JP2022007420A - Information processing apparatus and information processing system - Google Patents

Abstract

To provide an information processing apparatus that can facilitate the wireless setting of a portable terminal while ensuring security.SOLUTION: In an information processing system, an information processing apparatus (image forming apparatus 100) supports the wireless connection between a portable terminal 300 and an access point (AP), and comprises: a pairing unit 1001 that performs pairing for recognizing a regular communication partner for a server device 200 that provides the AP; an AP connection information acquisition unit 1005 that acquires, from the server device being a pairing partner, AP connection information for the portable terminal to wirelessly connect to the AP; and an AP connection information transmission unit 1004 that transmits the acquired AP connection information to the portable terminal.SELECTED DRAWING: Figure 4

Description

The present disclosure relates to an information processing device that supports a wireless connection between a mobile terminal and an access point (AP).

When connecting a mobile terminal to a wireless communication environment such as Wi-Fi (registered trademark), it is necessary to set network connection information such as SSID (Service Set Identifier) and password. Here, the server device that provides the wireless communication environment may be installed in a place that cannot be directly touched or may not have a console for operation for security reasons. Therefore, there is a problem that the network connection information cannot be directly transmitted from the server device to the mobile terminal, and it is not easy for the mobile terminal to acquire the network connection information.

To solve this problem, Patent Document 1 discloses a technique for facilitating the acquisition of network connection information by transmitting network connection information using a communication method such as NFC (Near Field Communication). ..

Japanese Patent Application Laid-Open No. 2003-229872 Japanese Unexamined Patent Publication No. 2014-206937

However, in the technique described in Patent Document 1, the authentication management of the user of the wireless terminal is not performed, and anyone can use the Wi-Fi connection, which poses a security problem.

On the other hand, in Patent Document 2, the mobile terminal transmits user information to the authentication server using NFC or the like, and when the transmitted user information matches the user information registered in advance in the authentication server, A configuration for transmitting network setting information to a mobile terminal is disclosed. With this configuration, the users of the Wi-Fi connection can be restricted to only the users registered in the authentication server in advance, so that it is possible to facilitate the wireless setting of the mobile terminal while ensuring security.

It is an object of the present disclosure to provide an information processing apparatus and an information processing system capable of facilitating wireless setting of a mobile terminal while ensuring security by using a method different from the above-mentioned Patent Document 2.

The information processing device according to one aspect of the present disclosure is an information processing device that supports wireless connection between a mobile terminal and an access point (AP), and provides an AP for pairing for recognizing a legitimate communication partner. The pairing means to be performed on the server device to be paired, the acquisition means to acquire the AP connection information for the mobile terminal to wirelessly connect to the AP from the server device to be paired, and the acquired AP connection information to the mobile terminal. It is characterized by comprising a transmission means for transmission.

Further, a server accommodating unit for accommodating the server apparatus may be provided in the housing of the main body of the information processing apparatus.

Further, the communication with the server device may be performed by a communication method different from the wireless connection between the mobile terminal and the AP.

Further, an operation panel for receiving an operation related to the connection between the mobile terminal and the AP from the user and a non-volatile storage means are further provided, and the acquisition means is a server device which is a pairing partner before accepting the operation. The AP connection information may be acquired from the storage means, the acquired AP connection information may be stored in the storage means, and the transmission means may transmit the AP connection information stored in the storage means when the operation is received. ..

Further, it is further provided with an operation panel that accepts an operation related to the connection between the mobile terminal and the AP from the user, and a request means for transmitting an acquisition request for AP connection information to the server device that is the pairing partner when the operation is accepted. The acquisition means may acquire AP connection information as a response to the acquisition request.

Further, the transmission means may display the AP connection information in text on the operation panel.

Further, the transmission means may display an image in which AP connection information is encoded on the operation panel.

Further, a communication module for short-range wireless communication may be further provided, and the transmission means may output a wireless signal based on AP connection information from the communication module.

Further, a speaker may be further provided, and the transmission means may output an audio signal based on the AP connection information from the speaker.

Further, the transmission means further includes a key acquisition means for acquiring an encryption key capable of generating a decryptable encryption with a decryption key held by the mobile terminal of the transmission partner, and the transmission means encrypts the AP connection information with the encryption key. May be transmitted.

Further, the pairing includes a process of exchanging public keys with each other, and communication with the pairing partner may be performed by encrypting using the exchanged public keys.

Further, the pairing includes a process of exchanging MAC addresses with each other, and communication in which the source information included in the header information of the communication data matches the MAC address of the pairing partner is referred to as communication from the pairing partner. You may look at it.

Further, the pairing is to be connected by a dedicated communication path, and the communication whose communication path is the dedicated communication path may be regarded as the communication from the pairing partner.

Further, a job acquisition means for acquiring an image forming job for forming an image on a sheet and an image forming means for executing the acquired image forming job may be further provided.

