JP4518287B2 - Information processing system, information processing apparatus, first authentication server, control method, program, information processing method, information processing program - Google Patents

Description

  The present invention provides one or more information processing apparatuses, a first authentication server storing first authentication information for permitting use of the information processing apparatus, and a second for identifying at least a user. The present invention relates to authentication control in an information processing system capable of communicating with a second authentication server in which authentication information is stored via a communication medium.

2. Description of the Related Art Conventionally, a so-called “pull print” printing system is known in which a user issues a print request from a printing device to print data temporarily stored on a server to output the printing data from the printing device. Yes. Accordingly, the user can output print data from a desired printing apparatus instead of outputting to a specific printing apparatus when printing from an application. (For example, Patent Document 1)
An example of a printing procedure in such a printing system is as follows.

  When the user holds the IC card over the IC card reader connected to the printing apparatus, the IC card reader detects the UID (unique ID) of the IC card. Then, in order to determine whether or not the user is a usable user, the printing apparatus refers to the authentication table stored in the authentication server and set to allow login based on the UID, and executes user authentication processing.

  If the user can log in as a result of the authentication process, the printing apparatus acquires and prints the user's print data temporarily stored on the server.

  Here, an administrator who manages (maintains) the authentication table registers or deletes the UID in the authentication table when a new person who uses the printing apparatus or a person who stops using the printing apparatus occurs. .

JP 2006-99714 A

  In the above conventional technique, generally, as the number of users of the printing apparatus increases, the administrator frequently registers or deletes authentication information such as a UID in the authentication table. There was a problem that the labor of the administrator would increase.

  Further, in the conventional technology, a user can register a plurality of IC cards (authentication information such as UID) in the authentication table, and not only the IC card of the user but also the IC card of a person other than the user. It was possible to register. For this reason, the user may be able to print print data of a person other than the user.

  For example, when the IC card of user A is registered in the authentication table and the IC card of user B is not yet registered, user A mistakenly registers the user information of user A with the IC card of user B in the authentication table. There was a case.

  In such a case, when the user B holds the IC card over the reader and tries to print the print data, the print data is associated with the user name registered in the authentication table, so the user B acquires his / her print data. In addition, the print data of the user A can be acquired, resulting in a decrease in security. That is, according to the conventional technique, it is difficult to reduce a complicated operation such as registration or deletion of authentication information performed by an administrator and to prevent one user from registering a plurality of IC cards in the authentication table. there were.

An object of the present invention is to receive a registration request for a new storage medium by an operation of a user who is permitted to use the information processing apparatus, so that the authentication information of the storage medium used by the user to permit the use of the information processing apparatus This is a list of authentication information that is prohibited from registering authentication information of a storage medium to be newly used in the authentication server that manages the authentication, deleting existing authentication information from the authentication server, and registering in the authentication server. By registering the authentication information to be deleted in a certain black list, a mechanism for reducing the complicated operation of the administrator is provided.

And the information processing apparatus, a first authentication server, the second authentication server and can communicate information processing second authentication information for identifying a user is stored whose use is permitted in the information processing apparatus A first authentication server for identifying the storage medium, which is read and input from a storage medium used for authorizing the use of the information processing apparatus ; Authentication information storage means for linking and storing second authentication information for identifying the user, and the first authentication received from the information processing apparatus by being read from the storage medium by the information processing apparatus information, and determining means for determining whether stored in the authentication information storage unit, and an authentication result transmitting means for transmitting an authentication result based on the determination result by the determination means to the information processing apparatus, The second authentication information input and the registration request by the operation of the user in the serial information processing apparatus, receiving means for receiving from the information processing apparatus, the second authentication information and the authentication information received by the receiving means A registration determination unit that determines whether the storage unit stores the registration request; and the reception unit that receives the registration request, wherein the second authentication information received by the reception unit is the second authentication server Is stored in the authentication information storage means when the registration determination means determines that the second authentication information received by the reception means is stored in the authentication information storage means. and it is registered in the black list information of the first authentication information already string attached and stored in the second authentication information, and blanking for deleting of the first authentication information from the authentication information storage unit And Kkurisuto registration means, a first authentication information received from the information processing apparatus, and black determining means for determining whether or not it is registered in the black list information, when receiving the registration request by said receiving means And the black authentication means determines that the first authentication information received from the information processing apparatus is not registered in the black list information, and the second authentication information received by the receiving means is when stored in the second authentication server, those having a said second authentication information, and registration means for registering the authentication information storage unit in association with the said first authentication information with each other, the And the information processing apparatus transmits the first authentication information read from the storage medium and inputted to the first authentication server to make an authentication request for the first authentication information. A determination result by the black determination means obtained in response to the authentication request by the authentication information authentication request means and the authentication information authentication request means that the first authentication information is registered in the black list information. The use of the information processing apparatus is not permitted when the authentication result based on the determination result by the determination unit obtained in response to the authentication request by the authentication information authentication request unit is not authenticated. And a second means for identifying a user input from the operation unit when receiving a registration instruction for the first authentication information read from the storage medium and input via the operation unit. And registration request means for transmitting the first authentication information to the first authentication server to make a registration request for the first authentication information .

According to the present invention, authentication information of a storage medium used by the user to permit the use of the information processing apparatus by accepting a registration request for a new storage medium by a user operation permitted to use the information processing apparatus. This is a list of authentication information that is prohibited from registering authentication information of a storage medium to be newly used in the authentication server that manages the authentication, deleting existing authentication information from the authentication server, and registering in the authentication server. to a black list, by registering the authentication information that is the deletion, the effect of such can be reduced a complicated operation of the administrator.

1 is a system configuration diagram illustrating an example of a configuration of a printing system to which a printing apparatus of the present invention can be applied. FIG. 2 is a block diagram showing a hardware configuration of an information processing apparatus applicable to the IC card authentication server 200, directory service server 300, computer 400, and print data storage server 500 shown in FIG. FIG. 2 is a block diagram illustrating an example of a hardware configuration of a controller unit of the multifunction peripheral 100 illustrated in FIG. 1. FIG. 2 is a block diagram illustrating an example of a software configuration of the multifunction peripheral 100 illustrated in FIG. 1. It is a block diagram which shows an example of the software structure of the IC card authentication server 200 shown in FIG. 6 is a flowchart illustrating an example of a first control processing procedure in the print system of the present invention. It is a schematic diagram which shows an example of the login screen in the printing system of this invention. It is a schematic diagram which shows an example of the authentication failure screen in the printing system of this invention. It is a schematic diagram which shows an example of the user registration screen in the printing system of this invention. It is a schematic diagram which shows an example of the registration completion screen in the printing system of this invention. It is a schematic diagram which shows an example of the registration failure screen in the print system of this invention. 6 is a flowchart illustrating an example of a second control processing procedure in the printing system of the present invention. FIG. 6 is a diagram illustrating an example of a configuration of an authentication table 504 illustrated in FIG. 5. FIG. 6 is a diagram illustrating an example of a configuration of a log 506 illustrated in FIG. 5. 10 is a flowchart illustrating an example of a third control processing procedure in the print system of the present invention. 10 is a flowchart illustrating an example of a fourth control processing procedure in the print system of the present invention. FIG. 6 is a diagram illustrating an example of a configuration of a setting file 505 illustrated in FIG. 5. 10 is a flowchart illustrating an example of a fifth control processing procedure in the print system of the present invention. It is a figure which shows a part of authentication table 1900 (2nd authentication table) memorize | stored in HD211 of the directory service server 300. FIG. FIG. 3 is a diagram illustrating a memory map of a recording medium (storage medium) that stores various data processing programs that can be read by each device that constitutes the printing system according to the present invention. FIG. 6 is a diagram illustrating an example of a configuration of a black list table 507 illustrated in FIG. 5. It is a schematic diagram showing an example of a registration prohibition screen in the print system of the present invention. It is a flowchart which shows an example of the 6th control processing procedure in the printing system of this invention. It is a flowchart which shows an example of the 6th control processing procedure in the printing system of this invention. It is a flowchart which shows an example of the 6th control processing procedure in the printing system of this invention. 12 is a flowchart illustrating an example of a seventh control processing procedure in the printing system of the present invention. It is a schematic diagram which shows an example of the overwrite confirmation screen in the printing system of this invention. FIG. 2 is a functional block diagram illustrating an example of a functional configuration of the multifunction peripheral 100 illustrated in FIG. 1. It is a functional block diagram which shows an example of a function structure of the IC card authentication server 200 shown in FIG.

[First Embodiment]
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

Description of FIG. 1 (System Configuration Diagram) FIG. 1 is a system configuration diagram showing an example of the configuration of a printing system to which the printing apparatus of the present invention can be applied.

  As shown in FIG. 1, the print system of this embodiment includes one or a plurality of multifunction peripherals 100, an IC card authentication server 200, a directory service server 300 (user authentication server), and one or a plurality of computers 400 (for example, for each user). ), The print data storage server 500 is connected via a communication medium such as a network 600 (for example, a LAN).

  A printer driver is installed in the computer 400. The printer driver generates print data based on the data received from the application program, transmits the print data to the print data storage server 500, and stores it in a predetermined storage location (spool area) of the print data storage server 500. be able to.

  The print data storage server 500 controls the transfer of the print data stored in the predetermined storage location to the multifunction peripheral 100 based on a command received from the outside.

  As another configuration, instead of the print data storage server 500, the multifunction peripheral 100 can be a print data storage server.

  The IC card authentication server 200 stores an IC card authentication table, and performs an authentication process using the IC card authentication table in response to an authentication request by the IC card from the multifunction device 100.

  Upon receiving the user's print request specified in the authentication process, the multifunction peripheral 100 acquires the user's print data stored in a predetermined storage location of the print data storage server 500, and executes the print process. In addition to the printing process, the multi-function device 100 can use a scan or copy function when authenticated by an IC card.

