JP7327114B2 - Information processing device, information processing method, and program - Google Patents

Description

The present invention relates to an information processing device, an information processing method, and a program.

2. Description of the Related Art There is a technique in which a device that reads identification information from a recording medium such as an RFID tag or an IC card possessed by a user and on which the identification information is recorded authenticates the identification information, thereby permitting access to the device for a limited period of time.

In Patent Literature 1, an image processing system reads a tag ID of a tag presented by a user, and when it determines that the authentication of the tag ID has expired, prompts the user to input the user ID. It states that the validity period of the certification will be extended. Thus, according to Patent Document 1, it is possible to extend the expiration date when the expiration date has expired by a simple operation of inputting the user ID.

With the technology described in Patent Document 1, since the user can extend the expiration date with a simple operation, it is possible to prevent unauthorized use by another user who illegally obtained a recording medium possessed by the user by pretending to be the user. Can be difficult to manage.

SUMMARY OF THE INVENTION It is an object of the present invention to provide an information processing apparatus, an information processing method, and a program capable of optimizing user management.

In order to solve the above-described problems and achieve the object, an information processing apparatus according to one aspect of the present invention includes acquisition means for acquiring the first identification information from a recording medium on which the first identification information is recorded. and authentication means for performing user authentication based on the first identification information, pre-registered second identification information, and information indicating a first expiration date of the second identification information, and the user authentication receiving means for receiving an extension operation from the first expiration date to a second expiration date when it is determined that the first expiration date has passed in; and when the extension operation is accepted, the extension operation A registration means for updating frequency information indicating the number of times that is accepted, and registering the updated frequency information in association with the second identification information, the first identification information, the second identification information and the limiting means for limiting use of the function based on the number of times information corresponding to the second identification information when user authentication based on the information indicating the second expiration date is successful.

ADVANTAGE OF THE INVENTION According to this invention, it is effective in the ability to optimize user management.

FIG. 1 is a diagram illustrating a schematic configuration of an information processing apparatus according to an embodiment; FIG. 2 is a diagram of a hardware configuration of the information processing apparatus according to the embodiment; 3 is a diagram illustrating a functional configuration of the information processing apparatus according to the embodiment; FIG. FIG. 4 is a diagram showing the data structure of user management information (tag information table) in the embodiment. FIG. 5 is a diagram showing the data structure of function management information (resource management table) in the embodiment. FIG. 6 is a diagram showing function management information (resource management table) after the first extension of the time limit in the embodiment. FIG. 7 is a diagram showing function management information (resource management table) after the second deadline extension in the embodiment. FIG. 8 is a sequence diagram showing a case where tag authentication expires in the embodiment. FIG. 9 is a diagram showing an example of deadline information presentation when the deadline is extended in the embodiment. FIG. 10 is a sequence diagram showing a case in which the number of extensions exceeds the deadline extension in the embodiment. FIG. 11 is a diagram showing the data structure of extension control information (extension procedure control table) in the first modified example of the embodiment. FIG. 12 is a sequence diagram showing a case of executing an extension procedure (answers to questions) according to the number of extensions in the second modification of the embodiment. FIG. 13 is a sequence diagram showing a case of executing an extension procedure (fingerprint authentication) according to the number of extensions in the third modification of the embodiment. FIG. 14 is a diagram showing the data structure of user management information (question type authentication table) in the fourth modification of the embodiment. FIG. 15 is a diagram illustrating a hardware configuration example of an information processing apparatus according to the embodiment and first to third modifications thereof.

(embodiment)
An information processing apparatus according to an embodiment reads identification information from a recording medium such as an RFID tag or an IC card possessed by a user and on which identification information is recorded, and authenticates the identification information to restrict access to a device with a time limit. To give permission.

For example, in the information processing device, when the tag ID of the tag presented by the user is read and it is determined that the authentication of the tag ID has expired, the input of the user ID is requested. Consider technology that extends the deadline. With this technology, the user can extend the time with a simple operation, and can continue to use it after the extension. For this reason, there is a possibility that proper user management will become difficult, such as being illegally used by another user who illegally acquires the recording medium owned by the user by pretending to be the user.

