JP6813930B2 - Information processing equipment and its processing methods and programs - Google Patents

Description

The present invention is an information processing apparatus for reading a reading medium used for authentication, a processing method and a program thereof.

In the authentication system of a multifunction device, an IC card authentication mechanism is often used because of its convenience.
This IC card authentication system generally needs to manage a table for associating card information with user information including a user name.

Conventionally, an operation in which an administrator centrally manages this authentication table has been used, but recently, a mechanism in which a user using a multifunction device registers card information individually, that is, a management-less mechanism is also considered. (Patent Document 1)

In this case, it may be less secure for the user to freely register the card. Therefore, in such a management-less environment, there are often restrictions such as reading the private area of the card. That is, the card that can be registered / authenticated by the system is a specific IC card issued by the company. Note that registering the private area without reading it will reduce security because the user can register any card, or the serial number etc. may be spoofed because it is not encrypted. Can be considered.

Japanese Unexamined Patent Publication No. 2013-222351

Generally, in an IC card authentication system, if the IC card is forgotten, it can be mentioned as an operational problem that the multifunction device cannot be logged in by the authentication by the IC card. In this case, the user often borrows a temporary card to be used temporarily and logs in to the multifunction device, but in the above-mentioned management-less mechanism, there is a request that the temporary card is not managed. Is strong. In particular, in the case of a system that reads a private area and logs in as described above, it is necessary to register data in the private area even with a temporary card, and it is unavoidable to manage the data.

The market has desired a mechanism that allows each user to use the multifunction device without inconvenience even when the card is forgotten without the trouble of managing the temporary card even when using the management-less IC card authentication system.

An object of the present invention is to provide a mechanism to facilitate management by the type of read preparative medium.

An information processing apparatus including a reading means for reading a reading medium for achieving the object of the present invention, and can acquire first identification information stored in the reading medium obtained by reading by the reading means. After acquiring the first identification information by the first acquisition means and the first acquisition means, the second identification information stored in the reading medium obtained by reading by the reading means can be acquired. and second acquisition means, when the second identification information has been acquired by the pre-Symbol second acquisition unit, the read medium was determined as a first type to become reading medium, by the second acquisition unit When the second identification information cannot be obtained, the second type is determined by the determination means for determining the reading medium as the second type of reading medium and the type determined by the determination means. It is characterized by including a registration means for registering the first identification information or the second identification information acquired by the acquisition means 1 or the second acquisition means as a type determined by the determination means. Information processing device.

According to the present invention, it is possible to facilitate management by the type of read preparative medium.

System configuration diagram showing an example of the configuration of the authentication information management system Hardware configuration diagram of client PC100 Hardware configuration diagram of multifunction device 300 Functional block diagram of each device in this system The figure which shows the flowchart of the user information registration process The figure which shows the flowchart of IC card registration process 1. The figure which shows the flowchart of the IC card registration process 2. The figure which shows the flowchart of the IC card registration process 3 The figure which shows the flowchart of the IC card authentication process The figure which shows the flowchart of the deletion process of an authentication table The figure which shows an example of the setting file stored in the multifunction device 300 The figure which shows an example of the password management table stored in the multifunction device 300 The figure which shows an example of the normal card authentication table stored in the multifunction device 300 The figure which shows an example of the temporary card authentication table stored in the multifunction device 300 The figure which shows an example of the temporary card serial number management table stored in the multifunction device 300 The figure which shows an example of the card information registration tool screen of a client PC100 The figure which shows an example of the IC card authentication screen of the multifunction device 300 The figure which shows an example of the IC card registration screen of the multifunction device 300 The figure which shows an example of the IC card registration dialog of the multifunction device 300 The figure which shows an example of the IC card detection success dialog of the multifunction device 300 The figure which shows an example of the IC card registration success dialog of the multifunction device 300

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 1 shows an example of a configuration of an authentication information management system using a multifunction device 300 as an information processing device of the present invention, a card reader 500 (also referred to as an IC card reader / writer) provided in the multifunction device 300, and a client PC 100. It is a system configuration diagram which shows. The multifunction device 300 can also be rephrased as an image forming apparatus.
In the present embodiment, the multifunction device 300 is configured to store the table for managing the authentication information, but the table may be stored in the authentication server (not shown).

As shown in FIG. 1, the system of the present embodiment has a configuration in which the multifunction device 300 and the client PC 100 are connected via a local area network (LAN) 400. The communication is not limited to the local network but may be via the Internet.

A management tool (card information registration tool) capable of communicating with the multifunction device 300 as an information processing device is installed in the client PC 100, and when the management tool is started, the user name (user) of the user logged in to the client PC 100. Identification information) is accepted by the management tool via the operating system. This user name is displayed on the screen of the management tool, and input of information for registration is accepted from the user. For example, it is an e-mail address, a password for card registration, and information on a multifunction device to be registered.
The management tool can also be rephrased as an application that operates on the client PC 100 and inputs user information and a password.
The client PC 100 acquires the input user ID, card registration password, and the like (acquires user information), and transmits the input to the designated multifunction device 300.
When the multifunction device 300 receives the user information, the multifunction device 300 stores the user information and the registration date and time in the password management table (FIG. 12) that is temporarily stored.

Then, the multifunction device 300 accepts the user name and password (card registration password) on the IC card registration screen, and determines whether or not there is a record matching the password management table. When there is a matching record, the IC card is read, and whether it is a normal card or a temporary card is determined based on whether or not the internal information of the IC card can be read, and the card ID of the IC card and the user information of the record are obtained. It is associated and stored in a table according to the type (usually temporary). Cards may be managed by setting the type flag in the same table.

