JP2014206818A - Use permission/inhibition control device, use permission/inhibition control method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent unintentional authentication and log-in by simple structure.SOLUTION: A user permission/inhibition control device comprises: detection means which detects a user device in a predetermined space area from a predetermined device; authentication processing means which acquires authentication information of the user from the detected user device, and performs authentication of the user on the basis of the acquired authentication information of the user; access management means which, when the authentication of the user is successful, transmits an inquiry to the user device to confirm whether the user wants to log in to the predetermined device; and log-in management means which permits the user of the device who has replied positively to the inquiry, to use the predetermined device.

Description

  The present invention relates to a use permission control device, a use permission control method, and a program.

  In an image forming apparatus, there is a technique for performing authentication and login to an apparatus using an ID card. For example, an MFP / LP (Multi Function Printer: Laser Printer) has a user authentication function using an ID card. If you hold the ID card over a connected card reader, you can authenticate and log in to the device. Do.

  Patent Document 1 discloses a patent using two types of authentication devices for the purpose of improving usability.

  However, in the image forming apparatuses up to now, there are many cases in which a close contact type in which an ID card is inserted into a card reader or a proximity type technology that cannot be read unless it is brought close to about 10 cm is used. In these techniques, it is not considered to acquire a user ID from a device in the vicinity (for example, 70 cm to 100 cm) from the image forming apparatus and authenticate the user ID.

  If the card reader provided in the image forming apparatus has a wide space area for detecting the ID card, authentication and login can be performed unintentionally just by being near the image forming apparatus (for example, 70 cm to 100 cm). It can happen when executed. As a result, there is a possibility that the image forming apparatus is illegally used by a person other than the owner of the ID card. Moreover, in patent document 1, two types of authentication apparatuses will be needed.

  In view of the above problems, an object of one aspect is to prevent unintended authentication and login with a simple configuration.

In order to solve the above problem, according to one embodiment,
Detecting means for detecting a user's device in a predetermined space area from a predetermined device;
Authentication processing means for acquiring user authentication information from the detected user device and performing user authentication based on the acquired user authentication information;
An access management means for transmitting an inquiry as to whether or not to log in to the user's device when the user is successfully authenticated;
Login management means for permitting use of the predetermined device to a user of a device who responds when logging in to the inquiry;
A use permission / refusal control device is provided.

  According to one embodiment, unintended authentication and login can be prevented with a simple configuration.

The figure for demonstrating the user authentication and login process which concern on one Embodiment. The block diagram of the use permission control apparatus which concerns on one Embodiment. FIG. 5 is a sequence diagram of user authentication and login processing according to the first embodiment. The flowchart of the login priority process which concerns on 1st Embodiment. FIG. 10 is a sequence diagram of user authentication and login processing according to the second embodiment. The flowchart of the login priority process which concerns on 2nd Embodiment. The hardware block diagram of the use permission control apparatus which concerns on one Embodiment.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of the invention will be described with reference to the accompanying drawings. In addition, in this specification and drawing, about the substantially same structure, the duplicate description is abbreviate | omitted by attaching | subjecting the same code | symbol.

[User authentication and login operations]
First, user authentication and login performed in a system according to an embodiment of the present invention will be briefly described with reference to FIG.

  The MFP 10 according to the present embodiment is provided with an NFC (Near Field Communication) reader 20 that is a card reader. The NFC reader 20 detects a user device existing in a predetermined space area A from the MFP 10. The user device is an NFC device or an ID card owned by the user. Here, the NFC device 3 will be described as an example of the user device. The space area A may be a space wider than the proximity distance of about 10 cm, for example, a distance of 70 cm to 100 cm from the MFP 10.

  The MFP 10 is provided with an authentication device 30 and an access management device 40. The authentication device 30 acquires user authentication information from the detected user's NFC device 3, and authenticates the user based on the acquired user authentication information. The access management device 40 manages access from the NFC device 3. The authentication device 30 and the access management device 40 may be built in the MFP 10 or may be externally attached to the MFP 10. If the user authentication is successful, the MFP 10 permits the user to use the MFP 10.

  If the space area A where the NFC reader 20 detects the NFC device 3 is set relatively wide in the vicinity of the MFP 10 (for example, 70 cm to 100 cm), authentication and login can be performed unintentionally just by being in the vicinity of the MFP 10. It can happen when executed. As a result, there is a possibility that the MFP 10 is illegally used by a person other than the user of the NFC device 3.