Therefore, in the present embodiment, in the information processing apparatus, by restricting the use of at least a part of a plurality of functions according to the number of extensions, it is possible to suppress the easy extension of the expiration date by user operation, thereby improving user management. We will try to make it appropriate.

More specifically, the tag information table is newly provided with means for recording the number of extensions permitted and the number of extensions, and function management information (resource management table) is provided in which the authority to use the function is changed according to the number of extensions. The resource management table is updated according to the number of extensions, and use of at least some of the functions of the information processing apparatus (eg, image forming apparatus) is restricted. That is, by using a resource management table in which information indicating functions, information indicating availability of use, and expiration dates are associated with each other, authority (usability status) is controlled and expiration dates are set according to the number of extensions. Limit and do. As a result, it is possible to limit extension of the deadline by the user. In other words, user management can be optimized by suppressing easy extension of the time limit by user operation and suppressing unauthorized use.

More specifically, the information processing device 1 can be configured as shown in FIG. FIG. 1 is a diagram showing a schematic configuration of an information processing device 1. As shown in FIG. The information processing apparatus 1 is, for example, an image forming apparatus such as an MFP (Multi Function Printer), and may have multi-function functions such as a printer function, a copy function, a scanner function, and a facsimile function. These functions can be provided by the information processing device 1 when the information processing device 1 performs user authentication and the authentication succeeds. User authentication is performed using the recording medium 3 owned by the user. The recording medium 3 is, for example, an RFID tag, an IC tag, or an IC card.

That is, an administrator of the information processing apparatus (image forming apparatus) 1 records identification information for identifying the recording medium 3 on the recording medium 3, registers the identification information on the information processing apparatus 1, and records the identification information on the recording medium 3. 3 is temporarily granted to the user. At this time, since the given user and the recording medium 3 can be regarded as one body, the identification information for identifying the recording medium 3 can be regarded as information for identifying the user, and the user is authenticated by the authentication of the identification information. be able to.

The information processing apparatus 1 has a reading section 1a capable of reading information recorded on the recording medium 3 . The reading unit 1a may read the recorded information from the recording medium 3 using, for example, proximity wireless technology using electromagnetic induction. When the user brings the recording medium 3 close to the reading unit 1a, the information processing apparatus 1 reads the identification information recorded on the recording medium 3 via the reading unit 1a, and uses the identification information to perform user authentication.

If the identification information does not match the identification information registered in the information processing apparatus 1, the information processing apparatus 1 assumes that the authentication has failed and disables its functions. If the identification information matches the identification information registered in the information processing apparatus 1, the information processing apparatus 1 assumes that the authentication has succeeded, and the functions it has (for example, the printer function, the copy function, the scanner function, the facsimile function, etc.) multi-function function) can be used.

The information processing device 1 can be configured in terms of hardware as shown in FIG. 2, for example. FIG. 2 is a diagram showing the hardware configuration of the information processing apparatus.

As shown in FIG. 2, the information processing apparatus 1 is, for example, a multifunction peripheral (MFP), and includes a main body 10 capable of realizing various functions such as a copy function, a scanner function, a facsimile function, and a printer function, and a user's operation. and an operation unit 20 for receiving. Note that accepting a user's operation is a concept that includes accepting information (including signals indicating coordinate values of the screen, etc.) input according to a user's operation. The main body 10 and the operation unit 20 are connected via a dedicated communication path 300 so as to be able to communicate with each other. The communication path 300 can use, for example, a USB (Universal Serial Bus) standard, but may be of any standard regardless of whether it is wired or wireless.

Note that the main body 10 can perform operations according to operations received by the operation unit 20 . The main body 10 can also communicate with an external device such as a client PC (personal computer), and can perform operations according to instructions received from the external device.

