JP6394345B2 - Information processing apparatus, processing method thereof, and program - Google Patents

Description

  The present invention relates to an information processing apparatus that reads a reading medium used for authentication, a processing method thereof, and a program.

In a multi-function machine authentication system, an IC card authentication mechanism is often used because of its convenience.
This IC card authentication system generally needs to manage a table that associates card information with user information including a user name.

  Conventionally, an operation in which an administrator centrally manages this authentication table has been used, but recently, a mechanism in which a user who uses a multifunction peripheral registers card information, that is, a management-less mechanism has been considered. (Patent Document 1)

  In this case, if the user freely registers the card, the security may be lowered. Therefore, in such a management-less environment, for example, there are many restrictions on reading a private area of a card. That is, a card that can be registered and authenticated by the system is a specific IC card issued by the company. If you register without reading the private area, the user will be able to register any card, or the serial number may not be encrypted and may be camouflaged, reducing security. Can be considered.

JP 2013-222351 A

  In general, in an IC card authentication system, if an IC card is forgotten, it is mentioned as an operational problem that it is not possible to log in to a multifunction machine with authentication using an IC card. In this case, the user often borrows a temporary card that is temporarily used and logs in to the multifunction peripheral. However, in the above-described management-less mechanism, the user does not want to manage the temporary card itself. Is strong. In particular, in the case of a system that reads a private area and logs in as described above, it is necessary to register data in the private area even in a temporary card, and it is not possible to avoid the trouble of management.

  From the market, there has been a demand for a mechanism that allows each user to use a multi-function device without inconvenience even when using a management-less IC card authentication system without requiring the trouble of managing a temporary card and forgetting the card.

An object of the present invention is to provide a mechanism to facilitate management by the type of read preparative medium.

An information processing apparatus including a reading unit for reading a reading medium for achieving the object of the present invention, wherein the first identification information and the second identification information stored in the reading medium are obtained by reading by the reading unit. An acquiring unit that can be acquired, and a determining unit that determines whether the reading medium read by the reading unit is a first type reading medium or a second type reading medium according to an acquisition result of the acquiring unit; , for the first type to become reading medium by said determining means, registers and said second identification information and user information, for reading medium as a second type, said first identification information and user information And a registration means for registering.
Further, the information processing apparatus includes a reading unit capable of reading the first identification information and the second identification information from the reading medium, and acquires the second identification information by reading by the reading unit. And determining to determine the reading medium as a type of reading medium different from the reading medium from which the second identification information has been acquired when the second identification information cannot be acquired by the acquiring means. And a registration unit for registering the first identification information of the reading medium as the type of reading medium determined by the determining unit.

According to the present invention, it is possible to facilitate management by the type of read preparative medium.

System configuration diagram showing an example of the configuration of an authentication information management system Hardware configuration diagram of client PC 100 Hardware configuration diagram of MFP 300 Functional block diagram of each device in this system The figure which shows the flowchart of a user information registration process The figure which shows the flowchart of IC card registration process 1. The figure which shows the flowchart of IC card registration process 2. The figure which shows the flowchart of IC card registration processing 3. The figure which shows the flowchart of an IC card authentication process The figure which shows the flowchart of the deletion process of an authentication table FIG. 4 is a diagram illustrating an example of a setting file stored in the multifunction machine 300 FIG. 10 is a diagram showing an example of a password management table stored in the multifunction machine 300 FIG. 10 is a diagram illustrating an example of a normal card authentication table stored in the multifunction machine 300 FIG. 10 is a diagram illustrating an example of a temporary card authentication table stored in the multifunction machine 300 The figure which shows an example of the temporary card serial number management table memorize | stored in the multi-function device 300 The figure which shows an example of the card information registration tool screen of client PC100 FIG. 4 is a diagram illustrating an example of an IC card authentication screen of the multifunction machine 300 FIG. 4 is a diagram illustrating an example of an IC card registration screen of the multifunction machine 300 FIG. 4 is a diagram illustrating an example of an IC card registration dialog of the multifunction machine 300 FIG. 10 is a diagram illustrating an example of an IC card detection success dialog of the multifunction machine 300 FIG. 6 is a diagram illustrating an example of an IC card registration success dialog of the multifunction machine 300

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 shows an example of the configuration of an authentication information management system using a multifunction machine 300 as an information processing apparatus of the present invention, a card reader 500 (also referred to as an IC card reader / writer) provided in the multifunction machine 300, and a client PC 100. FIG. Note that the multifunction device 300 can be rephrased as an image forming apparatus.
In the present embodiment, a table for managing authentication information is stored in the MFP 300, but a table may be stored in an authentication server (not shown).

  As shown in FIG. 1, the system according to the present embodiment has a configuration in which a multifunction machine 300 and a client PC 100 are connected via a local area network (LAN) 400. Note that communication via the Internet is not limited to the local network.

The client PC 100 is installed with a management tool (card information registration tool) that can communicate with the multifunction peripheral 300 as an information processing apparatus. Identification information) is received by the management tool via the operating system. This user name is displayed on the screen of the management tool, and input of information for registration from the user is accepted. For example, an e-mail address, a card registration password, and information on a multifunction peripheral as a registration destination.
The management tool can be rephrased as an application that operates on the client PC 100 and inputs user information and a password.
The client PC 100 acquires the input user ID, card registration password, and the like (acquisition of user information), and transmits it to the designated multifunction device 300.
When the MFP 300 receives the user information, the MFP 300 stores the user information and the registration date and time in a temporarily stored password management table (FIG. 12).

