JP4767827B2 - Authentication server, printing apparatus, authentication server control method, printing apparatus control method, authentication system, program, and recording medium - Google Patents

Description

  The authentication system of the present invention relates to a method for reducing the number of times a user inputs authentication data in a system having a plurality of different restricted services.

  2. Description of the Related Art Conventionally, multifunction devices having a plurality of functions such as a copy function, a scan function, a print function, and a FAX transmission / reception function are known. In recent years, such a multifunction peripheral is connected to a PC (personal computer) or the like via a communication network to perform various kinds of processing.

  In the system proposed by the present applicant, based on SOAP (Simple Object Access Protocol), an application operating on a PC and a function of the printing apparatus are linked, and the printing apparatus operates as a part of the total application system. be able to. Accordingly, it is possible to easily construct a flexible cooperative process that appropriately combines the functions of the printing apparatus and the functions of the application on the PC (see Non-Patent Documents 1 and 2).

  In such a system, in order to ensure security, it is necessary to perform user authentication processing when starting each service by an application operating on a PC.

  Usually, a user authentication program is provided for each service. Information on available users is individually managed for each service. For this reason, an authentication screen is displayed for each service, and each time the user needs to input a user ID and password, there is a problem that the operation becomes complicated. In order to solve the problem, a method of centrally managing authentication information by an authentication server can be considered.

For example, in Patent Document 1, in order to maintain the latest version of the user authentication program for single sign-on, it is checked whether or not the version of the user authentication program is the latest version. A technique for downloading and overwriting the latest version of the user authentication program is disclosed.
JP2003-50781A (released on February 21, 2003) Sharp Corporation, "Digital Color Multifunction Machine ...", [online], [Search April 4, 2006], Internet <URL: http://www.sharp.co.jp/products/mx4501fn/text/function .html> Hisashi Kobayashi, “Sharp announces 12 digital full-color MFPs for enterprises…”, [online], November 24, 2005, ascii24.com, [April 4, 2006 search], Internet <URL: http://ascii24.com/news/i/hard/article/2005/11/24/659226-000.html>

  The printing apparatus has different functions depending on the model. Therefore, depending on the printing apparatus, there is a possibility that the service of an application that can execute cooperation processing is limited. For this reason, when upgrading an application that executes cooperative processing or adding a new application, it is necessary to set for each printing device whether or not the service can be linked with each printing device. It takes time and effort.

  The present invention has been made in view of the above-described problems, and an object thereof is to omit the trouble of setting up each printing apparatus when upgrading the version of an application for executing cooperation processing or adding a new application. It is to provide an authentication system capable of

  In order to solve the above-described problem, the authentication server of the present invention is capable of communicating with a printing apparatus, and is a cooperative process that combines processing of the printing apparatus and processing of an application executed on a device different from the printing apparatus. An authentication server for authenticating a user who uses the user authentication information, a user authentication information storage unit that stores user authentication information given in advance to each user, user authentication information acquired from the printing apparatus, and user authentication information storage And a token signal that generates a token signal and transmits it to the printing apparatus that is the transmission source of the user authentication information when the user authentication is successful by the authentication processing unit. The collaborative process including the transmission means, the identification information for identifying the application, and the process of the application is executed. Corresponding to the condition information storage unit for storing the condition information indicating the conditions of the printing apparatus necessary for the printing, and the condition information indicating the conditions satisfied by the characteristics based on the feature information indicating the characteristics of the printing apparatus Extraction means for performing extraction processing for extracting all of the identification information to be extracted from the condition information storage unit, identification information transmission means for transmitting the identification information extracted by the extraction means to the printing apparatus, and the identification information transmission means. The identification information acquisition unit that acquires the identification information selected by the user from the transmitted identification information from the printing apparatus together with the token signal, and the identification information acquisition unit acquires the token signal when the identification information acquisition unit acquires the token signal. Activation processing means for activating the application indicated by the identification information.

  The authentication server control method of the present invention is a user who can communicate with a printing apparatus and uses cooperative processing that combines processing of the printing apparatus and processing of an application executed on a device different from the printing apparatus. A method for controlling the authentication server, wherein the authentication server includes a user authentication information storage unit that stores user authentication information previously assigned to each user, identification information for identifying the application, A condition information storage unit that stores the condition information indicating the conditions of the printing apparatus necessary for executing the cooperation process including the process of the application in association with each other, and the authentication processing unit of the authentication server includes A first step of performing user authentication by comparing user authentication information acquired from a printing apparatus with the user authentication information storage unit; A second step in which a token signal transmission unit of the server generates a token signal and transmits the token signal to the printing apparatus that is a transmission source of the user authentication information when the user authentication is successful by the authentication processing unit; A third step of extracting from the condition information storage unit all of the identification information corresponding to the condition information indicating the condition satisfied by the feature based on the feature information indicating the feature of the printing apparatus; A fourth step in which the identification information transmission means of the authentication server transmits the identification information extracted by the extraction means to the printing device; and the identification information transmitted by the identification information transmission means by the identification information acquisition means of the authentication server. A fifth step of acquiring identification information selected by the user from the information together with a token signal from the printing apparatus; and If means acquires the token signal, activation processing means of the authentication server, and a sixth step of starting the application indicated by the identification information the identification information acquisition unit acquires.

  Further, the printing apparatus of the present invention is a printing apparatus that can communicate with the authentication server and performs cooperation processing in cooperation with an application executed on an external apparatus, and the user authentication information input to the input unit From the user authentication information transmitting means for transmitting to the authentication server, the token signal acquiring means for acquiring the token signal from the authentication server and storing it in the storage device when the authentication is successful in the authentication server, and the authentication server. Acquires identification information for identifying an application that can be linked with the apparatus, stores the identification information in the storage device, and stores the identification information in the storage device in accordance with display processing means to be displayed on the display unit and input information to the input unit. One of the identification information is selected, and the selected identification information and the token signal stored in the storage device are And selecting means for transmitting to the server.

