JP5217940B2 - Authentication system, authentication method, authentication program, and storage medium - Google Patents

Description

  The present invention relates to an authentication system, an authentication method, an authentication program, and a storage medium, and particularly to an authentication system, an authentication method, an authentication program, and a storage medium that perform authentication by communication when a plurality of devices are used in combination. is there.

  2. Description of the Related Art Conventionally, with the increasing need for security enhancement in offices, there is an increasing demand for a user authentication function in a digital device such as a terminal device such as a personal computer (PC) or an image processing device such as a printer.

  FIG. 11 is a network configuration diagram for individually performing authentication relating to the use of the scanner, and FIG. 12 is a network configuration diagram for individually performing authentication regarding the use of the printer. As shown in FIG. 11, the scanner 31 is connected to a card reader 33 or the like that reads user information such as a user ID and a password as a device that acquires information from the person to be authenticated. When performing user authentication, the user information (user ID, password) acquired from the card reader 33 is compared with the authentication information in the address book included in the authentication server 35 as the scanner 31 or an external server that cooperates with the scanner 31. Thus, if they match, the use of the device is permitted.

  Also, as shown in FIG. 12, after print data is sent from a personal computer (PC) 34 to the printer 32 via a local LAN or USB, user information is read from a card reader 33 connected to the printer 32. Then, user authentication is performed for comparison with authentication information in the address book held by the printer 32. As a result of the user authentication, if the contents match and the authentication is accepted, the function of the printer 32 can be used, and printing is executed using the transmitted print data.

  Furthermore, in recent years, a sales form has been adopted in which a scanner and a printer are separated and sold separately. This is because the copy function can be realized by printing the scanned image, and therefore, by providing these two devices, the function as an inexpensive MFP (Multi Function Printer) can be satisfied. In this case, the connection between the scanner and the printer is performed by either or both of USB and Ethernet (registered trademark).

  Further, in Patent Document 1, the first address book information managed and shared by the shared address book management server is taken into the own apparatus, and the result of filtering the first address book information according to a predetermined condition is obtained as a second result. No access right to the shared address book by publishing the second address book to a second device connected to the network and having no access right to the shared address book management server An image forming apparatus that can use a shared address book even if it is a device is disclosed.

  Further, in Patent Document 2, an authentication processing unit that performs user authentication using authentication data that is input externally and a search condition that the user has performed in the past with respect to the directory server via the network for each authentication data are registered. The search condition list, the authentication data and the search condition specified thereby are read out, the directory server search is executed, the directory server search result is received, and the address book data is updated efficiently. An image forming apparatus capable of managing an address book is disclosed.

JP 2007-86892 A JP 2007-228346 A

  However, in such a conventional example, there are not so many examples in which an authentication system is introduced in a scanner 31 as shown in FIG. 11 or a facsimile (not shown), but there exist. There are relatively many cases in which an authentication system is introduced for the printer 32 shown in FIG.

  For example, when there is a printer 32 as shown in FIG. 12 as an existing device, and a card reader 33 as a device for acquiring user information is connected, and the printer 32 has an address book, it is shown in FIG. When a device having such a scanner (or facsimile) function is purchased as an add-on, this scanner 31 also has an address book, and the card reader 33 can be connected.

  However, even if the card reader 33 can be connected to both the printer 32 and the scanner 31, if the card reader 33 is connected to two devices at the same time, each card reader is used when using each device. Authentication has to be performed, and there is a problem that it is difficult for the user to perform the authentication and is difficult to use.

  Therefore, when two devices are connected and used, it is easier for the user to authenticate the two devices with one card reader, but it is not possible to authenticate the two devices with one card reader. It wasn't. If the scanner 31 and the printer 32 each have an address book, it is necessary to set whether or not to perform authentication based on the information in one (or both) of the address books. No means or setting method has been established. For this reason, the authentication method when two devices are connected to each other is the same as before, and the situation that is complicated and difficult for the user to use has not changed.

  In addition, in Patent Document 1, a common address book can be used from a plurality of devices by using a shared address book management server. However, individual devices each having an address book are connected to each other. When performing authentication, it was not possible to authenticate a plurality of devices collectively by deciding which address book to use or which to use for authentication.

  Furthermore, with respect to Patent Document 2, when performing user authentication using externally input authentication data, a search condition list for registering search conditions performed by the user for each authentication data, authentication data, and search By reading the conditions and searching the directory server, and updating the address book data based on the search results, efficient address book management was performed, but it is not possible to collectively authenticate multiple devices. could not.

  The present invention has been made in view of the above, and when a plurality of devices are connected to each other and used, authentication can be easily performed by collectively authenticating a plurality of devices. An object is to provide an authentication system, an authentication method, an authentication program, and a storage medium.

  In order to solve the above-described problems and achieve the object, an authentication system according to the present invention is an authentication system in which at least a first device and a second device are connected to authenticate a plurality of these devices. The first device includes a first authentication information holding unit that holds in advance authentication information to be a verification source when authenticating the user to be authenticated, user information acquired from the user to be authenticated, and the authentication information. The first user management means for determining whether or not the device can be used, the first authentication information holding means, and the first user management means for setting the functions of the first user management means based on the authentication result Setting means and at least first communication means for connecting and exchanging information related to authentication by connecting to the second device, wherein the second device is a verification source for authenticating the person to be authenticated. Hold authentication information in advance Second authentication information holding means, second user management means for determining whether or not the device can be used, based on an authentication result obtained by comparing the user information acquired from the person to be authenticated and the authentication information, and the second Authentication information holding means, second setting means for setting functions of the second user management means, and at least second communication means for connecting to the first device and exchanging information relating to authentication. The first setting means and the second setting means use authentication information of at least one of the first authentication information holding means and the second authentication information holding means, and the first user management means. And at least one of the second user management means, and exchanges information about authentication between the first device and the second device, whereby the first device When And performing collectively authentication serial second device.