Hereinafter, the hardware configuration of the client PC 100 as the external device shown in FIG. 1 will be described with reference to FIG.

In FIG. 2, 2001 is a CPU that comprehensively controls each device and controller connected to the system bus 2004. Further, the ROM 2003 or the external memory 2011 is necessary to realize the BIOS (Basic Input / Output System) and the operating system program (hereinafter, OS) which are the control programs of the CPU 2001, and the functions executed by each server or each PC. Various programs etc. are stored.

The 2002 is a RAM, which functions as a main memory, a work area, and the like of the CPU 2001. The CPU 2001 realizes various operations by loading a program or the like necessary for executing a process from the ROM 2003 or the external memory 2011 into the RAM 2002 and executing the loaded program.

Further, 2005 is an input controller, which controls input from a keyboard (KB) 2009, a pointing device such as a mouse (not shown), or the like. 2006 is a video controller that controls the display on a display such as a CRT display (CRT) 2010. Although it is described as CRT2010 in FIG. 2, the display may be not only the CRT but also another display such as a liquid crystal display. These are used by the client as needed.

2007 is a memory controller that connects to a hard disk (HD), flexible disk (FD), or PCMCIA card slot that stores boot programs, various applications, font data, user files, edit files, various data, etc. via an adapter. Controls access to external memory 2011, such as compact flash® memory.

Reference numeral 2008 denotes a communication I / F controller, which connects and communicates with an external device via a network (for example, LAN400 shown in FIG. 1), and executes communication control processing on the network. For example, communication using TCP / IP is possible.

Note that the CPU 2001 enables display on the CRT 2010 by, for example, executing an outline font expansion (rasterization) process in the display information area in the RAM 2002. Further, the CPU 2001 enables a user instruction with a mouse cursor or the like (not shown) on the CRT2010.

Various programs running on the hardware (for example, a program as a card information registration tool) are recorded in the external memory 2011, and are executed by the CPU 2001 by being loaded into the RAM 2002 as needed.

Next, the hardware configuration of the multifunction device 300 as the information processing device of the present invention will be described with reference to FIG.
FIG. 3 is a block diagram showing a hardware configuration example of the multifunction device 300 as an information processing device.

In FIG. 3, the controller unit 5000 is connected to a scanner 5015 functioning as an image input device and a printer 5014 functioning as an image output device, and is connected to a local area network such as LAN400 shown in FIG. 1, or a PSTN or, for example. By connecting to a public line (WAN) such as ISDN, image data and device information can be input and output.

As shown in FIG. 3, the controller unit 5000 includes a CPU 5001, a RAM 5006, a ROM 5002, an external storage device (hard disk drive (HDD)) 5007, a network interface (Network I / F) 5003, a modem (Mode) 5004, and an operation unit interface ( Operation unit I / F) 5005, external interface (external I / F) 5009, image bus interface (IMAGE BUS I / F) 5008, raster image processor (RIP) 5010, printer interface (printer I / F) 5011, scanner interface (Scanner I / F) 5012, image processing unit 5013, and the like.
The CPU 5001 is a processor that controls the entire system.

The RAM 5006 is a system work memory for operating the CPU 5001, a program memory for recording a program, and an image memory for temporarily storing image data.
The ROM 5002 stores a system boot program and various control programs.

The external storage device (hard disk drive HDD) 5007 stores various programs, image data, and the like for controlling the system. It also stores various tables. An example of the table is shown in FIGS. 12 to 15. In addition, a setting file (FIG. 11) read by a program is also stored. An example of the setting file is shown in FIG.

The operation unit interface (operation unit I / F) 5005 is an interface unit with the operation unit (UI) 5018, and outputs image data to be displayed on the operation unit 5018 to the operation unit 5018.

Further, the operation unit I / F 5005 plays a role of transmitting information (for example, user information) input by the system user from the operation unit 5018 to the CPU 5001. The operation unit 5018 is provided with a display unit having a touch panel, and various instructions can be given by the user pressing (touching with a finger or the like) a button displayed on the display unit.
The network interface (Network I / F) 5003 connects to a network (LAN) and inputs / outputs data.
The modem (MODEM) 5004 connects to a public line and inputs / outputs data such as sending and receiving faxes.

The external interface (external I / F) 5009 is an interface unit that accepts external inputs such as USB, IEEE1394, a printer port, and RS-232C. In this embodiment, a card reader for reading an IC card required for authentication is used. 500 is connected. The card reader 500 is an example of a reading means for reading a reading medium such as an IC card.

Then, the CPU 5001 can control the reading of information from the IC card by the card reader 500 via the external I / F 5009, and can acquire the information read from the IC card. The storage medium is not limited to an IC card and may be a storage medium capable of identifying a user. In this case, the serial number of the card and the identification information (internal information) for identifying the user are stored in the storage medium. This identification information is, for example, a user code given by the user in the company.

On the other hand, the image bus interface (IMAGE BUS I / F) 5008 is a bus bridge that connects the system bus 5016 and the image bus 5017 that transfers image data at high speed to convert the data structure.
The image bus 5017 is composed of a PCI bus or IEEE 1394. The following devices are arranged on the image bus 5017.
The raster image processor (RIP) 5010 expands vector data such as a PDL code into a bitmap image, for example.

The printer interface (printer I / F) 5011 connects the printer 5014 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

Further, the scanner interface (scanner I / F) 5012 connects the scanner 5015 and the controller unit 5000, and performs synchronous / asynchronous conversion of image data.

