JP2017041871A - Device, authentication system, authentication processing method, authentication processing program and storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To eliminate inconvenience that the life of a device becomes short due to energization in user authentication.SOLUTION: A device comprises a first unit providing a prescribed function and a second unit connected to the first unit. An acquisition section of the second unit acquires authentication information from an authentication medium, and an authentication section performs user authentication processing which allows use of the function of the first unit by using the acquired authentication information. A first power managing section keeps the acquisition section in a driving state while shifting the second unit to an energy saving mode when the first unit shifts to the energy saving mode for reducing power consumption by stopping power supply to a prescribed hardware resource, and restores the second unit from the energy saving mode so that the authentication section performs the user authentication processing. Thus, the first unit alone can perform the user authentication processing in user authentication, to eliminate inconvenience that the life of the device becomes short due to wasteful energization of the second unit.SELECTED DRAWING: Figure 8

Description

  The present invention relates to a device, an authentication system, an authentication processing method, an authentication processing program, and a storage medium.

  Today, for example, a multifunction peripheral (MFP) or a laser printer device having various functions such as a copy function, a scanner function, a facsimile function, and a printer function, or a device having various functions as described above (for example, a scanner device, a facsimile) An image forming apparatus such as an apparatus is known. A card reader device can be connected to the main body of the image forming apparatus. In an energy saving mode for reducing power consumption, if an IC (Integrated Circuit) card is brought close to a card reader device connected to the device body, non-contact wireless communication is performed, and the device body returns from the energy saving mode. Based on the data read from the IC card, user authentication processing is performed in the device main body, and the function of the image forming apparatus can be used when the user is authenticated.

  However, the conventional image forming apparatus shifts to an engine off mode that further reduces power consumption when the non-operation state continues for a predetermined time or more after shifting to the energy saving mode. During the engine off mode, the power supply from the device main body to the card reader device is also stopped. For this reason, even if the IC card is brought close to the card reader device, non-contact wireless communication is not performed, the device main body cannot be restored from the engine off mode, and user authentication is difficult.

  In this case, the power button is operated to restore the energized state of the device body, and the user authentication is performed by bringing the IC card close to the card reader device. The conventional image forming apparatus is provided with a setting for prohibiting the shift to the engine off mode. However, when the setting to prohibit the transition to the engine off mode is made, the energization time for resources such as the HDD of the device main body, the engine of the plotter or the scanner becomes long, and the life of the resources may be shortened.

  User authentication is performed using a local address book of the device main body or an authentication server device connected to the device main body via a network. For this reason, when performing user authentication from the energy saving mode, the device body is activated and the local address book stored in the hard disk drive (HDD) is referred to, or communication with an authentication server device on the network is performed to perform user authentication. Had gone. For this reason, every time user authentication is performed, the device main body is activated, and there is a possibility that the life of the resource may be shortened.

  Further, even in the energy saving mode or the engine off mode, if the controller and the operation unit forming the network communication function can be activated, user authentication can be performed via a network such as a cloud computing system.

  However, for example, when performing user authentication in such a cloud computing system, the conventional image forming apparatus starts not only the controller and the operation unit, but also the entire device body and is in the energy saving mode or the engine off mode. Returned from, and performed user authentication. For this reason, there is a possibility that the life of the resource may be shortened.

  The present invention has been made in view of the above-described problems, and provides a device, an authentication system, an authentication processing method, an authentication processing program, and a storage medium that prevent inconvenience that the life of the device is shortened by energization during user authentication. With the goal.

  In order to solve the above-described problems and achieve the object, the present invention includes a first unit that provides a predetermined function, and a second unit connected to the first unit, and the second unit. The authentication unit that acquires the authentication information from the authentication medium, the authentication unit that performs the user authentication process that enables the function of the first unit using the acquired authentication information, and the first unit When shifting to the energy saving mode that reduces power consumption by stopping the power supply to the hardware resource, the second unit is shifted to the energy saving mode while the acquisition unit is in the driving state, and during the user authentication process, A first power management unit configured to return the second unit from the energy saving mode so that the authentication unit performs user authentication processing.

  According to the present invention, it is possible to prevent an inconvenience that the life of a device is shortened by energization during user authentication.

FIG. 1 is a hardware configuration diagram of the MFP according to the first embodiment. FIG. 2 is a software configuration diagram of the MFP according to the first embodiment. FIG. 3 is a functional block diagram of the main body and operation unit of the MFP according to the first embodiment. FIG. 4 is a diagram for explaining a card ID stored in an IC card used in the MFP according to the first embodiment. FIG. 5 is a flowchart illustrating a flow of user authentication processing of the MFP according to the first embodiment. FIG. 6 is a diagram for explaining each operation mode of the MFP according to the first embodiment. FIG. 7 is a flowchart illustrating an operation of shifting to the energy saving mode in the MFP according to the first embodiment. FIG. 8 is a flowchart illustrating a return operation from the energy saving mode in the MFP according to the first embodiment. FIG. 9 is a hardware configuration diagram of the authentication system according to the second embodiment. FIG. 10 is a functional block diagram of the authentication system according to the second embodiment. FIG. 11 is a system configuration diagram of an authentication system according to the third embodiment.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, an MFP or an authentication system according to an embodiment to which the invention is applied will be described in detail with reference to the accompanying drawings.

(First embodiment)
First, FIG. 1 is a hardware configuration diagram of a MFP (Multifunction Peripheral) 1 according to the first embodiment. The MFP 1 is an example of a device and an authentication system. As shown in FIG. 1, the MFP 1 includes a main body 10 having various functions such as a copy function, a scanner function, a facsimile function, and a printer function, and an operation unit 20 that receives an input corresponding to a user operation. The main body 10 is an example of a first unit, and the operation unit 20 is an example of a second unit.

  The main body 10 and the operation unit 20 are connected via a dedicated communication path 30 so that they can communicate with each other. The communication path 30 may be, for example, a USB (Universal Serial Bus) standard, but may be of any standard regardless of wired or wireless. The main body 10 may have one function or a plurality of functions among image generation functions such as a copy function, a scanner function, a facsimile function, and a printer function.

  As the operation unit 20, an electronic device capable of executing complete information processing independently can be used. As an example, an information processing terminal such as a smartphone or a tablet terminal can be used as the operation unit 20. In this case, the information processing terminal used as the operation unit 20 functions as the operation unit of the MFP 1.

  More specifically, the information processing terminal used as the operation unit 20 is detachably connected to the MFP 1 instead of an operation panel that has been conventionally fixed and installed as an operation unit dedicated to the MFP 1. That is, the information processing terminal used as the operation unit 20 is installed integrally with the MFP 1 while being detachable (separable) at a predetermined position such as a position where the operation panel of the MFP 1 is disposed. Accordingly, the information processing terminal and the MFP 1 used as the operation unit 20 may be grasped as a single device. When the information processing terminal that is the operation unit 20 is removed from the MFP 1, the information processing terminal performs wireless communication such as Bluetooth (registered trademark) or infrared communication with the MFP 1 and functions as an operation unit of the MFP 1.

  The main body 10 performs an operation according to the input received by the operation unit 20. The main body 10 can also communicate with an external device such as a client PC (personal computer), and performs an operation according to an instruction received from the external device.

(Hardware configuration of the main unit)
Next, the hardware configuration of the main body 10 will be described. As shown in FIG. 1, the main body 10 includes a CPU 11, a ROM 12, a RAM 13, and an HDD (hard disk drive) 14. The main body 10 includes a communication I / F (interface) 15, a connection I / F 16, an engine 17, and a facsimile modem (FAX modem) 19. The components included in the main body 10 are connected to each other via a system bus 18.

  The CPU 11 comprehensively controls the operation of the main body 10. The CPU 11 controls the overall operation of the main body 10 by executing a program stored in the ROM 12 or the HDD 14 or the like using the RAM 13 as a work area (work area), and the above-described copy function, scanner function, facsimile function, printer function, etc. Implement various functions.

  The communication I / F 15 is an interface for communicating with an external device such as a client PC (personal computer), a Web server device, or an authentication server device on the network 40. The connection I / F 16 is an interface for communicating with the operation unit 20 via the communication path 30. 1 and 2, the communication path 30 is illustrated in a wired manner, but the operation unit 20 can be attached to and detached from the main body 10 of the MFP 1 as described above. Therefore, when the operation unit 20 is attached to the MFP 1, the communication path 30 functions as a wired communication path, and when the operation unit 20 is detached from the MFP 1, the communication path 30 functions as a wireless communication path.