  An authentication method according to the present invention is an authentication method in which at least a first device and a second device are connected and the plurality of devices are authenticated, and the first setting means of the first device Includes a first authentication information holding unit that holds in advance authentication information to be a verification source when performing authentication of the person to be authenticated, and a verification result obtained by comparing the user information acquired from the user to be authenticated with the authentication information When the first setting step for setting the function of the first user management means for determining whether or not the device can be used and the second setting means for the second device authenticate the person to be authenticated. Second authentication information holding means for holding authentication information as a verification source in advance, and whether or not the device can be used is determined based on a verification result obtained by comparing the user information acquired from the person to be authenticated with the authentication information The function of the second user management means And using the authentication information of at least one of the first authentication information holding means and the second authentication information holding means in the second setting step to be determined and the first and second setting steps, The user management unit and the second user management unit are set to use at least one management unit, and authentication information is exchanged between the first device and the second device. And an authentication step for collectively performing authentication of one device and the second device.

  Moreover, the authentication program concerning this invention is an authentication program for making a computer perform the said authentication method.

  A storage medium according to the present invention is a computer-readable storage medium storing the authentication program.

  According to the present invention, when a plurality of devices are connected and these authentications are performed, the authentication of the plurality of devices is integrated while exchanging information related to the authentication in accordance with the setting contents preset in each device. By doing so, it is possible to easily perform a complicated authentication operation.

  Exemplary embodiments of an authentication system, an authentication method, an authentication program, and a storage medium according to the present invention will be explained below in detail with reference to the accompanying drawings.

(First embodiment)
FIG. 1 is a network configuration diagram of the authentication system according to the first embodiment, FIG. 2 is a functional block diagram illustrating an internal configuration of the scanner and printer of FIG. 1, and FIG. 3 is a block diagram of FIG. FIG. 4 is a diagram illustrating a configuration of authentication packets exchanged between the scanner and the printer. FIG. 4 is a diagram illustrating combinations of authentication results when the address book setting state of the first device in FIG. 5 is a diagram showing a combination of authentication results when the address book setting state of the first device in FIG. 2 is ON and non-prioritized, and FIG. 6 is an authentication according to the first embodiment. It is a figure explaining operation | movement of a system.

  First, in the authentication system 10 of FIG. 1, the individual scanners 11 and the printers 12 are connected by either or both of Ethernet (registered trademark) and USB which are local LANs. The scanner 11 is connected to a personal computer (PC) 14 via a global LAN, and further connected to a card reader 13 that acquires user information from the user.

  FIG. 2 shows functional blocks inside the scanner 11 and printer 12 of FIG. Here, it is assumed that the scanner 11 in FIG. 2 is a first device, the printer 12 is a second device, and the first device and the second device are Ethernet (registered trademark). The user information acquisition device 13 that is an IC card reader is connected to the scanner 11 that is a first device.

  The scanner 11 includes an address book 110 as a first authentication information holding unit, a user management unit 111 as a first user management unit, a setting unit 112 as a first setting unit such as a user interface, and a first communication unit As a communication unit 113.

  The printer 12 includes an address book 120 as a second authentication information holding unit, a user management unit 121 as a second user management unit, a setting unit 122 as a second setting unit such as a user interface, and a second communication unit As a communication unit 123.

  When the address books 110 and 120 manage user accounts or receive user authentication requests from the user management units 111 and 121, whether or not the same authentication information as the user information of the user is included in the address book. It is used when performing authentication. The address books 110 and 120 can be set ON / OFF by the setting unit 112. When set to ON, it means that the function of the address book is valid. When set to OFF, it means that the function of the address book is invalid. Furthermore, when the above setting is ON, either priority / non-priority can be set. When priority is set, the determination as to whether or not the device is usable is made based on authentication information in the address book of the device.

  For example, when the function of the address book 110 of the first device is turned on and priority is set, whether or not the user can use the first device is authenticated using the address book 110 of the first device. The result is prioritized and the authentication result in the second device has no effect. That is, the authentication is performed based on the authentication information (see FIG. 3) 21 in the first device, and if the authentication result in the first device is OK, the use of the first device is permitted, and the first device If the authentication result at the device is NG, use of the first device is not permitted (see FIG. 4). Further, whether or not the second device can be used when the function of the second address book 120 is turned on and set to priority is the same as in the case of the first device.

  Further, when the function of the address book 110 of the first device is turned on and set to non-priority, it is a device other than itself (second device when viewed from the first device, and viewed from the second device. The address book information of the first device is also used for user authentication. That is, since the authentication result in the address book of the device is not prioritized, use of the first device is permitted when authentication is successful using the address book information of all devices set to ON. Only when any of the authentication results is NG, the use of the first device is not permitted (see FIG. 5). Each address book 110, 120 can be added or deleted by an administrator of the system by using the user interface of the devices constituting the setting units 112, 122.

