, the authentication unit 251 of the authentication server 200 generates a lockout release failure command.

  In step S231, the card lockout management unit 252 of the authentication server 200 sets the lock flag of the card number searched in step S228 to FALSE (lockout release) (limit setting release). Thereby, the lockout of the card is released.

  In step S232, the authentication unit 251 of the authentication server 200 acquires the user information of the user searched in step 227.

  In step S233, the card lockout management unit 252 of the authentication server 200 acquires the card number of which the lock flag is TRUE (locked out) from the card information associated with the user searched in step S227.

  In step S234, the authentication unit 251 of the authentication server 200 generates a lockout release success command (release information indicating release) indicating lockout. This command includes the user name, e-mail address acquired in step S232, and the locked-out card number acquired in step S233.

  In step S235, the MFP communication unit 250 of the authentication server 200 transmits a lockout release result command to the MFP 300 (release information output).

  In step S236, the authentication server communication unit 352 of the MFP 300 receives the lockout release result command sent from the authentication server 200 (reception information reception).

  In step S236-2, the authentication unit 350 of the MFP 300 analyzes the lockout release result command acquired in step S236. If the release is successful, the process proceeds to step S238. If the release is unsuccessful, the process proceeds to step S237.

  In step S237, the authentication unit 350 of the MFP 300 displays the lockout release error screen in FIG. This screen configuration is the same as the lockout release screen of FIG. 13, and the lockout process can be canceled or retried.

  In step S238, the authentication unit 350 of the MFP 300 displays the lockout release success screen in FIG. The locked card number acquired in step S236 is displayed on the screen.

  Here, it is also possible to continue the card lockout release. In this case, the lockout release request command is transmitted by holding the card of the card number displayed on the lockout release success screen in FIG. 15 over the card reader 500. Thus, even for a user who uses a plurality of cards, the lockout can be released by inputting the user information once instead of inputting the user name for each card. This process is described as a process after step S242.

  In step S239, the authentication unit 350 of the MFP 300 detects that the return button 6003 on the lockout release success screen in FIG. 15 is pressed. If it has been pressed, the process proceeds to step S200.

  In step S240, the authentication unit 350 of the MFP 300 detects that the login button 6004 on the lockout cancellation success screen in FIG. 15 has been pressed. If it has been pressed, the process proceeds to step S241.

  In step S241, the authentication unit 350 of the MFP 300 performs a login process using the user information acquired in step S236. After logging in, the MFP transitions to a function screen such as a copy screen. The process of step S241 is the same process as steps S120 and S218.

  In step S <b> 242, the card reader control unit 351 of the multi-function peripheral 300 waits until a card event is received from the card reader 500. If an event has been received, the process proceeds to step S243.

  In step S 243, the card reader control unit 351 of the multifunction device 300 receives a card event from the card reader 500.

  In step S244, the authentication unit 350 of the MFP 300 acquires a card number from the card event received in step S243.

  In step S245, the authentication server communication unit 352 of the multifunction machine 300 transmits a lockout release request command to the authentication server 200. The lockout release request command includes the user name and password acquired in step S224 and the card number acquired in step 244.

  In step S246, the multifunction device communication unit 250 of the authentication server 200 receives the lockout release request command sent from the multifunction device 300.

  In step S247, the authentication unit 251 of the authentication server 200 searches (authenticates) whether the user name and password included in the lockout release request command acquired in step S246 are included in the authentication table of FIG. If the user exists, the process proceeds to step S248, and if the user does not exist, the process proceeds to step S249-2.

  In step S248, the card lockout management unit 252 of the authentication server 200 determines whether the card number acquired in step S246 is associated with the user searched in step S247. When it is not tied, it progresses to step S259, and when it is tied, it progresses to step S249.

  In step S249, the card lockout management unit 252 of the authentication server 200 determines the lock flag of the card number searched in step S248. When the lock flag is TRUE (during lockout), the process proceeds to step S249, and when the lock flag is FALSE, the process proceeds to step S249-2.

  In step S249-2, the authentication unit 251 of the authentication server 200 generates a lockout release failure command.

  In step S250, the card lockout management unit 252 of the authentication server 200 sets the lock flag of the card number searched in step S248 to FALSE (lockout release).

