JP5630101B2 - Information processing system, image forming apparatus, authentication server, processing method thereof, and program - Google Patents

Description

The present invention, for example the storage medium used, the information processing system that enables authentication of an image forming apparatus, an image forming apparatus, the authentication server, a processing method and a program.

2. Description of the Related Art Conventionally, a so-called “pull print (accumulated printing)” printing system in which a user outputs print data from a printing apparatus by making a printing request from the printing apparatus to print data temporarily accumulated on a server. It has been known. Accordingly, the user can output print data from a desired printing apparatus instead of outputting to a specific printing apparatus during printing from an application (for example, Patent Document 1).
An example of a printing procedure in such a printing system is as follows.

  When the user holds the IC card over the IC card reader connected to the printing apparatus, the IC card reader detects the UID (unique ID) of the IC card. Then, in order to determine whether or not the user is a usable user, the printing apparatus refers to the authentication table stored in the authentication server and set to allow login based on the UID, and executes user authentication processing. As a result of the authentication process, if the login is successful, the printing apparatus acquires and prints the print data of the user temporarily stored on the server.

In such a mechanism, when a new person who uses the printing apparatus or a person who stops using the printer occurs, the administrator requests the administrator to register the UID or delete the UID, and the administrator performs the processing. The problem that an administrator's trouble is required arises.
Therefore, Patent Document 2 discloses a mechanism for registering the UID of the IC card in the authentication table if the UID is not registered at the time of IC card authentication.

  As disclosed in Patent Document 3, this authentication mechanism includes keyboard authentication based on a user name and a password so that a user who has forgotten the IC card can log in in addition to the authentication based on the IC card.

JP 2006-99714 A JP 2008-181491 A Japanese Patent Application No. 2007-318395

  In the system of Patent Document 2 above, when a newly issued IC card is held and IC card authentication is executed, the card information (UID) of the held IC card is registered in the authentication table of the authentication server. Otherwise, the system registers the card information of the IC card.

  On the other hand, companies that use IC cards often use temporary lending cards (temporary cards) when IC cards are lost or forgotten. Since the temporary card is lent to different users every day, when using the system of Patent Document 2, the temporary card information is linked to the first registered user, and the next lent user registers the card. The problem of not being able to do arises. Also, if you hold the card as it is, there is a problem that you log in as a previous user, making it difficult to use temporary cards.

  It is also possible to use a system that allows the temporary card to be used only on the registration date. In this case, however, the system cannot be operated for a long time. For example, the temporary card can be lent for a certain period during a business trip. I can't do it. In particular, in the use of a temporary card, since the usage period of the temporary card varies for each user, flexible setting and registration of the temporary card is desired.

By using the above idea, when a card not registered in the authentication server is held over, the card information can be registered by inputting own user information.
However, this is a registration function relating to a card that is normally used, not a provisional card that is registered when the card is forgotten.

  Generally, the temporary card operation issued when a card is forgotten requires the administrator to manage the user and the card, resulting in a decrease in usability. The fact that the administrator's work is required tends to make the user's confidence to issue a temporary card easily, and inevitably tends to hesitate to use the temporary card.

  For this reason, a temporary card that is temporarily issued and used when a card that is normally used is forgotten may limit the devices (image forming apparatuses such as copying machines) to be used.

Accordingly, the present invention facilitates registration of a reading object temporarily used by a user when authentication is performed by user information , and restricts devices that can be used with the registered reading object, thereby improving security. The purpose is to provide a mechanism that takes into account.

The present invention, there in an information processing system including an authentication information storage unit that stores authentication information including identification information and user information obtained from the read preparative object, and an image forming apparatus including a reading means for reading the object to be read The image forming apparatus includes a user information receiving unit that receives user information input by a user operation, a first authentication request unit that makes an authentication request using the user information received by the user information receiving unit, An authentication result receiving means for receiving an authentication result of the user information; and an authentication result received by the authentication result receiving means is read by a user temporarily corresponding to the user information in the authentication information storage device A notification means for notifying a user that the user is prompted to register a reading object to be temporarily used when the object is not registered; After the notification by the intelligence means, when the reading object is read by the reading means, the identification information obtained by reading the reading object is registered as a reading object temporarily used by the user, In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are transmitted to the authentication information storage device . Registration information transmitting means, second authentication request means for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means, and the second authentication request when the authentication by the authentication request made in means is successful, and control means for permitting the use of the image forming apparatus, the authentication information storage device, an authentication request of the user information A first authentication request receiving means for signal, in accordance with the authentication information, an authentication unit for authenticating the user information, by referring to the authentication information, to the user information, read object for the user to temporarily use Determining means for determining whether or not the identification information is registered, and the determination means determines that the identification information of the reading object temporarily used by the user is not registered for the user information. If, receives the first authentication result transmitting means for transmitting the pre-Symbol said identification information transmitted from the image forming apparatus and said image forming apparatus identification information authentication result indicating that the identification information is not registered Registration information receiving means, and registration means for registering the identification information as the reading object to be temporarily used and the image forming apparatus identification information in association with the user information authenticated by the authentication means And according to the authentication request by the second authentication request means, the identification information is in the authentication information, and the image forming apparatus identification information of the image forming apparatus that has transmitted the authentication request corresponds to the identification information. And a second authentication result transmitting means for transmitting a successful authentication result for the authentication request when the identification information matches.

Further, the prior SL authentication information storage unit, the authentication request by the second authentication request means, when an authentication request identification information previously registered in the authentication information storage device, which is registered by the registration means The image processing apparatus further includes a deletion unit that deletes the identification information of the reading object temporarily used by the user .

The identification information said registered in advance, wherein the user Ru identification information der obtained from normal Use object to be read.
The authentication information storage device may be configured to register the identification information registered by the registration unit from an image forming device different from the image forming device identification information registered by the registration unit. The image forming apparatus identification information registered by the registration unit is changed to the image forming apparatus identification information received by the registration information receiving unit and different from the image forming apparatus identification information registered by the registration unit. It is further characterized by further comprising a changing means.
The changing unit deletes the identification information and the image forming apparatus identification information registered by the registration unit, and newly registers the identification information and the image forming apparatus identification information received by the receiving unit .

According to the present invention, when authentication based on user information is performed, it is easy to register a reading object that is temporarily used by the user , and by restricting devices that can be used with the registered reading object, It is possible to provide a mechanism that takes into account

It is a figure which shows the structure of the system in embodiment of this invention. It is a figure which shows the hardware constitutions of the information processing apparatus as a client apparatus and IC card authentication server in embodiment of this invention. 1 is a diagram illustrating a hardware configuration of an image forming apparatus that is a multifunction peripheral according to an embodiment of the present invention. It is a functional block diagram which shows the function structure of the information processing system which concerns on this invention. It is a flowchart which shows an example of the 1st keyboard authentication process in embodiment of this invention. It is a flowchart which shows an example of the 2nd keyboard authentication process in embodiment of this invention. It is a flowchart which shows an example of the 3rd keyboard authentication process in embodiment of this invention. It is a flowchart which shows an example of an IC card authentication process in embodiment of this invention. 4 is an example of an authentication table managed by a ROM 2003 on the IC card authentication server 200. In the present invention, it is an example of an IC card authentication screen displayed on the touch panel of the multifunction machine 300. In the present invention, it is an example of a keyboard authentication screen displayed on the touch panel of the multifunction machine 300. In the present invention, it is an example of a temporary card registration screen (unregistered) displayed on the touch panel of the MFP 300. In the present invention, it is an example of a temporary card registration screen (registered) displayed on the touch panel of the multifunction machine 300. 6 is an example of a temporary card registration confirmation screen displayed on the touch panel of the multifunction machine 300 in the present invention. 4 is an example of a temporary card registration success screen displayed on the touch panel of the multifunction machine 300 in the present invention. 6 is an example of a temporary card registration failure screen displayed on the touch panel of the multifunction machine 300 in the present invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a system configuration diagram showing an example of the configuration of the security system using a multifunction machine, USB, IC card reader, IC card authentication server, and client PC of the present invention. The authentication server 200 associates an IC card number (manufacturing number) used by a user with a user name and password and holds them as user information storage means, and has a function of searching for the user from the IC card number or user name and password. It is an authentication server. The user name is user identification information for identifying the user, and is stored in association with a password for authentication. Details of this will be described later with reference to FIG.
Hereinafter, a preferred embodiment of a screen forming system according to the present invention will be described in detail with reference to the drawings.
FIG. 1 is a system configuration diagram illustrating an example of an information processing system according to the present embodiment.