  The engine 17 is hardware that performs general-purpose information processing and processing other than communication for realizing a copy function, a scanner function, a facsimile function, a printer function, and the like. The engine 17 includes, for example, a scanner that scans and reads an image of a document, a plotter that performs printing on a sheet material such as paper, and a facsimile communication unit that performs facsimile communication. Furthermore, a specific option such as a finisher for sorting printed sheet materials and an automatic document feeder (ADF) for automatically feeding a document can be provided.

  For example, the HDD 14 is provided with storage areas for an address book, login success history information, and operation mode information, respectively. In the address book storage area, a master generated by associating user identification information (user ID) of a user who is permitted to use the MFP 1, a card ID and a password of an IC card lent (issued) to the user, etc. Information is stored for each user.

  In addition, the login success history storage area is associated with the date and time when the operation of the MFP 1 is permitted by the login operation, the card ID of the IC card used for the login operation, the user ID of the user corresponding to the card ID, and the like. Remembered. The master information or the like may be stored in a storage medium such as an SD card (registered trademark) or a USB memory (USB: Universal Serial Bus).

  The operation mode information storage area also includes an operation mode information indicating an operation mode in which the main body 10 and the operation unit 20 are shifted when shifting to the energy saving mode, such as “login performance priority mode” or “main body energy saving priority mode” described later. Is remembered.

  In addition, although the description is being made by taking user authentication using an IC card as an example, it includes various information terminals such as a smartphone or a mobile phone having a function used for user authentication (or an application installed). It is possible to realize the same function as when using an IC card as an authentication device. In the first embodiment, the description will be given on the assumption that an “IC card” is used for user authentication. However, any storage medium that can store user information can be used. For this reason, it is not limited only to an IC card or an ID card.

(Hardware configuration of operation unit)
Next, the hardware configuration of the operation unit 20 will be described. As shown in FIG. 1, the operation unit 20 includes a CPU 21, a ROM 22, a RAM 23, a flash memory 24, a communication I / F 25, a connection I / F 26, an operation panel 27, and an IC card I / F 29. These are connected to each other via a system bus 28.

  The CPU 21 comprehensively controls the operation of the operation unit 20. The CPU 21 controls the operation of the entire operation unit 20 by executing a program stored in the ROM 22 or the like using the RAM 23 as a work area (work area). As will be described later, the CPU 21 executes a user authentication program stored in the ROM 22 or the like, thereby realizing a user authentication operation described later. The communication I / F 25 is an interface for communicating with an authentication server device on the network 40, for example. The connection I / F 26 is an interface for communicating with the main body 10 via the communication path 30.

  The IC card I / F 29 is connected to a card reader 6 that is an example of an acquisition unit via, for example, a USB cable. The card reader 6 performs non-contact wireless communication with the IC card 5 deceived by the user at the time of a login operation to the MFP 1, and authentication information such as a card ID and user information stored in the IC card 5 is stored. Read. Any card reader 6 may be used as long as it can read user information from a storage medium such as an IC card or an ID card.

  In the example of the first embodiment, the card reader 6 and the operation unit 20 are described as being physically connected to each other via a USB cable or the like. However, the card reader 6 may be built in the operation unit 20. That is, the operation unit 20 and the card reader 6 may be integrally formed (may be formed as a single device).

  In the RAM 23 (or other storage unit such as the flash memory 24), for example, an address book storage area, a login success history storage area, a priority user list storage area, and an operation mode storage area are provided. . In the address book storage area of the RAM 23, address book master information acquired from, for example, the HDD 14 of the main body 10 is stored. The master information acquired from the main body 10 may be stored in a storage medium such as an SD card (registered trademark) or a USB memory. The login success history acquired from, for example, the HDD 14 of the main body 10 is stored in the login success history storage area of the RAM 23.

  For example, in the storage area of the priority user list of the login success history of the RAM 23, the login success history information including the user ID, the card ID, and the login date / time among the login success history acquired from the HDD 14 is a predetermined number in the order of the login date / time. It is memorized for minutes. The priority user list is a list indicating users to be authenticated.

  The priority user is a user corresponding to the login success history acquired from, for example, the HDD 14 of the main body 10. That is, as described later, the MFP 1 according to the first embodiment acquires login success histories for a predetermined number of people that are new in time among the login success histories stored in the main body 10. Each user corresponding to the log-in success history for the predetermined number of users can complete the user authentication just by looking at the IC card 5, and the functions of the MFP 1 can be used. As described above, since the user corresponding to the login success history acquired from the main body 10 can use the functions of the MFP 1 preferentially, the MFP 1 according to the first embodiment is referred to as a “priority user”. To do.

  The operation mode storage area stores operation mode information indicating an operation mode for returning the main body 10 and the operation unit 20 when returning from the energy saving mode, such as an “engine life priority mode” described later. .

  When the card ID read from the IC card 5 at the time of the login operation is registered in the priority user list, the CPU 21 of the operation unit 20 performs user authentication as a regular user and functions of the MFP 1 according to the user authority. Allow the use of. Thereby, the user authentication can be completed within a few milliseconds after the IC card 5 is tapped by the login operation, and the MFP 1 can be used.

  The operation panel 27 includes a liquid crystal display device (LCD) provided with a touch sensor. The operation panel 27 receives various types of input in accordance with user operations, and displays various types of information such as information in accordance with the received input, information indicating the operation status of the MFP 1, information indicating a setting state, and the like. The operation panel 27 may be composed of an organic EL display device provided with a touch sensor. Further, in addition to or instead of this, an operation unit such as a hardware key or a display unit such as a light emitting unit may be provided.

(Software configuration of MFP)
FIG. 2 shows an example of the software configuration of the MFP 1. As illustrated in FIG. 2, the main body 10 includes an application layer 101, a service layer 102, and an OS layer 103. The entities of the application layer 101, the service layer 102, and the OS layer 103 are various software stored in the ROM 12, the HDD 14, or the like. Various functions are provided by the CPU 11 executing these software.

  The software of the application layer 101 is application software for operating a hardware resource to provide a predetermined function (in the following description, it may be simply referred to as “application”). For example, examples of the application include a copy application for providing a copy function, a scanner application for providing a scanner function, a facsimile application for providing a facsimile function, a printer application for providing a printer function, and the like.

  The software of the service layer 102 is software that is interposed between the application layer 101 and the OS layer 103 and provides an interface for using hardware resources included in the main body 10 for the application. Specifically, it is software for providing a function of accepting an operation request for a hardware resource and arbitrating the operation request. The operation requests received by the service layer 102 include requests such as reading by a scanner and printing by a plotter.

  Note that the interface function by the service layer 102 is provided not only to the application layer 101 of the main body 10 but also to the application layer 201 of the operation unit 20. That is, the application layer 201 (application) of the operation unit 20 can also realize a function using hardware resources (for example, the engine 17) of the main body 10 via the interface function of the service layer 102.

  The software of the OS layer 103 is basic software (operating system) for providing a basic function for controlling hardware included in the main body 10. The software of the service layer 102 converts a hardware resource use request from various applications into a command interpretable by the OS layer 103 and passes the command to the OS layer 103. Then, when the command is executed by the software of the OS layer 103, the hardware resource performs an operation according to the request of the application.

  Similarly, the operation unit 20 includes an application layer 201, a service layer 202, and an OS layer 203. The application layer 201, the service layer 202, and the OS layer 203 included in the operation unit 20 have the same hierarchical structure as that of the main body 10 side. However, the functions provided by the applications in the application layer 201 and the types of operation requests that can be accepted by the service layer 202 are different from those on the main body 10 side. The application of the application layer 201 is software for operating a hardware resource included in the operation unit 20 and providing a predetermined function. Mainly, software for providing a UI (user interface) function for performing operations and display related to functions (copy function, scanner function, facsimile function, printer function) provided in the main body 10.

  In the example of the first embodiment, the software of the OS layer 103 on the main body 10 side and the software of the OS layer 203 on the operation unit 20 side are different from each other in order to maintain the independence of functions. That is, the main body 10 and the operation unit 20 operate independently of each other with different operating systems. For example, it is possible to use Linux (registered trademark) as the software of the OS layer 103 on the main body 10 side and Android (registered trademark) as the software of the OS layer 203 on the operation unit 20 side.