  The directory service server 300 centrally stores and manages hardware resources such as servers, clients, and printers on the network, and attributes such as attributes and access rights of users who use them. For example, the directory service server 300 is a server equipped with an active directory function. The user attributes include a login user name and password of the computer 400 (for example, a login user name and password of Microsoft Windows (registered trademark)).

  When acquiring the card ID of the IC card, the CPU 301 of the multifunction peripheral 100 transmits the card ID to the IC card authentication server 200.

  Then, the CPU of the IC card authentication server 200 executes an authentication process with the received card ID, and transmits an authentication result to the multifunction device 100.

  When the authentication cannot be performed, the CPU of the IC card authentication server 200 transmits a request for inputting user information (for example, a user name and a password (FIG. 19) managed by the directory service server 300) to the multi-function device 100.

  Upon receiving the user information input request, the MFP 100 transmits the user information input by the operator to the IC card authentication server 200.

  Then, the CPU of the IC card authentication server 200 transmits user information to the directory service server 300. Upon receiving the user information, the directory service server 300 executes authentication processing and transmits the authentication result to the IC card authentication server 200. .

  When the authentication by the directory service server 300 is not possible, the IC card authentication server 200 discards the information. On the other hand, when the directory service server 300 is authenticated, the IC card authentication server 200 registers the user information (user name) and card ID in the IC card authentication server 200.

Description of FIG. 2 (Block Diagram) The hardware of the information processing apparatus applicable to the IC card authentication server 200, directory service server 300, computer 400, and print data storage server 500 shown in FIG. The configuration will be described.

  FIG. 2 is a block diagram illustrating a hardware configuration of an information processing apparatus applicable to the IC card authentication server 200, the directory service server 300, the computer 400, and the print data storage server 500 illustrated in FIG.

  In FIG. 2, reference numeral 201 denotes a CPU that comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 211 is necessary to realize a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as an OS) that is a control program of the CPU 201 and a function executed by each server or each PC. Various programs to be described later are stored.

  A RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for execution of processing from the ROM 202 or the external memory 211 into the RAM 203 and executing the loaded program.

  An input controller 205 controls input from a keyboard (KB) 209 or a pointing device such as a mouse (not shown). A video controller 206 controls display on a display device such as a CRT display (CRT) 210. In FIG. 2, although described as CRT 210, the display device is not limited to the CRT, but may be another display device such as a liquid crystal display. These are used by the administrator as needed.

  A memory controller 207 is provided in an external storage device (hard disk (HD)), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 211 such as a compact flash (registered trademark) memory connected via an adapter.

  A communication I / F controller 208 is connected to and communicates with an external device via the network 600, and executes communication control processing in the network. For example, communication using TCP / IP is possible.

  Note that the CPU 201 enables display on the CRT 210 by executing outline font rasterization processing on a display information area in the RAM 203, for example. In addition, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the CRT 210.

  Various programs to be described later for realizing the present invention are recorded in the external memory 211 and executed by the CPU 201 by being loaded into the RAM 203 as necessary. Furthermore, definition files and various information tables used when executing the program are also stored in the external memory 211.

Description of FIG. 3 (Block Diagram) Next, the hardware configuration of the controller unit that controls the multifunction peripheral 100 as the image processing apparatus of the present invention will be described with reference to FIG.

  FIG. 3 is a block diagram illustrating an example of a hardware configuration of the controller unit of the multifunction peripheral 100 illustrated in FIG.

  In FIG. 3, reference numeral 316 denotes a controller unit which is connected to a scanner unit 314 functioning as an image input device and a printer unit 312 functioning as an image output device, while being connected to a LAN (for example, the LAN (network) shown in FIG. 1), By connecting to a public line (WAN) (for example, PSTN or ISDN), image data and device information are input and output.

  In the controller unit 316, reference numeral 301 denotes a CPU, which is a processor that controls the entire system. A RAM 302 is a system work memory for the CPU 301 to operate, and is also a program memory for recording a program and an image memory for temporarily recording image data.

  A ROM 303 stores a system boot program and various control programs. An external storage device (hard disk drive (HDD)) 304 stores various programs for controlling the system, image data, and the like. An IC card authentication application program (1011) to be described later is also stored in the external storage device 304. A card ID storage area 1012 shown in FIG. 4 to be described later is a storage area of the RAM 302 or the HDD 304.

  An operation unit interface (operation unit I / F) 307 is an interface unit with the operation unit (UI) 308 and outputs image data to be displayed on the operation unit 308 to the operation unit 308. The operation unit I / F 307 serves to transmit the information input by the system user from the operation unit 308 to the CPU 301. Note that the operation unit 308 includes a display unit having a touch panel, and various instructions can be given by a user pressing (touching with a finger or the like) a button displayed on the display unit.

  A network interface (Network I / F) 305 is connected to a network (LAN) and inputs / outputs data. A modem (MODEM) 306 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  Reference numeral 318 denotes an external interface (external I / F), which is an I / F unit that accepts external inputs such as USB, IEEE 1394, printer port, and RS-232C. In this embodiment, a card reader 319 for reading an IC card required for authentication is connected to the external I / F unit 318. The CPU 301 can control reading of information from the IC card by the card reader 319 via the external I / F 318, and can acquire information read from the IC card. The above devices are arranged on the system bus 309.

  Reference numeral 320 denotes an image bus interface (IMAGE BUS I / F), which is a bus bridge that connects the system bus 309 and an image bus 315 that transfers image data at high speed and converts the data structure.

  The image bus 315 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 315.

  A raster image processor (RIP) 310 develops vector data such as a PDL code into a bitmap image. A printer interface (printer I / F) 311 connects the printer unit 312 and the controller unit 316 and performs synchronous / asynchronous conversion of image data. A scanner interface (scanner I / F) 313 connects the scanner unit 314 and the controller unit 316 and performs synchronous / asynchronous conversion of image data.

  An image processing unit 317 performs correction, processing, and editing on input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 317 performs image data rotation and compression / decompression processing such as JPEG for multi-valued image data and JBIG, MMR, MH for binary image data.

  The scanner unit 314 illuminates an image on paper as a document and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 308, the CPU 301 gives an instruction to the scanner unit 314, and the feeder feeds the original paper one by one to read the original image. Perform the action.

  The printer unit 312 is a part that converts raster image data into an image on paper. The printing method of the printer unit 312 includes an electrophotographic method using a photosensitive drum and a photosensitive belt, and an ink jet method in which an ink is ejected from a minute nozzle array to directly print an image on a sheet. Absent. The activation of the printing operation is started by an instruction from the CPU 301. The printer unit 312 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  The operation unit 308 has an LCD display unit, and a touch panel sheet is pasted on the LCD. The operation unit 308 displays an operation screen of the system. When a displayed key is pressed, the position information is displayed on the operation unit I / F 307. To the CPU 301 via The operation unit 308 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

  Here, the start key of the operation unit 308 is used when starting a document image reading operation. At the center of the start key, there are two color LEDs, green and red, which indicate whether or not the start key can be used. Further, the stop key of the operation unit 308 functions to stop the operation in operation. The ID key of the operation unit 308 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit. A card reader 319 (corresponding to an IC card reader 319 described later) reads information stored in an IC card (for example, FeliCa (registered trademark) of Sony Corporation) under the control of the CPU 301 and reads the information. The CPU 301 is notified of the received information via the external I / F 318.

  With the configuration as described above, the multi-function device 100 can transmit the image data read from the scanner unit 314 to a LAN (network) or print out print data received from the LAN (network) by the printer unit 312. it can.

  Further, the image data read from the scanner unit 314 can be fax-transmitted on the public line by the modem 306, and the image data received by FAX from the public line can be output by the printer unit 312.

Description of FIG. 4 FIG. 4 is a block diagram illustrating an example of a software configuration of the multifunction peripheral 100 illustrated in FIG. 1, and the same components as those in FIG. 3 are denoted by the same reference numerals.

  As shown in FIG. 4, an IC card reader 319 is communicably connected to the multi-function device 100.

  An IC card authentication application (program) 1011 and a card ID storage area 1012 are configured in a storage area such as the HDD 304 or the RAM 302 of the multifunction peripheral 100.

  That is, the IC card authentication application 1011 is realized by the CPU 301 of the multifunction peripheral 100 shown in FIG. 3 executing a program read from the ROM 303 or the HDD 304 to the RAM 302 or the like.

  That is, by the IC card authentication application 1011, the CPU 301 of the multifunction peripheral 100 detects the IC card via the IC card reader 319 and acquires the card ID stored in the IC card. Then, the CPU 301 of the MFP 100 stores the acquired card ID in the card ID storage area 1012.

  Here, the card ID is information that can identify a user, such as an IC card manufacturing number UID (unique number) or personal identification information that identifies an individual.

Description of FIG. 5 FIG. 5 is a block diagram showing an example of a software configuration of the IC card authentication server 200 shown in FIG.

  In the storage area of the external memory 211 or RAM 203 of the IC card authentication server 200, the IC card authentication service 501, SecurityAgent service 502, authentication table deletion service 503, black list table 507 (black list storage means) (FIG. 21), an authentication table 504 (first authentication table) (authentication information storage means) (FIG. 13), a log 506, and a setting file 505 are stored (configured).

  That is, the IC card authentication service 501, SecurityAgent service 502, and authentication table deletion service 503 are realized by the CPU 201 of the IC card authentication server 200 executing a program read from the ROM 202 or HDD 211 to the RAM 203.

  The IC card authentication service 501 registers the card ID, user name, and last login date in the authentication table 504, or searches for the card ID, user name, and last login date registered in the authentication table.