  According to another aspect of the present invention, there is provided a printing apparatus control method that is capable of communicating with the authentication server and that performs cooperation processing in cooperation with an application that is executed by an external apparatus. A seventh step in which the authentication information transmitting unit transmits the user authentication information input to the input unit to the authentication server; and when the token signal acquisition unit of the printing apparatus is successfully authenticated in the authentication server, The eighth step of acquiring a token signal from the server and storing it in the storage device, and the display processing means of the printing device acquire identification information for identifying an application that can be linked with the printing device from the authentication server. The ninth step of storing the identification information in the storage device and displaying the identification information on the display unit and the selection unit of the printing apparatus are provided to the input unit. A tenth step of selecting one of the identification information stored in the storage device according to the input information, and transmitting the selected identification information and the token signal stored in the storage device to the authentication server; including.

  The authentication system of the present invention includes the authentication server and the printing apparatus.

  According to the above configuration, the token signal transmission unit transmits the token signal to the printing apparatus when the user authentication is successful. The identification information acquisition unit acquires the identification information selected by the user and the token signal from the printing apparatus. The activation processing unit activates the application indicated by the identification information acquired from the printing apparatus.

  Therefore, the printing apparatus can execute each application by transmitting a token signal received from the authentication server to the authentication server, even when executing cooperation processing with a plurality of applications. That is, the printing apparatus does not need to prompt the user to input user authentication information such as a user ID and a password each time the cooperation process is executed. As a result, user convenience is improved.

  Further, the extraction means of the authentication server extracts all of the identification information corresponding to the condition information indicating the condition that the feature indicated by the feature information satisfies based on the feature information of the printing apparatus. Then, the extracted identification information is transmitted to the printing apparatus. In the printing apparatus, the identification information is displayed on the display unit. As a result, the user can select a desired application from among applications that can be linked with the operating printing apparatus. Therefore, the user does not accidentally select an application that cannot be linked with the printing apparatus that is operating.

  Note that the authentication server may acquire the feature information from the printing apparatus. Alternatively, the authentication server stores the characteristic information of each printing device and the specific information for specifying the printing device in association with each other, acquires the specific information from the printing device, and corresponds to the specific information. Information may be read out.

  Even when an application is upgraded or a new application is developed, each printing device can identify an application that can cooperate with its own device by updating the condition information storage unit of the authentication server. Only information can be acquired. That is, it is not necessary to set information indicating whether or not the cooperation processing with each application can be executed for each printing apparatus, and such trouble can be omitted.

  Furthermore, in the authentication server of the present invention, the user authentication information storage unit stores the user authentication information in association with the identification information corresponding to an application that can be used by the user to which the user authentication information is assigned. The extraction unit specifies identification information corresponding to the user authentication information acquired from the printing apparatus from the user authentication information storage unit, and performs the extraction process from the specified identification information.

  As an application sales company, it is desired that only a user who has paid for the use of the application use the application. Further, depending on a department including a plurality of users, only a specific user may use a specific application.

  According to said structure, the user authentication information storage part has memorize | stored the identification information corresponding to the application which a user can utilize. Then, the extracting unit specifies identification information corresponding to the user authentication information acquired from the printing apparatus from the user authentication information storage unit, and performs the extraction process from the specified identification information. Thereby, the identification information transmitted to the printing apparatus is only information corresponding to an application that can be used by the user. As a result, the user cannot select an unusable application.

  Therefore, the application sales company can make the application available only to the user who paid the consideration. Further, only a specific user can use a specific application.

  Furthermore, the authentication server of the present invention communicates with the printing apparatus using a markup language. Here, the markup language is XML, SOAP, or the like. Thereby, high-speed and responsive communication can be realized between the printing apparatus and the authentication server.

  Furthermore, in the authentication server of the present invention, the application is executed in an external information processing apparatus.

  According to said structure, the processing load concerning execution of an application can be disperse | distributed to another information processing apparatus. As a result, a decrease in the processing speed of the authentication server can be reduced.

  In the authentication server of the present invention, the condition information and the feature information include function information indicating a function of the printing apparatus.

  Here, the function information includes, for example, the presence / absence of a color / monochrome printing function, the presence / absence of a duplex printing function, the presence / absence of a FAX transmission function, and the like.

  The printing apparatus may be able to add functions by attaching an optional device. Even in such a case, identification information indicating an application capable of cooperating with the printing apparatus is extracted according to the current function. Therefore, the identification information of an application that cannot be linked with the current printing apparatus is not erroneously transmitted to the printing apparatus.

  Furthermore, in the authentication server of the present invention, the condition information storage unit stores the identification information in association with usage period information indicating a period in which the cooperation process indicated by the identification information can be used. Based on the usage period information stored in the condition information storage unit, the extraction unit performs the extraction process from the identification information indicating the cooperation process during the usable period.

  According to the above configuration, the identification information of the application that has passed the usable period is not transmitted to the printing apparatus. As a result, the user who operates the printing apparatus does not erroneously select an application whose usable period has expired, and can prevent user confusion. In addition, the application sales company can include an available period in the license of the application.

  Furthermore, the printing apparatus according to the present invention includes a validity period setting unit that sets a validity period of the token signal and the identification information in the storage device, and a period in which the token signal and the identification information are stored in the storage device. And an information erasing unit that deletes the token signal and the identification information from the storage device when the number is exceeded.