The information processing system of one aspect of the present disclosure is an information processing system including the above-mentioned information processing device and the server device, and the server device performs the pairing with the information processing device. It is characterized in that the AP connection information related to the AP provided by itself is transmitted to the information processing device which is the pairing partner.

Further, the server device accepts the operation of the administrator of the server device, changes the setting of the AP to be provided according to the received operation, and the information of the pairing partner with the AP connection information related to the AP after the setting change. It may be transmitted to the processing device.

Further, when the server device receives the request for acquiring the connection information of the AP, the server device transfers the AP connection information related to the AP provided by itself to the information processing device which is the pairing partner only when the source is the pairing partner. You may send it.

Further, the server device provides an AP that connects to a network for an authenticated user, and the transmission means is a network for the authenticated user only when a specific user is logged in to the information processing device. AP connection information relating to the AP connected to the may be transmitted.

Further, the server device further provides an AP that connects to the network for the guest user, and the transmission means connects to the network for the guest user when the specific user is not logged in to the information processing device. The AP connection information related to the AP may be transmitted.

Further, the server device further provides an AP for connecting to the network for the system administrator, and the transmission means is the system when a user having the authority of the system administrator is logged in to the information processing device. AP connection information related to the AP connected to the network for the administrator may be transmitted.

The server device may also provide a time-limited AP.

Further, the server device further provides an AP that connects to the network for the authenticated user, and the server device acquires authentication information within the time limit from a mobile terminal wirelessly connected to the time-limited AP. If the authentication is successful, the mobile terminal may be notified of the AP connection information related to the AP connected to the network for the authenticated user.

According to the present disclosure, the user of the AP can be limited to a person who can operate the information processing device paired with the server device that provides the AP. Here, for example, an information processing device, which is an image forming device, is installed in a security area or a door locked indoors, which cannot be entered without passing through a security gate. Therefore, the user of the information processing device is a person who can pass through the security gate or a person who can unlock the locked door. As described above, according to the present disclosure, security is ensured by limiting the users of the AP to those who can pass through the security gate and those who can unlock the locked door. Then, by transmitting AP connection information (network connection) from the information processing terminal to the mobile terminal, the wireless setting in the mobile terminal is facilitated.

It is a front view which shows the main structure of the information processing system 1 which concerns on Embodiment 1. FIG. It is a block diagram which shows the structure of an image forming apparatus 100. It is a block diagram which shows the structure of the server apparatus 200. It is a block diagram which shows the function of an information processing system. It is a sequence diagram which shows the operation example of the information processing system 1. It is a sequence diagram which shows the operation example of the information processing system 1. It is a sequence diagram which shows the operation example of the information processing system 1.

[1] Embodiment 1
Hereinafter, embodiments of the information processing system 1 according to the present disclosure will be described with reference to the drawings.

(1) Configuration of Information Processing System 1 First, the configuration of the information processing system 1 according to the present embodiment will be described.

FIG. 1 is a front view showing a main configuration of the information processing system 1. The information processing system 1 is installed in a security area that cannot be entered without passing through a security gate, and is composed of an image forming apparatus 100 and a server apparatus 200.

The image forming apparatus 100 is a so-called multifunction device, and includes an operation panel 120, an image reading unit 130, an image forming unit 140, and a paper feeding unit 150. Further, a server accommodating unit 160 is provided below the paper feeding unit 150, and the server device 200 is accommodated.

The operation panel 120 includes a touch panel and hard keys including a touch pad and a liquid crystal display panel, and presents information to the user of the image forming apparatus 100, gives an instruction to read a document, gives an instruction to print, and transmits a facsimile. Accepts user operation inputs such as instructions.

The image reading unit 130 includes an automatic document transport unit 131 and a scanner device 132. When the image is read from the original by the sheet-through method, the originals are conveyed one by one from the top of the original bundle placed on the original tray 133 of the automatic original conveying unit 131, and the scanning position of the scanner device 132 is determined. After passing through, the original is ejected to the output tray 134. The scanner device 132 irradiates the document passing through the reading position with illumination light, and detects the amount of reflected light by the line sensor to generate image data.

The image forming unit 140 forms a color or monochrome toner image using the image data generated by the image reading unit 130 and the image data received from other devices, and the recording unit 150 supplies the toner image according to the user's instruction. After the toner image is transferred to the sheet S and the toner image is heat-fixed to the recording sheet S, the recording sheet S is discharged onto the paper ejection tray 141.

From the viewpoint of ergonomics, the image forming apparatus 100 may use the output trays 134, 141 and the like to facilitate handling of the recording sheet on which the image is formed, the original to be read, and the operation panel 120 for operating the image forming apparatus 100. The document tray 133 and the operation panel 120 are designed to have a predetermined height. As a result, there is a margin of space in the lower part of the image forming apparatus 100. In the present disclosure, as an effective utilization of the space, a server accommodating unit 160 is provided below the paper feeding unit 150, and the server device 200 is accommodated in the server accommodating unit 160. If the image forming apparatus 100 and the server apparatus 200 are integrally configured, it is possible to save space in the office.