  In step S251, the authentication unit 251 of the authentication server 200 acquires the user information of the user searched in step S247.

  In step S252, the card lockout management unit 252 of the authentication server 200 acquires the card number whose lock flag is TRUE (locked out) from the card information associated with the user information searched in step S247. .

  In step S253, the authentication unit 251 of the authentication server 200 generates a lockout release success command. This command includes the user name, e-mail address acquired in step S247, and the locked-out card number acquired in step S252.

  In step S254, the multifunction device communication unit 250 of the authentication server 200 transmits a lockout release result command to the multifunction device 300.

  In step S <b> 255, the authentication server communication unit 352 of the MFP 300 receives the lockout release result command sent from the authentication server 200.

  In step S256, the authentication unit 350 of the MFP 300 analyzes the lockout release result command acquired in step S236. If the release is successful, the process proceeds to step S257, and if the release is unsuccessful, the process proceeds to step S258.

  In step S257, the authentication unit 350 of the MFP 300 displays the lockout release success screen in FIG. The locked-out card number acquired in step S255 is displayed on the lockout release success screen.

  In step S258, the authentication unit 350 of the MFP 300 displays the lockout release error screen in FIG. This screen configuration is the same as the lockout release in FIG. 13, and the lockout process can be canceled or retried.

  5 to 8, a list of print data matching the user name of the logged-in user stored in the HDD 5007 of the multi-function device 300 is displayed.

  In the present embodiment, the authentication server 200 is configured as a separate unit from the multifunction device 300, but the function of the authentication server 200 may be provided in the multifunction device 300. In this case, an authentication table is stored in the HDD 5007 of the multi-function device 300, and authentication processing, lockout, and lockout release processing are performed. That is, the present embodiment can also be realized by making the authentication server 200 and the multifunction machine 300 the same housing. Further, when the authentication server 200 and the multifunction device 300 are the same, the multifunction device 300 executes the processing of the authentication server 200 in FIGS.

  Next, the authentication table of FIG. 9 stored in the external memory 2011 of the authentication server 200 will be described.

  The authentication table has a user name, password, card information, and mail address. Note that authority information for restricting functions that can be used by the MFP 300 may be included.

The card information stores one or more card numbers used by the user and has a lock flag for determining whether or not to use the IC card. The use of the card is restricted by setting this lock flag to TRUE or FALSE (limit setting). Further, a card name or the like may be registered corresponding to each card number.
Next, FIGS. 10 to 15 will be described.

  10 to 15 are screen examples displayed on the panel of the operation unit 5018 of the multifunction machine 300.

  FIG. 10 is a keyboard authentication screen that allows a user name, password, and domain to be input in accordance with a user instruction. A button for switching between IC card authentication and keyboard authentication is provided. A screen for executing IC card authentication is shown in FIG.

  FIG. 11 shows an IC card authentication screen, which is displayed by default on the operation unit 5018 of the multifunction machine 300.

  FIG. 12 shows a lockout notification screen, which is displayed when keyboard authentication is successful. On the lockout notification screen, a locked out card number, a card name, and the like are displayed.

  FIG. 13 is a lockout release screen, which is displayed when IC card authentication is performed. On the lockout release screen, the card number and card name of the IC card held over the card reader 500 are displayed. In addition, a user name, a password, and a domain that are input to release the lockout can be input.

  FIG. 14 is a lockout cancellation error screen indicating that the lockout could not be performed. The user name, password, and domain can be input again.

  FIG. 15 is a lockout release success screen, showing that the lockout has been released. Further, the card number and card name of the IC card whose lockout is not released are displayed on the lockout release success screen.

  As described above, according to the present embodiment, the use of the storage medium used for authentication is restricted according to the use of the authentication method (for example, keyboard authentication) that does not use the storage medium (for example, IC card) used for authentication. By doing so, security when using the image forming apparatus (multifunction machine) can be improved.

  When there is a possibility of IC card loss, the burden on the administrator of authentication server 200 can be reduced by easily stopping (locking out) the user's IC card at an appropriate timing.

  Further, even when an IC card is found, the burden on the administrator of the authentication server 200 can be reduced by easily releasing the IC card from being stopped (lockout is released).