  The user management unit 111 is a module that acquires user information for user authentication from a user and determines whether or not the device can be used based on a user authentication result performed using the address book 110 or the like. . The user management unit 111 includes a communication unit (external socket) 113 for communicating with a remote device on the network. The user management unit 111 can be set to ON / OFF switching by the setting unit 112. If the user management unit 111 is set to ON, the user cannot use the device unless the user management unit determines that it can be used. For example, in the case of the scanner 11, the operation panel cannot be used unless it can be used. When set to OFF, there is no need to perform user authentication, and thus there is no restriction on the use of the device by the user. The user management unit 111 of the first device and the user management unit 121 of the second device can communicate with each other through Ethernet (registered trademark). In the first embodiment, the relationship between the first device and the second device is the relationship between the client and the server. Here, the connection is made using Ethernet (registered trademark), but the connection is not limited to this, and connection may be made using a USB or the like that can communicate with each other.

  The communication unit 123 in the user management unit 121 of the second device has an external socket or the like as an interface, and can be set to receive information related to user authentication from an external device connected to the network. is there. However, opening a port on the network raises security concerns, so as shown in FIG. 2, by switching to the communication unit 124 using the internal socket, the user can use only the second device. Can be received from the user information acquisition device 15 such as an IC card reader. As described above, the connection between the device and the user information acquisition devices 13 and 15 is performed using a device capable of mutual communication such as USB.

  FIG. 3 shows a configuration example of an authentication packet 20 that is information related to user authentication exchanged between the first device and the second device. This authentication packet 20 includes user-related data such as authentication information 21 in the first device, authentication information 22 in the second device, user ID 23, and password 24. The authentication information 21 and 22 in the authentication packet is flag information indicating whether the user authentication result is authentication OK, authentication is not performed, or authentication is NG. The authentication information 21 in the first device is an authentication result using the address book in the first device. If the authentication is OK, the authentication result = OK flag is set. The same applies to the authentication information 22 in the second device. The user ID 23 and the password 24 are user ID and password information as user information acquired from the user by the user information acquisition device 13 of FIG.

  As described above, the setting units 112 and 122 in the first device and the second device have their own address book ON / OFF and priority / non-priority settings, and their user management unit ON / OFF settings. , And the user management units 111 and 121 determine whether or not to permit the use of the device based on the authentication information that is the authentication result of the first device and the second device. FIG. 4 and FIG. 5 are tables for determining whether to permit or disallow use of the device depending on the setting contents of the address book.

  The configuration of the second device is the same as that of the first device. By configuring as described above and connecting the user information acquisition device 13 to the first device, authentication of both the first device and the second device can be performed collectively, and authentication of a plurality of devices is performed. Can be easily performed. Furthermore, authentication can be performed using the address books of both the first and second devices.

  A specific setting example and operation of the authentication system according to the first embodiment will be described with reference to FIG. In FIG. 6, by connecting the scanner 11 and the printer 12, the image data read by the scanner 11 is sent to the printer for printing processing, so that the function of the copying machine can be provided. Of course, as shown in FIG. 1, if the PC 14 is further connected via a LAN, it can be used as a single scanner 11 or printer 12. Here, both the scanner 11 and the printer 12 can be authenticated at once.

  A feature of the first embodiment is that user authentication on the printer 12 side is performed using the address book 110 on the scanner 11 side, and authentication of the user on the scanner 11 side is not required. First, the function of the user management unit 111 of the scanner 11 is set to OFF using the setting unit 112 which is an operation panel on the scanner 11 side. As a result, the scanner 11 does not require user authentication and is not restricted by the user, and can be used at any time.

  Subsequently, the use of the address book 110 of the scanner 11 is set to ON using the setting unit 112 which is an operation panel on the scanner 11 side. As a result, the function of the address book 110 becomes valid, and further, either priority / non-priority of the address book 110 can be set. Here, since the function of the user management unit 111 of the scanner 11 is set to OFF, since user authentication of the scanner 11 itself is not performed, either priority / non-priority setting of the address book 110 may be set, but priority is given. I will set it.

  Next, the function of the user management unit 121 of the printer 12 is set to ON using the setting unit 122 which is an operation panel on the printer 12 side. Accordingly, the printer 12 cannot be used unless user authentication is OK by the user management unit 121. Further, the setting unit 122 on the printer 12 side enables the remote external authentication device of the communication unit 123 to validate information related to user authentication sent from a device having a specific address connected via Ethernet (registered trademark). It becomes possible to receive.

  The setting unit 122 on the printer 12 side sets the use of the address book 120 to OFF. As a result, the address book function on the printer 12 side is disabled and cannot be used, so the address book 110 of the scanner 11 is used.

  The scanner 11 and the printer 12 are connected via Ethernet (registered trademark), and the IC card 16 possessed by the user is brought close to the user information acquisition device (IC card reader) 13 connected to the scanner 11 by USB. The user ID (for example: user01) and the password (for example: pass01) as user information recorded therein are read and input to the user management unit 111 of the scanner 11. The user management unit 111 of the scanner 11 performs user authentication using the address book 110 of the scanner. In the first embodiment, as described above, since the user management unit 111 of the scanner 11 is set to OFF by the setting unit 112, authentication of the scanner 11 itself is not necessary, but the second device. Since printer authentication is performed using the address book 110 of the scanner 11, user authentication is required.