  As shown in FIG. 1, the information processing system includes, for example, one or more MFPs 300, an IC card authentication server 200, and one or more client PCs 100 suitable for the image forming apparatus of the present invention. 400 (hereinafter simply referred to as a network or a communication medium).

  The multi-function device 300 can perform authentication processing by transmitting the card number read from the IC card held over the IC card reader 500 (reading means) to the IC card authentication server 200 as an authentication request. In addition to the IC card authentication, the user name and password input from the operation unit of the multi-function apparatus 300 can be transmitted to the IC card authentication server 200 as an authentication request for authentication processing.

  The IC card authentication server 200 stores an IC card authentication table (FIG. 9) to be described later. Then, in response to an authentication request using an IC card (referred to as IC card authentication) from the multifunction device 300 or an authentication request using a user name and password (referred to as keyboard authentication), authentication processing is performed using an IC card authentication table. Do. The IC card authentication table in FIG. 9 can be restated as user information for storing user identification information (for example, user name) for identifying a user.

  The IC card authentication server 200 is configured to be communicable with, for example, a directory server (not shown), and when there is an authentication request using a user name and password, the directory server is inquired and the user name is stored in the directory server It is also possible to determine that the authentication is successful, and to transmit the authentication result from the IC card authentication server 200 to the multifunction device 300. Of course, the IC card authentication server 200 may be provided with a directory server function. The client PC 100 is provided with a printer driver, and can perform print settings for print data to be printed by the multifunction machine 300.

  Note that no user name or password is registered in the IC card itself of this embodiment. This is to prevent the leakage of user name and password information by analyzing the card information when the IC card is lost.

  Here, the IC card authentication table (user information storage means) in FIG. 9 will be described. In FIG. 9, the password, card information, mail address, and temporary card information are registered as one record for the user name. In the card information column, a plurality of pieces of card information can be registered for one user. The card information is information for registering as an IC card normally used by the user.

  In the temporary card information column, card information (storage medium identification information) as a temporarily used storage medium, the IP address of the registered multifunction peripheral, and the registration date and time can be registered. A set of temporary card information includes card information of a storage medium temporarily used, an IP address of a registered multifunction peripheral, and information of a registration date and time. The registration date / time information may be omitted.

FIG. 9 shows an example of one user in the IC card authentication table. Since registration is performed for a plurality of users, the information in FIG. 9 is registered for the number of users. When performing search processing (authentication processing) in keyboard authentication or IC card authentication, it is realized by searching a database in which user names and card numbers are registered for the number of users.
Hereinafter, the hardware configuration of the information processing apparatus applicable to the client PC 100 and the IC card authentication server 200 shown in FIG. 1 will be described with reference to FIG.

In FIG. 2, reference numeral 2001 denotes a CPU that comprehensively controls each device and controller connected to the system bus 2004. Further, the ROM 2003 or the external memory 2011 has a BIOS (Basic Input) which is a control program of the CPU 2001.
/ Output System), an operating system program (hereinafter referred to as OS), and various programs necessary for realizing functions executed by each server or each PC.

  Reference numeral 2002 denotes a RAM that functions as a main memory, work area, and the like of the CPU 2001. The CPU 2001 implements various operations by loading a program or the like necessary for execution of processing from the ROM 2003 or the external memory 2011 to the RAM 2002 and executing the loaded program.

  An input controller 2005 controls input from a keyboard (KB) 2009 or a pointing device such as a mouse (not shown). A video controller 2006 controls display on a display device such as a CRT display (CRT) 2010. In FIG. 2, although described as CRT2010, the display may be not only a CRT but also other display such as a liquid crystal display. These are used by clients as needed.

  A memory controller 2007 is connected to the hard disk (HD), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, etc. via an adapter. The access to the external memory 2011 such as a compact flash (registered trademark) memory is controlled.

  A communication I / F controller 2008 is connected to and communicates with an external device via a network (for example, the LAN 400 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP is possible.

  Note that the CPU 2001 enables display on the CRT 2010 by executing outline font rasterization processing on a display information area in the RAM 2002, for example. Further, the CPU 2001 enables a user instruction with a mouse cursor (not shown) on the CRT 2010.

Various programs operating on hardware are recorded in the external memory 2011, and are executed by the CPU 2001 by being loaded into the RAM 2002 as necessary. Furthermore, definition files and various information tables used when executing the program are also stored in the external memory 2011.
Next, the hardware configuration of the controller unit that controls the multifunction machine 300 as the information processing apparatus of the present invention will be described with reference to FIG.
FIG. 3 is a block diagram illustrating a hardware configuration example of the controller unit 5000 of the multifunction machine 300.

  In FIG. 3, a controller unit 5000 is connected to a scanner 5015 functioning as an image input device and a printer 5014 functioning as an image output device, and a local area network such as the LAN 400 shown in FIG. By connecting to a public line (WAN) such as ISDN, image data and device information are input and output.

As shown in FIG. 3, the controller unit 5000 includes a CPU 5001, a RAM 5006, a ROM 5002, an external storage device (hard disk drive (HDD)) 5007, a network interface (Network I / F) 5003, a modem (Modem) 5004, an operation unit interface ( Operation unit I / F) 5005, external interface (external I / F) 5009, image bus interface (IMAGE BUS I / F) 5008, raster image processor (RIP) 5010, printer interface (printer I / F) 5011, scanner interface (Scanner I / F) 5012, an image processing unit 5013, and the like.
A CPU 5001 is a processor that controls the entire system.

A RAM 5006 is a system work memory for the CPU 5001 to operate, and is a program memory for recording a program and an image memory for temporarily storing image data.
The RO 5002 stores a system boot program and various control programs.
An external storage device (hard disk drive HDD) 5007 stores various programs for controlling the system, image data, and the like.

  An operation unit interface (operation unit I / F) 5005 is an interface unit with the operation unit (UI) 5018, and outputs image data to be displayed on the operation unit 5018 to the operation unit 5018.

The operation unit I / F 5005 serves to transmit information (for example, user information) input by the system user from the operation unit 5018 to the CPU 5001. Note that the operation unit 5018 includes a display unit having a touch panel, and various instructions can be given by a user pressing (touching with a finger or the like) a button displayed on the display unit.
A network interface (Network I / F) 5003 is connected to a network (LAN) and inputs / outputs data.
A modem (MODEM) 5004 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  An external interface (external I / F) 5009 is an interface unit that accepts external inputs such as USB, IEEE 1394, printer port, and RS-232C. In the present embodiment, a card reader for reading an IC card required for authentication is used. 500 is connected.