  Then, the MFP 300 receives the user name and password (card registration password) on the IC card registration screen, and determines whether there is a record that matches the password management table. When there is a matching record, the IC card is read, and whether the internal information of the IC card has been read or not is determined whether it is a normal card or a temporary card, and the card ID of the IC card and the user information of the record are Corresponding information is stored in a table corresponding to the type (usually, extraordinary). Cards may be managed by setting type flags in the same table.

  Hereinafter, the hardware configuration of the client PC 100 as the external apparatus shown in FIG. 1 will be described with reference to FIG.

  In FIG. 2, reference numeral 2001 denotes a CPU that comprehensively controls each device and controller connected to the system bus 2004. Further, the ROM 2003 or the external memory 2011 is necessary to realize a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as an OS) which is a control program of the CPU 2001, and a function executed by each server or each PC. Various programs are stored.

  Reference numeral 2002 denotes a RAM that functions as a main memory, work area, and the like of the CPU 2001. The CPU 2001 implements various operations by loading a program or the like necessary for execution of processing from the ROM 2003 or the external memory 2011 to the RAM 2002 and executing the loaded program.

  An input controller 2005 controls input from a keyboard (KB) 2009 or a pointing device such as a mouse (not shown). A video controller 2006 controls display on a display device such as a CRT display (CRT) 2010. In FIG. 2, although described as CRT2010, the display may be not only a CRT but also other display such as a liquid crystal display. These are used by clients as needed.

  A memory controller 2007 is connected to the hard disk (HD), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, etc. via an adapter. The access to the external memory 2011 such as a compact flash (registered trademark) memory is controlled.

  A communication I / F controller 2008 is connected to and communicates with an external device via a network (for example, the LAN 400 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP is possible.

  Note that the CPU 2001 enables display on the CRT 2010 by executing outline font rasterization processing on a display information area in the RAM 2002, for example. Further, the CPU 2001 enables a user instruction with a mouse cursor (not shown) on the CRT 2010.

  Various programs that operate on hardware (for example, a program as a card information registration tool) are recorded in the external memory 2011 and are executed by the CPU 2001 by being loaded into the RAM 2002 as necessary.

Next, the hardware configuration of the multifunction machine 300 as the information processing apparatus of the present invention will be described with reference to FIG.
FIG. 3 is a block diagram illustrating a hardware configuration example of the multifunction machine 300 as the information processing apparatus.

  In FIG. 3, a controller unit 5000 is connected to a scanner 5015 functioning as an image input device and a printer 5014 functioning as an image output device, and a local area network such as the LAN 400 shown in FIG. By connecting to a public line (WAN) such as ISDN, image data and device information are input and output.

As shown in FIG. 3, the controller unit 5000 includes a CPU 5001, a RAM 5006, a ROM 5002, an external storage device (hard disk drive (HDD)) 5007, a network interface (Network I / F) 5003, a modem (Modem) 5004, an operation unit interface ( Operation unit I / F) 5005, external interface (external I / F) 5009, image bus interface (IMAGE BUS I / F) 5008, raster image processor (RIP) 5010, printer interface (printer I / F) 5011, scanner interface (Scanner I / F) 5012, an image processing unit 5013, and the like.
A CPU 5001 is a processor that controls the entire system.

A RAM 5006 is a system work memory for the CPU 5001 to operate, and is a program memory for recording a program and an image memory for temporarily storing image data.
The ROM 5002 stores a system boot program and various control programs.

  An external storage device (hard disk drive HDD) 5007 stores various programs for controlling the system, image data, and the like. Various tables are also stored. An example of the table is shown in FIGS. In addition, a setting file (FIG. 11) read by the program is also stored. An example of the setting file is shown in FIG.

  An operation unit interface (operation unit I / F) 5005 is an interface unit with the operation unit (UI) 5018, and outputs image data to be displayed on the operation unit 5018 to the operation unit 5018.

The operation unit I / F 5005 serves to transmit information (for example, user information) input by the system user from the operation unit 5018 to the CPU 5001. Note that the operation unit 5018 includes a display unit having a touch panel, and various instructions can be given by a user pressing (touching with a finger or the like) a button displayed on the display unit.
A network interface (Network I / F) 5003 is connected to a network (LAN) and inputs / outputs data.
A modem (MODEM) 5004 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  An external interface (external I / F) 5009 is an interface unit that accepts external inputs such as USB, IEEE 1394, printer port, and RS-232C. In the present embodiment, a card reader for reading an IC card required for authentication is used. 500 is connected. The card reader 500 is an example of a reading unit that reads a reading medium such as an IC card.

  Then, the CPU 5001 can control reading of information from the IC card by the card reader 500 via the external I / F 5009, and can acquire information read from the IC card. Note that the storage medium is not limited to an IC card, and any storage medium that can identify a user may be used. In this case, the production number of the card and identification information (internal information) for identifying the user are stored in the storage medium. This identification information is, for example, a user code given by the user within the company.