  As shown in FIG. 6, the authentication information 110a in the address book 110 of the scanner 11 includes information of user ID = user01 and password = pass01, which matches the user information acquired from the person to be authenticated. Becomes OK. As a result, the authentication information 21 at the first device in the authentication packet 20 shown in FIG. 3 is passed to the communication unit 113 as authentication OK.

  The communication unit 113 of the scanner 11 transmits an authentication packet 20 including an authentication result of the scanner 11 as a request from the client to the communication unit 123 formed of an external socket of the user management unit 121 of the printer 12.

  A communication unit 123 that is a part of the user management unit 121 of the printer 12 receives the authentication packet 20 from the communication unit 113 of the scanner 11. Since the user management unit 121 of the printer 12 is ON, user authentication is required. When the user management unit 121 confirms that the use of the address book 120 of the printer 12 itself is set to OFF, the user management unit 121 looks at the authentication result of the authentication information 21 in the first device of the received authentication packet 20. If the authentication is OK, the authentication of the printer 12 itself is also OK. As a result, the user management unit 121 of the printer 12 permits the use of the printer 12.

  As described above, according to the first embodiment, when connecting and using a plurality of devices that can be user-authenticated when using the devices, instead of performing authentication for each device, a plurality of devices are used. By collectively authenticating, it is possible to easily perform user authentication with the same effort as authenticating one device. In particular, in the first embodiment, the user management unit of the first device is turned off to make authentication unnecessary, the user management unit of the second device is turned on, and the authentication result using the address book of the first device By sending (authentication OK) to the second device, the user authentication of the second device is also authenticated and the use of both the first device and the second device is permitted.

(Second Embodiment)
FIG. 7 is a diagram for explaining the operation of the authentication system according to the second embodiment. Each component of the authentication system 10 in FIG. 7 is the same as that in FIG. 2 or FIG. 6, and the same parts or corresponding parts are denoted by the same reference numerals, and redundant description is omitted.

  A feature of the second embodiment is that user authentication of both the scanner 11 and the printer 12 is performed using an address book 110 on the scanner 11 side, as shown in FIG. First, the function of the user management unit 111 of the scanner 11 is set to ON using the setting unit 112 on the scanner 11 side. Thus, user authentication is required when using the scanner 11.

  Subsequently, using the setting unit 112 on the scanner 11 side, the use of the address book 110 of the scanner 11 is set to ON. As a result, the function of the address book 110 is enabled, and the priority / non-priority setting of the address book 110 is set to priority. Thereby, in the user authentication of the scanner 11, the user authentication result based on the information in the address book 110 of the scanner 11 has the highest priority. However, since only the address book 110 of the scanner 11 is used in the second embodiment, the priority / non-priority setting is not relevant.

  Next, the function of the user management unit 121 of the printer 12 is set to ON using the setting unit 122 on the printer 12 side. Accordingly, in order to use the printer 12, the user management unit 121 needs to authenticate the user. Further, the setting unit 122 on the printer 12 side enables the remote external authentication device of the communication unit 123 to validate information related to user authentication sent from a device having a specific address connected via Ethernet (registered trademark). It becomes possible to receive.

  The setting unit 122 on the printer 12 side sets the use of the address book 120 to OFF. As a result, the address book function on the printer 12 side is disabled and cannot be used, so the address book 110 of the scanner 11 is used.

  The scanner 11 and the printer 12 are connected via Ethernet (registered trademark), and the IC card 16 possessed by the user is brought close to the user information acquisition device (IC card reader) 13 connected to the scanner 11 via USB. The user ID (for example: user01) and the password (for example: pass01) as user information recorded therein are read and input to the user management unit 111 of the scanner 11. The user management unit 111 of the scanner 11 goes to perform user authentication for the scanner address book 110.

  As shown in FIG. 7, the authentication information 110a in the address book 110 of the scanner 11 includes information of user ID = user01 and password = pass01, which matches the user information acquired from the person to be authenticated. The result is OK. When the authentication result is OK, the user management unit 111 of the scanner 11 permits the user to use the scanner 11. Then, the authentication information 21 in the first device of the authentication packet 20 shown in FIG. 3 is authenticated and passed to the communication unit 113.

  The communication unit 113 of the scanner 11 transmits the authentication packet 20 including the authentication result of the scanner 11 as a request from the client to the communication unit 123 formed of an external socket of the user management unit 121 of the printer 12.

  A communication unit 123 that is a part of the user management unit 121 of the printer 12 receives the authentication packet 20 from the communication unit 113 of the scanner 11. Here, since the user management unit 121 of the printer 12 is ON, user authentication is required. Therefore, when the user management unit 121 confirms that the use of the address book 120 of the printer 12 itself is set to OFF, the user management unit 121 looks at the authentication result of the authentication information 21 in the first device of the received authentication packet 20. If the authentication is OK, the authentication of the printer 12 itself is also OK. As a result, the user management unit 121 of the printer 12 permits the use of the printer 12.