The main body 10 has a CPU 11 , ROM 12 , RAM 13 , HDD (hard disk drive) 14 , communication I/F (interface) 15 , connection I/F 16 , engine section 17 , and system bus 18 . The CPU 11 , ROM 12 , RAM 13 , HDD 14 , communication I/F 15 , connection I/F 16 and engine section 17 are interconnected via a system bus 18 .

The CPU 11 comprehensively controls the operation of the main body 10 . The CPU 11 controls the overall operation of the main body 10 by executing programs stored in the ROM 12, the HDD 14, or the like using the RAM 13 as a work area (work area), and performs the above-described copy function, scanner function, facsimile function, printer function, and the like. Realize various functions of

Communication I/F 15 is an interface for connecting with network 30 . The connection I/F 16 is an interface for communicating with the operation unit 20 via the communication path 300 .

The engine unit 17 is hardware that performs processing other than general-purpose information processing and communication in order to realize copy function, scanner function, facsimile function, and printer function. For example, it includes a scanner (image reading unit) that scans and reads an image of a document, a plotter (image forming unit) that prints on sheet materials such as paper, and a facsimile unit that performs facsimile communication. Additionally, certain options such as a finisher for sorting printed sheets and an ADF (automatic document feeder) for automatically feeding documents may be provided.

The operation unit 20 has a CPU 21 , a ROM 22 , a RAM 23 , a flash memory 24 , a communication I/F 25 , a connection I/F 26 , an operation panel 27 , an external connection I/F 28 and a system bus 29 . The CPU 21 , ROM 22 , RAM 23 , flash memory 24 , communication I/F 25 , connection I/F 26 , operation panel 27 and external connection I/F 28 are interconnected via system bus 29 .

Communication I/F 25 is an interface for connecting with network 30 . The connection I/F 26 is an interface for communicating with the main body 10 via the communication path 300 .

The operation panel 27 accepts various inputs according to user operations, and various types of information (for example, information according to the accepted operations, information indicating the operation status of the information processing apparatus 1, information indicating setting states, etc.). display. In this example, the operation panel 27 is composed of a liquid crystal display (LCD) equipped with a touch panel function, but is not limited to this. For example, it may be composed of an organic EL display device equipped with a touch panel function. Furthermore, in addition to or instead of this, an operation unit such as hardware keys and a display unit such as a lamp may be provided.

The external connection I/F 28 corresponds to the reading section 1a shown in FIG. The external connection I/F 28 may read the recorded information from the recording medium 3 using proximity wireless technology using electromagnetic induction, for example, when the recording medium 3 is brought closer.

The CPU 21 comprehensively controls the operation of the operation unit 20 . The CPU 21 controls the overall operation of the operation unit 20 by executing programs stored in the ROM 22, the flash memory 24, or the like using the RAM 23 as a work area (work area), and generates information (image data) according to the input received from the user. ), etc., which will be described later.

For example, the ROM 22 stores a program 22 a and an application 45 . When the program 22a is executed by the CPU 21, the functional configuration other than the application 45 as shown in FIG. The application 45 is stored in the RAM 23 by being executed by the CPU 21 . FIG. 3 is a diagram showing the functional configuration of the information processing device 1. As shown in FIG.

The information processing apparatus 1 includes tag information input means (acquisition means) 41 , registration means 42 , user authentication means 43 , restriction means 44 , application 45 , and user information input/output means (acceptance means) 46 .

When the recording medium 3 with the identification information recorded therein is brought close to the external connection I/F 28 (see FIG. 2) (when the recording medium 3 is presented by the user), the tag information input means 41 acquires the identification information through the external connection I/F 28 . The recording medium 3 is, for example, an IC tag, RFID, IC card, or the like. The identification information is also called ID information and is, for example, a tag ID. The identification information is information that identifies the recording medium 3, but if the recording medium 3 can be regarded as being integral with the user, the identification information can be regarded as information that identifies the user. FIG. 3 illustrates a case where the identification information is a tag ID. The tag information input means 41 supplies identification information (tag ID) to the registration means 42 .