  That is, it is possible to provide an authentication system with high security by easily locking out and unlocking the IC card at an appropriate timing.

It should be noted that the configuration and contents of the various data described above are not limited to this, and it goes without saying that the various data and configurations are configured according to the application and purpose.
Next, Embodiment 2 according to the present invention will be described.

  In the first embodiment, the mechanism for locking out the user's card when performing keyboard authentication has been described.

  In the second embodiment, in addition to the first embodiment, when the IC card authentication is successful, there is a lock when there is a card locked out by another IC card of the user associated with the card information of the IC card that has been successfully authenticated. A mechanism for notifying card information of an out card and a mechanism for deleting the card information from the server when the card information has been locked out for a certain period of time will be described.

  Hereinafter, embodiments of the present invention will be described in detail with reference to FIGS.

  9 in the first embodiment is replaced with FIG. FIG. 16 is a process in place of FIG. 6 in the first embodiment. Processes that are not specified are the same as those in the first embodiment, and a description thereof is omitted.

  FIG. 20 is a lockout release screen (when authentication is successful) displayed in the second embodiment, but is a screen having the same processing as in FIG. 15 of the first embodiment. Accordingly, the processing after step S307 is step S239 of the first embodiment.

  First, authentication processing in the embodiment of the present invention will be described with reference to FIG.

  In step S300, the card lockout management unit 252 of the authentication server 200 acquires a list of card numbers whose lockout flag is TRUE among the card numbers associated with the user information hit in step S208.

  In step S301, the authentication unit 251 of the authentication server 200 generates an authentication OK result command. This command includes a list of the user name and mail address acquired in step S212 and the lockout card number acquired in step S300.

  In step S302, the MFP communication unit 250 of the authentication server 200 transmits an authentication result command (authentication OK / authentication NG) to the MFP 300 (authentication permission information transmission).

  In step S303, the authentication server communication unit 352 of the MFP 300 receives the authentication result command transmitted from the authentication server 200 (receives authentication permission information). That is, in the second embodiment, even when authentication is successful, a list of the lockout card numbers of the user is sent.

  In step S304, the authentication unit 350 of the MFP 300 analyzes the authentication result command acquired in step S303, and determines whether authentication is OK or authentication NG. In the case of authentication OK, the process proceeds to step 305, and in the case of authentication NG, the process proceeds to step 219.

  In step S305, the authentication unit 350 of the MFP 300 analyzes the authentication result command acquired in step S303, and acquires the user information. The user information includes a list of user names, e-mail addresses, and lockout card numbers.

  In step S306, the authentication unit 350 of the MFP 300 determines whether the lockout card number list information is included in the user information acquired in step S305. If the lockout card number is included, the process proceeds to step S307. If the lockout card number is not included, that is, if there is no locked card information associated with the user information, the process proceeds to step S218.

  In step S307, the authentication unit 350 of the MFP 300 displays the lockout release screen (when authentication is successful) in FIG. The locked card number acquired in step S305 is displayed on the screen (the storage medium information included in the authentication permission information is displayed).

  Next, the lockout card deletion process according to the embodiment of the present invention will be described with reference to FIG.

  Note that the processing in FIG. 17 is performed, for example, at a timing (predetermined time) when the day changes.

  In step S400, the card lockout management unit 252 of the authentication server 200 acquires the lockout setting file shown in FIG. The lockout setting file contains a lockout deletion flag that determines whether or not to delete the card if the lockout state continues for a certain period of time, and the lockout valid days that determine the number of days until deletion. .

  In step S401, the card lockout management unit 252 of the authentication server 200 acquires the lockout deletion flag described in the lockout setting file acquired in step S400. If the flag is TRUE, the process proceeds to step S402, and if it is FALSE, the process ends. If it is FALSE, that is, the lockout card deletion process is not performed.

  In step S402, the card lockout management unit 252 of the authentication server 200 acquires the current date and time registered in the system.

  In step S403, the card lockout management unit 252 of the authentication server 200 calculates the deletion target date and time by subtracting the lockout valid days acquired in step S400 from the current date and time acquired in step S402.