On the other hand, an image bus interface (IMAGE BUS I / F) 5008 is a bus bridge that connects a system bus 5016 and an image bus 5017 that transfers image data at high speed and converts a data structure.
The image bus 5017 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 5017.
A raster image processor (RIP) 5010 develops, for example, vector data such as a PDL code into a bitmap image.

  A printer interface (printer I / F) 5011 connects the printer 5014 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

  A scanner interface (scanner I / F) 5012 connects the scanner 5015 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

  An image processing unit 5013 corrects, processes, and edits input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 5013 performs rotation of image data and compression / decompression processing such as JPEG for binary image data and JBIG, MMR, MH for binary image data.

  A scanner 5015 connected to the scanner I / F 5012 illuminates an image on paper as a document and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 5018, the CPU 5001 gives an instruction to the scanner, and the feeder feeds the original paper one by one to read the original image. I do.

  A printer 5014 connected to the printer I / F 5011 is a part that converts raster image data into an image on paper. The method is an electrophotographic method using a photosensitive drum or a photosensitive belt, and ink is supplied from a micro nozzle array. There is an ink jet method for ejecting and printing an image directly on a sheet, but any method may be used. The printing operation is started in response to an instruction from the CPU 5001. The printer 5014 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  An operation unit 5018 connected to the operation unit I / F 5005 includes a liquid crystal display (LCD) display unit. A touch panel sheet is affixed on the LCD and displays a system operation screen. When a displayed key is pressed, the position information is transmitted to the CPU 5001 via the operation unit I / F 5005. The operation unit 5018 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

  Here, the start key of the operation unit 5018 is used when starting a document image reading operation. There are green and red LEDs in the center of the start key, and indicates whether or not the start key can be used depending on the color. The stop key of the operation unit 5018 serves to stop the operation being performed. The ID key of the operation unit 5018 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit 5018.

  A card reader 500 connected to the external I / F 5009 reads information stored in an IC card (for example, Sony FeliCa (registered trademark)) under the control of the CPU 5001, and reads the read information to the external I / F 5009. The CPU 5001 is notified via F5009.

Next, each functional block of each device in this system will be described with reference to the functional block diagram of FIG. Each function is executed by the CPU, and detailed processing executed by each function will be described with reference to the flowcharts of FIGS.
First, functional units of the client PC 100 will be described.

  The print data generation unit 150 on the client PC 100 can generate print data (job) based on the data received from the application program, and can transmit the print data to the MFP 300 or the like.

  The user information acquisition unit 151 on the client PC 100 has a function of acquiring information (user name, display name, etc.) of a user who has logged in to the client PC.

A multifunction device search unit 152 on the client PC 100 searches for a multifunction device on the network, and identifies a multifunction device that transmits user information and a password input by the user.
The UI control unit 153 on the client PC 100 displays user information acquired by the user information acquisition unit and controls a screen for inputting a card registration password.
The MFP communication unit 154 on the client PC 100 has a function of transmitting user information and a card registration password to the MFP 300.
Next, functional units of the multifunction machine 300 will be described.

The IC card reader control unit 250 on the multifunction device 300 acquires card information (manufacture number, information stored in a private area, etc.) held over the card reader 500.
It is assumed that the authentication unit 251 on the multifunction device 300 permits the use of the multifunction device by using the user information when the overall authentication system is successfully controlled and authenticated.

The card type management unit 252 on the multifunction device 300 determines the type of the card (whether a normal card or a temporary card) through the reading result of the held card. Also, the temporary card serial number management table is managed in the multi-function peripheral.
The authentication table management unit 253 on the multifunction peripheral manages a password management table, a normal card authentication table, and a temporary card authentication table managed in the multifunction peripheral.
The client PC communication unit 254 on the multifunction device 300 transmits and receives a user information registration request transmitted from the client PC 100.

Hereinafter, the processing in the system of the present embodiment will be described in more detail with reference to the flowcharts of FIGS.
In addition, about each step, CPU of each apparatus performs a process.

  In this embodiment, the user transmits user information and password information from the PC used by the user to the multifunction machine to be used. The user information acquisition unit automatically acquires login user information to prevent impersonation, and the multifunction device to be registered is one in which the multifunction device search unit searches for a multifunction device on the network in advance. Will be described.

  The user information may be registered in advance in the authentication table. For example, a configuration in which an authentication table managed by a server is imported into the multifunction device 300 can be considered.

  First, the user information registration process in the embodiment of the present invention will be described with reference to FIG. FIG. 5 is a flowchart of the user information registration process.

In step S100, the user information acquisition unit 151 of the client PC 100 acquires user information (user name and display name) of the user who has logged in to the client PC.

  In step S101, the UI control unit 153 of the client PC 100 displays a card information registration tool screen shown in FIG. The user information acquired in step S100 is displayed on the card information registration tool screen shown in FIG. It also has additional information such as an e-mail address and input items for a card registration password. In this embodiment, the e-mail address and card registration password are items that the user inputs arbitrarily.

  In step S102, the UI control unit 153 of the client PC 100 determines whether the “Register” button on the card information registration tool screen has been pressed. If pressed, the process proceeds to step S103.

