JP2019020999A - Information processing device, information processing method and program - Google Patents

Abstract

To provide an information processing device, an information processing method and a program capable of authenticating a user in consideration of detailed additional information of a card without interposing a manager.SOLUTION: An authentication device, when user authentication is performed, confirms whether or not authentication information corresponding to a card ID read out from a card owned by the user is associated with the authentication information corresponding to a login ID input from the user and registered in an authentication server. Then the authentication device, when the confirmation result is affirmative, a final use time of the card ID is acquired from the authentication server, and based on the acquired final use time, determines whether or not a second item indicating the name of the card ID in the authentication server satisfies a condition of a previously associated available period, and only when the determination result is affirmative, authenticates the user S16.SELECTED DRAWING: Figure 13

Description

  The present invention relates to an information processing apparatus, an information processing method, and a program.

  Conventionally, for example, a card ID for identifying a card used in a device such as an MFP is associated with an account managed by the authentication server (information such as a user ID for identifying a user having use authority) and registered in the authentication server. The technology to do is known.

  For example, Patent Document 1 discloses a technique in which a user (administrator) manually registers an unregistered card in an authentication server.

  However, there are many general-purpose technologies (for example, Active Directory and LDAP) used for an authentication server for managing user accounts, and detailed information on additional cards is not registered. For this reason, conventionally, it has been difficult to authenticate a user in consideration of detailed additional information of the card such as the validity period and the last use time of the card ID without intervention of an administrator.

  The present invention has been made in view of the above, and an information processing apparatus, an information processing method, and an information processing apparatus capable of authenticating a user in consideration of detailed additional information on a card without intervention of an administrator The purpose is to provide a program.

  In order to solve the above-described problems and achieve the object, the present invention provides an information processing apparatus capable of communicating with an authentication server that holds authentication information indicating information related to user authentication, and the authentication in the information processing apparatus A first correspondence information indicating a correspondence relationship between a first item indicating the name of information and a second item indicating the name of the authentication information in the authentication server; and a card possessed by the user in the authentication server. A correspondence information storage unit for storing second correspondence information in which the card validity period is associated with the second item indicating the name of the card identification information to be identified, and user information for identifying the user are acquired. And a user information authentication unit that determines whether or not the authentication information corresponding to the user information acquired by the first acquisition unit is registered in the authentication server. The second acquisition unit that acquires the card identification information from the card possessed by the user, and the first correspondence information with reference to the first correspondence information, the first information indicating the name of the card identification information in the information processing apparatus A first specifying unit that specifies the second item corresponding to an item; the second item specified by the first specifying unit; and the card identification information acquired by the second acquiring unit. Whether the authentication information indicating the card identification information consisting of a pair with the value is associated with the authentication information corresponding to the user information acquired by the first acquisition unit and registered in the authentication server A registration confirmation unit for confirming whether or not and a confirmation result by the registration confirmation unit is affirmative, the second correspondence information is referred to and the second item identified by the first identification unit is handled. The validity period to The second item specified by the second specifying unit and the card acquired by the second acquiring unit when the confirmation result by the registration checking unit is positive, the second item specified by the first specifying unit Based on the last acquisition time acquired by the third acquisition unit acquired by the third acquisition unit, the third acquisition unit that acquires the last use time of the card identification information that is a set of the value of the identification information from the authentication server, A determination unit that determines whether or not a condition of the validity period specified by the second specification unit is satisfied; and an authentication unit that authenticates a user when the determination unit determines that the condition of the validity period is satisfied , An information processing apparatus comprising:

  According to the present invention, it is possible to authenticate a user in consideration of detailed additional information on a card without intervention of an administrator.

FIG. 1 is a diagram illustrating an example of an information processing system according to an embodiment. FIG. 2 is a diagram illustrating an example of a hardware configuration of the image forming apparatus. FIG. 3 is a diagram illustrating an example of the functions of the image forming apparatus. FIG. 4 is a diagram illustrating an example of the first correspondence information. FIG. 5 is a diagram illustrating an example of the second correspondence information. FIG. 6 is a diagram illustrating an example of the third correspondence information. FIG. 7 is a diagram illustrating an example of information associated with a user whose authentication information indicating a card ID is not registered in the authentication device. FIG. 8 is a diagram illustrating an example of user information associated with a user in which authentication information indicating a card ID is registered. FIG. 9 is a diagram illustrating an example when a plurality of card IDs are associated with one user in the authentication apparatus. FIG. 10 is a diagram illustrating an example in which a plurality of card IDs are associated with one user in the authentication device. FIG. 11 is a diagram illustrating an example in the case where information indicating the last use time of each of a plurality of card IDs is associated with one user in the authentication apparatus. FIG. 12 is a diagram illustrating an example in the case where information indicating the last use time of each of a plurality of card IDs is associated with one user in the authentication apparatus. FIG. 13 is a sequence diagram illustrating an example of an operation procedure of the information processing system. FIG. 14 is a sequence diagram illustrating an example of an operation procedure of the information processing system. FIG. 15 is a sequence diagram illustrating an example of an operation procedure of the information processing system.