The registration means 42 has a tag identification means 42a and holds user management information 42a. The user management information 42a is information in which identification information, user information, registration date and time, number of permitted extensions, and number of extensions are associated, and can be implemented as a tag information table as shown in FIG. 4, for example. FIG. 4 is a diagram showing the data structure of user management information (tag information table). FIG. 4 illustrates a tag information table in which identification information is a tag ID and user information is a user ID. The tag information table stores tag IDs, user IDs, registration dates and times, the number of permitted extensions, and the number of extensions in association with each other. In FIG. 4, for the tag ID "12345678" and the user ID "82938393", the allowed number of extensions is "3" and the number of extensions is the initial value "0". The registration date and time may be blank before user authentication.

When the tag identification means 42a shown in FIG. 3 receives the identification information (tag ID) from the tag information input means 41, it refers to the user management information 42a and registers the recording medium (tag) 3 presented by the user in the tag information table. Check if it is That is, if the identification information is included in the user management information 42a, the tag identification means 42a determines that the recording medium (tag) 3 presented by the user is registered in the tag information table, and the identification information is stored in the user management information. If it is not included in the information 42a, it is determined that the recording medium (tag) 3 presented by the user is not registered in the tag information table.

If the recording medium (tag) 3 presented by the user is not registered in the tag information table, the tag identification means 42a requests the user information input/output means 46 to acquire user information (user ID).

The user information input/output unit 46 receives input regarding user information, and performs output regarding user information (for example, display on the screen of the operation panel 27). When the user information input/output unit 46 receives a request to acquire user information (user ID) from the tag identification unit 42a, the user information input/output unit 46 displays a prompt to input user information (user ID) on the screen of the operation panel 27. FIG. The user information input/output unit 46 notifies the tag identification unit 42a of the user information (user ID) upon receiving the input of the user information (user ID).

Upon receiving the user information (user ID), the tag identification means 42a registers the tag information in which the identification information (tag ID) and the user information (user ID) are associated with each other in the user management information (tag information table) 42b. In the case of FIG. 4, the tag ID "12345678" and the user ID "82938393" are recorded, the registration date and time is blank, "3" is recorded in the permitted number of extensions, and the initial value "0" is recorded in the number of extensions. .

If the recording medium (tag) 3 presented by the user is registered in the tag information table, the tag identification means 42a shown in FIG. request.

The user authentication means 43 performs user authentication based on the tag ID, the user ID, and information indicating the expiration date of the user ID. The application 45 has a configuration for executing multiple functions of the information processing device 1 . When the application 45 receives a function execution request from the user, it inquires of the user authentication means 43 to confirm the authentication status of the function, and if the authentication is OK, the function is made executable, and if the authentication is NG, the function is made non-executable.

The user authentication means 43 may perform two-step user authentication. That is, the user authentication means 43 determines whether or not the first-stage user authentication is possible with the user ID specified by the tag identification means 42a based on the tag ID. If it is determined that the first-stage user authentication is "possible", the user authentication means 43 uses the user ID and the registration date and time to determine whether the second-stage user authentication (for example, tag authentication) is possible. The restriction means 44 is requested to obtain information on whether or not authentication is possible and the expiration date.

The restricting unit 44 holds function management information 44a for each user ID, and restricts the use of functions for that user ID using the function management information 44a corresponding to the user ID to be processed. The function management information 44a is information in which information indicating a function, information indicating whether or not the use is permitted, and an expiration date are associated with each other, and can be implemented as a resource information table as shown in FIG. 5, for example. FIG. 5 is a diagram showing the data structure of the function management information (resource management table) 44a. FIG. 5 illustrates a resource information table in which the information indicating the function is the resource (processing in the application 45), and the information indicating the permission/prohibition of use is permission/prohibition of tag authentication. The resource information table stores the resource, availability of tag authentication, and expiration date in the case of availability, in association with each other. In FIG. 5, the tag authentication is "permitted" without an expiration date for the resources "home screen" and "copy", and the tag authentication is "permitted with a time limit" for the resources "send" and "document read". The deadlines are "t ₁ to 1 month" and "t ₁ to 2 months", respectively, and the tag authentication is "prohibited" for the resources "document deletion" and "signature". _t1 is, for example, the time when the expiration date is set.