  In step S103, the MFP communication unit 154 of the client PC 100 transmits a user information registration request to the MFP 300 using the data displayed / input on the card information registration tool screen. It is assumed that the MFP search unit 152 searches for a MFP on the network in advance for the destination MFP.

In step S104, the client PC communication unit 254 of the MFP 300 receives the user information registration request transmitted in step S103. Step S104 is a step illustrating an example of a user information acquisition process for acquiring user information from an external device (for example, a client PC).
In step S105, the authentication table management unit 253 of the multifunction device 300 acquires a password management table managed in the multifunction device.

  In step S106, the authentication table management unit 253 of the MFP 300 determines whether the user name included in the user information registration request received in step S104 exists in the password management table acquired in step S105. When it exists, it progresses to step S107, and when it does not exist, it progresses to step S108.

  In step S107, the authentication table management unit 253 of the MFP 300 deletes the user information searched in S106 from the password management table (FIG. 12) acquired in step S105.

  In step S108, the authentication table management unit 253 of the MFP 300 registers the user information acquired in step S104 and the card registration password in the password management table (FIG. 12) acquired in step S105.

FIG. 12 is a diagram showing an example of the password management table. The user name, display name, e-mail address, and password, which are information input by the client PC 100, and the registered registration date and time (managed in the multifunction device). Manage date and time information).
In step S109, the client PC communication unit 254 of the MFP 300 transmits the user information registration result to the client PC.
In step S110, the MFP communication unit 154 of the client PC 100 receives the user information registration result transmitted from the MFP.

  In step S111, the UI control unit 153 of the client PC 100 displays the user information registration result received in step S110 on the card information registration tool screen (result) shown in FIG. 16, and the process ends.

  Next, the IC card registration process in the embodiment of the present invention will be described with reference to FIGS. FIG. 6 is a flowchart of the IC card registration process 1.

  In step S200, the authentication unit 251 of the MFP 300 displays the IC card authentication screen shown in FIG. 17 on the touch panel of the MFP. This authentication screen is a screen that is displayed by default on the multifunction peripheral 300.

  In step S201, the authentication unit 251 of the MFP 300 determines whether the “IC card information registration” button on the IC card authentication screen shown in FIG. 17 has been pressed. If pressed, the process proceeds to step S202.

  In step S202, the authentication unit 251 of the MFP 300 displays the IC card registration screen shown in FIG. 18 on the touch panel of the MFP. In FIG. 18, a user name and a password are input by the user, and a user confirmation destination (for example, an authentication table as the password management table in FIG. 12) is set.

In step S203, the authentication unit 251 of the MFP 300 determines whether the “user confirmation” button on the IC card authentication screen illustrated in FIG. 17 has been pressed. If pressed, the process proceeds to step S204.
In step S204, the authentication table management unit 253 of the multifunction device 300 acquires the password management table shown in FIG.

In step S205, the authentication table management unit 253 of the MFP 300 determines whether the user name and password input on the IC card information registration screen exist in the password management table acquired in step S204. When it exists, it progresses to step S207, and when it does not exist, it progresses to step S206.
In step S206, the authentication unit 251 of the MFP 300 displays an IC card registration error screen (not shown) and ends the process.

  In step S207, the authentication table management unit 253 of the MFP 300 acquires the user information (user name, display name, mail address) of the user searched in step S205.

  In step S208, the authentication unit 251 of the MFP 300 displays the IC card registration dialog shown in FIG. While the dialog is being displayed, the card reader connected to the multifunction peripheral is set to the card reading state. In FIG. 19, the acquired user information (user name, display name, mail address) is displayed.

  In step S209, the IC card reader control unit 250 of the multifunction device 300 determines whether or not the IC card is held over the card reader connected to the multifunction device. If it is detected that the IC card is held up, the process proceeds to step S211. If it is not detected, the process proceeds to step S210.

  In step S210, the authentication unit 251 of the MFP 300 determines whether the “cancel” button displayed on the IC card registration dialog shown in FIG. 19 has been pressed. If pressed, the process is interrupted, and the process returns to step S202.

  In step S <b> 211, the IC card reader control unit 250 of the multifunction device 300 acquires the manufacturing number information of the IC card held over the IC card reader. In the card reader, first, the manufacturing number (for example, IDm) is read together with the detection of the card. Step S211 is a step illustrating an example of a first acquisition process for acquiring the first identification information stored in the reading medium.

  Next, the IC card registration process following FIG. 6 will be described with reference to FIG. FIG. 7 is a flowchart of the IC card registration process 2.

  In step S212, the card type management unit 252 of the multifunction device 300 acquires the temporary card serial number management table shown in FIG. 15 managed in the multifunction device. The temporary card authentication table is a list of cards in which internal information is not stored, which is used in the subsequent processing in steps S214 to S223. Since reading the internal information of the card often takes some time, the convenience is improved by checking this list first.

  In step S213, the card type management unit 252 of the MFP 300 determines whether or not the manufacturing number information acquired in step S211 is registered in the temporary card manufacturing number management table acquired in step S212. If registered, the process proceeds to step S220. If not registered, the process proceeds to step S214. Step S213 is a step showing an example of a determination process for determining whether or not the first identification information is managed.