The server device 200 is an information terminal that provides a predetermined service to a client, includes a LAN connection module that connects to a LAN (Local Area Network) and a Wi-Fi module that wirelessly connects to a mobile terminal, and the mobile terminal is a LAN. Provides an access point function for connecting to. Further, the server device 200 may provide a storage function of receiving and storing data from an information terminal belonging to the same LAN, or receives image data generated by the scanner device 132 and receives OCR (Optical Character Recognition). You may provide a function to execute image processing such as.

FIG. 2 is a block diagram showing the configuration of the image forming apparatus 100. The image forming apparatus 100 includes a control unit 110, a non-volatile storage unit 111, and a dedicated communication module 181 in addition to the above-mentioned configurations (operation panel 120, image reading unit 130, image forming unit 140, and paper feeding unit 150).

The control device 110 includes a CPU (Central Processing Unit) 110a, a ROM (Read Only Memory) 110b, and a RAM (Random Access Memory) 110c. The CPU 110a operates according to the control program stored in the ROM 110b. The ROM 110b stores a control program for executing various jobs such as a copy operation. The RAM 110c temporarily stores various control variables and provides a work area for program execution by the CPU 110a.

The non-volatile storage unit 111 is composed of a non-volatile semiconductor memory. The non-volatile storage unit 111 may be composed of a hard disk.

The operation panel 120 includes a display 121, an input unit 122, a speaker 123, and an NFC module 124. The display 120 is a liquid crystal panel constituting a touch panel, and displays various information under the control of the control device 110. The input unit 122 is a touch pad constituting a touch panel, various hard keys, and the like, and receives operation input by the user. The speaker 123 is a device that converts an electric signal expressing acoustics into a physical sound, that is, vibration of air, and outputs various messages under the control of the control device 110. The NFC module is a communication module for performing wireless communication according to the NFC standard, and outputs various information under the control of the control device 110.

The dedicated communication module 181 is, for example, an Ethernet standard, and is a wired communication module for connecting to the server device 200. When the image forming apparatus 100 communicates with the server apparatus 200 via the dedicated communication module 181, the MAC address of the dedicated communication module 181 is stored in the source MAC address field in the header of the packet transmitted by the image forming apparatus 100. Will be done.

FIG. 3 is a block diagram showing the configuration of the server device 200. The server device 200 includes a control unit 220, a non-volatile storage unit 221, a LAN connection module 201, a dedicated communication module 202, and a Wi-Fi module 203.

The control device 220 includes a CPU 220a, a ROM 220b, and a RAM 220c. The CPU 220a operates according to the control program stored in the ROM 220b. A control program such as a BIOS is stored in the ROM 220b. The RAM 220c temporarily stores various control variables and provides a work area for program execution by the CPU 220a.

The non-volatile storage unit 221 is composed of a non-volatile semiconductor memory. The non-volatile storage unit 221 may be composed of a hard disk.

The LAN connection module 201 is, for example, a wired communication module for connecting to a LAN according to the Ethernet (registered trademark) standard. The server device 200 communicates with a terminal connected to the LAN via the LAN connection module 201. When the server device 200 communicates with a terminal connected to the LAN via the LAN connection module 201, the MAC address of the LAN connection module 201 is entered in the source MAC address field in the header of the packet transmitted by the server device 200. Stored.

The dedicated communication module 202 is, for example, an Ethernet standard, and is a wired communication module for connecting to the image forming apparatus 100. When the server device 200 communicates with the image forming apparatus 100 via the dedicated communication module 202, the MAC address of the dedicated communication module 202 is stored in the source MAC address field in the header of the packet transmitted by the server device 200. Ru.

The Wi-Fi module 203 is a communication module for performing wireless communication according to the Wi-Fi standard.

FIG. 4 is a block diagram showing a functional configuration of the information processing system 1.

In the image forming apparatus 100, the control device 110 executes a control program and controls each component, whereby the pairing unit 1001, the AP connection information transmission unit 1004, the AP connection information acquisition unit 1005, the user key acquisition unit 1007, It functions as a login management unit 1009.

The pairing unit 1001 performs pairing processing with the server device 200 to authenticate that the communication partner is a legitimate communication partner. In the pairing process, in the present embodiment, the dedicated communication module 181 and the dedicated communication module 202 are connected by an Ethernet cable to provide a dedicated communication path, and the public key of the server device 200 based on the public key cryptosystem. And the MAC address of the dedicated communication module 202 are stored in a predetermined area of the non-volatile storage unit 111 as paired partner information 1003. The pair partner information 1003 is stored in a predetermined area of the non-volatile storage unit 111 by operating the image forming apparatus 100, for example, when the administrator of the image forming apparatus 100 sets up the information processing system 1.