  According to the above configuration, after a certain user inputs user authentication information and executes some linkage processing, the validity period expires even if the user does not log off correctly and leaves the printing apparatus. The token signal and identification information are automatically deleted. Thereby, it is possible to prevent an unauthorized person from executing the cooperation process.

  Note that the authentication server and the printing apparatus may be realized by a computer. In this case, a program for causing the computer to operate the authentication server and the printing apparatus by operating the computer as the above-described means, and recording the program Such computer-readable recording media also fall within the scope of the present invention.

  According to the authentication server and the printing apparatus of the present invention, it is possible to realize an authentication system capable of omitting the setting work of each printing apparatus when upgrading the version of an application for executing cooperation processing or adding a new application. be able to.

  An embodiment of the present invention will be described below with reference to FIGS. Hereinafter, an embodiment of an authentication system according to the present invention will be described. FIG. 2 is a diagram showing an outline of the authentication system according to the present embodiment.

  As shown in FIG. 2, the authentication system according to the present embodiment includes a printing device 1, a control device 3, and an authentication server 2 that centrally manages user authentication information of users who log in to the printing device 1. These devices are connected via a network line 4. Of course, the number of printing apparatuses 1 and control apparatuses 3 included in the authentication system may be plural.

  As the network line 4, the Internet, a serial cable, or another communication line such as a wired line or a wireless line can be used. Note that it is preferable to use a markup language such as XML (extensible markup language) or SOAP (simple object access protocol) for communication between the printing apparatus 1 and the authentication server 2. Thereby, high-speed and responsive network communication can be realized between the authentication server 2 that centrally manages user authentication information and the printing apparatus 1.

  In the present embodiment, the printing apparatus 1 performs processing (cooperation processing) in cooperation with an application program (hereinafter simply referred to as an application) executed by the control device 3.

  For example, the printing apparatus 1 transmits scanned image data to the control apparatus 3. And in the control apparatus 3, the program execution means according to an English-Japanese automatic translation application extracts a character from the said image data, and performs an English-Japanese translation of the extracted character. Thereafter, an image including the translated Japanese sentence is printed by the printing apparatus 1.

  When using a service provided by an application of the control device 3, user authentication is executed, and only a user who has succeeded in authentication can use the service. In the present embodiment, the user authentication process is executed by the authentication server 2.

  Below, the structure of the printing apparatus 1, the control apparatus 3, and the authentication server 2 which concern on this embodiment is demonstrated.

(Configuration of control device)
FIG. 3 is a block diagram showing an internal configuration of the control device 3. As shown in FIG. 3, the control device 3 includes an activation instruction receiving unit 31, a plurality of application execution units 32 (32-a, 32-b,...), And a control command output unit 33.

  Each of the plurality of application execution units 32 performs processing according to the corresponding application. For example, the application execution unit 32 extracts English characters from the image data transmitted from the printing apparatus 1 according to the English-Japanese automatic translation application program, translates the English characters into Japanese, and translates the translated Japanese text. Generate a print instruction for the included image.

  The activation instruction receiving unit 31 receives from the authentication server 2 an activation instruction to which a name (hereinafter referred to as a service name) for identifying an application executed by each application execution unit 32 is added, and corresponds to the service name. The application execution unit 32 is activated. The activation instruction receiving unit 31 acquires user authentication information together with the activation instruction, and recognizes a user who uses the service provided by the application.

  The control command output unit 33 outputs a control instruction for the printing apparatus 1 generated by the application execution unit 32 to the printing apparatus 1.

(Configuration of printing device)
FIG. 4 is a block diagram illustrating the configuration of the printing apparatus 1. As shown in FIG. 4, the printing apparatus 1 includes a network I / F 11, a scanner 12, a storage device 13, a control calculation unit 14, a display unit 15, an operation unit 16, a document sensor 17, and printing. Part 18.

  The network I / F 11 communicates with the control device 3 and the authentication server 2 via the network line 4. The scanner 12 reads a document image. For example, a reflected light image from a document is read as a RGB (R: red, G: green, B: blue) analog signal by a CCD (Charge Coupled Device).

  The storage device 13 stores various types of information. In the present embodiment, the storage device 13 stores feature information indicating features of the printing device 1 on which the storage device 13 is mounted. The feature information includes function information indicating functions of the printing apparatus 1 and model information indicating the model of the printing apparatus 1 such as a manufacturing number. FIG. 5 is a diagram illustrating an example of feature information stored in the printing apparatus 1. According to FIG. 5, the printing apparatus “α” can perform monochrome printing and color printing, and the manufacturing number is “123”. Further, the printing apparatus “β” can only perform monochrome printing, and the serial number is “456”.

  The storage device 13 stores image data to be printed and a token signal transmitted from the authentication server 2.

  The display unit 15 is, for example, a liquid crystal display. The operation unit 16 receives input from the user and has a plurality of buttons. In addition, you may have the touch panel which served as the display part 15 and the operation part 16. FIG.

  The document sensor 17 is a sensor for detecting that a document is placed on the document table. The printing unit 18 prints an image corresponding to the image data on a recording sheet.

  The control calculation unit 14 controls each block of the control device 3 in an integrated manner. FIG. 6 is a block diagram showing an internal configuration of the control calculation unit 14. The control calculation unit 14 includes a user authentication information transmission unit (user authentication information transmission unit) 141, a token signal reception unit (token signal acquisition unit, feature information transmission unit) 142, a service information acquisition unit (display processing unit) 143, and a service selection. A unit (selection unit) 144, a command processing unit 148, an effective period setting unit (effective period setting unit) 145, a timer 146, and an information erasing unit (information erasing unit) 147.

  The user authentication information transmission unit 141 transmits user authentication information input to the operation unit 16 to the authentication server 2 via the network I / F 11. Here, the user authentication information is a user ID and a password.