  When a plurality of users move into the space area A and approach to use the MFP 10, one of the users waits for the use of the MFP 10. For example, consider a case where the users A and B move into the space area A, approach to use the MFP 10, the user A is permitted to use the MFP 10, and the user B waits for the use of the MFP 10.

  When the third user C comes while the user B is waiting for the use of the MFP 10, the NFC reader 20 detects the device again when the user A who has used the MFP 10 logs out. As a result, there is a possibility that the user C logs in without being permitted the right to log in to the user B where the login of the user B should be permitted.

  Therefore, in the following, an embodiment of a use permission / denial control device capable of preventing unintended authentication and login and preventing interruption in login order will be described.

[Overall configuration of usage control device]
The configuration of the usage permission / inhibition control apparatus according to an embodiment of the present invention will be described with reference to FIG. FIG. 2 is an overall configuration diagram of a use permission / refusal control device according to an embodiment.

  The use permission / refusal control device 2 includes an MFP 10, an NFC reader 20, an authentication device 30, and an access management device 40. The MFP 10, the NFC reader 20, the authentication device 30, and the access management device 40 may be provided as an integrated device or may be provided as separate devices.

  The MFP 10 is a multifunction machine having two or more functions among a copy, a printer, a scanner, and a facsimile. The MFP 10 is an example of an image forming apparatus. The image forming apparatus is not limited to the MFP 10 and may be a copy, a printer, a scanner, a facsimile, a digital copying machine, or a digital multifunction machine. The image forming apparatus is an example of a predetermined apparatus whose use permission is controlled by the use permission control apparatus 2 according to the present embodiment. The predetermined apparatus is not limited to the image forming apparatus, and may be any apparatus that permits use after an authentication process such as login or logout.

  The MFP 10 includes an MFP function processing unit 11 and a login / logout management unit 12. The MFP function processing means 11 manages / executes each MFP function such as scanning, printing, and mail transmission. The login / logout management unit 12 receives information from the access management device 40 and places the MFP 10 in a login state with a specified user ID, or places the MFP 10 in a logout state according to internal information or an external request. .

  The NFC reader 20 periodically polls, and receives a UHF band or HF band radio wave transmitted from the NFC device 3 existing in the space area A as a response thereto. As a result, the NFC reader 20 detects the NFC device 3. The NFC reader 20 is an example of a detection unit that detects a user device owned by the user.

  Note that the user device is not limited to the NFC device 3, and is, for example, a non-contact IC tag (RFID tag) made of metal or the like embedded in or pasted on an ID card such as an employee ID card carried by the user. There may be.

  The authentication device 30 includes authentication processing means 31. The authentication processing unit 31 acquires user authentication information from the user's NFC device 3 detected by the NFC reader 20, and performs user authentication based on the acquired user authentication information.

  The access management device 40 has access management means 41. The access management means 41 transmits an inquiry as to whether to log in to the detected NFC device 3. The NFC device 3 has a login / logout request processing means 21. The login / logout request processing means 21 responds to the inquiry to request login or to request no login.

  The access management means 41 performs access management based on a response such as a login request to the inquiry. As an example of access management, for example, the access management means 41 transmits a login (use permission) request and a logout (use disapproval) request to the login / logout management means 12, respectively. The login / logout management unit 12 sets the MFP 10 to a login state or a logout state in response to a login or logout request from the access management unit 41. The login / logout management unit 12 is an example of a login management unit that permits the use of the MFP 10 when the user of the device that responds when logging in to the inquiry about whether to log in is a user who has been successfully authenticated. .

  Heretofore, the configuration of the use permission / refusal control device 2 according to an embodiment has been described. Next, user authentication and login processing using the use permission control apparatus 2 having such a configuration will be described in the order of the first embodiment and the second embodiment.

[User authentication and login processing sequence]
First, user authentication and login processing according to the first embodiment will be described with reference to FIG. FIG. 3 is a sequence diagram of user authentication and login processing according to the first embodiment.

  In the first embodiment, it is assumed that each of user A and user B has an NFC device 3a and an NFC device 3b and exists in a detectable space area A (see FIG. 1) in the vicinity of the MFP 10. .

  When receiving the polling from the NFC reader 20 (step S1), the NFC device 3a of the user A existing in the space area A returns a response to the polling (step S2). Similarly, upon receiving polling from the NFC reader 20 (step S3), the NFC device 3b of the user B existing in the space area A returns a response to the polling (step S4).

  Next, the authentication processing unit 31 acquires the authentication information of the user A from the detected NFC device 3a of the user A (step S5), and authenticates the user A based on the acquired authentication information of the user A (step S6). ).