The pairing unit 1001 stores the public key of the server device 200, which is the pairing partner, as the pair partner information 1003, so that only the server device 200 can decrypt the data transmitted to the server device 200. It can be encrypted.

The pairing unit 1001 includes a pair authentication unit 1002, and when the image forming apparatus 100 receives a packet via the dedicated communication module 181, it authenticates whether the communication partner is a legitimate communication partner. Specifically, the source address of the received packet is compared with the MAC address of the dedicated communication module 202 stored in the pair partner information 1003, and if they match, the communication partner is authenticated as a legitimate communication partner.

The AP connection information acquisition unit 1005 acquires AP connection information consisting of an SSID and a password for the mobile terminal 300 to wirelessly connect to the access point (AP) from the pairing partner, and uses the acquired AP connection information as AP connection information 1006. It is stored in a predetermined area of the non-volatile storage unit 111.

The AP connection information transmission unit 1004 transmits the AP connection information 1006 stored in the non-volatile storage unit 111 to the mobile terminal 300 owned by the user who operates the operation panel 120 of the image forming apparatus 100.

The method of transmitting the AP connection information 1006 may be displayed as a text image on the display 121 of the operation panel 120, or may be displayed as an image encoded by a barcode or a QR code (registered trademark). When displayed as a text image, the mobile terminal 300 photographs the text image displayed on the display 121 by the camera 301, and performs OCR on the acquired captured image by OCR (Optical Character Recognition) / QR decoder 302. , Acquire AP connection information. Further, when the QR code (registered trademark) is coded and displayed, the mobile terminal 300 captures an image of the QR code (registered trademark) displayed on the display 121 by the camera 301, and the QR code is used by the OCR / QR decoder 302. AP connection information is acquired by decrypting (registered trademark).

Further, as the transmission method of the AP connection information 1006, an audio signal based on the AP connection information to be transmitted may be output from the speaker 123. For example, when the SSID of the AP connection information (SSID and password) to be transmitted is "sample_sid" and the password is "sample_pass", a voice signal "SSID is sample_sid and password is simple_pass" is generated by voice synthesis. , May be output from the speaker 123. In this case, the mobile terminal 300 acquires AP connection information from the voice signal by converting the voice output from the speaker 123 by the microphone 303 into a voice signal and performing voice recognition on the voice signal by the voice recognition unit 304. do.

Further, as the transmission method of the AP connection information 1006, a radio signal based on the AP connection information to be transmitted may be output from the NFC module 124. In this case, the mobile terminal 300 acquires the AP connection information by receiving the radio signal output from the NFC module 124 in the NFC module 305.

The user key acquisition unit 1007 acquires the user information input by the user by operating the operation panel 120, acquires the user key associated with the acquired user information from the pairing partner, and acquires the acquired user key. It is stored in a predetermined area of the non-volatile storage unit 111 as the user key 1008. The user may input the user information using the software keyboard displayed on the touch panel of the operation panel 120, and the NFC module 124 of the operation panel 120 and the wireless tag incorporating the NFC module for transmitting the user information are built-in. User information may be input by NFC by bringing and.

When transmitting the AP connection information to the mobile terminal 300, the AP connection information transmission unit 1004 may encrypt and transmit the AP connection information with the user key 1008 held by the non-volatile storage unit 111. In this case, the AP connection information is encrypted, then converted into a text image, a QR code (registered trademark), or the like, and transmitted to the mobile terminal 300. The mobile terminal 300 acquires the unencrypted AP connection information by decrypting the AP connection information encrypted by the above method with the decryption key previously held by the AP connection information decoding unit 306. Here, the user key and the decryption key may be a public key and a private key based on the public key cryptosystem of the mobile terminal 300. Further, the user key and the decryption key may be a key of a common key cryptosystem that uses a key common to encryption and decryption.

The login management unit 1009 acquires login information including a login ID and a password input via the operation panel 120 when the user logs in to the image forming apparatus 100, and the acquired login information and the non-volatile storage unit 111. The login information 1010 stored in the predetermined area is compared, and if both match, the user's login is authenticated. Login accounts are distinguished by general user accounts and administrator accounts. Also, multiple users cannot log in at the same time. The user may enter the login information using the software keyboard displayed on the touch panel of the operation panel 120, and the NFC module 124 of the operation panel 120 and the wireless tag incorporating the NFC module for transmitting the user information are built-in. You may enter the login information by NFC by bringing the and.

The server device 200 functions as a pairing unit 2001, AP2004A-C, AP connection information notification unit 2007, and user authentication unit 2010 by executing a program by the control device 220 and controlling each component.

The pairing unit 2001 performs a pairing process on the image forming apparatus 100 to authenticate that the communication partner is a legitimate communication partner. In the pairing process, in the present embodiment, the dedicated communication module 181 and the dedicated communication module 202 are connected by an Ethernet cable to provide a dedicated communication path, and the image forming apparatus 100 based on the public key cryptosystem is disclosed. The key and the MAC address of the dedicated communication module 181 are stored in a predetermined area of the non-volatile storage unit 221 as pairing partner information 2003. The pair partner information 2003 is stored in a predetermined area of the non-volatile storage unit 221 by operating the server device 200, for example, when the administrator of the server device 200 sets up the information processing system 1.

