JP4446330B2 - Communication device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a communication device such as an information processing device, a communication terminal device, and an output device that can communicate with an external device connected via a network, and particularly has a function of requesting authentication processing by transmitting authentication information to the external device. The present invention relates to a communication device.
[0002]
[Prior art]
In recent years, services and applications provided on the Internet have been widely spread, and various communication devices are connected to each other via a network and actively communicate with each other. Examples of such communication devices include information processing devices such as personal computers (PS) and workstations (WS), and communication terminal devices such as personal digital assistants (PDAs) and mobile phones.
Recently, there is also a communication apparatus that enables communication via the Internet by providing a communication function in an image reading apparatus such as a facsimile machine (FAX) or a scanner, an image forming apparatus such as a printer, a home appliance, or a medical apparatus. Most of these communication apparatuses use standardized TCP / IP (Transfer Control Protocol / Internet Protocol), and can exchange information on the network with each other across different models.
[0003]
By the way, since the Internet is used by an unspecified number of users, there is a high risk of damage caused by so-called “spoofing” in which information is spoofed or falsified by impersonating another person.
Therefore, in communication using the Internet, for example, when a user transmits / receives information to / from an external device using a client device, the user is identified to identify whether or not he / she is an authorized person and has a valid access right. Authentication is performed, and information is encrypted and transmitted / received to ensure the confidentiality of the information.
[0004]
For example, as can be seen in Patent Document 1, highly confidential electronic data stored in a mail server on an internal network when a user accesses the internal network via a gateway from a user terminal on the external network where security is not secured. E-mail that the mail server extracts and duplicates the e-mail when browsing the e-mail, encrypts the body text using the encryption key entered in advance by the user, and then forwards it to the relay server provided on the external network There is a transfer method.
In addition, in this e-mail transfer method, in order to view this e-mail on an external network, it is necessary to be authenticated by a relay server, and it is necessary to decrypt the encrypted e-mail. Confidentiality is kept high.
[0005]
The authentication method includes a method for transmitting and receiving authentication information such as a user ID and a password (referred to as “encrypted authentication method” in this specification) and a method for transmitting and receiving plaintext (in this specification, “ Called plaintext authentication method).
Also, the encryption method is largely divided into a common key encryption (secret key encryption) that uses the same key for encryption and decryption, and a public key encryption (asymmetric encryption) that uses a paired public key and secret key. There are various methods (see Patent Document 2), and the encryption strength and processing speed are different.
For example, common key encryption includes encryption methods such as DES (Data Encryption Standard: Death), RC2 (Ron's Code 2), and RC4.
[0006]
On the other hand, public key cryptography includes cryptographic schemes such as RSA (Rivest Shamir Adleman), elliptic curve cryptography, and El Gamal cryptography.
In addition, hash functions such as MD5 (Massage Digest 5), which detects the presence or absence of tampering during communication by generating a fixed-length pseudo-random number from the original text of the information and comparing it at both ends of the communication path, are also commonly used. Has been.
The user selects an appropriate authentication method and encryption method according to the encryption processing capability of the client device and the external device and the confidentiality of the information to be communicated, and the client device stores it. If it is set using a communication program or the like, it is possible to communicate safely with an authentication method and an encryption method according to one's preference.
[0007]
[Patent Document 1]
JP 11-88410 A
[Patent Document 2]
Japanese Patent Laid-Open No. 11-122238
[0008]
[Problems to be solved by the invention]
However, if the user sets a method other than the authentication method and encryption method supported by both the client device and the external device at this time, there is a problem that normal communication cannot be performed between the client device and the external device. there were.
For example, in SMTP-AUTH (Authentication) in which a user authentication function is added to SMTP (Simple Mail Transfer Protocol), which is a kind of Internet protocol, the client device side can select from a list of authentication methods supported by an SMTP server as an external device. An arbitrary one is selected and specified. At this time, if an authentication method that is not supported by the client device is specified, an error occurs and communication cannot be performed.
[0009]
Therefore, the user investigates both the authentication method and encryption method supported by the client device and the authentication method and encryption method supported by the external device, and both the client device and the external device support it. You need to choose one.
However, since most users are not familiar with the Internet protocol, there is a problem that the investigation and setting of such an authentication method and encryption method become an excessive burden.
[0010]
For example, e-mail software, which is a communication program, has an item for setting whether or not authentication information is transmitted to the SMTP server to be connected. However, the user determines whether the connection destination SMTP server supports SMTP-AUTH. In many cases, I don't even know.
In this case, the user needs to check whether or not the SMTP server to be connected supports authentication, and whether or not authentication is required, and set whether to send authentication information to the SMTP server. Furthermore, when it is set to transmit authentication information, it is necessary to investigate whether there is an encryption method supported by both the client device and the SMTP server.
[0011]
The present invention has been made in view of the above problems, and in a communication device capable of communicating with an external device via a network, an authentication method supported by the own device (client device) and the external device is investigated. It is an object of the present invention to perform authentication by an appropriate authentication method according to an external device without setting.
[0012]
[Means for Solving the Problems]
In order to achieve the above object, the present invention includes a communication unit that communicates with an external device connected via a network, and an authentication request unit that transmits authentication information to the external device and requests authentication processing. In the authentication method supported by the communication device. The storage means is divided into the encryption authentication method and the plaintext authentication method. Refer to the authentication method information that the external device supports, which is stored and transmitted in response to a request from the communication device, First, the encryption authentication method stored in the storage unit and the authentication method supported by the external device are sequentially compared, and if there is no match, the plaintext authentication stored in the storage unit By comparing the method and the authentication method supported by the external device in order, and selecting the first matching authentication method in these comparisons, An authentication method selection means for selecting one of the authentication methods supported by both the external device and the communication device is provided, and the authentication request means responds to the authentication method selected by the authentication method selection means. Authentication information is transmitted to an external device, and an authentication process using the authentication method is requested.
An external device connected via a network may be an SMTP server, a POP3 server, or an IMAP4 server.
[0013]
These communication devices may be provided with image information communication means for transmitting / receiving image information to / from the external device via a network.
Furthermore, the authentication method selected by the authentication method selection means Limit range It is preferable to provide selection instruction receiving means for receiving an instruction. In addition, the selection instruction receiving unit is configured to change the authentication method selection unit according to the received instruction. Send the above authentication information encrypted From among encryption authentication methods The above one authentication method The first mode to select, Send the authentication information in clear text From plaintext authentication methods The above one authentication method From the second mode to select, the encryption authentication method and the plaintext authentication method The above one authentication method One of the third modes to be selected is set.
[0014]
Further, these communication devices may be provided with means for setting the validity / invalidity of the operation of the authentication requesting means.
further, When the authentication request means makes an authentication request, it is preferable to provide a storage means for storing an authentication method related to the authentication request and an authentication result by the external device.
[0015]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings.
First, a configuration example of a network to which a communication apparatus according to the present invention is connected will be described. FIG. 2 is a diagram showing the configuration of the network. In FIG. 2, the address shown in parentheses together with a communication device such as a workstation and an external device is an e-mail address corresponding to that device. This point will be described later.
[0016]
This network is obtained by connecting a network 1 and a network 2, each of which is a LAN (local area network), to the Internet 3 via a router device 5 or 6.
A workstation (WS) 11 and a scanner 12 which are communication devices according to the present invention are connected to the network 1 together with various types of external devices such as a server device 13, a WS 14, and a FAX device 15. On the other hand, many external devices such as the server device 23, WS 21, 24, and FAX device 22 are also connected to the network 2.
Each of these communication devices and external devices has a communication function and can communicate via a network.
[0017]
The scanner 12 is an image reading apparatus provided with an image reading means, and the FAX apparatuses 15 and 22 are image forming apparatuses provided with an image forming means.
The scanner 12 and the FAX apparatuses 15 and 22 also have a facsimile communication (FAX) function, and are public such as PSTN (Public Switched Telephone Networks) or ISDN (Integrated Services Digital Network). Communication via the network 4 is also possible. However, this FAX function and connection to the public network 4 are not essential to the present invention.
[0018]
The details of the scanner 12 and the WS 11 will be described later. Further, since the FAX apparatuses 15 and 22 are neither unique nor essential to the present invention, detailed description thereof will be omitted.