  Similarly, the authentication processing means 31 acquires user B authentication information from the detected NFC device 3b of user B (step S7), and authenticates user B based on the acquired user B authentication information (step S7). S8).

  An example of user authentication information includes a unique ID for each user (a unique ID for each user such as a card ID, a user ID registered for each user, a password, and the like).

  Next, the access management means 41 confirms whether or not there is an intention to log in for each user who has successfully authenticated the user. At this time, the access management unit 41 inquires of the NFC devices 3a and 3b whether or not to log in (steps S9 and S10). The NFC devices 3a and 3b that have received the inquiry determine whether or not to log in (steps S11 and S13), and as a result, respond whether or not to log in (steps S12 and S14). For example, when user A responds that he / she does not log in (step S12) and user B responds that he / she logs in (step S14), the login / logout managing means 12 sets user B as a login user and logs in to user B. Is set in a state of permitting (step S15).

[Login priority processing sequence]
When receiving a response to log in from a plurality of NFC devices 3 in response to the inquiry, the login / logout management unit 12 treats the user of the NFC device 3 that responds when logging in first as a login user of the MFP 10.

  In response to the inquiry in steps S9 and S10, after receiving a response to log in from the user A (step S12) and then receiving a response to log in from the user B (step S14), the login / logout managing means 12 Is permitted to log in (step S15).

  The login priority process executed at that time will be described with reference to FIG. FIG. 4 is a flowchart of the login priority process according to the first embodiment. Here, a description will be given assuming that in steps S12 and S14 in FIG. 3, each of the users A and B expresses their will to log in. Assume that the login request response is in the order of user A and user B.

  First, when a response to log in from the NFC device 3a of the user A is received in step S12 of FIG. 3, the login / logout management unit 12 determines whether there is a user of the NFC device 3 that has already logged in to the MFP 10. (Step S300). At this time, there is no user of the NFC device 3 that has already logged into the MFP 10. Therefore, the login / logout management unit 12 determines “No” in step S300, and notifies the NFC device 3a of the user A of the successful login (step S301). Next, the login / logout management unit 12 sets a state in which login is permitted for the user A (step S302), and the process ends.

  After that, when a response to log in from the NFC device 3b of the user B is received in step S14 in FIG. 3, the login / logout management unit 12 determines whether there is a user of the NFC device 3 that has already logged in to the MFP 10. (Step S300). At this point, user A has already logged in to MFP 10. Accordingly, the login / logout management unit 12 determines “Yes” in step S300, notifies the NFC device 3b of the user B of the login failure (step S303), and ends this process.

  According to the above login priority processing flowchart, the login / logout management unit 12 permits the earliest user to use the MFP 10 when a plurality of user devices respond to login requests in response to login inquiries. can do.

  As described above, according to the usage permission / inhibition control device 2 according to the first embodiment, when the user (holder) of the NFC device 3 approaches the space area A in the vicinity of the MFP 10 (for example, 70 cm to 100 cm), the NFC device 3 Is automatically detected. The NFC device 3 transmits user identification information. The use permission / refusal control device 2 performs an authentication process based on the transmitted user identification information, and makes a login inquiry after successful authentication. In response to the inquiry, the use permission / refusal control device 2 receives a response indicating whether or not there is an intention to log in from the NFC device 3. In this way, by receiving a response indicating whether a login request is made from the NFC device 3 in response to a login inquiry, unintended use or unauthorized use of the MFP 10 due to unintended authentication or login can be prevented.

  Further, when login requests are made from a plurality of NFC devices 3 in response to the inquiry, the earliest user can be permitted to use the MFP 10. Thereby, it is possible to prevent a plurality of users from logging in at the same time and to interrupt the login order.

[User authentication and login processing sequence]
Next, user authentication and login processing according to the second embodiment will be described with reference to FIG. FIG. 5 is a sequence diagram of user authentication and login processing according to the second embodiment.

  Also in the second embodiment, it is assumed that each of the user A and the user B has the NFC device 3a and the NFC device 3b and exists in the space area A (see FIG. 1) near the MFP 10.

  The process for detecting the NFC device 3 shown in steps S20 to S23 in FIG. 5 is the same as the process in steps S1 to S4 in FIG.

