JP2022151700A - Information processing device, information processing method, and program - Google Patents

Abstract

To provide a configuration capable of performing authentication by selecting one of a plurality of authentication servers.SOLUTION: An information processing device 1 which is connected to a plurality of authentication servers 5A, 5B, 5C, 5D via a network N includes: a reading unit 20b for reading medium type information and medium identification information from a card C and a memory that associates and stores server identification information for identifying an authentication server in which authentication is performed among multiple authentication servers for each type of the card C; an authentication server specifying unit 20h for specifying an authentication server in which authentication is performed among the multiple authentication servers on the basis of the read medium type information and the server identification information stored in the memory; an authentication request generation unit 20d for generating an authentication request which requests authentication to the specified authentication server and includes the read medium identification information; and a communication unit 20t for transmitting the generated authentication request to a specified authentication server among the multiple authentication servers.SELECTED DRAWING: Figure 5

Description

The present invention relates to an information processing device, an information processing method, and a program.

Conventionally, a multifunction peripheral (MFP), which is an example of an information processing device, is connected only to one authentication server, transmits identification information to this authentication server, and is installed in the multifunction peripheral after authentication by the authentication server is confirmed. It was configured to allow the use of a specific set of functions specified by
In other words, a multifunction machine is equipped with a group of functions such as printer, scan, fax, copy, etc., and a customization function that permits the use of at least one or more specific functions among all functions by one authentication server. Certified for use as
For this reason, in order to make it possible to use another combination of function groups in the multi-function device, it is necessary to uninstall the already authenticated function group and then install a new authenticated function group.
As described above, in the conventional multifunction machine, a plurality of different authenticated customization functions cannot coexist.
Therefore, there is a problem that only one authenticated customization function can be used, and other unauthenticated customization functions cannot be used in the MFP.

Patent Literature 1 discloses that even when a plurality of users use a user terminal capable of using a plurality of authentication methods, an authentication method suitable for each user is used to support efficient authentication. as an authentication support device connected to a plurality of user terminals and a plurality of authentication devices that perform authentication processing of the user terminals by one of a plurality of authentication methods, wherein the plurality of user terminals a history information storage unit that stores history information associated with an authentication method in authentication processing performed by an authentication device in response to an authentication request from a user terminal for each piece of terminal identification information that identifies a user; When an authentication request transmitted from a terminal is received, an authentication method selection unit that reads an authentication method associated with a user terminal and stored in a history information storage unit, and an authentication method selection unit among a plurality of authentication devices. A configuration is disclosed in which an authentication device that authenticates a user terminal according to a read authentication method is provided with an authentication request unit that transmits an authentication request for the user terminal.
Patent Literature 1 discloses that a plurality of authentication methods can be used. However, in Japanese Unexamined Patent Application Publication No. 2002-100000, a plurality of authentication devices are provided with a plurality of customization functions, respectively, and an authentication method is selected according to the history information of the user. Therefore, there is a problem that the authentication method is restricted depending on the history information.

An embodiment of the present invention has been made in view of the above, and an object thereof is to provide a configuration that enables selection of one of a plurality of authentication servers for authentication.

In order to solve the above-mentioned problems, the invention according to claim 1 is an information processing apparatus connected to a plurality of authentication servers via a network, wherein the plurality of authentication servers are connected for each type of storage medium used for authentication. Among them, a storage unit for storing in association with server identification information identifying an authentication server that performs authentication, medium identification information identifying the storage medium from the storage medium, and medium type information identifying the type of the storage medium The authentication server that performs authentication among the plurality of authentication servers is specified based on the reading unit that reads the above, the medium type information that has been read, and the server identification information that is stored in the storage unit. an authentication server specifying unit, an authentication request generating unit for generating an authentication request requesting authentication to the specified authentication server, the authentication request including the read medium identification information, and generating the generated authentication request, and a transmitting means for transmitting via the network to the specified authentication server among the plurality of authentication servers.

According to the present invention, it is possible to provide a configuration that allows authentication to be performed by selecting one of a plurality of authentication servers.