The server device 13 is a mail server, and is connected to the Internet 3 at all times, and manages transmission / reception of e-mails performed by client devices (WS11, WS14, scanner 12, FAX device 15) connected to the network 1. Similarly, the server device 23 manages transmission / reception of e-mails performed by client devices (WS21, WS24, FAX device 22) connected to the network 2.
[0019]
The mail server stores a server (such as an SMTP server) that sends an e-mail to a client device in another network, and an e-mail sent to the client device in its own network, and is downloaded from the user. Although there are servers (POP3 server, IMAP4 server, etc.) corresponding to the request, the server apparatuses 13 and 23 are assumed to have both of these functions.
[0020]
<First Embodiment>
Next, the workstation 11 shown in FIG. 2, which is the first embodiment of the communication apparatus of the present invention, will be described in detail.
First, the functional block diagram of FIG. 1 shows the functional configuration of this workstation. In this figure, only the functions of the parts related to the present invention are shown.
The workstation (WS) 11 uses, as hardware, a known computer such as a PC (personal computer) equipped with a CPU, ROM, RAM, HDD (hard disk drive), communication interface (I / F), and the like. Can do.
[0021]
The CPU functions as the control unit 16 that performs overall control of the entire WS 11 by executing various control programs stored in the ROM and HDD. The function of the storage unit 17 is realized by a storage unit such as a ROM, RAM, or HDD. The communication I / F 18 is a communication unit for communicating with an external device such as the server device 13 connected via a network.
As functions according to the present invention, the control unit 16 has functions of an authentication method selection unit 25 and an authentication request unit 26.
The authentication method selection unit 25 functions as an authentication method selection unit that automatically selects an authentication method according to the external device when communicating with the external device, and the authentication request selection unit 26 is selected by the authentication method selection unit 25 It functions as an authentication request means for transmitting authentication information corresponding to the authentication method to the external device and requesting an authentication process in the authentication method.
[0022]
Hereinafter, an operation when the WS 11 requests communication with the server device 13 will be described with an example. In the following operation example, the user ID (user name) and password registered in advance by the user in the storage unit 17 of the WS 11 and the address of the server device (“msrv13.abc.co.jp” shown in FIG. 2) And are stored.
[0023]
<< First Operation Example: When Server Device 13 Functions as an SMTP Server >>
First, the user of the workstation (WS) 11 transmits an e-mail to the user of the workstation 21 connected to the network 2 shown in FIG. 2 via the server device 13 functioning as an SMTP (Simple Mail Transfer) server. The operation in this case will be specifically described along the flowchart of FIG. 3 with reference to the communication sequences shown in FIGS.
FIG. 4 is a diagram illustrating an example of a communication sequence when the server device is compatible with authentication processing, and FIG. 5 is a diagram illustrating an example of a communication sequence when the server device is not compatible with authentication processing. is there. FIG. 6 is a diagram illustrating an example of a communication sequence when the server apparatus does not support the ESMTP mode. In these communication sequences, a solid line arrow indicates a request transmitted from the WS 11 to the server apparatus 13, and a broken line arrow indicates a response returned from the server apparatus 13 to the WS 11.
[0024]
The user of WS11 creates an e-mail addressed to the user of WS21 using e-mail software or the like, and electronically inputs the address of WS21 ("msrv23.xyz.co.jp" shown in FIG. 2) in the TO: field of the mail header. When designated as a mail transmission destination and instructed to be transmitted, the CPU of the WS 11 starts the processing shown in the flowchart of FIG.
First, in step S1, the server apparatus 13 is connected to the TCP port 25 (this “25” is a standard of TCP / IP (Transmission Control Protocol / Internet Protocol), not the code of this specification). This communication connection is performed by transmitting a request R1 for requesting connection to the server device 13 as shown in FIGS. In addition, the server apparatus 13 will return response R2 which shows a connection response, if a connection request is received.
[0025]
When communication is connected in step S1, the server apparatus 13 is requested to shift to the ESMTP (SMTP service Extensions) mode in the next step S2.
For example, as shown in request R3 in FIGS. 4 to 6, the request to shift to the ESMTP mode is sent to the server apparatus 13 together with the “EHLO” command for requesting the shift to the ESMTP mode, and the host name of the WS 11 (in this example, This is done by sending "ws11.abc.co.jp").
In the next step S3, it is determined whether or not the server device 13 is compatible with the ESMTP mode. The server device 13 returns a different response to the request transmitted in step S2 depending on whether or not the request corresponds to the ESMTP mode, so this determination can be made based on the received response.
[0026]
At this time, if the server apparatus 13 is compatible with the ESMTP mode, the server apparatus 13 also returns a list of commands that the client apparatus can use with the extended function, together with a response indicating that the process of shifting to the ESMTP mode has been completed normally.
For example, in the example shown in FIG. 4, the server apparatus 13 uses EXPN, as a response R4, together with “250-Hello wsll.abc.co.jp” with a reply code number 250 indicating that the transition process to the ESMTP mode has been normally completed. A response indicating that the four commands SIZE, AUTH, and HELP can be used is returned. Of these, AUTH is a command for designating an authentication method to be used. Here, “250-AUTH LOGIN CRAM-MD5” indicates that the methods of “LOGIN” and “CRAM-MD5” can be selected. .
[0027]
Further, in the example shown in FIG. 5, the server device 13 responds that the process of shifting to the ESMTP mode is normally completed and that three commands of EXPN, SIZE, and HELP can be used, and that the AUTH command cannot be used as a response R4 ′. Is returned. Returning to the description of FIG. 3, if the determination in step S <b> 3 is YES, the process proceeds to step S <b> 4 to determine whether or not the server device 13 supports authentication processing. This determination can be made based on the presence or absence of a response indicating that the AUTH command can be used in the above response. If it can be used, the authentication process is supported, and if not, it is determined that the authentication process is not supported.
[0028]
If the server apparatus supports the authentication process in step S4, the process proceeds to step S5, and it is determined whether or not the authentication method supported by the server apparatus 13 is compatible with the own apparatus. This determination can be made based on the argument “250-AUTH” in the above response. For example, in the case of the response R4, since it can be seen that the server device 13 supports “LOGIN” and “CRAM-MD5”, it may be determined based on whether or not the own device supports these. .
If the determination in step S5 is YES, the process proceeds to step S6 and is selected as an authentication method that uses the authentication method. At this time, if there are a plurality of candidates, an appropriate one is selected from the candidates. In this case, for example, the selection criteria according to the priority order determined by the user, which prioritizes the method of encrypting and transmitting the authentication information, is selected. , Etc. are conceivable.
[0029]
Then, in the next step S7, the server apparatus 13 is requested to perform authentication processing by the authentication method selected in step S6. In the example illustrated in FIG. 4, “AUTH CRAM-MD5” of the request R5 corresponds to this request, and is a request for requesting an authentication process using the CRAM-MD5 (Challenge Response Authentication Mechanism-Message Digest 5) method.
In the next step S8, authentication information corresponding to the authentication method requested in step S7 is transmitted to the server device 13. As this authentication information, a password, encrypted data, and the like can be considered. In the CRAM-MD5 system, a character string obtained by adding a password to a challenge character string received from the server device 13 is processed by MD5 that is a hash function. The hash value obtained in this way and the user ID.
[0030]
In the example shown in FIG. 4, the server device 13 that has received the request R5 requesting authentication processing according to the CRAM-MD5 method, as a response R6, sends an appropriate challenge character string together with the reply code 334 indicating that the authentication processing has started. Therefore, the WS 11 transmits the hash value (encrypted character string) obtained by performing the above processing to the challenge character string and the user ID to the server device 13 as the request R7.
The server device 13 uses the MD5 to process the character string obtained by adding the password corresponding to the received user ID to the transmitted challenge character string to obtain a hash value, and compares it with the received hash value. It is possible to determine whether or not the password is correct.
[0031]
After step S8, the process proceeds to step S9, where it is determined whether the authentication is successful. The server device 13 that has received the authentication information transmitted in step S8 performs an authentication process and returns the result as a response. Therefore, the success or failure of the authentication can be determined with reference to the content of this response. If there is no response within a predetermined period, it may be handled as an authentication failure.
In the example illustrated in FIG. 4, the server apparatus 13 returns a reply code “235 Ok” indicating successful authentication in the response R8.