  Then, the CPU 5001 can control reading of information from the IC card by the card reader 500 via the external I / F 5009, and can acquire information read from the IC card. Note that the storage medium is not limited to an IC card, and any storage medium that can identify a user may be used. In this case, identification information for identifying the user is stored in the storage medium. This identification information may be a production number of the storage medium or a user code given by the user within the company. The above devices are arranged on the system bus.

On the other hand, an image bus interface (IMAGE BUS I / F) 5008 is a bus bridge that connects a system bus 5016 and an image bus 5017 that transfers image data at high speed and converts a data structure.
The image bus 5017 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 5017.
A raster image processor (RIP) 5010 develops, for example, vector data such as a PDL code into a bitmap image.

  A printer interface (printer I / F) 5011 connects the printer 5014 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

  A scanner interface (scanner I / F) 5012 connects the scanner 5015 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

  An image processing unit 5013 corrects, processes, and edits input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 5013 performs rotation of image data and compression / decompression processing such as JPEG for binary image data and JBIG, MMR, MH for binary image data.

  A scanner 5014 connected to the scanner I / F 5012 illuminates an image on paper as a document and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 5018, the CPU 5001 gives an instruction to the scanner, and the feeder feeds the original paper one by one to read the original image. I do.

  A printer 5014 connected to the printer I / F 5011 is a part that converts raster image data into an image on paper. The method is an electrophotographic method using a photosensitive drum or a photosensitive belt, and ink is supplied from a micro nozzle array. There is an ink jet method for ejecting and printing an image directly on a sheet, but any method may be used. The printing operation is started in response to an instruction from the CPU 5001. Note that the printer unit 5014 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  An operation unit 5018 connected to the operation unit I / F 5005 includes a liquid crystal display (LCD) display unit. A touch panel sheet is affixed on the LCD and displays a system operation screen. When a displayed key is pressed, the position information is transmitted to the CPU 5001 via the operation unit I / F 5005. The operation unit 5018 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

  Here, the start key of the operation unit 5018 is used when starting a document image reading operation. There are green and red LEDs in the center of the start key, and indicates whether or not the start key can be used depending on the color. Further, the stop key of the operation unit 5018 functions to stop the operation being performed. The ID key of the operation unit 5018 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit 5018.

The card reader 500 connected to the external I / F 5009 reads information stored in the IC card (for example, Sony FeliCa (registered trademark)) under the control of the CPU 5001, and reads the read information to the external I / F 5009. The CPU 5001 is notified via F5009.
Next, the functions of the client PC 100, the IC card authentication server 200, and the multifunction device 300 according to the present invention will be described with reference to the functional block diagram of FIG.

FIG. 4 is a functional block diagram showing a schematic configuration of the system according to the embodiment of the present invention. The system according to the embodiment of the present invention has a configuration in which a client PC 100, an IC card authentication server 200, and a multifunction device 300 are connected via a predetermined communication medium 400 capable of bidirectional communication. A card reader 500 is connected to the multifunction device 300.
Since the operation flow between the respective functions will be described later, an explanation of functional block diagrams described in various terminals will be given here.
<Client PC 100>

  The print data generation unit 150 on the client PC can generate print data (job) based on the data received from the application program, and can transmit the print data to the MFP 300 or the like. The print data generation unit 150 is realized by, for example, a printer driver program, but may be realized by an application program having a print data generation function.

The print data generation unit 150 also has a function of designating an output port as a transmission destination of the multifunction device 300 for the generated print data. The transmission function of the OS of the client PC transmits the print data according to the designated output port, so that the print data is transmitted to the MFP 300.
<IC card authentication server 200>

  The MFP communication unit 250 on the IC card authentication server 200 (hereinafter also referred to as an authentication server) includes a function of receiving an authentication request from the MFP 300 and returning the authentication result of the authentication unit 251 to the MFP 300 again. It has a function of performing data communication with the machine 300.

The authentication unit 251 receives the authentication request from the MFP communication unit 250, accesses the authentication table (FIG. 9) managed (stored) on the authentication server, and associates it with the card number or user name and password requested for authentication. The user information is searched, and the authentication result is returned to the MFP communication unit 250. Specifically, when an authentication request is made with a card number, it is determined whether the card number exists in the authentication table. If it exists, “TRUE” is returned as an authentication result, and it does not exist. Returns “FALSE” as the authentication result. In addition, when there is an Active Directory server (not shown) separately from the IC card authentication server 200, the authentication server sends an authentication request to the Active Directory server using the user name and password associated with the card number. The authentication result may be returned to the MFP 300. If authentication is requested with a user name and password, it is determined whether a combination that matches the user name and password exists in the authentication table, and if present, “TRUE” is returned as an authentication result. If it does not exist, “FALSE” is returned as an authentication result.
The temporary card management unit 252 of the authentication server manages temporary card registration and deletion. This process will be described later.
<Multifunction device 300>

The card reader control unit 351 on the multifunction peripheral acquires card information (manufacturing number) held over the card reader 500. The authentication server communication unit 352 has a function of transmitting an authentication request to the authentication server 200 using the card number and receiving an authentication result returned from the authentication server 200.
It is assumed that the authentication unit 350 permits the use of the multifunction device using the user name in accordance with the authentication result returned from the authentication server 200.
<Detailed processing>
Detailed description of the processing in the present embodiment will be described with reference to the flowcharts of FIGS.

  5 to 7 are flowcharts illustrating an example of a method for performing keyboard authentication and logging in to the multifunction peripheral 300 and a process for registering a temporary card in the embodiment of the present invention.

  It is assumed that the processing in the MFP 300 is realized by developing a program stored in the HDD 5008 of the MFP 300 in the RAM 5006 and executing it by the CPU 5001. Further, the processing in the IC card authentication server 200 is realized by developing a program stored in the external memory 2011 of the IC card authentication server 200 in the RAM 2002 and executing the program by the CPU 2001.

  In step S <b> 100, the authentication unit 350 of the MFP 300 displays a keyboard authentication screen on the operation unit 5018. Then, the user name and password input can be received by user operation via the keyboard authentication screen.

  FIG. 11 is an example of a keyboard authentication screen displayed on the operation unit 5018 capable of touch panel operation of the multifunction machine 300. In the example of FIG. 11, the user name, password, and domain can be input. However, only the user name and password may be input. On the right side of the screen, there is a button for switching between “IC card authentication” and “keyboard authentication”. By pressing this button, you can switch between “IC card authentication” mode and “keyboard authentication” mode. It has become. In the description of FIG. 5, processing in keyboard authentication will be described.

  In step S101, the authentication unit 350 of the MFP 300 determines whether the login button on the keyboard authentication screen has been pressed. If it is detected that the login button has been pressed, the process proceeds to step S102. If it is not detected that the login button or the switch button to “IC card authentication” has been pressed, the process is looped.

  In step S102, the authentication unit 350 of the MFP 300 acquires the user name and password input on the keyboard authentication screen (first login information receiving unit).

In step S103, the authentication server communication unit 352 of the multifunction machine 300 transmits an authentication request command to the authentication server. The authentication request command here includes the user name and password acquired in step S102. The subsequent processing moves to processing of the authentication server 200.
In step S104, the MFP communication unit 250 of the authentication server 200 receives the authentication request command transmitted from the MFP.