  The token signal reception unit 142 receives the token signal from the authentication server 2 and transmits the feature information stored in the storage device 13 to the authentication server 2 as a response. Further, the token signal receiving unit 142 stores the received token signal in the storage device 13.

  The service information acquisition unit 143 acquires available service information including the service name of an application that can be used from the authentication server 2 and stores the available service information in the storage device 13. Then, the service information acquisition unit 143 displays the available service information on the display unit 15 and prompts the user to select an application to be used.

  The service selection unit 144 selects the service name of the application to be used from the service names displayed on the display unit 15 based on the input to the operation unit 16 and stores the selected service name and the storage device 13 in the selected service name. The token signal is transmitted to the authentication server 2.

  The valid period setting unit 145 sets a valid period in which the storage device 13 stores available service information and a token signal. In the present embodiment, the valid period setting unit 145 sets a default valid period. However, the validity period setting unit 145 may set the validity period according to the user input.

  The information erasure unit 147 erases the usable service information and the token signal from the storage device 13. The information erasure unit 147 erases the usable service information and the token signal from the storage device 13 when logoff is input to the operation unit 16. Further, the information erasure unit 147 causes the timer 146 to measure the elapsed time since the usable service information and the token signal are stored in the storage device 13, and the elapsed time is equal to or longer than the valid period set by the valid period setting unit 145. The service information and token signal are also deleted from the storage device 13 when

  The command processing unit 148 performs drive control of the scanner 12, the printing unit 18, and the network I / F 11 in accordance with a control command input to the operation unit 16 or a control command from the control device 3.

(Configuration of authentication server)
FIG. 7 is a block diagram showing a configuration of the authentication server 2. As shown in FIG. 7, the authentication server 2 includes a token generation unit (token signal transmission unit) 23, an authentication processing unit (authentication processing unit) 22, an apparatus condition information storage unit (condition information storage unit) 24, and a user ID storage. Unit (user authentication information storage unit) 21, service information generation unit (extraction unit, identification information transmission unit) 25, and service activation unit (identification information acquisition unit, activation processing unit) 26.

  The user ID storage unit 21 stores a user ID table in which a user ID and a password given in advance to a user are associated with a service name of an application that can be used by the user. Further, when the token generation unit 23 generates a token signal for the user, the user ID storage unit 21 stores the token signal and the user ID of the user in association with each other.

  FIG. 8 is a diagram illustrating an example of a user ID table. According to FIG. 8, the user with the user ID “001” can use the applications with the service names “A” and “B”. Also, the user with the user ID “002” can use the applications with the service names “B” and “C”.

  The authentication processing unit 22 determines whether a user ID and password that match the user authentication information transmitted from the printing apparatus 1 are stored in the user ID storage unit 21. If the authentication is successful, the authentication processing unit 22 outputs a generation instruction to the token generation unit 23. In addition, the authentication processing unit 22 outputs the user ID that has been successfully authenticated to the service information generation unit 25.

  Upon receiving a generation instruction from the authentication processing unit 22, the token generation unit 23 generates a token signal, and stores the generated token signal in the user ID storage unit 21 in association with the user ID that has been successfully authenticated. Then, the token generation unit 23 transmits the generated token signal to the printing apparatus 1 that has transmitted the user ID.

  The device condition information storage unit 24 includes, for each application executed by the application execution unit 32 of the control device 3, a service name that identifies the application and the printing device 1 that is necessary for executing cooperation processing with the application. It stores a use condition table in which device condition information indicating a condition is associated with a use period that is a period during which the application can be used.

  FIG. 9 is a diagram illustrating an example of the use condition table. According to FIG. 9, in order to execute the service “A”, a color printing function is required, and there is no limitation on the usage period of the application. Further, in order to execute the cooperation process with the application with the service name “B”, a monochrome printing function is required, and the usage period of the application is from January 1, 2006 to December 31, 2006. Further, the application with the service name “C” can be linked with the printing apparatus 1 with the production number “789”, and the usage period is from January 1, 1980 to December 31, 1990.

  The service information generation unit 25 reads a service name corresponding to the user ID received from the authentication processing unit 22 from the user ID storage unit 21. Then, with reference to the use condition table, the service information generation unit 25 identifies only the service name whose current time is included in the use period from the read service names. Further, from the identified service names, the service information generation unit 25 satisfies the conditions indicated by the corresponding device condition information for each of the service names by the features indicated by the feature information transmitted from the printing apparatus 1. The service name that satisfies the condition indicated by the device condition information is extracted. The service information generation unit 25 specifies device condition information corresponding to each service name from the device condition information storage unit 24.

  Then, the service information generation unit 25 transmits usable service information including the extracted service name to the printing apparatus 1.

  The service activation unit 26 receives a token signal and a selected service name from the printing apparatus 1 and activates an application corresponding to the selected service name. The service activation unit 26 determines whether or not the received token signal is stored in the user ID storage unit 21. If the received token signal is stored, the service activation unit 26 associates the activation instruction with the selected service name with the token signal. The transmitted user authentication information is transmitted to the control device 3.

(Service startup procedure)
Next, a service activation process procedure in the authentication system of this embodiment will be described with reference to the flowchart shown in FIG.

  First, the printing apparatus 1 accepts input of user authentication information including a user ID and a password (step (S) 1). When user authentication information is input to the operation unit 16, the user authentication information transmission unit 141 transmits the user authentication information to the authentication server 2 (S2).

  Next, the authentication processing unit 22 of the authentication server 2 determines whether or not a user ID and password that match the received user authentication information are stored in the user ID storage unit 21 (S3). If the authentication fails (No in S3), the authentication processing unit 22 transmits a notification indicating that the authentication has failed to the printing apparatus 1 (S4). In the printing apparatus 1, the control calculation unit 14 displays the notification on the display unit 15 and ends the process.