When the restriction means 44 shown in FIG. 3 receives from the user authentication means 43 a request to acquire information on whether or not authentication is possible using the user ID and the registration date and time and the expiration date, the function management information (resource management table ) 44a. The restricting means 44 supplies the authorization/non-authentication and the expiration date read from the resource information table to the user authenticating means 43 as a response.

The user authentication means 43 determines whether or not authentication read from the resource information table and whether or not second-stage user authentication (for example, tag authentication) can be performed from the expiration date. In the case of FIG. 5, since there is a resource of "permission with a time limit" for tag authentication, the user authentication means 43 checks whether the registration date and time have passed the expiration dates "t ₁ to 1 month" and "t ₁ to 2 months". determine whether or not If the registration date and time have not passed the expiration date, the user authentication means 43 shown in FIG. 3 determines that the second-stage user authentication is "permitted" and returns an authentication result of authentication success to the tag identification means 42a. If the registration date and time have passed the expiration date, the user authentication means 43 determines that the second-stage user authentication is "impossible" and returns the authentication result of authentication failure due to expiration to the tag identification means 42a.

When the tag identification means 42a receives the authentication result of successful authentication, it updates and registers the information of the tag to the state of successful authentication. For example, in FIG. 4, for the tag ID "12345678" and the user ID "82938393", "2015/08/01 12:34:56" is added to the registration date column.

The tag identifying means 42a shown in FIG. 3 deletes the information of the unsuccessfully authenticated tag from the user management information (tag information table) 42b when receiving an authentication result of authentication failure other than due to expiration of the time limit.

The tag identification means 42a notifies the user information input/output means 46 of the authentication result when receiving the authentication result of authentication failure due to expiration of the time limit.

When the user information input/output unit 46 receives the authentication result of authentication failure due to expiration of the time limit, the user information input/output unit 46 displays the authentication result on the screen of the operation panel 27 to notify the user. When the user information input/output unit 46 receives an extension operation for the expired time limit, it supplies an extension request to the tag identification unit 42a in response to the extension operation.

Upon receiving the extension request, the tag identifying means 42a updates the information on the number of times of extension in the user management information (tag information table) 42b. For example, in the case of FIG. 4, the number of times of extension is updated from "0" to "1". The tag identifying means 42a compares the number of times of extension after updating and the number of times of permitted extension, and determines whether or not extension is possible. The tag identifying means 42a determines that extension is possible if the number of times of extension after updating is equal to or less than the permitted number of extensions. In the case of FIG. 4, since the number of times of extension "1" after updating is less than the number of times of permitted extension "3", it is determined that the extension is "permissible". The tag identifying means 42a notifies the user authenticating means 43 of the result of determination that the extension is "possible" and the extension request.

The user authentication means 43 requests the restriction means 44 to update the expiration date in the function management information (resource management table) 44a in response to the extension request. Upon receiving a request to update the expiration date, the restriction unit 44 updates the expiration date information in the function management information (resource management table) 44a.

For example, the limiting means 44 may update the resource management table shown in FIG. 5 as shown in FIG. FIG. 6 is a diagram showing the function management information (resource management table) 44a after the first time limit extension. In FIGS. 5 and 6, for the resources “home screen” and “copy”, the availability of tag authentication is changed from “permitted” to “permitted with a time limit”, and the expiration date is changed from “-” (none) to “t ₂ to 2 months”. and the expiration date is changed (extended) from 't ₁ to 2 months' to 't ₂ to 1 month' for the resource 'read document'. _t2 is, for example, the time when the expiration date is set.