The pairing unit 2001 stores the public key of the image forming apparatus 100, which is the pairing partner, as the pairing partner information 2003, so that only the image forming apparatus 100 decodes the data transmitted to the image forming apparatus 100. Can be encrypted.

The pairing unit 2001 includes a pair authentication unit 2002, and when the server device 200 receives a packet via the dedicated communication module 202, the pairing unit 2001 authenticates whether the communication partner is a legitimate communication partner. Specifically, the source address of the received packet is compared with the MAC address of the dedicated communication module 181 stored in the pair partner information 2003, and if they match, the communication partner is authenticated as a legitimate communication partner.

The AP2004A-C is an AP for connecting the mobile terminal 300 connected via the Wi-Fi module 203 to the LAN 400 connected via the LAN connection module 201.

The AP2004A-C each include an AP authentication unit 2005 and authenticates the mobile terminal 300 connected via the Wi-Fi module 203. Specifically, the AP connection information is received from the mobile terminal 300, the received AP connection information is collated with the AP connection information 2006 stored in the predetermined area of the non-volatile storage unit 221, and if they match, the LAN 400 is reached. Allow the connection.

AP2004A is, for example, an AP for an authentication user provided to a user who is logged in to the image forming apparatus 100 as a general user, and AP2004B is provided to, for example, a user who is not logged in to the image forming apparatus 100. The AP 2004C is, for example, an administrator AP provided to a user who is logged in to the image forming apparatus 100 as an administrator. The accessible range in the LAN 400 may be different for each AP, and different access privileges may be given to each AP, and the functions that can be used by the connected information terminal may be different.

The AP connection information notification unit 2007 acquires the AP connection information 2006 corresponding to each of AP2004A-C from the non-volatile storage unit 221 and transmits the AP connection information 2006 to the image forming apparatus 100 via the dedicated communication module 202.

When the user authentication unit 2010 receives a login request including user information from the mobile terminal 300 connected via the Wi-Fi module 203, the user information included in the login request and a predetermined area of the non-volatile storage unit 221 are used. By collating with the user information 2009 stored in the mobile terminal 300, the login of the mobile terminal 300 is authenticated.

Further, the user authentication unit 2010 requests the user key acquisition including the user information from the image forming apparatus 100 via the dedicated communication module 202, and is stored in the user information included in the user key acquisition request and the non-volatile storage unit 221. The user key 2008 associated with the matched user information 2009 is compared with the user information 2009, and the user key 2008 is transmitted to the image forming apparatus 100 via the dedicated communication module 202. The user key and user information are stored in advance in the non-volatile storage unit 221 by the administrator of the server device 200 at the request of the user of the mobile terminal 300 or the like.

The bridge connection unit 2011 bridge-connects the LAN connection module 201 and the dedicated communication module 2020. As a result, the image forming apparatus 100 is virtually connected to the LAN 400 via the server apparatus 200, and can communicate with other communication terminals connected to the LAN 400.

The mobile terminal 300 stores the AP connection information acquired from the image forming apparatus 100 via the above-mentioned camera 301, microphone 303, NFC module 305, etc. in the non-volatile storage unit as AP connection information 308, and stores the Wi-Fi module 307 in the non-volatile storage unit. AP connection information 308 is transmitted to the server device 200 connected via the device.

The mobile terminal 300 that succeeds in authenticating the AP connection information connects to the LAN 400 via the server device 200, and causes the image forming device 100 to execute a print job or a scan job.

(2) Operation of Information Processing System 1 The operation of the information processing system 1 will be described with reference to the sequence diagram shown in FIG.

The image forming apparatus 100 and the server apparatus 200 perform a pairing process for authenticating each other as a legitimate communication partner (steps S201 and 301).

The administrator of the server device 200 operates the server device 200 to change the setting (AP connection information) of the AP (AP2004A-C) provided by the server device 200 (step S202). It is desirable that the password for connecting to the AP is changed regularly from the viewpoint of security. Therefore, it is assumed that the AP connection information 2006 corresponding to each of AP2004A-C is changed periodically (for example, every 180 days) by the administrator of the server device 200.

When any AP connection information of AP2004A-C is changed, the AP connection information notification unit 2007 of the server device 200 sends an AP connection information update request including the AP connection information of the changed AP in AP2004A-C. It is transmitted to the image forming apparatus 100 via the dedicated communication module 202 (step S203).

When the image forming apparatus 100 receives the AP connection information update request from the server apparatus 200 via the dedicated communication module 181 (step S302), the source of the received AP connection information update request is the pairing partner (regular communication partner). ) (Step S303).