  On the other hand, when the authentication is successful (Yes in S3), the authentication processing unit 22 outputs a generation instruction to the token generation unit 23 and outputs a user ID to the service information generation unit 25. Then, the token generation unit 23 generates a token signal, and stores the generated token signal in the user ID storage unit 21 in association with the user ID that has been successfully authenticated. Further, the token generation unit 23 transmits the generated token signal to the printing apparatus 1 that has transmitted the user ID (S5).

  Next, in the printing apparatus 1, the token signal reception unit 142 stores the token signal received from the authentication server 2 in the storage device 13 (S 6), and stores the feature information stored in the storage device 13 in the authentication server 2. Transmit (S7).

  Next, in the authentication server 2, the service information generation unit 25 reads a service name corresponding to the user ID received from the authentication processing unit 22 from the user ID storage unit 21. Further, from among these, the service information generation unit 25 refers to the device condition information storage unit 24 and specifies only the service name corresponding to the usage period including the current time. After that, the service information generation unit 25 determines whether or not the feature indicated by the feature information acquired from the printing apparatus 1 satisfies the condition indicated by the corresponding device condition information for each of the specified service names. Extracts service names that satisfy the conditions indicated by the condition information. Then, the service information generation unit 25 transmits usable service information indicating the extracted service name to the printing apparatus 1 (S8).

  For example, when the user with the user ID “001” inputs the user authentication information to the printing apparatus “α” on January 1, 2007, the service information generation unit 25 reads the service name “α” from the user ID table shown in FIG. Read “A” and “B”. From the service names “A” and “B”, the service information generation unit 25 refers to the use condition table (see FIG. 9) stored in the device condition information storage unit 24 and uses the current period including the current time. Only the service name “A” corresponding to is extracted. Further, as shown in FIG. 5, the service information generation unit 25 can perform both monochrome printing and color printing as feature information from the printing apparatus “α”, and information indicating the manufacturing number “123”. Receive. Then, the service information generation unit 25 confirms that the characteristic information of the printing apparatus “α” satisfies the apparatus condition “color printing is possible” (see FIG. 9) indicated by the apparatus condition information corresponding to the service name “A”. Confirm and extract the service name “A”.

  On the other hand, when the user with the user ID “001” inputs the user authentication information to the printing apparatus “β” on January 1, 2007, the service information generation unit 25 uses the service name “ Read “A” and “B”. From the service names “A” and “B”, the service information generation unit 25 refers to the use condition table (see FIG. 9) stored in the device condition information storage unit 24 and uses the current period including the current time. Only the service name “A” corresponding to is extracted. In addition, as illustrated in FIG. 5, the service information generation unit 25 receives information indicating that monochrome printing is possible and the manufacturing number “456” as feature information from the printing apparatus “β”. Then, the service information generation unit 25 confirms that the characteristic information of the printing apparatus “β” does not satisfy the apparatus condition “color printing is possible” (see FIG. 9) indicated by the apparatus condition information corresponding to the service name “A”. Confirm and do not extract any service names.

  Subsequently, the service information acquisition unit 143 of the printing apparatus 1 receives the available service information and stores it in the storage device 13. Furthermore, the service information acquisition unit 143 displays the available service information on the display unit 15 and prompts the user to select an application to be used (S9).

  Thereafter, the service selection unit 144 selects a service name of an application to be used based on a user input to the operation unit 16 and transmits the selected service name and a token signal stored in the storage device 13 to the authentication server 2. (S10).

  Next, in the authentication server 2, the service activation unit 26 confirms that the token signal received from the printing apparatus 1 is stored in the user ID storage unit 21, and adds the selected service name received from the printing apparatus 1. An activation instruction and user authentication information associated with the token signal are transmitted to the control device 3 (S11). As a result, the activation instruction reception unit 31 of the control device 3 activates the application execution unit 32 for executing the application corresponding to the selected service name added to the activation instruction. Then, the application execution unit 32 performs processing according to the application and processing for generating a control command for the printing apparatus 1 to control the printing apparatus 1. As a result, processing in cooperation with the application of the printing apparatus 1 and the control apparatus 3 is executed.

(Information deletion process)
Next, the flow of processing in the information erasure unit 147 of the printing apparatus 1 when no logoff is input to the operation unit 16 will be described with reference to the flowchart shown in FIG.

  First, the information erasure unit 147 determines whether or not two token signals and usable service information are stored in the storage device 13 (S21).

  When the token signal and the available service information are stored (Yes in S21), the information erasure unit 147 drives the timer 146 and the elapsed time from the time when the token signal and the available service information are stored. Is measured (S22).

  Thereafter, the information erasing unit 147 determines whether or not the elapsed time has exceeded the effective period set by the effective period setting unit 145 (S23). When the valid period is exceeded, the information erasure unit 147 erases the token signal and the available service information from the storage device 13 (S24).

(Modification)
In the above description, the printing apparatus 1 transmits the user ID and password in S2, and transmits the feature information in S7. However, the printing apparatus 1 may transmit the user ID, password, and feature information to the authentication server 2 in S2. In this case, when the authentication is successful, the authentication server 2 generates a token signal, generates usable service information based on the feature information, and transmits the usable service information together with the token signal.

  In the above description, the authentication server 2 acquires the feature information of the printing apparatus 1 from the printing apparatus 1. However, the authentication server 2 may store the characteristic information of each printing device and the specific information (for example, device ID) for specifying the printing device in association with each other. In this case, the authentication server 2 only has to acquire the specific information of the printing apparatus 1 from the printing apparatus 1 and read out the characteristic information corresponding to the acquired specific information.