[0032]
If it is determined in step S9 that the authentication is successful (authentication OK), it is determined that the e-mail may be transmitted, the process proceeds to step S10, a normal e-mail transmission process is performed, and the process ends.
Note that the e-mail transmission process in step S10 includes the address “Mail From: <ws11@abc.co.jp>” of the user of the WS 11 that is the e-mail transmission source as shown in FIG. 13 is a process of transmitting to the server device 13 the subject name, body text, attached file, and the like of the e-mail. Since these e-mail transmission processes are not specific to the present invention, a detailed description thereof will be omitted.
[0033]
If it is determined in step S9 that the authentication has failed (authentication NG), the process proceeds to step S11 where error processing is performed and the process ends. As this process, for example, an error message such as “authentication failed” or “password is incorrect” may be displayed on the display of the WS 11 to notify the error.
Further, if the server device 13 does not support the authentication process in step S4 of FIG. 3 and if there is no appropriate authentication method in step S5, the authentication process cannot be performed, so the authentication process is not performed. As it is, the process proceeds to step S10 as it is, and after the e-mail transmission process is performed, the process is terminated.
[0034]
Further, even if the server device 13 does not support the ESMTP mode in step S3, the authentication process cannot be performed. Therefore, the process proceeds to step S12 assuming that the authentication process is not performed, and the server device 13 shifts to the SMTP mode. Request.
If the server device 13 does not support the ESMTP mode, as shown in FIG. 6, the server device 13 returns an error response such as a response R10 to the request R3 requesting the transition from the WS 11 to the ESMTP mode. .
In such a case, although not shown, a “HELO” command is sent to the server apparatus 13 to request the SMTP server to shift to the SMTP mode.
[0035]
In the next step S13, it is determined whether or not the server device 13 is compatible with the SMTP mode. The server device 13 returns a different response to the request transmitted in step S12 depending on whether or not it is compatible with the SMTP mode, so this determination can be made based on the received response.
If the server device 13 is compatible with the SMTP mode, the process proceeds to step S10, a normal e-mail transmission process is performed, and the process ends. On the other hand, if the server device 13 does not support the SMTP mode, the process proceeds to step S14, an error process is performed, and the process is terminated. As this process, for example, it is conceivable to display an error message such as “The connected server does not support transmission of e-mail” on the display of the WS 11 to notify the error.
[0036]
Although illustration is omitted, if an error response is returned from the SMTP server when the authentication process is requested from the SMTP server in step S7, the process proceeds to step S10 without performing the processes in steps S8 and S9. It is advisable to end the process by performing an e-mail transmission process.
Alternatively, in the above case, if there is another authentication method that can be selected, the authentication method may be selected and designated to the server device 13 again.
[0037]
In the above processing, the CPU of WS11 functions as an authentication method selection unit in steps S5 and S6, and the same CPU functions as an authentication request unit in steps S7 and S8.
Then, by performing the processing as described above, it is possible to automatically select an authentication method supported by both the WS 11 and the server device 13 and perform authentication processing by the authentication method. Even without examining or setting these pieces of information, authentication can be performed by an appropriate authentication method according to the server device.
[0038]
<< Second Operation Example: When Server Device 13 Functions as a POP3 Server >>
Next, the operation when the user of WS 11 receives (downloads) an e-mail via the server device 13 functioning as a POP3 (Post Office Protocol version 3) server will be described with reference to the communication sequences shown in FIGS. However, it demonstrates concretely along the flowchart of FIG.
FIG. 8 is a diagram showing an example of a communication sequence in the case where the server apparatus supports authentication processing by the encryption authentication method (hereinafter simply referred to as “encrypted authentication processing”), and FIG. It is a figure which shows an example of a communication sequence in case it does not respond | correspond to the authentication authentication process. In these communication sequences, a solid line arrow indicates a request transmitted from the WS 11 to the server apparatus 13, and a broken line arrow indicates a response returned from the server apparatus 13 to the WS 11.
[0039]
The CPU of the WS 11 performs processing shown in the flowchart of FIG. 7 periodically or when a user gives an instruction, and checks whether or not an incoming e-mail addressed to the user is stored in the mailbox of the server device 13. investigate.
When this process is started, first, in step S21, communication connection is performed with the server device 13 and the TCP port 110 (this "110" is a standard of TCP / IP, not a symbol in the present specification). This communication connection is performed by transmitting a request R11 for requesting connection to the server device 13 as shown in FIGS. The server device 13 returns a response when accepting the connection request, but the content of the response differs depending on whether the server device 13 supports encryption authentication processing or not.
[0040]
For example, in the example shown in FIG. 8, the server apparatus 13 returns a challenge character string as a response R12 together with a reply code “+ OK” indicating a connection response. This challenge character string is an OTP (one-time password) used when performing encryption authentication processing by the challenge and response method.
On the other hand, in the example shown in FIG. 9, since the server device 13 does not support the encryption authentication process, only the reply code “+ OK” indicating the connection response is returned as the response R12 ′.
However, when the communication is connected in step S21, the WS 11 does not depend on whether or not the server device 13 supports the encryption authentication process, and the encryption authentication method supported by itself in the next step S22. A predetermined one is selected from the list.
[0041]
Then, in the next step S23, the server apparatus 13 is requested to perform authentication processing by the encryption authentication method selected in step S22, and in step S24, authentication information corresponding to the encryption authentication method is sent to the server apparatus 13. Send.
Note that step S23 and step S24 may be performed simultaneously. For example, in the example shown in FIGS. 8 and 9, as a request R13, a user ID and an encrypted character string as authentication information are transmitted to the server device 13 together with a command “APOP” requesting authentication processing in a challenge and response system. Yes. Similar to the encrypted character string in the first operation example, this encrypted character string is obtained by encrypting a character string obtained by adding a password to the challenge character string.
[0042]
At this time, the server device 13 performs an authentication process if the requested encryption authentication process is supported, and returns an authentication result to the WS 11 as a response. On the other hand, if the requested encryption authentication process is not supported, the authentication process is not performed and an error response is returned to the WS 11.
For example, in the example illustrated in FIG. 8, the server device 13 encrypts a character string obtained by adding a password corresponding to the received user ID to the transmitted challenge character string, and compares the encrypted character string with that received in the request R13. If the two match, it is determined that the authentication is successful. Then, a response “+ OK” indicating successful authentication is returned as a response R14. In the example illustrated in FIG. 9, the server device 13 returns a response “−ERR” indicating an authentication failure as the response R <b> 16.
[0043]
Returning to the description of FIG. 7, it is determined whether or not the authentication information transmitted to the server device 13 in step S24 has been successfully authenticated in the next step S25. This authentication success / failure determination can be made with reference to the authentication result of the response received from the server device 13. In addition, when there is no response within a predetermined period, it may be handled as an authentication failure.
If it is determined in step S25 that the authentication is successful (authentication OK), it is determined that communication is permitted, the process proceeds to step S26, a normal e-mail reception process is performed, and the process ends. The e-mail receiving process in step S26 transmits the command “STAT” to the server device 13 as shown in the request R15 in FIGS. 8 and 9, and the WS 11 stored in the mail box of the server device 13 or the like. This is a process of checking the number and size of e-mail addressed to the user and receiving the e-mail. Since these e-mail receiving processes are not unique to the present invention, detailed description thereof is omitted.
[0044]
On the other hand, if it is determined in step S25 that the authentication has failed (authentication NG), the process proceeds to step S27, where the server apparatus 13 is requested to perform authentication processing using the plaintext authentication method (hereinafter simply referred to as “plaintext authentication processing”). Send. For example, in the example shown in FIG. 9, a user ID is transmitted as a request R17 together with a command “USER” for specifying a user ID, and a response “+ OK” indicating that the user ID is recognized from the server device 13 is received in response R18. Then, as a request R19, a password is transmitted together with a command “PASS” for transmitting authentication information by a plain text authentication method.
At this time, the server device 13 compares the password corresponding to the user ID received in the request R17 with the password received in the request R19, and determines that the authentication is successful if they match. Then, a response “+ OK” indicating successful authentication is returned as a response R20. If they do not match, it is determined that the authentication has failed, and a response “-ERR” indicating the authentication failure is returned.