  Further, the IC card authentication service 501 deletes the card ID, user name, and last login date registered in the authentication table 504 when a card ID overwrite request is made, and stores the information in the black list table 507 (FIG. 21). ). Thereafter, the card ID, the user name, and the last login date for which the overwriting request has been made are registered in the authentication table 504.

  The authentication table deletion service 503 deletes the card ID, user name, and last login date in the authentication table 504 based on a user information holding period stored in a setting file 505 described later.

Description of FIG. 6 Hereinafter, processing in the IC card authentication application 1011 in the multifunction peripheral 100 will be described with reference to the flowchart of FIG.

  FIG. 6 is a flowchart showing an example of a first control processing procedure in the printing system of the present invention, and corresponds to the processing by the IC card authentication application 1011 in the multifunction peripheral 100 shown in FIG. That is, it is realized by the CPU 301 of the MFP 100 shown in FIG. 3 executing a program read from the ROM 303 or HDD 304 to the RAM 302 or the like. In the figure, S401 to S426 indicate steps.

  When the multifunction device 100 is activated, the CPU 301 of the multifunction device 100 initializes the card ID storage area 1012 on the memory (such as the external memory 211 or the RAM 203) in step S401. In step S <b> 402, the CPU 301 of the multifunction peripheral 100 displays the login screen illustrated in FIG. 7 on the display unit of the operation unit 308. When the card ID storage area 1012 is initialized in S401, the CPU 301 of the multi-function peripheral 100 stores “NULL” in the card ID storage area.

  FIG. 7 is a schematic diagram illustrating an example of a login screen in the print system of the present invention.

  Next, in step S <b> 403, the CPU 301 of the multifunction peripheral 100 executes an IC card reading process. Next, when the user holds the IC card over the IC card reader 319, the CPU 301 of the multifunction peripheral 100 detects the IC card and acquires a card ID.

  Next, in step S404, the CPU 301 of the multifunction peripheral 100 determines whether or not an IC card has been detected. If it is determined that no IC card has been detected, the process returns to step S403, and the IC card again. The reading process is executed.

  On the other hand, if the CPU 301 of the multifunction peripheral 100 determines in step S404 that an IC card has been detected, it acquires a card ID from the detected IC card in step S405. Here, the CPU 301 of the MFP 100 stores the acquired card ID in a storage medium such as the RAM 203.

  In step S <b> 406, the CPU 301 of the multifunction peripheral 100 determines whether the card ID acquired in step S <b> 405 is the same as the card ID held in the card ID storage area 1012. If it is determined that they are the same (S406: YES), the CPU 301 of the multifunction peripheral 100 returns the process to S403 again and executes the IC card reading process again.

  On the other hand, if it is determined in step S406 that the card ID acquired in S405 is not the same as the card ID held in the card ID storage area 1012 (S406: NO), the CPU 301 of the multi-function peripheral 100 performs step S406. The process proceeds to S407.

  In step S407, the CPU 301 of the multifunction peripheral 100 updates the card ID held in the card ID storage area 1012 to the card ID acquired in S405.

  Next, in step S <b> 408, the CPU 301 of the multifunction peripheral 100 determines whether another user is already logged in. If it is determined that the user is logged in (S408: YES), the CPU 301 of the multifunction peripheral 100 forcibly logs off the logged-in user in step S409, and the process proceeds to step S410.

  That is, when a card ID different from the card ID permitting the use of the multifunction device is input, the use permission for the card ID permitted to be used is forcibly released (logged off). Accordingly, it is possible to log in with an appropriate user and execute processing of the multifunction peripheral 100 by the correct user. Therefore, since the printing process is not executed by the user who has logged off, printing with improved security is possible. Upon receiving the user's print request specified in the authentication process, the multifunction peripheral 100 acquires the user's print data stored in a predetermined storage location of the print data storage server 500, and executes the print process.

  On the other hand, if it is determined in step S408 that another user is not logged in, the CPU 301 of the multifunction peripheral 100 proceeds directly to step S410. That is, it is controlled so that the login process is not executed again in response to the login request for the card number of the same user acquired by the polling process. For this reason, optimal print processing is executed without erroneously deleting print data for the user by re-login processing.

  Next, in step S410, the CPU 301 of the multifunction peripheral 100 transmits the card ID acquired in S405 to the IC card authentication service 501 of the IC card authentication server 200 to request an authentication. When receiving the card ID, the IC card authentication service 501 searches whether or not the received card ID is registered (stored) in the authentication table. Then, the IC card authentication service 501 prohibits (disallows) login, if the card ID is registered, the authentication result including the user name as information indicating that login is permitted, and if the card ID is not registered. The authentication result including this information is transmitted to the multi-function device 100.

  In step S411, the CPU 301 of the multifunction peripheral 100 receives the authentication result from the IC card authentication service 501 of the IC card authentication server 200.

In step S <b> 412, the CPU 301 of the multifunction peripheral 100 determines whether the authentication result received in step S <b> 411 is information indicating that login is permitted (including the user name). If it is determined that the information is that the login is permitted (authentication OK) (S412: YES), the CPU 301 of the multifunction peripheral 100 advances the process to step S413.

  In step S413, the CPU 301 of the multifunction device 100 executes login processing to the multifunction device 100 using the user name included in the authentication result received in S411. In step S414, the operation screen is displayed on the operation unit 308 on the operation screen ( (Not shown) is displayed.

  In step S415, the CPU 301 of the multifunction peripheral 100 executes print processing or the like for the user in accordance with an operation from the user on the operation screen, and returns the process to step S403.

  On the other hand, if it is determined in step S412 that the authentication result received in S411 is not information indicating that login is permitted (authentication NG) (S412: NO), the CPU 301 of the multifunction peripheral 100 advances the process to step S416. .

  In step S416, the CPU 301 of the multifunction peripheral 100 displays the authentication failure screen illustrated in FIG. 8 on the operation unit 308, and waits for an instruction from the user.

  FIG. 8 is a schematic diagram illustrating an example of an authentication failure screen in the print system of the present invention.

  In FIG. 8, reference numeral 1201 denotes a Yes button, which is touched when executing user registration. Reference numeral 1202 denotes a No button which is touched when user registration is not executed. The user can selectively touch the Yes button 1201 or the No button 1202.

  When the Yes button 1201 or the No button 1202 is touched, the CPU 301 of the multifunction peripheral 100 advances the process to step S417.

  In step S417, the CPU 301 of the multi-function device 100 determines whether or not user registration is performed (Yes button 1201 is touched). If it is determined that the user is not registered (No button 1202 is touched) (S417: NO), the CPU 301 of the multifunction peripheral 100 returns the process to step S402 and displays the login screen of FIG. 7 again. .

  On the other hand, if it is determined in step S417 that user registration is to be performed (Yes button 1201 is touched) (S417: YES), the CPU 301 of the multifunction peripheral 100 operates the registration screen illustrated in FIG. 9 in step S418. Displayed on the part 308.

  FIG. 9 is a schematic diagram showing an example of a user registration screen in the print system of the present invention.

  In FIG. 9, reference numeral 1301 denotes a user name input field, and 1302 denotes a password input field. The user name and password managed by the directory service server 300 are displayed on a keyboard screen (not shown) displayed on the operation unit 308 or on the operation unit 308. Input (key input) from a hard key or the like (not shown).

  Reference numeral 1304 denotes a registration button, which is instructed to perform user registration. Reference numeral 1303 denotes a button for the top screen, which performs a touch instruction when returning to the login screen shown in FIG. 7 without executing user registration.

  Returning to the flowchart of FIG.

  Next, in step S419, the CPU 301 of the multifunction peripheral 100 determines whether or not the button 1303 is touched to the top screen. If it is determined that the button 1303 is touched to the top screen (S419: YES), the CPU 301 of the multifunction peripheral 100 returns the process to step S402 and displays the login screen of FIG. 7 again.

  On the other hand, if it is determined in step S419 that the button 1303 is not touched on the top screen (S419: NO), the CPU 301 of the multifunction peripheral 100 advances the process to step S420.

  In step S420, the CPU 301 of the multifunction peripheral 100 determines whether or not the registration button 1304 is instructed to be touched. If it is determined that the registration button 1304 is not instructed to be touched (S420: NO), the process proceeds to step S419. To return.

  On the other hand, if it is determined in step S420 that the registration button 1304 has been touched (S420: YES), the CPU 301 of the multifunction peripheral 100 advances the process to step S421.

  In step S <b> 421, the CPU 301 of the multifunction peripheral 100 transmits the user name and password input in the user name input field 1301 and password input field 1302 to the SecurityAgent service 502. Here, the CPU 301 of the multifunction peripheral 100 stores the input user name and password in a storage medium such as the RAM 302.

  In step S422, the CPU 301 of the MFP 100 receives the user authentication result from the SecurityAgent service 502. In step S423, the CPU 301 determines whether the user authentication result is authentication OK.

  If it is determined in step S423 that the user authentication result is authentication OK (S423: YES), the CPU 301 of the multifunction peripheral 100 advances the processing to step S425.

  In step S425, the CPU 301 of the multifunction peripheral 100 transmits the card ID input by the user (obtained in step S405) and the user name (user name input in the user name input field 1301) to the IC card authentication service 501. In step S426, the CPU 301 of the multifunction peripheral 100 receives registration OK from the IC card authentication service 501, and displays a registration completion screen shown in FIG.

  In step S425, the CPU 301 of the multifunction peripheral 100 acquires the card ID and user name acquired in step S405 from the storage medium such as the RAM 203, and transmits the card ID and user name to the IC card authentication service 501 (request for registration). ).

  FIG. 10 is a schematic diagram showing an example of a registration completion screen in the printing system of the present invention.