  Further, in the above description, the service activation unit 26 confirms that the token signal received from the printing apparatus 1 is stored in the user ID storage unit 21. That is, the service activation unit 26 determines whether or not the token signal generated in S5 and the token signal acquired from the printing apparatus 1 are the same, and executes the application only when they are the same. However, there may be a case where it is not determined whether or not the token signal generated in S5 is the same as the token signal acquired from the printing apparatus 1. That is, the token signal itself is a soft key (key) that activates the application, and the service activation unit 26 may determine whether to activate the application with the soft key. That is, the service activation unit 26 activates the application if the software key is a numeric string or character string having a predetermined characteristic.

  As described above, the authentication server 2 is communicable with the printing apparatus 1, and uses a cooperation process that combines the process of the printing apparatus 1 and the process of an application executed by a device different from the printing apparatus 1. Authenticate the user.

  The authentication server 2 includes a user ID storage unit (user authentication information storage unit) 21 that stores user authentication information given in advance to each user, user authentication information acquired from the printing apparatus 1, and the user ID storage unit. When the user authentication is successful, a token signal is generated and transmitted to the printing apparatus 1 that is the transmission source of the user authentication information. The token generation unit (token signal transmission means) 23, the service name (identification information) for identifying the service by the application, and the conditions of the printing apparatus 1 necessary for executing the cooperation process including the process of the application are shown. Device condition information storage unit (condition information storage unit) 24 that stores device condition information in association with each other, and feature information indicating the characteristics of the printing device 1 Based on this, an extraction process for extracting all of the service names corresponding to the device condition information indicating the conditions that satisfy the feature from the device condition information storage unit 24 is performed, and the available service information including the extracted service names is printed. Service information generation unit (extraction means, identification information transmission means) 25 to be transmitted to 1, and service activation unit (identification) that acquires the selected service name selected by the user from the transmitted service names from the printing apparatus 1 together with the token signal Information acquisition means, activation processing means) 26. In addition, when the service activation unit 26 acquires the token signal and the selected service name, the service activation unit 26 activates the application indicated by the acquired selected service name.

  In addition, the printing apparatus 1 can communicate with the authentication server 2 and performs cooperation processing in cooperation with an application executed by the external control apparatus 3. The user authentication information transmitting unit (user authentication information transmitting unit) 141 that transmits the user authentication information input to the operation unit (input unit) 16 to the authentication server 2 and the authentication server 2 when the authentication server 2 is successfully authenticated. Service name that identifies a token signal receiving unit (token signal acquisition unit, feature information transmission unit) 142 that acquires a token signal from the storage device 13 and an application that can perform cooperation processing with the own device from the authentication server 2 In accordance with the service information acquisition unit (display processing means) 143 to be displayed on the display unit 15 and the input information to the operation unit 16, One of the service names stored in the storage device 13 is selected, the selected service name selected, and the storage device A token signal stored in 3, and a service selecting unit (selecting means) 144 that transmits to the authentication server 2.

  According to the configuration described above, the token generation unit 23 transmits a token signal to the printing apparatus 1 when the user authentication is successful. Further, the service activation unit 26 acquires the selected service name and token signal selected by the user from the printing apparatus 1. Then, the service activation unit 26 activates the application indicated by the selected service name acquired from the printing apparatus 1.

  Therefore, the printing apparatus 1 can execute each application by transmitting the token signal received from the authentication server 2 to the authentication server 2 even when executing cooperation processing with a plurality of applications. That is, the printing apparatus 1 does not need to prompt the user to input user authentication information such as a user ID and a password each time the cooperation process is executed. As a result, user convenience is improved.

  Further, the service information generation unit 25 of the authentication server 2 extracts all of the service names corresponding to the device condition information indicating the conditions that satisfy the feature indicated by the feature information, based on the feature information of the printing device 1. Then, the extracted service name is transmitted to the printing apparatus 1. In the printing apparatus 1, the service name is displayed on the display unit 15. Accordingly, the user can select a desired application from among applications that can be linked with the printing apparatus 1 that is operating. Therefore, the user does not accidentally select an application that cannot be linked with the printing apparatus 1 that is operating.

  Further, even when an application is upgraded or a new application is developed, each printing apparatus 1 can perform cooperation processing with its own apparatus by updating the apparatus condition information storage unit 24 of the authentication server 2. Only application identification information can be acquired. That is, it is not necessary to set information indicating whether or not cooperation processing with each application can be executed for each printing apparatus 1, and such trouble can be omitted.

  Furthermore, the user ID storage unit 21 stores user authentication information and a service name corresponding to an application that can be used by the user to whom the user authentication information is assigned in association with each other. Then, the service information generation unit 25 specifies a service name corresponding to the user authentication information acquired from the printing apparatus 1 from the user ID storage unit 21, and performs the extraction process from the specified service name.

  Thereby, the sales company of an application can use an application only for the user who paid the price. Further, only a specific user can use a specific application.

  Further, the application is executed by an external control device (information processing device) 3. Thereby, the processing load concerning execution of the application can be distributed to the control device 3. As a result, a decrease in the processing speed of the authentication server 2 can be reduced.

  Further, the authentication server 2 includes function information indicating the function of the printing apparatus 1 in the apparatus condition information and the feature information.

  Here, the function information includes, for example, the presence / absence of a color / monochrome printing function, the presence / absence of a duplex printing function, the presence / absence of a FAX transmission function, and the like.

  The printing apparatus 1 may be able to add functions by attaching an optional apparatus. Even in such a case, a service name indicating an application that can be linked to the printing apparatus 1 is extracted according to the current function. Therefore, the service name of an application that cannot be linked to the current printing apparatus 1 is not erroneously transmitted to the printing apparatus 1.