When the source of the AP connection information update request is the pairing partner (step S303: Yes), the image forming apparatus 100 receives the AP connection information 1006 stored in the predetermined area of the non-volatile storage unit 111. Update with the AP connection information included in the information update request (step S304). The AP connection information of the authentication user AP, the AP connection information of the guest user AP, and the AP connection information of the administrator AP are stored in the predetermined area of the non-volatile storage unit 111, respectively, and the AP connection information update request is made. Contains information that specifies which AP connection information to update among them.

If the source of the AP connection information update request is not the pairing partner (step S303: No), the image forming apparatus 100 suspends the process until the AP connection information update request is received again.

After that, the user operates the operation panel 120 of the image forming apparatus 100 to input an AP connection information output operation for outputting the AP connection information from the operation panel 120. Then, the image forming apparatus 100 accepts this operation (step S305), and outputs the AP connection information of the AP according to the login state of the user at the time when the operation is accepted from the operation panel 120 (step S306). The method of outputting the AP connection information is as described above as a method of transmitting the AP connection information from the image forming apparatus 100 to the mobile terminal 300. At this time, if the user is logged in as a general user, the AP connection information of the authenticated user AP is output, and if the user is not logged in, the AP connection information of the guest user AP is output and managed by the user. If you are logged in as a person, the AP connection information of the administrator AP is output.

The mobile terminal 300 possessed by the user who operates the operation panel 120 of the image forming apparatus 100 acquires AP connection information by using the method described above as a method of transmitting AP connection information from the image forming apparatus 100 to the mobile terminal 300. (Step S101).

Then, by accessing the AP provided by the server device 200 using the acquired AP connection information, the user connects to the LAN 400 (step S102).

Steps 201 and 301 surrounded by reference numerals 501 in FIG. 5 are pairing processes in which the image forming apparatus 100 and the server apparatus 200 authenticate each other as a legitimate communication partner.

Steps S203, 302, 303, and 304 surrounded by reference numerals 502 in FIG. 5 are processes for acquiring AP connection information for the mobile terminal to wirelessly connect to the AP from the server device 200 to which the image forming apparatus 100 is a pairing partner. Is.

Steps S305, 306, 101, and 102 surrounded by reference numerals 503 in FIG. 5 are processes for transmitting AP connection information from the image forming apparatus 100 to the mobile terminal 300.

In FIG. 5, before the user inputs the AP connection information output operation, the image forming apparatus 100 acquires and stores the AP connection information of the AP provided by the server device 200, and the user performs the AP connection information output operation. If so, the AP connection information stored in the image forming apparatus 100 is transmitted to the mobile terminal 300. However, the method of transmitting AP connection information is not limited to this, and the method shown in FIG. 6 may be used for transmission.

Steps S211 and 212, 311 in FIG. 6 are the same as steps S201, 202 and 301 in FIG. 5, and the description thereof will be omitted.

After the AP connection information of AP2004A-C is changed in the server device, the user operates the operation panel 120 of the image forming apparatus 100 to perform an AP connection information output operation for outputting the AP connection information from the operation panel 120. input. Then, the image forming apparatus 100 accepts this operation (step S312), and transmits an AP connection information acquisition request to the server apparatus 200 via the dedicated communication module 181 (step S313).

When the server device 200 receives the AP connection information acquisition request (step S213), the server device 200 determines whether or not the source of the received AP connection information acquisition request is a pairing partner (step S214).

When the source of the AP connection information acquisition request is the pairing partner (step S214: Yes), the server device 200 transmits the AP connection information of each AP2004A-C to the image forming device 100 via the dedicated communication module 202. (Step S215).

If the source of the AP connection information acquisition request is not the pairing partner (step S214: No), the server device 200 interrupts the process until the AP connection information acquisition request is received again.

When the image forming apparatus 100 receives the AP connection information of each AP (step S314), the AP connection of the AP according to the login state of the user at the time when the AP connection information output operation is received from the received AP connection information. Information is output from the operation panel 120 (step S315). If the user is logged in as a general user, the AP connection information of the authenticated user AP is output, and if the user is not logged in, the AP connection information of the guest user AP is output, and the user logs in as an administrator. If so, the AP connection information of the administrator AP is output.

It is the same as steps S111 and 112 in FIG. 6 and steps S101 and 102 in FIG. 5, and the description thereof will be omitted.

Steps 211 and 311 surrounded by reference numerals 601 in FIG. 6 are pairing processes in which the image forming apparatus 100 and the server apparatus 200 authenticate each other as a legitimate communication partner.

Steps S213, 214, 215, 312, 313, and 314 surrounded by reference numerals 602 in FIG. 6 are AP connection information for the mobile terminal to wirelessly connect to the AP from the server device 200 to which the image forming apparatus 100 is a pairing partner. Is the process to get.

Steps S315, 111, and 112 surrounded by reference numerals 603 in FIG. 6 are processes for transmitting AP connection information from the image forming apparatus 100 to the mobile terminal 300.