[0045]
In the next step S28, it is determined whether or not the plaintext authentication process has been successful. This authentication success / failure determination can be made with reference to the authentication result of the response received from the server device 13. In addition, when there is no response within a predetermined period, it may be handled as an authentication failure.
If it is determined in step S28 that the authentication is successful (authentication OK), it is determined that the communication is permitted, the process proceeds to step S26 described above, an e-mail reception process is performed, and the process ends.
On the other hand, if it is determined in step S28 that the authentication has failed (authentication NG), the process proceeds to step S29, where error processing is performed and the process ends. As this process, for example, an error message such as “authentication failed” or “password is incorrect” may be displayed on the display of the WS 11 to notify the error.
[0046]
In the above processing, the CPU of WS11 functions as an authentication method selection unit in steps S22 and S27, and the same CPU functions as an authentication request unit in steps S23, S24, and S27.
In the first operation example described above, the authentication method corresponding to the WS 11 is automatically selected from the authentication methods supported by the server device 13 and the authentication process using the authentication method is performed. In the second operation example, the authentication process using the encryption authentication method is attempted regardless of whether or not the server device 13 supports the encryption authentication process. However, whether or not the server apparatus 13 is compatible with the encrypted authentication method is determined based on the response of the authentication process. If the server device 13 does not support the encrypted authentication method, the authentication process using the plaintext authentication method is automatically performed. I have to.
[0047]
Therefore, similarly to the first operation example, even if the user does not investigate or set the authentication method in advance, authentication can be performed with an appropriate authentication method according to the server device.
When there are a plurality of encryption authentication methods supported by WS11, when an authentication failure (authentication NG) is determined in step S25, instead of proceeding to step S27, the process returns to step S22 and another encryption authentication method. May be selected and the processing from step S23 to step S25 may be performed again.
In this way, if the authentication process is attempted in all encryption authentication methods supported by WS11 until the authentication success (authentication OK) is determined in step S25, the probability of performing the encryption authentication process is high. Therefore, the safety of communication is improved.
[0048]
Alternatively, in response to the connection request transmitted in step S21, the server device 13 returns different responses depending on whether the encryption authentication processing is supported or not, as described above. The process for determining whether to perform the encryption authentication process based on the process may be performed between step S21 and step S22. For example, in the case of the communication sequences shown in FIGS. 8 and 9, the determination can be made based on the presence or absence of a challenge character string enclosed in <> after “+ OK” in the response R12. If it is determined that the encryption authentication process is performed in this process, the process proceeds to step S22. If it is determined that the plain text authentication process is performed, the process proceeds to step S27.
Further, when the AUTH command described above can be used by the server device 13 functioning as the POP3 server, authentication can be performed in the same manner as in the first operation example, and an e-mail receiving process can be performed.
[0049]
<< Third Operation Example: When Server Device 13 Functions as an IMAP4 Server >>
Next, with reference to the communication sequence shown in FIGS. 11 and 12, the operation when the user of the WS 11 receives an e-mail via the server device 13 functioning as an IMAP4 (Internet Mail Access Protocol version 4) server. A specific description will be given along the flowchart of FIG.
FIG. 11 is a diagram illustrating an example of a communication sequence when the server device supports encryption authentication processing, and FIG. 12 illustrates an example of a communication sequence when the server device does not support encryption authentication processing. FIG. In these communication sequences, solid-line arrows and broken-line arrows are the same as those in the communication sequence described above, and indicate requests and responses, respectively.
[0050]
In the communication sequences of FIGS. 11 and 12, any one of “tag”, “*”, and “+” is added to the head of each request and response. These are all tags defined in the IMAP4 format, and are intended to clarify the relationship between requests and responses. In addition, since a tag does not concern on the characteristic of this invention, each detailed description is abbreviate | omitted.
As in the second operation example, the WS 11 starts e-mail reception processing shown in the flowchart of FIG. 10 periodically or when a user gives an instruction.
First, in step S31, communication is connected to the server apparatus 13 using the TCP port 143 (this “143” is a TCP / IP standard, not a symbol in the present specification). This communication connection is performed by transmitting a request R21 for requesting connection to the server device 13 as shown in FIGS. In addition, the server apparatus 13 will return response R22 which shows a connection response, if a connection request is received.
[0051]
When communication is connected in step S31, a request for transmission of a function list of the server device 13 is requested in next step S32. For this request, for example, as shown in a request R23 in FIGS. 11 and 12, a command “CAPABILITY” instructing the server device 13 to transmit a list of usable extended commands and corresponding authentication methods is transmitted. Do by.
[0052]
At this time, as a response to this request, the server device 13 returns a list of functions and a command “Ok” indicating that the transmission process has ended normally (display OK) to the WS 11. For example, in the example shown in FIG. 11, “map4 auth = CRAM-MD5” and “Ok” are returned as the response R24. Among these, “map4auth =” is a command indicating that the server apparatus 13 supports authentication processing (encryption authentication processing) in the encryption authentication method, and the argument lists the corresponding encryption authentication processing. Is displayed. That is, here, it corresponds to “CRAM-MD5”.
If the transmission process is abnormally terminated (display NG), the server device 13 returns only the command “Bad” as a response, although not shown.
If the server device 13 has no extended function, only “Ok” is returned as a response, as in a response R24 ′ shown in FIG. In this case, it is indicated that there is no encryption authentication process supported by the server device 13.
[0053]
Returning to the description of FIG. 10, in the next step S33, it is determined whether or not the response from the server device 13 has been normally received. If the determination in step S33 is no, the process proceeds to step S44, where error processing is performed and the process ends. As this process, for example, an error message may be displayed on the display of the WS 11 to notify the error.
On the other hand, if the determination in step S33 is YES, the process proceeds to the next step S34 to determine whether or not the server device 13 is compatible with the encryption authentication process. This determination can be made based on the presence / absence of a response indicating that the response corresponds to the encryption authentication process.
[0054]
If it is determined in step S34 that the server apparatus 13 is compatible with the encryption authentication process, the process proceeds to step S35, and the server apparatus 13 is compatible with the encryption authentication method supported by the server apparatus 13. Judge whether there is. This determination can be made based on the argument “map4 auth =” in the response. For example, in the case of the response R24, it can be seen that the server device 13 is compatible with “CRAM-MD5”, and therefore, it may be determined based on whether or not the own device supports this.
[0055]
If the determination in step S35 is YES, the process proceeds to step S36, and an authentication method that is compatible with both the server device 13 and the own device is selected as the encryption authentication method to be used. If there are a plurality of candidates at this time, an appropriate one is selected from them. As a selection criterion in this case, for example, a priority order determined by the user can be considered. In the next step S37, the server device 13 is requested to perform an encryption authentication process using the authentication method selected in step S36. In the example shown in FIG. 11, “AUTHENTICATE CRAM-MD5” corresponds to this request, and is a request for requesting authentication processing by the CRAM-MD5 method.
[0056]
In the next step S38, authentication information corresponding to the authentication method requested in step S37 is transmitted to the server device 13. For example, in the example shown in FIG. 11, the server device 13 that has received the request R25 requesting the authentication processing by the CRAM-MD5 method returns a challenge character string as the response R26, and the WS 11 uses the challenge character string to The encrypted character string obtained in the same manner as in the operation example 1 is transmitted as the request R27 to the server device 13 as authentication information. At this time, the server device 13 determines whether or not the password used by the client device 11 is correct from the received encrypted character string in the same manner as in the first operation example.
[0057]
After step S38, the process proceeds to step S39, and it is determined whether or not the encryption authentication process is successful (authentication OK). The server device 13 that has received the authentication information transmitted in step S38 performs the encryption authentication process and returns the result as a response. Therefore, the determination of the success or failure of the encryption authentication can be made with reference to the response content. . If there is no response within a predetermined period, it may be handled as encryption authentication failure. In the example illustrated in FIG. 11, the server apparatus 13 returns a reply code “Ok” indicating successful authentication in the response R28.
If it is determined in step S39 that the authentication is successful (authentication OK), the process proceeds to step S40, and a normal e-mail reception process similar to that in step S26 shown in FIG.
