JP2011227818A - Equipment management device, equipment management method, equipment management program, and recording medium with the program recorded thereon - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an equipment management device capable of shortening the processing time of equipment authentication and of improving the performance of an equipment management function, an equipment management method and an equipment management program, and a recording medium with the program recorded thereon.SOLUTION: The equipment management device 100 manages equipment 200 and includes: means 22 for managing equipment management information 31D, for which equipment identification information and group identification information are made to correspond; means 23 for managing authentication management information 32D, for which the group identification information and two or more pieces of authentication information 10 are made to correspond; and means 21 for controlling the execution of requested equipment management processing. When the equipment management processing is requested, the management means 22 acquires the group identification information from the equipment management information 31D on the basis of the equipment identification information. When the request is made, the management means 23 acquires the authentication information 10 of an authentication candidate from the authentication management information 32D on the basis of the acquired group identification information, and the control means 21 authenticates the equipment on the basis of the acquired authentication information 10 and executes the equipment management processing using the successful authentication information 10.

Description

  The present invention relates to a device management apparatus that manages one or a plurality of devices connected via a data transmission path, and in particular, a technology for performing access authentication (device authentication) on a device and performing remote device management processing. It is about.

  A device management system that acquires device information from one or more devices connected to a network or the like and manages devices based on the acquired information is already known. For example, Patent Document 1 discloses a monitoring device that acquires various information by polling processing from an image processing device such as an MFP (Multifunction Peripheral) or LP (Laser Printer) connected via a network, and monitors the image processing device. Is disclosed.

  In recent years, devices that are shared and used in office environments such as image processing devices have been accessed over a network for the purpose of preventing information leakage from the device to third parties (for the purpose of ensuring confidentiality). Some require device authentication.

  Therefore, in order to acquire device information, the device management apparatus requests device authentication based on the authentication information for the device to be managed (managed device), and the result of successful device authentication (success) Certification result) must be obtained.

  Also, since device authentication can be set for each communication protocol, device authentication must be requested based on communication protocol authentication information used for access. Furthermore, since device authentication can be set for each device, device authentication must be requested based on device authentication information.

  For this reason, in the device management apparatus, for example, a plurality of authentication information set for each communication protocol is set as one information set, and this information set is managed as authentication management information for each device.

  However, in this information management method, every time the device authentication setting is changed, the contents of the corresponding authentication management information must be changed. This is a complicated task for the administrator. Moreover, there is a risk of failure to access the device due to a time lag in information update timing.

  Therefore, the device management apparatus simplifies information management by registering a plurality of authentication information (authentication candidate information) in advance, and trying to perform device authentication on the device based on these authentication information. Yes.

  However, the conventional device management method attempts to authenticate a single device by the number of registered authentication information, so that there is a problem that authentication processing takes time when there are many devices to be managed. It was. As a result, in the conventional device management method, device management processing such as device information acquisition and device setting that requires access to the device takes time, and the performance of the device management function may be degraded. It is done.

  The present invention has been proposed in view of the above-described problems of the prior art, and the object of the present invention is to reduce the device authentication processing time and improve the performance of the device management function, the device management device, the device management method, An object is to provide a device management program and a recording medium on which the program is recorded.

  In order to achieve the above object, an apparatus management apparatus according to the present invention is an apparatus management apparatus that manages one or a plurality of apparatuses connected by a predetermined data transmission path, and is held in a storage device included in the apparatus. A device management information management means for managing device management information in which device identification information for identifying the device and group identification information for identifying a group to which the device belongs are associated with each other; Authentication management information management means for managing authentication management information in which group identification information and a plurality of authentication information assigned to a group are associated with each other; and equipment management control means for controlling execution of requested equipment management processing. The device management information management means refers to the device management information based on the device identification information at the time of the request. The group identification information associated with the device identification information at the time of request is acquired, and the authentication management information management means refers to the authentication management information based on the acquired group identification information, and includes the acquired group identification information. A plurality of associated authentication information is acquired as an authentication candidate to be tried at the time of device authentication, and the device management control means performs device authentication using a predetermined communication protocol based on the plurality of authentication information acquired as an authentication candidate. And performing the device management process using authentication information that has been successfully authenticated.

  With such a configuration, the device management apparatus according to the present invention manages authentication information that is assumed to be set in a device separately for each group to which the device belongs, and the range of authentication information (limited) divided for each group. Device authentication is attempted within the range of authentication candidates), and the requested device management process is executed using the authentication information that has been successfully authenticated.

  Thus, in the device management apparatus according to the present invention, the range of authentication information to be tried for one device at the time of device authentication is limited to the range of authentication information assigned to the group to which the device belongs. That is, the authentication candidates used when attempting device authentication are limited to authentication information that is assumed to be set for devices belonging to the group. As a result, the device management apparatus can reduce the number of device authentication challenges, shorten the device authentication processing time, and improve the performance of the device management function even when there are many devices to be managed.

  In order to achieve the above object, a device management method according to the present invention is connected to one or a plurality of devices via a predetermined data transmission path, and identifies device identification information for identifying the device and a group to which the device belongs. A storage device holding device management information associated with group identification information to be associated with, and authentication management information associated with a plurality of authentication information assigned to the group identification information and a group, A device management method in a device management apparatus to be managed, and when a device management process is requested remotely to the device, the storage device is accessed based on device identification information at the time of request, and the device management information is referred to The group identification information acquisition procedure for acquiring the group identification information associated with the device identification information at the time of the request and the group identification information acquisition procedure Authentication that accesses the storage device based on the group identification information, refers to the authentication management information, and acquires a plurality of authentication information associated with the acquired group identification information as authentication candidates to be tried at the time of device authentication Based on a candidate acquisition procedure and a plurality of authentication information acquired as authentication candidates by the authentication candidate acquisition procedure, the device is accessed using a predetermined communication protocol, and device authentication is performed, and the authentication information that has been successfully authenticated. And a device management control procedure for executing the device management process.

  By such a procedure, the device management method according to the present invention manages authentication information that is assumed to be set in the device separately for each group to which the device belongs, and the range of authentication information (limited) divided for each group. Device authentication is attempted within the range of authentication candidates), and the requested device management process is executed using the authentication information that has been successfully authenticated.

  Thus, the device management method according to the present invention can shorten the device authentication processing time and provide a device management environment with high processing performance.

  According to the present invention, authentication information assumed to be set in a device is managed separately for each group to which the device belongs, and device authentication is attempted within the range of authentication information divided for each group, and device authentication is successful. Device management apparatus, device management method, device management program, and program for shortening device authentication processing time and improving device management function performance by executing requested device management processing using authentication information Can be provided.

It is a figure which shows the structural example of the apparatus management system which concerns on the 1st Embodiment of this invention. It is a figure which shows the hardware structural example of the apparatus management apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the operation example of the device authentication performed with a device management apparatus. It is a figure which shows the structural example of the apparatus management function which concerns on the 1st Embodiment of this invention. It is a figure which shows the example of data of the apparatus management information which concerns on the 1st Embodiment of this invention. It is a figure which shows the example of data of the authentication management information which concerns on the 1st Embodiment of this invention. It is a sequence diagram which shows the example of a process sequence of apparatus information acquisition which concerns on the 1st Embodiment of this invention. It is a sequence diagram which shows the process sequence example of the apparatus setting which concerns on the 1st Embodiment of this invention. It is a flowchart which shows the example of a process sequence of the apparatus authentication which concerns on the modification of this invention. It is a figure which shows the data transition example (sort example) of the authentication management information which concerns on the modification of this invention. It is a figure which shows the structural example of the apparatus management function which concerns on the 2nd Embodiment of this invention. It is a figure which shows the example of data of the group management information which concerns on the 2nd Embodiment of this invention. It is a sequence diagram which shows the process sequence example (the 1) of the apparatus registration which concerns on the 2nd Embodiment of this invention. It is a sequence diagram which shows the process sequence example (the 2) of the apparatus registration which concerns on the 2nd Embodiment of this invention. It is a figure which shows the structural example (the 1) of the apparatus management system which concerns on the modification of this invention. It is a figure which shows the structural example (the 2) of the apparatus management system which concerns on the modification of this invention.