  In step S105, the authentication unit 251 of the authentication server 200 searches (authenticates) whether the authentication table includes a combination that matches the user name and password included in the authentication request command acquired in step S104. If the user exists, the process proceeds to step S106, and if the user does not exist, the process proceeds to step S113.

  In step S106, the authentication unit 251 of the authentication server 200 acquires the user information searched (authenticated) in step S105. The acquired user information includes the user name, e-mail address, etc. of the authentication table.

  In step S107, the temporary card management unit 252 of the authentication server 200 refers to the temporary card information of the user information acquired in step 106 to determine whether or not a temporary card is registered for the user name to be authenticated. Make a decision. If a temporary card is registered, the process proceeds to step S108, and if not registered, the process proceeds to step S111.

In step S108, the temporary card management unit 252 of the authentication server 200 stores the authentication request transmission source IP address received in step 104 and the temporary card registration MFP of the user searched (authenticated) in step 105. Compare IP addresses. In other words, “Registered MFP” registered in the temporary card information and “MFP” requested for authentication.
Is the same multifunction device. If they are the same IP, the process proceeds to step S109, and if they are different IPs, the process proceeds to step S110.

  In step S109, the temporary card management unit 252 of the authentication server 200 sets the temporary card registration flag to “0” (temporary card registration and the same multifunction device).

  In step S110, the temporary card management unit 252 of the authentication server 200 sets the temporary card registration flag to “2” (temporary card registration and different multifunction machine).

  In step S111, the temporary card management unit 252 of the authentication server 200 sets the temporary card registration flag to “1” (no temporary card registration).

  In step S112, the authentication unit 251 of the authentication server 200 generates an authentication OK (“TRUE”) result command. The authentication OK result command includes a flag indicating authentication OK, the user information acquired in step S106, and the temporary card registration flag generated in any of steps 109 to 111.

  In step S113, the authentication unit 251 of the authentication server 200 generates an authentication NG (“FALSE”) result command. The authentication NG result command includes a flag indicating authentication NG.

In step S114, the MFP communication unit 250 of the authentication server 200 transmits the authentication result command generated in step S112 or step S113 to the MFP. Subsequent processing is processing in the MFP 300.
In step S115, the authentication server communication unit 352 of the MFP 300 receives the authentication result command transmitted from the authentication server.

In step 116, the authentication unit 350 of the MFP 300 analyzes the authentication result command (“TRUE” indicating successful authentication or “FALSE” indicating failed authentication) received in step S115, and determines whether or not the authentication is successful. to decide. If the authentication has succeeded, the process proceeds to step S118, and if the authentication has failed, the process proceeds to step S117.
In step S117, the authentication unit 350 of the MFP 300 displays an authentication error screen (not shown).

  In step S118, the authentication unit 350 of the MFP 300 acquires the user information and the temporary card registration flag included in the authentication result command received in step S115.

  In step S119, the authentication unit 350 of the multifunction device 300 determines whether the temporary card registration flag acquired in step 118 is “0”, that is, the user has already registered a temporary card from the multifunction device. When the flag is “0”, the process proceeds to step S120, and when other than “0”, the process proceeds to step S121.

  In step S120, the authentication unit 350 of the multifunction device 300 logs in to the multifunction device 300 using the user information acquired in step S118. In other words, if a temporary card has already been registered from the multifunction device, the process does not transition to the temporary card registration process.

  In this login process, when the authentication is successful using the information accepted by the keyboard authentication, the use (copying, faxing, scanning, printing, etc.) of the multifunction device 300 can be permitted (by the control unit of the multifunction device). processing). Since this control process is a known technique, a detailed description thereof is omitted.

  In step S121, the authentication unit 350 of the MFP 300 determines whether the temporary card registration flag acquired in step 118 is “1”, that is, whether a temporary card is registered for the user. When the flag is “1”, the process proceeds to step S122, and when other than “1”, the process proceeds to step S123.

  In step S122, the authentication unit 350 of the MFP 300 substitutes an unregistered message for the message. This message is displayed on the temporary card registration screen displayed in step S124 as shown in the screen example of FIG.

  FIG. 12 is a screen displayed for a user who has not registered a temporary card. The message substituted in step S122 corresponds to from "Do you want to register a temporary card?" To "* Only one temporary card can be registered per user." It is assumed that this message is stored in advance in the HDD 5007 as message data used in this program.

  In step S123, the authentication unit 350 of the MFP 300 substitutes the registered message for the message. This message is displayed on the temporary card registration screen displayed in step S124 as in the screen example of FIG.

  FIG. 13 is a screen displayed when the temporary card is a user registered in another device (multifunction device). The message substituted in step S123 corresponds to from “A temporary card has already been registered in another device” to “* Only one temporary card can be registered per user”. It is assumed that this message is stored in advance in the HDD 5007 as message data used in this program.

  In step S125, the card reader control unit 351 of the multi-function device 300 transmits a card reading start command to the card reader. That is, a polling start instruction command for reading the IC card is sent to the card reader.

  In step S126, the card reader enters the IC card reading state by receiving the card reader reading start command transmitted from the multifunction device in step S125.

  In step S127, the card reader detects that the IC card is held over and transmits a card event to the multi-function peripheral. This card event stores the card number held up. The card number may be a card manufacturing number stored in the IC card, or any number that can be arbitrarily stored in the IC card, a serial card name, etc., for identifying the user. May be. This process is looped until a card is detected. If no card is detected even after a predetermined time (for example, 30 seconds), an error signal indicating no card detection is returned to the multi-function device 300.

  In step S128, the card reader control unit 351 of the multifunction peripheral 300 waits until it receives a card event transmitted from the card reader. If a card event has been acquired, the process proceeds to step S131. If no card event is acquired, the process proceeds to step S129.

  In other words, after successful authentication using the user name and password accepted by keyboard authentication, when a registration instruction for a temporary medium temporarily used is received, the card is detected by the card reader (reading means). The card information obtained by this is acquired (storage medium identification information acquisition means). Here, the registration instruction of the storage medium temporarily used for the temporary card is not an explicit instruction, and the action of the user holding the temporary card over the card reader corresponds to the registration instruction.

In step S129, the authentication unit 350 of the MFP 300 waits until the “Login without registration” button on the temporary card registration screen is pressed. If the button has been pressed, the process proceeds to step S130, and if not, the process proceeds to step S128.
In step S130, the authentication unit 350 of the multifunction device 300 logs in to the multifunction device using the user information acquired in step S118.
In step S131, the authentication unit 350 of the MFP 300 acquires a card number from the card event acquired in step S128.

  In step S132, the authentication unit 350 of the MFP 300 displays a temporary card registration confirmation screen (FIG. 14). In FIG. 14, the card number acquired in step S131 is displayed on the temporary card registration confirmation screen. In the temporary card registration confirmation screen of FIG. 14, a registration button and a return button are prepared.

  In step S133, the authentication unit 350 of the MFP 300 determines whether or not the “Register” button displayed on the temporary card registration confirmation screen has been pressed. If the button has been pressed, the process proceeds to step S135. If the button has not been pressed, the process proceeds to step S134.

  In step S134, the authentication unit 350 of the MFP 300 determines whether the “return” button displayed on the temporary card registration confirmation screen has been pressed. If the button has been pressed, the process proceeds to step S124. If the button has not been pressed, the process returns to step S133.

  In step S135, the authentication server communication unit 352 of the MFP 300 transmits a temporary card registration request command to the authentication server. The registration request command includes the user name acquired in step S118 and the card number acquired in step S131.