[0058]
On the other hand, if it is determined in step S34 that the server device 13 does not support the encryption authentication process, or there is no encryption authentication method that the server device 13 supports in step S35. If YES, the process proceeds to step S41, and the server device 13 is requested to perform authentication processing using the plaintext authentication method. For example, in the example shown in FIG. 12, the user ID and password are transmitted in plain text to the server device 13 as arguments of the command “LOGIN” for requesting login in the request R29, thereby performing authentication processing in the plain text authentication method. To request. At this time, the server device 13 can determine whether the password used by the client device 11 is correct from the user ID and password received in the request R29, as in the case of the first operation example. . In the example shown in FIG. 12, the server apparatus 13 returns a reply code “Ok” indicating successful authentication in the response R30.
[0059]
And after step S41, it progresses to step S42 and it is judged whether the plaintext authentication process was successful. The server device 13 that has received the authentication information transmitted in step S41 performs a plaintext authentication process and returns the result as a response. Therefore, it is possible to determine the success or failure of the authentication with reference to the contents. If there is no response within a predetermined period, it may be handled as an authentication failure.
If it is determined in step S42 that the authentication is successful (authentication OK), the process proceeds to step S40, a normal e-mail transmission process is performed, and the process ends.
On the other hand, if the authentication has failed (authentication NG) in step S42, the process proceeds to step S43, and error processing is performed in the same manner as in the first operation example, and the process ends.
[0060]
Even in the case of authentication failure (authentication NG) in step S39, the process proceeds to step S41 and the same processing as described above is performed.
In the above processing, the CPU of WS11 functions as an authentication method selection unit in steps S35, S36, and S41, and the same CPU functions as an authentication request unit in steps S37, S38, and S41.
[0061]
By performing the processing as described above, it is possible to automatically select an encryption authentication method supported by both the WS 11 and the server device 13 and perform authentication processing by the encryption authentication method. Even if the user does not investigate or set the information in advance, the authentication can be performed by an appropriate authentication method according to the server device. In addition, when there is no encryption authentication method supported by both the WS 11 and the server device 13, authentication is automatically performed using the plain text authentication method. There is no loss of reception.
[0062]
<Second Embodiment>
Next, the scanner 12 shown in FIG. 2, which is a second embodiment of the communication apparatus of the present invention, will be described in detail. The scanner 12 is a communication device provided with image information communication means for transmitting / receiving image information to / from an external device via a network.
First, the functional configuration of this scanner is shown in the functional block diagram of FIG. In this figure, only the functions of the parts related to the present invention are shown. In FIG. 13, the same parts as those in FIG.
The scanner 12 includes a scanner unit 31, a plotter unit 32, an operation unit 33, a display unit 34, and a clock circuit unit 35, which are functional units of a general scanner, as well as a CPU, ROM, RAM, HDD, communication interface (I). / F) and the like, and a FAX unit 20 which is a general FAX function unit. All of these can be configured using known hardware.
[0063]
The CPU functions as a control unit 16 ′ that controls the entire scanner 12 by executing various control programs stored in the ROM and HDD. The function of the storage unit 17 ′ is realized by a storage unit such as a ROM, a RAM, and an HDD.
The control unit 16 ′ has functions of an encoding / decoding unit 27 and an image information communication unit 28 in addition to the functions of the authentication method selection unit 25 and the authentication request unit 26 described above.
The encoding / decoding unit 27 performs encoding such as data compression or conversely decodes the encoded image data and restores the original state. Further, the image information communication unit 28 controls the communication I / F 18 and transmits / receives image information (image data) to / from the server device 13 via the network, thereby fulfilling a function of an image information communication unit.
[0064]
The storage unit 17 ′ has functions of a system memory 36 that stores basic software such as an OS, a parameter memory 37 that temporarily stores variables such as setting values, and an image storage unit 38 that stores image data.
The scanner unit 31 is a unit that reads an image on a sheet and converts it into digital image data.
The plotter unit 32 is a unit that forms an image on a sheet based on image data. The operation unit 33 is used by the user to set operation or create an e-mail or the like.
The display unit 34 is for displaying the setting state, operation status, image data, help information, and the like of the scanner 12. The clock circuit unit 35 has a clock function and measures time.
[0065]
On the other hand, the FAX unit 20 includes a G3 FAX modem 40 and a network control unit 39, and has a general FAX communication function.
When the FAX unit 20 is provided in the scanner 12, the image data received via the network 1 can be faxed as it is without being printed by the plotter unit 32. However, since the FAX function is not essential for the present invention, the FAX unit 20 may not be provided.
Further, the plotter unit 32, the display unit 34, and the clock circuit unit 35 may not be provided.
Hereinafter, the operation when the scanner 12 requests the server device 13 to communicate will be described with an example. In the following operation example, the user ID and password registered in advance by the user and the address of the server device (“msrv13.abc.co.jp” shown in FIG. 2) are stored in the storage unit 17 ′ of the scanner 12. Assume that it is stored.
[0066]
When the scanner 12 transmits an e-mail attached with image data to the user of the workstation 21 connected to the network 2 shown in FIG. 2 via the server device 13 functioning as an SMTP server, the user first stores the storage unit 17. The image data to be sent is selected from the image storage unit 38, or the sheet on which the image to be sent is formed is set in the scanner unit 31 and the operation unit 33 is operated to convert the image on the sheet into image data. .
Then, an e-mail addressed to the user of WS 21 is created using e-mail software and the e-mail is sent with the address of WS 21 (“msrv23.xyz.co.jp” shown in FIG. 2) in the TO field of the mail header. The destination is designated, and the selected image data or the converted image data is attached and transmission is instructed. Then, the CPU of the scanner 12 performs the same processing as steps S1 to S14 shown in the flowchart of FIG. 3 and transmits an e-mail as in the case of the WS 11 described in the first embodiment.
[0067]
On the other hand, when the scanner 12 receives an e-mail attached with image data from the mailbox of the server device 13 functioning as the POP3 server, the CPU of the scanner 12 is shown in the flowchart of FIG. The same processing as steps S21 to S29 is performed.
When the scanner 12 receives an e-mail attached with image data from the mailbox of the server device 13 functioning as an IMAP4 server, the same processing as steps S31 to S44 shown in the flowchart of FIG. 10 is performed. .
Note that examples of communication sequences between the scanner 12 and the server device 13 in these processes are “WS11” in the communication sequences shown in FIGS. 4 to 6, 8, 9, 11, and 12, respectively. Is replaced with "."
[0068]
Therefore, also in the second embodiment, as in the first embodiment, an authentication method that is compatible with both the scanner 12 (communication device) and the server device 13 (external device) is automatically selected, and Since the authentication process by the authentication method can be performed, it is possible to perform the authentication by an appropriate authentication method according to the server device even if the user does not investigate or set the information in advance.
In the second embodiment, the case where the communication device is a scanner has been described. However, the present invention is not limited to this. The communication device may be another communication device (for example, a FAX device or a network printer) that can communicate with the network. Good.
[0069]
<Third Embodiment>
Next, a third embodiment of the communication apparatus according to the present invention will be described. This embodiment is also a scanner. In the scanner of the second embodiment, the selection range when the authentication method is automatically selected is the encryption authentication method in which the authentication information is encrypted and / or the authentication information is transmitted in plain text. An instruction to restrict to the plaintext authentication method transmitted by the is received. Since other points are the same as those of the scanner of the second embodiment, description thereof is omitted.
[0070]
In this scanner, an instruction for setting a selection range of authentication information can be received in advance using a predetermined application program or the like. In this process, the CPU of the scanner 12 functions as a selection instruction receiving unit.
Then, in accordance with the received instruction, the first mode for automatically selecting the selection method when the CPU functions as the authentication method selection unit according to the external device from the encryption authentication method, plaintext authentication Any one of the second mode for automatically selecting the method according to the external device from among the methods, and the third mode for automatically selecting the method according to the external device from among the encryption authentication method and the plaintext authentication method I try to set it up.
Hereinafter, an operation example of this scanner will be described.
[0071]
<< Fourth Operation Example: When Server Device 13 Functions as an SMTP Server >>
FIG. 14 is a flowchart showing processing when the scanner authenticates with a server device functioning as an SMTP server and transmits an e-mail. In FIG. 14, the same parts as those in FIG.