  As described above, according to the second embodiment, when connecting and using a plurality of devices capable of user authentication, it is not necessary to perform authentication for each device, and a plurality of connected devices are collected. By performing authentication, user authentication can be easily performed with the same effort as authenticating one device. In particular, in the second embodiment, the user management unit and the address book of the first device are turned on to perform user authentication, and the authentication result (authentication OK) is the second device with the user management unit turned on. , The user authentication of the second device is also authenticated, and the use of both the first device and the second device is permitted.

(Third embodiment)
FIG. 8 is a diagram for explaining the operation of the authentication system according to the third embodiment. The components of the authentication system 10 in FIG. 8 are the same as those in FIG. 2, FIG. 6, and FIG. 7, and the same or corresponding parts are denoted by the same reference numerals and redundant description is omitted.

  A feature of the third embodiment is that user authentication of both the scanner 11 and the printer 12 is performed using an address book 120 on the printer 12 side, as shown in FIG. First, using the setting unit 112 on the scanner 11 side, the address book 110 of the scanner 11 is set to OFF, and the function of the user management unit 111 of the scanner 11 is set to ON. Thus, when the scanner 11 is used, user authentication is required, and since the address book function on the scanner 11 side is invalid and cannot be used, the address book 110 of the printer 12 is used.

  Subsequently, the function of the user management unit 121 of the printer 12 is set to ON using the setting unit 122 on the printer 12 side. Thereby, in order to use the printer 12, the user authentication of the user management unit 121 needs to be OK. Furthermore, using the setting unit 122 on the printer 12 side, the use of the address book 120 of the printer 12 is set to ON. Thereby, the function of the address book 120 becomes effective. The priority / non-priority setting of the address book 120 is set to priority. Thereby, in the user authentication of the printer 12, the user authentication result based on the information in the address book 120 of the printer 12 has the highest priority. However, since only the address book 120 of the printer 12 is used in the third embodiment, the priority / non-priority setting is irrelevant.

  Further, the setting unit 122 on the printer 12 side enables information related to user authentication sent from a device having a specific address connected via Ethernet (registered trademark) by enabling the remote external authentication device of the communication unit 123. It becomes possible to receive.

  Then, the scanner 11 and the printer 12 are connected by Ethernet (registered trademark), and an IC card 16 possessed by the user is attached to a user information acquisition device (IC card reader) 13 connected to the scanner 11 by USB. When approaching, a user ID (for example: user01) and a password (for example: pass01) as user information recorded therein are read and input to the user management unit 111 of the scanner 11. The user management unit 111 of the scanner 11 passes the user information to the communication unit 113 of the scanner 11 as it is.

  The communication unit 113 of the scanner 11 transmits the authentication packet 20 including the user information input to the scanner 11 as a request from the client toward the communication unit 123 formed of an external socket of the user management unit 121 of the printer 12.

  A communication unit 123 that is a part of the user management unit 121 of the printer 12 receives the authentication packet 20 from the communication unit 113 of the scanner 11. Here, since the user management unit 121 of the printer 12 is ON, user authentication is required. Then, since the use of the address book 120 of the printer 12 itself is set to ON, the user management unit 121 performs user authentication using the address book 120 of the printer 12.

  The address book 120 shown in FIG. 8 has information of user ID = user01 and password = pass01, and is obtained from the authenticated person and sent through the Ethernet (registered trademark) of the authentication packet 20 of FIG. Since it matches the user information (user ID 23, password 24), the result of user authentication is OK. Therefore, the authentication information 22 in the second device of the authentication packet 20 in FIG. 3 is authentication OK.

  Then, the user management unit 121 of the printer 12 permits the user to use the printer 12 when the authentication result at the printer 12 is OK. Further, the communication unit 123 of the printer 12 receives, as a response to the request from the communication unit 113 of the scanner 11, data including an authentication result in the address book 120 of the printer 12 (authentication OK of the authentication information 22 in the second device). The data is transmitted to the communication unit 113 of the scanner 11.

  Further, the communication unit 113 of the scanner 11 passes the data received from the printer 12 to the user management unit 111 of the scanner 11. Then, the user management unit 111 of the scanner 11 permits the user to use the scanner 11 based on the fact that the authentication result is OK with the authentication information 22 in the second device of the received authentication packet 20.

  As described above, according to the third embodiment, when connecting and using a plurality of devices capable of user authentication, it is not necessary to perform authentication for each device, and a plurality of connected devices are collected. By performing authentication, user authentication can be easily performed with the same effort as authenticating one device. In particular, in the third embodiment, the user management unit of the first and second devices and the address book of the second device are set to ON, and the user management unit and address book of the second device are used. User authentication is performed, and the authentication result (authentication OK) is sent to the first device for which the user management unit is turned on, so that the user authentication of the first device is also authenticated, and the first device and the second device are authenticated. Use of both devices is allowed.

(Fourth embodiment)
FIG. 9 is a diagram for explaining the operation of the authentication system according to the fourth embodiment. Each component of the authentication system 10 in FIG. 9 is the same as that in FIG. 2 or FIGS. 6 to 8, and the same parts or corresponding parts are denoted by the same reference numerals and redundant description is omitted.

  The feature of the fourth embodiment is that user authentication of the scanner 11 is performed using the address book 110 of the scanner 11 and user authentication of the printer 12 is performed using the address book 120 of the printer 12 as shown in FIG. In the point.

  First, using the setting unit 112 on the scanner 11 side, the function of the user management unit 111 of the scanner 11 is set to ON. Thus, user authentication is required when using the scanner 11.