  By operating the main body 10 and the operation unit 20 with different operating systems, communication between the main body 10 and the operation unit 20 is performed as communication between different devices, not communication between processes in a common device. . The operation (command communication) for transmitting the input (instruction content from the user) received by the operation unit 20 to the main body 10 and the operation for the main body 10 notifying the operation unit 20 of an event correspond to this. Here, the function of the main body 10 can be used when the operation unit 20 performs command communication with the main body 10. Further, the event notified from the main body 10 to the operation unit 20 includes the execution status of the operation in the main body 10 and the contents set on the main body 10 side.

  In the example of the first embodiment, the power supply to the operation unit 20 is performed from the main body 10 via the communication path 30, so that the power control of the operation unit 20 is the power control of the main body 10. Can be done separately (independently).

  In the example of the first embodiment, the main body 10 and the operation unit 20 are electrically and physically connected via the communication path 30, but the operation unit 20 is detached from the main body 10 as described above. You can also In this case, the main body 10 and the operation unit 20 are provided with a short-range wireless communication unit such as an infrared communication unit, an RF communication unit, or a Bluetooth (registered trademark) communication unit. RF is an abbreviation for “Radio Frequency”. Alternatively, the main body 10 and the operation unit 20 are provided with a wireless LAN communication function such as Wi-Fi (registered trademark), and communicate with each other via the wireless LAN access point (wireless LANAP) 41 and the network 40 as shown in FIG. It may be possible. LAN is an abbreviation for “Local Area Network”. When the operation unit 20 can be removed from the main body 10, the operation unit 20 stores the power supplied from the main body 10 via the communication path 30 in the secondary battery, and when the operation unit 20 is removed from the main body 10, It operates with the power stored in the secondary battery and communicates with the main body 10.

(Function of the operation unit)
Next, FIG. 3 shows a functional block diagram of the main body 10 and the operation unit 20 of the MFP 1. In FIG. 3, the operation unit 20 includes a first authentication unit 53, a priority user management unit 54, an IC card control unit 55, and a first power management unit 56. These units operate when the CPU 21 in FIG. 1 executes one or more programs installed in the operation unit 20. The operation unit 20 also stores a user authentication program 51 that enables energization control of each unit during user authentication processing and user authentication. The operation unit 20 further stores an address book 60b transferred from the main body 10, a login success history 61b, a priority user list 52 in which priority user information generated from the login success history 61b is listed, and operation mode information 65a. These pieces of information are stored in the ROM 22, RAM 23, etc. of FIG. 1 (the flash memory 24 or another storage device such as an HDD not shown in FIG. 1 may be used). These pieces of information may be stored in, for example, an auxiliary storage device of the operation unit 20 or a storage device that can be connected to the operation unit 20 via a network.

  The first authentication unit 53 is an example of an authentication unit, and collates the card ID read from the user's IC card at the time of login with the address book 60 b stored in the operation unit 20. When the card ID is stored in the address book 60b, the first authentication unit 53 performs user authentication processing. In addition, when the card ID is not stored in the address book 60b, the first authentication unit 53 recognizes the IC card as an unregistered IC card used by the user who has been authenticated, and performs a new IC card registration process. Do.

  The priority user management unit 54 controls acquisition and update of the address book 60a and the login success history 61a from the main body 10. Further, the priority user management unit 54 controls generation and update of the priority user list 52. The IC card control unit 55 controls non-contact wireless communication with the IC card performed via the IC card I / F 29.

  It should be noted that the user can be manually registered in the priority user list 52 for user authentication. When manually registering a user authentication target user, the priority user management unit 54 stores the card ID, user ID, and password of the authentication target user input by manual operation in the address book 60 a of the main body 10. Further, the priority user management unit 54 registers the card ID, the user ID, and the input date / time of the authentication target user input by manual operation in the priority user list 52 as login success date / time information.

  The first power management unit 56 is an example of a first power management unit, reads operation mode information 65a indicating an operation mode preset by a user or the like, and controls power supply to the operation unit 20 when shifting to the energy saving mode. And power supply control to the operation unit 20 at the time of returning to the energy saving mode is performed.

  In the example of the first embodiment, the first authentication unit 53, the priority user management unit 54, the IC card control unit 55, and the first power management unit 56 are configured as software by the user authentication program 51. The explanation will be made on the assumption that it will be realized. However, some or all of the first authentication unit 53, the priority user management unit 54, the IC card control unit 55, and the first power management unit 56 are hardware such as an IC (Integrated Circuit). It may be realized by wear. In other words, the present invention can be implemented by an ASIC (Application Specific Integrated Circuit) or an apparatus configured by connecting a conventional circuit module, as long as the engineer has ordinary knowledge in the information processing technology field. is there. Each of the functions described in the first embodiment can be realized by one or a plurality of processing circuits (Circuit). Here, the “processing circuit” in this specification refers to a processor programmed to execute each function by software, or hardware such as an ASIC or circuit module designed to execute each function. Shall be included.

  The user authentication program 51 may be provided as a file in an installable format or an executable format recorded in a computer-readable recording medium such as a CD-ROM or a flexible disk (FD). Further, the program may be provided by being recorded on a computer-readable recording medium such as a CD-R, a DVD, a Blu-ray disc (registered trademark), or a semiconductor memory. DVD is an abbreviation for “Digital Versatile Disk”. Further, the user authentication program 51 may be provided by being installed via a network such as the Internet. Further, the user authentication program 51 may be provided by being incorporated in advance in a ROM or the like in the device.

(Function of the main unit)
Next, in FIG. 3, the main body 10 stores various application programs such as a copy application 58a, a FAX application 58b, a scanner application 58c, and a printer application 58d. The copy application 58a is an application program for controlling the scanner engine and plotter engine of the engine 17 shown in FIG. 1 to realize a copy function. The FAX application 58b is an application program for realizing the facsimile function by controlling the FAX modem 19 shown in FIG.

  The scanner application 58c is an application program for controlling the scanner engine of the engine 17 to realize a scanner function. The printer application 58d is an application program for printing a desired image and characters on paper.

  The CPU 11 of the main body 10 functions as a second authentication unit 62, a user management unit 63, and a second power management unit 64 according to a user authentication program (not shown) on the main body 10 side. The user management unit 63 controls writing and reading of master information with respect to the address book 60 a of the HDD 14. Further, the user management unit 63 controls writing and reading of login success history information with respect to the login success history 61a. Further, the user management unit 63 controls the transfer of the address book 60a and the login success history 61a to the operation unit 20. The second authentication unit 62 performs user authentication processing for users who cannot perform user authentication on the operation unit 20 side based on the master information stored in the address book 60a.

  The second power management unit 64 reads operation mode information 65b indicating an operation mode preset by a user or the like from the HDD 14, controls power supply to the main body 10 when shifting to the energy saving mode, and main body 10 when returning to the energy saving mode. Power supply control for

  In the example of the first embodiment, the second authentication unit 62, the user management unit 63, and the second power management unit 64 are realized in software by a user authentication program on the main body 10 side. The explanation will proceed as if However, one or both of the second authentication unit 62, the user management unit 63, and the second power management unit 64 is realized by hardware such as an IC (Integrated Circuit) as described above. May be.

  Further, the user authentication program on the main body 10 side can be provided by being recorded in a computer-readable recording medium such as a CD-ROM or a flexible disk (FD) in an installable or executable format file. Good. Further, the program may be provided by being recorded on a computer-readable recording medium such as a CD-R, a DVD, a Blu-ray disc (registered trademark), or a semiconductor memory. DVD is an abbreviation for “Digital Versatile Disk”. The user authentication program on the main body 10 side may be provided by being installed via a network such as the Internet. The user authentication program on the main body 10 side may be provided by being incorporated in advance in a ROM or the like in the device.

(User authentication operation)
Next, user authentication processing in the MFP 1 according to the first embodiment will be described with reference to the flowchart of FIG. First, as a premise for performing the user authentication process shown in the flowchart of FIG. 5, the priority user management unit 54 of the operation unit 20 is, for example, when the MFP 1 is activated (when the main power is turned on), immediately before shifting to the power saving mode, For each time, the address book 60a and the login success history 61a stored in, for example, the HDD 14 of the main body 10 are acquired and stored and controlled in the RAM 23 of the operation unit 20, for example. The address book 60b is a copy of the address book 60a stored on the main body 10 side. Similarly, the login success history 61b is a copy of the login success history 61a stored on the main body 10 side. Further, the priority user management unit 54 obtains login success history information of each user for a predetermined number of users from the user with the latest login date and time from the login success history 61b, and as the authentication target user information, for example, the priority user of the RAM 23 Store in list 52. Thereby, the user authentication process of the flowchart of FIG. 5 can be executed.