When the user of the scanner 12 instructs transmission of an e-mail attached with image data, the CPU of the scanner 12 starts the process shown in the flowchart of FIG. In steps S1 to S3, processing similar to that in steps S1 to S3 shown in FIG. 3 is performed to attempt to shift the server device 13 to the ESMTP mode. If the server apparatus 13 does not support the ESMTP mode in step S3, the process proceeds to step S12. In steps S12 to S14, processing similar to that in steps S12 to S14 shown in FIG. Attempt to enter mode.
[0072]
On the other hand, if the server apparatus is compatible with the ESMTP mode in step S3, the process proceeds to step S4, and it is determined whether the server apparatus 13 is compatible with the authentication process as in step S4 shown in FIG.
If it is not supported in step S4, the process proceeds to step S56 as it is, and the same normal e-mail transmission process as in step S10 shown in FIG. 3 is performed and the process is terminated. In this case, authentication is not performed.
If it is determined in step S4, the process proceeds to step S50, and the setting of the authentication method selection method is changed to the third mode (a mode that can be freely selected from both the encryption authentication method and the plaintext authentication method without limitation). Judge whether or not.
[0073]
If the determination in step S50 is YES, the process proceeds to step S51, and as in the case of step S5 shown in FIG. 3, the own apparatus also supports the encryption authentication method supported by the server device 13. Determine if there is something.
Further, if the determination in step S51 is YES, the process proceeds to step S52, and an appropriate one is selected from encryption authentication methods that both the server apparatus 13 and the scanner 12 support. In the next step S53, the server apparatus 13 is requested to perform authentication processing using the authentication method selected in step S52, and in the subsequent step S54, authentication information corresponding to the encrypted authentication method selected in step S52 is transmitted to the server apparatus 13. To do. Since these detailed descriptions are the same as steps S6 to S9 in the first operation example, they are omitted here.
[0074]
In the next step S55, it is determined whether or not the authentication is successful (authentication OK). If it is determined in step S55 that the authentication is OK, the process proceeds to step S56, a normal e-mail transmission process is performed, and the process ends. If it is determined in step S55 that the authentication is NG, the process proceeds to step S57, and error processing similar to that in step S11 in FIG.
By the way, if there is no appropriate encryption authentication method in step S51, the process proceeds to step S58. In step S58, it is determined whether there is a plaintext authentication method that is compatible with both the server device 13 and the own device (scanner 12). This determination can be made in substantially the same manner as in step S5 shown in FIG. 3, although there is a difference between whether the target is an encryption authentication method or a plaintext authentication method.
[0075]
If the determination in step S58 is NO, there is no authentication method that is compatible with both, so the process proceeds directly to step S56, where the normal e-mail transmission process is performed without performing the authentication process, and the process ends. On the other hand, if the determination in step S58 is YES, the process proceeds to step S59, and an appropriate one is selected from the plaintext authentication methods that both the server device 13 and the scanner 12 support. In the next step S60, the server device 13 is requested to perform authentication processing using the plaintext authentication method selected in step S59, and in step S61, authentication information corresponding to the plaintext authentication method is transmitted to the server device.
After step S61, the process proceeds to step S55, and processing similar to that described above in steps S55 to S57 is performed.
[0076]
If the setting is not the third mode in step S50, the process proceeds to step S62. In step S62, it is determined whether or not the setting of the selection method is the first mode (a mode selected from the encryption authentication method).
If it is in the first mode, the process proceeds to step S63, and as in the case of step S51, whether or not there is an encryption authentication method supported by the server device 13 that is also supported by the own device. to decide.
If the determination in step S63 is YES, the process proceeds to step S52. Subsequently, as in the case where the determination in step S51 is YES, the encryption authentication method is selected, and the authentication process is performed using that method. If so, send an email and exit.
[0077]
Furthermore, if it is not the first mode in step S62, that is, if the setting of the selection method is the second mode (a mode for selecting from the plaintext authentication method), the process proceeds to step S64, and as in step S58, It is determined whether there is a plain text authentication method that both the server device 13 and the scanner 12 support.
If the determination in step S64 is YES, the process proceeds to step S59. Thereafter, in the same manner as in the case where the determination in step S58 is YES, a plaintext authentication method is selected and authentication processing is performed using that method. Send an email to and exit.
On the other hand, if the determination in step S64 is no, the process proceeds directly to step S56, where a normal e-mail transmission process is performed, and the process ends.
[0078]
In the flowchart of FIG. 14, if the server apparatus 13 does not support authentication processing in step S4, and if there is no appropriate authentication method in steps S58, S63, and S64, step S56 is performed without performing authentication processing. The normal e-mail transmission process is performed in advance.
In such a case, it is possible to reduce the probability that the transmission of the electronic mail becomes an error due to the difference in the authentication method between the server device 13 and the scanner 12.
[0079]
<< Fifth Operation Example: When Server Device 13 Functions as a POP3 Server >>
FIG. 15 is a flowchart showing processing when the scanner according to the third embodiment authenticates with a server device functioning as a POP3 server and receives an e-mail. In FIG. 15, the same parts as those in FIG.
The CPU of the scanner 12 starts the processing shown in the flowchart of FIG. 15 periodically or when the user of the scanner 12 instructs to receive an e-mail. In step S21, communication connection processing similar to that in step S21 shown in FIG. 7 is performed.
[0080]
In the next step S70, it is determined whether or not the setting of the authentication method selection method is the third mode.
When the setting is the third mode in step S70, the process proceeds to steps S71 to S73, and in the same way as in steps S22 to S24 shown in FIG. The server apparatus 13 is requested and authentication information is transmitted. In the next step S74, it is determined whether or not the authentication is successful (authentication OK). If the authentication is OK in step S74, the process proceeds to step S75, and a normal e-mail reception process is performed in the same manner as in step S25 shown in FIG.
In the case of authentication NG in step S74, the process proceeds to steps S76 to S78, a plaintext authentication method is selected, and authentication processing in that method is requested to the server device 13 as in the case of step S27 in FIG. Send.
[0081]
Then, in the next step S79, it is determined whether or not the authentication is successful (authentication OK). If the authentication is OK in step S79, the process proceeds to step S75 to perform normal e-mail reception processing and ends. If the authentication is NG, the process proceeds to step S80 and error processing is performed as in step S11 of FIG. Go and finish.
On the other hand, if the setting is not the third mode in step S70, the process proceeds to step S81 to determine whether or not the setting is the first mode.
If the determination in step S81 is NO, that is, if the setting is in the second mode, the process proceeds to step S76. Thereafter, the same processing as in the case where the determination in step S74 is NO is performed.
[0082]
If the determination in step S81 is yes, the process proceeds to steps S82 to S84, and the same processing as in steps S71 to S73 is performed. In the next step S85, it is determined whether or not the authentication is OK. If the determination is YES, the process of step S75 is performed and the process ends. If the determination in step S85 is no, the process proceeds to step S86, and error processing similar to that in step S80 is performed and the process ends.
As described above, the case where the electronic mail is received from the server apparatus functioning as the POP3 server has been described. However, when the AUTH command can be used as the extended function of the server apparatus 13, authentication is performed in the same manner as in the fourth operation example. You can also receive emails.
[0083]
<< Sixth Operation Example: When Server Device 13 Functions as an IMAP4 Server >>
FIG. 16 is a flowchart showing processing when the scanner according to the third embodiment authenticates with a server device functioning as an IMAP4 server and receives an e-mail. In FIG. 16, the same parts as those in FIG.
The CPU of the scanner 12 starts the processing shown in the flowchart of FIG. 16 periodically or when the user of the scanner 12 instructs to receive an e-mail. In step S31, communication connection processing similar to that in step S31 shown in FIG. 10 is performed.
[0084]
In the next step S90, it is determined whether or not the setting of the authentication method selection method is the second mode.
If the setting is the second mode in step S90, the process proceeds to steps S91 to S93, the plaintext authentication method is selected, and the authentication process in that method is performed in the same manner as in step S41 shown in FIG. Request and send authentication information.
Then, in the next step S94, it is determined whether or not the authentication is successful (authentication OK). If YES, the process proceeds to step S95, and the same normal e-mail reception process as described above is performed and terminated. In S111, error processing is performed and the process ends.
[0085]
On the other hand, if the setting is not the second mode in step S90, the process proceeds to step S96, and the server device 13 is requested to transmit the function list in the same manner as in step S32 shown in FIG. Then, in the next step S97, it is determined whether or not the function list has been normally received. If the determination is NO, the error processing of step S111 is performed and the process ends.