  DESCRIPTION OF EMBODIMENTS Hereinafter, preferred embodiments of the present invention (hereinafter referred to as “embodiments”) will be described in detail with reference to the drawings.

[First Embodiment]
<System configuration>
FIG. 1 is a diagram illustrating a configuration example of a device management system 1 according to the present embodiment.
FIG. 1 shows a configuration example in which one or a plurality of devices 200 and a device management apparatus (device management server) 100 are connected by a data transmission path N (for example, “LAN: Local Area Network”) such as a network. Has been.

  The device 200 is, for example, an image processing device used for work in office work, and becomes a management target device of the device management apparatus 100.

  The device management apparatus 100 is an information processing apparatus that centrally manages the device 200 based on device information acquired from the device 200 (for example, “device identification information” and “status information”). Examples of the integrated management include device monitoring / operation and device information management. The device management apparatus 100 is an information processing apparatus that transmits setting information to the device 200 and remotely configures the device 200.

  In the present embodiment, the device 200 requires device authentication for device management processing via the data transmission path N. Therefore, the device management apparatus 100 attempts device authentication based on the authentication information for the device 200, and performs device management processing such as device information acquisition and device setting after successful authentication.

  As described above, the device management system 1 can provide a device management service with the above system configuration.

<Hardware configuration>
FIG. 2 is a diagram illustrating a hardware configuration example of the device management apparatus 100 according to the present embodiment.
As shown in FIG. 2, the device management apparatus 100 includes an input device 101, a display device 102, a drive device 103, a RAM (Random Access Memory) 104, a ROM (Read Only Memory) 105, a CPU (Central Processing Unit) 106, an interface. A device 107, an HDD (Hard Disk Drive) 108, and the like are provided and are connected to each other via a bus B.

  The input device 101 includes a keyboard and a mouse, and is used to input each operation signal to the device management apparatus 100. The display device 102 includes a display and the like, and displays a processing result by the device management device 100.

  The interface device 107 is an interface that connects the device management apparatus 100 to a predetermined data transmission path N. Accordingly, the device management apparatus 100 can communicate with the device 200 via the interface device 107.

  The HDD 108 is a non-volatile storage device that stores various programs and data. The stored program and data include, for example, an information processing system (“Windows (trademark or registered trademark): omitted)” or “UNIX (trademark or registered trademark: omitted)” that controls the entire device management apparatus 100. There are OS (Operating System) which is basic software, and applications that provide various functions on the information processing system. The HDD 108 manages the stored program and data by a predetermined file system and / or DB (Data Base).

  The drive device 103 is an interface with a removable recording medium 103a. As a result, the device management apparatus 100 can read and / or write to the recording medium 103 a via the drive apparatus 103. Examples of the recording medium 103a include a floppy (trademark or registered trademark: abbreviated below) disk, a CD (Compact Disk), a DVD (Digital Versatile Disk), an SD memory card (SD Memory Card), and a USB memory (Universal Serial Bus). Memory).

  The ROM 105 is a nonvolatile semiconductor memory (storage device) that can retain internal data even when the power is turned off. The ROM 105 stores data such as a basic input / output system (BIOS) that is executed when the device management apparatus 100 is activated, and system settings and network-related settings of the device management apparatus 100.

  The RAM 104 is a volatile semiconductor memory (storage device) that temporarily stores programs and data read from the various storage devices. The CPU 106 reads the program onto the RAM 104 and executes the program to control the entire apparatus.

  As described above, the device management apparatus 100 can provide various information processing services using installed software with the above hardware configuration.

<Device management function>
A device management function according to the present embodiment will be described.
In the device management apparatus 100 according to the present embodiment, when a device management process is requested to the device 200 remotely, the device management information 100 refers to device management information in which device identification information and group identification information of a group to which the device belongs are associated. The group identification information is acquired based on the device identification information. Subsequently, the device management apparatus 100 refers to authentication management information in which the group identification information and a plurality of authentication information assigned to the group are associated with each other, and based on the acquired group identification information, converts the plurality of authentication information to device authentication. Acquire as an authentication candidate to try sometimes. Subsequently, the device management apparatus 100 sequentially transmits candidate authentication information to the device 200 using a communication protocol to perform device authentication. As a result, the device management apparatus 100 executes the requested device management process using the authentication information that has been successfully authenticated. The device management apparatus 100 has such a device management function.

FIG. 3 is a diagram illustrating an operation example of device authentication performed by the device management apparatus 100.
(A) shows a conventional operation example, and (B) shows an operation example of this embodiment. Incidentally, in FIG. 3, for simplification of the description, the device management apparatus 100 manages the equipment (1) 200 ₁ and equipment (2) ₂₀₀ 2 (two devices), from the authentication information (1) 10 ₁ A configuration example in which authentication information (5) 10 ₅ (five authentication information) is held is shown.

As shown in (A), the conventional device management apparatus 100 includes five pieces of authentication information 10 that are authentication candidates (since five pieces of authentication information are registered), so that the device (1) 200 ₁ a device (2) with respect to 200 ₂ and attempts to device authentication five times each. As a result, the device management apparatus 100 has a total of 10 device authentication challenges.

  As described above, in the conventional method, since one device 200 attempts device authentication by the number of registered authentication information 10 (hereinafter referred to as “authentication information 10” when collectively referred to), management is performed. If there are many target devices, the authentication process takes time. As a result, conventionally, device management processing such as device information acquisition and device setting that requires access to the device 200 takes time, and the performance of the device management function is degraded.

  Therefore, the device management apparatus 100 according to the present embodiment manages the authentication information 10 assumed to be set in the device 200 for each group to which the device 200 belongs, and the range of the authentication information 10 divided for each group. A device authentication is attempted using (a limited range of authentication candidates), and a mechanism for executing the requested device management process using the authentication information 10 that has been successfully authenticated is adopted.

(B), the device management apparatus 100 according to this embodiment, the five authentication information 10 the device (1) 200 ₁ and equipment (2) set to 200 ₂ is assumed, the device (1) 200 and group G1 _{which one} belongs, equipment (2) 200 ₂ is managed by dividing into a group G2 to which it belongs. Specifically, among authentication information (1) 10 ₁ to authentication information (5) 10 ₅ , authentication information (1) 10 ₁ to authentication information (3) 10 ₃ are assigned to group G1, and authentication information (4) 10 ₃ and authentication information (4) 10 ₄ are assigned to the group G2. Thus, the device management apparatus 100 (from the three authentication information as the group G1 is registered) from the authentication information 10 of the group G1 exists three, equipment belonging to the group G1 (1) with respect to 200 ₁ Then, the device authentication may be tried three times. Further, the device management apparatus 100 (since the two authentication information as the group G2 is registered) authentication information 10 of the group G2 is since there are two, with respect to the device (2) 200 ₂ belonging to the group G2 Then, the device authentication may be tried twice. As a result, in the device management apparatus 100, the total number of device authentication challenges is five.

  As described above, the conventional method attempts to perform device authentication extra. In contrast, in the method according to the present embodiment, the range of authentication information 10 to be tried for one device 200 at the time of device authentication is the group G to which the device 200 belongs (hereinafter referred to as “group G” when collectively referred to). Is limited to the range of the authentication information 10 assigned. That is, the authentication candidates used when attempting device authentication are limited to the authentication information 10 assumed to be set to the devices 200 belonging to the group G, and unnecessary device authentication is not required.

  Thereby, in the device management apparatus 100 according to the present embodiment, even when there are many devices to be managed, the number of device authentication challenges can be reduced, the device authentication processing time can be shortened, and the performance of the device management function can be improved. .