  Next, the IC card 5 stores unique identification information (card ID) as shown in FIG. The example of FIG. 4 is an example in which the card ID “01010310DA09D027” is stored. The IC card control unit 55 controls the card reader 6 to read the card ID attached to the IC card 5 when non-contact wireless communication is possible with the IC card 5.

  In the example of the first embodiment, the card ID is read from the IC card 5, but for example, the IC card 5 stores other authentication information such as a user ID in addition to the card ID. . Therefore, the IC card control unit 55 may read other authentication information such as a user ID together with the card ID and use it for user authentication described below.

  Next, the flow of overall user authentication processing will be described using the flowchart of FIG. In step S <b> 1 of the flowchart of FIG. 5, the operation unit 20 displays a message for prompting a login operation for the MFP 1 on the operation panel 27 such as “Please log in”. A user who desires to use the function of the MFP 1 brings his IC card 5 close to the card reader 6 up to a distance where non-contact wireless communication is possible. Thereby, non-contact wireless communication is started between the IC card 5 and the card reader 6.

  In step S <b> 2, the IC card control unit 55 monitors whether or not non-contact wireless communication is started between the IC card 5 and the card reader 6. When the IC card control unit 55 detects that the contactless wireless communication is started between the IC card 5 and the card reader 6, the IC card control unit 55 determines that the IC card 5 is detected by the card reader 6 (step S2: Yes). Then, the process proceeds to step S3. The IC card control unit 55 displays a message prompting the login operation in step S1 until it detects the start of non-contact wireless communication between the IC card 5 and the card reader 6 (step S2: No). To continue.

  Next, when non-contact wireless communication is possible with the IC card 5, the IC card control unit 55 controls the card reader 6 so as to read the card ID described with reference to FIG. As described above, other authentication information such as a user ID may be read together with the card ID.

  Next, in step S <b> 3, the first authentication unit 53 collates the read card ID with each master information in the address book 60 b copied to the RAM 23 of the operation unit 20. Then, the first authentication unit 53 determines whether or not the read card ID is registered in the address book 60b.

  The fact that the card ID read from the IC card 5 is registered in the address book 60b means that the IC card 5 currently used by the user is already registered in the address book 60a and the address book 60b. It means that. In this case, the first authentication unit 53 determines that the IC card 5 is not an unregistered card (registered) (step S3: No), and advances the process to step S13.

  On the other hand, the fact that the card ID read from the IC card 5 is not registered in the address book 60b means that the IC card 5 currently used by the user is registered in the address book 60a and the address book 60b. This means that the IC card is not a new IC card. In this case, the first authentication unit 53 determines that the IC card 5 is an unregistered card (not registered) (step S3: Yes), and advances the process to step S4.

  The processing from step S13 to step S17 in the flowchart of FIG. 5 shows the flow of user authentication processing. Also, the processing from step S4 to step S12 shows the flow of registration processing for a new IC card 5. If the card ID read from the IC card 5 is registered in the address book 60b, the user authentication process from step S13 to step S17 is executed. On the other hand, if the card ID read from the IC card 5 is not registered in the address book 60b, a new IC card 5 registration process from step S4 to step S12 is executed.

(New IC card registration process)
If the card ID read from the IC card 5 is not registered in the address book 60b and the process proceeds to a new IC card 5 registration process, the first authentication unit 53, for example, in the operation panel 27 in step S4. The user ID and password input screen is displayed. Then, the first authentication unit 53 prompts the user who uses the IC card 5 whose card ID is not registered to input the user ID and password. The user operates the operation panel 27 to input the user ID and password used when registering another IC card 5 on the input screen.

  That is, the MFP 1 according to the first embodiment is an MFP 1 that is permitted to be used only by authorized users. For this reason, if it is a regular user, the master information including the card ID, user ID, and password registered in the past should be registered in the address book 60b (and the address book 60a). When a new IC card 5 is used by a legitimate user, the card ID read from the IC card 5 is a card ID that is not registered in the address book 60b. For this reason, when the card ID read from the IC card 5 is not registered in the address book 60b, the first authentication unit 53 inputs the user ID and password to the user in step S4. Ask.

  Next, the first authentication unit 53 collates the user ID and password input by the user with the master information of each user in the address book 60b. The fact that the user ID and password input by the user are registered in the address book 60b means that the user is a regular user who has performed user registration with a different IC card 5 in the past. In this case, in step S5, the first authentication unit 53 determines that the authentication is successful (step S5: Yes), and proceeds to step S6.

  On the other hand, if the user ID and password entered by the user are not registered in the address book 60b, the user is likely to be an unauthorized user, but the user ID or (and) password is entered. It is also possible to make a mistake. In this case, the first authentication unit 53 determines that the authentication has failed (step S5: No), proceeds to step S12, and requests the user to re-enter the user ID and password. The user re-enters the user ID and password.

  Further, the first authentication unit 53 compares the address book 60b with each time the user re-enters the user ID and password, and determines whether the authentication has succeeded or failed. Further, the first authentication unit 53 counts input mistakes of the user ID or password. Then, when the first authentication unit 53 counts a predetermined number of input mistakes, for example, three times (when the upper limit of failure is reached: Step S12: Yes), the first authentication unit 53 advances the processing to Step S11. In step S <b> 11, the first authentication unit 53 registers the card ID in the RAM 23 as the card ID of the unauthorized IC card 5 and transfers it to the user management unit 63 of the main body 10. The user management unit 63 of the main body 10 registers the transferred card ID as, for example, the HDD 14 of the main body 10 as the card ID of the unauthorized IC card 5.

  On the other hand, the fact that the user ID and password entered by the user are registered in the address book 60b means that the user who entered the user ID and password is a legitimate user and the IC currently being used. This means that the card 5 is a new IC card (unregistered IC card) 5. In this case, the process proceeds to step S6, and the priority user management unit 54 registers new master information in which the card ID of the new IC card 5 is associated with the user ID and password input by the user in the address book 60b. Then, the process proceeds to step S7. In addition, the priority user management unit 54 transfers the new master information to the user management unit 63 of the main body 10. The user management unit 63 of the main body 10 registers new master information in the address book 60a.

  In step S7, the user management unit 63 generates login success history information in which the card ID of the new IC card 5, the user ID input by the user, and the login success date / time information indicating the current date / time are associated with each other. Is registered in the login success history 61b as the login success history information of the date. In addition, the user management unit 63 transfers the login success history information of the latest date to the user management unit 63 of the main body 10. The user management unit 63 registers the transferred login success history information of the latest date in the login success history 61a.

  In the login success history 61b, login success history information in which the user ID and the card ID are associated is registered in order of the new login success date and time. Further, among the login success history information registered in the login success history 61 b, login success history information for a predetermined number of users is registered as the priority user list 52 in, for example, the RAM 23 of the operation unit 20.

  Specifically, the number of users that can be registered is defined in the priority user list 52, for example, for 300 people. Then, for example, when the MFP 1 is started (when the main power is turned on), immediately before shifting to the power saving mode, or at every predetermined time, login success history information for 300 people has been successfully logged in since counting from the users with the latest login date and time. It is read from the history 61 b and registered in the priority user list 52. If the login success history information currently registered in the login success history 61b is less than the upper limit of registration, such as 150, the login success for 150 people currently registered in the login success history 61b. History information is registered in the priority user list 52.

  In this way, the upper limit for registration of the priority user list 52 is defined. When new login success history information is registered in the login success history 61b, it is necessary to update to the priority user list 52 including the new login success history information. Therefore, in step S7, the priority user management unit 54 determines whether or not the number of registered login success history information registered in the priority user list 52 has reached the upper limit (the above-mentioned 300 names). When it is determined that the number of registered login success history information registered in the priority user list 52 has not reached the upper limit (step S8: No), the process proceeds to step S9.

  When it is determined that the number of registered login success history information registered in the priority user list 52 has reached the upper limit (step S8: Yes), the process proceeds to step S10. In step S10, the priority user management unit 54 deletes, for example, the login success history information of the oldest successful login date and time from the priority user list 52, and proceeds to step S9.

  In the example of the first embodiment, when it is determined that the number of registered login success history information registered in the priority user list 52 has reached the upper limit, the login success of the oldest successful login date and time is performed. The history information is deleted from the priority user list 52. Then, new login success history information is registered in the priority user list 52.

  However, if it is determined that the number of registered login success history information registered in the priority user list 52 has reached the upper limit, for example, 10 people are counted from the login success history information of the oldest successful login date and time. Delete multiple login success history information such as minutes. Thereafter, new login success history information may be registered in the priority user list 52 until the number of registrations reaches the upper limit.