  Hereinafter, embodiments of an information processing apparatus, an information processing method, and a program according to the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a diagram illustrating an example of an information processing system 1 according to the present embodiment. As shown in FIG. 1, the information processing system 1 includes an image forming apparatus 101, an authentication apparatus 102, and a setting terminal 103, which can be connected to each other via a network 104 such as the Internet. .

  The image forming apparatus 101 is an example of an “information processing apparatus”, and may be, for example, a multifunction peripheral (MFP). Note that a multifunction peripheral is a device having a plurality of different functions such as a copy function, a scanner function, a printer function, and a fax function. As will be described in detail later, the user inputs a login ID (for example, a combination of a user name and a password), which is an example of user information for identifying the user, from an operation unit (an operation panel 15 described later) of the image forming apparatus 101. As a result, the image forming apparatus 101 confirms whether or not the input login ID has been registered in the authentication apparatus 102. In addition, when the user turns on a card (IC card) possessed by the user with respect to a later-described card reader 18 attached to the image forming apparatus 101, the image forming apparatus 101 uses the card from the card. The card ID which is an example of the card identification information for identifying the card is read. Then, the image forming apparatus 101 confirms whether the read card ID is associated with the login ID and registered in the authentication apparatus 102, and the last use time of the card ID is a condition for the validity period of the card. Check whether or not In this example, the user's login ID has already been registered in the authentication device 102, and the card ID read from the card possessed by the user is associated with the login ID and registered in the authentication device 102. If the last use time satisfies the validity period condition, the user is authenticated. That is, it is determined that the user has authority to use the image forming apparatus 101.

  The authentication device 102 is an example of an “authentication server”, and holds authentication information indicating information related to user authentication. Here, there are a plurality of types of authentication information, for example, authentication information corresponding to the above-mentioned login ID, authentication information corresponding to the above-mentioned card ID, and the like. Details will be described later. Each authentication information includes an item indicating the name of the authentication information and a value (ID value or the like) of the authentication information. For example, the authentication information indicating the login ID includes an item indicating the name of “login ID” and an ID value (login ID value). Generally, a server technology such as Active Directory or LDAP is used for the authentication device 102. However, the authentication device 102 according to the present embodiment further includes a card ID and its detailed information (card validity period, last time). Management of usage time).

  The setting terminal 103 is a client PC (Personal Computer). In order for the user to use the setting terminal 103, it is necessary to be authorized to perform various settings of the image forming apparatus 101 (the administrator needs to be authenticated). A user who has been authenticated by an administrator operates a UI (User Interface) of the setting terminal 103 to transmit a setting value to the image forming apparatus 101. Thereby, various settings of the image forming apparatus 101 are performed.

  FIG. 2 is a diagram illustrating an example of a hardware configuration of the image forming apparatus 101. As shown in FIG. 2, the image forming apparatus 101 includes a CPU 11, a ROM 12, a RAM 13, an HDD 14, an operation panel 15, an engine unit 16, a communication I / F 17, and a card reader 18. Are connected via an internal bus.

  The CPU 11 comprehensively controls the operation of the image forming apparatus 101. The CPU 11 controls the overall operation of the image forming apparatus 101 by executing a program stored in the ROM 12 or the HDD 14 using the RAM 13 as a work area (work area), and performs a copy function, a scanner function, a fax function, a printer function, and the like. Implement various functions.

  The operation panel 15 is a device for accepting user operations and displaying various types of information regarding the image forming apparatus 101. The operation panel 15 is composed of, for example, a liquid crystal touch panel.

  The engine unit 16 is hardware that performs processing other than general-purpose information processing and communication for realizing a copy function, a scanner function, a fax function, and a printer function. For example, a scanner (image reading unit) that scans and reads an image of a document, a plotter (image forming unit) that performs printing on a sheet material such as paper, and a fax unit that performs fax communication are provided. Further, a specific option such as a finisher for sorting printed sheet materials or an ADF (automatic document feeder) for automatically feeding a document can be provided.

  The communication I / F 17 is an interface for connecting to the network 104. The card reader 18 performs non-contact wireless communication with a card (such as an IC card) tricked by the user, and reads a card ID stored in the card.

  FIG. 3 is a diagram illustrating an example of functions that the image forming apparatus 101 has. For convenience of explanation, FIG. 3 mainly illustrates functions related to the present invention, but the functions of the image forming apparatus 101 are not limited to these. As illustrated in FIG. 3, the image forming apparatus 101 includes a communication unit 110, a setting holding unit 111, a first acquisition unit 112, a user information authentication unit 113, a second acquisition unit 114, and a first acquisition unit 112. The identification unit 115, the registration confirmation unit 116, the second identification unit 117, the third acquisition unit 118, the determination unit 119, the authentication unit 120, and the registration unit 121 are included.

  The communication unit 110 communicates with the authentication device 102 and the setting terminal 103 via the network 104.

  The setting holding unit 111 is an example of a “corresponding information storage unit”, and includes a first item indicating a name (item) of authentication information in the image forming apparatus 101 and a second item indicating a name of authentication information in the authentication apparatus 102. The card validity period is associated with the first correspondence information indicating the correspondence with the item and the second item (“CardID”) indicating the name of the card ID (card identification information) in the authentication apparatus 102. Second correspondence information is stored. FIG. 4 is a diagram illustrating an example of the first correspondence information. FIG. 5 is a diagram illustrating an example of the second correspondence information. In the example of FIG. 5, if the card ID is not used for 10 days, this means that the card ID cannot be used for authentication. For example, when there is no restriction on the validity period, the validity period is not defined in the second correspondence information.