  Furthermore, the device condition information storage unit 24 stores a service name and usage period information indicating a usable period of the application indicated by the service name in association with each other, and the service information generation unit 25 stores the device condition. Based on the usage period (utilization period information) stored in the information storage unit 24, the above extraction process is performed from the service names indicating the applications during the effective period.

  According to the above configuration, the identification information of the application that has passed the usable period is not transmitted to the printing apparatus 1. As a result, the user who operates the printing apparatus 1 does not erroneously select an application whose usable period has expired, and can prevent user confusion. In addition, the application sales company can include a period in the license of the application.

  Further, the printing apparatus 1 stores a valid period setting unit (valid period setting unit) 145 for setting a valid period in the storage device 13 for the token signal and the available service information, and stores the token signal and the available service information in the storage device 13. And an information erasure unit (information erasure unit) 147 that deletes the token signal and the available service information from the storage device 13 when the valid period exceeds the valid period.

  According to the above configuration, after a certain user inputs user authentication information and executes some linkage processing, even if the user is away from the printing apparatus 1 without logging off correctly, the valid period is After that, the token signal and the available service information are automatically deleted. Thereby, it is possible to prevent an unauthorized person from executing the cooperation process.

  In the above description, the authentication server 2 and the control device 3 are different devices. However, one information processing device may function as both the authentication server 2 and the control device 3.

  The present invention is not limited to the above-described embodiments, and various modifications can be made within the scope shown in the claims. That is, embodiments obtained by combining technical means appropriately modified within the scope of the claims are also included in the technical scope of the present invention.

  Finally, each block of the control calculation unit 14, the authentication server 2, and the control device 3 of the printing apparatus 1 may be configured by hardware logic, or may be realized by software using a CPU as follows. .

  That is, the control calculation unit 14, the authentication server 2, and the control device 3 of the printing apparatus 1 include a CPU (central processing unit) that executes instructions of a control program that realizes each function, and a ROM (read only memory) that stores the program. A RAM (random access memory) for expanding the program, and a storage device (recording medium) such as a memory for storing the program and various data. The object of the present invention is to provide the program code (execution format program, intermediate code program, source program) of the control program of the printing apparatus 1, the authentication server 2, and the control apparatus 3, which is software that implements the functions described above ) Is supplied to the control calculation unit 14, authentication server 2, and control device 3 of the printing apparatus 1, and the computer (or CPU or MPU) is recorded on the recording medium. This can also be achieved by reading and executing the program code.

  Examples of the recording medium include a tape system such as a magnetic tape and a cassette tape, a magnetic disk such as a floppy (registered trademark) disk / hard disk, and an optical disk such as a CD-ROM / MO / MD / DVD / CD-R. Card system such as IC card, IC card (including memory card) / optical card, or semiconductor memory system such as mask ROM / EPROM / EEPROM / flash ROM.

  The control calculation unit 14, the authentication server 2, and the control device 3 of the printing apparatus 1 may be configured to be connectable to a communication network, and the program code may be supplied via the communication network. The communication network is not particularly limited. For example, the Internet, intranet, extranet, LAN, ISDN, VAN, CATV communication network, virtual private network, telephone line network, mobile communication network, satellite communication. A net or the like is available. Further, the transmission medium constituting the communication network is not particularly limited. For example, even in the case of wired such as IEEE 1394, USB, power line carrier, cable TV line, telephone line, ADSL line, etc., infrared rays such as IrDA and remote control, Bluetooth ( (Registered trademark), 802.11 wireless, HDR, mobile phone network, satellite line, terrestrial digital network, and the like can also be used. The present invention can also be realized in the form of a computer data signal embedded in a carrier wave in which the program code is embodied by electronic transmission.

  The present invention can be applied to a system including a printer, a copier, a scanner, a fax machine, and the like having an image processing function, for example.

It is a flowchart which shows the starting process procedure of the service in an authentication system. It is a figure which shows schematic structure of the authentication system which concerns on this embodiment. It is a block diagram which shows the internal structure of a control apparatus. It is a block diagram which shows the structure of the printing prime minister. FIG. 4 is a diagram illustrating an example of feature information stored in a printing apparatus. It is a block diagram which shows the internal structure of the control calculating part of a printing apparatus. It is a block diagram which shows the structure of an authentication server. It is a figure which shows an example of the user ID table which a user ID memory | storage part memorize | stores. It is a figure which shows an example of the utilization condition table which an apparatus condition information storage part memorize | stores. 6 is a flowchart illustrating a processing flow in an information erasing unit of the printing apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Printing apparatus 2 Authentication server 3 Control apparatus (information processing apparatus)
4 Network line 11 Network I / F
12 Scanner 13 Storage Device 14 Control Calculation Unit 15 Display Unit 16 Operation Unit (Input Unit)
17 Document sensor 18 Printing unit 21 User ID storage unit (user authentication information storage unit)
22 Authentication processing unit (authentication processing means)
23 Token generator (token signal transmission means)
24 device condition information storage unit (condition information storage unit)
25 Service information generation unit (extraction means, identification information transmission means)
26 Service activation unit (identification information acquisition means, activation processing means)
31 start instruction reception unit 32 application execution unit 33 control command output unit 141 user authentication information transmission unit (user authentication information transmission unit)
142 Token signal reception unit (token signal acquisition means, feature information transmission means)
143 Service information acquisition unit (display processing means)
144 Service selection unit (selection means)
145 Validity period setting part (Validity period setting means)
146 Timer 147 Information Eraser (Information Eraser)
148 Command processing part

Claims (14)

