JP4439382B2 - Authentication device and authentication program - Google Patents

Description

  The present invention relates to an authentication apparatus and an authentication program for determining whether or not entry to a system is permitted.

  2. Description of the Related Art An individual authentication device using biometrics or the like has been put into practical use as an authentication device that determines whether or not entry into a system is permitted. On the other hand, in an image processing system including an image input device, an image processing device, an image forming device, etc., there is an authentication device that authenticates in units of groups via an authentication medium such as a magnetic card or an IC card in order to manage billing information. It has been put into practical use.

  In the above-described image processing system, against the background of the rapid development of digital image processing technology in recent years, there is a pressing need for authentication not on a group basis but on an individual basis from the viewpoint of security management for image information.

Therefore, in the image processing apparatus that stores the input image data in the image storage means and outputs the input image data or the image data stored in the image storage means by the image output means, a unique authentication code An authentication code input means for reading the authentication code from an authentication medium in which is recorded, a user ID input means for inputting user ID information including a unique user authentication number issued at the time of user registration, and the authentication A user management means for managing the user based on the code and the user ID information; and the user based on the authentication code input from the authentication code input means or the user ID information input from the user ID input means. A function limiting means for limiting the range of functions that can be used by the user when the user cannot be identified. The image processing apparatus has been proposed which is characterized in.
Japanese Patent Laid-Open No. 10-308835

  However, in the above-mentioned individual authentication, it is necessary to issue an authentication medium such as a magnetic card or an IC card on an individual basis. As the number of users of the system increases, the number of issued cards increases. In addition to an increase in management costs including prevention of misuse, there is a problem that it becomes difficult to manage billing information that needs to be managed in units of groups. For example, if billing information is managed on an individual basis, procedures such as allocation of billing information for each individual belonging to a plurality of groups become complicated.

  In view of the above-described conventional drawbacks, the present invention can perform security management on an individual basis while avoiding an increase in the management cost of an authentication medium even when the number of users of the system increases. An object of the present invention is to provide an authentication device and an authentication program capable of managing required information.

In order to achieve the above-mentioned object, the first characteristic configuration of the authentication apparatus according to the present invention is the authentication data of the group unit and the unit of the members in the group as described in claim 1 of the claims. An image processing system comprising an authentication database storing authentication data , an image reading unit, an image forming unit outputting an image read by the image reading unit, and a storage unit storing an image read by the image reading unit On the other hand, when the group-unit authentication data input via the authentication medium in which the group-unit authentication data is recorded and the group-unit authentication data registered in the authentication database in advance are matched, entry into the image processing system is permitted by the first authentication means and the first authentication means for allowing entry into the image processing system , Belonging to the authentication data of the individual unit inputted through the authentication data input means for operating and inputting the authentication data of the individual unit without going through the authentication medium, and the authentication data of the group unit registered in the authentication database in advance The second authentication unit is configured to allow access to a specific file managed by the image processing system when the authentication data is collated with individual authentication data .

According to the above-described configuration, first, when each individual inputs authentication data via a common or shared authentication medium within the group, the first authentication unit collates with the authentication data of the group unit of the authentication database and performs image processing. It becomes possible to enter the system, and in this state, it becomes possible to manage the management information required for each group when using the image processing system. Then, when accessing a specific file managed by the image processing system, each individual operates and inputs authentication data via the authentication data input means without going through the authentication medium in a state of being entered in the image processing system . The second authentication means makes it possible to access a specific file managed by the image processing system by collating with the authentication data for each member of the authentication database. In this state, whether or not the specific file is permitted is determined on an individual basis. As a result, an extremely secure state is maintained.

In the second feature configuration, as described in claim 2, in addition to the first feature configuration described above, a billing for managing billing information for the image processing system in units of groups authenticated by the first authentication means An information management means and an image information management means for managing image information processed by the image processing system for each individual authenticated by the second authentication means.

According to the above-described configuration, even when the number of users of the image processing system increases, security management can be performed on an individual basis for image information while avoiding an increase in the management cost of the authentication medium. This makes it possible to manage billing information required by the customer.

According to the third characteristic configuration, as described in claim 3, the image processing system includes a multi-function peripheral having a storage unit for storing a file, and is stored in the storage unit by the second authentication unit. It is allowed access of the file, or consists of a network system the computer is connected to the MFP, access to the storage unit or the stored on a computer file its permissible operating by the second authentication means In the point.