  In addition to the card ID, the user ID, and the login success history, the login frequency (the usage frequency of the MFP 1), the user's affiliation group and position are registered in the priority user list 52, and based on these registered information, The deletion target may be automatically selected.

  Further, an upper limit value that can be registered in the priority user list 52 may be automatically or manually added, for example, “for 300 people → 310 people”.

  Further, the priority user list 52 may be stored in a storage medium such as a semiconductor memory card or a magnetic card so that it can be transferred to another device such as the MFP 1.

  Next, in step S9, the priority user management unit 54 registers the login success history information newly registered in the login success history 61b in the priority user list 52 as the latest login success history information.

  Thereafter, the process proceeds to step S16, and the engine 11 is controlled so that the CPU 11 of the main body 10 provides a function corresponding to the user authority. The CPU 11 of the main body 10 provides a predetermined function in step S16 until a user logout operation or timeout is detected in step S17 (step S17; No).

(User authentication process)
Next, when the card ID read from the IC card 5 is registered in the address book 60b, the process proceeds from step S13 to the user authentication process in step S17. In step S <b> 13, the first authentication unit 53 collates the card ID read from the IC card 5 with the priority user list 52. Then, in step S14, the first authentication unit 53 determines whether the login success history information corresponding to the card ID is registered in the priority user list 52. The priority user list is a user list of users who have recently successfully logged in (for example, within one hour or within two days).

  If the login success history information corresponding to the card ID cannot be detected from the priority user list 52 (step S14; No), the process proceeds to step S7. In step S 7, the priority user management unit 54 associates the card ID read from the IC card 5, the user ID corresponding to the card ID, and the login success date / time information indicating the current date / time into new login success history information. Is registered in the login success history 61b. In addition, the priority user management unit 54 transfers the generated new login success history information to the user management unit 63 of the main body 10. The user management unit 63 of the main body 10 updates the login success history 61a stored in, for example, the HDD 14 of the main body 10 with the transferred new login success history information.

  In step S7 and step S8, the priority user management unit 54 determines whether the number of registered login success history information registered in the priority user list 52 has reached the upper limit. If the registration number has reached the upper limit, in step S10, the priority user management unit 54 deletes a predetermined number of login success history information. Then, the priority user management unit 54 registers new login success history information in the priority user list 52 in step S9.

  Thereafter, the process proceeds to step S16, and the engine 11 is controlled so that the CPU 11 of the main body 10 provides a function corresponding to the user authority. The CPU 11 of the main body 10 provides a predetermined function in step S16 until a user logout operation or timeout is detected in step S17 (step S17; No).

  On the other hand, when the login success history information corresponding to the card ID can be detected from the priority user list 52 in step S14 (step S14: Yes), the process proceeds to step S15. In step S <b> 15, the priority user management unit 54 updates the login success date information of the login success history information corresponding to the card ID detected from the priority user list 52 to the current date.

  As a result, the login success history information of the IC card currently used by the user is registered in the priority user list 52 as the latest login success history information. When the priority user management unit 54 performs such update processing of the priority user list 52, the priority user management unit 54 updates the login success history 61b with the latest login success history information, and also updates the latest login success history information to the user on the main body 10 side. Transfer to the management unit 63. The user management unit 63 updates the login success history 61a stored in, for example, the HDD 14 of the main body 10 with the latest transferred login success history information.

  Next, when the priority user list 52 is updated, the process proceeds to step S16, and the engine 11 is controlled so that the CPU 11 of the main body 10 provides a function according to the user authority. The CPU 11 of the main body 10 provides a predetermined function in step S16 until a user logout operation or timeout is detected in step S17 (step S17; No).

(Power supply control)
When the card reader 6 is connected to the main body of the MFP 1 and driven, the power supply to the card reader 6 is turned on / off according to the energy saving mode of the main body, and the energy saving mode of the operation unit transitions. For this reason, in order to log in with an IC card when the main body is in the energy saving mode, it is necessary to maintain the energy saving mode of the main body at or above the “silent state (silent mode)”. In the silent mode, since the engine of the main body is always driven, there is a disadvantage that the engine life is shortened.

  For this reason, in the MFP 1 of the first embodiment, the main body 10 and the operation unit 20 are physically separate devices, and the card reader 6 is connected to the operation unit 20 separated from the main body 10. Whether or not to log in by the IC card 5 in the energy saving mode is determined according to the transition of the energy saving mode of the operation unit 20 instead of the energy saving energy mode of the main body 10.

  That is, FIG. 6 shows the energy saving mode of the main body 10, the energy saving mode of the operation unit 20, and the operation mode of the card reader 6. The energy saving mode is a mode in which power consumption is reduced by stopping power supply to a predetermined hardware resource. The main body 10 and the operation unit 20 have a plurality of energy saving modes.

  As an example, the main body 10 is set in the energy saving mode in the descending order of power consumption, “standby mode (standby state)”, “low power mode (low power state)”, “silent mode (silent state)”, “engine off mode”. (Engine OFF) "and" STR (Suspend To RAM) mode ". The power consumption in the “standby mode (standby state)” is the highest, and the power consumption in the STR mode is the lowest. The STR mode is a mode in which the current state is stored in the memory (RAM 13) and power supply to most devices such as the CPU 11 and the HDD 14 is stopped.

  Further, as an example, the operation unit 20 sets “LCD on mode (LCD ON)” in which the LCD of the operation panel 27 is turned on as an energy saving mode, and “LCD on which the LCD of the operation panel 27 is turned off. “OFF mode (LCD OFF)” and “sleep mode (SLEEP)” which turns off the LCD and stops energization of most hardware resources.

  Further, the card reader 6 has a “reader on mode (Reader ON)” that is energized and a “reader off mode (Reader OFF)” that is in a power stopped state. In the reader-on mode, contactless wireless communication with the IC card 5 is possible. In contrast, in the reader-off mode, non-contact wireless communication with the IC card 5 is disabled.

  When the operation panel 27 of the operation unit 20 is in the LCD on mode or the LCD off mode, the first power management unit 56 of the operation unit 20 supplies power to the card reader 6. As a result, the card reader 6 is always driven in the reader-on mode, and a login operation using the IC card 5 is possible. On the other hand, when the operation unit 20 enters the sleep mode, the first power management unit 56 of the operation unit 20 stops supplying power to the card reader 6. In this case, contactless wireless communication with the IC card 5 cannot be performed, and a login operation using the IC card 5 becomes impossible.

  When the login operation is disabled, the operation unit 20 can be returned to the LCD on mode by touching the operation unit 20 or performing an operation such as setting a document on the main body 10.

  Further, even when the main body 10 is in the engine off mode, if the energy saving mode of the operation unit 20 is not shifted to the LCD off mode or lower (if the energy saving mode is not shifted to the sleep mode), the card from the operation unit 20 is used. Electric power is supplied to the reader 6, and the reader-on mode of the card reader 6 is maintained. Therefore, a login operation using the IC card 5 is possible.

  The MFP 1 according to the first embodiment can finely set conditions for returning from the energy saving mode with the IC card 5. That is, it is assumed that the card reader 6 is connected to the main body 10 of the MFP 1 and user authentication processing is performed using the address book 60a of the main body 10 or an authentication server device connected to the main body 10 via a network. In this case, in order to perform a login operation using the IC card 5 in the energy saving mode, it is necessary to start the HDD 14 or communicate with the authentication server device on the network 40 in which the address book 60a of the main body 10 is stored. .

  For this reason, the MFP 1 according to the first embodiment connects the card reader 6 not to the main body 10 but to the operation unit 20 side. Then, using the address book 60b cached in advance in the operation unit 20 from the main body 10, the user authentication process is performed only by the operation unit 20. Thus, user authentication can be performed using the IC card 5 without returning the main body 10 from the energy saving mode. In other words, the user authentication process can be performed only by the operation unit 20 without depending on the main body 10.

  Further, when the card reader 6 is connected to the main body 10 of the MFP 1, when the main body 10 shifts to the energy saving mode, power is not supplied to the card reader 6, and non-contact wireless communication with the IC card 5 becomes difficult. This problem is solved by allowing the card reader 6 to supply power to the card reader 6 for a maximum of 10 hours, for example, by shifting the energy saving mode of the main body only until the energy saving mode in which the card reader 6 can supply power. It seems possible. However, since power is not supplied to the card reader 6 after 10 hours, it is difficult for the IC card 5 to return from the energy saving mode. In this case, it is necessary to return from the energy saving mode by touching the operation unit or setting a document on the main body.