  When the OK button 1401 is touched on the registration completion screen in FIG. 10, the CPU 301 of the multifunction peripheral 100 returns the process to step S <b> 402 and displays the login screen in FIG. 7 again.

  On the other hand, when it is determined in step S423 that the user authentication result is authentication NG (S423: NO), the CPU 301 of the multifunction peripheral 100 displays the registration failure screen shown in FIG. 11 in step S424.

  FIG. 11 is a schematic diagram showing an example of a registration failure screen in the print system of the present invention.

  When the OK button 1501 is touched on the registration failure screen in FIG. 11, the CPU 301 of the multifunction peripheral 100 returns the process to step S <b> 402 and displays the login screen in FIG. 7 again.

Description of FIG. 12 Hereinafter, processing in the IC card authentication service 501 in the IC card authentication server 200 will be described with reference to the flowchart of FIG.

  FIG. 12 is a flowchart showing an example of the second control processing procedure in the print system of the present invention, and corresponds to the processing by the IC card authentication service 501 in the IC card authentication server 200 shown in FIG. That is, it is realized by the CPU 201 of the IC card authentication server 200 executing a program read from the ROM 202 or HDD 211 to the RAM 203. In the figure, S601 to S610 indicate each step.

  First, when the CPU 201 of the IC card authentication server 200 receives the card ID (, user name) from the IC card authentication application 1011 of the multifunction peripheral 100 (S601), the process proceeds to step S602.

  In step S602, the CPU 201 of the IC card authentication server 200 determines whether or not user name information is included in the received information. When it is determined that the user name information is not included in the received information (S602: NO), the CPU 201 of the IC card authentication server 200 transmits the information transmitted in S410 of FIG. And the process proceeds to step S603.

  In step S603, the CPU 201 of the IC card authentication server 200 searches the authentication table 504 shown in FIG. 13 using the card ID received in S601 as a key.

  FIG. 13 is a diagram showing an example of the configuration of the authentication table 504 shown in FIG.

Stores the last login date information. Each record (card ID, user name, last login date) indicates information of each user.

  Returning to the flowchart of FIG.

  In step S604, the CPU 201 of the IC card authentication server 200 determines whether the card ID received in step S601 has been registered in the authentication table 504 based on the search result in step S603. If it is determined that it has been registered (S604: YES), the CPU 201 of the IC card authentication server 200 advances the process to step S605.

  In step S605, the CPU 201 of the IC card authentication server 200 updates the date (last login date) in the authentication table 504 to the current date, and the process proceeds to step S606. As described above, when the card ID received in S601 has already been registered in the authentication table 504, the last login date corresponding to the card ID is updated to the current time in the authentication table 504. Store (last login time storage means). In step S <b> 606, the CPU 201 of the IC card authentication server 200 transmits an authentication result indicating authentication OK to the IC card authentication application 1011 of the multifunction peripheral 100, and the process of this flowchart ends.

  On the other hand, if it is determined in step S604 that the card ID received in S601 has not been registered in the authentication table 504 (S604: NO), the process proceeds to step S607.

  In step S <b> 607, the CPU 201 of the IC card authentication server 200 transmits an authentication result indicating authentication NG to the IC card authentication application 1011 of the multifunction peripheral 100, and the process of this flowchart ends. Note that the authentication result transmitted in S606 and S607 is received in S411 of FIG.

  On the other hand, if it is determined in step S602 that the user name information is included in the information received in S601 (S602: YES), this information is the information transmitted in S425 of FIG. Recognize and proceed to step S608.

  In step S608, the CPU 201 of the IC card authentication server 200 writes the card ID, user name, and current date received in S601 in the authentication table 504. That is, the CPU 201 of the IC card authentication server 200 registers (stores) the card ID, the user name, and the current date and time acquired in S601 in the authentication table 504 in association with each other.

  Next, in step S609, the CPU 201 of the IC card authentication server 200 writes the current date and time (registration time), the card ID received in S601, and the user name in the log 506 (FIG. 14).

  FIG. 14 is a diagram illustrating an example of the configuration of the log 506 illustrated in FIG.

  As illustrated in FIG. 14, the log 506 stores registration date / time, card ID, and user name information.

  Returning to the flowchart of FIG.

  Next, in step S610, the CPU 201 of the IC card authentication server 200 transmits a registration result indicating registration OK to the IC card authentication application 1011 of the multifunction peripheral 100, and ends the processing of this flowchart. Note that the registration result transmitted in S610 is received in S426 of FIG.

Description of FIG. 15 Hereinafter, processing in the SecurityAgent service 502 in the IC card authentication server 200 will be described with reference to the flowchart of FIG.

  FIG. 15 is a flowchart showing an example of a third control processing procedure in the print system of the present invention, and corresponds to the processing by the SecurityAgent service 502 in the IC card authentication server 200 shown in FIG. That is, it is realized by the CPU 201 of the IC card authentication server 200 executing a program read from the ROM 202 or HDD 211 to the RAM 203. In the figure, S700 to S703 indicate each step.

  First, when the CPU 201 of the IC card authentication server 200 receives a user name and password from the IC card authentication application 1011 of the multifunction peripheral 100 (S700), the process proceeds to step S701. Note that the user name and password received in S700 are those transmitted in S421 of FIG.

  In step S701, the CPU 201 of the IC card authentication server 200 transmits the user name and password received in S700 to the directory service server 300 to inquire about the authentication result.

  Then, when receiving the authentication result from the directory service server 300, the CPU 201 of the IC card authentication server 200 determines in step S702 whether or not the authentication result in the directory service server 300 is authentication OK.

  If it is determined in step S702 that the authentication result in the directory service server 300 is authentication OK (S702: YES), the CPU 201 of the IC card authentication server 200 advances the process to step S703.

  In step S703, the CPU 201 of the IC card authentication server 200 transmits an authentication OK as an authentication result to the IC card authentication application 1011 and ends the process of this flowchart.

  On the other hand, if it is determined in step S702 that the authentication result in the directory service server 300 is authentication NG (S702: NO), the CPU 201 of the IC card authentication server 200 advances the processing to step S704.

  In step S704, the CPU 201 of the IC card authentication server 200 transmits authentication NG as an authentication result to the IC card authentication application 1011 and ends the processing of this flowchart.

  Note that the authentication result transmitted in S703 and S704 is received in S422 in FIG.

  As described above, in the printing system of the present invention, authentication information can be registered in the IC card authentication server 200, and the printing apparatus can be used.

Description of FIG. 16 The processing in the authentication table deletion service 503 in the IC card authentication server 200 will be described below with reference to the flowchart of FIG.

  FIG. 16 is a flowchart showing an example of a fourth control processing procedure in the printing system of the present invention. The first authentication table deletion by the processing of the authentication table deletion service 503 in the IC card authentication server 200 shown in FIG. Corresponds to processing. That is, it is realized by the CPU 201 of the IC card authentication server 200 executing a program read from the ROM 202 or HDD 211 to the RAM 203. In the figure, S801 to S805 indicate steps.

  When the first deletion process is started, the CPU 201 of the IC card authentication server 200 determines the user information holding period (“7” in the example shown in FIG. 17) held in the setting file 505 shown in FIG. 17 in step S801. Read.

  FIG. 17 is a diagram showing an example of the configuration of the setting file 505 shown in FIG.

  As shown in FIG. 17, the setting file 505 has a user information holding period as an item, and stores the number of days as a value (period is set).

  Hereinafter, the description returns to the flowchart of FIG.

  Next, in step S802, the CPU 201 of the IC card authentication server 200 reads one row (one record) of the authentication table 504 (FIG. 13), and in step S803, determines whether the read row is an EOF. To do.

  If it is determined in step S803 that the line read in S802 is not EOF (S803: NO), the CPU 201 of the IC card authentication server 200 advances the process to step S804.

  In step S804, the CPU 201 of the IC card authentication server 200 determines “today (card ID, user name, last login date)” based on the user information holding period read in S801 and one row of the authentication table 504 read in S802 (card ID, user name, last login date). It is determined whether or not “current) date−last login date> = user information holding period”.

  If it is determined in step S804 that “today (current) date−last login date> = user information holding period” is satisfied (S804: YES), the CPU 201 of the IC card authentication server 200 proceeds to step S805. Proceed with the process.

  In step S805, the CPU 201 of the IC card authentication server 200 deletes one line (one line read in S802) from the authentication table 504, and returns the process to step S802.

  On the other hand, if it is determined in step S804 that “today (current) date−last login date> = user information holding period” is not satisfied (S804: NO), the CPU 201 of the IC card authentication server 200 directly performs the step. The process returns to S802.

  If it is determined in step S803 that the line read in S802 is EOF (S803: YES), the CPU 201 of the IC card authentication server 200 ends the processing of this flowchart.

  Through the above processing, the user information (card ID, user name, The last login date) is deleted from the authentication table 504 by the authentication table deletion service 503. Therefore, it is not necessary to delete the user information manually by the administrator, and the administrator's trouble can be reduced.

  The activation of the authentication table deletion service 503 may be automatically performed at a date and time specified in advance (for example, at night) (night batch).

  As described above, the printing system of the present invention can delete the card ID for which a predetermined period has elapsed since the last login from the authentication table 504.

  Note that a notification destination such as an email address is registered for each user name (notification destination registration), and the authentication table deletion service 503 monitors the last login date and time (for example, one day before (by the administrator) It may be configured to have a function of notifying that the user information is deleted from the authentication table 504 to the mail address corresponding to the user name associated with the card ID. As described above, the user is notified that the user information is to be deleted from the authentication table after the predetermined period to the notification destination associated with the card ID or the user name. Can be known in advance.

Description of FIG. 18 Hereinafter, the second authentication table deletion processing by the authentication table deletion service 503 of the IC card authentication server 200 shown in FIG. 5 will be described with reference to the flowchart of FIG.