  Further, in this example, the setting holding unit 111 corresponds to the second item indicating the name of the last use time of the card ID in the authentication device 102 with respect to the second item indicating the name of the card ID in the authentication device 102. The attached third correspondence information is stored. FIG. 6 is a diagram illustrating an example of the third correspondence information. In this example, the first correspondence information, the second correspondence information, and the third correspondence information are individually provided. However, the present invention is not limited to this, and for example, the correspondence information is stored in one common table. It may be configured.

  The description of FIG. 3 is continued. The first acquisition unit 112 acquires user information for identifying a user. In this example, the image forming apparatus 101 displays a login screen that prompts the user to input a login ID on the operation panel 15 when activated or when no user is logged in. And the user who is going to log in inputs login ID from a login screen. The first acquisition unit 112 acquires the login ID input from the login screen as user information. The login ID, which is an example of “user information”, may be information that identifies the user, and may be, for example, a combination of a user ID and a password.

  The user information authentication unit 113 determines whether authentication information corresponding to the login ID acquired by the first acquisition unit 112 is registered in the authentication device 102. The specific contents will be described later.

  The second acquisition unit 114 acquires a card ID from a card possessed by the user. The authentication information indicating the card ID in the image forming apparatus 101 is composed of a first item (name “card ID”) indicating the name of the card ID in the image forming apparatus 101 and an ID value (card ID value). The

  The first specifying unit 115 refers to the first correspondence information described above, and the second item corresponding to the first item (name “card ID”) indicating the name of the card ID in the image forming apparatus 101. (Name "CardID").

  The registration confirmation unit 116 is a combination of the second item (named “CardID”) specified by the first specifying unit 115 and the card ID value (ID value) acquired by the second acquisition unit 114. The authentication information indicating the card ID (authentication information indicating the card ID in the authentication device 102) is registered in the authentication device 102 in association with the authentication information corresponding to the login ID acquired by the first acquisition unit 112. Check if it is. The specific contents will be described later. The authentication information indicating the login ID in the authentication device 102 includes a second item indicating the name of the login ID in the authentication device 102 and the value of the login ID.

  If the confirmation result by the registration confirmation unit 116 is affirmative, that is, the second identification unit 117, that is, the second item (named “CardID”) identified by the first identification unit 115 and the second acquisition unit The authentication information indicating the card ID consisting of a pair with the value of the card ID acquired by 114 is registered in the authentication apparatus 102 in association with the authentication information corresponding to the login ID acquired by the first acquisition unit 112. If it is, the effective period corresponding to the second item specified by the first specifying unit 115 is specified with reference to the second correspondence information described above.

  When the confirmation result by the registration confirmation unit 116 is affirmative, the third acquisition unit 118 determines the second item specified by the first specification unit 115 and the value of the card ID acquired by the second acquisition unit 114. The last use time of the card ID consisting of the pair is acquired from the authentication device 102. The specific contents will be described later.

  Based on the last use time acquired by the third acquisition unit 118, the determination unit 119 determines whether or not the validity period specified by the second specification unit 117 is satisfied. More specifically, the determination unit 119 determines that the period representing the difference between the current time and the last use time acquired by the third acquisition unit 118 is within the effective period specified by the second specification unit 117. If there is, it can be determined that the condition of the validity period is satisfied.

  If the determination unit 119 determines that the validity period is satisfied, the authentication unit 120 authenticates the user (the user is authorized to use the image forming apparatus 101). That is, the authentication unit 120 associates the authentication information corresponding to the card ID acquired by the second acquisition unit 114 with the authentication information corresponding to the login ID acquired by the first acquisition unit 112. The user is authenticated only when it is registered in the authentication apparatus 102 and the last use time of the card ID satisfies the validity period.

  In the registration unit 121, authentication information indicating a card ID composed of a combination of the second item specified by the first specifying unit 117 and the value of the card ID acquired by the second acquisition unit 114 is the first information. If the authentication unit 102 is associated with the authentication information corresponding to the login ID acquired by the acquisition unit 112 and is not registered in the authentication device 102, the authentication information indicating the card ID consisting of the pair is used as the authentication information corresponding to the login ID. And registered in the authentication device 102. The specific contents will be described later.

  The communication unit 110, the first acquisition unit 112, the user information authentication unit 113, the second acquisition unit 114, the first specification unit 115, the registration confirmation unit 116, the second specification unit 117, and the third description described above. The functions of the acquisition unit 118, the determination unit 119, the authentication unit 120, and the registration unit 121 are realized by the CPU 11 developing and executing programs stored in the ROM 12, the HDD 14, and the like on the RAM 13. For example, some or all of these functions may be realized by a dedicated hardware circuit (semiconductor integrated circuit or the like). The setting holding unit 111 described above can be realized by a storage device such as the HDD 14.