  For this reason, the MFP 1 according to the first embodiment connects the card reader 6 to the operation unit 20 so that the energy saving mode transition conditions of the operation unit 20 and the main body 10 can be set separately. Thus, user authentication can be performed using the IC card 5 without returning the main body 10 from the energy saving mode. In other words, the user authentication process can be performed only by the operation unit 20 without depending on the main body 10.

  The MFP 1 according to the first embodiment shifts the main body 10 to the energy saving mode with the lowest power consumption, but the operation unit 20 shifts only to the energy saving mode in which the card reader 6 can always supply power. ing. Further, the MFP 1 according to the first embodiment sets the main unit 10 in the standby mode without turning off the power so that all functions can be used at any time, and sets the operation unit 20 in the sleep mode.

  First, the flowchart of FIG. 7 shows a flow of operations in which the main body 10 and the operation unit 20 shift to a predetermined energy saving mode. This flowchart is started when a predetermined time such as 5 minutes elapses from the no-operation state or the no-communication state, and the processing is executed in order from step S21.

  In step S <b> 21, the CPU 11 of the main body and the CPU 21 of the operation unit 20 communicate with each other to start the transition operation to the energy saving mode. The CPU 21 of the operation unit 20 functions as the first power management unit 56 based on the user authentication program 51 stored in the ROM 22 and refers to the operation mode information 65 a stored in the RAM 23.

  The operation mode information 65 a and the operation mode information 65 b on the main body 10 described below are set by default or selected by the user and stored in the RAM 23 or the HDD 14. The first power management unit 56 refers to the operation mode information 65a stored in the RAM 23 to determine whether or not the login performance priority mode is set.

  The login performance priority mode is a mode in which the operation mode of the operation unit 20 is maintained in an energy saving mode in which the card reader 6 connected to the operation unit 20 can read the authentication information of the IC card 5. If it is determined in step S22 that the login performance priority mode is set (step S22: Yes), the process proceeds to step S24. If it is determined in step S22 that the login performance priority mode is not set (step S22: No), the process proceeds to step S25.

  In step S24 corresponding to the first process, since the login performance priority mode is set, the operation of the operation unit 20 is performed until the first power management unit 56 reaches the lowest energy saving mode in which power can be supplied to the card reader 6. The mode is changed, and the process of the flowchart of FIG. 7 ends.

  In the case of the first embodiment, the lowest energy saving mode capable of supplying power to the card reader 6 is the LCD off mode as shown in FIG. In the LCD off mode, power consumption is high, but it is possible to shorten the time until the login operation is completed after the IC card 5 is held in the energy saving mode.

  On the other hand, in step S25 corresponding to the second process, since the login performance priority mode is not set, the first power management unit 56 sets the operation mode of the operation unit 20 to the energy saving with the lowest power consumption. After shifting to the mode, the processing of the flowchart of FIG.

  In the case of the first embodiment, the energy saving mode with the lowest power consumption is the sleep mode as shown in FIG. In the sleep mode, it takes some time until the login operation is completed after the IC card 5 is tapped in the energy saving mode, but the power consumption can be greatly reduced.

  On the other hand, when the main body 10 starts the transition operation to the energy saving mode, the CPU 11 functions as the second power management unit 64 based on the user authentication program. In step S23, the second power management unit 64 refers to the operation mode information 65b stored in the HDD 14, and determines whether or not the main body energy saving priority mode is set.

  The main body energy saving priority mode is an operation mode of the main body 10 that reduces power consumption by stopping energization of most hardware resources of the main body 10. If it is determined in step S23 that the main body energy saving priority mode is set (step S23: Yes), the process proceeds to step S26. If it is determined in step S23 that the main body energy saving priority mode is not set (step S23: No), the process proceeds to step S27.

  In step S26 corresponding to the fourth process, since the main body energy saving priority mode is set, the second power management unit 64 shifts the operation mode of the main body 10 to the lowest energy saving mode, as shown in FIG. The process of the flowchart ends. In the case of the first embodiment, the lowest energy saving mode is the STR mode as shown in FIG. In the STR mode, it takes time to restore the function of the main body 10, but power consumption can be greatly reduced.

  On the other hand, in step S27 corresponding to the third process, since the main body energy saving priority mode is not set, the second power management unit 64 always sets the operation mode of the main body 10 and the engine 17 of the main body 10 constantly. The process proceeds to the lowest energy saving mode that is in the on state, and the process of the flowchart of FIG. 7 ends.

  In the case of the first embodiment, the lowest energy saving mode in which the engine 17 is always on is the silent mode as shown in FIG. In the silent mode, although the power consumption is slightly high, the function can be used at any time because the engine 17 is always driven.

  Next, the operation of returning the main body 10 and the operation unit 20 from the energy saving mode will be described using the flowchart of FIG. The flowchart of FIG. 8 starts when the operation unit 20 shifts to the LCD off mode, which is an operation mode in which power is supplied to the card reader 6 with the LCD of the operation panel 27 turned off, and the processing is sequentially performed from step S31. Do.

  In the LCD off mode, power is supplied from the operation unit 20 to the card reader 6. For this reason, the card reader 6 can always perform non-contact wireless communication with the IC card 5. For this reason, when non-contact wireless communication is started between the card reader 6 and the IC card 5, the first power management unit 56 of the operation unit 20 starts a return operation from the energy saving mode in step S31. Then, the process proceeds to step S32.

  In step S32, the first power management unit 56 refers to the operation mode information 65a stored in the RAM 23 to determine whether or not the engine life priority mode is set. In the engine life priority mode, the scanner function, the printing function, the FAX function, etc. of the main body 10 are not activated, and only the operation unit 20 is restored from the energy saving mode, so that the cloud service or the like can be used only by the screen operation. It is an operation mode. When the engine life priority mode is set (step S32: Yes), the process proceeds to step S33. If the engine life priority mode is not set (step S32: No), the process proceeds to step S34.

  When it is determined that the engine life priority mode is set, and the process proceeds to step S33 corresponding to the sixth process, the first power management unit 56 sets the engine life priority mode. Is transmitted to the second power management unit 64 of the main body 10 for notification. In step S33, the second power management unit 64 of the main body 10 returns the operation mode of the main body 10 to the lowest energy saving mode in which the engine 17 is not started based on the notification. Thereby, a process progresses to step S35. In the case of the first embodiment, the lowest energy saving mode in which the engine 17 is not driven is the engine off mode as shown in FIG.

  On the other hand, when it is determined that the engine life priority mode is not set, and the process proceeds to step S34 corresponding to the fifth process, the first power management unit 56 determines that the engine life priority mode is set. Information indicating that it has not been set is transmitted to the second power management unit 64 of the main body 10 for notification. In step S34, the second power management unit 64 of the main body 10 energizes the engine 17 and the like based on the notification, and the main body 10 operates in the operation mode of the main body 10 until the standby mode that is the energy saving mode with the highest power consumption. And the process proceeds to step S35.

  In step S35, the first power management unit 56 of the operation unit 20 returns the operation mode of the operation unit 20 to the LCD on mode. Thereby, when the engine life priority mode is set, the operation mode of the main body 10 is set to the engine off mode in which the engine 17 is not driven, and only the operation unit 20 is activated, and the IC is connected via the card reader 6. Authentication information can be acquired from the card 5. The first authentication unit 53 performs the above-described user authentication process using the authentication information acquired from the IC card 5.

(Effects of the first embodiment)
As is clear from the above description, the MFP 1 according to the first embodiment can perform the user authentication process by starting only the operation unit 20 without starting the main body 10 during the user authentication process. For this reason, the life of the engine 17 of the main body 10 can be extended.

(Second Embodiment)
Next, an authentication system 92 according to the second embodiment of the present invention will be described. The authentication system 92 according to the second embodiment performs the above-described user authentication process on the authentication server device provided on the network.

(Hardware configuration of authentication system according to second embodiment)
FIG. 9 illustrates a hardware configuration of the authentication system 92 according to the second embodiment. In FIG. 9, the same reference numerals are given to the portions showing the same operations as those in the first embodiment. Refer to the description of the first embodiment for the detailed operation. As shown in FIG. 9, the authentication system 92 according to the second embodiment connects the communication I / F 25 of the operation unit 20 of the MFP 1 to a network 40 such as the Internet, and sets the communication I / F 75 of the authentication server device 70. Connected to the network 40. Thereby, the MFP 1 and the authentication server device 70 are connected to each other via the network 40, and the authentication system 92 according to the second embodiment is configured.