  In step S214, the IC card reader control unit 250 of the multifunction device 300 acquires the internal information of the held IC card via the IC card reader / writer connected to the multifunction device. The serial number can be acquired by the first polling by the card reader, and the internal information can be acquired by the second polling by the card reader. In the second polling, an error may occur during reading of internal information because a predetermined area of the internal reading area (an encrypted area provided inside the card) is read. Step S214 is a step showing an example of a second acquisition process for acquiring the second identification information stored in the reading medium.

  In step S215, the IC card reader control unit 250 of the MFP 300 determines whether or not the internal information of the IC card implemented in step S214 has been successfully acquired. If the acquisition is successful, the process proceeds to step S216. If the acquisition fails, the process proceeds to step S218.

In step S216, the card type management unit 252 of the MFP 300 determines that the held card is a normal card (holds the card type as a normal card in the RAM). Step S216 is a step illustrating an example of determination processing for determining the reading medium as a reading medium that is normally used when the second identification information is acquired.
In step S217, the authentication unit 251 of the MFP 300 holds the internal information acquired in step S214 as the card information of the user.

  In step S218, the IC card reader control unit 250 of the multi-function device 300 determines the cause of failure in acquiring card internal information in step S215. If there is no designated area or the access error is such that mutual authentication has failed, the process proceeds to step S219. Otherwise, the process proceeds to step S223. In the case of proceeding to step S219, it can be paraphrased as a case where internal information cannot be read. In the case where the process proceeds to step S223, it can be paraphrased as an error in reading the internal information.

  In step S219, it can be determined that the internal reading could not be performed, that is, the temporary card was held over, so that the card type management unit 252 of the multifunction peripheral 300 acquires the temporary card serial number management table acquired in step S212 in step S211. Registered card serial number. Step S219 is a step showing an example of a management process for managing the first identification information acquired in step S211 when the second identification information cannot be acquired.

In step S220, the card type management unit 252 of the multifunction machine 300 determines that the held card is a temporary card (holds the card type as a temporary card in the RAM). In step S220, when the first identification information (for example, the serial number) is acquired and the second identification information (for example, internal information) cannot be acquired, the reading medium is temporarily provided. It is a step which shows an example of the determination process to determine.
In step S221, the authentication unit 251 of the MFP 300 holds the card manufacturing number acquired in step S211 as the card information of the user.

  In step S222, the authentication unit 251 of the MFP 300 displays the IC card detection success dialog shown in FIG. 20 according to the card card information currently held and the card type. The card type determined in step S216 or step S220 is displayed on the IC card detection success dialog.

  As for the card information in FIG. 20, in the case of a normal card, the internal reading information is displayed, and the normal card is displayed as the card type. In the case of a temporary card, the card information in FIG. 20 displays the serial number and the temporary card as the card type.

In step S223, the IC card reader control unit 250 of the MFP 300 determines whether or not the cause of the failure to acquire the card internal information in step S215 is that the card has been removed while reading the internal information. If there is an error due to the card being removed during reading, the process proceeds to step S224. In this case, since it is not possible to determine whether or not internal information can be read from the card, the card registration process is terminated. Of course, in actual operation, retry of card reading may be performed.
In step S224, the authentication unit 251 of the MFP 300 displays an IC card registration error screen (not shown) and ends the process.

  In step S225, the authentication unit 251 of the MFP 300 determines whether the OK button on the IC card detection success dialog has been pressed. If it has been pressed, the process proceeds to step S227, and if it has not been pressed, the process proceeds to step S226.

  In step S226, the authentication unit 251 of the MFP 300 determines whether the cancel button on the IC card detection success dialog has been pressed. If pressed, the process returns to step S202.

  Next, the IC card registration process following FIG. 7 will be described with reference to FIG. FIG. 8 is a flowchart of the IC card registration process 3.

  In step S227, the card type management unit 252 of the multifunction device 300 determines the type of the card that is held over (the card type stored in the RAM). If the type of the held card is a normal card, the process proceeds to step S228. If the card is a temporary card, the process proceeds to step S229.

  In step S228, in order to register as a normal card, the authentication table management unit 253 of the MFP 300 acquires the normal card authentication table shown in FIG. 13 managed in the MFP.

  FIG. 13 is a diagram showing an example of a normal card authentication table. The card information for registering the internal reading information of the IC card held over, the user name, display name, e-mail address registered in FIG. 12, the registration date and time registered in the normal card authentication table, and the date and time when the IC card authentication was successful Manage a certain last login date.

  In step S229, in order to register as a temporary card, the authentication table management unit 253 of the multifunction device 300 acquires the temporary card authentication table shown in FIG. 14 managed in the multifunction device.

  In step S230, the authentication table management unit 253 of the MFP 300 determines whether the card information acquired in step S217 or step S221 has been registered in the authentication table acquired in step S228 or step S229. Here, since the determination is based on the presence or absence of the card information, the registered user may be another user. If registered, the process proceeds to step S231, and if not registered, the process proceeds to step S232.

  In step S231, the authentication table management unit 253 of the MFP 300 deletes the information searched in step S230. This is because the card information record that has been already registered is deleted because the card is newly registered.