That is, a registration request including the card number acquired in step S131, the user name acquired in step S118, and the IP address (image forming apparatus identification information) of the MFP 300 is transmitted to the authentication server 200 (storage medium) Identification information transmission means). The subsequent processing is processing in the IC card authentication server 200.
In step S136, the multifunction device communication unit 250 of the authentication server 200 receives the temporary card registration request command transmitted from the multifunction device.

  This temporary card registration request command includes card information (storage medium identification information), a user name (user identification information), and an IP address (image forming apparatus identification information) transmitted from the MFP 300 (registration request). Receiving means).

  In step S137, the authentication unit 251 of the authentication server 200 searches whether the user name included in the temporary card registration request command acquired in step S136 is included in the authentication table. If the user exists, the process proceeds to step S138, and if not, the process proceeds to step S143. Also, in this step S137, without using a method of referring to the authentication table again, the name of the user who has succeeded in the authentication by the last request for the MFP 300 and the user included in the temporary card registration request command It may be determined whether the name matches. In this case, it is necessary for the authentication server 200 to store the name of the user who has been authenticated by the requesting multifunction peripheral 300 and succeeded in authentication.

  In step S138, the temporary card management unit 252 of the authentication server 200 determines whether a temporary card is registered for the user information of the user searched in step S137. If a temporary card is registered, the process proceeds to step S139, and if not registered, the process proceeds to step S140.

  In step S139, the temporary card management unit 252 of the authentication server 200 deletes the set of temporary card information registered for the user searched in step S137. Here, the temporary card information set indicates the temporary card information, the IP address of the registered multifunction peripheral, and the registration date and time shown in the user table. This is because the set of temporary card information to be deleted is information registered with another multi-function peripheral or information registered with another temporary card, and can be determined as unnecessary.

  In step S140, the temporary card management unit 252 of the authentication server 200 acquires the current time from the multifunction machine. The current time may be requested and acquired at this timing, but this time may be used because the temporary card registration request command received in step S136 includes the request time. The current time of the request acquisition at this timing or the time of the request is collectively set as a registration time (corresponding to the registration date and time in FIG.

  In step S141, the temporary card management unit 252 of the authentication server 200 registers the temporary card number acquired in step S136, the registration source IP address, and the registration time (registration date / time) acquired in step S140 in the temporary card information of the user. To do.

  That is, as a temporary card that is temporarily used by the user corresponding to the user name included in the registration request received in step S136 and that can be used by the MFP 300 identified by the IP address, the card information and the user name It is registered in the user information table of FIG. 9 in association with the IP address (registration means).

  In step S142, the temporary card management unit 252 of the authentication server 200 generates a registration OK result command. The registration OK result command includes a flag indicating registration OK.

  In step S143, the temporary card management unit 252 of the authentication server 200 generates a registration NG result command. The registration NG result command includes a flag indicating registration NG.

In step S144, the multifunction device communication unit 250 of the authentication server 200 transmits the registration result command generated in step S142 or step S143 to the requesting multifunction device.
In step S145, the authentication server communication unit 352 of the MFP 300 receives the registration result command transmitted from the authentication server.

In step 146, the authentication unit 350 of the MFP 300 analyzes the registration result command received in step S145, and determines whether registration is successful. If registration has succeeded, the process proceeds to step S147, and if registration has failed, the process proceeds to step S149.
In step S147, the authentication unit 350 of the MFP 300 displays a temporary card registration success screen (FIG. 15).

  In the example of the temporary card registration success screen in FIG. 15, the registered card number is displayed together with a display indicating that the temporary card registration is successful. A confirmation “OK” button is also provided.

In step S148, the authentication unit 350 of the multi-function device 300 detects that the “OK” button displayed on the temporary card registration success screen is pressed. If the “OK” button is pressed, the process proceeds to step S151.
In step S149, the authentication unit 350 of the MFP 300 displays a temporary card registration failure screen (FIG. 16).

  In the example of the temporary card registration failure screen of FIG. 16, a card number that failed to register is displayed along with a display indicating that registration of the temporary card has failed. A confirmation “OK” button is also provided.

In step S150, the authentication unit 350 of the MFP 300 detects that the “OK” button displayed on the temporary card registration failure screen is pressed. If the “OK” button is pressed, the process proceeds to step S151.
In step S151, the authentication unit 350 of the multifunction device 300 logs in to the multifunction device using the user information acquired in step S118.

FIG. 8 is a flowchart illustrating an example of a method of performing IC card authentication and logging in to the multifunction peripheral 300 and a process of deleting a temporary card according to the embodiment of the present invention. In this IC card authentication, the card information obtained by reading the IC card by the card reader 500 is received without receiving the keyboard authentication.
In step S200, the authentication unit 350 of the MFP 300 displays an IC card authentication screen (FIG. 10).

  FIG. 10 is an example of an IC card authentication screen displayed on the operation unit 5018 capable of touch panel operation of the multifunction machine 300. In the example of FIG. 10, the message “Please touch the card to the card reader” is displayed. On the right side of the screen, there is a button for switching between “IC card authentication” and “keyboard authentication”. By pressing this button, you can switch between “IC card authentication” mode and “keyboard authentication” mode. It has become. In the description of FIG. 8, processing in IC card authentication will be described.

  In step S <b> 201, the card reader control unit 351 of the MFP 300 transmits a card reading start command to the card reader 500. That is, a polling start instruction command for reading the IC card is sent to the card reader.

  In step S202, the card reader 500 enters the IC card reading state by receiving the card reader reading start command transmitted from the multi-function device in step S201.

  In step S203, the card reader detects that the IC card is held over, and transmits a card event to the multi-function peripheral. This card event stores the card number held up. The card number may be a card manufacturing number stored in the IC card, or any number that can be arbitrarily stored in the IC card, a serial card name, etc., for identifying the user. May be.

In step S204, the card reader control unit 351 of the MFP 300 receives the card event transmitted from the card reader (second login information receiving unit).
In step S205, the authentication unit 350 of the MFP 300 acquires a card number from the card event acquired in step S204.

In step S206, the authentication unit 350 of the MFP 300 transmits an IC card authentication request command to the authentication server. The IC card authentication request command includes the card number acquired in step S205. The subsequent processing is processing in the IC card authentication server 200.
In step S207, the MFP communication unit 250 of the authentication server 200 receives the IC card authentication request command transmitted from the MFP.

  In step S208, the authentication unit 251 of the authentication server 200 searches (authenticates) the authentication table using the card number included in the IC card authentication request command acquired in step S207, so that the card number is the card of the authentication table. Determine whether it is included in the information column. Here, it is assumed that the temporary card information column is excluded from the search target. If the card number exists, the process proceeds to step S209, and if not, the process proceeds to step S211.

  In step S209, the temporary card management unit 252 of the authentication server 200 determines whether a temporary card is registered for the user searched in step S208. If a temporary card is registered, the process proceeds to step S210. If not registered, the process proceeds to step S212.

  In step S210, the temporary card management unit 252 of the authentication server 200 deletes the set of temporary card information registered for the user searched in step S208. Here, the temporary card information set indicates the temporary card information, the IP address of the registered multifunction peripheral, and the registration date and time shown in the user table. That is, when a user who has registered a temporary card is authenticated with an IC card that is normally used, it is determined that the user no longer needs the temporary card at this point, and the temporary card information is automatically deleted. .