  Also, using the setting unit 112 on the scanner 11 side, the use of the address book 110 of the scanner 11 is set to ON, and the address book 110 is set to priority. Thereby, in user authentication of the scanner 11, the user authentication result based on the information in the address book 110 of the scanner 11 is given the highest priority.

  Subsequently, the setting unit 122 on the printer 12 side is used to set the function of the user management unit 121 of the printer 12 to ON. Thus, user authentication is required when using the printer 12. Then, the remote external authentication device of the communication unit 123 is validated using the setting unit 122 on the printer 12 side. As a result, it is possible to receive information relating to user authentication sent from a machine having a specific address connected via Ethernet (registered trademark).

  Also, using the setting unit 122 on the printer 12 side, the use of the address book 120 of the printer 12 is set to ON, and the address book 120 is set to priority. Thereby, in user authentication of the printer 12, the user authentication result based on the information in the address book 120 of the printer 12 is given the highest priority.

  The scanner 11 and the printer 12 are connected via Ethernet (registered trademark), and an IC card 16 possessed by the user is attached to a user information acquisition device (IC card reader) 13 connected to the scanner 11 via USB. By approaching, a user ID (for example: user02) and a password (for example: pass02) as user information recorded therein are read and input to the user management unit 111 of the scanner 11. The user management unit 111 performs user authentication for the address book 110 of the scanner.

  As shown in FIG. 9, since the authentication information 110a in the address book 110 of the scanner 11 does not include information of user ID = user02 and password = pass02, the result of user authentication is NG. Therefore, the authentication information 21 in the first device of the authentication packet 20 shown in FIG. 3 becomes authentication NG and is passed to the communication unit 113 of the scanner 11.

  The communication unit 113 of the scanner 11 transmits an authentication packet 20 including an authentication result of the scanner 11 as a request from the client to the communication unit 123 formed of an external socket of the user management unit 121 of the printer 12.

  A communication unit 123 that is a part of the user management unit 121 of the printer 12 receives the authentication packet 20 from the communication unit 113 of the scanner 11. Here, since the user management unit 121 of the printer 12 is set to ON, user authentication is required. Since the use of the address book 120 of the printer 12 itself is also set to ON, the user management unit 121 performs user authentication using the address book 120 of the printer 12. The address book 120 shown in FIG. 9 has information of user ID = user02 and password = pass02, and is obtained from the authentication subject and sent through the Ethernet (registered trademark) of the authentication packet 20 of FIG. Since it matches the user information (user ID 23, password 24), the result of user authentication is OK. Therefore, the authentication information 22 in the second device of the authentication packet 20 in FIG. 3 is authentication OK.

  Then, the user management unit 121 of the printer 12 permits the user to use the printer 12 when the authentication result at the printer 12 is OK. In addition, the communication unit 123 of the printer 12 includes an authentication packet including an authentication result in the address book 120 of the printer 12 (authentication OK of the authentication information 22 in the second device) as a response to the request from the communication unit 113 of the scanner 11. 20 is transmitted to the communication unit 113 of the scanner 11.

  As described above, according to the fourth embodiment, when connecting and using a plurality of devices capable of user authentication, it is not necessary to perform authentication for each device, and a plurality of connected devices are collected. By performing authentication, user authentication can be easily performed with the same effort as authenticating one device. In particular, in the fourth embodiment, the user management unit of the first and second devices and the address book of the first and second devices are set to ON, and user information input from the person to be authenticated Is transmitted from the first device to the second device in the authentication packet 20, and the user authentication of the first device is performed using the user management unit 111 and the address book 110 of the first device, and the second device By performing user authentication of the second device using the user management unit 121 and the address book 120, user authentication of the first and second devices can be performed collectively. Here, since the use of the scanner 11 is not permitted and only the use of the printer 12 is permitted, the scanner 11 and the printer 12 cannot be used together.

(Fifth embodiment)
FIG. 10 is a diagram for explaining the operation of the authentication system according to the fifth embodiment. Each component of the authentication system 10 in FIG. 10 is the same as that in FIG. 2 or FIGS. 6 to 9, and the same parts or corresponding parts are denoted by the same reference numerals and redundant description is omitted.

  The feature of the fifth embodiment is that user authentication of the scanner 11 is performed using the address book 110 of the scanner 11 and user authentication of the printer 12 is performed using the address book 120 of the printer 12 as shown in FIG. This is the same as in the fourth embodiment, except that the address book 110 of the scanner 11 is set to non-priority. That is, since the address book 110 of the scanner 11 is set to be non-prioritized, the user authentication of the first device is performed using both the address books 110 and 120, and the authentication information of one of the address books If the user information input from the person to be authenticated matches, the authentication is OK.

  First, using the setting unit 112 on the scanner 11 side, the function of the user management unit 111 of the scanner 11 is set to ON. Thus, user authentication is required when using the scanner 11.

  Also, using the setting unit 112 on the scanner 11 side, the use of the address book 110 of the scanner 11 is set to ON, and the address book 110 is set to non-priority. Thereby, in user authentication of the scanner 11, user authentication is performed using information in both the address book 110 of the scanner 11 and the address book 120 of the printer 12.