The image processing unit 5013 corrects, processes, and edits the input image data, and corrects, converts the resolution, and the like on the print output image data. In addition to this, the image processing unit 5013 rotates the image data and performs compression / decompression processing such as JPEG for the multi-valued image data and JBIG, MMR, MH for the binary image data.

The scanner 5015 connected to the scanner I / F 5012 illuminates an image on paper as a document and scans it with a CCD line sensor to convert it into an electric signal as raster image data. The manuscript paper is set in the tray of the manuscript feeder, and when the device user gives a reading start instruction from the operation unit 5018, the CPU 5001 gives an instruction to the scanner, and the feeder feeds the manuscript paper one by one to read the manuscript image. I do.

The printer 5014 connected to the printer I / F 5011 is a part that converts raster image data into an image on paper, and the method is an electrophotographic method using a photoconductor drum or a photoconductor belt, and ink is applied from a minute nozzle array. There is an inkjet method that ejects and prints an image directly on the paper, but any method may be used. The start of the print operation is started by an instruction from the CPU 5001. The printer 5014 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and there is a paper cassette corresponding to the plurality of paper feed stages.

The operation unit 5018 connected to the operation unit I / F 5005 has a liquid crystal display (LCD) display unit. A touch panel sheet is pasted on the LCD, and the operation screen of the system is displayed, and when the displayed key is pressed, the position information is transmitted to the CPU 5001 via the operation unit I / F 5005. Further, the operation unit 5018 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys.

Here, the start key of the operation unit 5018 is used when starting the reading operation of the original image. In the center of the start key, there are two color LEDs, green and red, and the colors indicate whether or not the start key can be used. Further, the stop key of the operation unit 5018 functions to stop the operation during operation. Further, the ID key of the operation unit 5018 is used when inputting the user ID of the user. The reset key is used when initializing the setting from the operation unit 5018.

The card reader 500 connected to the external I / F 5009 reads the information stored in the IC card (for example, FeliCa (registered trademark) of Sony Corporation) under the control of the CPU 5001, and reads the read information into the external I / F / F5009. Notify the CPU 5001 via F5009.

Next, each functional block of each device in this system will be described with reference to the functional block diagram of FIG. Each function is executed by the CPU, and detailed processing executed by each function will be described with reference to the flowcharts of FIGS. 5 to 10.
First, the functional part of the client PC 100 will be described.

The print data generation unit 150 on the client PC 100 can generate print data (job) based on the data received from the application program and transmit the print data to the multifunction device 300 or the like.

The user information acquisition unit 151 on the client PC 100 has a function of acquiring information (user name, display name, etc.) of a user logged in to the client PC.

The multifunction device search unit 152 on the client PC 100 searches for the multifunction device on the network and identifies the multifunction device to which the user information and the password entered by the user are transmitted.
The UI control unit 153 on the client PC 100 displays the user information acquired by the user information acquisition unit and controls a screen for inputting a password for card registration.
The multifunction device communication unit 154 on the client PC 100 has a function of transmitting user information and a password for card registration to the multifunction device 300.
Next, the functional part of the multifunction device 300 will be described.

The IC card reader control unit 250 on the multifunction device 300 acquires card information (serial number, information stored in a private area, etc.) held over the card reader 500.
The authentication unit 251 on the multifunction device 300 controls the entire authentication system, and when the authentication is successful, permits the use of the multifunction device by using the user information.

The card type management unit 252 on the multifunction device 300 determines the type of the card (normal card or temporary card) based on the reading result of the card held over. In addition, the temporary card serial number management table is managed in the multifunction machine.
The authentication table management unit 253 on the multifunction device manages the password management table, the normal card authentication table, and the temporary card authentication table managed in the multifunction device.
The client PC communication unit 254 on the multifunction device 300 sends and receives a user information registration request transmitted from the client PC 100.

Hereinafter, the processing in the system of the present embodiment will be described in more detail with reference to the flowcharts of FIGS. 5 to 10.
The CPU of each device executes the process for each step.

In the present embodiment, the user transmits user information and password information from the PC used by the user to the multifunction device to be used. As for the user information, the user information acquisition unit automatically acquires the login user information to prevent spoofing, and the multifunction device to be registered is the one in which the multifunction device search unit searches for the multifunction device on the network in advance. It is explained as.

The user information may be registered in the authentication table in advance. For example, a form in which the authentication table managed by the server is imported into the multifunction device 300 can be considered.

First, the user information registration process in the embodiment of the present invention will be described with reference to FIG. FIG. 5 is a flowchart of the user information registration process.

In step S100, the user information acquisition unit 151 of the client PC 100 acquires the user information (user name, display name) of the user logged in to the client PC.

In step S101, the UI control unit 153 of the client PC 100 displays the card information registration tool screen shown in FIG. The user information acquired in step S100 is displayed on the card information registration tool screen shown in FIG. It also has additional information such as an email address and input items for a card registration password. In the present embodiment, the e-mail address and the card registration password are items that the user arbitrarily inputs.

In step S102, the UI control unit 153 of the client PC 100 determines whether or not the "register" button on the card information registration tool screen has been pressed. If it is pressed, the process proceeds to step S103.

In step S103, the multifunction device communication unit 154 of the client PC 100 transmits a user information registration request to the multifunction device 300 using the data displayed / input on the card information registration tool screen. As for the destination multifunction device, it is assumed that the multifunction device search unit 152 searches for the multifunction device on the network in advance.

In step S104, the client PC communication unit 254 of the multifunction device 300 receives the user information registration request transmitted in step S103. Step S104 is a step showing an example of a user information acquisition process for acquiring user information from an external device (for example, a client PC).
In step S105, the authentication table management unit 253 of the multifunction device 300 acquires the password management table managed in the multifunction device.