It is a figure which shows the system configuration|structure of the information processing apparatus and authentication server which concern on one Embodiment of this invention. FIG. 2 is a diagram showing an example hardware configuration of an authentication server that communicates with an information processing apparatus according to an embodiment of the present invention; FIG. 1 illustrates an example hardware configuration of an image forming apparatus, which is an example of an information processing apparatus according to an embodiment of the present invention; FIG. 1 is a diagram showing an example of a software configuration of an image forming apparatus, which is an example of an information processing apparatus according to an embodiment of the present invention; FIG. 1 is a functional block diagram showing an example of an information processing device according to one embodiment of the present invention; FIG. FIG. 3 is a flow chart diagram for explaining an example of an operation procedure of the information processing apparatus according to one embodiment of the present invention; FIG. 10 is a diagram showing a table that associates and stores an authentication customization type and card type information, referred to by an authentication server identification unit; 4A and 4B are diagrams showing examples of screens displayed on the operation panel of the information processing apparatus according to the embodiment of the present invention; FIG. FIG. 2 is a schematic diagram showing an overview of the operation of the information processing apparatus according to one embodiment of the present invention; FIG. 10 is a diagram showing a table that associates and stores authentication customization types and authentication information input forms, referred to by an authentication server specifying unit in a modified example.

BEST MODE FOR CARRYING OUT THE INVENTION The present invention will now be described in detail with reference to embodiments shown in the drawings.
The present invention has the following configuration in order to provide a configuration that allows one of a plurality of authentication servers to be selected for authentication.
That is, the information processing apparatus of the present invention is an information processing apparatus that is connected to a plurality of authentication servers via a network, and performs authentication among the plurality of authentication servers for each type of storage medium used for authentication. a storage unit that associates and stores server identification information that identifies an authentication server; and a reading unit that reads, from a storage medium, medium identification information that identifies the storage medium and medium type information that identifies the type of the storage medium. an authentication server specifying unit for specifying an authentication server to perform authentication among a plurality of authentication servers based on the read medium type information and the server identification information stored in the storage unit; an authentication request generating unit for generating an authentication request including the read medium identification information, which is an authentication request for requesting authentication to the medium; sending the generated authentication request to the specified authentication server among the plurality of authentication servers; and transmission means for transmitting over a network.
By providing the above configuration, it is possible to provide a configuration that allows authentication to be performed by selecting one of a plurality of authentication servers.
The features of the invention described above will be explained in detail with reference to the following drawings. However, unless there is a specific description, the components, types, combinations, shapes, relative arrangements, and the like described in this embodiment are merely illustrative examples and not intended to limit the scope of the present invention. .
The features of the present invention described above will be described in detail below with reference to the drawings.

<System configuration>
FIG. 1 is a diagram showing the system configuration of an information processing device and an authentication server according to one embodiment of the present invention.
The system shown in FIG. 1 includes an information processing device 1, an authentication server 5A, an authentication server 5B, an authentication server 5C, and an authentication server 5D. The information processing device 1 is also connected to each server device via a network N. FIG.
The information processing device 1 is, for example, an image forming device, and includes an operation device 20 and a main body 10 . Then, the operating device 20 reads card identification information and card type information from the card. One of the authentication servers 5A to 5D is selected based on the type information of the card, the identification information of the card is transmitted to the selected authentication server to perform authentication, and the result of authentication by the authentication server and enable the customization function installed in the main unit.
When each of the authentication servers 5A to 5D receives the identification information from the operation device 20 of the information processing device 1, it performs an authentication process by comparing it with pre-registered authentication information, and obtains the result of the authentication. is returned to the information processing apparatus 1.

<Hardware configuration of authentication server>
FIG. 2 is a diagram showing an example hardware configuration of an authentication server that communicates with an information processing apparatus according to an embodiment of the present invention.
FIG. 2 is a hardware configuration diagram of a PC (server). Here, the hardware configuration of the server 5 will be described.
As shown in FIG. 2, the server 5 is constructed by a computer, and as shown in FIG. , an external device connection I/F (Interface) 508 , a network I/F 509 , a data bus 510 , a keyboard 511 , a pointing device 512 , a DVD-RW (Digital Versatile Disk Rewritable) drive 514 , and a media I/F 516 .

Among these, the CPU 501 controls the operation of the server 5 as a whole. The ROM 502 stores programs used to drive the CPU 501 such as IPL. A RAM 503 is used as a work area for the CPU 501 .
The HD 504 stores various data such as programs. The HDD controller 505 controls reading or writing of various data to/from the HD 504 under the control of the CPU 501 .
A display 506 displays various information such as cursors, menus, windows, characters, or images.
The external device connection I/F 508 is an interface for connecting various external devices. The external device in this case is, for example, a USB (Universal Serial Bus) memory, a printer, or the like.
A network I/F 509 is an interface for data communication using the communication network 100 . A bus line 510 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 501 shown in FIG.