[2] Modified Examples Although the present disclosure has been described above based on the embodiments, it goes without saying that the present disclosure is not limited to the above-described embodiments, and the following modified examples can be implemented. ..

(1) In the above embodiment, the image forming apparatus 100 transmits the AP connection information of the authenticated user AP if the user is logged in to the image forming apparatus 100 as a general user according to the login state of the user. There is. However, when the user is logged in to the image forming apparatus 100 as a general user, both the AP connection information of the authenticated user AP and the AP connection information of the guest user AP may be transmitted, and the user of both may transmit the AP connection information. One desired AP connection information may be transmitted. Similarly, when the user is logged in to the image forming apparatus 100 as an administrator, all of the AP connection information of the authenticated user AP, the AP connection information of the guest user AP, and the AP connection information of the administrator AP are transmitted. Alternatively, the AP connection information of the AP desired by the user may be transmitted from three.

(2) In the above embodiment, the server device 200 provides an AP for an authenticated user, an AP for a guest user, and an AP for an administrator, but APs other than these may be provided. For example, an expiration date may be set, and a time-limited AP that can be connected only during the expiration date may be provided. Then, when the mobile terminal 300 connected by the time-limited AP succeeds in logging in to the server device 200 within the set expiration date, the mobile terminal 300 carries the AP connection information of the legitimate AP whose expiration date is not set. The terminal 300 may be notified.

FIG. 7 shows for an authenticated user when the server device 200 provides a time-limited AP and the mobile terminal 300 connected to the time-limited AP succeeds in logging in to the server device 200 within the set expiration date. It is a flowchart which shows the operation of the configuration which notifies the mobile terminal 300 of the AP connection information of a legitimate AP. Here, it is assumed that the image forming apparatus 100 and the server apparatus 200 are paired.

The server device 200 sets a legitimate AP for the authenticated user by the operation of the administrator of the server device 200 (step S221). That is, the SSID and password of the legitimate AP for the authenticated user are registered.

In the server device, after the AP connection information of the legitimate AP for the authenticated user is changed, the user operates the operation panel 120 of the image forming apparatus 100 to output the AP connection information of the time-limited AP from the operation panel 120. Enter the AP connection information output operation of. Then, the image forming apparatus 100 accepts this operation (step S321), and transmits an AP connection information acquisition request to the server apparatus 200 via the dedicated communication module 181 (step S322).

When the server device 200 receives the AP connection information acquisition request (step S222), the server device 200 determines whether or not the source of the received AP connection information acquisition request is a pairing partner (step S223).

When the source of the AP connection information acquisition request is the pairing partner (step S223: Yes), the server device 200 sets the time-limited AP (step S224). Specifically, the SSID and password of the time-limited AP are registered.

After that, the server device 200 transmits the AP connection information of the time-limited AP to the image forming device 100 via the dedicated communication module 202 (step S225).

If the source of the AP connection information acquisition request is not the pairing partner (step S223: No), the server device 200 interrupts the process until the AP connection information acquisition request is received again.

When the image forming apparatus 100 receives the AP connection information of the time-limited AP (step S323), the image forming apparatus 100 outputs the received AP connection information from the operation panel 120 (step S324).

The mobile terminal 300 acquires the AP connection information of the time-limited AP output from the operation panel 120 (step S121), and uses the acquired AP connection information to access the time-limited AP provided by the server device 200 (step S121). Step S122).

The server device 200 displays a login screen on the display of the mobile terminal 300 connected with the AP connection information of the time-limited AP (step S226), and accepts the input of the login information (user information).

The user of the mobile terminal 300 operates the mobile terminal 300, inputs login information (user information) including a login ID and a password according to the login screen displayed on the display of the mobile terminal 300, and transmits the login information (user information) to the server device 200 (step). S123).

When the server device 200 receives the login information (user information) from the mobile terminal 300, it authenticates whether or not it matches the user information 2009 stored in the non-volatile storage unit 221 (step S227).

When the login information is successfully authenticated, the server device 200 transmits the AP connection information (SSID and password) of the legitimate AP for the authenticated user set in step S221 to the mobile terminal 300 (step S228).

The mobile terminal 300 receives AP connection information of a legitimate AP for an authenticated user from the server device 200 (step S124), and is provided by the server device 200 using the received AP connection information.

Then, the user connects to the LAN 400 by accessing the legitimate AP for the authenticated user provided by the server device 200 using the acquired AP connection information (step S125).

By operating as described above, the users of the regular AP can be restricted to the users who have registered the user information in the server device 200, and the security can be improved.

The present disclosure can be broadly applied to an image forming apparatus connected to a server apparatus that provides an AP.