  Next, authentication information managed by the authentication apparatus 102 will be described. The authentication device 102 holds (manages) various authentication information in association with each of a plurality of users. More specifically, the authentication information can be said to be information used for user authentication. In this example, authentication information indicating a login ID and authentication information indicating a card ID are assumed as authentication information associated with the user. However, the present invention is not limited to this. As will be described later, the authentication apparatus 102 according to the present embodiment includes, for each of a plurality of users, authentication information indicating a login ID, authentication information indicating a card ID, and detailed information on a card possessed by the user (this example) Then, information indicating the last use time of the card ID is held in association with at least.

  FIG. 7 is a diagram illustrating an example of information (including authentication information) associated with a user for whom authentication information indicating a card ID is not registered in the authentication apparatus 102. In the example of FIG. 7, display name information including “DisplayName” indicating the name of the display name in the authentication apparatus 102 and “User A” indicating the corresponding value for UserA, and login in the authentication apparatus 102. Authentication information indicating a login ID composed of “LoginID” indicating the name of the ID and “UserA” indicating the corresponding value, “EmployeeID” indicating the name of the employee ID in the authentication device 102, and the corresponding value Employee ID information consisting of “110001”, “MailAddress” indicating the name of the mail address in the authentication device 102, and “a@mail.co.jp” indicating the corresponding value. Information is linked. Further, “CardID” indicating the name of the card ID in the authentication apparatus 102 is also associated, but a corresponding value (card ID value) is not set. That is, the authentication information indicating the card ID is not associated. Here, in order to manage the card ID with Active Directory or LDAP, it is assumed that the attribute “card ID” in the authentication apparatus 102 is defined as an attribute for card ID registration. Hereinafter, examples of variations will be described based on this example.

  In this example, “DisplayName”, “LoginID”, and “MailAddress” are default items, while “EmployeeID” and “CardID” (same for “CardIDLastUserTime” described later) are the same as the above-described administrator authentication. The added user needs to manually add to the authentication device 102. That is, the authentication apparatus 102 can add new information in addition to the default information for one user. When adding a new information, for example, an information name (second item), an information value type (character string, number, etc.), and an upper limit of information value length (2 bytes, 256 characters, etc.) can be set. . For example, when adding authentication information indicating a card ID as new information, item (second item) = “CardID”, corresponding value type = character string, upper limit of corresponding value length = 256 characters Can be set.

  Then, for example, from a device different from the authentication device 102 (for example, the image forming device 101), an item to be searched (for example, “CardID” indicating the name of the card ID in the authentication device 102) and a value corresponding to the item (card If the search request including the ID value) is transmitted to the authentication device 102, the authentication device 102 identifies an item that matches the item included in the search request from among the items held by itself. It is possible to determine whether or not the value corresponding to the identified item matches the value included in the search request, and return the determination result. Here, in the authentication device 102, when a plurality of values are associated with one item that matches one item included in the search request, the value included in the search request is changed to the plurality of items. It may be determined whether or not it matches any of the values. In the authentication apparatus 102, one value is associated with one item that matches one item included in the search request. In addition, it may be determined whether or not a value included in the search request partially matches the one value.

  FIG. 8 is a diagram illustrating an example of user information associated with a user in which authentication information indicating a card ID is registered. In the example of FIG. 8, authentication information indicating a card ID composed of “CardID” indicating the name of the card ID in the authentication apparatus 102 and “C1001” indicating the corresponding value is associated with UserA. Yes.

  FIG. 9 shows a case where a plurality of values (card ID values) are associated with “CardID” indicating the name of “card ID” in the authentication apparatus 102, that is, a plurality of values for one UserA. It is a figure which shows the example in case the card ID of is tied. FIG. 10 is also similar to FIG. 9 except that the values of a plurality of card IDs are separated by commas. The value of each card ID is defined as a single value corresponding to “CardID” indicating the name of “card ID” in the authentication apparatus 102. The existing schema of Active Directory or LDAP used in the introduction company's system is defined not to allow multiple values for one item (attribute), but the rules of the organization (for example, company) are changed. When it is necessary to register a plurality of card IDs, it is necessary to take such a mechanism.

  Further, in the present embodiment, the authentication device 102 holds the last use time of one or more card IDs in association with each user. FIG. 11 is a diagram illustrating an example in which the last use time of each of a plurality of card IDs is associated with one UserA. In the example of FIG. 11, “CardIDLastUserTime” indicating the name of the last use time of the card ID in the authentication apparatus 102 is associated with one UserA, and the last use time for each ID value is a corresponding value. Is set.

  In the example of FIG. 11, for “CardIDLastUserTime”, a value “C1001” corresponding to “CardID” and a value “2017/03/29 14:23” corresponding to “CardIDLastUserTime” are “C1001: 2017 / 03/29 14:23 ”. This indicates that the last use time of the ID value “1001” is 14:23 on March 29, 2017. Similarly, for “CardIDLastUserTime”, a value “C1002” corresponding to “CardID” and a value “2017/03/29 14:50” corresponding to “CardIDLastUserTime” are “C1002: 2017/03/29”. 14:50 ”. This indicates that the last use time of the ID value “C1002” is March 29, 2017, 14:50. Similarly, for “CardIDLastUserTime”, a value “C1003” corresponding to “CardID” and a value “2017/03/29 13:21” corresponding to “CardIDLastUserTime” are “C1003: 2017/03/29”. 13:21 ”. This indicates that the last use time of the ID value “C1003” is March 29, 2017, 13:21.