  In this embodiment, an authentication process is performed after receiving the inquiry of the intention to log in to the detected NFC devices 3a and 3b and the response. That is, the access management unit 41 inquires of the detected NFC devices 3a and 3b whether or not to log in (steps S24 and S25). The NFC devices 3a and 3b that have received the inquiry determine whether or not to log in (steps S26 and S28), and as a result, respond whether or not to log in (steps S27 and S29). For example, when user A responds that he / she does not log in (step S27) and user B responds that he / she logs in (step S29), the authentication processing unit 31 authenticates user B's authentication information from the NFC device 3b of user B who responds when he / she logs in. Is acquired (step S30). The authentication processing unit 31 authenticates the user B based on the acquired user B authentication information (step S31).

  When the authentication is successful, the login / logout management unit 12 sets the user B as a login user and allows the user B to log in (step S32).

[Login priority processing sequence]
Here, for example, in steps S27 and S29, it is assumed that the NFC devices 3a and 3b of the users A and B respond when logging in. In that case, the use permission / refusal control device 2 performs the login priority processing shown in FIG. Here, since the NFC device 3a of the user A has responded first, the usage permission / refusal control device 2 executes the login priority process of FIG. 6 for the NFC device 3a of the user A. Then, after the end of execution for the NFC device 3a of the user A, the usage permission control device 2 executes the login priority process of FIG. 6 for the NFC device 3b of the user B.

  Specifically, when a response requesting a login request is received from the NFC device 3a of the user A in step S27 of FIG. 5, the login / logout management unit 12 determines that the user of the NFC device 3 that has already logged into the MFP 10 (Step S400). At this time, there is no user of the NFC device 3 that has already logged into the MFP 10. Therefore, the authentication processing unit 31 determines “No” in step S400, acquires the authentication information of user A from the NFC device 3a of user A, and executes the authentication process based on the authentication information of user A (step S401). ). As a result, when the authentication is successful (“Yes” in step S402), the login / logout management unit 12 performs setting for permitting login to the user A (step S403), and ends the present process.

  After the completion, the login priority process of FIG. 6 is executed for the NFC device of the user B who responds when logging in at step S29 of FIG. The login / logout management unit 12 determines whether there is a user of the NFC device 3 that has already logged into the MFP 10 (step S400). At this point, user A has already logged in to MFP 10. Therefore, the login / logout management unit 12 determines “Yes” in step S400, notifies the NFC device 3b of the user B of the login failure (step S404), and ends this process.

  According to the above login priority processing flowchart, the login / logout management means 12 responds to login inquiries when a plurality of users' devices log in, or when the previously responding user succeeds in authentication. The user can be permitted to use the MFP 10.

  As described above, according to the usage permission control apparatus 2 according to the second embodiment, when the user (holder) of the NFC device 3 approaches the space area A of 70 cm to 100 cm that is in the vicinity of the MFP 10, the NFC device 3 is automatically Is detected. In the second embodiment, a login inquiry is made to the detected NFC device 3 before authentication. In response to the inquiry, when a response indicating the intention to log in is returned from the NFC device 3, the use permission / refusal control device 2 performs an authentication process, and permits the user who has succeeded in authentication to use the MFP 10. Also according to the second embodiment, by making a login request from the NFC device 3 in response to a login inquiry, unintended use and unauthorized use of the MFP 10 due to unintended authentication and login can be prevented.

  Further, according to the second embodiment, when a login request is made from a plurality of NFC devices 3 in response to an inquiry, if the user who responds first succeeds in authentication, the user is requested to use the MFP 10. Can be allowed. Thereby, it is possible to log in a plurality of users at the same time and to prevent interruption in the login order.

(Hardware configuration example)
Finally, a hardware configuration example of the usage permission / refusal control device 2 according to an embodiment will be described with reference to FIG. FIG. 7 is a diagram illustrating a hardware configuration example of the use permission / refusal control device according to the embodiment.

  The use permission / refusal control device 2 includes an input device 101, a display device 102, an external I / F 103, a RAM (Random Access Memory) 104, a ROM (Read Only Memory) 105, a CPU (Central Processing Unit) 106, a communication I / F 107, and An HDD (Hard Disk Drive) 108 and the like are provided and are connected to each other via a bus B.

  The input device 101 includes a keyboard, a mouse, and the like, and is used to input each operation signal to the use permission / refusal control device 2. The display device 102 includes a display and displays various screens.

  The communication I / F 107 is an interface that connects the use permission / refusal control device 2 to a wireless network. As a result, the usage permission / refusal control device 2 can perform data communication with other devices (devices such as “NFC devices”) via the communication I / F 107.