  In step S232, the authentication table management unit 253 of the MFP 300 determines whether or not the information on the user name acquired in step S207 has been registered in the authentication table acquired in step S228 or step S229. Here, since the determination is based on the presence or absence of the user name, any registration card information may be used. If registered, the process proceeds to step S231, and if not registered, the process proceeds to step S233.

  In step S233, the authentication table management unit 253 of the MFP 300 deletes the information searched in step S232. This is because the user information is newly registered, and thus the record of the user information already registered in association with the user information is deleted.

  In step S234, the authentication table management unit 253 of the MFP 300 registers the card information and user information in the normal card authentication table acquired in step S228 or the temporary card authentication table acquired in step S229. The registered user information includes information such as a display name and an email address included in the password management table acquired in step S204.

  In addition, in the registration to the temporary card authentication table in step S234, the first identification information of the read medium that has been temporarily assigned and the read medium that has been determined is registered in the authentication information as the temporarily given read medium. It is a step which shows an example of a registration process. Further, the registration in the normal card authentication table in step S234 is an example of a registration process for registering the second identification information of the reading medium that is normally used and the reading medium determined as the reading medium that is normally used in the authentication information. It is a step which shows. Moreover, it is a step which shows an example of the process which matches and registers the user information acquired by the user information acquisition process of step S104, and 1st identification information or 2nd identification information.

Further, the process of becoming TRUE in step S213 and registering in step S234 is performed when the first identification information is determined to be managed without acquiring the second identification information in step S214. It is a step showing an example of processing for registering in association with the first identification information acquired in step S211.
In step S235, the authentication table management unit 253 of the MFP 300 deletes the user information from the password management table acquired in step S204.

  In step S236, the authentication unit 251 of the MFP 300 displays an IC card registration success dialog (FIG. 21), and the process ends. FIG. 21 shows an example when a temporary card is registered.

  In the case of a card registered as a temporary card, the expiration date 2101 is also described on the dialog. The expiration date is determined according to the expiration date of the setting file in FIG. For example, in the case of the 0th day, the date and time information managed by the MFP 300 is acquired and the acquired date is displayed as the current day only. In the case of one day, it is displayed as 24 hours.

  FIG. 11 is a diagram illustrating an example of a setting file stored in the HDD of the multifunction machine 300. In the setting file, a password management table validity period, a normal card authentication table validity period, and a temporary card authentication table validity period are set. The configuration file may have a configuration in which other setting information is described. For example, it may store area information when the IC card is read internally. It is assumed that the information of this setting file is read and each process is executed.

  In the present embodiment, the “keyboard authentication” button is provided on the IC card authentication screen of FIG. 17, but the keyboard authentication is normally used as an IC card for maintenance by an administrator or the like. Authentication shall be executed by authentication.

  In the present embodiment, one user can operate one normal card and one temporary card. However, a plurality of normal cards may be allowed to be registered. For example, a user who participates in a plurality of projects in a form in which a card is assigned for each project is registered as one user plural cards.

Next, the IC card authentication process will be described with reference to FIG. FIG. 9 is a flowchart of the IC card authentication process.
In step S300, the authentication unit 251 of the multifunction device 300 displays the IC card authentication screen shown in FIG. 17 on the touch panel of the multifunction device.
In step S301, the IC card reader control unit 250 of the multifunction machine 300 detects that the IC card is held over the IC card reader.
In step S <b> 302, the IC card reader control unit 250 of the multifunction machine 300 acquires the manufacturing number information of the IC card held over the IC card reader.
In step S303, the card type management unit 252 of the multifunction device 300 acquires the temporary card serial number management table shown in FIG. 15 managed in the multifunction device.

  FIG. 15 is a diagram illustrating an example of a temporary card serial number management table. This is a table to be referred to or registered when the internal reading of the IC card cannot be performed, and is a table used for improving the efficiency of the temporary card processing.

  In step S304, the card type management unit 252 of the MFP 300 determines whether or not the manufacturing number information acquired in step S302 is registered in the temporary card manufacturing number management table acquired in step S303. If it is registered, the process proceeds to step S311. If it is not registered, the process proceeds to step S305. Step S304 is a step showing an example of determination processing for determining whether or not the first identification information is managed during the IC card authentication processing.

  Note that the processing from step S303 to step S313 is substantially the same as the processing from step S212 to step S223, and is aimed at improving the authentication speed for a temporary card.

  In step S305, the IC card reader control unit 250 of the multifunction device 300 acquires the internal information of the held IC card via the IC card reader / writer connected to the multifunction device. The serial number can be acquired by the first polling by the card reader, and the internal information can be acquired by the second polling by the card reader. In the second polling, an error may occur during reading of internal information because a predetermined area of the internal reading area (an encrypted area provided inside the card) is read.

In step S306, the IC card reader control unit 250 of the MFP 300 determines whether or not the internal information of the IC card implemented in step S305 has been successfully acquired. If the acquisition has succeeded, the process proceeds to step S307, and if the acquisition has failed, the process proceeds to step S309.
In step S307, the authentication unit 251 of the MFP 300 holds the internal information acquired in step S305 as the card information of the user.