  Note that FIG. 12 is also the same diagram as FIG. 11, but the value indicating the last use time for each ID value (ID value: value represented in the form of the last use time) is separated by commas.

  FIG. 13 shows an information processing system 1 for determining whether or not a login ID inputted by a user is associated with a card ID read from a card possessed by the user and registered in the authentication apparatus 102. It is a sequence diagram which shows an example of the operation | movement procedure. As shown in FIG. 13, the first acquisition unit 112 displays the above-described login screen on the operation panel 15 (step S1), and the user inputs his login ID on the login screen (step S2). The first acquisition unit 112 acquires the input login ID. The first acquisition unit 112 passes the login ID acquired from the user to the user information authentication unit 113 (step S3).

  Upon receiving the login ID from the first acquisition unit 112, the user information authentication unit 113 sends the first item indicating the name of the login ID in the image forming apparatus 101 to the setting holding unit 111 (in this example, as shown in FIG. 4). The second item corresponding to “login ID”) is requested (step S4), and as a response, the second item indicating the name of the login ID in the authentication apparatus 102 (in this example, as shown in FIG. 4). “LoginID”) is acquired (step S5). Next, the user information authenticating unit 113 logs in the authentication device 102 from the second item indicating the name of the login ID in the authentication device 102 and the value of the login ID received from the first acquisition unit 112. A search request for requesting a search for authentication information indicating an ID is transmitted (step S6). This search request includes the second item indicating the name of the login ID in the authentication apparatus 102 and the value of the login ID received from the first acquisition unit 112.

  The authentication apparatus 102 that has received the search request from the user information authentication unit 113 has already registered the authentication information indicating the login ID including the second item indicating the name of the login ID included in the search request and the ID value. It is determined whether or not there is (step S7), and the determination result is notified as a response to the search request (step S8). If the determination result is affirmative, the authentication regarding the login ID is successful, and if the determination result is negative, the authentication regarding the login ID is unsuccessful. Hereinafter, a flow when the determination result is affirmative will be described. Note that at the stage where only the authentication related to the login ID is successful, the screen of the operation panel 15 is locked and an operation from the user cannot be accepted.

  When the authentication related to the login ID is successful, the user places the card he / she owns on the card reader 18 provided in the image forming apparatus 101 (step S9). The second acquisition unit 114 acquires the card ID read by the card reader 18 (step S10), and passes the acquired card ID to the first specifying unit 115 (step S11).

  Next, the first specifying unit 115 sets the first item indicating the name of the card ID in the image forming apparatus 101 to the setting holding unit 111 (in this example, “card ID” as shown in FIG. 4). The corresponding second item is requested (step S12), and as a response, the second item indicating the name of the card ID in the authentication apparatus 102 (in this example, “CardID” as shown in FIG. 4) is acquired ( Step S13). Then, the first identification unit 115 notifies the registration confirmation unit 116 of the second item indicating the name of the card ID in the authentication device 102 and the value of the card ID acquired from the second acquisition unit 114 (step S14). That is, the first specifying unit 115 notifies the registration confirmation unit 116 of authentication information indicating the card ID acquired in step S10 in the authentication device 102. Upon receiving this notification, the registration confirmation unit 116, from the user information authentication unit 113, the second item indicating the name of the login ID in the authentication device 102 and the value of the login ID included in the search request in step S6. Receive. That is, the registration confirmation unit 116 receives authentication information indicating the login ID acquired in step S <b> 2 in the authentication device 102 from the user information authentication unit 113. Then, the registration confirmation unit 116 registers the authentication information indicating the card ID notified in step S14 in association with the authentication information indicating the login ID received from the user information authentication unit 113 with respect to the authentication device 102. A confirmation request for requesting confirmation of whether or not it is present is transmitted (step S15). In this confirmation request, the second item indicating the name of the card ID in the authentication device 102, the value of the card ID (the value of the card ID acquired in step S10), and the name of the login ID in the authentication device 102 And a login ID value (the login ID value acquired in step S2).

  The authentication device 102 that has received the confirmation request from the registration confirmation unit 116 registers the authentication information indicating the card ID included in the confirmation request in association with the authentication information indicating the login ID included in the confirmation request. It is confirmed whether it has been completed (step S16), and the confirmation result is notified as a response to the confirmation request (step S17). Hereinafter, the case where this confirmation result is affirmative and the case where it is negative will be described separately. FIG. 14 is a sequence diagram illustrating an example of an operation procedure when the confirmation result is affirmative, and FIG. 15 is a sequence diagram illustrating an example of an operation procedure when the confirmation result is negative.

  First, a description will be given with reference to FIG. The processing contents of steps S1 to S17 are as described above. The registration confirmation unit 116 notifies each of the second specifying unit 117 and the third acquisition unit 118 that the above confirmation result is affirmative (the information necessary for the subsequent processing is also notified). (Step S18). Upon receiving this notification, the second specifying unit 117 sends the setting holding unit 111 a second item indicating the name of the card ID in the authentication apparatus 102 (in this example, “CardID” as shown in FIG. 4). A corresponding effective period is requested (step S19), and an effective period (in this example, “10 days” as shown in FIG. 5) is acquired as a response (step S20). Then, the obtained effective period is notified to the determination unit 119 (step S21).