  The authentication server device 70 is formed by connecting a CPU 71, ROM 72, RAM 73, HDD 74, and communication I / F 75 to each other via a system bus 76.

  The CPU 71 controls the overall operation of the authentication server device 70. The CPU 71 controls the entire operation of the authentication server device 70 by executing a program stored in the ROM 72 or the like using the RAM 73 as a work area (work area). The CPU 71 implements the user authentication operation described in the first embodiment by executing a user authentication program stored in the ROM 72 or the like. The communication I / F 75 is an interface for communicating with the MFP 1 on the network 40, for example.

  The RAM 73 (or another storage unit such as a flash memory) may store the address book 60b and the login success history 61b transmitted in advance from the operation unit 20 of the MFP 1. Further, the CPU 71 stores, in the RAM 73, the login success history information for the predetermined number of users from the latest login success history information in the login success history 61 b as the priority user list 52.

(Function of the authentication system of the second embodiment)
FIG. 10 is a functional block diagram of the authentication system 92 according to the second embodiment. In FIG. 10, the authentication server device 70 includes an authentication unit 77 and a priority user management unit 54. These units operate when the CPU 71 in FIG. 9 executes one or more programs installed in the authentication server device 70. The authentication server device 70 also stores a user authentication program 51 for executing the above-described user authentication processing, for example, in the ROM 72 of FIG. The authentication server device 70 further includes a priority user list 52 in which the address book 60b and the login success history 61b transferred from the main body 10 via the operation unit 20 and the priority user information generated from the login success history 61b are listed. Remember. These pieces of information are stored in the ROM 72, the RAM 73, etc. of FIG. 9 (which may be the HDD 74 or another storage device such as a flash memory not shown in FIG. 9).

  The CPU 71 of the authentication server device 70 operates in accordance with the user authentication program 51, thereby functioning as the priority user management unit 54 and authentication corresponding to the first authentication unit 53 (FIG. 3) described in the first embodiment. It functions as the section 77.

(Operation of the authentication system of the second embodiment)
In such an authentication system 92, the operation unit 20 of the MFP 1 transmits the address book 60 a stored as master information of each user in the main body 10 to the authentication server device 70 in advance. The authentication server device 70 stores the transmitted address book 60a as the address book 60b in the RAM 73, for example. Further, the operation unit 20 of the MFP 1 transmits the card ID read from the user's IC card 5 by the IC card I / F 29 by the operation of the IC card control unit 55 to the authentication server device 70 during the login operation. The authentication unit 77 of the authentication server device 70 performs user authentication by comparing the card ID transmitted from the MFP 1 with the address book 60 b stored in the authentication server device 70. The CPU 71 generates login success history information that associates the user ID, card ID, and login success date / time information of the user who has succeeded in user authentication, and stores the login success history information as, for example, the RAM 73 as the login success history 61b. Further, the authentication unit 77 of the authentication server device 70 stores the login success history information for a predetermined number of users from the login success history information of the latest login success date and time as the priority user list 52, for example, in the RAM 73. As a result, the above-described user authentication process can be performed.

  That is, the operation unit 20 of the MFP 1 transmits the card ID read by the IC card I / F 29 during the login operation to the authentication server device 70. The authentication unit 77 of the authentication server device 70 collates the card ID transmitted from the MFP 1 side with the priority user list 52. If any of the login success history information in the priority user list 52 includes the card ID transmitted from the MFP 1 side, the authentication unit 77 authenticates the user with the card ID transmitted from the MFP 1 side as a regular user. To do. Then, the authentication result is transmitted to the operation unit 20 of the MFP 1 via the network 40. When the CPU 21 of the operation unit 20 obtains an authentication result indicating that the user is a legitimate user from the authentication server device 70, the CPU 21 communicates with the CPU 11 of the main body 10 to use the MFP 1.

(Effect of the second embodiment)
Since the authentication system 92 according to the second embodiment performs user authentication processing on the authentication server device 70 side, the burden on the MFP 1 side can be reduced, and the same effects as those of the first embodiment described above can be obtained. Can be obtained.

(Third embodiment)
Next, an authentication system 94 according to the third embodiment will be described. The authentication system 94 of the third embodiment is provided with a plurality of authentication server devices on a network, and each authentication server device shares the user authentication processing described above.

(Configuration of authentication system according to the third embodiment)
FIG. 11 shows a system configuration of the authentication system 94 according to the third embodiment. In FIG. 11, the same reference numerals are given to portions showing the same operations as those in the first embodiment. Refer to the description of the first embodiment for the detailed operation. As shown in FIG. 11, the authentication system 94 according to the third embodiment includes a first server device 81 that performs registration processing of a new IC card, a second server device 82 that performs user authentication, and the MFP 1 on a network. It is comprised by connecting mutually via 40.

  The first server device 81 that performs new IC card registration processing is an example of a first server device. The second server device 82 that performs user authentication is an example of a second server device. The MFP 1 has the configuration described with reference to FIG. 1 and includes a CPU 11 and an engine 17. The MFP 1 includes the priority user management unit 54 and the IC card control unit 55 as described with reference to FIG. Further, as described with reference to FIG. 1, the MFP 1 includes a communication I / F 25 and a RAM 23.

  The first server device 81 is a server device that performs a new IC card registration process corresponding to the process from step S4 to step S12 in the flowchart of FIG. The first server device 81 has a first authentication unit 87 that is a function realized by the CPU executing a user authentication program. The first authentication unit 87 stores the address book 60 transmitted from the MFP 1 in the first server device 81. Further, the first authentication unit 87 uses the login success history information generated by collating the card ID of the IC card transmitted from the MFP 1 at the time of the login operation with the address book 60 to the login success history of the first server device 81. 61 is stored.

  The second server device 82 is a server device that performs user authentication processing corresponding to the processing from step S13 to step S17 in the flowchart of FIG. The second server device 82 includes a second authentication unit 90 that is a function realized by the CPU executing a user authentication program. The second server device 82 stores the login success history information for the predetermined number of users from the latest login success history information transmitted from the first server device 81 in the priority user list 52 of the second server device 82. To do.

(Operation of the authentication system of the third embodiment)
In such an authentication system 94, the operation unit 20 of the MFP 1 transmits the address book 60 b storing the master information of each user to the first server device 81 in advance. The first authentication unit 87 of the first server device 81 stores the transmitted address book 60 b in the address book 60 of the first server device 81. Further, the operation unit 20 of the MFP 1 transmits the card ID read from the user's IC card 5 by the IC card I / F 29 to the first server device 81 and the second server device 82 during the login operation.

  The first authentication unit 87 of the first server device 81 performs user authentication by comparing the card ID transmitted from the MFP 1 with the address book 60 stored in the first server device 81. Then, login success history information in which the user ID of the user who has succeeded in user authentication, the card ID, and login success date information is associated is generated and stored in the login success history 61 of the first server device 81. Further, the first authentication unit 87 of the first server device 81 reads login success history information for a predetermined number of users from the login success history information of the latest login success date and time from the login success history 61, and via the network 40. Transmit to the second server device 82.

  Further, the first authentication unit 87 of the first server device 81 inputs user information such as a user ID and a password to the MFP 1 when the card ID transmitted from the MFP 1 is not registered in the address book 60. Make a request. The first authentication unit 87 performs user authentication by comparing user information transmitted from the MFP 1 in response to this input request with user information in the address book 60. When the first authentication unit 87 detects a plurality of user information input mistakes as a result of user authentication, the first authentication unit 87 transmits an unauthorized user authentication result to the MFP 1.

  On the other hand, when the card ID transmitted from the MFP 1 is registered in the address book 60, it means that an IC card with a new card ID that has not been registered is used in the address book 60 yet. To do. Therefore, the first authentication unit 87 newly registers a new card ID, user ID, and password in the address book 60. Further, the first authentication unit 87 notifies the MFP 1 of the newly registered new card ID, user ID, and password in the address book 60. On the MFP 1 side, the address book (60a) stored in, for example, the HDD 14 of the main body 10 is updated with the notified new card ID, user ID, and password.

  Further, the first authentication unit 87 generates the latest login success history information in which the new card ID, the user ID, and the login success date / time information are associated, and registers them in the login success history 61. The first authentication unit 87 reads login success history information for a predetermined number of users from the login success history information of the latest login success date and time from the login success history 61 and transmits the login success history information to the second server device 82 via the network 40. .