The configuration and operation of the device management function will be described below.
FIG. 4 is a diagram illustrating a configuration example of the device management function according to the present embodiment.
The device management apparatus 100 includes a device management control unit 21, a device management information management unit 22, an authentication management information management unit 23, a communication unit 41, and the like.

  The device management control unit 21 is a functional unit that controls requested device management processing. As described above, in the device management processing, device management processing such as device information acquisition and device setting is performed. Therefore, in this embodiment, the apparatus management control part 21 has the apparatus information acquisition part 211, the apparatus setting part 213, etc. as the example.

  The device information acquisition unit 211 is a functional unit that acquires device information from the device 200. The device information acquisition unit 211 designates the authentication information 10 that has been successfully authenticated to the communication unit 41 and the IP address (Internet Protocol address) that is the device identification information, and executes the device information acquisition process for the device 200. Instruct. As a result, the acquisition information is returned from the communication unit 41 to the device information acquisition unit 211.

  The device setting unit 213 is a functional unit that performs device settings for the device 200. The device setting unit 213 designates the authentication information 10 that has been successfully authenticated and the IP address that is device identification information to the communication unit 41 and instructs the device 200 to execute device setting processing. As a result, the setting result is returned from the communication unit 41 to the device setting unit 213.

  The communication unit 41 is a functional unit that performs data communication using a predetermined communication protocol between the apparatus and the device 200 via a network.

  The device management information management unit 22 is a functional unit that manages information related to device management (hereinafter referred to as “device management information”). The device management information management unit 22 accesses the device management information holding unit 31 and performs various data operations on the holding information in response to requests from other functional units (device information acquisition unit or device setting unit). Information is managed. For example, the device management information holding unit 31 holds device management information 31D as shown in FIG. 5 in a predetermined storage area of a storage device included in the device.

FIG. 5 is a diagram illustrating a data example of the device management information 31D according to the present embodiment.
As illustrated in FIG. 5, the device management information 31D includes information items such as group identification, device identification, and status content.

  The [Group Identification] item is an information item indicating the identification of the group G to which the device 200 belongs. The item value is group identification information, for example, data indicating the installation area of the device 200 such as “1F”, “2F”, “Tokyo office”, and “Osaka office”. The “device identification” item is an information item indicating the identification of the device 200. The item value is device identification information. For example, network-related setting data such as “device name” and “IP address”, “machine number (serial number)”, “MAC address (Media Access Control address)” Specific data (unique data) assigned to the device 200. The “status content” item is an information item indicating the status of the device 200. The item value is state information, for example, status data such as “normal” and “abnormal (error)”.

  In the device management information 31D, these information items are associated with each device 200. Each item value of the information item can be set by, for example, an information setting service provided by the device management information management unit 22 via a GUI (Graphical User Interface). In addition, each item value such as a [device identification] item and a [state content] item can be set dynamically based on device information acquired from the device 200.

  For example, the device management information management unit 22 can acquire group identification information, status information, and the like corresponding to the device 200 based on the device identification information with the above data configuration. In addition, the device management information management unit 22 can acquire device identification information and state information corresponding to the devices 200 belonging to the group G based on the group identification information. The device management information management unit 22 responds to the operation request source with various information acquired in this way (passes the acquired information).

  Returning to the description of FIG. The authentication management information management unit 23 is a functional unit that manages information related to device authentication (hereinafter referred to as “authentication management information”). The authentication management information management unit 23 accesses the authentication management information holding unit 32, performs various data operations on the held information in response to requests from other functional units, and manages the information. The authentication management information holding unit 32 is, for example, a predetermined storage area of a storage device included in the device, and holds authentication management information 32D as shown in FIG.

FIG. 6 is a diagram illustrating a data example of the authentication management information 32D according to the present embodiment.
As shown in FIG. 6, the authentication management information 32D has information items such as group identification and authentication candidates. The “authentication candidate” item is an information item indicating an authentication candidate that is assumed to be set to the devices 200 belonging to the group G. The item value is authentication candidate information including a plurality of pieces of authentication information 10, for example, authentication data for each communication protocol such as access information corresponding to SNMP (Simple Network Management Protocol) or SOAP (Simple Object Access Protocol). is there.

  In the authentication management information 32D, these information items are associated with each group G. Each item value of the information item can be set by, for example, an information setting service provided by the authentication management information management unit 23 via the GUI.

  For example, the authentication management information management unit 23 can acquire the authentication information 10 assumed to be set to the devices 200 belonging to the group G based on the group identification information by the above data configuration. The authentication management information management unit 23 responds to the operation request source with the authentication information 10 acquired in this way (passes the acquired information).

  Various data operations performed in the management units 22 and 23 include data registration (addition) / update / deletion, data search / acquisition (including data identification and data extraction), and the like.

  Thus, in this embodiment, the authentication management information 32D manages the authentication information 10 that is assumed to be set in the device 200 for each group G to which the device 200 belongs. Furthermore, in the present embodiment, the device management information 31D and the authentication management information 32D are linked by group identification information.

  As a result, in the device management apparatus 100, the authentication candidates used when attempting device authentication are limited to the authentication information 10 assumed to be set to the devices 200 belonging to the group G, and extra device authentication is performed in the device management processing. You don't have to do it.

  Returning to the description of FIG. The device information acquisition unit 211 included in the device management control unit 21 can acquire authentication candidates used when attempting device authentication for the device information acquisition process as follows. The device information acquisition unit 211 first requests the device management information management unit 22 to acquire the corresponding group identification information based on the device identification information. Subsequently, the device information acquisition unit 211 requests the authentication management information management unit 23 to acquire the corresponding authentication information based on the acquired group identification information. As a result, the device information acquisition unit 211 acquires the plurality of returned authentication information 10 as authentication candidates. In the device setting unit 213, authentication candidates can be acquired by the same process.

  The device management control unit 21 performs device authentication before device information acquisition processing and device setting processing based on the authentication candidates acquired in this way. Therefore, the device management control unit 21 has a device authentication unit 212.

  The device authentication unit 212 is a functional unit that performs device authentication for the device 200. In response to a request from a function unit (device information acquisition unit or device setting unit) that performs remote processing on the device 200, the device authentication unit 212 passes a plurality of authentication information 10 that are authentication candidates to the communication unit 41. The device 200 is instructed to execute device authentication processing.

  When the communication unit 41 receives an instruction to execute a device authentication process from the device authentication unit 212, the communication unit 41 performs the following process and attempts device authentication. The communication unit 41 transmits the authentication information 10 as a candidate for correspondence to the device 200 using a supported communication protocol. At this time, in the communication unit 41, based on the authentication information 10 received from the device authentication unit 212, a communication protocol (a communication protocol corresponding to the authentication information) used when transmitting the authentication information is selected and determined from the supported communication protocols. As a result, the communication unit 41 returns the authentication result acquired from the device 200 to the device authentication unit 212. In addition, the communication unit 41 sequentially transmits a plurality of pieces of authentication information 10 that are authentication candidates to the device 200. That is, the communication unit 41 attempts device authentication with the number of authentication candidates as the maximum number of challenges. However, when the device authentication is successful, the communication unit 41 returns the authentication result so far to the device authentication unit 212, and stops transmitting the remaining authentication information 10 (trial authentication).

  When the authentication result returned in this way is “successful”, the device authentication unit 212 returns the corresponding authentication information 10 (authentication information that has been successfully authenticated) to the functional unit that is the device authentication request source.

  Accordingly, in the device management control unit 21, device management processing using the authentication information 10 that has been successfully authenticated by the device information acquisition unit 212 or the device setting unit 213 that performs remote processing on the device 200 is executed. .