  Further, the third acquisition unit 118 that has received the above notification from the registration confirmation unit 116 instructs the setting holding unit 111 to correspond to the second item indicating the name of the card ID in the authentication device 102. The second item indicating the name of the last use time of the card ID in 102 is requested (step S22), and as a response, the second item indicating the name of the last use time of the card ID in the authentication device 102 (in this example, As shown in FIG. 6, "CardIDLastUserTime") is acquired (step S23). Then, the third acquisition unit 118 requests the authentication device 102 for the last use time corresponding to the combination of the authentication information indicating the login ID confirmed in step S16 and the authentication information indicating the card ID. A final use time request is transmitted (step S24). In the final use time request, the authentication information indicating the login ID (second item indicating the name of the login ID in the authentication device 102 and the login ID acquired in step S2), which has been registered in step S16, is confirmed. ) And the authentication information indicating the card ID (the second item indicating the name of the card ID in the authentication device 102 and the value of the card ID acquired in step S10), and acquired in step S23. A second item (second item indicating the name of the last use time of the card ID in the authentication device 102) is included.

  Upon receiving the final use time request from the third acquisition unit 118, the authentication device 102 receives the final use corresponding to the combination of the authentication information indicating the login ID and the authentication information indicating the card ID that has been registered in step S16. The time value is searched (step S25), and the search result (the value of the last use time) is transmitted as a response to the last use time request (step S26). The third acquisition unit 118 notifies the determination unit 119 of the value of the last use time received from the authentication device 102 (step S27).

  Based on the last usage time notified in step S27, the determination unit 119 determines whether or not the condition of the validity period notified in step S21 is satisfied (step S28). As described above, here, the determination unit 119 determines the effective period if the period representing the difference between the current time and the last use time notified in step S28 is within the effective period notified in step S21. Judge that the condition is met. Then, the determination unit 119 notifies the authentication unit 120 of the determination result of step S28 (step S29). The authentication unit 120 determines whether to authenticate the user based on the notified determination result (step S30). If the determination result notified in step S29 is affirmative, the authentication unit 120 authenticates the user and releases the screen lock of the operation panel 15. On the other hand, if the determination result notified in step S29 is negative, the user is not authenticated and the screen lock of the operation panel 15 is not released.

  Further, the determination unit 119 transmits a last use time update request for requesting that the value of the last use time of the card ID acquired in step S10 to be updated to the current time to the authentication apparatus 102 (step S31). . In this final use time update request, in addition to the authentication information indicating the login ID and the authentication information indicating the card ID, the registration of which has been confirmed in step S16, the second item acquired in step S23 ( A second item indicating the name of the last use time of the card ID in the authentication device 102) and a current time that is a value corresponding to the second item. Upon receiving the last use time update request, the authentication device 102 uses the last use time value corresponding to the combination of the authentication information indicating the login ID and the authentication information indicating the card ID, which has been registered in step S16, as the final use time value. Update to the current time included in the use time update request (step S32).

  Next, it demonstrates using FIG. The processing contents of steps S1 to S17 are as described above. The registration confirmation unit 116 notifies the registration unit 121 that the above confirmation result is negative (also notifies information necessary for subsequent processing) (step S100). Upon receiving this notification, the registration unit 121 displays a registration execution screen on the operation panel 15 for accepting an instruction to execute registration of authentication information corresponding to the card ID acquired in step S10 (step S101). A registration execution instruction is input to the registration execution screen (step S102). When the registration execution instruction is received via the registration execution screen, the registration unit 121 instructs the setting holding unit 111 to correspond to the second item indicating the name of the card ID in the authentication device 102. A second item indicating the name of the last use time of the card ID is requested (step S103), and as a response, the second item indicating the name of the last use time of the card ID in the authentication device 102 (in this example, FIG. 6). (CardIDLastUserTime)) is acquired (step S104).

  And the registration part 121 respond | corresponds to the card | curd ID acquired by step S10 with respect to the authentication information corresponding to the login ID acquired by step S2 registered with the authentication apparatus 102 with respect to the authentication apparatus 102. FIG. The registration information is registered in association with the authentication information, and a registration instruction for instructing to register the current time as the value of the last use time of the card ID is transmitted (step S105). In this registration instruction, the second item indicating the name of the card ID in the authentication device 102, the value of the card ID (the value of the card ID acquired in step S10), and the name of the login ID in the authentication device 102 , The second item indicating the name of the last use time of the card ID in the authentication device 102 (obtained in step S104). The second item) and the current time. Upon receiving this registration instruction, the authentication device 102 registers the authentication information indicating the card ID included in the registration instruction in association with the authentication information indicating the login ID included in the registration instruction, and the card in the authentication device 102 As a value corresponding to the second item indicating the name of the last use time of the ID, a set of the card ID value included in the registration instruction and the current time included in the registration instruction is registered (step S106).