  In step S404, the card lockout management unit 252 acquires one record of card information from the authentication table of FIG.

  In step S405, the card lockout management unit 252 determines whether the lockout date / time of the card information acquired in step S404 is earlier than the deletion target date / time, and determines whether the card information is to be deleted. That is, it is determined whether or not a predetermined time has elapsed since the lockout. If it is determined that the card information is to be deleted, the process proceeds to step S406. If it is determined that the card information is not to be deleted, the process proceeds to step S407.

  In step S406, the card lockout management unit 252 deletes the card information record determined to be deleted from the authentication table of FIG.

  In step S407, the card lockout management unit 252 determines whether there is still card information in the authentication table of FIG. 18 that has not been determined whether the card information is to be deleted. If there is card information, the process proceeds to step S404. If all card information has been processed, it is determined that there is no card information, and this process ends.

  According to the present embodiment, image formation is performed by restricting the use of the storage medium used for authentication according to the use of the authentication method (for example, keyboard authentication) that does not use the storage medium (for example, IC card) used for authentication. Security when using the device (multifunction device) can be improved.

  In addition, since the card locked out for a predetermined time can be deleted, security when using the image forming apparatus (multifunction machine) can be improved.

  Furthermore, for example, in an environment where one person has multiple cards, authentication can be performed by IC card authentication. If there is an IC card that is locked out other than the authenticated IC card, log in immediately. Therefore, since the screen that enables the lockout to be released is displayed, the input of user information in the keyboard authentication is reduced, and the lockout process can be performed efficiently.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  The program according to the present invention is a program that allows a computer to execute the processing methods of the flowcharts shown in FIGS. 5 to 8. Is remembered. The program in the present invention may be a program for each processing method of each apparatus in FIGS.

  As described above, a recording medium that records a program that implements the functions of the above-described embodiments is supplied to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus stores the program stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by executing the reading.

  In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

  As a recording medium for supplying the program, for example, flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, silicon A disk, solid state drive, or the like can be used.

  Further, by executing the program read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) operating on the computer based on an instruction of the program is actually It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the processing and the processing is included.

  Furthermore, after the program read from the recording medium is written to the memory provided in the function expansion board inserted into the computer or the function expansion unit connected to the computer, the function expansion board is based on the instructions of the program code. It goes without saying that the case where the CPU or the like provided in the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

  Furthermore, by downloading and reading a program for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention.

  In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

100 Client PC100
200 Authentication server 300 Multi-function machine 400 LAN
500 Card reader 2001 CPU
2002 RAM
2011 External memory 5001 CPU
5006 RAM
5007 HDD
5018 Operation unit

Claims (14)