Also, the keyboard 511 is a kind of input means having a plurality of keys for inputting characters, numerical values, various instructions, and the like. A pointing device 512 is a kind of input means for selecting and executing various instructions, selecting a processing target, moving a cursor, and the like.
A DVD-RW drive 514 controls reading or writing of various data to a DVD-RW 513 as an example of a removable recording medium. It should be noted that not only DVD-RW but also DVD-R or the like may be used. A media I/F 516 controls reading or writing (storage) of data to a recording medium 515 such as a flash memory.

<Hardware Configuration of Image Forming Apparatus>
FIG. 3 is a diagram showing an example hardware configuration of an image forming apparatus (MFP), which is an example of an information processing apparatus according to an embodiment of the present invention.
A hardware configuration of an image forming apparatus for realizing the present invention will be described.
As shown in FIG. 3, the MFP has a main body 10 capable of realizing various functions such as a copy function, a scanner function, a facsimile function, a printer function, etc., and an operation device 20 for receiving inputs according to operations by an operator. .
The main unit 10 and the operation device 20 are connected to each other through a dedicated communication path 39. For example, the USB standard may be used, but any standard may be used regardless of whether it is wired or wireless.
The CPU 11 comprehensively controls the operation of the main body 10 . The CPU 11 controls the overall operation of the main body 10 by executing programs stored in the ROM 12, the HDD 14, or the like using the RAM 13 as a work area (work area), and performs the above-described copy function, scanner function, facsimile function, printer function, and the like. Realize various functions of
The engine unit 17 is hardware that performs processing other than general-purpose information processing and communication in order to realize a copy function, a scanner function, a facsimile function, a printer function, and the like.
When an event generating a log occurs, the log is accumulated in the log information accumulation device (HDD 14 or RAM 13) in the device. (Normally stored in HDD. In models without HDD, stored in RAM.)

Next, the operation device 20 includes a CPU 21, a ROM 22, a RAM 23, a flash memory 24, a communication I/F 25, a connection I/F 26, an operation panel 27, and a card reader 29, which are connected to the system bus. 28 are interconnected.
The operation panel 27 is a so-called touch panel in which a touch detection section made of transparent electrodes and a liquid crystal display section are integrally formed. The operation panel 27 accepts various inputs by touch operations of the operator, and displays various information (for example, information corresponding to the accepted inputs, information indicating the operation status of the MFP, information indicating the setting state, etc.). .
The card reader 29 reads information stored in a card from a portable storage medium such as an IC card. The information stored in the card includes, for example, a card identifier that primarily identifies the IC card, type information that indicates the type of card, and the like.

<Software Configuration of Image Forming Apparatus>
FIG. 4 is a diagram showing an example of the software configuration of an image forming apparatus, which is an example of an information processing apparatus according to an embodiment of the present invention.
As shown in FIG. 4 , the main body 10 has an application layer 31 , a service layer 32 and an OS layer 33 . The substance of the application layer 31, the service layer 32, and the OS layer 33 is various software stored in the ROM 12 (or HDD 14). Various functions are provided by the CPU 11 executing these software.
The operating device 20 has an application layer 35 , a service layer 36 and an OS layer 37 . The application layer 35, the service layer 36, and the OS layer 37 included in the operation device 20 also have the same hierarchical structure as the main body 10 side.
Note that the functions provided by the APs of the application layer 35 and the types of operation requests that the service layer 36 can accept are different from those on the main body 10 side. The AP of the application layer 35 may be software for operating the hardware resources provided in the operation device 20 to provide a predetermined function. It includes software for providing UI (user interface) functions for performing operations and displays related to fax functions and printer functions.

In this embodiment, for example, four types of authentication customization types are installed as the authentication customization functions representing the authority to use functions corresponding to individual users U. FIG. These four authentication customization types include, for example, standard authentication, customization authentication A, customization authentication B, and simple card authentication. For example, for standard authentication, we provide copying and scanning. For customized authentication A, copying, scanning, and facsimile are provided. For customized authentication B, copy, scan, and printer are provided. In addition, a copy is provided for simple card authentication. It should be noted that the authentication customization type represents a function that is permitted to be used by each user U.
It should be noted that the authentication server that performs authentication differs for each authentication customization type.

<Functional block diagram>
FIG. 5 is a functional block diagram showing an example of an information processing apparatus according to an embodiment of the invention.
As shown in FIG. 5, the functional block diagram includes an operation device 20, a main body 10, and authentication servers 5A to 5D. Although four authentication servers are provided in this embodiment, the number of authentication customization types and the number of corresponding authentication servers are not limited to four.