  As described above, the device management function according to the present embodiment is realized by the operation of each of the above functional units. Even when there are many devices to be managed, the number of device authentication challenges is reduced, and the device authentication function is reduced. Processing time can be shortened and functional performance can be improved.

  Next, a detailed operation of the device management function (operation of function unit group) will be described with reference to a sequence diagram showing a processing procedure.

  In the device management function according to the present embodiment, software (a program for realizing the device management function) installed (installed) in the device management apparatus 100 is read from the storage location (for example, “HDD”) onto the RAM 104 by the CPU 106. This is realized by executing the following processing.

  Hereinafter, device information acquisition processing and device setting processing performed in the device management function will be described as an example.

<< Device information acquisition process >>
FIG. 7 is a sequence diagram illustrating a processing procedure example of device information acquisition according to the present embodiment.
As illustrated in FIG. 7, in the device management apparatus 100, when the device information acquisition unit 211 receives a request to start a device monitoring operation (step S101), the function unit performs an operation of acquiring device information from the device 200. (Step S102).

  The device information acquisition unit 211 first requests the device management information management unit 22 to acquire group identification information of the group G to which the device 200 that acquires the device information belongs (step S103). At this time, the device management information management unit 22 passes the device identification information of the device 200 to the device management information management unit 22 and makes a group information acquisition request.

  Upon receiving the device identification information, the device management information management unit 22 accesses the device management information holding unit 31, refers to the [device identification] item of the device management information 31D based on the device identification information, and corresponds to the [group identification] ] The item value (group identification information) of the item is acquired (step S104: group identification information acquisition procedure). The device management information management unit 22 returns the acquired group identification information to the device information acquisition unit 211.

  Subsequently, the device information acquisition unit 211 requests the authentication management information management unit 23 to acquire a plurality of pieces of authentication information 10 (authentication candidate information) used when attempting device authentication (step S105). At this time, the device information acquisition unit 211 passes the group identification information acquired in step S104 to the authentication management information management unit 23, and makes an authentication candidate information acquisition request.

  Upon receiving the group identification information, the authentication management information management unit 23 accesses the authentication management information holding unit 32, refers to the [group identification] item of the authentication management information 32D based on the group identification information, and selects the corresponding [authentication candidate]. ] The item value (a plurality of authentication information) of the item is acquired as authentication candidate information (step S106: authentication candidate information acquisition procedure). The authentication management information management unit 23 responds the acquired authentication candidate information to the device information acquisition unit 211.

  Thus, in the device management apparatus 100, the authentication information 10 that is assumed to be set in the device 200 is managed separately for each group G to which the device 200 belongs by the authentication management information 32D. Furthermore, in the device management apparatus 100, the device management information 31D and the authentication management information 32D are linked by group identification information.

  Subsequently, the device information acquisition unit 211 requests a device authentication challenge from the device authentication unit 212 (step S107). At this time, the device information acquisition unit 211 passes the authentication candidate information acquired in step S106 to the device authentication unit 212 and makes a device authentication request.

  Upon receiving the authentication candidate information, the device authentication unit 212 instructs the communication unit 41 to execute device authentication processing (step S108). At this time, the device authentication unit 212 passes the authentication candidate information to the communication unit 41 and instructs execution of device authentication processing in which the number of authentication candidates is the maximum number of challenges.

  When a plurality of pieces of authentication information 10 are included as authentication candidates, the communication unit 41 repeatedly attempts device authentication for one device 200 by the number of candidate authentication information 10. Specifically, the following processing is executed.

The communication unit 41 transmits the authentication information (1) 10 ₁ authentication information (N) in order to 10 _n, to the device 200 using the corresponding communication protocol (step S109), from the device 200, the authentication result (1) The authentication result (N) is received as response information. The communication unit 41 returns the received authentication result [success / failure] to the device authentication unit 212.

  As described above, in the device management apparatus 100, the authentication candidates used when attempting device authentication are limited to the authentication information 10 that is assumed to be set in the devices 200 belonging to the group G. Do not authenticate.

  When the received authentication result is “success”, the communication unit 41 ends the challenge of device authentication at that time, and returns the authentication result to the device authentication unit 212. Further, when the received authentication result is “failure”, the communication unit 41 ends the challenge of device authentication when it has challenged all N pieces of authentication information, and returns the authentication result to the device authentication unit 212.

  As a result, when the acquired authentication result is “success”, the device authentication unit 212 identifies the authentication information 10 that has succeeded in device authentication from the authentication candidate information, and uses the identified authentication information 10 (corresponding authentication information). It responds to the device information acquisition unit 211. When the authentication result is “failure”, information for notifying the fact (for example, “authentication error information”) is issued.

  The device information acquisition unit 211 instructs the communication unit 41 to execute device information acquisition processing based on the received corresponding authentication information (step S110). At this time, the device information acquisition unit 211 passes the corresponding authentication information to the communication unit 41, further specifies a communication protocol corresponding to the corresponding authentication information, and instructs execution of the device information acquisition process.

  The communication unit 41 acquires device information after performing device authentication based on the received authentication information 10 using the designated communication protocol for the device 200 (step S111). At this time, the communication unit 41 acquires device information by transmitting an information acquisition command corresponding to the communication protocol to the device 200. The communication unit 41 returns the acquired device information to the device information acquisition unit 211.

  As described above, in the device management apparatus 100, the processing from step S103 to S111 is repeatedly executed by the device management control unit 21 for the number of information acquisition target devices (device management control procedure).

  Finally, the device information acquisition unit 211 updates the registration information of the corresponding device 200 based on the one or more pieces of device information acquired in this way (step S112).

《Device setting processing》
FIG. 8 is a sequence diagram illustrating an example of a processing procedure for device setting according to the present embodiment. Since the processing procedure shown in FIG. 8 includes substantially the same processing as the processing procedure shown in FIG. 7, the details of the substantially same processing are omitted.

  As illustrated in FIG. 8, in the device management apparatus 100, when the device setting unit 213 receives a device information setting operation start request (step S201), an operation for setting device information in the device 200 is executed by the function unit. (Step S202).

  First, the device setting unit 213 requests the device management information management unit 22 to obtain group identification information of the group G to which the device 200 for which device information is set belongs (step S203).

  The device management information management unit 22 accesses the device management information holding unit 31, and acquires the corresponding group identification information from the device management information 31D based on the device identification information (step S204). The device management information management unit 22 returns the acquired group identification information to the device information acquisition unit 211.

  Subsequently, the device setting unit 213 requests the authentication management information management unit 23 to acquire a plurality of pieces of authentication information 10 (authentication candidate information) used when attempting device authentication (step S205).

  The authentication management information management unit 23 accesses the authentication management information holding unit 32, and acquires a plurality of corresponding authentication information 10 as authentication candidate information from the authentication management information 32D based on the group identification information (step S206). The authentication management information management unit 23 responds the acquired authentication candidate information to the device setting unit 213.

  Subsequently, the device setting unit 213 requests a device authentication challenge from the device authentication unit 212 (step S207).

  Upon receiving the authentication candidate information, the device authentication unit 212 instructs the communication unit 41 to execute device authentication processing (step S208).

  When a plurality of pieces of authentication information 10 are included as authentication candidates, the communication unit 41 repeatedly attempts device authentication for one device 200 by the number of candidate authentication information 10. Specifically, the following processing is executed.

The communication unit 41 transmits the authentication information (1) 10 ₁ authentication information (N) in order to 10 _n, to the device 200 using the corresponding communication protocol (step S209), from the device 200, the authentication result (1) The authentication result (N) is received as response information. The communication unit 41 returns the received authentication result [success / failure] to the device authentication unit 212.

  Thus, the device management apparatus 100 does not perform extra device authentication in the device setting process.

  As a result, when the acquired authentication result is “success”, the device authentication unit 212 identifies the authentication information 10 that has succeeded in device authentication from the authentication candidate information, and uses the identified authentication information 10 (corresponding authentication information). It responds to the device setting unit 213.