In step S106, the authentication table management unit 253 of the multifunction device 300 determines whether or not the user name included in the user information registration request received in step S104 exists in the password management table acquired in step S105. If it exists, the process proceeds to step S107, and if it does not exist, the process proceeds to step S108.

In step S107, the authentication table management unit 253 of the multifunction device 300 deletes the user information searched in S106 from the password management table (FIG. 12) acquired in step S105.

In step S108, the authentication table management unit 253 of the multifunction device 300 registers the user information acquired in step S104 and the card registration password in the password management table (FIG. 12) acquired in step S105.

FIG. 12 is a diagram showing an example of the password management table, in which the user name, display name, e-mail address, and password, which are the information input by the client PC 100, and the registered registration date and time (managed inside the multifunction device). Date and time information) is managed.
In step S109, the client PC communication unit 254 of the multifunction device 300 transmits the user information registration result to the client PC.
In step S110, the multifunction device communication unit 154 of the client PC 100 receives the user information registration result transmitted from the multifunction device.

In step S111, the UI control unit 153 of the client PC 100 displays the user information registration result received in step S110 on the card information registration tool screen (result) shown in FIG. 16 and ends the process.

Next, the IC card registration process according to the embodiment of the present invention will be described with reference to FIGS. 6 to 8. FIG. 6 is a flowchart of the IC card registration process 1.

In step S200, the authentication unit 251 of the multifunction device 300 displays the IC card authentication screen shown in FIG. 17 on the touch panel of the multifunction device. This authentication screen is the screen displayed by default on the multifunction device 300.

In step S201, the authentication unit 251 of the multifunction device 300 determines whether or not the "IC card information registration" button on the IC card authentication screen shown in FIG. 17 has been pressed. If it is pressed, the process proceeds to step S202.

In step S202, the authentication unit 251 of the multifunction device 300 displays the IC card registration screen shown in FIG. 18 on the touch panel of the multifunction device. In FIG. 18, a user name and password are input by the user, and a user confirmation destination (for example, an authentication table as the password management table in FIG. 12) is set.

In step S203, the authentication unit 251 of the multifunction device 300 determines whether or not the "user confirmation" button on the IC card authentication screen shown in FIG. 17 has been pressed. If it is pressed, the process proceeds to step S204.
In step S204, the authentication table management unit 253 of the multifunction device 300 acquires the password management table shown in FIG. 12 managed in the multifunction device.

In step S205, the authentication table management unit 253 of the multifunction device 300 determines whether the user name and password entered on the IC card information registration screen exist in the password management table acquired in step S204. If it exists, the process proceeds to step S207, and if it does not exist, the process proceeds to step S206.
In step S206, the authentication unit 251 of the multifunction device 300 displays an IC card registration error screen (not shown) and ends the process.

In step S207, the authentication table management unit 253 of the multifunction device 300 acquires the user information (user name, display name, email address) of the user searched in step S205.

In step S208, the authentication unit 251 of the multifunction device 300 displays the IC card registration dialog shown in FIG. While the dialog is displayed, the card reader connected to the multifunction device is in the card reading state. In FIG. 19, the acquired user information (user name, display name, e-mail address) is displayed.

In step S209, the IC card reader control unit 250 of the multifunction device 300 determines whether or not the IC card is held over the card reader connected to the multifunction device. If it is detected that the IC card is held up, the process proceeds to step S211. If it is not detected, the process proceeds to step S210.

In step S210, the authentication unit 251 of the multifunction device 300 determines whether or not the "Cancel" button displayed on the IC card registration dialog shown in FIG. 19 has been pressed. If it is pressed, the process is interrupted and the process returns to step S202.

In step S211 the IC card reader control unit 250 of the multifunction device 300 acquires the serial number information of the IC card held over the IC card reader. In the card reader, the serial number (for example, IDm) is first read together with the detection of the card. Step S211 is a step showing an example of a first acquisition process for acquiring the first identification information stored in the reading medium.

Next, the IC card registration process following FIG. 6 will be described with reference to FIG. 7. FIG. 7 is a flowchart of the IC card registration process 2.

In step S212, the card type management unit 252 of the multifunction device 300 acquires the temporary card serial number management table shown in FIG. 15 managed in the multifunction device. The temporary card authentication table is a list of cards in which internal information is not stored, which is used in the subsequent processes of steps S214 to S223. It often takes some time to read the internal information of the card, so we are trying to improve convenience by checking this list first.

In step S213, the card type management unit 252 of the multifunction device 300 determines whether or not the serial number information acquired in step S211 is registered in the temporary card serial number management table acquired in step S212. If it is registered, the process proceeds to step S220, and if it is not registered, the process proceeds to step S214. Step S213 is a step showing an example of a determination process for determining whether or not the first identification information is managed.

In step S214, the IC card reader control unit 250 of the multifunction device 300 acquires the internal information of the IC card held over via the IC card reader / writer connected to the multifunction device. The serial number can be obtained by the first polling by the card reader, and the internal information can be obtained by the second polling by the card reader. In the second polling, a predetermined area of the internal reading area (encrypted area provided inside the card) is read, so that an error may occur during reading the internal information. Step S214 is a step showing an example of a second acquisition process for acquiring the second identification information stored in the reading medium.

In step S215, the IC card reader control unit 250 of the multifunction device 300 determines whether or not the acquisition of the internal information of the IC card carried out in step S214 has succeeded. If the acquisition is successful, the process proceeds to step S216, and if the acquisition is unsuccessful, the process proceeds to step S218.