<Operating device>
The operation device 20 includes an operation reception section 20a, a reading section 20b, a UI display section 20k, a communication section 20t, an authentication server identification section 20h, an authentication request generation section 20d, and a function customization section 20e.
The operation accepting unit 20a accepts an operation by a user and supplies input operation information to the authentication processing unit 20d.
The reading unit 20b uses the card reader 29 to read the card identification information that identifies the card C first and the card type information that identifies the card type of the card C from the card C (storage medium). The reading unit 20b outputs the read card identification information and card type information to the authentication server specifying unit 20h.
The communication unit 20t communicates with each of the authentication servers 5A to 5D via the network N to transmit and receive information. Information transmitted and received at this time includes, for example, an authentication request, which is a request for authentication, and a response (success or failure, etc.) to the authentication request. Also, the communication unit 20t is connected for communication with the main body 10 to transmit and receive information. Furthermore, the communication unit 20t communicates with an external device via a network.

Based on the card type information read from the card C by the reading unit 20b, the authentication server specifying unit 20h specifies an authentication server to perform authentication among the authentication servers 5A to 5D. The details of the specific processing will be described in the description of the flow chart below.
The authentication request generating unit 20d generates an authentication request for requesting authentication to the authentication server specified by the authentication server specifying unit 20h. This authentication request includes, for example, card identification information read from the card C by the reading unit 20b. Also, the authentication request generating unit 20d may generate an authentication request in a format corresponding to the authentication server. This format is, for example, a format corresponding to a WEB interface predefined by the authentication server. Specifically, for example, card identification information is described in a JSON (JavaScript Object Notation) format defined by an authentication server. The WEB interface format defined by each authentication server is stored in the ROM 22 or the flash memory 24, for example. The generated authentication request is transmitted to the specified authentication server by the communication unit 20t.

When the communication unit 20t receives the response to the authentication request, the function customizing unit 20e specifies one or more functions that are permitted to be used among the functions of the information processing device 1 based on the response. The details of the specific processing will be described in the description of the flow chart below.
The UI display unit 20k displays an operation screen and icons for each function. As the operation screen, for example, a screen is displayed that selectably displays one or more functions that are permitted to be used, specified by the function customizing unit 20e.

<Body>
The communication unit 10t is connected for communication with the communication unit 20t of the operation device 20 to transmit and receive information. The information includes, for example, a function execution request such as a scan processing execution request sent from the operation device 20 .
The function execution unit 10a controls the engine unit 17 to execute processing based on the function execution request received by the communication unit 10t. The processing based on the function execution request is, for example, processing such as scanning, copying, and printing.

<Authentication server>
The communication unit 5t communicates with the communication unit 20t of the operation device 20 via a network to transmit and receive information. Information transmitted and received at this time includes, for example, an authentication request, which is a request for authentication, and a response to the authentication request (authentication result of success or failure, etc.).
The user management unit 5a stores and manages a plurality of sets of user identification information such as unique user IDs, passwords, and card identification information. The user identification information may also include function identification information that identifies functions available to the user.

Each function of the embodiments described above may be implemented by one or more processing circuits. Here, the "processing circuit" in this specification means a processor programmed by software to perform each function, such as a processor implemented by an electronic circuit, or a processor designed to perform each function described above. ASICs (Application Specific Integrated Circuits), DSPs (digital signal processors), FPGAs (field programmable gate arrays) and devices such as conventional circuit modules.

<Description of the operation of the information processing device>
FIG. 6 is a flow chart diagram for explaining an example of the operation of the information processing apparatus according to one embodiment of the present invention.
In step S601, the reading unit 20b reads card identification information for identifying the IC card and card type information for identifying the type of the IC card from the IC card held over the card reader 29. FIG.

In step S602, based on the card type information read from the card C by the reading unit 20b, the authentication server specifying unit 20h specifies an authentication server to perform authentication among the authentication servers 5A to 5D. Specifically, the authentication server specifying unit 20h specifies an authentication server that performs authentication by referring to the table 200 shown in FIG. The table 200 is stored in the ROM 22 or the flash memory 24, for example.
Table 200 stores each authentication customization type, card type information, authentication server identification information, and function identification information in association with each other.

Here, the card type is information indicating the type of storage medium (card C) that stores the identification information. The card type is, for example, information indicating the standard of the IC card, and can include FeliCa (registered trademark), Mifare, and the like. Also, an IC card is used as an example of a storage medium, but other storage media such as a smart phone can also be included. In this case, the card type is, for example, information indicating the type of storage medium, and can include cards, smartphones, and the like. Hereinafter, even when the storage medium is an electronic device such as a smart phone, it may be expressed as a card.
The authentication server identification information is identification information for identifying each authentication server from authentication server 5A to authentication server 5D. For example, server 1 is identification information for identifying authentication server 5A, server 2 is identification information for identifying authentication server 5B, server 3 is identification information for identifying authentication server 5C, and server 4 is identification information for identifying authentication server 5D.