  Next, the second server device 82 stores the login success history information for the predetermined number of users transmitted from the first server device 81 in the priority user list 52. The second authentication unit 90 of the second server device 82 collates the card ID transmitted from the MFP 1 with the priority user list 52. When the card ID transmitted from the MFP 1 side exists in any of the login success history information in the priority user list 52, the second authentication unit 90 identifies the user with the card ID transmitted from the MFP 1 side as a regular user. Authenticate as a user. Then, the authentication result is transmitted to the operation unit 20 of the MFP 1 via the network 40. When the operation unit 20 obtains an authentication result indicating that the user is a legitimate user from the second server device 82, the operation unit 20 communicates with the main body 10 to enable the function of the MFP 1.

(Effect of the third embodiment)
Since the authentication system 94 according to the third embodiment shares the user authentication processing between the first server device 81 and the second server device 82, the MFP 1 and the first server that are required for the user authentication processing. In addition to greatly reducing the burden on the device 81 and the second server device 82, the same effects as those of the first embodiment described above can be obtained.

  Each of the above-described embodiments is presented as an example, and is not intended to limit the scope of the present invention. Each of the novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the scope of the invention.

  For example, in the description of each of the above-described embodiments, the present invention is applied to the MFP 1 in which the operation unit 20 can be removed from and attached to the main body 10. Even if it exists, the same effect as the above-mentioned can be acquired.

  The MFP 1 in each of the above-described embodiments is an example of a device to which the present invention is applied. Therefore, the present invention may be applied to any device that performs user authentication other than the MFP 1, such as a projector device, a video conference system, or a digital camera device.

  The above-described embodiments and modifications of the embodiments are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalent scope thereof.

1 MFP (MFP)
5 IC card 6 Card reader 10 Body 11 CPU
12 ROM
13 RAM
14 HDD
15 Communication I / F
16 Connection I / F
17 Engine 18 System Bus 19 Fax Modem 20 Operation Unit 21 CPU
22 ROM
23 RAM
24 Flash memory 25 Communication I / F
26 Connection I / F
27 Operation Panel 28 System Bus 29 IC Card I / F
30 communication channel 40 network 51 user authentication program 52 priority user list 53 first authentication unit 54 priority user management unit 55 IC card control unit 56 first power management unit 60, 60a, 60b address book 61, 61a, 61b successful login History 62 Second authentication unit 63 User management unit 64 Second power management unit 65a, 65b Operation mode information 70 Authentication server device 81 First server device 82 Second server device 87 First authentication unit 90 Second Authentication unit 92, 94 Authentication system

JP 2013-92786 A

Claims (15)

A first unit providing a predetermined function;
A second unit connected to the first unit,
The second unit is
An acquisition unit for acquiring authentication information from an authentication medium;
Using the acquired authentication information, an authentication unit that performs a user authentication process that enables the function of the first unit;
When the first unit shifts to an energy saving mode in which power consumption is reduced by stopping power supply to a predetermined hardware resource, the second unit is placed in the energy saving state while the acquisition unit is driven. And a first power management unit for returning the second unit from the energy saving mode so that the authentication unit performs the user authentication process at the time of the user authentication process. Equipment. The first power management unit stops the second unit, the first process for shifting the second unit to the energy saving mode while the acquisition unit is in a driving state, and the second unit stops the acquisition unit. The apparatus according to claim 1, wherein a selected process is performed among the second processes that are set in a state and shift to an energy saving mode in which the power consumption is lower than that of the first process. The first unit includes a second power management unit that shifts the first unit to an energy saving mode that reduces power consumption by stopping power supply to a predetermined hardware resource,
The second power management unit is configured to cause the first unit to shift to the energy saving mode after the engine of the first unit is in a driving state when shifting to the energy saving mode; and Storing the information indicating the current situation in the storage unit, and performing the selected process among the fourth processes for shifting the first unit to the energy saving mode in which energization is restricted to the storage unit. The device according to claim 1, wherein the device is characterized. The second power management unit includes a fifth process in which the engine of the first unit is returned to a driving state and stands by during the user authentication process, and the engine during the user authentication process. The apparatus according to claim 3, wherein the selected process is performed among the sixth processes in which the power saving mode with the lowest power consumption is set in a stopped state. A transmission unit that transmits the authentication information acquired from the authentication medium by the acquisition unit to an authentication server device on a predetermined network;
The device according to any one of claims 1 to 4, wherein the authentication unit performs the user authentication processing using an authentication result returned from the authentication server device. The authentication server device includes at least a first server device and a second server device,
The first server device performs the user authentication process using the authentication information transmitted from the transmission unit, transmits history information of an authentication result authenticated as a regular user,
The second server device performs the user authentication process by comparing the history information received from the first server device with the authentication information transmitted from the transmission unit, and transmits an authentication result.
The device according to claim 5, wherein the authentication unit performs the user authentication process using an authentication result returned from the second server device. A first unit providing a predetermined function;
A second unit connected to the first unit,
The second unit is
An acquisition unit for acquiring authentication information from an authentication medium;
Using the acquired authentication information, an authentication unit that performs a user authentication process that enables the function of the first unit;
When the first unit shifts to an energy saving mode in which power consumption is reduced by stopping power supply to a predetermined hardware resource, the second unit is placed in the energy saving state while the acquisition unit is driven. And a first power management unit for returning the second unit from the energy saving mode so that the authentication unit performs the user authentication process at the time of the user authentication process. Authentication system. The first power management unit stops the second unit, the first process for shifting the second unit to the energy saving mode while the acquisition unit is in a driving state, and the second unit stops the acquisition unit. The authentication system according to claim 7, wherein the selected process is performed among the second processes that are set in a state and shift to an energy saving mode in which the power consumption is lower than that of the first process. The first unit includes a second power management unit that shifts the first unit to an energy saving mode that reduces power consumption by stopping power supply to a predetermined hardware resource,
The second power management unit is configured to cause the first unit to shift to the energy saving mode after the engine of the first unit is in a driving state when shifting to the energy saving mode; and Storing the information indicating the current situation in the storage unit, and performing the selected process among the fourth processes for shifting the first unit to the energy saving mode in which energization is restricted to the storage unit. The authentication system according to claim 7 or 8. The second power management unit includes a fifth process in which the engine of the first unit is returned to a driving state and stands by during the user authentication process, and the engine during the user authentication process. The authentication system according to claim 9, wherein the selected process is performed among the sixth processes in which the power saving mode with the lowest power consumption is set in a stopped state. A transmission unit that transmits the authentication information acquired from the authentication medium by the acquisition unit to an authentication server device on a predetermined network;
The authentication system according to any one of claims 7 to 10, wherein the authentication unit performs the user authentication process using an authentication result returned from the authentication server device. The authentication server device includes at least a first server device and a second server device,
The first server device performs user authentication processing using the authentication information transmitted from the transmission unit, transmits history information of an authentication result authenticated as a regular user,
The second server device performs user authentication processing by comparing the history information received from the first server device with the authentication information transmitted from the transmission unit, and transmits an authentication result.
The authentication system according to claim 11, wherein the authentication unit performs the user authentication process using an authentication result returned from the second server device. An authentication processing method in an authentication system comprising: a first unit that provides a predetermined function; and a second unit connected to the first unit,
The second unit is
An acquisition step in which the acquisition unit acquires authentication information from the authentication medium;
An authentication step in which an authentication unit performs a user authentication process to use the function of the first unit using the acquired authentication information;
When the first unit shifts to an energy saving mode that reduces power consumption by stopping power supply to a predetermined hardware resource, the first power management unit keeps the acquisition unit in a driving state, And a first power management step of returning the second unit from the energy saving mode so that the second unit is shifted to the energy saving mode and the authentication unit performs the user authentication process. Authentication processing method. An authentication processing program in an authentication system including a first unit that provides a predetermined function and a second unit connected to the first unit,
The second unit computer;
An acquisition unit for acquiring authentication information from an authentication medium;
Using the acquired authentication information, an authentication unit that performs a user authentication process that enables the function of the first unit;
When the first unit shifts to an energy saving mode in which power consumption is reduced by stopping power supply to a predetermined hardware resource, the second unit is placed in the energy saving state while the acquisition unit is driven. An authentication processing program characterized by causing the second unit to function as a first power management unit for returning from the energy saving mode so as to shift to a mode and perform the user authentication process by the authentication unit.   A computer-readable storage medium storing the authentication processing program according to claim 14.

Images