The first characteristic configuration of the authentication program according to the present invention includes an authentication database in which authentication data in units of groups and authentication data in units of members in the group are stored as described in claim 4, and an image reading unit And an image processing system including an image forming unit that outputs an image read by the image reading unit and a storage unit that stores an image read by the image reading unit, the authentication data for each group is recorded on the computer. The group-unit authentication data input via the authentication medium and the group-unit authentication data registered in advance in the authentication database are collated to determine whether the entry to the image processing system is permitted or not. a first authentication means, the entry into the image processing system by said first authentication means is allowed, without using the authentication media Collates the authentication data personal unit that is input through the authentication data input means for operation input authentication data of the person units, the authentication data of individual units belonging to the authentication data of the group unit which is previously registered in the authentication database Thus, the second authentication unit functions as a second authentication unit that determines whether or not access to a specific file managed by the image processing system is permitted.

According to the second feature configuration, in addition to the first feature configuration described above , the computer is provided with charging information for the image processing system in units of groups authenticated by the first authentication means. It is an authentication program for functioning as accounting information management means for managing and image information management means for managing image information processed by the image processing system in units of individuals authenticated by the second authentication means.

In the third feature configuration, as described in the sixth aspect, in addition to the second feature configuration described above, the image processing system includes a multifunction device including a storage unit for storing a file. Access to the file stored in the storage unit by the two authentication means is allowed, or the network system is configured such that a computer is connected to the multifunction device, and stored in the storage unit or the computer by the second authentication unit. access to a file is in that it is acceptable Ru certification program.

  As described above, according to the present invention, even when the number of users of the system increases, security management can be performed on an individual basis while avoiding an increase in the management cost of the authentication medium, and moreover, on a group basis. An authentication device and an authentication program capable of managing required information can be provided.

  The case where the authentication apparatus according to the present invention is applied to an image processing system connected to a network will be described below. As shown in FIG. 1, the image processing system includes a scanner 1 as an image input device, a personal computer 2 (hereinafter referred to as “PC”) as an image processing device, a printer 3 as an image forming device, and an authentication device. A multifunction machine 6 having a file server 5 having an authentication server 4, a facsimile and printer function, and a hard disk 7 (hereinafter referred to as “HD”) for storing document image data is connected via a network via a LAN 8. It is.

  The scanner 1 reads an original image with an image sensor and converts it into digital image data. The read image data is input to the PC 2 via a network or printed out by the printer 3. The document file and image file edited and generated by the PC 2 are output to the printer 3 for printing or sent to another PC 2. Further, in the multifunction device 6, a document image is copied based on the read document image data, and the read document image data is stored in the built-in hard disk or inputted to the PC 2. Further, image files and document files generated by the PC 2 and the multifunction device 6 are also managed by a file server.

  The above-described image processing system is constructed as an office system shared by a plurality of groups, is charged for each group according to usage, and has security management in case important information files and manuscript images are handled. The authentication server 4 is connected because it needs to be performed.

  FIG. 2 shows a block diagram of the authentication server 4 taking the multifunction machine 6 as an example. The multifunction device 6 includes an image reading unit 61 that reads a document image, an image forming unit 62 that forms image data of the scanned document, an operation unit 63 that performs operations such as operation settings of the multifunction device 6, and the composite device. The external input / output I / F 64 for connecting the machine 6 to the network is provided. The operation unit 63 is configured to function as an authentication data input unit that operates and inputs authentication data in units of individuals, and the operation of the operation unit 63 is controlled by the control unit 10.

The authentication server 4 includes an authentication database 4a in which authentication data in units of groups and authentication data in units of members in the group (see FIG. 3) are stored. The authentication server 4 determines whether to permit entry into the image processing system. One authentication means 41 and a second authentication means 42 for judging whether or not entry into the subsystem is permitted, wherein the first authentication means 41 authenticates via an authentication medium in which authentication data for each group is recorded. The second authentication means 42 is configured to authenticate via authentication data input means for operating and inputting individual unit authentication data.

  The first authentication means 41 includes an IC card reader (not shown) that reads an IC card as an authentication medium provided in the scanner 1 and each PC 2 and the authentication server 4 and is managed in each group. Data indicating a department code as authentication data is read by scanning the IC card, and the department code is collated with the department code registered in the authentication database 4a in advance by the authentication server 4, and the system matches the department code. Entry to is allowed.

  The second authentication means 42 is configured by the operation unit 63 of the scanner 1 or the multifunction device 6 or the keyboard of the PC 2 and the authentication server 4, and authentication data input from the operation unit or the like by the authentication server 4. A certain personal code is collated with a personal code belonging to a department code registered in the authentication database 4a in advance, and entry to the subsystem is allowed when they match. The personal code is composed of several digits of code data for identifying an individual, but it can also be composed of an ID code or a user name and password.