In step S216, the card type management unit 252 of the multifunction device 300 determines that the card held over is a normal card (the card type is held in the RAM as a normal card). Step S216 is a step showing an example of a determination process for determining a reading medium as a normally used reading medium when the second identification information can be acquired.
In step S217, the authentication unit 251 of the multifunction device 300 holds the internal information acquired in step S214 as the card information of the user.

In step S218, the IC card reader control unit 250 of the multifunction device 300 determines the cause of the failure to acquire the card internal information in step S215. If there is no designated area or there is an access error such as mutual authentication failure, the process proceeds to step S219. In other cases, the process proceeds to step S223. The case of proceeding to step S219 can be rephrased as the case where the internal information cannot be read. The case of proceeding to step S223 can be rephrased as the case where an error is being read while reading the internal information.

In step S219, it can be determined that the internal reading could not be performed, that is, the temporary card was held over. Therefore, the card type management unit 252 of the multifunction device 300 acquires the temporary card serial number management table acquired in step S212 in step S211. Register the created card serial number. Step S219 is a step showing an example of a management process for managing the first identification information acquired in step S211 when the second identification information cannot be acquired.

In step S220, the card type management unit 252 of the multifunction device 300 determines that the card held over is a temporary card (holds the card type in the RAM as a temporary card). In step S220, when the first identification information (for example, serial number) is acquired and the second identification information (for example, internal information) cannot be acquired, the reading medium is temporarily assigned to the reading medium. It is a step which shows an example of the decision process to decide.
In step S221, the authentication unit 251 of the multifunction device 300 holds the card serial number acquired in step S211 as the card information of the user.

In step S222, the authentication unit 251 of the multifunction device 300 displays the IC card detection success dialog shown in FIG. 20 according to the currently held card card information and the card type. The card type determined in step S216 or step S220 is displayed on the IC card detection success dialog.

In the case of a normal card, the card information shown in FIG. 20 displays internal reading information, and the normal card is displayed as the card type. Further, in the card information of FIG. 20, in the case of a temporary card, the serial number is displayed, and the temporary card is displayed as the card type.

In step S223, the IC card reader control unit 250 of the multifunction device 300 determines whether or not the card was removed while reading the internal information because the cause of the failure to acquire the card internal information in step S215 is. If an error occurs due to the card being removed during reading, the process proceeds to step S224. In this case, since it is not possible to determine whether or not the inside information of the card can be read, the card registration process is terminated. Of course, in the actual operation, the card reading may be retried.
In step S224, the authentication unit 251 of the multifunction device 300 displays an IC card registration error screen (not shown) and ends the process.

In step S225, the authentication unit 251 of the multifunction device 300 determines whether or not the OK button on the IC card detection success dialog is pressed. If it is pressed, the process proceeds to step S227, and if it is not pressed, the process proceeds to step S226.

In step S226, the authentication unit 251 of the multifunction device 300 determines whether or not the cancel button on the IC card detection success dialog has been pressed. If it is pressed, the process returns to step S202.

Next, the IC card registration process following FIG. 7 will be described with reference to FIG. FIG. 8 is a flowchart of the IC card registration process 3.

In step S227, the card type management unit 252 of the multifunction device 300 determines the type of the card held over (the card type stored in the RAM). If the type of the card held over is a normal card, the process proceeds to step S228, and if the card is a temporary card, the process proceeds to step S229.

In step S228, the authentication table management unit 253 of the multifunction device 300 acquires the normal card authentication table shown in FIG. 13 managed in the multifunction device in order to register it as a normal card.

FIG. 13 is a diagram showing an example of a normal card authentication table. With the card information to register the internal reading information of the held IC card, the user name, display name, and email address registered in FIG. 12, the registration date and time registered in the normal card authentication table, and the date and time when the IC card authentication was successful. Manage a certain last login date and time.

In step S229, the authentication table management unit 253 of the multifunction device 300 acquires the temporary card authentication table shown in FIG. 14 managed in the multifunction device in order to register the temporary card.

In step S230, the authentication table management unit 253 of the multifunction device 300 determines whether or not the card information acquired in step S217 or step S221 is registered in the authentication table acquired in step S228 or step S229. Here, since the determination is made based on the presence or absence of the card information, the registered user may be another user. If it has been registered, the process proceeds to step S231, and if it has not been registered, the process proceeds to step S232.

In step S231, the authentication table management unit 253 of the multifunction device 300 deletes the information searched in step S230. This is because the card is newly registered, and the record of the card information already registered is deleted.

In step S232, the authentication table management unit 253 of the multifunction device 300 determines whether or not the information of the user name acquired in step S207 has been registered in the authentication table acquired in step S228 or step S229. Here, since the determination is made based on the presence or absence of the user name, the registration card information may be any. If it has been registered, the process proceeds to step S231, and if it has not been registered, the process proceeds to step S233.

In step S233, the authentication table management unit 253 of the multifunction device 300 deletes the information searched in step S232. This is because the user information is newly registered, and the record of the user information already linked and registered is deleted.

In step S234, the authentication table management unit 253 of the multifunction device 300 registers the card information and the user information in the normal card authentication table acquired in step S228 or the temporary card authentication table acquired in step S229. The user information to be registered shall also include information such as a display name and an e-mail address included in the password management table acquired in step S204.

In the registration in the temporary card authentication table in step S234, the first identification information of the reading medium determined to be the temporarily given reading medium is registered in the authentication information as the temporarily given reading medium. This is a step showing an example of the registration process. Further, the registration in the normal card authentication table in step S234 is an example of a registration process in which the second identification information of the reading medium determined to be the normally used reading medium is registered in the authentication information as the normally used reading medium. It is a step showing. Further, it is a step showing an example of a process of registering the user information acquired by the user information acquisition process of step S104 in association with the first identification information or the second identification information.