  The device setting unit 213 instructs the communication unit 41 to execute device setting processing based on the received authentication information (step S210). At this time, the device setting unit 213 passes the corresponding authentication information and setting information to the communication unit 41, further specifies a communication protocol corresponding to the corresponding authentication information, and instructs execution of the device setting process.

  The communication unit 41 performs device authentication based on the received authentication information 10 using the designated communication protocol for the device 200, and then sets the received device information (step S211). At this time, the communication unit 41 sets device information by transmitting an information setting command corresponding to the communication protocol to the device 200. The communication unit 41 returns the device setting result to the device setting unit 213.

  As described above, in the device management apparatus 100, the processing from step S203 to S211 is repeatedly executed by the device management control unit 21 for the number of setting target devices.

  Finally, the device setting unit 213 responds to the device setting request source with the device setting result received in this way.

《Device authentication request processing》
Here, a modified example of a processing procedure related to device authentication by the device authentication unit 212 and the communication unit 41 will be described.

  7 and 8, the communication unit 41 performs device authentication in the order in which the authentication candidate information (a plurality of authentication information) from the device authentication unit 212 is received.

  Among the authentication candidates assumed to be set in the device 200, there is authentication information 10 that is commonly set in a plurality of devices 200 belonging to the same group G. Therefore, in order to further shorten the device authentication processing time, it is desirable to perform processing in order from authentication information 10 having a high authentication success rate (a large number of successful authentications) at the time of device authentication.

  As described above, in this modification, a priority order based on the number of successful authentications is assigned to a plurality of authentication information 10 that are authentication candidates, and device authentication is attempted according to this priority order, whereby the number of challenges during device authentication is determined. Minimize.

Hereinafter, a data transition example of the authentication management information 32D according to the present modification will be shown, and a specific processing procedure example will be described.
FIG. 9 is a flowchart illustrating an example of a device authentication processing procedure according to the present modification. FIG. 10 is a diagram showing a data transition example (sort example) of the authentication management information 32D according to this modification.

  As illustrated in FIG. 9, the device authentication unit 212 receives authentication candidate information (managed by the authentication management information 32 </ b> D in association with the group G to which the processing target device 200 belongs from the device information acquisition unit 211 or the device setting unit 213. A plurality of authentication information assigned to the group G) is received (step S11). This processing corresponds to the processing in step S107 in FIG. 7 and step S207 in FIG.

  Subsequently, the device authentication unit 212 requests the communication unit 41 for device authentication based on the authentication candidate information (step S12). This processing corresponds to the processing in step S108 in FIG. 7 and step S208 in FIG. At this time, the device authentication unit 212 passes to the communication unit 41 a value obtained by accumulating the past success count for each authentication information 10 that is an authentication candidate (success count cumulative value). In this modification, it is assumed that the success count cumulative value is recorded and managed in association with each authentication data of the [authentication candidate] item in the authentication management information 32D, for example, as shown in FIG. . Therefore, the device authentication unit 212 receives the cumulative number of successes together with the authentication candidate information in the process of step S11.

  Based on the cumulative number of successes, the communication unit 41 transmits to the device 200 the authentication information 10 included in the authentication candidate information in the descending order of the number of successes (in descending order of the cumulative number of successes). Is executed (step S13). This processing corresponds to the processing in step S109 in FIG. 7 and step S209 in FIG.

  As a result, the communication unit 41 receives the authentication result [success / failure] from the device 200 (step S14).

  Subsequently, the communication unit 41 determines whether the authentication is successful based on the received authentication result (step S15).

  When determining that the authentication has failed (step S15: NO), the communication unit 41 determines whether or not the device authentication has been challenged for all the authentication information 10 that are authentication candidates (step S16). During the authentication failure, the communication unit 41 performs device authentication according to the order of the highest number of successes for all authentication candidates (transition to step S14).

  On the other hand, if the communication unit 41 determines that the authentication is successful (step S15: YES), the communication unit 41 counts the number of successes of the authentication information 10 (corresponding authentication information) that has been successfully authenticated (step S17). For example, when receiving the authentication candidate information, the communication unit 41 secures a storage area for holding the count value of the authentication information 10 for which device authentication is attempted on the memory, and stores the storage area in the secured storage area in step S15. Record the count value. The communication unit 41 returns the stored count value to the device authentication unit 212 together with the authentication result [success].

  As a result, the device authentication unit 212 updates the cumulative number of successful authentication information based on the count value (step S18).

  Subsequently, the device authentication unit 212 rearranges (sorts) the authentication information 10 as authentication candidates in descending order of the number of successes based on the updated success number accumulated value (step S19).

  As a result of the above processing, the device authentication unit 212 performs, for example, data operations as shown in FIGS. 10A to 10C on the authentication management information 32D received as the authentication candidate information. In the following description using FIG. 10, the device authentication unit 212 uses the authentication management information 32D (authentication candidate information including authentication information (1) and (2)) shown in FIG. This is an explanation when it is received from the information acquisition unit 211 or the device setting unit 213.

In step S12, the communication unit 41 receives the authentication management information 32D from the device authentication unit 212. In step S13, the communication unit 41 attempts device authentication in the order of authentication information (1) 10 ₁ and (2) 10 ₂ . As a result, the communication unit 41 has successfully device authentication with the authentication information (2) 10 _2, and the authentication result success and the count value [1] and, returned to the equipment authentication section 212.

In this case, the device authentication unit 212, in step S18, as shown in FIG. 10 (B), the authentication information included in the authentication management information 32D ₍₂₎ 10 2 success count accumulation value [3], the count received The value [1] is added and updated to the accumulated value [4].

Subsequently, in step S19, the device authentication unit 212, as shown in FIG. 10C, the authentication information (1) 10 ₁ , (2) 10 in the authentication management information based on the updated success count cumulative value. Sort ₂ in descending order of success.

  Thereafter, the device authentication unit 212 responds the corresponding authentication information to the device information acquisition unit 211 or the device setting unit 213 (step S20). Further, the device authentication unit 212 passes the authentication management information 32D including the authentication candidate information in which the authentication information 10 is rearranged and the corresponding accumulated number of success times to the authentication management information management unit 234, and is held. An update of the authentication management information 32D is requested (step S21).

  As described above, in the device management apparatus 100, the authentication candidates used when attempting device authentication are limited to the authentication information 10 assumed to be set in the devices 200 belonging to the group G, and in the device information acquisition process or the device setting process. Do not perform extra device authentication. Furthermore, since the device management apparatus 100 attempts device authentication in descending order of the authentication success rate, the number of challenges at the time of device authentication can be reduced and the processing time of device authentication can be further shortened.

  In the example of the processing procedure illustrated in FIG. 9, an example is shown in which the success count cumulative value of the authentication information 10 that is an authentication candidate is updated every time the device 200 is authenticated. For example, after the device authentication process for the information acquisition target or setting target device 200 is finished, the success count cumulative value of the authentication information 10 as the authentication candidate may be updated. In this case, in the next device information acquisition process or device setting process, device authentication is attempted based on the latest success count cumulative value.

<Summary>
As described above, according to the device management apparatus 100 according to the present embodiment, when device management processing (device information acquisition processing or device setting processing) is requested remotely from the device 200, the device information acquisition unit 212 or the device The setting unit 213 refers to the device management information 31D held in the device management information holding unit 31, and acquires group identification information based on the device identification information. Subsequently, in the device management apparatus 100, the device information acquisition unit 212 or the device setting unit 213 refers to the authentication management information 32D held in the authentication management information holding unit 32, and performs a plurality of authentications based on the acquired group identification information. Information 10 is acquired as an authentication candidate (authentication candidate information) to be tried during device authentication. Subsequently, in the device management apparatus 100, the device authentication unit 212 sequentially transmits the candidate authentication information 10 to the device 200 using the communication protocol via the communication unit 41, and performs device authentication. As a result, in the device management apparatus 100, the device information acquisition unit 212 or the device setting unit 213 that has received the authentication result from the device authentication unit 212 executes device management processing using the authentication information 10 that has been successfully authenticated.