  The HDD 108 is a non-volatile storage device that stores programs and data. The stored programs and data include an OS (Operating System) that is basic software for controlling the entire apparatus, and application software that provides various functions on the OS. The HDD 108 manages stored programs and data by a predetermined file system and / or DB (Data Base).

  The external I / F 103 is an interface with an external device. The external device includes a recording medium 103a. As a result, the usage permission / inhibition control device 2 can read and / or write to the recording medium 103 a via the external I / F 103. The recording medium 103a includes a floppy (trademark or registered trademark) disk, a CD (Compact Disk), a DVD (Digital Versatile Disk), an SD memory card, a USB memory (Universal Serial Bus memory), and the like. is there.

  The ROM 105 is a nonvolatile semiconductor memory (storage device) that can retain internal data even when the power is turned off. The ROM 105 stores programs and data such as BIOS (Basic Input / Output System), OS settings, and network settings that are executed when the use permission / refusal control device 2 is activated. The RAM 104 is a volatile semiconductor memory (storage device) that temporarily stores programs and data. The CPU 106 reads the program and data from the storage device (for example, “HDD”, “ROM”, etc.) onto the RAM and executes the processing, thereby realizing the overall control and mounting function of the use permission control device 2. Arithmetic unit.

  As described above, the use permission / refusal control device 2 according to the present embodiment can provide various processing services by the above hardware configuration. For example, the usage permission control device 2 controls the entire usage permission control device 2 by causing the CPU 106 to execute various control programs stored in the ROM 105.

  The authentication processing unit 31, the access management unit 41, and the login / logout management unit 12 of the use permission / denial control device 2 of the above-described embodiment are realized by a process executed by the CPU 106 by a program installed in the HDD 108. Further, the user identification information acquired from the NFC device 3 can be stored in the RAM 104 and the HDD 108.

  The use permission control device and the use permission control method have been described above by way of the embodiments. However, the present invention is not limited to the above embodiments, and various modifications and improvements can be made within the scope of the present invention. In addition, when there are a plurality of the above-described embodiments and modifications, they can be combined within a consistent range. It should be noted that the system configurations of the above-described embodiments and modifications are examples, and it goes without saying that there are various system configuration examples depending on the application and purpose.

  2: use permission control device, 3, 3a, 3b: NFC device, 10: MFP, 11: MFP function processing means, 12: login / logout management means, 20: NFC reader, 30: authentication device, 31: authentication processing means 40: Access management device, 41: Access management means

JP 2009-015422 A

Claims (7)

Detecting means for detecting a user's device in a predetermined space area from a predetermined device;
Authentication processing means for acquiring user authentication information from the detected user device and performing user authentication based on the acquired user authentication information;
An access management means for transmitting an inquiry as to whether or not to log in to the user's device when the user is successfully authenticated;
Login management means for permitting use of the predetermined device to a user of a device who responds when logging in to the inquiry;
A use permission / refusal control device comprising: The login management means permits the earliest user to use the predetermined device when a response is made when a plurality of devices of the user log in to the inquiry.
The use permission / rejection control device according to claim 1. Detecting means for detecting a user's device in a predetermined space area from a predetermined device;
Access management means for sending an inquiry as to whether to log in to the detected user device;
Authentication processing means for acquiring user authentication information from a user device that responds when logging in to the inquiry, and performing user authentication based on the acquired user authentication information;
Login management means for allowing a user who has succeeded in authentication to use the predetermined device;
A use permission / refusal control device comprising: The authentication processing means acquires user authentication information from the earliest user device when a plurality of user devices respond to the inquiry, and authenticates the user based on the acquired user authentication information. I do,
The use permission / inhibition control device according to claim 3. The predetermined apparatus is an image forming apparatus that permits use of any of user devices located in a spatial region in the vicinity of the predetermined apparatus.
The use permission / inhibition control device according to any one of claims 1 to 4. Detecting the user's device within a predetermined space area from a predetermined device,
Obtaining user authentication information from the detected user device, authenticating the user based on the acquired user authentication information,
If the user is successfully authenticated, send an inquiry to log in to the user's device,
Allow the user of the device that responds when logging in to the inquiry to use the predetermined device.
A usage permission control method in which processing is executed by a computer. Detecting the user's device within a predetermined space area from a predetermined device,
Obtaining user authentication information from the detected user device, authenticating the user based on the acquired user authentication information,
If the user is successfully authenticated, send an inquiry to log in to the user's device,
Allow the user of the device that responds when logging in to the inquiry to use the predetermined device.
A program that causes a computer to execute processing.

Images