  FIG. 18 is a flowchart showing an example of the fifth control processing procedure in the printing system of the present invention, corresponding to the second authentication table deletion processing by the authentication table deletion service 503 of the IC card authentication server 200 shown in FIG. To do. In the figure, the processing of S1601, S1602, S1606, and S1607 is realized by the CPU 201 of the IC card authentication server 200 executing a program read from the ROM 202 or HDD 211 to the RAM 203. Further, the processing of S1603 to S1605 is realized by the CPU 201 of the directory service server 300 executing a program read from the ROM 202 or HDD 211 to the RAM 203.

  When the second deletion process is started, the CPU 201 of the IC card authentication server 200 acquires all user names from the authentication table 504 in step S1601.

  Next, in step S1602, the CPU 201 of the IC card authentication server 200 stores (registers) each user name acquired in S1601 in the authentication table 1900 (second authentication table) (FIG. 19) managed by the directory service server 300. ) Is transmitted to the directory service server 300 (including all user names acquired in step S1601).

  FIG. 19 is a diagram showing a part of an authentication table 1900 (second authentication table) stored in the HD 211 of the directory service server 300.

  As shown in FIG. 19, the authentication table 1900 managed by the directory service server 300 stores user names and passwords.

  Returning to the flowchart of FIG.

In step S1603, the CPU 201 of the directory service server 300 receives information indicating that it is stored (registered) in the authentication table 1900 (including all user names acquired in S1601) (S1603: YES). Wait until. And
When receiving information indicating whether or not the user name is stored (registered) in the authentication table 1900 (S1603: YES), the CPU 201 of the directory service server 300 advances the process to step S1604.

  In step S1604, the CPU 201 of the directory service server 300 executes a search process of the authentication table 1900 for all user names included in the information received in S1603, and lists user names that are not stored (registered) in the authentication table 1900. Get (search results).

  In step S <b> 1605, the CPU 201 of the directory service server 300 transmits a list of user names (search results) not stored (registered) in the authentication table 1900 to the IC card authentication server 200.

  When the CPU 201 of the IC card authentication server 200 receives a list (search result) of user names not stored (registered) in the authentication table 1900 managed by the directory service server 300 from the directory service server 300 (step S1606), step S1607. Proceed with the process.

  In step S1607, the CPU 201 of the IC card authentication server 200 searches the authentication table 504 based on the user name included in the list (search result) received in S1606, and specifies the card ID corresponding to the user name. Further, the CPU 201 of the IC card authentication server 200 deletes the user name and card ID from the authentication table 504, and ends the processing of this flowchart.

  Conventionally, when a user retires or the like, the administrator of the directory service server 300 displays the user authentication information registered in the authentication table 1900 (second authentication table) (FIG. 19) managed by the directory service server 300. In addition, the authentication information of the retired user must also be deleted from the authentication table 504 (first authentication table) (FIG. 13) of the IC card authentication server 200.

  Therefore, in the present embodiment, as described above, user authentication information that does not exist in the authentication table 1900 (second authentication table) (FIG. 19) managed by the directory service server 300 is used as the authentication table of the IC card authentication server 200. By deleting from the authentication table 504 (first authentication table) (FIG. 13), it is possible to reduce complicated user deletion operations by the administrator.

  Further, the authentication information (first authentication information) such as the UID of the retired user's IC card is registered with the user authentication information (second authentication information) registered in the authentication table 1900 (FIG. 19) of the directory service server. Can be disabled according to the deletion of

  The authentication table deletion service 503 is configured to periodically execute the second authentication table deletion process.

  That is, the authentication table deletion service 503 periodically inquires of the directory service server 300 whether or not the user name registered in the authentication table 504 exists, and the user name that does not exist in the directory service server 300 is determined by the authentication table 504. It has the structure deleted from. Thereby, complicated operations such as registration or deletion of authentication information (card ID of IC card, user name) such as UID performed by the administrator can be reduced.

[Second Embodiment]
In addition to the first embodiment, a system for controlling the user so that a plurality of IC cards (authentication information such as UIDs) cannot be registered in the authentication table is described as a second embodiment in FIGS. Will be described.

  In this embodiment, FIG. 6 described in the first embodiment is replaced with FIG. 23 (FIGS. 23A to 23C), and FIG. 12 is replaced with FIG. In addition, when the process of each step shown in FIG. 23 (FIGS. 23A to 23C) and FIG. 24 and the process of each step shown in FIGS. 6 and 12 are the same, the same step number is given. The description of the same steps as those described in the first embodiment is omitted.

  First, with reference to FIG. 23 (FIGS. 23A to 23C), processing in the IC card authentication application 1011 in the multifunction peripheral 100 will be described.

  23A to 23C are flowcharts showing an example of a sixth control processing procedure in the print system of the present invention, and the IC card authentication application 1011 in the multifunction peripheral 100 shown in FIG. 4 in the second embodiment of the present invention. It corresponds to the processing by. That is, it is realized by the CPU 301 of the MFP 100 shown in FIG. 3 executing a program read from the ROM 303 or HDD 304 to the RAM 302 or the like.

  The description of steps S401 to S409 is the same as in FIG.

  When it is determined NO in step S408 of FIG. 23A, or when the process of step S409 ends, the CPU 301 of the multifunction peripheral 100 advances the process to step S2301 of FIG. 23B.

  In step S2301 of FIG. 23B, the CPU 301 of the multifunction peripheral 100 transmits the card ID acquired in S405 to the IC card authentication service 501 of the IC card authentication server 200. In this way, by transmitting the card ID to the IC card authentication service, it is determined whether or not the card ID is registered in the black list table 507 (FIG. 21) and the authentication table 504 (FIG. 13). Make a search request.

  When receiving the black list search request, the IC card authentication service 501 searches whether or not the received card ID is registered (stored) in the black list table (FIG. 21). The search result (without ID) is transmitted to the multifunction device 100 as information indicating that registration to the table is permitted, and information indicating that registration to the authentication table is prohibited (with ID) if registered. To do.

  FIG. 21 is a diagram showing an example of the configuration of the black list table 507 shown in FIG.

  As shown in FIG. 21, the black list table 507 stores old card ID, user name, and record deletion date information. The black list table stores card IDs that do not permit the use of the multifunction device 100.

  Returning to the flowchart of FIG.

  Next, in step S2302 of FIG. 23B, the CPU 301 of the multi-function peripheral 100 searches the IC card authentication service 501 of the IC card authentication server 200 for the search result (the search result (no ID) transmitted in S2404 shown in FIG. The search result (with ID) transmitted in S2405 is received.

  Next, in step S2303, the CPU 301 of the MFP 100 determines whether the search result received in S2302 is not information indicating that registration is permitted (ID is present). If it is determined that the registration is not permitted (ID is present) (2303: YES), the CPU 301 of the multifunction peripheral 100 advances the process to step S2304.

  In step S2304, the CPU 301 of the multifunction peripheral 100 displays a registration prohibition screen illustrated in FIG. 22 on the operation unit 308 and waits for a confirmation instruction from the user.

  FIG. 22 is a schematic diagram showing an example of a registration prohibition screen in the print system of the present invention.

  In FIG. 22, reference numeral 2201 denotes an OK button. When the OK button 2201 is touched, the process returns to step S402, and the login screen shown in FIG. 7 is displayed again.

  On the other hand, if it is determined in step S2303 that the search result received in S2302 is information indicating that registration is permitted (no ID) (S2303: NO), the process proceeds to step S411 in FIG. 23A.

  The description of steps S411 to S425 is the same as in FIG.

  When the process of step S425 in FIG. 23A ends, the CPU 301 of the multifunction peripheral 100 advances the process to step S2305 in FIG. 23C.

  In step S2305 of FIG. 23B, the CPU 301 of the MFP 100 searches the IC card authentication service 501 of the IC card authentication server 200 for a search result (search result (not registered) transmitted in S2408 shown in FIG. 24 described later) or transmitted in S2409. Search result (with registration)).

  In step S <b> 2306, the CPU 301 of the multifunction peripheral 100 determines whether the search result received in step S <b> 2305 is a search result indicating that the user name has been registered (registered). If it is determined that the search result is a search result (no registration) indicating that the user name has not been registered (step S2306: NO), that is, the user name transmitted in S425 of FIG. If it is determined that the device has been registered, the CPU 301 of the multifunction peripheral 100 advances the processing to step S426 in FIG. 23A. That is, in step S2304, if the CPU 301 of the multifunction peripheral 100 determines that the user name transmitted in step 425 is not registered in the authentication table 504 and is newly registered (step S2306: NO), FIG. The process of step S426 of 23A is executed.

  On the other hand, if it is determined in step S2306 that the search result received in S2305 is a search result (registered) indicating that the user name has been registered (YES in step S2306), the CPU 301 of the multifunction peripheral 100 performs the process in step S2307. Proceed.

  In step S2307, the CPU 301 of the multifunction peripheral 100 displays the overwrite confirmation screen illustrated in FIG. 25 on the operation unit 308 and waits for an instruction from the user.

  FIG. 25 is a schematic diagram illustrating an example of an overwrite confirmation screen in the print system of the present invention.

  In FIG. 25, reference numeral 2501 denotes a Yes button, which is touched when executing card ID overwrite registration. Reference numeral 2502 denotes a No button which is touched when card ID overwrite registration is not executed. The user can selectively touch the Yes button 2501 or the No button 2502.

  When the Yes button 2501 or the No button 2502 is touched, the CPU 301 of the multifunction peripheral 100 advances the process to step S2308 in FIG. 23C.