  As a result, the device management apparatus 100 can reduce the number of device authentication challenges in device information acquisition processing and device setting processing even when there are many devices to be managed, reduce device authentication processing time, Performance can be improved.

[Second Embodiment]
In the first embodiment, the configuration example of the device management function that performs remote device information acquisition processing or device setting processing based on the registered device management information has been described.

  Therefore, in this embodiment, after detecting a device connected to the network, device information is acquired from the detected device, registered in the device management information, and device management that associates the detected device with authentication management information. A functional configuration example will be described. That is, in the present embodiment, a configuration example will be described in which the number of device authentication challenges can be reduced, the device authentication processing time can be shortened, and the performance of the device management function can be improved even when there are many registration target devices.

  Hereinafter, only items different from the first embodiment will be described. Therefore, the description about the same matter is abbreviate | omitted and the same referential mark as 1st Embodiment is attached | subjected.

<Device management function>
FIG. 11 is a diagram illustrating a configuration example of the device management function according to the present embodiment.
The difference between the configuration example shown in FIG. 11 and the configuration example shown in FIG. 4 is that the device management control unit 21 has a device detection unit 214 and a device registration unit 215, and a group management information management unit 24. is there.

  The device detection unit 214 is a functional unit that detects the device 200 that participates in the device management system 1 (connected to the network). In response to a request from a function unit (device registration unit) that registers the device 200 as a management target, the device detection unit 214 instructs the communication unit 41 to execute device detection processing.

  When the communication unit 41 receives an instruction to execute a device detection process from the device detection unit 214, the communication unit 41 performs the following process to perform device detection. The communication unit 41 broadcasts to the device 200 using a supported communication protocol. As a result, the communication unit 41 receives the detection result from the device 200 and returns it to the device detection unit 214. Here, the detection result received by the communication unit 41 is, for example, network-related setting data (device identification information) such as an IP address or a MAC address, and devices such as status data acquired by the device information acquisition unit 212. It is different from the device information including 200 detailed information. Further, the communication unit 41 may perform device detection by Ping sweep, unicast, multicast, or the like when a predetermined network range (for example, “IP address range”) is designated as the detection range by the device detection unit 214. Good.

  The device registration unit 215 is a functional unit that registers the detected device 200 as a management target device. The device registration unit 215 first refers to the device management information 31D held in the device management information holding unit 31, and the detected device 200 is managed based on the device identification information acquired from the device 200 at the time of detection. It is determined whether or not it is already registered. When the device registration unit 215 determines that the detected device 200 is an unregistered device, the device registration unit 215 adds / registers device identification information and device information acquired from the device 200 after device authentication to the device management information 31D.

  In order to perform such device registration, the device registration unit 215 needs to know which group G the detected device 200 belongs to. Therefore, in this embodiment, the group management information management unit 24 is provided.

  The group management information management unit 24 is a functional unit that manages information related to the group G (hereinafter referred to as “group management information”). The group management information management unit 24 accesses the group management information holding unit 33, performs various data operations on the held information in response to requests from other functional units, and manages information. The group management information holding unit 33 is, for example, a group storage information 33D as shown in FIG. 12 corresponding to a predetermined storage area of a storage device included in the device.

FIG. 12 is a diagram illustrating a data example of the group management information 33D according to the present embodiment.
As shown in FIG. 12, the group management information 33D has information items such as a group identification and a network map. The [Network Map] item is an information item indicating a network setting range assigned to the devices 200 belonging to the group G. The item value is device identification information, and includes, for example, range data represented by an IP address assigned to the device 200.

  In the group management information 33D, these information items are associated with each group G. Each item value of the information item can be set by, for example, an information setting service provided by the group management information management unit 24 via the GUI.

  For example, the group information management unit 24 can acquire the group identification information to which the device 200 belongs based on the device identification information with the above data configuration. The group management information management unit 24 responds to the operation request source with the group identification information acquired in this way (passes the acquired information).

  Various data operations performed in the group management information management unit 24 include data registration (addition) / update / deletion, data search / acquisition (including data identification and data extraction), and the like.

  As described above, the device management apparatus 100 can specify the group identification information of the group G to which the device 200 belongs based on the device identification information of the detected device 200 when the device is detected.

  Returning to the description of FIG. The device registration unit 215 registers the identified group identification information in the device management information 31D together with the device identification information and the device information acquired from the device 200 after device authentication. The device registration unit 215 can acquire an authentication candidate used when attempting device authentication for device registration acquisition processing as follows. The device registration unit 215 requests the authentication management information management unit 23 to acquire the corresponding authentication information based on the group identification information specified at the time of device detection. As a result, the device registration unit 215 acquires the plurality of authentication information 10 that has been responded as authentication candidates.

  Thereby, the device management apparatus 100 can dynamically associate the device management information 31D of the detected device 200 with the authentication management information 32D of the authentication candidate used when attempting device authentication in the device registration process. it can. Therefore, the work burden on the administrator at the time of device registration is reduced.

  Next, a detailed operation of the device management function (operation of function unit group) will be described with reference to a sequence diagram showing a processing procedure.

  Hereinafter, two device registration processes performed in the device management function will be described as an example. Note that the device information acquisition process and the device setting process are the same processing procedures as those in the first embodiment, and thus description thereof is omitted.

[Device registration processing: Device registration by device detection]
FIG. 13 is a sequence diagram illustrating a processing procedure example (part 1) of device registration according to the present embodiment. FIG. 13 shows an example of a processing procedure for registering the detected device 200 after device detection by broadcast.

  As illustrated in FIG. 13, when the device registration unit 215 receives a request to start a device registration operation (step S301), the device management apparatus 100 performs an operation of registering the device 200 without “registered device designation” by the function unit. Is executed (step S302).

  First, the device registration unit 215 requests the device detection unit 214 to detect the device 200 connected to the network (step S303).

  Upon receiving the device detection request, the device detection unit 214 instructs the communication unit 41 to execute device detection processing (step S304).

  The communication unit 41 broadcasts to all the devices 200 connected to the network and detects the devices 200 (step S305). At this time, the communication unit 41 acquires device identification information such as network-related setting data by transmitting an information acquisition command corresponding to the communication protocol to the device 200. The communication unit 41 returns the received device identification information to the device detection unit 214.

  As a result, the device detection unit 214 responds to the device registration unit 215 with the device identification information of the detected device 200.

  Subsequently, upon receiving the detection result, the device registration unit 215 determines whether or not the detected device 200 has been registered as a management target device. Specifically, the following processing is performed. The device registration unit 215 requests the device management information management unit 22 to search for the detected device 200 in the device management information (step S306). At this time, the device registration unit 215 passes the device identification information acquired in step S305 to the device management information management unit 22 as a search key, and requests a device search in the device management information.

  When the device management information management unit 22 receives the device identification information, the device management information management unit 22 accesses the device management information holding unit 31 and searches the [device identification] item of the device management information 31D based on the device identification information. Yes / No] is obtained (step S307). The device management information management unit 22 returns the search result to the device registration unit 215.

  As a result, the device registration unit 215 determines whether or not the detected device 200 has been registered based on the received search result. Based on the determination result, the device registration unit 215 determines whether the device 200 is an unregistered device. Register.

  The device registration unit 215 requests the group management information management unit 24 to acquire group identification information of the group G to which the detected device 200 belongs (step S308). At this time, the device registration unit 215 passes the device identification information acquired in step S305 to the group management information management unit 24 and makes a group identification information acquisition request.