Further, in the process of becoming TRUE in step S213 and registering in step S234, when it is determined that the first identification information is managed, the user information and the user information can be obtained without acquiring the second identification information in step S214. This is a step showing an example of a process of associating and registering the first identification information acquired in step S211.
In step S235, the authentication table management unit 253 of the multifunction device 300 deletes the user information from the password management table acquired in step S204.

In step S236, the authentication unit 251 of the multifunction device 300 displays the IC card registration success dialog (FIG. 21) and ends the process. FIG. 21 shows an example when a temporary card is registered.

In the case of a card registered as a temporary card, the expiration date 2101 shall also be stated on the dialog. The expiration date is determined according to the expiration date of the setting file shown in FIG. For example, in the case of 0th day, the date and time information managed by the multifunction device 300 is acquired and the acquired date is displayed only on that day. In the case of one day, it is displayed as 24 hours.

FIG. 11 is a diagram showing an example of a setting file stored in the HDD of the multifunction device 300. The password management table validity period, the normal card authentication table validity period, and the temporary card authentication table validity period are set in the configuration file. This setting file may have a configuration in which other setting information is described. For example, it may store area information when the IC card is read inside. It is assumed that the information in this configuration file is read and each process is executed.

In the present embodiment, the IC card authentication screen shown in FIG. 17 has a "keyboard authentication" button. However, keyboard authentication is usually used by an administrator or the like for maintenance of an IC card. Authentication shall be performed by authentication.

In the present embodiment, one user can operate one normal card and one temporary card, but a mechanism that allows multiple registrations of the normal card may be used. For example, a user who participates in a plurality of projects in a form in which a card is given for each project is registered as one user and a plurality of cards.

Next, the IC card authentication process will be described with reference to FIG. FIG. 9 is a flowchart of the IC card authentication process.
In step S300, the authentication unit 251 of the multifunction device 300 displays the IC card authentication screen shown in FIG. 17 on the touch panel of the multifunction device.
In step S301, the IC card reader control unit 250 of the multifunction device 300 detects that the IC card is held over the IC card reader.
In step S302, the IC card reader control unit 250 of the multifunction device 300 acquires the serial number information of the IC card held over the IC card reader.
In step S303, the card type management unit 252 of the multifunction device 300 acquires the temporary card serial number management table shown in FIG. 15 managed in the multifunction device.

FIG. 15 is a diagram showing an example of a temporary card serial number management table. It is a table to be referred to or registered when the internal reading of the IC card cannot be performed, and is a table used to streamline the processing of the temporary card.

In step S304, the card type management unit 252 of the multifunction device 300 determines whether or not the serial number information acquired in step S302 is registered in the temporary card serial number management table acquired in step S303. If it is registered, the process proceeds to step S311. If it is not registered, the process proceeds to step S305. Step S304 is a step showing an example of a determination process for determining whether or not the first identification information is managed during the IC card authentication process.

The processing of steps S303 to S313 is almost the same as the processing of steps S212 to S223, aiming at improving the authentication speed at the time of a temporary card.

In step S305, the IC card reader control unit 250 of the multifunction device 300 acquires the internal information of the IC card held over via the IC card reader / writer connected to the multifunction device. The serial number can be obtained by the first polling by the card reader, and the internal information can be obtained by the second polling by the card reader. In the second polling, a predetermined area of the internal reading area (encrypted area provided inside the card) is read, so that an error may occur during reading the internal information.

In step S306, the IC card reader control unit 250 of the multifunction device 300 determines whether or not the acquisition of the internal information of the IC card carried out in step S305 has succeeded. If the acquisition is successful, the process proceeds to step S307, and if the acquisition is unsuccessful, the process proceeds to step S309.
In step S307, the authentication unit 251 of the multifunction device 300 holds the internal information acquired in step S305 as the card information of the user.

In step S308, the authentication table management unit 253 of the multifunction device 300 acquires the normal card authentication table shown in FIG. 13 managed in the multifunction device as an authentication table for search.

In step S309, the IC card reader control unit 250 of the multifunction device 300 determines the cause of the failure to acquire the card internal information in step S305. If there is no specified area, or if there is an access error such as mutual authentication failure (that is, when the predetermined area that is the internal read area of the IC card cannot be accessed by the predetermined access key), the process proceeds to step S310. .. In other cases, the process proceeds to step S313. The case of proceeding to step S310 can be rephrased as the case where the internal information cannot be read. The case of proceeding to step S313 can be rephrased as the case where an error is being read while reading the internal information.

Since it was identified as a temporary card in step S310, the card type management unit 252 of the multifunction device 300 registers the card serial number acquired in step S302 in the temporary card serial number management table acquired in step S303. Step S310 is a step showing an example of a management process for managing the first identification information acquired in step S302 when the second identification information cannot be acquired.

As a result, an error occurs in step S319 described later, and when the user registers the user information in FIG. 5 and registers the temporary card in FIGS. 6 to 7, the process can be transferred to TRUE in step S213. It is possible to streamline the registration process of the temporary card.
In step S311, the authentication unit 251 of the multifunction device 300 holds the card serial number acquired in step S302 as the card information of the user.

In step S312, the authentication table management unit 253 of the multifunction device 300 acquires the temporary card authentication table shown in FIG. 14 managed in the multifunction device as an authentication table for search.