In step S603, the authentication request generating unit 20d generates an authentication request for requesting authentication to the authentication server specified by the authentication server specifying unit 20h.
Even if the request reception format differs for each authentication server, a request can be generated in accordance with the reception format of the authentication server.
Here, it is assumed that the card type information read by the reading unit 20b is card type 1, and the authentication server specified by the authentication server specifying unit 20h is the authentication server 5A (server identifier is server 1).
First, the authentication request generator 20d reads out the WEB interface format defined by the authentication server 5A among the WEB interface formats defined by each authentication server stored in the ROM 22 and the flash memory 24. FIG.

Next, the authentication request generating unit 20d generates data such as JSON to be included in the authentication request according to the read WEB interface format. At this time, the authentication request generator 20d writes in JSON the card identification information read from the IC card by the reader 20b. The card identification information may be included as an argument of WEB-API (Application Programming Interface) without being described in JSON.
In this way, even if the request reception format differs for each authentication server, the authentication request generation unit 20d can generate a request that matches the reception format of the authentication server. In addition, even if the WEB interface format of the request differs for each authentication server, the authentication request generation unit 20d can generate a request that matches the reception format of the authentication server.
In step S604, the communication unit 20t transmits the authentication request generated by the authentication request generation unit 20d to the authentication server 5A.
In this way, the information processing apparatus 1 can provide a configuration that allows authentication to be performed by selecting one of the plurality of authentication servers 5A, 5B, 5C, and 5D.

In step S605, the communication unit 20t receives a response to the transmitted authentication request from the authentication server 5A. The response includes, for example, an authentication result indicating whether the authentication was successful. Here, the authentication server 5A performs authentication based on the authentication request sent from the communication unit 20t of the operation device 20. FIG. For example, the user management unit 5a of the authentication server 5A determines whether the card identification information contained in the transmitted authentication request is included in any set of user identification information managed by the user management unit 5a. and, if included, include information in the response indicating that authentication was successful. On the other hand, if not included, include information in the response indicating that the authentication failed.

In step S606, the function customization unit 20e determines whether the authentication has succeeded based on the response received by the communication unit 20t. Specifically, if the response includes information indicating that the authentication was successful, the function customization unit 20e determines that the authentication was successful. On the other hand, if the response contains information indicating that the authentication has failed, the function customization unit 20e determines that the authentication has failed. Here, if the function customizing unit 20e determines that the authentication has failed (No in S606), the process ends.
On the other hand, if the function customizing unit 20e determines that the authentication has succeeded (Yes in S606), in step S607, the function customizing unit 20e permits the use of one of the functions that the information processing apparatus 1 has. Identify these functions. This specifying process is performed by, for example, the following two methods.

<Method 1: Using Function Identification Information in Table 200>
The function customization unit 20e identifies Copy (copy function) and Scan (scan function) as one or more functions whose use is permitted from the function identification information stored in association with card type 1 in the table 200. FIG.
In this manner, since the function identification information can be managed on the information processing apparatus side, even if there are a plurality of information processing apparatuses, the functions that can be used by the user can be managed for each information processing apparatus. For example, even for the same user, management can be performed such that scanning, copying, and printing can be used in one multifunction peripheral (MFP), and only scanning is allowed in another multifunction peripheral (MFP).

<Method 2: Use the function identification information included in the response>
When the user management unit 5a of the authentication server 5A manages the function identification information that identifies functions available to the user, the function identification information managed in association with the card identification information included in the authentication request is , the authentication server 5A includes it in the response and transmits it.
In this way, since the function identification information can be managed on the authentication server side, even if there are a plurality of information processing apparatuses, the functions that can be used by the user can be collectively managed on the authentication server side.
Then, the function customizing unit 20e specifies the function identified by the function identification information included in the response as one or more functions whose use is permitted. For example, if the function identification information included in the response is Copy and Scan, the function customization unit 20e specifies Copy (copy function) and Scan (scan function) as one or more functions whose use is permitted.
In this way, one or more functions that are permitted to be used among a plurality of functions are specified based on the response sent from the authentication server, so that the functions that can be used by the user can be customized.

In step S608, the UI display unit 20k displays a screen on the operation panel 27 that enables selection of Copy (copy function) and Scan (scan function) specified as one or more functions that are permitted to be used by the function customizing unit 20e. to display. FIG. 8 shows an example of a screen displayed on the operation panel 27. As shown in FIG.
In this way, only the functions that can be used by the user are displayed in a selectable manner, so the user does not need to be aware of which functions can be used and which functions cannot be used when selecting functions. .