  Upon receiving the device identification information, the group management information management unit 24 accesses the group management information holding unit 33, refers to the [network map] item of the group management information 33D based on the device identification information, and corresponds to the [group identification] ] The item value (group identification information) of the item is acquired (step S309). The group management information management unit 24 responds the acquired group identification information to the device registration unit 215.

  Subsequently, upon receiving the group identification information, the device registration unit 215 requests the authentication management information management unit 23 to acquire a plurality of authentication information (authentication candidate information) used when attempting device authentication (step S310). ).

  The authentication management information management unit 23 accesses the authentication management information holding unit 32, and acquires corresponding authentication candidate information from the authentication management information 32D based on the group identification information (step S311). The authentication management information management unit 23 returns the acquired authentication candidate information to the device registration unit 215.

  Subsequently, the device registration unit 215 requests a device authentication challenge from the device authentication unit 212 (step S312).

  Upon receiving the authentication candidate information, the device authentication unit 212 instructs the communication unit 41 to execute device authentication (step S313).

  When a plurality of pieces of authentication information 10 are included as authentication candidates, the communication unit 41 repeatedly attempts device authentication for one device 200 by the number of candidate authentication information 10. Specifically, the following processing is executed.

The communication unit 41 transmits the authentication information (1) 10 ₁ authentication information (N) in order to 10 _n, to the device 200 using the corresponding communication protocol (step S314), from the device 200, the authentication result (1) The authentication result (N) is received as response information. The communication unit 41 returns the received authentication result [success / failure] to the device authentication unit 212.

  As described above, the device management apparatus 100 limits the authentication candidates used when attempting device authentication to the authentication information 10 that is assumed to be set to the devices 200 belonging to the group G. In the device registration process, redundant device authentication is performed. Do not do.

  As a result, when the acquired authentication result is “success”, the device authentication unit 212 identifies the authentication information 10 that has succeeded in device authentication from the authentication candidate information, and uses the identified authentication information 10 (corresponding authentication information). Return to the device registration unit 215.

  The device registration unit 215 requests the device 200 to acquire device information to be registered based on the received authentication information (step S315). At this time, the device registration unit 215 passes the corresponding authentication information to the communication unit 41, further specifies a communication protocol corresponding to the corresponding authentication information, and instructs execution of the device information acquisition process.

  The communication unit 41 acquires device information after performing device authentication based on the received authentication information 10 using the designated communication protocol for the device 200 (step S316). At this time, the communication unit 41 acquires device information by transmitting an information acquisition command corresponding to the communication protocol to the device 200. The communication unit 41 returns the acquired device information to the device registration unit 215.

  The device registration unit 215 updates the registration information of the corresponding device 200 based on the device information acquired in this way. Specifically, the following processing is executed.

  The device registration unit 215 requests the device management information management unit 22 to register the detected device 200 in the device management information 31D (step S317). At this time, the device registration unit 215 passes the device identification information acquired in step S305, the group identification information acquired in step S309, and the device information acquired in step S316 to the device management information management unit 22, and the device management information Request device registration in 31D.

  Upon receiving the various types of registration information, the device management information management unit 22 accesses the device management information holding unit 31 to store the various types of registration information in the [group identification] item, the [device identification] item, and the [status] of the device management information 31D. Content] is added as a new item value of the item (step S318). The device management information management unit 22 returns the registration result to the device registration unit 215.

  As described above, in the device management apparatus 100, the processing from step S308 to S318 is repeatedly executed by the device management control unit 21 for the number of unregistered devices.

《Device registration processing: Device registration by specifying the registered device》
FIG. 14 is a sequence diagram illustrating a processing procedure example (part 2) for device registration according to the present embodiment. FIG. 14 shows an example of a processing procedure for registering a device 200 designated for registration. Note that the processing procedure shown in FIG. 14 includes substantially the same processing as the processing procedure shown in FIG. 13, and therefore the details of the substantially same processing will be omitted.

  As shown in FIG. 14, when the device registration unit 215 receives a request for starting a device registration operation (step S401), the device management apparatus 100 performs an operation of registering the device 200 with “registered device specified” by the function unit. Is executed (step S402). The registration target device designation method includes, for example, device identification information designation based on an IP address assigned to a registration target device 200, an IP address range assigned to a plurality of registration target devices 200, and the like.

  As a result, the device registration unit 215 performs device registration of the registered designated device based on the designated device identification information.

  The device registration unit 215 requests the group management information management unit 24 to acquire group identification information of the group G to which the registered device 200 belongs (step S403). At this time, the device information acquisition unit 211 passes the device identification information acquired in step S401 to the group management information management unit 24, and makes a group identification information acquisition request.

  Upon receiving the device identification information, the group management information management unit 24 accesses the group management information holding unit 33, and acquires corresponding group identification information from the group management information 33D based on the device identification information (step S404). The group management information management unit 24 responds the acquired group identification information to the device registration unit 215.

  Subsequently, upon receiving the group identification information, the device registration unit 215 requests the authentication management information management unit 23 to obtain a plurality of authentication information (authentication candidate information) used when attempting device authentication (step S405). ).

  The authentication management information management unit 23 accesses the authentication management information holding unit 32, and acquires corresponding authentication candidate information from the authentication management information 32D based on the group identification information (step S406). The authentication management information management unit 23 returns the acquired authentication candidate information to the device registration unit 215.

  Subsequently, the device registration unit 215 requests a device authentication challenge from the device authentication unit 212 (step S407).

  Upon receiving the authentication candidate information, the device authentication unit 212 instructs the communication unit 41 to execute device authentication (step S408).

  When a plurality of pieces of authentication information 10 are included as authentication candidates, the communication unit 41 repeatedly attempts device authentication for one device 200 by the number of candidate authentication information 10. Specifically, the following processing is executed.

The communication unit 41 transmits the authentication information (1) 10 ₁ authentication information (N) in order to 10 _n, to the device 200 using the corresponding communication protocol (step S409), from the device 200, the authentication result (1) The authentication result (N) is received as response information. The communication unit 41 returns the received authentication result [success / failure] to the device authentication unit 212.

  As a result, when the acquired authentication result is “success”, the device authentication unit 212 identifies the authentication information 10 that has succeeded in device authentication from the authentication candidate information, and uses the identified authentication information 10 (corresponding authentication information). Return to the device registration unit 215.

  The device registration unit 215 requests the device 200 to acquire device information to be registered based on the received authentication information (step S410). At this time, the device registration unit 215 passes the corresponding authentication information to the communication unit 41, further specifies a communication protocol corresponding to the corresponding authentication information, and instructs execution of the device information acquisition process.

  The communication unit 41 acquires device information after performing device authentication based on the received authentication information 10 using the designated communication protocol for the device 200 (step S411). The communication unit 41 returns the acquired device information to the device registration unit 215.

  The device registration unit 215 updates the registration information of the corresponding device 200 based on the device information acquired in this way. Specifically, the following processing is executed.

  The device registration unit 215 requests the device management information management unit 22 to register the detected device 200 in the device management information 31D (step S412). At this time, the device registration unit 215 passes the device identification information acquired in step S401, the group identification information acquired in step S404, and the device information acquired in step S411 to the device management information management unit 22, and the device management information Request device registration in 31D.

  Upon receiving the various types of registration information, the device management information management unit 22 accesses the device management information holding unit 31 to store the various types of registration information in the [group identification] item, the [device identification] item, and the [status] of the device management information 31D. Content] is added as a new item value of the item (step S413). The device management information management unit 22 returns the registration result to the device registration unit 215.

  As described above, in the device management apparatus 100, the processing from step S403 to S413 is repeatedly executed by the device management control unit 21 for the number of registered designated devices.

<Summary>
As described above, in the device management apparatus 100 according to the present embodiment, even when there are many registration target devices, the number of device authentication challenges in the device registration process can be reduced, and the device authentication processing time can be shortened. The performance of the function can be improved.