If the determination in step S97 is yes, the process proceeds to step S98 to determine whether the setting is in the third mode.
[0086]
If the mode is the third mode in step S98, the process proceeds to steps S99 to S104, and the encryption authentication method is selected in the same manner as in steps S34 to S39 shown in FIG. Request the device 13 to send authentication information. If NO is determined in any of steps S99, S100, and S104, the process proceeds to step S91, and thereafter, the same processing as that in the case where the determination in step S90 is YES is performed. If the determination in step S104 is yes, the normal e-mail reception process in step S95 is performed and the process is terminated. That is, in the case of the third mode, a method corresponding to both the own device and the server device is selected from both the encryption authentication method and the plaintext authentication method, and authentication is requested.
[0087]
On the other hand, if the setting is not the third mode in step S97, that is, if the setting is the first mode, the process proceeds to step S105. Thereafter, in steps S105 to S110, processing similar to that in steps S99 to S104 in the third mode described above is performed. In the first mode, since only the encryption authentication method is selected, there is no appropriate method, and if NO is determined in any of steps S105, S106, and S110, the process proceeds to step S111. It differs from the case of the third mode described above in that error processing is terminated.
[0088]
As described above, an instruction to restrict the range of the authentication method automatically selected by the communication device to the encryption authentication method and / or the plaintext authentication method is accepted, and the selection method when selecting the authentication method is the encryption authentication method. Set to either the first mode that restricts to the first mode, the second mode that restricts to the plaintext authentication method, or the third mode that can be freely selected from both the encryption authentication method and the plaintext authentication method without any particular limitation. Therefore, when the user desires authentication using the encryption authentication method or authentication using the plaintext authentication method, the user can select one of the authentication methods suitable for the communication device and the external device communicating with the communication device. It is possible to automatically select an authentication method according to the user's request. Furthermore, when an error occurs in authentication, the user can explicitly know the result and can easily deal with it.
[0089]
In addition, when it is known in advance that there is an encryption authentication method supported by both the communication device and the external device, it is set in advance that the first mode is set or there is no such encryption authentication method. If the second mode is set when it is known, the CPU does not perform useless processing, so the burden on the CPU can be reduced and the processing speed can be increased.
[0090]
<Modification of the first to third embodiments>
Next, modified examples of the above-described embodiments will be described.
In this modification, the validity / invalidity of the authentication request operation can be set in advance using a predetermined application program or the like.
Hereinafter, processing applied to the above-described fourth operation example will be described.
FIG. 17 shows the flow of this processing. In FIG. 17, the same parts as those in FIG. 3 or FIG.
When the user of the scanner 12 instructs to send an e-mail, the CPU of the scanner 12 starts the process shown in the flowchart of FIG. In step S1, processing similar to that in step S1 shown in FIG. 14 is performed.
[0091]
In the next step S120, it is determined whether or not the operation of the CPU as an authentication request means, that is, the authentication request operation is set to be valid.
If the determination in step S120 is NO, that is, if the authentication request is not set, the process proceeds to step S12, and the following steps S12 to S14 are the same as steps S12 to S14 shown in FIGS. Process. That is, the server apparatus 13 is requested to shift to the SMTP mode, and it is determined whether or not the server apparatus 13 supports the SMTP mode. If it is compatible, a normal e-mail transmission process is performed and the process ends. If not, an error process is performed and the process ends.
[0092]
If the determination in step S120 is yes, the process proceeds to step S2. In the following steps S2 to S4, processing substantially similar to steps S2 to S4 shown in FIG. 14 is performed. If NO is determined in the processes of steps S3 and S4, the authentication request operation is not set to be valid / invalid in the flowchart of FIG. 14, and thus the process proceeds to steps S12 and S56, respectively. However, in the flowchart of FIG. 17, even if the setting of the authentication request operation is valid in step S120, if NO is determined in the processes in steps S3 and S4, the authentication cannot be performed, so the process proceeds to step S57. Proceed with error handling and exit.
[0093]
If the determination in step S4 is YES, the process proceeds to step S50. Thereafter, in steps S50 to S64, processing similar to that in steps S50 to S64 shown in FIG. 14 is performed. If it is determined NO in any one of steps S58, S63, and S64, the process proceeds to step S56 without performing authentication in the flowchart shown in FIG. 14, and each performs normal e-mail transmission processing. . However, in the flowchart of FIG. 17, even if the setting of the authentication request operation is valid in step S120, if it is determined NO in the processes of steps S58, S63, and S64, authentication cannot be performed. In step S57, error processing is performed and the process ends.
[0094]
By performing such processing, it is possible to set in advance whether or not an authentication request is to be made. Therefore, if it is known in advance that the communication device or the external device does not support authentication processing, the CPU can be set invalid by setting it to invalid. However, unnecessary processing is not performed, the burden on the CPU is reduced, and the processing speed is increased.
Also, by setting the validity / invalidity of the authentication request operation, the user can select whether or not to perform authentication according to preference. Furthermore, when an error occurs in authentication, the user can explicitly know the result and can easily deal with it.
[0095]
By the way, here, if invalid in step S120, the process proceeds to step S12 to request the transition to the SMTP mode. However, the present invention is not limited to this. For example, as in steps S2 and S3, the server apparatus 13 may be requested to shift to the ESMTP mode, and it may be determined whether or not the server apparatus 13 supports the ESMTP mode. If the server device 13 is not compatible, error processing is performed and the processing is terminated. If the server device 13 is compatible, normal email transmission processing in step S56 is performed and the processing is terminated.
[0096]
In addition, this modification can be applied to other embodiments and operation examples. For example, when applied to the fifth operation example, the determination in step S120 is performed after step S21 in the flowchart shown in FIG. 15, and if the determination is YES, the process proceeds to step S70, and if the determination is NO, the process proceeds to step S70. The process may proceed to S75.
Further, when applied to the sixth operation, the determination of step S120 is performed after step S31 of the flowchart shown in FIG. 16, and the process proceeds to step S90 if the determination is YES, and step S95 if the determination is NO. Just go to.
[0097]
Next, when there are a plurality of selectable authentication methods in the processing of each operation example described above, a selection criterion for selecting an appropriate one from the plurality of authentication methods will be described.
As this selection criterion, a priority table as shown in FIG. 18 can be used. When there are a plurality of authentication methods that meet the selection conditions, the authentication method having a higher priority is selected preferentially in the priority table of the authentication methods.
The priority table is composed of an encryption authentication method priority table in which encryption authentication methods are arranged in accordance with the priority of selection, and a plaintext authentication method priority table in which plaintext authentication methods are arranged in accordance with the priority of selection. Each of these priorities can be arbitrarily set in advance using application software or the like and stored in a storage unit or the like of the communication device.
[0098]
In this priority table, only authentication methods supported by the communication device are described. In this process, the CPU functions as a means for setting the priority of authentication method selection when the CPU functions as an authentication method selection means.
When such a priority table is used, for example, in step S6 shown in FIG. 3, the authentication methods supported by the server device 13 and the authentication methods included in the priority table are compared in order from the highest priority. And select the first match. At this time, if the comparison is made with the encryption authentication method priority table first and if there is no match, the comparison with the plaintext authentication method priority table will increase the probability of performing the encryption authentication. Safety is further improved.
[0099]
FIG. When the priority order table shown in FIG. 2 is used, first, the authentication method supported by the server device 13 is compared with the CRAM-MD5 with the first priority in the encrypted authentication method priority order table and the KERBEROS_V4 with the second priority. Next, the first LOGIN and the second PLAIN in the plaintext authentication method priority table are compared.
LOGIN and PLAIN perform BASE64 which encodes application data (binary data) such as an image attached to an e-mail into a character string (text data). However, authentication information is transmitted and received in plain text. Then, it is positioned as plain text authentication.
[0100]
Also, in step S22 shown in FIG. 7, the method with the highest priority may be selected from the encryption authentication method priority order table. Further, in the case of authentication NG in step S25, it is preferable to return to step S22, select the method with the next highest priority, and request authentication again. In this way, if all the encryption authentication methods supported by the own device are selected in order of priority until the authentication is OK in step S25, the probability of performing the encryption authentication increases. Safety is further improved.