  1. An authentication system including a management apparatus that associates and manages user information for identifying a user, storage medium information of a storage medium used when the image forming apparatus is used, and an image forming apparatus that can log in through authentication. And
    The image forming apparatus includes:
    User information acquisition means for acquiring user information in accordance with a user operation;
    User information output means for outputting the user information acquired by the user information acquisition means to the management device;
    The management device
    User information receiving means for receiving the user information from the image forming apparatus;
    According to the authentication by the user information received by the user information receiving means, the storage medium information of the storage medium corresponding to the user information is set to be restricted in order to restrict the use of the image forming apparatus using the storage medium corresponding to the user information. An authentication system comprising: restriction setting means for performing
  2. The management device
    A restriction information output means for outputting first restriction information indicating that the restriction setting means is set to the image forming apparatus;
    The image forming apparatus includes:
    Restriction information receiving means for receiving the first restriction information from the management device;
    2. The authentication according to claim 1, further comprising notification means for notifying the image forming apparatus that use of a storage medium is restricted in accordance with the first restriction information received by the restriction information receiving means. system.
  3. The image forming apparatus includes:
    A log-in means for logging in to the image forming apparatus;
    The authentication system according to claim 2, wherein the login unit logs in according to the notification by the notification unit.
  4. The image forming apparatus includes:
    A storage medium information output means for outputting storage medium information of the storage medium read by the reading means to the management device;
    The restriction information accepting unit accepts second restriction information indicating that the storage medium information is restricted from the management device,
    The notifying means notifies that the use of the storage medium is restricted according to the second restriction information,
    The management device
    Storage medium information receiving means for receiving storage medium information from the image forming apparatus;
    A restriction setting determination means for determining whether or not the storage medium information received by the storage medium information reception means is restricted;
    When it is determined that the storage medium information is restricted by the restriction setting determination means, the restriction information output means outputs second restriction information indicating that the storage medium information is restricted. The authentication system according to claim 3, wherein:
  5. The management device
    When it is determined that the storage medium information is not restricted by the restriction setting determination unit, it is determined whether or not the other storage medium information of the user corresponding to the storage medium information is restricted. An authentication permission information transmitting unit configured to transmit authentication permission information including the storage medium information set to be restricted when there is storage medium information set;
    The image forming apparatus includes:
    Authentication permission information receiving means for receiving the authentication permission information;
    5. The authentication system according to claim 4, further comprising display means for displaying storage medium information included in the authentication permission information in order to notify that there is a restricted storage medium.
  6. The notifying means notifying that the use of the storage medium is restricted according to the second restriction information, and requesting input of user information for releasing the restriction of the use of the storage medium;
    The image forming apparatus includes:
    A release request output means for outputting a release request including the user information input by the notification means and the storage medium information in order to release the restriction on the use of the storage medium;
    The management device
    Cancellation request receiving means for receiving the cancellation request from the image forming apparatus;
    6. The authentication according to claim 4 or 5, further comprising restriction setting releasing means for releasing the restriction setting specified according to the user information and the storage medium information included in the cancellation request received by the cancellation request receiving means. system.
  7. The management device
    When the restriction setting is released by the restriction setting releasing means, the apparatus further comprises release information output means for transmitting release information indicating that the restriction setting has been released,
    The image forming apparatus includes:
    The apparatus further comprises release information receiving means for receiving the release information from the management device,
    The authentication system according to claim 6, wherein the login unit logs in using the storage medium in accordance with the cancellation information received by the cancellation information reception unit.
  8. The management device
    8. The authentication system according to claim 1, further comprising a deletion unit that deletes the restricted storage medium information at a predetermined timing.
  9.   The authentication system according to claim 1, wherein the management apparatus and the image forming apparatus are the same casing.
  10. Communication with an image forming apparatus capable of logging in by authentication, comprising user information acquisition means for acquiring user information in accordance with a user operation and user information output means for outputting user information acquired by the user information acquisition means to a management apparatus A management device that associates and manages user information for identifying a user and storage medium information of a storage medium used when the image forming apparatus is used,
    User information receiving means for receiving the user information from the image forming apparatus;
    According to the authentication by the user information received by the user information receiving means, the storage medium information of the storage medium corresponding to the user information is set to be restricted in order to restrict the use of the image forming apparatus using the storage medium corresponding to the user information. And a restriction setting unit.
  11. Processing of an authentication system including user information for identifying a user, a management device that associates and manages storage medium information of a storage medium used when the image forming apparatus is used, and an image forming apparatus that can log in through authentication A method,
    The image forming apparatus includes:
    A user information acquisition step of acquiring user information in accordance with a user operation;
    Executing the user information output step of outputting the user information acquired in the user information acquisition step to the management device;
    The management device is
    A user information receiving step for receiving the user information from the image forming apparatus;
    According to the authentication by the user information received in the user information receiving step, the storage medium information of the storage medium corresponding to the user information is set to be restricted in order to restrict the use of the image forming apparatus using the storage medium corresponding to the user information. And a restriction setting step.
  12. Communication with an image forming apparatus capable of logging in by authentication, comprising user information acquisition means for acquiring user information in accordance with a user operation and user information output means for outputting user information acquired by the user information acquisition means to a management apparatus A management apparatus processing method for managing user information for identifying a user and storage medium information of a storage medium used when using an image forming apparatus in association with each other,
    The management device is
    A user information receiving step for receiving the user information from the image forming apparatus;
    According to the authentication by the user information received in the user information receiving step, the storage medium information of the storage medium corresponding to the user information is set to be restricted in order to restrict the use of the image forming apparatus using the storage medium corresponding to the user information. And a restriction setting step.
  13. Executed in an authentication system including a management device that associates and manages user information for identifying a user, storage medium information of a storage medium used when the image forming apparatus is used, and an image forming apparatus that can log in through authentication A possible program,
    The image forming apparatus;
    User information acquisition means for acquiring user information in accordance with a user operation;
    Function as user information output means for outputting the user information acquired by the user information acquisition means to the management device;
    The management device,
    User information receiving means for receiving the user information from the image forming apparatus;
    According to the authentication by the user information received by the user information receiving means, the storage medium information of the storage medium corresponding to the user information is set to be restricted in order to restrict the use of the image forming apparatus using the storage medium corresponding to the user information. A program that functions as a restriction setting unit.
  14. Communication with an image forming apparatus capable of logging in by authentication, comprising user information acquisition means for acquiring user information in accordance with a user operation and user information output means for outputting user information acquired by the user information acquisition means to a management apparatus A program that can be executed by a management apparatus that associates and manages user information for identifying a user and storage medium information of a storage medium used when using the image forming apparatus,
    The management device,
    User information receiving means for receiving the user information from the image forming apparatus;
    According to the authentication by the user information received by the user information receiving means, the storage medium information of the storage medium corresponding to the user information is set to be restricted in order to restrict the use of the image forming apparatus using the storage medium corresponding to the user information. A program that functions as a restriction setting unit.
JP2010264251A 2009-12-02 2010-11-26 Authentication system, management apparatus, information processing apparatus, processing method thereof, and program Active JP5659731B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2009274898 2009-12-02
JP2009274898 2009-12-02
JP2010264251A JP5659731B2 (en) 2009-12-02 2010-11-26 Authentication system, management apparatus, information processing apparatus, processing method thereof, and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2010264251A JP5659731B2 (en) 2009-12-02 2010-11-26 Authentication system, management apparatus, information processing apparatus, processing method thereof, and program