<Modification>
From here, the modification of the said apparatus management system 1 is demonstrated. In each of the above embodiments, the device management apparatus 100 has the configuration including the authentication management information 32D, the group management information 33D, and the like, but this is not restrictive. These pieces of information may be managed by an external information processing apparatus (external device) provided with a storage device.

15 and 16 are diagrams illustrating configuration examples (parts 1 and 2) of the device management system 1 according to the present modification.
FIG. 15 shows a system configuration example in which the device management apparatus 100 cooperates with an authentication management apparatus (authentication management server) 300 having an authentication management information management unit 23 and an authentication management information holding unit 32. Also, FIG. 16 illustrates a system configuration example in which the device management apparatus 100 cooperates with a network management apparatus (network management server) 400 having a group management information management unit 24 and a group management information holding unit 33, and an authentication management apparatus 300. It is shown.

  In the present modification, the device management apparatus 100 performs data communication with an external device having the authentication management information 32D, the group management information 33D, and the like via the communication unit 41, so that the device management function described in the above embodiments is performed. Can be realized.

  The above embodiment has been described so far. The “device management function” of the device management apparatus 100 is a programming language suitable for the operating environment (platform). This is realized by the CPU 106 executing the program coded in (1).

  The program can be stored in a computer-readable recording medium 103a. Thus, the program can be installed in the device management apparatus 100 via the drive device 103 or the like by being stored in the recording medium 103a. In addition, since the device management apparatus 100 includes the interface device 107, the program can be downloaded and installed via a telecommunication line.

  Finally, the present invention is not limited to the requirements shown here, such as combinations of other elements with the shapes and configurations described in the above embodiments. With respect to these points, the present invention can be changed within a range that does not detract from the gist of the present invention, and can be appropriately determined according to the application form.

1 device management system 10 authentication information 21 device management control unit 211 device information acquisition unit 212 device authentication unit 213 device setting unit 214 device detection unit 215 device registration unit 22 device management information management unit 23 authentication management information management unit 24 group management information management Unit 31 Device management information holding unit (D: device management information)
32 Authentication management information holding unit (D: Authentication management information)
33 Group management information holding unit (D: group management information)
41 communication unit 100 device management apparatus (device management server)
101 Input Device 102 Display Device 103 Drive Device (a: Recording Medium)
104 RAM (volatile semiconductor memory)
105 ROM (nonvolatile semiconductor memory)
106 CPU (Central Processing Unit)
107 Interface device (NIC: Network I / F Card)
108 HDD (nonvolatile storage device)
200 equipment (image processing device)
300 Authentication management device (authentication management server)
400 Network management device (network management server)
B Bus G Group N Data transmission path (network)

JP-A-2005-182701

Claims (12)

A device management apparatus that manages one or more devices connected by a predetermined data transmission path,
Device management information management means for managing device management information that is associated with device identification information that identifies the device and group identification information that identifies a group to which the device belongs, stored in a storage device included in the device; ,
Authentication management information management means for managing authentication management information stored in the storage device and associated with the group identification information and a plurality of authentication information assigned to the group;
Device management control means for controlling the execution of the requested device management processing,
When remote device management processing is requested to the device,
The device management information management means includes
Based on the device identification information at the time of request, refer to the device management information, obtain group identification information associated with the device identification information at the time of request,
The authentication management information management means includes
Based on the acquired group identification information, refer to the authentication management information, acquire a plurality of authentication information associated with the acquired group identification information as authentication candidates to be tried at the time of device authentication,
The device management control means includes
Device management, wherein device authentication is performed using a predetermined communication protocol based on a plurality of authentication information acquired as authentication candidates, and the device management processing is executed using authentication information that has been successfully authenticated. apparatus. The device management control means has device authentication means for performing the device authentication,
The device authentication means is
Until device authentication is successful or device authentication using all authentication information acquired as authentication candidates is completed,
The device management apparatus according to claim 1, wherein a plurality of pieces of authentication information acquired as authentication candidates are sequentially transmitted to the device. The device authentication means is
The device management apparatus according to claim 2, wherein a communication protocol used when transmitting the authentication information to the device is specified based on the authentication information. The device authentication means is
The device management apparatus according to claim 2 or 3, wherein the device management apparatus transmits the authentication information to the device in order from the authentication information having a large number of successful device authentications. The device authentication means is
Based on the authentication result acquired from the device, for each of the authentication information, record the cumulative number of successful times that is the cumulative value of the number of successful device authentication,
The authentication management information management means includes
Based on the success count cumulative value, the order of the plurality of authentication information included in the authentication management information is rearranged in order of the highest number of device authentication successes,
The device authentication means is
The device management apparatus according to claim 4, wherein a plurality of pieces of authentication information acquired as authentication candidates from the rearranged authentication management information are sequentially transmitted to the device. The device management control means has device information acquisition means for executing the requested device information acquisition processing,
The device information acquisition means
6. The process according to claim 2, wherein an information acquisition command is transmitted to a device that has succeeded in device authentication based on an authentication result returned from the device authentication means, and processing for acquiring device information is executed. The device management apparatus according to any one of the above. The device management control means has device setting means for executing the requested device setting process,
The device setting means includes
Any one of 2 to 6, characterized in that, based on an authentication result returned from the device authentication means, an information setting command is transmitted to a device that has succeeded in device authentication, and processing for setting device information is executed. The device management apparatus according to one item. The device management control means has device registration means for executing the requested device registration processing,
The device registration means
Based on an authentication result returned from the device authentication means, an information acquisition command is transmitted to a device that has succeeded in device authentication, and processing for registering the acquired device information in the device management information is executed. The device management apparatus according to any one of claims 2 to 7. The device management control means has a device detection means for executing a requested device detection process,
The device registration means
Determining whether the device detected by the device detection means is a registered device;
The device management apparatus according to claim 8, wherein the device registration process is executed for an unregistered device among the detected devices based on the determination result. Device management information that is connected to one or a plurality of devices via a predetermined data transmission path, and that associates device identification information that identifies the device with group identification information that identifies a group to which the device belongs; and A device management method in a device management apparatus for managing the device, comprising a storage device that holds authentication management information in which the group identification information and a plurality of authentication information assigned to a group are associated,
When remote device management processing is requested to the device,
Based on the device identification information at the time of request, access the storage device, refer to the device management information, and obtain group identification information associated with the device identification information at the time of request,
Based on the group identification information acquired by the group identification information acquisition procedure, the storage device is accessed, the authentication management information is referred to, and a plurality of authentication information associated with the acquired group identification information is subjected to device authentication. Authentication candidate acquisition procedure to acquire as an authentication candidate to try at times,
Based on a plurality of authentication information acquired as authentication candidates by the authentication candidate acquisition procedure, using a predetermined communication protocol, accessing the device, performing device authentication, using authentication information that has succeeded in device authentication, A device management method comprising: a device management control procedure for executing device management processing. A device management program in a device management apparatus that manages one or more devices connected by a predetermined data transmission path,
Computer
Device management information management means for managing device management information that is associated with device identification information that identifies the device and group identification information that identifies a group to which the device belongs, stored in a storage device included in the device; ,
Authentication management information management means for managing authentication management information stored in the storage device and associated with the group identification information and a plurality of authentication information assigned to the group;
Function as a device management control means for controlling the execution of the requested device management process,
When remote device management processing is requested to the device,
The device management information management means refers to the device management information based on the device identification information at the time of request, acquires group identification information associated with the device identification information at the time of request,
Based on the acquired group identification information, the authentication management information management means refers to the authentication management information, and acquires a plurality of authentication information associated with the acquired group identification information as authentication candidates to be tried during device authentication. And
Based on a plurality of authentication information acquired as authentication candidates by the device management control means, device authentication is performed using a predetermined communication protocol, and the device management processing is executed using the authentication information that has been successfully authenticated. Equipment management program that operates as follows.   A computer-readable recording medium storing the program according to claim 11.

Images