Alternatively, the limiting means 44 may further update the resource management table shown in FIG. 6 as shown in FIG. FIG. 7 is a diagram showing the function management information (resource management table) 44a after the second deadline extension. In FIGS. 6 and 7, the expiration dates for the resources “home screen” and “copy” are changed (extended) from “t ₂ to 2 months” to “t ₃ to 1 month”, and the resources “send” and “document read” are changed (extended). ” has been changed from “limited permission” to “prohibited”. _t3 is, for example, the time when the expiration date is set.

As shown in FIGS. 5 to 7, the limiting means 44 may limit the use of each of a plurality of functions based on information on the number of times of extension corresponding to the identification information. The limiting means 44 may gradually narrow down the available functions among the plurality of functions as the number of times of extension increases. The restricting means 44 may restrict availability of each function in stages as the number of times of extension increases.

When the update of the expiration date information is completed, the restriction means 44 notifies the user authentication means 43 of the completion of the update. Upon receiving the notification that the update has been completed, the user authentication means 43 uses the user ID and the registration date and time to determine whether or not the second stage of user authentication (for example, tag authentication) can be performed. is requested to the restricting means 44 to acquire the information of

When the restriction means 44 receives from the user authentication means 43 a request for acquisition of information on whether or not authentication is possible using the user ID and the registration date and time and the expiration date, the restriction means 44 refers to the function management information (resource management table) 44a corresponding to the user ID. do. The restricting means 44 supplies the authorization/non-authentication and the expiration date read from the resource information table to the user authenticating means 43 as a response.

The user authentication means 43 determines whether or not authentication read from the resource information table and whether or not second-stage user authentication (for example, tag authentication) can be performed from the expiration date. If the registration date and time have not passed the expiration date, the user authentication means 43 determines that the second-stage user authentication is "permitted" and returns an authentication result of authentication success to the tag identification means 42a.

The tag identifying means 42a compares the number of times of extension after updating and the number of permitted extensions, and if the number of times of extension after updating exceeds the number of times of permitted extension, the tag identification means 42a judges that the extension is impossible, and issues an extension request to the user authentication means 43. do not notify As a result, the function management information (resource management table) 44a is not extended. That is, it is possible to suppress an easy extension of the deadline by a user's operation.

Next, a case in which tag authentication expires will be described with reference to FIG. FIG. 8 is a sequence diagram showing a case where tag authentication expires. FIG. 8 illustrates a case in which the expiration date has expired in tag authentication, but it is determined that the number of extensions can be renewed.

A user presents a tag to the tag information input means 41 (S1). The tag information input means 41 extracts identification information (tag ID) from the presented recording medium (tag) 3 (S2), and notifies the extracted tag ID to the tag identification means 42a (S3).

The tag identification means 42a confirms whether or not the tag ID is registered in the user management information (tag information table) 42b. The user information registered in association with the tag registration date and time, the number of extensions, and the home screen display of default processing are notified to the user authentication means 43 (S5), and user authentication is requested.

The user authentication means 43 performs general user authentication processing, and if successful, determines that tag authentication for the home screen is possible (S6), and notifies the result of success (authentication OK) (S7). ). The tag identification means 42a receives the notification of user authentication success and notifies the result to the user information input/output means 46 (S8). The user information input/output means 46 notifies the user by displaying the user authentication success on the screen of the operation panel 27 (S9).

Subsequently, the user instructs to use the application 45 (S10). The application 45 inquires about the authentication status to the user authentication means 43 (S11). The user authentication means 43 determines whether or not the requested application ₄₅ can be used for tag authentication from the resource management table. When the tag registration date and time of the user who is using the tag exceeds `` _t1 to one month'', it is determined that the validity period has expired (S12), and the tag identification means 42a is notified of the expiration of the validity period and restriction information at the time of extension (S13).

Upon receipt of the expiration notification, the tag identification means 42a checks whether the number of extensions exceeds the limit, and if not (S14), presents the user information input/output means 46 with the limit information for the extension of the expiration date. and request a choice to extend or stop.