1 Information processing system 100 Image forming device 120 Operation panel 181 Dedicated communication module 1001 Pairing unit 1004 AP connection information transmission unit 200 Server device 202 Dedicated communication module 2001 Pairing unit 2004A, 2004B, 2004C AP

Claims (22)

An information processing device that supports wireless connection between a mobile terminal and an access point (AP).
A pairing means for performing pairing for recognizing a legitimate communication partner for a server device that provides an AP, and
An acquisition means for acquiring AP connection information for a mobile terminal to wirelessly connect to an AP from a server device that is a pairing partner.
A transmission means for transmitting the acquired AP connection information to the mobile terminal,
An information processing device characterized by being equipped with. The information processing apparatus according to claim 1, wherein a server accommodating portion for accommodating the server apparatus is provided in a housing of the main body of the information processing apparatus. The information processing device according to claim 1 or 2, wherein the communication with the server device is performed by a communication method different from the wireless connection between the mobile terminal and the AP. An operation panel that accepts operations related to the connection between the mobile terminal and the AP from the user,
Further equipped with non-volatile storage means,
Before accepting the operation, the acquisition means acquires AP connection information from a server device that is a pairing partner, stores the acquired AP connection information in the storage means, and stores the acquired AP connection information.
The information processing apparatus according to claim 1-3, wherein the transmission means transmits AP connection information stored in the storage means when the operation is received. An operation panel that accepts operations related to the connection between the mobile terminal and the AP from the user,
When the above operation is accepted, it is further provided with a request means for transmitting a request for acquiring AP connection information to the server device which is the pairing partner.
The information processing apparatus according to claim 4, wherein the acquisition means acquires AP connection information as a response to the acquisition request. The information processing apparatus according to claim 4, wherein the transmission means displays AP connection information in text on the operation panel. The information processing apparatus according to claim 4, wherein the transmission means displays an image in which AP connection information is encoded on the operation panel. Further equipped with a communication module for short-range wireless communication,
The information processing apparatus according to claim 4, wherein the transmission means outputs a radio signal based on AP connection information from the communication module. With more speakers
The information processing apparatus according to claim 4, wherein the transmission means outputs an audio signal based on AP connection information from the speaker. Further equipped with a key acquisition means for acquiring an encryption key capable of generating a decryptable encryption with a decryption key held by the mobile terminal of the transmission partner.
The information processing apparatus according to any one of claims 1-8, wherein the transmission means encrypts and transmits AP connection information with the encryption key. The pairing involves exchanging public keys with each other.
The information processing apparatus according to any one of claims 1-10, wherein the communication with the pairing partner is performed by encrypting using the exchanged public key. The pairing includes a process of exchanging MAC addresses with each other.
The information according to any one of claims 1-11, wherein the communication in which the source information included in the header information of the communication data matches the MAC address of the pairing partner is regarded as the communication from the pairing partner. Processing device. The pairing is to be connected by a dedicated communication path.
The information processing apparatus according to any one of claims 1-10, wherein the communication whose communication path is the dedicated communication path is regarded as the communication from the pairing partner. A job acquisition means for acquiring an image forming job for forming an image on a sheet, and
An image forming means for executing the acquired image forming job, and
The information processing apparatus according to any one of claims 1 to 13, further comprising. An information processing system including the information processing device according to claim 1 and the server device.
The server device is an information processing system characterized in that the pairing is performed on the information processing device and the AP connection information related to the AP provided by the server device is transmitted to the information processing device which is the pairing partner. The server device accepts an operation of the administrator of the server device, changes the setting of the AP to be provided according to the received operation, and is an information processing device which is a pairing partner for AP connection information related to the AP after the setting change. The information processing system according to claim 15, wherein the information processing system is transmitted to. When the server device receives the request for acquiring the connection information of the AP, the server device transmits the AP connection information related to the AP provided by itself to the information processing device which is the pairing partner only when the transmission source is the pairing partner. The information processing system according to claim 15, wherein the information processing system is characterized by the above. The server device provides an AP that connects to a network for authenticated users.
The communication means is characterized in that AP connection information relating to an AP connected to the network for the authenticated user is transmitted only when a specific user is logged in to the information processing device. Information processing system described in any of. The server device further provides an AP that connects to a network for guest users.
The information according to claim 18, wherein the transmission means transmits AP connection information relating to an AP connected to the network for the guest user when the specific user is not logged in to the information processing apparatus. Processing system. The server device further provides an AP to connect to the network for system administrators.
The transmission means is characterized in that when a user having the authority of system administrator 0 is logged in to the information processing apparatus, the AP connection information relating to the AP connected to the network for the system administrator is transmitted. The information processing system according to claim 18. The information processing system according to any one of claims 15-17, wherein the server device provides a time-limited AP. The server device further provides an AP that connects to a network for authenticated users.
The server device acquires authentication information within the time limit from a mobile terminal wirelessly connected to the time-limited AP, and if the authentication is successful, the AP connection related to the AP connected to the network for the authenticated user. The information processing system according to claim 21, wherein the information is notified to the mobile terminal.

Images