FIG. 14 is a diagram showing an example of a temporary card authentication table. Card information for registering the serial number of the IC card held over, the user name, display name, and email address registered in FIG. 12, the registration date and time registered in the temporary card authentication table, and the date and time when the IC card authentication was successful. Manage the last login date and time.

In step S313, the IC card reader control unit 250 of the multifunction device 300 determines whether or not the card was removed during reading the internal information because the cause of the failure to acquire the card internal information in step S305. If an error occurs due to the card being removed during reading, the process proceeds to step S314. In this case, since it is not possible to determine whether or not the inside information of the card can be read, the card authentication process is terminated. Of course, in the actual operation, the card reading may be retried.
In step S314, the authentication unit 251 of the multifunction device 300 displays an IC card authentication error screen (not shown) and ends the process.

In step S315, the authentication table management unit 253 of the multifunction machine 300 has registered the card internal information held in step S307 in the normal card authentication table acquired in step S308, or the temporary card authentication table acquired in step S312. It is determined whether or not the card serial number held in step S311 is registered. If it is registered, the process proceeds to step S316, and if it is not registered, the process proceeds to step S319.
In step S316, the authentication table management unit 253 of the multifunction device 300 acquires the user information searched in step S315.

In step S317, the authentication unit 251 of the multifunction device 300 logs in to the multifunction device using the user information acquired in step S316. At the time of login, the functions available on the multifunction device may be restricted by the authority of the normal card or the temporary card.

In step S318, the authentication table management unit 253 of the multifunction device 300 updates the last login date and time (FIG. 13 or FIG. 14) of the user information searched in step S315, and ends the process.
In step S319, the authentication unit 251 of the multifunction device 300 displays an IC card authentication error screen (not shown).

Next, the deletion process of the authentication table will be described with reference to FIG. FIG. 10 is a flowchart of the deletion process of the authentication table.

In this flowchart, for example, when the date changes, it is performed periodically, and the table is deleted according to the number of valid days of each table.
In step S400, the authentication table management unit 253 of the multifunction device 300 acquires the setting file shown in FIG. 11 managed in the multifunction device.
In step S401, the authentication table management unit 253 of the multifunction device 300 acquires the password management table shown in FIG. 12 managed in the multifunction device.

In step S402, the authentication table management unit 253 of the multifunction device 300 compares the registration date and time of the password management table acquired in step S401 with the information of the "password management table validity period" set in the setting file acquired in step S400. And delete the user information whose validity period has expired. Note that the validity period of 0 means that the process is deleted when this process is executed.
In step S403, the authentication table management unit 253 of the multifunction device 300 acquires the normal card authentication table shown in FIG. 13 managed in the multifunction device.

In step S404, the authentication table management unit 253 of the multifunction device 300 determines the last login date and time of the normal card authentication table acquired in step S403 and the "normal card authentication table validity period" set in the setting file acquired in step S400. Compare the information and delete the user information that has expired. Note that the validity period of 0 means that the process is deleted when this process is executed.
In step S405, the authentication table management unit 253 of the multifunction device 300 acquires the temporary card authentication table shown in FIG. 14 managed in the multifunction device.

In step S406, the authentication table management unit 253 of the multifunction device 300 determines the last login date and time of the temporary card authentication table acquired in step S405 and the "temporary card authentication table validity period" set in the setting file acquired in step S400. Compare the information and delete the user information that has expired. Note that the validity period of 0 means that the process is deleted when this process is executed.

In the present embodiment, various authentication tables are stored in the multifunction device 300 from which the IC card is read. However, the above-mentioned registration and authentication functions in the authentication table can be added to the multifunction device 300 in a separate housing or authentication. It may be configured to be provided in the server. That is, the authentication information is stored in a housing separate from the multifunction device (information processing device).
This is the end of the detailed description of this embodiment.

According to this embodiment, it is possible to facilitate the management of the reading medium used for authentication.

In particular, the type of the reading medium can be determined and the reading medium can be managed depending on whether or not the internal reading information has been read, and the user can manage the reading medium according to the type without specifying the type. It will be possible.
In addition, unnecessary registration and management due to a mistake in specifying the type when the user specifies the type of the reading medium can be omitted, and management can be easily performed.

Further, when the internal reading information cannot be read, it is determined that the reading medium is temporarily given (temporary card), and the first identification information of the reading medium temporarily given is managed. It is possible to improve the efficiency of the registration process and the authentication process of the temporarily assigned reading medium.

Although one embodiment has been described above, the present invention can take an embodiment as a system, an apparatus, a method, a program, a recording medium, or the like, and specifically, is composed of a plurality of devices. It may be applied to a system or a device consisting of one device.

Further, the program in the present invention is a program in which a computer can execute the processing method of the flowchart shown in FIGS. 5 to 10, and the storage medium of the present invention is a program in which the computer can execute the processing method shown in FIGS. 5 to 10. Is remembered. The program in the present invention may be a program for each processing method of each device of FIGS. 5 to 10.

As described above, the recording medium on which the program that realizes the functions of the above-described embodiment is recorded is supplied to the system or the device, and the computer (or CPU or MPU) of the system or the device stores the program in the recording medium. Needless to say, the object of the present invention can be achieved by reading and executing.

In this case, the program itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program constitutes the present invention.

Recording media for supplying programs include, for example, flexible disks, hard disks, optical disks, magneto-optical disks, CD-ROMs, CD-Rs, DVD-ROMs, magnetic tapes, non-volatile memory cards, ROMs, EEPROMs, and silicon. Disks, solid state drives, etc. can be used.