Publications (3)

Publication Number Publication Date
JP2011138493A true JP2011138493A (en) 2011-07-14
JP2011138493A5 JP2011138493A5 (en) 2013-12-05
JP5659731B2 JP5659731B2 (en) 2015-01-28

Family

ID=44349803

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2010264251A Active JP5659731B2 (en) 2009-12-02 2010-11-26 Authentication system, management apparatus, information processing apparatus, processing method thereof, and program

Country Status (1)

Country Link
JP (1) JP5659731B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018027700A (en) * 2017-09-25 2018-02-22 キヤノンマーケティングジャパン株式会社 Image forming apparatus, control method thereof, and program

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4012A (en) * 1845-04-26 Improvement in electrographic printing
JPH01173187A (en) * 1987-12-28 1989-07-07 Oki Electric Ind Co Ltd Maintenance system for missing card
JPH0378871A (en) * 1989-08-23 1991-04-04 Hitachi Ltd Card processing system
JPH06139432A (en) * 1992-10-22 1994-05-20 Omron Corp Automatic transaction device with lost card processing function
JP2003272037A (en) * 2002-03-13 2003-09-26 Fukiage Fuji Jihanki Kk Vending machine, sales system of vending machine and storage medium
JP2004094409A (en) * 2002-08-29 2004-03-25 Toppan Printing Co Ltd Card use registering device, card use managing device, card use management method, and card use managing program
JP2005173633A (en) * 2003-01-21 2005-06-30 Chiteki Zaisan Kaihatsu Kenkyu Kiko:Kk Unauthorized use prevention system
WO2006024991A1 (en) * 2004-08-30 2006-03-09 Koninklijke Philips Electronics N.V. A method and system of authenticating access to a domain using a user identify card
JP2006099714A (en) * 2004-09-03 2006-04-13 Canon Sales Co Inc Information processor, print management server, printer, document reader, print system, print data transmission method, print management method, printing method, printer driver program, program and recording medium
JP2009199235A (en) * 2008-02-20 2009-09-03 Ricoh Co Ltd Image processing apparatus, authentication method, authentication program and recording medium