  In step S308, the authentication table management unit 253 of the MFP 300 acquires the normal card authentication table shown in FIG. 13 that is managed in the MFP as an authentication table for search.

  In step S309, the IC card reader control unit 250 of the multi-function device 300 determines the cause of failure in acquiring the card internal information in step S305. If the designated area does not exist or the mutual authentication has failed (that is, if a predetermined area that is an internal reading area of the IC card cannot be accessed with a predetermined access key), the process proceeds to step S310. . Otherwise, the process proceeds to step S313. In the case of proceeding to step S310, it can be paraphrased as a case where internal information cannot be read. In the case of proceeding to step S313, it can be paraphrased as a case of an error during reading of internal information.

  In step S310, since the card can be identified as a temporary card, the card type management unit 252 of the MFP 300 registers the card manufacturing number acquired in step S302 in the temporary card manufacturing number management table acquired in step S303. Step S310 is a step illustrating an example of a management process for managing the first identification information acquired in step S302 when the second identification information cannot be acquired.

As a result, an error occurs in step S319, which will be described later, and when the user registers the user information in FIG. 5 and registers the temporary card in FIGS. 6 to 7, the process can be transferred to TRUE in step S213. It is possible to improve the efficiency of the temporary card registration process.
In step S311, the authentication unit 251 of the MFP 300 holds the card manufacturing number acquired in step S302 as the card information of the user.

  In step S312, the authentication table management unit 253 of the MFP 300 acquires the temporary card authentication table shown in FIG. 14 that is managed in the MFP as an authentication table for search.

  FIG. 14 is a diagram showing an example of the temporary card authentication table. The card information for registering the serial number of the IC card held over, the user name, display name, e-mail address registered in FIG. 12, the registration date and time registered in the temporary card authentication table, and the date and time when the IC card authentication was successful. Manage the last login date.

In step S313, the IC card reader control unit 250 of the MFP 300 determines whether or not the cause of the failure to acquire the card internal information in step S305 is that the card has been removed while reading the internal information. In the case of an error due to the card being removed during reading, the process proceeds to step S314. In this case, since it is not possible to determine whether the card can read the internal information, the card authentication process is terminated. Of course, in actual operation, retry of card reading may be performed.
In step S314, the authentication unit 251 of the multifunction machine 300 displays an IC card authentication error screen (not shown) and ends the process.

In step S315, the authentication table management unit 253 of the MFP 300 registers the card internal information held in step S307 in the normal card authentication table acquired in step S308, or the temporary card authentication table acquired in step S312. Whether the card manufacturing number held in step S311 is registered is determined. If it is registered, the process proceeds to step S316. If it is not registered, the process proceeds to step S319.
In step S316, the authentication table management unit 253 of the MFP 300 acquires the user information searched in step S315.

  In step S317, the authentication unit 251 of the MFP 300 logs in to the MFP using the user information acquired in step S316. In the case of login, the functions that can be used in the multifunction device may be limited depending on the authority of the normal card or the temporary card.

In step S318, the authentication table management unit 253 of the MFP 300 updates the last login date and time (FIG. 13 or FIG. 14) of the user information searched in step S315, and ends the process.
In step S319, the authentication unit 251 of the MFP 300 displays an IC card authentication error screen (not shown).

  Next, an authentication table deletion process will be described with reference to FIG. FIG. 10 is a flowchart of authentication table deletion processing.

In this flowchart, for example, it is performed periodically such as when the date changes, and table deletion processing is performed according to the number of valid days of each table.
In step S400, the authentication table management unit 253 of the multifunction device 300 acquires the setting file illustrated in FIG. 11 managed in the multifunction device.
In step S401, the authentication table management unit 253 of the MFP 300 acquires the password management table shown in FIG. 12 that is managed in the MFP.

In step S402, the authentication table management unit 253 of the MFP 300 compares the registration date and time of the password management table acquired in step S401 with the information on the “password management table validity period” set in the setting file acquired in step S400. Then, the user information that has expired is deleted. Note that the validity period of 0 means that the deletion is performed at the timing when this process is run.
In step S403, the authentication table management unit 253 of the MFP 300 acquires the normal card authentication table shown in FIG. 13 that is managed in the MFP.

In step S404, the authentication table management unit 253 of the MFP 300 sets the last login date and time of the normal card authentication table acquired in step S403 and the “normal card authentication table validity period” set in the setting file acquired in step S400. Compare the information and delete the user information that has expired. Note that the validity period of 0 means that the deletion is performed at the timing when this process is run.
In step S405, the authentication table management unit 253 of the multifunction device 300 acquires the temporary card authentication table shown in FIG. 14 managed in the multifunction device.

  In step S406, the authentication table management unit 253 of the MFP 300 sets the last login date and time of the temporary card authentication table acquired in step S405 and the “temporary card authentication table validity period” set in the setting file acquired in step S400. Compare the information and delete the user information that has expired. Note that the validity period of 0 means that the deletion is performed at the timing when this process is run.

In the present embodiment, various authentication tables are stored in the MFP 300 from which the IC card has been read. However, the above-described registration and authentication functions in the authentication table are combined with the MFP 300 and the authentication in a separate casing. The server may have a configuration. That is, the authentication information is stored in a separate housing from the multifunction peripheral (information processing apparatus).
Above, the detailed description of this embodiment is complete | finished.