Further, by executing the program read by the computer, not only the function of the above-described embodiment is realized, but also the OS (operating system) or the like running on the computer is actually operated based on the instruction of the program. Needless to say, there are cases where a part or all of the processing is performed and the processing realizes the functions of the above-described embodiment.

Further, the program read from the recording medium is written to the memory provided in the function expansion board inserted in the computer or the function expansion unit connected to the computer, and then the function expansion board is based on the instruction of the program code. It goes without saying that there are cases where the CPU or the like provided in the function expansion unit performs a part or all of the actual processing, and the processing realizes the functions of the above-described embodiment.

Further, the present invention may be applied to a system composed of a plurality of devices or a device composed of one device. It goes without saying that the present invention can also be applied when it is achieved by supplying a program to a system or device. In this case, by reading the recording medium in which the program for achieving the present invention is stored into the system or device, the system or device can enjoy the effect of the present invention.

Further, by downloading and reading a program for achieving the present invention from a server, database, or the like on the network by a communication program, the system or device can enjoy the effect of the present invention.
It should be noted that all the configurations in which the above-described embodiments and modifications thereof are combined are also included in the present invention.

100 client PC
300 MFP 400 Network 500 Card reader

Claims (8)

An information processing device including a reading means for reading a reading medium.
A first acquisition means capable of acquiring the first identification information stored in the reading medium obtained by reading by the reading means, and a first acquisition means.
A second acquisition means capable of acquiring the second identification information stored in the reading medium, which is obtained by reading by the reading means after acquiring the first identification information by the first acquisition means.
When the second identification information can be acquired by the second acquisition means, the reading medium is determined as the reading medium of the first type, and the second identification information is obtained by the second acquisition means. A determination means for determining the reading medium as a second type of reading medium when the acquisition is not possible, and
The first identification information or the second identification information acquired by the first acquisition means or the second acquisition means is used by the determination means so as to be authenticated by the type determined by the determination means. Equipped with a registration means to register as a determined type ,
When the second identification information cannot be acquired by the second acquisition means, the registration means registers the first identification information and the user information, and the second acquisition means obtains the second identification information. An information processing device characterized in that the second identification information and user information are registered when the identification information of the above can be acquired . The information processing device according to claim 1, wherein the information registered by the registration means is stored in a housing different from that of the information processing device. The information processing device according to claim 1 or 2 , wherein the information processing device is an image forming device. An information processing device including a reading means for reading a reading medium.
A first acquisition means capable of acquiring the first identification information stored in the reading medium obtained by reading by the reading means, and a first acquisition means.
A second acquisition means capable of acquiring the second identification information stored in the reading medium, which is obtained by reading by the reading means after acquiring the first identification information by the first acquisition means.
When the second identification information is acquired by the second acquisition means, the reading medium read by the reading means is set as the first type of reading medium and registered in association with the second identification information. When the user is authenticated using the user information and the second identification information cannot be acquired by the second acquisition means, the reading medium read by the reading means is set as the second type of reading medium, and the second type of reading medium is used. An authentication control means that authenticates using the user information registered in association with the identification information of 1 .
An information processing device characterized by being equipped with. A control method for an information processing device including a reading means for reading a reading medium.
A first acquisition step capable of acquiring the first identification information stored in the reading medium obtained by reading by the reading means, and
After acquiring the first identification information by the first acquisition step, a second acquisition step capable of acquiring the second identification information stored in the reading medium, which is obtained by reading by the reading means,
When the second identification information can be acquired by the second acquisition step, the reading medium is determined as the reading medium of the first type, and the second identification information is obtained by the second acquisition step. A determination step of determining the reading medium as a second type of reading medium when the acquisition is not possible , and
The first identification information or the second identification information acquired by the first acquisition step or the second acquisition step is used in the determination step so as to be authenticated by the type determined in the determination step. Including the registration step to register as the determined type
In the registration step, when the second identification information cannot be acquired by the second acquisition step, the first identification information and the user information are registered, and the second acquisition step causes the second identification information. A control method for an information processing apparatus, which comprises registering the second identification information and user information when the identification information of the above can be acquired . A control method for an information processing device including a reading means for reading a reading medium.
A first acquisition step capable of acquiring the first identification information stored in the reading medium obtained by reading by the reading means, and
After acquiring the first identification information by the first acquisition step, a second acquisition step capable of acquiring the second identification information stored in the reading medium, which is obtained by reading by the reading means,
When the second identification information is acquired by the second acquisition step, the reading medium read by the reading step is set as the first type of reading medium and registered in association with the second identification information. If the second identification information cannot be acquired by the second acquisition step after authentication using the user information, the reading medium read by the reading step is set as the second type of reading medium, and the second type of reading medium is used. An authentication control step that authenticates using the user information registered in association with the identification information of 1 .
A control method for an information processing device, which comprises. Program for causing a computer to function as each unit of the information processing apparatus according to any one of claims 1 to 3. A program that controls a computer equipped with a reading means for reading a reading medium.
The computer
A first acquisition means capable of acquiring the first identification information stored in the reading medium obtained by reading by the reading means, and a first acquisition means.
A second acquisition means capable of acquiring the second identification information stored in the reading medium, which is obtained by reading by the reading means after acquiring the first identification information by the first acquisition means.
When the second identification information is acquired by the second acquisition means, the reading medium read by the reading means is set as the first type of reading medium and registered in association with the second identification information. When the user is authenticated using the user information and the second identification information cannot be acquired by the second acquisition means, the reading medium read by the reading means is set as the second type of reading medium, and the second type of reading medium is used. A program for functioning as an authentication control means for authenticating using user information registered in association with the identification information of 1 .

Images