  In step S2308 of FIG. 23C, the CPU 301 of the multi-function peripheral 100 determines whether or not card ID overwrite registration is performed (Yes button 2501 is touched). If it is determined that the card ID is not overwritten (No button 2502 is touched) (S2308: NO), the CPU 301 of the multifunction peripheral 100 returns the process to step S402 in FIG. 23A, and again in FIG. Display the login screen.

  On the other hand, if it is determined in step S2308 that card ID overwrite registration is performed (Yes button 2501 is touched) (S2308: YES), the CPU 301 of the multifunction peripheral 100 advances the process to step S2309.

  In step S2309, the CPU 301 of the multifunction peripheral 100 transmits an overwrite registration request flag to the IC card authentication service 501, and the process proceeds to step S426 in FIG. 23A. In step S426, the CPU 301 of the MFP 100 receives no ID from the IC card authentication service 501 and displays a registration completion screen shown in FIG.

  Hereinafter, processing in the IC card authentication service 501 in the IC card authentication server 200 will be described with reference to the flowchart of FIG.

  FIG. 24 is a flowchart showing an example of a seventh control processing procedure in the print system of the present invention. In the IC card authentication service 501 in the IC card authentication server 200 shown in FIG. 5 in the second embodiment of the present invention. Processing will be described. That is, it is realized by the CPU 201 of the IC card authentication server 200 executing a program read from the ROM 202 or HDD 211 to the RAM 203.

  First, when the CPU 201 of the IC card authentication server 200 receives the card ID (, user name) from the IC card authentication application 1011 of the multifunction peripheral 100 (S601), the process proceeds to step S602.

  In step S602, the CPU 201 of the IC card authentication server 200 determines whether or not user name information is included in the received information. If it is determined that the user name information is not included in the received information (S602: NO), the CPU 201 of the IC card authentication server 200 transmits the information transmitted in S2301 of FIG. (Search request), the process proceeds to step S2402.

  On the other hand, if it is determined in step S602 that the user name information is included in the information received in S601 (S602: YES), the CPU 201 of the IC card authentication server 200 displays this information in FIG. Recognizing that the information is transmitted in S425, the process proceeds to step S2406.

  First, the processing (steps S2402 to S2405) when it is determined that the information of the user name is not included in the information received in step S602 (S602: NO) will be described.

  In step S2402, the CPU 201 of the IC card authentication server 200 searches the black list table 507 shown in FIG. 21 using the card ID received in S601 as a key.

  In step S2403, the CPU 201 of the IC card authentication server 200 determines whether the card ID received in S601 is registered in the black list table 507 based on the search result in S2402. If it is determined that it is not registered (S2403: NO), the CPU 201 of the IC card authentication server 200 transmits the search result (no ID) to the IC card authentication application 1011 in step S2404, and steps S603 to S603. The process of S606 is executed and the process ends. In addition, since the process of step S603 to S606 is described in 1st Embodiment, description is abbreviate | omitted.

  On the other hand, if it is determined that there is registration (S2403: YES), the CPU 201 of the IC card authentication server 200 transmits the search result (with ID) to the IC card authentication application 1011 in step S2405, and the processing of this flowchart. Exit.

  Next, processing (steps S2401, S2406 to S2411) when it is determined that the information of the user name is included in the information received in step S602 (S602: YES) will be described.

  In step S2406, the CPU 201 of the IC card authentication server 200 searches the authentication table 504 for the user name using the user name received in step S601 as a key, and the process proceeds to step S2407.

  In step S2407, the CPU 201 of the IC card authentication server 200 determines whether or not the user name is registered. If it is determined that the user name is not registered (S2407: NO), the CPU 201 of the IC card authentication server 200 advances the process to step S2408. In step S2408, the CPU 201 of the IC card authentication server 200 transmits a user name search result (no registration) indicating that the user name is not registered in the authentication table 504 to the IC card authentication application, and step S608. Proceed with the process.

  On the other hand, when it determines with having been registered (S2407: YES), CPU201 of the IC card authentication server 200 advances a process to step S2409.

  In step S2409, the CPU 201 of the IC card authentication server 200 transmits a user name search result (registered) indicating information indicating that the user name is registered in the authentication table 504 to the IC card authentication application, and step S2410. Proceed with the process.

  In step S2410, the CPU 201 of the IC card authentication server 200 waits for a certain period of time to receive an overwrite registration request (request by S2309 in FIG. 23C) from the IC card authentication application. If the overwrite registration request is not received from the IC card authentication application 1011 within the certain period (step S2410: NO), the CPU 201 of the IC card authentication server 200 ends the process.

  On the other hand, when the overwrite registration request is received (step S2410: YES), the CPU 201 of the IC card authentication server 200 advances the process to step S2411.

  In step S2411, the CPU 201 of the IC card authentication server 200 specifies the user name searched in S2406 and the card ID corresponding to (associated with) the user name, and the user name, the card ID, and the current date are specified. The information is stored in the black list table 507, and the process proceeds to step S2401.

  In step S2401, the CPU 201 of the IC card authentication server 200 deletes the card ID, the user name, and the last login date (date) registered in the authentication table 504, and the process proceeds to step S608. In step S608, the CPU 201 of the IC card authentication server 200 writes the card ID, user name, and current date received in S601 in the authentication table 504. That is, the CPU 201 of the IC card authentication server 200 overwrites and registers (stores) the card ID, the user name, and the current date and time acquired in S601 in the authentication table 504.

  Since subsequent steps S608 and S609 have already been described in the first embodiment, description thereof will be omitted.

  With the above processing, it is possible to prevent a plurality of IC cards (authentication information such as UIDs) from being registered in the authentication table for one user. Therefore, it is possible to prevent the user from printing the print data of a person other than the user, thereby improving security.

Hereinafter, the functional configuration of the multifunction peripheral 100 will be described with reference to FIG.
FIG. 26 is a functional block diagram of the multifunction device 100.
The first authentication information authentication request unit 2601 sends a card ID (first authentication information) read and input to the IC card authentication server 200 to make an authentication request. The authentication result acquisition unit 2602 acquires the authentication result from the IC card authentication server 200 in response to the authentication request from the first authentication information authentication request unit 2601. When the authentication result acquired by the authentication result acquisition unit 2602 indicates successful authentication, the permission unit 2603 permits the use of the multifunction device 100.
When the authentication result acquired by the authentication result acquisition unit 2602 is an authentication failure and the IC card authentication server 200 has inquired that the card ID is registered, the registration request unit 2604 is input from the operation unit 308 (FIG. 9). The user name (second authentication information) to be sent is transmitted to the IC card authentication server 200 to request registration.

  A search result acquisition 2605 acquires a black list table search result by the IC card authentication server 200. When the black list table search result acquired by the search result acquisition 2605 indicates that the card ID is registered in the black list table 507, the determination unit 2606 determines not to permit the use of the multifunction device 100.

  When the registration determination result by the IC card authentication server 200 indicates that the user name is registered in the authentication table 504, the registration request transmission unit 2607 is registered in the IC card authentication server 200 in the authentication table 504. A request for overwriting and registering the card ID associated with the user name over the card ID requested to be authenticated by the first authentication information authentication request unit 2601 is transmitted.

  When a card ID different from the card ID that permits the use of the multifunction device 100 is input, the logoff unit 2608 forcibly releases the use permission for the card ID that permits the use ( Log off).

  The first authentication information authentication request unit 2601, authentication result acquisition unit 2602, permission unit 2603, registration request unit 2604, search result acquisition 2605, determination unit 2606, registration request transmission unit 2607, and logoff unit 2608 are shown in FIG. This corresponds to the function of the IC card authentication application 1011 shown.

Hereinafter, the functional configuration of the IC card authentication server 200 will be described with reference to FIG.
FIG. 27 is a functional block diagram of the IC card authentication server 200 shown in FIG.
The authentication unit 2701 authenticates whether or not the card ID (first authentication information) received from the multifunction device 100 is stored in the authentication table 504. Further, the authentication unit 2701 stores the last time information of successful authentication in the authentication table 504 in association with the card ID as the last login time.

  When the authentication unit 2701 authenticates that the card ID received from the multifunction device 100 is not stored in the authentication table 504, the inquiry unit 2702 registers the card ID in the multifunction device 100. Inquire.

  When the second authentication information authentication request unit 2703 receives a registration request from the multifunction peripheral 100 in response to the inquiry from the inquiry unit 2702, the second authentication information authentication request unit 2703 receives the user name (second authentication information) included in the registration request. Then, the directory service server 300 is requested for authentication.

  When the registration unit 2704 receives an authentication result indicating that the user name requested by the second authentication information authentication request unit 2703 is registered in the directory service server 300 from the directory service server 300, the user name Are registered in the authentication table 504 in association with card IDs that are not stored in the authentication table 504 by the authentication unit 2701. Further, the card ID, the user name, and the registration time registered by the registration unit 2704 are stored as log information in the log 506 (log storage unit).

  The registration determination unit 2705 determines whether the user name requested for registration from the multifunction peripheral 100 is registered in the authentication table 504. The transmission unit 2706 transmits the determination result from the registration determination unit 2705 to the multi-function device 100.

  When the registration unit 2704 receives a request for overwriting registration of the card ID in the authentication table 507 from the multi-function peripheral 100, the registration unit 2704 overwrites the card ID already registered in the authentication table 507 with the card ID requested to be authenticated. Also, the card ID is registered in the black list table 507.

The search unit 2707 searches whether the card ID received from the multifunction peripheral 100 is registered in the black list information stored in the black list table 507.
When the period set in the setting file 505 has elapsed since the last login time stored in the authentication table 504, the first deletion unit 2708, and the card ID associated with the last login time, The user name associated with the card ID is deleted from the authentication table 504.

  The notification unit 2709 notifies the notification to delete by the first deletion unit 2708 to a notification destination (e-mail address or the like) registered in the setting file 505 in association with the card ID or the user name.