  Subsequently, the setting unit 122 on the printer 12 side is used to set the function of the user management unit 121 of the printer 12 to ON. Thus, user authentication is required when using the printer 12. Then, the remote external authentication device of the communication unit 123 is validated using the setting unit 122 on the printer 12 side. As a result, it is possible to receive information relating to user authentication sent from a machine having a specific address connected via Ethernet (registered trademark).

  Also, using the setting unit 122 on the printer 12 side, the use of the address book 120 of the printer 12 is set to ON, and the address book 120 is set to priority. Thereby, in user authentication of the printer 12, the user authentication result based on the information in the address book 120 of the printer 12 is given the highest priority.

  The scanner 11 and the printer 12 are connected via Ethernet (registered trademark), and an IC card 16 possessed by the user is attached to a user information acquisition device (IC card reader) 13 connected to the scanner 11 via USB. By approaching, a user ID (for example: user02) and a password (for example: pass02) as user information recorded therein are read and input to the user management unit 111 of the scanner 11. The user management unit 111 performs user authentication for the address book 110 of the scanner.

  As shown in FIG. 10, since the authentication information 110a in the address book 110 of the scanner 11 does not include information of user ID = user02 and password = pass02, the result of user authentication is NG. Therefore, the authentication information 21 in the first device of the authentication packet 20 shown in FIG. 3 becomes authentication NG and is passed to the communication unit 113 of the scanner 11.

  The communication unit 113 of the scanner 11 transmits an authentication packet 20 including an authentication result of the scanner 11 as a request from the client to the communication unit 123 formed of an external socket of the user management unit 121 of the printer 12.

  A communication unit 123 that is a part of the user management unit 121 of the printer 12 receives the authentication packet 20 from the communication unit 113 of the scanner 11. Here, since the user management unit 121 of the printer 12 is set to ON, user authentication is required. Since the use of the address book 120 of the printer 12 itself is also set to ON, the user management unit 121 performs user authentication using the address book 120 of the printer 12. The address book 120 shown in FIG. 10 has information of user ID = user02 and password = pass02, and is obtained from the authentication person 20 and sent via the Ethernet (registered trademark) of the authentication packet 20 of FIG. Since it matches the user information (user ID 23, password 24), the result of user authentication is OK. Therefore, the authentication information 22 in the second device of the authentication packet 20 in FIG. 3 is authentication OK.

  Then, the user management unit 121 of the printer 12 permits the user to use the printer 12 when the authentication result at the printer 12 is OK. Further, the communication unit 123 of the printer 12 receives, as a response to the request from the communication unit 113 of the scanner 11, data including an authentication result in the address book 120 of the printer 12 (authentication OK of the authentication information 22 in the second device). The data is transmitted to the communication unit 113 of the scanner 11.

  The communication unit 113 of the scanner 11 passes the received data to the user management 111 of the scanner 11. The user management unit 111 of the scanner 11 permits the user to use the scanner 11 on the basis that the authentication result of the authentication information 22 in the second device in the received authentication packet 20 is OK.

  As described above, according to the fifth embodiment, when a plurality of user-authenticable devices are connected and used, it is not necessary to perform authentication for each device, and a plurality of connected devices are collected. By performing authentication, user authentication can be easily performed with the same effort as authenticating one device. In particular, in the fifth embodiment, the user management unit of the first and second devices and the address book of the first and second devices are set to ON, respectively, and the first address book is not prioritized. Is set. For this reason, since the user authentication of the first device is performed using the address book of both the first and second devices, the user authentication result performed using the address book of the second device is If OK, the authentication result of the first device is also OK, and user authentication of the first and second devices can be performed together. In this case, unlike the fourth embodiment, since both the scanner 11 and the printer 12 can be used, it can be used like a copying machine.

  As an embodiment other than the above, when both the address books of the first and second devices are set to non-priority, the address book of the first and second devices is used in either device. If the authentication is OK, both devices can be used.

  Further, when both the address books of the first and second devices are set to non-priority, and accounts with the same user name but different passwords are included in the respective address books, for example, the scanner 11 The address book 110 has user ID = user01 and password = pass01. The address book 120 of the printer 12 stores user ID = user01 and password = pass02, and the user information read from the IC card 16 is the user information. If ID = user01 and password = pass01, the authentication results of both the first and second devices are OK based on the information in the address book 110 on the scanner 11 side. In this case, it is synonymous with having a plurality of passwords with the same user ID.

  The first and second devices constituting the authentication systems according to the first to fifth embodiments described above include a control device such as a CPU (not shown), a ROM (Read Only Memory), A hardware configuration similar to that of a normal computer, including a storage device such as a RAM, an external storage device such as an HDD and a CD drive device, and an operation panel (display device, input device) including a liquid crystal panel and a touch panel. It has.

  The authentication program executed in the authentication system according to the first to fifth embodiments is a file in an installable format or an executable format, and is a CD-ROM, flexible disk (FD), CD-R, DVD. It can be provided by being recorded on a computer-readable recording medium such as (Digital Versatile Disk).

  The authentication program executed by the authentication system according to the first to fifth embodiments is stored on a computer connected to a network such as the Internet and is provided by being downloaded via the network. May be. Moreover, you may comprise so that the authentication program performed with the authentication system which concerns on the 1st-5th embodiment may be provided or distributed via networks, such as the internet.

  Furthermore, an authentication program executed by the authentication system according to the first to fifth embodiments may be provided by being incorporated in advance in a ROM or the like.