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4012A (en) * 1845-04-26 Improvement in electrographic printing
JPH01173187A (en) * 1987-12-28 1989-07-07 Oki Electric Ind Co Ltd Maintenance system for missing card
JPH0378871A (en) * 1989-08-23 1991-04-04 Hitachi Ltd Card processing system
JPH06139432A (en) * 1992-10-22 1994-05-20 Omron Corp Automatic transaction device with lost card processing function
JP2003272037A (en) * 2002-03-13 2003-09-26 Fukiage Fuji Jihanki Kk Vending machine, sales system of vending machine and storage medium
JP2004094409A (en) * 2002-08-29 2004-03-25 Toppan Printing Co Ltd Card use registering device, card use managing device, card use management method, and card use managing program
JP2005173633A (en) * 2003-01-21 2005-06-30 Chiteki Zaisan Kaihatsu Kenkyu Kiko:Kk Unauthorized use prevention system
WO2006024991A1 (en) * 2004-08-30 2006-03-09 Koninklijke Philips Electronics N.V. A method and system of authenticating access to a domain using a user identify card
JP2006099714A (en) * 2004-09-03 2006-04-13 Canon Sales Co Inc Information processor, print management server, printer, document reader, print system, print data transmission method, print management method, printing method, printer driver program, program and recording medium
JP2009199235A (en) * 2008-02-20 2009-09-03 Ricoh Co Ltd Image processing apparatus, authentication method, authentication program and recording medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018027700A (en) * 2017-09-25 2018-02-22 キヤノンマーケティングジャパン株式会社 Image forming apparatus, control method thereof, and program

Also Published As

Publication number Publication date
JP5659731B2 (en) 2015-01-28

Similar Documents

Publication Publication Date Title
JP4555038B2 (en) Network system, usage authority determination method, network device, program, and recording medium
US7730490B2 (en) System with user access-control information having signature and flow setting information for controlling order of performance of functions
JP3992050B2 (en) Image processing apparatus, control method therefor, and computer program
JP4095639B2 (en) Image processing apparatus and image processing apparatus control method
KR100841159B1 (en) Data transmission apparatus, control method therefor, and image input/output apparatus
EP3462350A1 (en) Data communication system, device, and method
AU747496B2 (en) System and method for authentication of a user of a multi-function peripheral
US20060026434A1 (en) Image forming apparatus and image forming system
JP4429966B2 (en) Image forming job authentication system and image forming job authentication method
JP2007149015A (en) Data processor, data processing method, and program
US8223376B2 (en) Image forming apparatus performing image formation on print data, image processing system including plurality of image forming apparatuses, print data output method executed on image forming apparatus, and print data output program product
EP1630677A1 (en) Maintenance mediation apparatus, maintenance target apparatus maintenance method, and maintenance system
JP4618317B2 (en) Image forming apparatus
JP4823992B2 (en) Print control system, printing apparatus, print management server, print control method, and program
JP4687744B2 (en) Image forming apparatus and image forming system
JP4298371B2 (en) Image forming apparatus, program activation method in the apparatus, image forming system, program thereof, and storage medium
JP2011244354A (en) Job history information auditing system, information processing apparatus, printer, and auditing method
JP4518287B2 (en) Information processing system, information processing apparatus, first authentication server, control method, program, information processing method, information processing program
US8056140B2 (en) Multifunction peripheral and method for controlling the same
US8896856B2 (en) Image processing apparatus, control method therefor, and storage medium
JP4826265B2 (en) Security policy assigning apparatus, program, and method
JP4379499B2 (en) Image output authentication system, image output authentication server, and image output authentication method
US20030117640A1 (en) System and method for secure printing
JP4079159B2 (en) Facsimile apparatus, facsimile transmission processing method, and reception processing method
US9075550B2 (en) Printing apparatus, printing method, and storage medium

Legal Events

Date Code Title Description
A711 Notification of change in applicant

Free format text: JAPANESE INTERMEDIATE CODE: A712

Effective date: 20110401

A711 Notification of change in applicant

Free format text: JAPANESE INTERMEDIATE CODE: A711

Effective date: 20120130

RD02 Notification of acceptance of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7422

Effective date: 20120130

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20130531

RD03 Notification of appointment of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7423

Effective date: 20130531

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20130919

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20131017

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20140430

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20140520

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20140722

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20141104

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20141117

R150 Certificate of patent or registration of utility model

Ref document number: 5659731

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313115

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313115

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250