  The authentication server 4 also functions as a file server for the image processing system, and manages files generated in the system. The image output job executed by the individual authenticated by the first authenticating means 41 in the image processing system is charged by the charging information management means 43 provided in the authentication server 4 for each authentication group. The image file accessed by the individual authenticated by the second authentication means 42 by the image processing system is managed by the image information management means 44 provided in the authentication server 4. Therefore, even when an individual belongs to a plurality of groups, it can be managed so that the accounting process is performed in the group authenticated by the first authentication means 41.

  As shown in FIG. 4, the billing information management unit 43 manages the billing information of the job for the image processing system of the group authenticated by the first authentication unit 41 by date and paper size in units of groups.

  The subsystem comprises image information management means 44 for managing access rights to specific files managed by the image processing system, and each image file can be accessed according to access rights registered in advance in individual units. Be controlled. Therefore, it is not possible to access a file for which no access right is set, thereby realizing read / write protection for an important image file. Here, the image file is an image file read by the scanner 1 or the multifunction device 6 or a print file output from the PC 2 to the multifunction device 6 and is incorporated in the file server 5 or the multifunction device 6. It means an image file stored in the hard disk 7.

Normally, in a computer network to which the PC 2 is connected, a file path and a network path for each PC 2 are set, and access rights of files in the network are managed based on logon information to each PC (for example, Windows ( (Registered Trademark) Active Directory), the second authentication means 42 is a concept of extending such a management function to the multifunction device 6 and the scanner 1, for example, the first authentication means 41 can execute an operation on the multifunction device 6. Thus, the second authentication means 42 manages access rights to specific image files stored in the multifunction device 6 or the file server.

  In the following, the management of image information by the image information management means 44 will be described taking the re-copy output mode by the multifunction device 6 as an example. The re-copy output mode is configured such that when the same original document needs to be copied again after the copying process is completed, the re-copy output mode is set so that the necessary number of copies can be additionally output. The operation panel provided in the operation unit 63 of the multifunction machine 6 shown in FIG. 5 includes a liquid crystal panel 600 for setting various modes, a numerical input key 601 for inputting the number of sheets to be output and a personal authentication code, and an output process. Document image copy processing, such as a start key 602 for starting, a stop / clear key 603 for stopping output processing, a re-copy output key 604 for executing output in the re-copy mode, and a function setting tab 605 for performing detailed setting of copy mode It consists of various setting keys necessary for

  First, when an original to be re-copied is set in the multi-function peripheral and the function setting tab 605 is pressed, the copy mode setting keys such as paper selection, double-sided copying, and re-copy output as shown in FIG. The function setting screen appears. When the re-copy key 610 is pressed, a screen for setting the re-copy output mode is displayed as shown in FIG. 6B, and whether or not to set the re-copy output mode can be selected with the selection key 611. When setting the access right to the image file, the security for the image file is activated by pressing the “user protection setting” key and inputting a personal code for identifying the individual with the numeric input key 601.

After the access right is set, reading of the document is started by pressing the start key 602. After setting the re-copy output mode, the image file is stored in the file server 5. When the image file is accessed later, a personal code is input and the image file is authenticated by the image information management means 44. Allowed. In the present embodiment, the case where the image file is stored in the file server 5 will be described. However, the image file may be configured to be stored in the hard disk 7.

  Next, a procedure for using the recopy output mode will be described. When a recopy output key 604 provided at the top of the liquid crystal panel 600 is pressed, a recopy output list is displayed on the liquid crystal panel 600 as shown in FIG. As the re-copy output list, a list of image files by a plurality of users, which is stored in the file server 5 and includes job number, user name, number of originals, registration date and time, and output type, is displayed. When the file to be set for the recopy output mode is selected from the list and the reoutput key 612 is pressed, if the access right is set when the recopy output mode is set, the reoutput code input screen for performing user authentication Is displayed, and when the access right is not set, the output number setting screen is displayed.

  As shown in FIG. 7B, on the screen for inputting the re-output code, the personal code is input using the numeric input key 601 and the setting key 613 is pressed. When the authentication server 4 collates the personal code registered in the authentication database 4a and the input personal code is authenticated, the image information management means 44 permits access to the image file. Next, a screen for setting the number of copies to be re-output (see FIG. 7C) is displayed, and the increase / decrease in the number of output copies can be set with the +/− key 614. By pressing the output start key 615, Re-copy output of the image file is executed.

  As described above, whether or not to access each image file is controlled by the image information management unit 44 according to the access right registered in advance in individual units, so that security for confidential information and important information is also ensured. It is.