  The second authentication server inquiry unit 2710 inquires whether the user name stored in the authentication table 507 is stored in the directory service server 300. The second authentication information acquisition unit 2711 acquires a user name not registered in the directory service server 300 from the directory service server 300. The second deletion unit 2712 deletes the user name acquired by the second authentication information acquisition unit 2711 and the card ID associated with the user name from the authentication table 504.

  Note that the authentication unit 2701, the inquiry unit 2702, the registration unit 2704, the registration determination unit 2705, the transmission unit 2706, and the search unit 2707 correspond to the functions of the IC card authentication service 501 shown in FIG.

The second authentication information authentication request unit 2703 corresponds to the function of the SecurityAgent service 502 shown in FIG.
Furthermore, the first deletion unit 2708, the notification unit 2709, the second authentication server inquiry unit 2710, and the second deletion unit 2712 correspond to the function of the authentication table deletion service 503 shown in FIG.

  The present invention is not limited to the relationship between the authentication information managed by the IC card authentication server 200 and the authentication information managed by the directory service server 300. The authentication information for each authentication server is obtained by a plurality of authentication servers. Any system that can be managed is applicable.

  The authentication information managed by the server to which the present invention is applied is not limited to the IC card ID data (manufacturing number, etc.) and the user name, but also to the server that manages other authentication information such as biometric authentication information. The present invention is applicable. In other words, the present invention is applicable to any system having a server that manages (registers) any authentication information as long as the system includes a plurality of servers that manage (register) authentication information.

  Further, another information processing apparatus may be used instead of the multifunction peripheral 100.

  It should be noted that the configuration and contents of the various data described above are not limited to this, and it goes without saying that the various data and configurations are configured according to the application and purpose.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  Hereinafter, with reference to the memory map shown in FIG. 20, the configuration of a data processing program that can be read and executed by each device (multifunction device 100, IC card authentication server 200, directory service server 300) constituting the print system according to the present invention. explain.

  FIG. 20 shows a memory of a recording medium (storage medium) that stores various data processing programs that can be read by each device (multifunction device 100, IC card authentication server 200, directory service server 300) constituting the print system according to the present invention. It is a figure explaining a map.

  Although not specifically shown, information for managing a program group stored in the recording medium, for example, version information, creator, etc. is also stored, and information depending on the OS on the program reading side, for example, a program is identified and displayed. Icons may also be stored.

  Further, data depending on various programs is also managed in the directory. In addition, when a program or data to be installed is compressed, a program to be decompressed may be stored.

  6, 12, 15, 16, 18, 23 </ b> A to 23 </ b> C, and 24 in the present embodiment are installed by a program (such as an authentication program or an information processing program) installed from the outside. May be carried out. In this case, the present invention is applied even when an information group including a program is supplied to the output device from a recording medium such as a CD-ROM, a flash memory, or an FD, or from an external recording medium via a network. Is.

  As described above, a recording medium in which a program code of software for realizing the functions of the above-described embodiments is recorded is supplied to the system or apparatus, and the computer (or CPU or MPU) of the system or apparatus is stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by reading and executing the program code.

  In this case, the program code itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program code constitutes the present invention.

  As a recording medium for supplying the program code, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, A silicon disk or the like can be used.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) or the like running on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Furthermore, after the program code read from the recording medium is written in a memory provided in a function expansion board inserted in the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that the case where the CPU or the like provided in the board or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program represented by software for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

  Furthermore, by downloading and reading out a program represented by software for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention. It becomes.

  In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

100 MFP 200 IC Card Authentication Server 300 Directory Service Server 400 Computer 500 Print Data Storage Server 600 Network

Claims (14)