On the screen 203 shown in FIG. 8A, available Copy (copy function) and Scan (scan function) are selectably displayed, and unavailable FAX (FAX function) and Print (print function) are not displayed. As shown in FIG. 8B, the screen 205 may be a screen that displays unavailable FAX (FAX function) and Print (print function) so that they cannot be selected. Setting (setting function) and Browser (browser function) are not subject to the customization function in this example.
In this way, only the functions that can be used by the user are displayed in a selectable manner, so the user does not need to be aware of which functions can be used and which functions cannot be used when selecting functions. .

<Schematic diagram showing operation>
FIG. 9 is a schematic diagram showing an overview of the operation of the information processing apparatus according to one embodiment of the present invention. In this example, the information processing device 1 uses a table 200 that links card types and authentication customization types shown in FIG. to do
When the information processing device 1 reads the card type information from the card C by the reading unit 20b, the authentication server specifying unit 20h selects one of the authentication servers 5A to 5D based on the card type information of the card C. identify and authenticate.
Accordingly, it is possible to provide a configuration that allows authentication to be performed by selecting one of the plurality of authentication servers 5A, 5B, 5C, and 5D according to the card type.
For example, when the information processing apparatus 1 is shared by employees of different companies in the same office, authentication can be performed by different authentication servers by using IC cards of different card types for each company. .

<Modification>
In the above-described embodiment, the type information of the IC card and the authentication server are stored in association with each other in the table 200 .
On the other hand, instead of the type information of the IC card, a format may be used in which the authentication information input form indicating the login input form is associated with the authentication server.
The authentication server specifying unit 20h specifies an authentication server to perform authentication among the authentication servers 5A to 5D based on the authentication information input form. Specifically, the authentication server identification unit 20h identifies an authentication server that performs authentication by referring to the table 210 shown in FIG. The table 210 is stored in the ROM 22 or the flash memory 24, for example.
In this case, as shown in FIG. 10, each authentication customization type, authentication information input form, authentication server identification information, and function identification information are associated and stored in a table 210 .
The authentication information input forms include manual login, card login, tool login, and remote access login.
Manual login is a form of login by inputting a user ID, which is user identification information, and a password using a keyboard, software keyboard, mouse, or the like.
Card login is a mode in which the card identification information stored in the card C is read by the reading unit 20b.
Tool login is a form in which a software tool is activated and a user ID and password, which are user identification information, are entered in a box for entering to log in.
Remote access login is a form of accessing from an external terminal, and is a form of logging in by entering a user ID and password, which are user identification information.

<Summary of Actions and Effects of Mode Examples of the Present Embodiment>
<First aspect>
The information processing apparatus 1 of this aspect is an information processing apparatus connected to a plurality of authentication servers 5A, 5B, 5C, and 5D via a network N, and for each type of storage medium (card C) used for authentication, A storage unit (memory) that associates and stores server identification information for identifying an authentication server that performs authentication among a plurality of authentication servers 5A, 5B, 5C, and 5D, and a medium identification that identifies the storage medium from a storage medium. Based on a reading unit (reading unit 20b) that reads information and medium type information that identifies the type of the storage medium, the read medium type information, and the server identification information stored in the storage unit, An authentication server specifying unit (authentication server specifying unit 20h) for specifying an authentication server to perform authentication from among the authentication servers 5A, 5B, 5C, and 5D, and an authentication request for requesting authentication from the specified authentication server. an authentication request generating unit (authentication request generating unit 20d) that generates an authentication request including the read medium identification information; and transmitting means (communication unit 20t) for transmitting to the authentication server via network N.
According to this aspect, it is possible to provide a configuration that allows authentication to be performed by selecting one of the plurality of authentication servers 5A, 5B, 5C, and 5D.

<Second aspect>
The information processing apparatus 1 according to the first aspect has a plurality of functions, and one or more functions whose use is permitted among the plurality of functions based on a response transmitted from an authentication server that has transmitted an authentication request. It further has a display control unit (UI display unit 20k, FIG. 8) that displays selectably on the display unit.
According to this aspect, only functions that can be used by the user are displayed in a selectable manner, so that the user does not have to be conscious of which functions can be used and which functions cannot be used when selecting functions. good too.