  In step S211, the authentication unit 251 of the authentication server 200 searches (authenticates) the card number included in the IC card authentication request command acquired in step S207 in the temporary card information column of the authentication table, so that the card number is obtained. Determine if it is included in the temporary card number. In step S211, if the card number is present in the temporary card number, it is also determined whether the IP address of the multifunction peripheral 300 that is the authentication request source matches the IP address of the registered multifunction peripheral. If the card number exists in the temporary card information column and the IP address matches, the process proceeds to step S212. If the card number does not exist or the IP address does not match, the process proceeds to step S214.

  That is, in step S211, when the card information is stored in the user information table as a temporary card that is temporarily used, it is determined whether the IP address of the multifunction device 300 matches the IP address of the registered multifunction device (image). Forming device judgment means).

  In step S212, the authentication unit 251 of the authentication server 200 acquires the user information searched (authenticated) in step S209 or step S211. The acquired user information includes the user name, e-mail address, etc. of the authentication table.

  In step S213, the authentication unit 251 of the authentication server 200 generates an authentication OK result command. The authentication OK result command includes a flag indicating authentication OK and the user information acquired in step S212.

  In step S214, the authentication unit 251 of the authentication server 200 generates an authentication NG result command. The authentication NG result command includes a flag indicating authentication NG. As a result, not only when the card number does not exist in the temporary card information, but also when it is present, if the card number is registered from a different multifunction device, the authentication NG at the requesting multifunction device 300 is determined. As a result, the authentication result can be transmitted.

  That is, if it is determined in step S211 (image forming apparatus determination unit) that the IP addresses do not match, an authentication failure is transmitted as an authentication result (authentication result transmission unit).

In step S215, the multifunction device communication unit 250 of the authentication server 200 transmits the authentication result command generated in step S213 or step S214 to the multifunction device.
In step S216, the authentication server communication unit 352 of the MFP 300 receives the authentication result command transmitted from the authentication server.

In step S217, the authentication unit 350 of the MFP 300 analyzes the authentication result command received in step S218, and determines whether or not the authentication is successful. If the authentication has succeeded, the process proceeds to step S218, and if the authentication has failed, the process proceeds to step S219.
In step S218, the authentication unit 350 of the multifunction device 300 logs in to the multifunction device using the user information acquired in step S216.

In this login process, when the authentication is successful using the information accepted by the IC card authentication, the use of the multifunction device 300 (copy, FAX, scan, print, etc.) can be permitted (control device of the multifunction device). Processing). Since this control process is a known technique, a detailed description thereof is omitted.
In step S219, the authentication unit 350 of the MFP 300 displays an authentication error screen (not shown).
With the above processing, the registration / deletion processing of the temporary card is executed at an appropriate timing without requiring the administrator.

  In the above description, an example of the temporary card deletion process is described only at the timing when the normal card authentication is executed. However, in practice, the deletion process may be performed at an arbitrary time after registration of the temporary card.

  As described above, according to the present embodiment, a temporary card that can be temporarily used when a user forgets a card can be registered by a user operation without requiring an administrator, and a temporary card can be registered. By limiting the devices that can be used in the network, it is possible to provide a security system with high usability without reducing security.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  The program according to the present invention is a program that allows a computer to execute the processing methods of the flowcharts shown in FIGS. 5 to 8. The storage medium according to the present invention uses the processing method of FIGS. A computer executable program as the authentication server 200 is stored.

  As described above, a recording medium that records a program that implements the functions of the above-described embodiments is supplied to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus stores the program stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by executing the reading. In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

  As a recording medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, silicon A disk or the like can be used.

  Further, by executing the program read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) operating on the computer based on an instruction of the program is actually It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the processing and the processing is included.

  Furthermore, after the program read from the recording medium is written to the memory provided in the function expansion board inserted into the computer or the function expansion unit connected to the computer, the function expansion board is based on the instructions of the program code. It goes without saying that the case where the CPU or the like provided in the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

Furthermore, by downloading and reading a program for achieving the present invention from a server, database, etc. on a network by a communication program, the system or apparatus can enjoy the effects of the present invention.
In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

100 client PC
200 IC card authentication server 300 MFP (image forming apparatus)
400 LAN (local area network)
500 IC card reader

Claims (13)