  The authentication program executed in the authentication system according to the first to fifth embodiments has a module configuration including the above-described units (user management unit, address book, setting unit, communication unit), As the hardware, a CPU (processor) reads the authentication program from the storage medium and executes it, so that each unit is loaded onto the main storage device, and a user management unit, an address book, a setting unit, and a communication unit are installed on the main storage device. It is to be generated.

It is a network block diagram of the authentication system concerning 1st Embodiment. FIG. 2 is a functional block diagram illustrating an internal configuration of the scanner and printer of FIG. 1. FIG. 3 is a configuration diagram of an authentication packet exchanged between the scanner of FIG. 2 and a printer. FIG. 3 is a diagram illustrating a combination of authentication results when the address book setting state of the first device in FIG. FIG. 3 is a diagram illustrating a combination of authentication results when the address book setting state of the first device in FIG. 2 is ON and non-prioritized. It is a figure explaining operation | movement of the authentication system concerning 1st Embodiment. It is a figure explaining operation | movement of the authentication system concerning 2nd Embodiment. It is a figure explaining operation | movement of the authentication system concerning 3rd Embodiment. It is a figure explaining operation | movement of the authentication system concerning 4th Embodiment. It is a figure explaining operation | movement of the authentication system concerning 5th Embodiment. It is a network block diagram which performs the authentication regarding use of a scanner separately. It is a network block diagram which performs the authentication regarding use of a printer separately.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Authentication system 11 Scanner 110 Address book 111 User management part 112 Setting part 113 Communication part 12 Printer 120 Address book 121 User management part 122 Setting part 123 Communication part 13 User information acquisition apparatus (card reader)
14 PC
16 IC card 20 Authentication packet 21 Authentication information in the first device 22 Authentication information in the second device 23 User ID
24 password

Claims (9)

An authentication system in which at least a first device and a second device are connected to authenticate a plurality of these devices,
The first device is:
First authentication information holding means for holding in advance authentication information to be a verification source when authenticating the person to be authenticated;
First user management means for determining whether or not the device can be used based on an authentication result obtained by comparing the user information acquired from the user to be authenticated and the authentication information;
First setting means for setting functions of the first authentication information holding means and the first user management means;
First communication means for connecting to at least the second device and exchanging information about authentication;
With
The second device is:
Second authentication information holding means for holding in advance authentication information as a verification source when performing authentication of the person to be authenticated;
Second user management means for determining whether or not the device can be used based on an authentication result obtained by comparing the user information acquired from the user to be authenticated with the authentication information;
Second setting means for setting functions of the second authentication information holding means and the second user management means;
A second communication means for connecting to at least the first device and exchanging information about authentication;
With
The first setting means and the second setting means use authentication information of at least one of the first authentication information holding means and the second authentication information holding means, and the first user management means By setting at least one of the second user management means to be used and exchanging information about authentication between the first device and the second device, An authentication system, wherein authentication of the second device is performed collectively.   The first device and the second device are connected in a server-client relationship, and a request from the client-side device to the server-side device via the first communication unit and the second communication unit. The authentication system according to claim 1, wherein information relating to authentication is transmitted and a response corresponding to the request is returned. The first setting means determines whether or not to authenticate using the information of the first authentication information holding means and the authentication of the first device based only on the information of the first authentication information holding means. Set whether or not to
The second setting means determines whether or not to authenticate using the information of the second authentication information holding means and the authentication of the second device based only on the information of the second authentication information holding means. The authentication system according to claim 1, wherein setting whether or not to perform is performed. The first setting means sets whether or not it is necessary to authenticate the first device using the first user management means,
The said 2nd setting means sets whether it is necessary to authenticate the said 2nd apparatus using the said 2nd user management means, The any one of Claims 1-3 characterized by the above-mentioned. Authentication system described in one.   Information relating to authentication exchanged between the first communication means of the first device and the second communication means of the second device includes the user information, the authentication information, and the authentication result. The authentication system according to claim 1, wherein the authentication system includes at least one piece of information.   At least one of the first setting unit and the second setting unit changes the setting of the information acquisition destination with respect to the first communication unit and the second communication unit, whereby the first device The authentication system according to any one of claims 1 to 5, wherein the authentication-related information can be received also from an external device other than the second device. An authentication method in which at least a first device and a second device are connected to authenticate a plurality of these devices,
The first setting means of the first device has first authentication information holding means for holding in advance authentication information to be a verification source when authenticating the authenticated person, and a user acquired from the authenticated person A first setting step for setting a function of a first user management means for determining whether or not to use the device based on a collation result obtained by collating information with the authentication information;
A second authentication information holding means for holding in advance authentication information to be a verification source when the second setting means of the second device authenticates the user to be authenticated; and a user acquired from the user to be authenticated A second setting step for setting a function of a second user management means for determining whether or not the device can be used based on a matching result obtained by matching information with the authentication information;
In the first and second setting steps, at least one authentication information of the first authentication information holding unit and the second authentication information holding unit is used, and the first user management unit and the second authentication information holding unit are used. It is set to use at least one management means of user management means, exchanges information about authentication between the first device and the second device, and the first device and the second device An authentication step that collectively performs
An authentication method comprising:   An authentication program for causing a computer to execute the authentication method according to claim 7.   A computer-readable storage medium storing the authentication program according to claim 8.

Images