  According to the present embodiment, it is possible to easily manage the read medium used for authentication.

In particular, depending on whether or not the internal read information has been read, the type of the read medium can be determined to manage the read medium, and the user can perform management according to the type without specifying the type of the read medium. It becomes possible.
In addition, unnecessary registration and management due to a mistake in specifying the type when the user specifies the type of reading medium can be omitted, and management can be easily performed.

  Further, in order to manage the first identification information of the temporarily-applied read medium by determining that it is a read medium (temporary card) temporarily given when the internal read information could not be read, It is possible to improve the efficiency of registration processing and authentication processing of a reading medium temporarily provided.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  The program according to the present invention is a program that allows a computer to execute the processing methods of the flowcharts shown in FIGS. 5 to 10, and the storage medium according to the present invention is a program that allows the computer to execute the processing methods of FIGS. Is remembered. The program in the present invention may be a program for each processing method of each apparatus in FIGS.

  As described above, a recording medium that records a program that implements the functions of the above-described embodiments is supplied to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus stores the program stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by executing the reading.

  In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

  As a recording medium for supplying the program, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, silicon A disk, solid state drive, or the like can be used.

  Further, by executing the program read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) operating on the computer based on an instruction of the program is actually It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the processing and the processing is included.

  Furthermore, after the program read from the recording medium is written to the memory provided in the function expansion board inserted into the computer or the function expansion unit connected to the computer, the function expansion board is based on the instructions of the program code. It goes without saying that the case where the CPU or the like provided in the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

Furthermore, by downloading and reading a program for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention.
In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

100 client PC
300 MFP 400 Network 500 Card reader

Claims (10)

An information processing apparatus comprising reading means for reading a reading medium,
Obtaining means capable of obtaining the first identification information and the second identification information stored in the reading medium by reading by the reading means;
A determining unit that determines whether the reading medium read by the reading unit is a first type reading medium or a second type reading medium according to the acquisition result of the acquiring unit;
A first type to become reading medium by said determining means, registers and said second identification information and user information, for reading medium as a second type, said first identification information and user information An information processing apparatus comprising: registration means for registering   The determining means determines the reading medium as a first type of reading medium when the obtaining means can obtain the second identification information, and the obtaining means obtains the second identification information. 2. The information processing apparatus according to claim 1, wherein if the information cannot be acquired, the reading medium is determined as a second type of reading medium. Management means for managing the first identification information of the reading medium when the second identification information of the reading medium read by the reading medium to be authenticated is not registered by the registration means;
When the first identification information is managed by the management means, the registration means acquires the user information and the first identification information without acquiring the second identification information by the acquisition means. The information processing apparatus according to claim 1, wherein the information processing apparatus is registered in association with each other.   The information processing apparatus according to claim 1, wherein information registered by the registration unit is stored in a separate housing from the information processing apparatus.   The information processing apparatus according to claim 1, wherein the information processing apparatus is an image forming apparatus. An information processing apparatus comprising reading means capable of reading first identification information and second identification information from a reading medium,
Obtaining means for obtaining the second identification information by reading by the reading means;
A determination unit that determines, when the second identification information cannot be acquired by the acquisition unit, a type of reading medium different from the reading medium that has acquired the second identification information;
An information processing apparatus comprising: a registration unit that registers first identification information of the reading medium as the type of reading medium determined by the determining unit. A processing method of an information processing apparatus including reading means for reading a reading medium,
An acquisition step capable of acquiring the first identification information and the second identification information stored in the reading medium by reading by the reading unit;
A determination step of determining whether the reading medium read by the reading unit is a first type reading medium or a second type reading medium according to the acquisition result of the acquisition step;
A first type to become reading medium by said determining step, registers and said second identification information and user information, for reading medium as a second type, said first identification information and user information And a registration step of registering. A processing method of an information processing apparatus including a reading unit capable of reading first identification information and second identification information from a reading medium,
An acquisition step of acquiring the second identification information by reading by the reading means;
A determination step of determining, when the second identification information cannot be acquired by the acquisition step, the reading medium as a different type of reading medium from the reading medium from which the second identification information has been acquired;
And a registration step of registering first identification information of the reading medium as the type of reading medium determined in the determining step. A program for an information processing apparatus comprising reading means for reading a reading medium,
The information processing apparatus;
Obtaining means capable of obtaining the first identification information and the second identification information stored in the reading medium by reading by the reading means;
A determining unit that determines whether the reading medium read by the reading unit is a first type reading medium or a second type reading medium according to the acquisition result of the acquiring unit;
A first type to become reading medium by said determining means, registers and said second identification information and user information, for reading medium as a second type, said first identification information and user information A program for functioning as a registration means for registering. A program for an information processing apparatus comprising reading means capable of reading first identification information and second identification information from a reading medium,
The information processing apparatus;
Obtaining means for obtaining the second identification information by reading by the reading means;
A determination unit that determines, when the second identification information cannot be acquired by the acquisition unit, a type of reading medium different from the reading medium that has acquired the second identification information;
A program for functioning as a registering unit for registering the first identification information of the reading medium as the type of reading medium determined by the determining unit.

Images