An authentication server that is capable of communicating with a printing apparatus and authenticates a user using a cooperative process that combines processing of the printing apparatus and processing of an application executed on a device different from the printing apparatus,
A user authentication information storage unit for storing user authentication information given in advance to each user;
Authentication processing means for performing user authentication by comparing the user authentication information acquired from the printing apparatus with the user authentication information storage unit;
A token signal transmitting unit that generates a token signal and transmits the token signal to a printing apparatus that is a transmission source of the user authentication information when the user authentication is successful by the authentication processing unit;
A condition information storage unit for storing the identification information for identifying the application and the condition information indicating the conditions of the printing apparatus necessary for executing the cooperation process including the process of the application in association with each other;
An extraction unit that performs an extraction process for extracting all of the identification information corresponding to the condition information indicating the condition satisfied by the feature based on the feature information indicating the feature of the printing apparatus from the condition information storage unit;
Identification information transmitting means for transmitting the identification information extracted by the extracting means to the printing apparatus;
Identification information acquisition means for acquiring the identification information selected by the user from the identification information transmitted by the identification information transmission means together with the token signal from the printing apparatus;
An authentication server, comprising: an activation processing unit that activates an application indicated by the identification information acquired by the identification information acquisition unit when the identification information acquisition unit acquires the token signal. The user authentication information storage unit stores the user authentication information in association with the identification information corresponding to an application that can be used by the user to which the user authentication information is given,
The extraction means specifies identification information corresponding to user authentication information acquired from a printing apparatus from the user authentication information storage unit, and performs the extraction processing from the specified identification information. Authentication server described in.   The authentication server according to claim 1, wherein communication is performed with the printing apparatus using a markup language.   The authentication server according to claim 1, wherein the application is executed in an external information processing apparatus.   The authentication server according to claim 1, wherein the condition information and the feature information include function information indicating a function of a printing apparatus. The condition information storage unit stores the identification information in association with usage period information indicating a period in which the application indicated by the identification information can be used,
2. The extraction unit according to claim 1, wherein the extraction unit performs the extraction process from identification information indicating an application that is in a usable period based on usage period information stored in the condition information storage unit. The listed authentication server. A printing apparatus capable of communicating with the authentication server according to any one of claims 1 to 6 and performing cooperation processing in cooperation with an application executed by an external apparatus,
User authentication information transmitting means for transmitting user authentication information input to the input unit to the authentication server;
A token signal acquisition means for acquiring a token signal from the authentication server and storing it in a storage device when authentication is successful in the authentication server;
Display processing means for acquiring identification information for identifying an application capable of cooperating with the own device from the authentication server, storing the identification information in a storage device, and displaying the identification information on a display unit;
Selecting one of the identification information stored in the storage device according to the input information to the input unit, and transmitting the selected identification information and the token signal stored in the storage device to the authentication server A printing apparatus. Valid period setting means for setting a valid period in the storage device of the token signal and identification information;
And an information erasure unit that deletes the token signal and the identification information from the storage device when a period during which the token signal and the identification information are stored in the storage device exceeds the valid period. The printing apparatus according to claim 7. A method for controlling an authentication server that is capable of communicating with a printing apparatus and that authenticates a user using a cooperative process that combines processing of the printing apparatus and processing of an application executed on a device different from the printing apparatus. ,
The authentication server
A user authentication information storage unit for storing user authentication information given in advance to each user;
A condition information storage unit for storing the identification information for identifying the application and the condition information indicating the conditions of the printing apparatus necessary for executing the cooperation process including the process of the application in association with each other; ,
A first step in which authentication processing means of the authentication server performs user authentication by comparing the user authentication information acquired from the printing apparatus with the user authentication information storage unit;
A second step in which the token signal transmission unit of the authentication server generates a token signal and transmits the token signal to the printing apparatus that is a transmission source of the user authentication information when the user authentication is successful by the authentication processing unit;
Based on the feature information indicating the characteristics of the printing device, the authentication server extraction unit extracts all of the identification information corresponding to the condition information indicating the conditions satisfied by the features from the condition information storage unit. Steps,
A fourth step in which the identification information transmitting means of the authentication server transmits the identification information extracted by the extracting means to the printing apparatus;
A fifth step in which the identification information acquisition unit of the authentication server acquires the identification information selected by the user from the identification information transmitted by the identification information transmission unit together with a token signal from the printing apparatus;
And a sixth step of activating the application indicated by the identification information acquired by the identification information acquisition means when the identification information acquisition means acquires the token signal. Server control method. A control method for a printing apparatus that is capable of communicating with the authentication server according to any one of claims 1 to 6 and that performs cooperation processing in cooperation with an application executed by an external apparatus,
A seventh step in which user authentication information transmitting means of the printing apparatus transmits user authentication information input to the input unit to the authentication server;
An eighth step in which the token signal acquisition means of the printing device acquires a token signal from the authentication server and stores it in the storage device when the authentication is successful in the authentication server;
The display processing means of the printing apparatus acquires identification information for identifying an application that can be linked with the printing apparatus from the authentication server, stores the identification information in the storage device, and displays the identification information on the display unit. 9 steps,
The selection unit of the printing device selects one of the identification information stored in the storage device according to the input information to the input unit, and selects the selected identification information and the token signal stored in the storage device. And a tenth step of transmitting to the authentication server.   An authentication system comprising the authentication server according to any one of claims 1 to 6 and the printing apparatus according to claim 7 or 8.   A program for operating the authentication server according to any one of claims 1 to 6, wherein the program causes a computer to function as each of the above means.   A program for operating the printing apparatus according to claim 7 or 8 for causing a computer to function as each of the above means.   The computer-readable recording medium which recorded the program of Claim 12 or 13.

Images