  As described above, when authenticating a user, the image forming apparatus 101 according to the present embodiment reads the authentication information corresponding to the login ID input by the user from the card possessed by the user. It is confirmed whether authentication information corresponding to the card ID is associated with the card ID and registered in the authentication device 102. If the confirmation result is affirmative, the image forming apparatus 101 acquires the last use time of the card ID from the authentication apparatus 102, and based on the acquired last use time, the name of the card ID in the authentication apparatus 102 It is determined whether or not the validity period previously associated with the second item indicating the condition is satisfied, and the user is authenticated only when the determination result is affirmative. As a result, the user can be authenticated in consideration of detailed additional information on the card without intervention of the administrator.

  Although the embodiments according to the present invention have been described above, the present invention is not limited to the above-described embodiments as they are, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the above-described embodiments. For example, you may delete some components from all the components shown by the above-mentioned embodiment.

  Hereinafter, modifications will be described. The following modifications can be arbitrarily combined with the above-described embodiment, and the modifications can be combined with each other.

(1) Modification 1
For example, when the authentication apparatus 102 holds a plurality of combinations of the card ID value and the last use time value in association with the second item indicating the name of the last use time of the card ID, The third acquisition unit 118 acquires all combinations from the authentication device 102. That is, the third obtaining unit 118 obtains a plurality of combinations of the card ID value and the last use time value as a response to the last use time request in step S24 of FIG. Then, the determination unit 119 determines the card ID acquired in step S10 shown in FIG. 14 from among the plurality of last used time values corresponding to the plurality of combinations notified by the third acquisition unit 118. It is determined whether or not the value of the last use time corresponding to the value (the value of the card ID acquired by the second acquisition unit 114) is the latest. The determination unit 119 determines that the value of the last use time corresponding to the value of the card ID acquired in step S10 illustrated in FIG. 14 (the value of the card ID acquired by the second acquisition unit 114) is not the latest. In the case of authentication, the authentication unit 120 does not authenticate the user.

(2) Modification 2
For example, the registration unit 121 has already received authentication information indicating a card ID including a pair of the second item specified by the first specifying unit 115 and the value of the card ID acquired by the second acquisition unit 114. If it is already registered in the authentication apparatus 102, registration of the authentication information is not permitted. For example, the registration unit 121 has already registered the authentication information corresponding to the card ID acquired in step S10 with respect to the authentication apparatus 102 before transmitting the registration instruction in step S105 illustrated in FIG. 15 to the authentication apparatus 102. In the case of registration, no registration instruction is transmitted.

  In this modification, control is performed so that the card ID once registered is not deleted from the authentication apparatus 102 and the registered card ID is not re-registered. In this modification, the following use cases are assumed. For example, when the user loses the card, a new card is issued. The time when the card ID of the new card is registered in the authentication device 102 is registered as the last use time of the card ID, Authentication using the card ID becomes possible. On the other hand, if the card ID of the lost card is deleted and the re-registration of the card ID is permitted, the card ID may be re-registered and misused. Unauthorized re-registration can be prevented by leaving it in 102 and not permitting re-registration of the card ID.

(3) Modification 3
In the above-described embodiment, the image forming apparatus 101 is employed as an example of the “information processing apparatus”. However, the form of the “information processing apparatus” is not limited to this, and for example, a user authentication function such as a projector or an electronic blackboard The attached electronic device can be employed as an “information processing apparatus”.

  Note that the program executed in the information processing system 1 of the above-described embodiment is a file in an installable format or an executable format, and is a CD-ROM, a flexible disk (FD), a CD-R, a DVD (Digital Versatile Disk). It may be configured to be recorded and provided on a computer-readable recording medium such as USB (Universal Serial Bus), or may be configured to be provided or distributed via a network such as the Internet. Various programs may be provided by being incorporated in advance in a ROM or the like.

DESCRIPTION OF SYMBOLS 1 Information processing system 101 Image forming apparatus 102 Authentication apparatus 103 Setting terminal 104 Network 110 Communication part 111 Setting holding part 112 First acquisition part 113 User information authentication part 114 Second acquisition part 115 First identification part 116 Registration confirmation part 117 Second identification unit 118 Third acquisition unit 119 Determination unit 120 Authentication unit 121 Registration unit

Japanese Patent No. 4294669

Claims (8)