<Third aspect>
The information processing apparatus 1 according to the second aspect includes a function customizing unit (function It further has a customization unit 20e), and the display control unit (UI display unit 20k, FIG. 8) selectably displays one or more specified functions on the display unit.
According to this aspect, one or more functions that are permitted to be used among the plurality of functions are specified based on the response transmitted from the authentication server, so that the functions that can be used by the user can be customized.

<Fourth Aspect>
In the information processing apparatus 1 according to the third aspect, the response includes function identification information (a pattern sent from the authentication server) that identifies one or more functions whose use is permitted among the plurality of functions, and the function customization is performed. The unit (function customizing unit 20e) specifies one or more functions whose use is permitted among the plurality of functions based on the function identification information included in the response.

<Fifth aspect>
In the information processing apparatus 1 according to the third aspect, the storage unit (memory) stores function identification information identifying one or more functions whose use is permitted among a plurality of functions on a storage medium (card C) used for authentication. (function identification information in table 200), and the function customizing unit (function customizing unit 20e) stores the function identification information in association with the read medium type information based on the function identification information stored in the storage unit. , specifies one or more functions that are permitted to be used from among a plurality of functions.
According to this aspect, since the function identification information can be managed on the information processing apparatus side, even if there are a plurality of information processing apparatuses, the functions that can be used by the user can be managed for each information processing apparatus. For example, even for the same user, management can be performed such that scanning, copying, and printing can be used in one multifunction peripheral (MFP), and only scanning is allowed in another multifunction peripheral (MFP).

<Sixth Aspect>
In the information processing device 1 according to any one of the first to fifth aspects, the authentication request generating unit (authentication request generating unit 20d) generates an authentication request according to the identified authentication server.
According to this aspect, even if the request acceptance format differs for each authentication server, a request can be generated in accordance with the acceptance format of the authentication server.

<Seventh Aspect>
In the information processing apparatus 1 according to the sixth aspect, the authentication request is in a format corresponding to the WEB interface predefined by the authentication server.
According to this aspect, even if the form of the WEB interface of the request differs for each authentication server, it is possible to generate a request that matches the reception form of the authentication server.

<Eighth aspect>
The information processing method of this aspect is an information processing method in the information processing apparatus 1, and includes medium identification information for identifying the storage medium and medium type information for identifying the type of the storage medium from the storage medium (card C). and authentication server identification information stored in a storage unit (memory) in association with each type of storage medium used for authentication. a plurality of authentication servers 5A, 5B, 5C, 5D connected to a plurality of authentication servers 5A, 5B based on the server identification information for identifying the authentication server to perform authentication and the read medium type information; , 5C and 5D, an authentication server specifying step (S602) for specifying an authentication server to perform authentication, and an authentication request for requesting authentication to the specified authentication server, which includes the read medium identification information. An authentication request generation step (S603) for generating a request, and a transmission step (S604) for transmitting the generated authentication request to a specified authentication server among the plurality of authentication servers 5A, 5B, 5C, and 5D via a network. ) and
According to this aspect, it is possible to provide a configuration that allows authentication to be performed by selecting one of the plurality of authentication servers 5A, 5B, 5C, and 5D.

<Ninth Aspect>
In the information processing method according to the eighth aspect, one or more functions to be permitted to be used can be selected from the plurality of functions of the information processing device 1 based on the response transmitted from the authentication server that transmitted the authentication request. It further has a display control step (S608) for displaying on the display unit.
According to this aspect, only functions that can be used by the user are displayed in a selectable manner, so that the user does not have to be conscious of which functions can be used and which functions cannot be used when selecting functions. good too.

<Tenth Aspect>
The program of this aspect causes the information processing apparatus 1 to read out medium identification information for identifying the storage medium and medium type information for identifying the type of the storage medium from the storage medium (card C) (S601 ) and authentication server identification information stored in the storage unit in association with each type of storage medium used for authentication, and the plurality of authentication servers 5A and 5B connected to the information processing apparatus 1 via the network N. , 5C, and 5D based on the server identification information for identifying the authentication server to perform authentication and the read medium type information. An authentication server identification unit (S602) for identifying an authentication server, and an authentication request generation unit (S603) for generating an authentication request for requesting authentication from the identified authentication server, which includes the read medium identification information. Then, it functions as a transmission unit (S604) that transmits the generated authentication request to the specified authentication server among the plurality of authentication servers 5A, 5B, 5C, and 5D via the network N.
According to this aspect, it is possible to provide a configuration that allows authentication to be performed by selecting one of the plurality of authentication servers 5A, 5B, 5C, and 5D.