An information processing system comprising an authentication information storage unit that stores authentication information including identification information and user information obtained from the read preparative object, and an image forming apparatus including a reading means for reading the object to be read,
The image forming apparatus includes:
User information accepting means for accepting input of user information by user operation;
First authentication requesting means for making an authentication request using the user information received by the user information receiving means;
An authentication result receiving means for receiving an authentication result of the user information;
When the authentication result received by the authentication result receiving means indicates that the reading object to be temporarily used by the user corresponding to the user information is not registered in the authentication information storage device, the user temporarily Notification means for notifying the user that registration of a reading object to be used for
After the notification by the notification means, when the reading object is read by the reading means, the identification information obtained by reading the reading object is registered as a reading object temporarily used by the user, In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are stored in the authentication information storage device . Registration information transmitting means for transmitting;
Second authentication requesting means for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means;
Control means for permitting the use of the image forming apparatus when authentication by the authentication request performed by the second authentication request means is successful;
The authentication information storage device
First authentication request receiving means for receiving an authentication request for the user information;
Authentication means for authenticating the user information according to the authentication information;
A determination unit that refers to the authentication information and determines whether or not identification information of an object to be read temporarily used by the user is registered for the user information;
An authentication result indicating that the identification information is unregistered when the determination means determines that the identification information of the reading object temporarily used by the user is not registered for the user information. First authentication result transmitting means for transmitting;
A registration information receiving means for receiving pre-Symbol the identification information transmitted from the image forming apparatus and the said image forming apparatus identification information,
Registration means for registering the identification information as the reading object to be temporarily used and the image forming apparatus identification information in association with the user information authenticated by the authentication means ;
According to the authentication request by the second authentication request means, the identification information is in the authentication information, and the image forming apparatus identification information of the image forming apparatus that has transmitted the authentication request is image forming apparatus identification information corresponding to the identification information. An information processing system comprising: a second authentication result transmitting unit configured to transmit a successful authentication result for the authentication request when the authentication request is satisfied. Before Symbol authentication information storage device,
When the authentication request by the second authentication request means is an authentication request for identification information registered in advance in the authentication information storage device , the reading object temporarily used by the user registered by the registration means The information processing system according to claim 1, further comprising deletion means for deleting the identification information. Said identification information registered in advance, the information processing system of claim 2, the user and wherein the Ru identity der obtained from normal Use object to be read. The authentication information storage device
When registering identification information registered by the registration unit from an image forming apparatus different from the image forming apparatus identification information registered by the registration unit, in order to enable use from the different image forming apparatus, The image forming apparatus identification information registered by the registration unit is further changed to image forming apparatus identification information received by the registration information receiving unit and different from the image forming apparatus identification information registered by the registration unit. The information processing system according to any one of claims 1 to 3.   5. The change means deletes the identification information and image forming apparatus identification information registered by the registration means, and newly registers the identification information and image forming apparatus identification information received by the receiving means. Information processing system described in 1. A reading means for reading an object to be read; a user information receiving means for receiving user information input by a user operation; and a first authentication requesting means for making an authentication request using the user information received by the user information receiving means; An authentication result receiving means for receiving the authentication result of the user information; and an authentication result received by the authentication result receiving means is read by the user temporarily corresponding to the user information in the authentication information storage device A notification means for notifying the user that the user is prompted to register a reading object to be temporarily used when the object is not registered; and after the notification by the notification means, the reading means reads the reading object. When an object is read, the identification information obtained by reading the object to be read is registered as the object to be read temporarily used by the user. In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are transmitted to the authentication information storage device. Registration information transmission means, second authentication request means for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means, and the second authentication request means including when authentication by the authentication request made in is successful, which can communicate with the image forming apparatus Ru and control means for permitting the use of the image forming apparatus, the identification information and the user information obtained from the read preparative object an authentication information storage unit for storing authentication information,
First authentication request receiving means for receiving an authentication request for the user information;
Authentication means for authenticating the user information according to the authentication information;
A determination unit that refers to the authentication information and determines whether or not identification information of an object to be read temporarily used by the user is registered for the user information;
An authentication result indicating that the identification information is unregistered when the determination means determines that the identification information of the reading object temporarily used by the user is not registered for the user information. First authentication result transmitting means for transmitting;
A registration information receiving means for receiving pre-Symbol the identification information transmitted from the image forming apparatus and the said image forming apparatus identification information,
Registration means for registering the identification information as the reading object to be temporarily used and the image forming apparatus identification information in association with the user information authenticated by the authentication means ;
According to the authentication request by the second authentication request means, the identification information is in the authentication information, and the image forming apparatus identification information of the image forming apparatus that has transmitted the authentication request is image forming apparatus identification information corresponding to the identification information. if it matches, the authentication information storage unit, characterized in that it comprises a second authentication result transmitting means for transmitting a successful result of the authentication to the authentication request. First authentication request receiving means for storing authentication information including identification information obtained from an object to be read and user information, receiving an authentication request for user information, and authenticating means for authenticating the user information according to the authentication information A determination unit that refers to the authentication information and determines whether or not identification information of a reading object temporarily used by the user is registered for the user information , and the determination unit determines the user information On the other hand, when it is determined that the identification information of the reading object temporarily used by the user is not registered, a first authentication result that transmits an authentication result indicating that the identification information is unregistered and transmitting means, a registration information receiving means for receiving the identification information and the image forming apparatus identification information as read object to the utilized temporarily transmitted from the image forming apparatus, reading target temporarily use Said registration means identifying information and said image forming apparatus identification information registered in association with the user information authenticated by the authentication means as, according to the authentication request identification information from the image forming apparatus, the identification information is the In the authentication information, when the image forming apparatus identification information of the image forming apparatus that transmitted the authentication request matches the image forming apparatus identification information corresponding to the identification information, a successful authentication result for the authentication request is transmitted. An image forming apparatus comprising reading means for reading an object to be read, which is communicable with an authentication information storage device comprising a second authentication result transmitting means,
User information accepting means for accepting input of user information by user operation;
First authentication requesting means for making an authentication request using the user information received by the user information receiving means;
An authentication result receiving means for receiving an authentication result of the user information;
When the authentication result received by the authentication result receiving means indicates that the reading object to be temporarily used by the user corresponding to the user information is not registered in the authentication information storage device, the user temporarily Notification means for notifying the user that registration of a reading object to be used for
After the notification by the notification means, when the reading object is read by the reading means, the identification information obtained by reading the reading object is registered as a reading object temporarily used by the user, In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are stored in the authentication information storage device . Registration information transmitting means for transmitting;
Second authentication requesting means for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means;
An image forming apparatus comprising: a control unit that permits use of the image forming apparatus when authentication by the authentication request performed by the second authentication request unit is successful. An authentication information storage unit that stores authentication information including identification information and user information obtained from the read preparative object, a processing method for an information processing system including an image forming apparatus including a reading means for reading the object to be read ,
The image forming apparatus includes:
A user information receiving step for receiving user information input by a user operation;
A first authentication requesting step for making an authentication request using the user information received in the user information receiving step;
An authentication result receiving step of receiving an authentication result of the user information;
When the authentication result received in the authentication result receiving step indicates that the reading object to be temporarily used by the user corresponding to the user information is not registered in the authentication information storage device, the user temporarily A notification step for notifying the user that registration of a reading object to be used for
After the notification by the notification step, when the reading object is read by the reading unit, the identification information obtained by reading the reading object is registered as a reading object temporarily used by the user, In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are stored in the authentication information storage device . A registration information sending step for sending;
A second authentication request step for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means;
A control step for permitting the use of the image forming apparatus when authentication by the authentication request performed in the second authentication request step is successful;
The authentication information storage device
A first authentication request receiving step of receiving an authentication request for the user information;
Authenticating the user information according to the authentication information;
A determination step of referring to the authentication information and determining whether or not identification information of a reading object temporarily used by the user is registered with respect to the user information;
An authentication result indicating that the identification information is unregistered when the determination step determines that the identification information of the reading object temporarily used by the user is not registered for the user information. A first authentication result transmission step of transmitting;
A registration information receiving step of receiving the transmitted the identification information and the image forming apparatus identification information from a previous SL image forming apparatus,
A registration step of registering the identification information as the reading object to be temporarily used and the image forming apparatus identification information in association with the user information authenticated in the authentication step ;
According to the authentication request in the second authentication request step, the identification information is in the authentication information, and the image forming apparatus identification information of the image forming apparatus that has transmitted the authentication request is the image forming apparatus identification information corresponding to the identification information. And a second authentication result transmission step of transmitting a successful authentication result for the authentication request when the authentication request is satisfied. A reading means for reading an object to be read; a user information receiving means for receiving user information input by a user operation; and a first authentication requesting means for making an authentication request using the user information received by the user information receiving means; An authentication result receiving means for receiving the authentication result of the user information; and an authentication result received by the authentication result receiving means is read by the user temporarily corresponding to the user information in the authentication information storage device A notification means for notifying the user that the user is prompted to register a reading object to be temporarily used when the object is not registered; and after the notification by the notification means, the reading means reads the reading object. When an object is read, the identification information obtained by reading the object to be read is registered as the object to be read temporarily used by the user. In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are transmitted to the authentication information storage device. Registration information transmission means, second authentication request means for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means, and the second authentication request means including when authentication by the authentication request made in is successful, which can communicate with the image forming apparatus Ru and control means for permitting the use of the image forming apparatus, the identification information and the user information obtained from the read preparative object a method of processing the authentication information storage unit for storing authentication information,