And the information processing apparatus, a first authentication server, the second authentication server and can communicate information processing second authentication information for identifying a user is stored whose use is permitted in the information processing apparatus A system,
The first authentication server is
First authentication information for identifying the storage medium, read from a storage medium used for permitting use of the information processing apparatus, and second authentication information for identifying the user; Authentication information storage means for linking and storing
A determining unit wherein the first authentication information received from the information processing apparatus, whether or not stored in the authentication information storage unit by being read from the storage medium in the information processing apparatus,
Authentication result transmission means for transmitting an authentication result based on the determination result by the determination means to the information processing apparatus;
Receiving means for receiving, from the information processing apparatus, second authentication information and a registration request input by the user operation in the information processing apparatus;
Registration determination means for determining whether the second authentication information received by the receiving means is stored in the authentication information storage means ;
In the case where the registration request is received by the receiving means, the second authentication information received by the receiving means is stored in the second authentication server, and the reception judging means When it is determined that the second authentication information received in step 2 is stored in the authentication information storage unit, the second authentication information stored in the authentication information storage unit is already stored in association with the second authentication information. a first registration to the black list information of the authentication information, and the black list registration means for deleting of the first authentication information from the authentication information storage means are,
Black determination means for determining whether or not the first authentication information received from the information processing apparatus is registered in the blacklist information;
A case where the receiving unit receives the registration request, wherein the black determination unit determines that the first authentication information received from the information processing apparatus is not registered in the black list information; and If the second authentication information received by the receiving means is stored in said second authentication server, the authentication information storage said second authentication information, in association with the said first authentication information with each other Registration means for registering with the means;
Equipped with a,
The information processing apparatus includes:
Authentication information authentication requesting means for transmitting the first authentication information read and input from the storage medium to the first authentication server and requesting authentication of the first authentication information ;
When the determination result by the black determination unit obtained in response to the authentication request by the authentication information authentication request unit indicates that the first authentication information is registered in the black list information, or the authentication information A determination unit that determines that the use of the information processing apparatus is not permitted when the authentication result based on the determination result by the determination unit obtained in response to the authentication request by the authentication request unit indicates that the authentication is not authenticated ;
Via the operation unit, when receiving a registration instruction of the first authentication information input read from the storage medium is input from the operation unit, the second authentication information for identifying a user first a registration request unit that performs a registration request of the first authentication information by sending the first authentication server,
The information processing system comprising: a. The information processing apparatus includes:
The obtained in response to the authentication request by the authentication information authentication requesting means, when said determination means determines based on a result authentication result by indicating that was not authenticated, for inputting the second authentication information A registration screen display means for displaying a registration request screen having an input field;
When the determination result by the black determination unit obtained in response to the authentication request by the authentication information authentication request unit indicates that the first authentication information is registered in the black list information, the registration screen display means, information processing system according to claim 1, wherein the controller controls so as not to display the registration request screen.   When the first authentication server determines that the first authentication information received from the information processing apparatus is registered in the black list information by the black determination unit, the determination unit performs the determination by the determination unit, The information processing system according to claim 1 or 2, wherein it is not determined whether or not the first authentication information received from the information processing apparatus is stored in the authentication information storage unit. The information processing apparatus includes:
An authorization means for permitting the use of the information processing apparatus, when indicating that the authentication result based on the determination result by the determination means obtained in response to the authentication request by the authentication information authentication request means has been authenticated;
The information processing system according to claim 1 , further comprising: The registration request means indicates that the authentication result based on the determination result by the determination means obtained in response to the authentication request by the authentication information authentication request means has not been authenticated, and stores the storage via the operation unit. When receiving a registration instruction of the first authentication information read and input from the medium, the second authentication information for identifying the user, which is input from the operation unit, is transmitted to the first authentication server, and The information processing system according to any one of claims 1 to 4, wherein a registration request for the first authentication information is made . The information processing apparatus does not perform registration processing by the registration unit when the second authentication information received by the reception unit is not stored in the second authentication server. The information processing system according to any one of 1 to 5. The first authentication server is
Authentication request means for transmitting the second authentication information received by the receiving means to the second authentication server and making an authentication request;
An authentication result receiving means for receiving an authentication result of the second authentication information in response to an authentication request by the authentication request means;
The information processing system according to claim 1, further comprising: The information processing apparatus, an information processing system according to any one of claims 1 to 7, characterized in that a printing device. First authentication information for identifying the storage medium that is read and input from a storage medium used for permitting use of the information processing apparatus and a user who is permitted to use the information processing apparatus are identified. Authentication information storage means for linking and storing second authentication information for the first authentication information received from the information processing apparatus by being read from the storage medium by the information processing apparatus, A determination unit that determines whether or not the information is stored in the information storage unit; an authentication result transmission unit that transmits an authentication result based on a determination result by the determination unit to the information processing device; and an operation of the user in the information processing device Receiving means for receiving the second authentication information and the registration request input from the information processing apparatus, and the second authentication information received by the receiving means is the authentication information. A registration determination unit that determines whether the storage unit stores the second authentication information received by the reception unit, and the second authentication information stored in the second authentication server. Is stored in the authentication information storage unit when the registration determination unit determines that the second authentication information received by the reception unit is stored in the authentication information storage unit. Blacklist registration means for registering the first authentication information already associated with the second authentication information in the blacklist information and deleting the first authentication information from the authentication information storage means And black determination means for determining whether or not the first authentication information received from the information processing apparatus is registered in the black list information, and the registration request is received by the receiving means. The second authentication received by the receiving means when the black determining means determines that the first authentication information received from the information processing apparatus is not registered in the blacklist information. A registration unit that registers the second authentication information and the first authentication information in the authentication information storage unit in association with each other when the information is stored in the second authentication server; An information processing apparatus capable of communicating with the first authentication server,
Authentication information authentication requesting means for transmitting the first authentication information read and input from the storage medium to the first authentication server and requesting authentication of the first authentication information;
When the determination result by the black determination unit obtained in response to the authentication request by the authentication information authentication request unit indicates that the first authentication information is registered in the black list information, or the authentication information A determination unit that determines that the use of the information processing apparatus is not permitted when the authentication result based on the determination result by the determination unit obtained in response to the authentication request by the authentication request unit indicates that the authentication is not authenticated;
When a registration instruction for the first authentication information read and input from the storage medium is received via the operation unit, the second authentication information for identifying the user input from the operation unit is input to the first authentication information. Registration request means for transmitting to the authentication server and requesting registration of the first authentication information;
An information processing apparatus comprising: A first authentication server capable of communicating with an information processing device and a second authentication server storing second authentication information for identifying a user permitted to use the information processing device;
First authentication information for identifying the storage medium, read from a storage medium used for permitting use of the information processing apparatus, and second authentication information for identifying the user; Authentication information storage means for linking and storing
Determination means for determining whether or not the first authentication information received from the information processing apparatus by being read from the storage medium by the information processing apparatus is stored in the authentication information storage means;
Authentication result transmission means for transmitting an authentication result based on the determination result by the determination means to the information processing apparatus;
Receiving means for receiving, from the information processing apparatus, second authentication information and a registration request input by the user's operation in the information processing apparatus;
Registration determination means for determining whether the second authentication information received by the receiving means is stored in the authentication information storage means;
In the case where the registration request is received by the receiving means, the second authentication information received by the receiving means is stored in the second authentication server, and the reception judging means If it is determined that the second authentication information received in step 2 is stored in the authentication information storage unit, the second authentication information stored in the authentication information storage unit is already stored in association with the second authentication information. Black list registration means for registering the first authentication information in the black list information and deleting the first authentication information from the authentication information storage means;
Black determination means for determining whether or not the first authentication information received from the information processing apparatus is registered in the blacklist information;
A case where the receiving unit receives the registration request, wherein the black determination unit determines that the first authentication information received from the information processing apparatus is not registered in the black list information; and When the second authentication information received by the receiving unit is stored in the second authentication server, the second authentication information and the first authentication information are associated with each other and stored in the authentication information. Registration means for registering with the means;
A first authentication server characterized by comprising: The information processing apparatus can communicate with a second authentication server storing second authentication information for identifying a user who is permitted to use the information processing apparatus, and the use of the information processing apparatus is permitted. Authentication information that is read and input from a storage medium used for the purpose of identifying the storage medium and second authentication information for identifying the user in association with each other A control method in a first authentication server comprising a storage means,
Whether or not the first authentication information received from the information processing apparatus by the determination means of the first authentication server being read from the storage medium by the information processing apparatus is stored in the authentication information storage means A determination step for determining whether or not
An authentication result transmitting step in which the authentication result transmitting means of the first authentication server transmits an authentication result based on the determination result of the determination step to the information processing apparatus;
A receiving step in which the receiving means of the first authentication server receives second authentication information and a registration request input by the user's operation in the information processing apparatus from the information processing apparatus;
A registration determination step in which the registration determination unit of the first authentication server determines whether the second authentication information received in the reception step is stored in the authentication information storage unit;
When the blacklist registration means of the first authentication server receives the registration request in the reception step, the second authentication information received in the reception step is stored in the second authentication server. And the registration determination step determines that the second authentication information received in the reception step is stored in the authentication information storage unit. A blacklist registration step of registering the first authentication information already associated with the second authentication information in the blacklist information and deleting the first authentication information from the authentication information storage means; ,
A black determination step in which the black determination means of the first authentication server determines whether or not the first authentication information received from the information processing apparatus is registered in the blacklist information;
When the registration unit of the first authentication server receives the registration request in the reception step, the first authentication information received from the information processing device in the black determination step is the black list information. And when the second authentication information received in the receiving step is stored in the second authentication server, the second authentication information and the first authentication A registration step in which information is linked to each other and registered in the authentication information storage means;
A control method comprising: The information processing apparatus can communicate with a second authentication server storing second authentication information for identifying a user who is permitted to use the information processing apparatus, and the use of the information processing apparatus is permitted. Authentication information that is read and input from a storage medium used for the purpose of identifying the storage medium and second authentication information for identifying the user in association with each other There is a program that can be read and executed by a first authentication server having storage means,
The first authentication server is
Determination means for determining whether or not the first authentication information received from the information processing apparatus by being read from the storage medium by the information processing apparatus is stored in the authentication information storage means;
Authentication result transmission means for transmitting an authentication result based on the determination result by the determination means to the information processing apparatus;
Receiving means for receiving, from the information processing apparatus, second authentication information and a registration request input by the user's operation in the information processing apparatus;
Registration determination means for determining whether the second authentication information received by the receiving means is stored in the authentication information storage means;
In the case where the registration request is received by the receiving means, the second authentication information received by the receiving means is stored in the second authentication server, and the reception judging means If it is determined that the second authentication information received in step 2 is stored in the authentication information storage unit, the second authentication information stored in the authentication information storage unit is already stored in association with the second authentication information. Black list registration means for registering the first authentication information in the black list information and deleting the first authentication information from the authentication information storage means;
Black determination means for determining whether or not the first authentication information received from the information processing apparatus is registered in the blacklist information;
A case where the receiving unit receives the registration request, wherein the black determination unit determines that the first authentication information received from the information processing apparatus is not registered in the black list information; and When the second authentication information received by the receiving unit is stored in the second authentication server, the second authentication information and the first authentication information are associated with each other and stored in the authentication information. A program which functions as a registration means for registering in a means. First authentication information for identifying the storage medium that is read and input from a storage medium used for permitting use of the information processing apparatus and a user who is permitted to use the information processing apparatus are identified. Authentication information storage means for linking and storing second authentication information for the first authentication information received from the information processing apparatus by being read from the storage medium by the information processing apparatus, A determination unit that determines whether or not the information is stored in the information storage unit; an authentication result transmission unit that transmits an authentication result based on a determination result by the determination unit to the information processing device; and an operation of the user in the information processing device Receiving means for receiving the second authentication information and the registration request input from the information processing apparatus, and the second authentication information received by the receiving means is the authentication information. A registration determination unit that determines whether the storage unit stores the second authentication information received by the reception unit, and the second authentication information stored in the second authentication server. Is stored in the authentication information storage unit when the registration determination unit determines that the second authentication information received by the reception unit is stored in the authentication information storage unit. Blacklist registration means for registering the first authentication information already associated with the second authentication information in the blacklist information and deleting the first authentication information from the authentication information storage means And black determination means for determining whether or not the first authentication information received from the information processing apparatus is registered in the black list information, and the registration request is received by the receiving means. The second authentication received by the receiving means when the black determining means determines that the first authentication information received from the information processing apparatus is not registered in the blacklist information. A registration unit that registers the second authentication information and the first authentication information in the authentication information storage unit in association with each other when the information is stored in the second authentication server; An information processing method for an information processing apparatus capable of communicating with the first authentication server,
Authentication information for requesting authentication of the first authentication information by the authentication information authentication requesting means of the information processing apparatus transmitting the first authentication information read and input from the storage medium to the first authentication server Certification request process;
The determination result by the black determination unit obtained by the first determination unit of the information processing apparatus in response to the authentication request by the authentication information authentication request step is the first authentication information registered in the black list information. In the case of indicating that the authentication information based on the determination result by the determination means obtained in response to the authentication request in the authentication information authentication request step is not authenticated, A decision process for deciding not to allow use;
When the registration request unit of the information processing apparatus receives a registration instruction for the first authentication information read and input from the storage medium via the operation unit, to identify a user input from the operation unit A registration request step for transmitting the second authentication information to the first authentication server to make a registration request for the first authentication information;
An information processing method characterized by comprising: First authentication information for identifying the storage medium that is read and input from a storage medium used for permitting use of the information processing apparatus and a user who is permitted to use the information processing apparatus are identified. Authentication information storage means for linking and storing second authentication information for the first authentication information received from the information processing apparatus by being read from the storage medium by the information processing apparatus, A determination unit that determines whether or not the information is stored in the information storage unit; an authentication result transmission unit that transmits an authentication result based on a determination result by the determination unit to the information processing device; and an operation of the user in the information processing device Receiving means for receiving the second authentication information and the registration request input from the information processing apparatus, and the second authentication information received by the receiving means is the authentication information. A registration determination unit that determines whether the storage unit stores the second authentication information received by the reception unit, and the second authentication information stored in the second authentication server. Is stored in the authentication information storage unit when the registration determination unit determines that the second authentication information received by the reception unit is stored in the authentication information storage unit. Blacklist registration means for registering the first authentication information already associated with the second authentication information in the blacklist information and deleting the first authentication information from the authentication information storage means And black determination means for determining whether or not the first authentication information received from the information processing apparatus is registered in the black list information, and the registration request is received by the receiving means. The second authentication received by the receiving means when the black determining means determines that the first authentication information received from the information processing apparatus is not registered in the blacklist information. A registration unit that registers the second authentication information and the first authentication information in the authentication information storage unit in association with each other when the information is stored in the second authentication server; An information processing program that can be read and executed by an information processing apparatus that can communicate with the first authentication server,
The information processing apparatus;
Authentication information authentication requesting means for transmitting the first authentication information read and input from the storage medium to the first authentication server and requesting authentication of the first authentication information;
When the determination result by the black determination unit obtained in response to the authentication request by the authentication information authentication request unit indicates that the first authentication information is registered in the black list information, or the authentication A determination unit that determines that the use of the information processing device is not permitted when the authentication result based on the determination result by the determination unit obtained in response to the authentication request by the information authentication request unit indicates that the authentication result is not authenticated; ,
When a registration instruction for the first authentication information read and input from the storage medium is received via the operation unit, the second authentication information for identifying the user input from the operation unit is input to the first authentication information. An information processing program that functions as a registration request unit that transmits to the authentication server and requests registration of the first authentication information.

Images