<Eleventh Aspect>
The program according to the tenth aspect selectably displays one or more functions whose use is permitted among the plurality of functions of the information processing device 1 based on a response transmitted from an authentication server that has transmitted an authentication request. It further functions as a display control unit (S608) for displaying on the screen.
According to this aspect, only functions that can be used by the user are displayed in a selectable manner, so that the user does not have to be conscious of which functions can be used and which functions cannot be used when selecting functions. good too.

Reference Signs List 1 information processing device 5A authentication server 5B second authentication server 5a user management unit 5b user management unit 5t communication unit 10 main body 10a function execution unit 10t communication unit 11 CPU, 12 ROM, 13 RAM, 14 HDD, 17 engine unit, 20 operation device, 20a operation receiving unit, 20b reading unit, 20d authentication request generating unit, 20e function customizing unit, 20h... authentication server identification unit, 20k... UI display unit, 20t... communication unit

Patent No. 5679567

Claims (11)

An information processing device connected to a plurality of authentication servers via a network,
a storage unit that associates and stores server identification information for identifying an authentication server that performs authentication among the plurality of authentication servers for each type of storage medium used for authentication;
a reading unit for reading, from a storage medium, medium identification information for identifying the storage medium and medium type information for identifying the type of the storage medium;
an authentication server identification unit that identifies an authentication server to perform authentication among the plurality of authentication servers based on the read medium type information and the server identification information stored in the storage unit;
an authentication request generator for generating an authentication request for requesting authentication from the specified authentication server, the authentication request including the read medium identification information;
sending means for sending the generated authentication request to the specified authentication server among the plurality of authentication servers via the network;
Information processing device having The information processing device has a plurality of functions,
3. A display control unit configured to selectably display one or more functions permitted to be used from among the plurality of functions on a display unit based on a response transmitted from the authentication server that transmitted the authentication request. 1. The information processing device according to 1. further comprising a function customizing unit that identifies the one or more functions whose use is permitted among the plurality of functions based on a response transmitted from the authentication server that transmitted the authentication request;
The display control unit selectably displays the specified one or more functions on the display unit.
The information processing apparatus according to claim 2. the response includes function identification information identifying the one or more functions whose use is permitted among the plurality of functions;
The function customizing unit identifies the one or more functions whose use is permitted among the plurality of functions, based on the function identification information included in the response.
The information processing apparatus according to claim 3. the storage unit further stores function identification information identifying one or more functions permitted to be used among the plurality of functions in association with each type of storage medium used for authentication;
The function customizing unit identifies the one or more functions whose use is permitted among the plurality of functions based on the function identification information stored in the storage unit in association with the read medium type information. ,
The information processing apparatus according to claim 3. wherein the authentication request generation unit generates the authentication request according to the specified authentication server;
The information processing apparatus according to any one of claims 1 to 5. The authentication request is in a format corresponding to a WEB interface predefined by the authentication server,
The information processing device according to claim 6 . An information processing method in an information processing device,
a reading step of reading medium identification information identifying the storage medium and medium type information identifying the type of the storage medium from the storage medium;
authentication server identification information stored in a storage unit in association with each type of storage medium used for authentication, and performing authentication among a plurality of authentication servers connected to the information processing apparatus via a network; an authentication server specifying step of specifying an authentication server to perform authentication among the plurality of authentication servers based on the server identification information for identifying the authentication server and the read medium type information;
an authentication request generation step of generating an authentication request requesting authentication to the identified authentication server, the authentication request including the read medium identification information;
a transmission step of transmitting the generated authentication request to the identified authentication server among the plurality of authentication servers via the network;
An information processing method comprising: A display control step of selectively displaying one or more functions whose use is permitted among a plurality of functions of the information processing device on a display unit based on a response transmitted from the authentication server that transmitted the authentication request. The information processing method according to claim 8, further comprising: information processing equipment,
a reading unit for reading, from a storage medium, medium identification information for identifying the storage medium and medium type information for identifying the type of the storage medium;
authentication server identification information stored in a storage unit in association with each type of storage medium used for authentication, and performing authentication among a plurality of authentication servers connected to the information processing apparatus via a network; an authentication server identification unit that identifies an authentication server that performs authentication among the plurality of authentication servers based on the server identification information that identifies the authentication server and the read medium type information;
an authentication request generator for generating an authentication request for requesting authentication from the specified authentication server, the authentication request including the read medium identification information;
a transmission unit configured to transmit the generated authentication request to the specified authentication server among the plurality of authentication servers via the network;
A program that works as A display control unit that selectably displays one or more functions whose use is permitted among a plurality of functions of the information processing device on a display unit based on a response transmitted from the authentication server that transmitted the authentication request. 11. The program according to claim 10, further functioning as

Images