The authentication information storage device
A first authentication request receiving step of receiving an authentication request for the user information;
Authenticating the user information according to the authentication information;
A determination step of referring to the authentication information and determining whether or not identification information of a reading object temporarily used by the user is registered with respect to the user information;
An authentication result indicating that the identification information is unregistered when the determination step determines that the identification information of the reading object temporarily used by the user is not registered for the user information. A first authentication result transmission step of transmitting;
A registration information receiving step of receiving the transmitted the identification information and the image forming apparatus identification information from a previous SL image forming apparatus,
A registration step of registering the identification information as the reading object to be temporarily used and the image forming apparatus identification information in association with the user information authenticated in the authentication step ;
According to the authentication request in the second authentication request step, the identification information is in the authentication information, and the image forming apparatus identification information of the image forming apparatus that has transmitted the authentication request is the image forming apparatus identification information corresponding to the identification information. And a second authentication result transmission step of transmitting a successful authentication result for the authentication request when the authentication request is satisfied. First authentication request receiving means for storing authentication information including identification information obtained from an object to be read and user information, receiving an authentication request for user information, and authenticating means for authenticating the user information according to the authentication information A determination unit that refers to the authentication information and determines whether or not identification information of a reading object temporarily used by the user is registered for the user information , and the determination unit determines the user information On the other hand, when it is determined that the identification information of the reading object temporarily used by the user is not registered, a first authentication result that transmits an authentication result indicating that the identification information is unregistered and transmitting means, a registration information receiving means for receiving the identification information and the image forming apparatus identification information as read object to the utilized temporarily transmitted from the image forming apparatus, reading target temporarily use Said registration means identifying information and said image forming apparatus identification information registered in association with the user information authenticated by the authentication means as, according to the authentication request identification information from the image forming apparatus, the identification information is the In the authentication information, when the image forming apparatus identification information of the image forming apparatus that transmitted the authentication request matches the image forming apparatus identification information corresponding to the identification information, a successful authentication result for the authentication request is transmitted. A processing method of an image forming apparatus including a reading unit that reads a reading object and can communicate with an authentication information storage device including a second authentication result transmission unit,
The image forming apparatus includes:
A user information receiving step for receiving user information input by a user operation;
A first authentication requesting step for making an authentication request using the user information received in the user information receiving step;
An authentication result receiving step of receiving an authentication result of the user information;
When the authentication result received in the authentication result receiving step indicates that the reading object to be temporarily used by the user corresponding to the user information is not registered in the authentication information storage device, the user temporarily A notification step for notifying the user that registration of a reading object to be used for
After the notification by the notification step, when the reading object is read by the reading unit, the identification information obtained by reading the reading object is registered as a reading object temporarily used by the user, In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are stored in the authentication information storage device . A registration information sending step for sending;
A second authentication request step for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means;
And a control step of permitting the use of the image forming apparatus when authentication by the authentication request performed in the second authentication request step is successful. An authentication information storage unit that stores authentication information including identification information and user information obtained from the read preparative object, a program of an information processing system including an image forming apparatus including a reading means for reading the object to be read,
The image forming apparatus;
User information accepting means for accepting input of user information by user operation;
First authentication requesting means for making an authentication request using the user information received by the user information receiving means;
An authentication result receiving means for receiving an authentication result of the user information;
When the authentication result received by the authentication result receiving means indicates that the reading object to be temporarily used by the user corresponding to the user information is not registered in the authentication information storage device, the user temporarily Notification means for notifying the user that registration of a reading object to be used for
After the notification by the notification means, when the reading object is read by the reading means, the identification information obtained by reading the reading object is registered as a reading object temporarily used by the user, In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are stored in the authentication information storage device . Registration information transmitting means for transmitting;
Second authentication requesting means for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means;
When authentication by the authentication request performed by the second authentication request unit is successful, the second image forming apparatus functions as a control unit that permits use of the image forming apparatus,
The authentication information storage device ;
First authentication request receiving means for receiving an authentication request for the user information;
Authentication means for authenticating the user information according to the authentication information;
A determination unit that refers to the authentication information and determines whether or not identification information of an object to be read temporarily used by the user is registered for the user information;
An authentication result indicating that the identification information is unregistered when the determination means determines that the identification information of the reading object temporarily used by the user is not registered for the user information. First authentication result transmitting means for transmitting;
A registration information receiving means for receiving pre-Symbol the identification information transmitted from the image forming apparatus and the said image forming apparatus identification information,
Registration means for registering the identification information as the reading object to be temporarily used and the image forming apparatus identification information in association with the user information authenticated by the authentication means ;
According to the authentication request by the second authentication request means, the identification information is in the authentication information, and the image forming apparatus identification information of the image forming apparatus that has transmitted the authentication request is image forming apparatus identification information corresponding to the identification information. A program that functions as a second authentication result transmitting means for transmitting a successful authentication result for the authentication request when the two match. A reading means for reading an object to be read; a user information receiving means for receiving user information input by a user operation; and a first authentication requesting means for making an authentication request using the user information received by the user information receiving means; An authentication result receiving means for receiving the authentication result of the user information; and an authentication result received by the authentication result receiving means is read by the user temporarily corresponding to the user information in the authentication information storage device A notification means for notifying the user that the user is prompted to register a reading object to be temporarily used when the object is not registered; and after the notification by the notification means, the reading means reads the reading object. When an object is read, the identification information obtained by reading the object to be read is registered as the object to be read temporarily used by the user. In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are transmitted to the authentication information storage device. Registration information transmission means, second authentication request means for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means, and the second authentication request means including when authentication by the authentication request made in is successful, which can communicate with the image forming apparatus Ru and control means for permitting the use of the image forming apparatus, the identification information and the user information obtained from the read preparative object a program of the authentication information storage unit for storing authentication information,
The authentication information storage device ;
First authentication request receiving means for receiving an authentication request for the user information;
Authentication means for authenticating the user information according to the authentication information;
A determination unit that refers to the authentication information and determines whether or not identification information of an object to be read temporarily used by the user is registered for the user information;
An authentication result indicating that the identification information is unregistered when the determination means determines that the identification information of the reading object temporarily used by the user is not registered for the user information. First authentication result transmitting means for transmitting;
A registration information receiving means for receiving pre-Symbol the identification information transmitted from the image forming apparatus and the said image forming apparatus identification information,
Registration means for registering the identification information as the reading object to be temporarily used and the image forming apparatus identification information in association with the user information authenticated by the authentication means ;
According to the authentication request by the second authentication request means, the identification information is in the authentication information, and the image forming apparatus identification information of the image forming apparatus that has transmitted the authentication request is image forming apparatus identification information corresponding to the identification information. A program that functions as a second authentication result transmitting means for transmitting a successful authentication result for the authentication request when the two match. First authentication request receiving means for storing authentication information including identification information obtained from an object to be read and user information, receiving an authentication request for user information, and authenticating means for authenticating the user information according to the authentication information A determination unit that refers to the authentication information and determines whether or not identification information of a reading object temporarily used by the user is registered for the user information , and the determination unit determines the user information On the other hand, when it is determined that the identification information of the reading object temporarily used by the user is not registered, a first authentication result that transmits an authentication result indicating that the identification information is unregistered and transmitting means, a registration information receiving means for receiving the identification information and the image forming apparatus identification information as read object to the utilized temporarily transmitted from the image forming apparatus, reading target temporarily use Said registration means identifying information and said image forming apparatus identification information registered in association with the user information authenticated by the authentication means as, according to the authentication request identification information from the image forming apparatus, the identification information is the In the authentication information, when the image forming apparatus identification information of the image forming apparatus that transmitted the authentication request matches the image forming apparatus identification information corresponding to the identification information, a successful authentication result for the authentication request is transmitted. A program for an image forming apparatus including a reading unit that reads an object to be read and can communicate with an authentication information storage device including a second authentication result transmission unit,
The image forming apparatus;
User information accepting means for accepting input of user information by user operation;
First authentication requesting means for making an authentication request using the user information received by the user information receiving means;
An authentication result receiving means for receiving an authentication result of the user information;
When the authentication result received by the authentication result receiving means indicates that the reading object to be temporarily used by the user corresponding to the user information is not registered in the authentication information storage device, the user temporarily Notification means for notifying the user that registration of a reading object to be used for
After the notification by the notification means, when the reading object is read by the reading means, the identification information obtained by reading the reading object is registered as a reading object temporarily used by the user, In order to register an image forming apparatus that can be used with the identification information, identification information obtained by reading the reading object and image forming apparatus identification information for identifying the image forming apparatus are stored in the authentication information storage device . Registration information transmitting means for transmitting;
Second authentication requesting means for making an authentication request using identification information obtained by reading a reading object temporarily used by the user by the reading means;
A program that functions as a control unit that permits the use of the image forming apparatus when authentication by an authentication request performed by the second authentication request unit is successful.

Images