  As described above, for a system including an authentication database in which authentication data for each group and authentication data for each member in the group are stored, a computer is connected to an authentication medium on which authentication data for each group is recorded. First authentication means for determining whether entry to the system is permitted via the second authentication means, and second authentication means for determining permission of entry to the subsystem via the authentication data input means for operating and inputting authentication data for each individual unit An authentication program for functioning is installed, and the computer is authenticated by the second authentication unit and the charging information management unit that manages the charging information for the image processing system in units of groups authenticated by the first authentication unit Image information tube for managing image information processed by the image processing system on an individual basis Authentication program for functioning as a means is installed in the authentication device 4, the required function is realized me than.

  Another embodiment will be described below. In the above-described embodiment, the authentication server is constructed as the authentication device. However, the authentication device may be constructed in a scanner or a multifunction device.

  In the above-described embodiment, the case where the authentication apparatus is applied to a network-connected image processing system has been described. It may be realized as follows.

  In the embodiment described above, an IC card is used as an authentication medium. However, the authentication medium is not limited to an IC card, and another medium such as a magnetic card may be used.

  In addition to the image processing system, it can be applied to other systems. For example, it can be used as an authentication device of a security system for determining whether to enter a building or the like. , After checking the users who enter the room with the second authentication means, manage the authentication device that permits entry, the building that can be entered with the first authentication means, the room in the building that can be selectively entered with the second authentication means, etc. The present invention can also be applied as an authentication device.

Block diagram of a system with an authentication device Functional block diagram of a system with an authentication device Illustration of authentication data managed in the authentication database Explanatory diagram of billing information managed by billing information management means Illustration of the operation unit Explanatory drawing of the main part of the operation unit Explanatory drawing of the main part of the operation unit

1: image input device 2: image processing device 3, 6: image forming device 4: authentication server 4a: authentication database 41: first authentication means 42: second authentication means 43: accounting upper management means 44: image information management means

Claims (6)

An authentication database storing authentication data for each group and authentication data for each member in the group is provided , and is read by an image reading unit and an image forming unit that outputs an image read by the image reading unit. In addition, for an image processing system provided with a storage unit for storing images , group-unit authentication data input via an authentication medium in which group-unit authentication data is recorded, and pre-registered in the authentication database. by matching the group unit of the authentication data are, when matching a first authentication means for allowing entry into the image processing system, the entry into the image processing system by said first authentication means is allowed, for authentication Authentication data for individual units entered via authentication data input means for operating and inputting authentication data for individual units without using a medium If, by matching the authentication data of the individual units belonging to the authentication data of the group unit which is previously registered in the authentication database, the second to allow access to certain files managed by the matching with the image processing system An authentication device configured to include authentication means. Wherein the charging information managing means for managing accounting information for the image processing system to the authenticated group basis by the first authentication means, the image information processed by the image processing system to individual units has been authenticated by the second authentication means The authentication apparatus according to claim 1, further comprising image information management means for managing the information. The image processing system includes a multi-function peripheral having a storage unit for storing a file, and access to the file stored in the storage unit is permitted by the second authentication unit, or a computer is connected to the multi-function peripheral. consists of a connected network system, the second authentication unit by the storage unit or the authentication device according to claim 1, wherein access its permissible operating to the stored in a computer file. An authentication database storing authentication data for each group and authentication data for each member in the group is provided , and is read by an image reading unit and an image forming unit that outputs an image read by the image reading unit. For an image processing system provided with a storage unit for storing an image , a computer is preliminarily stored in group authentication data input via an authentication medium in which group unit authentication data is recorded and the authentication database. First authentication means for verifying whether or not entry to the image processing system is permitted by comparing with registered group-unit authentication data, and entry to the image processing system is permitted by the first authentication means. When, number input via the authentication data input means for operation input authentication data individual basis without using the authentication media And authentication data units, by matching the authentication data of the individual units belonging to the authentication data of the group unit which is previously registered in the authentication database, the permission of access to certain files managed by the image processing system An authentication program for functioning as a second authentication means for determining. The computer is processed by the image processing system for charging information management means for managing charging information for the image processing system in units of groups authenticated by the first authentication means, and for individual units authenticated by the second authentication means. 5. An authentication program according to claim 4, wherein the authentication program causes an image information management unit to manage image information to be managed. The image processing system includes a multi-function peripheral having a storage unit for storing a file, and access to the file stored in the storage unit is permitted by the second authentication unit, or a computer is connected to the multi-function peripheral. consists of a connected network system, the second authentication unit by the storage unit or the authentication program access allowed Ru claim 4 or 5, wherein to said stored in a computer file.