An information processing apparatus capable of communicating with an authentication server that holds authentication information indicating information related to user authentication,
First correspondence information indicating a correspondence relationship between a first item indicating the name of the authentication information in the information processing apparatus and a second item indicating the name of the authentication information in the authentication server, and in the authentication server A correspondence information storage unit that stores second correspondence information in which the validity period of the card is associated with the second item indicating the name of the card identification information for identifying a card possessed by the user;
A first acquisition unit for acquiring user information for identifying a user;
A user information authentication unit for determining whether or not the authentication information corresponding to the user information acquired by the first acquisition unit is registered in the authentication server;
A second acquisition unit that acquires the card identification information from the card possessed by the user;
A first identification unit that identifies the second item corresponding to the first item indicating the name of the card identification information in the information processing apparatus with reference to the first correspondence information;
The authentication information indicating the card identification information consisting of a set of the second item specified by the first specifying unit and a value of the card identification information acquired by the second acquisition unit, A registration confirmation unit that confirms whether or not the authentication information corresponding to the user information acquired by the first acquisition unit is associated with the authentication server;
When the confirmation result by the registration confirmation unit is affirmative, the second correspondence information is referred to, and the effective period corresponding to the second item specified by the first specifying unit is specified. A specific part,
When the confirmation result by the registration confirmation unit is affirmative, it is a set of the second item specified by the first specifying unit and the value of the card identification information acquired by the second acquiring unit. A third acquisition unit for acquiring the last use time of the card identification information from the authentication server;
A determination unit that determines whether or not a condition of the validity period specified by the second specifying unit is satisfied based on the last use time acquired by the third acquiring unit;
An authentication unit that authenticates a user when the determination unit determines that the validity period is satisfied.
Information processing device. If the period representing the difference between the current time and the last use time acquired by the third acquisition unit is within the effective period specified by the second specification unit, the determination unit Judging that the validity period is satisfied,
The information processing apparatus according to claim 1. When the authentication server holds a plurality of combinations of the value of the card identification information and the value of the last use time for the second item indicating the name of the last use time, The third acquisition unit acquires all the combinations from the authentication server,
The determination unit determines whether or not the value of the last use time corresponding to the value of the card identification information acquired by the second acquisition unit is the latest;
The information processing apparatus according to claim 1 or 2. When the determination unit determines that the value of the last use time corresponding to the value of the card identification information acquired by the second acquisition unit is not the latest, the authentication unit does not authenticate the user.
The information processing apparatus according to claim 3. The authentication information indicating the card identification information consisting of a set of the second item specified by the first specifying unit and a value of the card identification information acquired by the second acquisition unit, If the authentication information associated with the user information acquired by the first acquisition unit is associated with the authentication information and not registered in the authentication server, the authentication information indicating the card identification information including the set is A registration unit that registers with the authentication server in association with the authentication information corresponding to the information;
The information processing apparatus according to any one of claims 1 to 4. The registration unit
The authentication information indicating the card identification information including the second item specified by the first specifying unit and the value of the card identification information acquired by the second acquisition unit is already If already registered in the authentication server, registration of the authentication information is not permitted.
The information processing apparatus according to claim 5. An information processing method by an information processing apparatus capable of communicating with an authentication server holding authentication information indicating information related to user authentication,
A first acquisition step of acquiring user information for identifying a user;
A user information authentication step of determining whether or not the authentication information corresponding to the user information acquired in the first acquisition step is registered in the authentication server;
A second acquisition step of acquiring card identification information for identifying the card from a card possessed by the user;
With reference to the first correspondence information indicating the correspondence between the first item indicating the name of the authentication information in the information processing apparatus and the second item indicating the name of the authentication information in the authentication server, A first specifying step of specifying the second item corresponding to the first item indicating the name of the card identification information in the information processing apparatus;
The authentication information indicating the card identification information consisting of a set of the second item identified by the first identification step and the value of the card identification information acquired by the second acquisition step is A registration confirmation step of confirming whether or not the authentication information corresponding to the user information acquired in the first acquisition step is associated with the authentication information and registered in the authentication server;
If the confirmation result in the registration confirmation step is affirmative, refer to the second correspondence information in which the card validity period is associated with the second item indicating the name of the card identification information in the authentication server. A second specifying step for specifying the validity period corresponding to the second item specified by the first specifying step;
When the confirmation result in the registration confirmation step is affirmative, it is composed of a set of the second item specified in the first specification step and the value of the card identification information acquired in the second acquisition step. A third acquisition step of acquiring the last use time of the card identification information from the authentication server;
A determination step of determining whether or not a condition of the validity period specified by the second specification step is satisfied based on the last use time acquired by the third acquisition step;
An authentication step of authenticating a user when it is determined by the determination step that the condition of the validity period is satisfied,
Information processing method. An information processing apparatus capable of communicating with an authentication server that holds authentication information indicating information related to user authentication,
A first acquisition step of acquiring user information for identifying a user;
A user information authentication step of determining whether or not the authentication information corresponding to the user information acquired in the first acquisition step is registered in the authentication server;
A second acquisition step of acquiring card identification information for identifying the card from a card possessed by the user;
With reference to the first correspondence information indicating the correspondence between the first item indicating the name of the authentication information in the information processing apparatus and the second item indicating the name of the authentication information in the authentication server, A first specifying step of specifying the second item corresponding to the first item indicating the name of the card identification information in the information processing apparatus;
The authentication information indicating the card identification information consisting of a set of the second item identified by the first identification step and the value of the card identification information acquired by the second acquisition step is A registration confirmation step of confirming whether or not the authentication information corresponding to the user information acquired in the first acquisition step is associated with the authentication information and registered in the authentication server;
If the confirmation result in the registration confirmation step is affirmative, refer to the second correspondence information in which the card validity period is associated with the second item indicating the name of the card identification information in the authentication server. A second specifying step for specifying the validity period corresponding to the second item specified by the first specifying step;
When the confirmation result in the registration confirmation step is affirmative, it is composed of a set of the second item specified in the first specification step and the value of the card identification information acquired in the second acquisition step. A third acquisition step of acquiring the last use time of the card identification information from the authentication server;
A determination step of determining whether or not a condition of the validity period specified by the second specification step is satisfied based on the last use time acquired by the third acquisition step;
A program for executing an authentication step of authenticating a user when the determination step determines that the condition of the validity period is satisfied.

Images