Further, in the same manner in step S27, the method with the highest priority may be selected from the plaintext authentication method priority table. In this case as well, there is a difference between the encryption authentication method and the plaintext authentication method, but the priority of the plaintext authentication method priority table is the same as in step S22 until the authentication is OK in step S28. It is recommended to request authentication from the highest one.
[0101]
In the case of the processing shown in the flowcharts of FIGS. 14 and 17, the authentication method supported by the server device 13 in step S51 and the authentication method included in the encrypted authentication method priority order table have the higher priority. Are compared in order, and a matching method may be selected in step S52. If there is no matching method at this time, the authentication method supported by the server device 13 in step S58 is compared with the authentication methods included in the plaintext authentication method priority table in the same manner, and the matching method is selected in step S59. Good.
Further, when performing the process of step S63, the encrypted authentication method priority order table is used, and when performing the process of step S64, the plaintext authentication method priority order table is used. Select a match.
[0102]
By performing the processing as described above, authentication processing can be selected and executed in the priority order designated by the user. Note that the priority table may be given a rank without distinguishing between the encryption authentication method priority table and the plaintext authentication method priority table.
[0103]
In each of the above-described embodiments, an authentication method related to an authentication request, an authentication result by an external device, error information, and the like are temporarily stored in a log area so that the user can check by printing on a sheet later. Good. Alternatively, the information may be temporarily stored in the log area of the external device so that the user can confirm by communicating with the external device later. In this way, the user can know the authentication result and grasp the operation status of the apparatus.
[0104]
Although the case where the communication device is a WS or a scanner has been described here, the present invention is not limited to this. The present invention can be applied to any communication device that has a communication function and can be connected to a network. For example, the present invention can be applied to an information processing device such as a personal computer, a communication terminal device such as a mobile phone or PHS, and a communication device such as an output device such as a printer.
Further, the external device with which the communication device communicates is not limited to the server device that functions as the above-described STMP server, POP3 server, or IMAP4 server. For example, it may be a server device that functions as another mail server that operates with substantially the same protocol as these mail servers. Or the server apparatus which functions as servers other than a mail server, such as a web server, may be sufficient. Furthermore, an electronic device other than the server device such as a large computer may be used.
[0105]
Furthermore, in this specification, CRAM-MD5 and KERBEROS_V4 are exemplified as encryption authentication methods, and LOGIN and PLAIN are exemplified as plaintext authentication methods. However, the authentication methods corresponding to the present invention are not limited to these. Other encryption authentication methods and plaintext authentication methods may be used.
In this specification, the case where the communication apparatus automatically selects the authentication method has been described. However, the present invention is not limited to this, and an encryption method for encrypting a part other than communication authentication (for example, the body of an e-mail). Can be automatically selected in the same manner.
[0106]
In addition, if a communication system is configured by the communication device of the present invention described above and an external device that is a communication partner, for example, a server device, an encryption method and an authentication method that the user corresponds to the communication device and the external device can be used. Since it is possible to automatically select an appropriate encryption method and authentication method without performing investigation or setting, it is possible to realize a convenient communication system with low user workload. it can.
[0107]
【The invention's effect】
As described above, according to the communication device of the present invention, it is possible to automatically select an appropriate authentication method according to the authentication method supported by the external device and the own device, and authenticate to the external device using the authentication method. Since the process is requested, it is not necessary for the user to investigate, select and set the authentication method and the encryption method supported by the communication device and the external device, and the burden on the user can be reduced.
[Brief description of the drawings]
FIG. 1 is a functional block diagram showing functions of a WS which is a first embodiment of a communication apparatus according to the present invention.
FIG. 2 is a diagram showing a configuration example of a network to which a communication apparatus according to the present invention is connected.
FIG. 3 is a flowchart showing processing when the WS shown in FIG. 1 transmits an e-mail via a server device functioning as an SMTP server.
4 is a diagram illustrating an example of a communication sequence between a WS and a server device when the server device supports authentication processing in the processing illustrated in FIG.
FIG. 5 is a diagram similarly showing an example when the server device does not support the authentication method.
FIG. 6 is a diagram similarly showing an example when the server device does not support the ESMTP mode.
FIG. 7 is a flowchart showing processing when the WS shown in FIG. 1 receives an e-mail via a server device functioning as a POP3 server.
8 is a diagram showing an example of a communication sequence between the WS and the server device when the server device is compatible with the encryption authentication method in the process shown in FIG.
FIG. 9 is a diagram similarly showing an example when the server apparatus does not support the encryption authentication method.
FIG. 10 is a flowchart showing processing when the WS shown in FIG. 1 receives an e-mail via a server device functioning as an IMAP4 server.
11 is a diagram showing an example of a communication sequence between the WS and the server device when the server device is compatible with the encryption authentication method in the process shown in FIG.
FIG. 12 is a diagram similarly showing an example when the server apparatus does not support the encryption authentication method.
FIG. 13 is a functional block diagram showing functions of a scanner which is a second embodiment of a communication apparatus according to the present invention.
FIG. 14 is a flowchart showing processing when the communication device according to the third embodiment of the present invention transmits an electronic mail via a server device functioning as an SMTP server.
FIG. 15 is a flowchart showing processing when an e-mail is received via a server device functioning as a POP3 server.
FIG. 16 is a flowchart showing processing when an e-mail is received via a server device functioning as an IMAP4 server.
FIG. 17 is a flowchart showing processing when a modification is applied to the processing shown in FIG. 14;
FIG. 18 is a diagram illustrating an example of a priority table for authentication methods;
[Explanation of symbols]
1, 2: Network 3: Internet
4: Public network 5, 6: Router device
11, 14, 21, 24: Workstation (WS)
12: Scanner 13, 23: Server device
15, 22: FAX machine 16, 16 ': Control unit
17, 17 ': Storage unit
18: Communication interface (I / F)
20: FAX section 25: Authentication method selection section
26: Authentication request unit 27: Encoding / decoding unit
28: Image information communication unit
31: Scanner unit 32: Plotter unit
33: Operation unit 34: Display unit
35: Clock circuit part 36: System memory
37: Parameter memory 38: Image storage unit
39: Network control unit 40: G3 FAX modem

Claims (8)

A communication device having communication means for communicating with an external device connected via a network, and authentication request means for transmitting authentication information to the external device and requesting authentication processing,
Information on the authentication method supported by the communication device is stored in the storage means, divided into an encrypted authentication method and a plaintext authentication method ,
The external device refers to information on an authentication method supported by the external device, which is transmitted in response to a request from the communication device, and first, an encryption authentication method stored in the storage unit, The authentication methods supported by the external device are compared in order, and if there is no match, the plaintext authentication method stored in the storage unit and the authentication method supported by the external device are sequentially processed. An authentication method selection means for selecting one authentication method from among the authentication methods supported by both the external device and the communication device by selecting an authentication method that matches first in these comparisons. Prepared,
The communication apparatus, wherein the authentication request means is means for transmitting authentication information corresponding to the authentication method selected by the authentication method selection means to the external device and requesting authentication processing in the authentication method.   The communication apparatus according to claim 1, wherein the external apparatus is an SMTP server.   The communication apparatus according to claim 1, wherein the external apparatus is a POP3 server.   The communication apparatus according to claim 1, wherein the external apparatus is an IMAP4 server. The communication device according to any one of claims 1 to 4,
A communication apparatus comprising image information communication means for transmitting and receiving image information to and from the external apparatus via the network. The communication device according to any one of claims 1 to 5,
A selection instruction receiving means for receiving an instruction to limit the range of authentication methods selected by the authentication method selecting means;
The selection instruction receiving unit selects the one authentication method from among the encrypted authentication methods in which the authentication method selection unit encrypts and transmits the authentication information in accordance with the instruction received by the selection instruction receiving unit. A first mode, a second mode in which the one authentication method is selected from plaintext authentication methods in which the authentication information is transmitted in plaintext, the one authentication method from among the encryption authentication method and the plaintext authentication method. A communication apparatus that is set to one of the third modes to be selected. The communication device according to any one of claims 1 to 6,
A communication apparatus comprising means for setting validity / invalidity of the operation of the authentication request means. The communication device according to any one of claims 1 to 7 ,
A communication device, comprising: a storage unit that stores an authentication method related to an authentication request and an authentication result of the external device when the authentication request unit makes an authentication request.

Images