In response to this, the user information input/output unit 46 displays, for example, a window 271 on the screen of the operation panel 27 as shown in FIG. The window 271 contains a message 271a indicating that the expiration date has expired, a message 271b indicating that use will be restricted if the expiration date is extended, a message 271c indicating the details, an "extend" button object 271d, and a "quit" button object. 271e.

When the user selects the "extend" button object 271d and the user information input means 46 notifies the tag identification means 42a, the tag identification means 42a requests the user information input means 46 to input the user information ( S15).

The user information input means 46 requests the user to input user information (S16), and when user information is input by the user (S17), notifies the input user information to the tag identification means 42a (S18). ).

The tag identification means 42a notifies the notified user information to the user authentication means 43 (S19), and requests user authentication.

The user authentication means 43 performs general user authentication processing, and when successful (S20), notifies the result of success (authentication OK) to the application 45 and the tag identification means 42a (S21, S22).

The tag identification means 42a receives the notification of user authentication success and notifies the result to the user information input/output means 46 (S23), and the user information input/output means 46 displays the notified result on the screen of the operation panel 27. and notify the user (S24). The tag identifying means 42a updates the registration date and time to the current time (S25), and updates the number of times of extension (S26).

The application 45 receives the notification of user authentication success and permits the use of the user (S27). When the application 45 receives a request from the user for a function for which use is permitted, the application 45 executes the function in response to the request.

Next, a case in which the number of times of extension exceeds the permitted number of extensions when the deadline is extended will be described with reference to FIG. 10 . FIG. 10 is a sequence diagram showing a case in which the number of times of extension is exceeded when the deadline is extended. FIG. 10 exemplifies a case where the expiration date is expired in tag authentication and the update of the number of times of extension is NG.

S31 to S43 are the same as S1 to S13 shown in FIG. The tag identification means 42a receives the notification of the expiration date and checks whether the number of times of extension exceeds the limit. Notify (S45). The user information input/output unit 46 displays the prohibition of application use on the screen of the operation panel 27, and notifies the user of the prohibition of application use (S46). As a result, the expiration date is not extended according to the user's operation. That is, it is possible to suppress an easy extension of the deadline by a user's operation.

As described above, in the embodiment, in the information processing apparatus 1, use of at least some of the functions is restricted according to the number of extensions. As a result, it is possible to suppress easy extension of the deadline by user operation, and to optimize user management.

Note that the registration unit 42 may change the procedure required for authentication of the extension operation step by step (for example, to make it stricter) according to the number of times of extension. As a result, if the authentication of the extension operation is NG, the expiration date is not extended. That is, since the extension of the expiration date is suppressed according to the number of extensions, it is possible to suppress the easy extension of the expiration date by the user's operation.

For example, the registration means 42 may hold extension control information 42c in which the number of times of extension and information indicating the content of the extension procedure are associated with each other. The extension control information 42c can be implemented as an extension procedure control table as shown in FIG. 11, for example. The extension procedure control table is a table for controlling extension procedures according to the number of extensions. FIG. 11 is a diagram showing the data structure of extension control information (extension procedure control table) 42c in the first modified example of the embodiment. In FIG. 11, "user ID + password" is requested as an extension procedure for the "first" number of extensions, and "user ID + password + answer to a question" is requested as an extension procedure for the "second" number of extensions. As for the "second time", a case where "superior's approval" is requested as an extension procedure is exemplified. As a result, the authentication in the previous stage can be gradually tightened according to the number of times of extension.

Further, in a case where authentication is performed by answering a question as an extension procedure according to the number of times of extension, the operation shown in FIG. 12 may be performed. FIG. 12 is a sequence diagram showing a case of executing an extension procedure (answers to questions) according to the number of extensions in the second modification of the embodiment.

S51 to S53 are the same as S11 to S13 shown in FIG.

The tag identification means 42a receives the notification of the expiration date, checks whether the number of times of extension exceeds the limit, and if not (S54), checks the number of times of extension, and if it is the second time. Then, the user authentication means 43 is requested to perform authentication by question in addition to authentication by user information (S55).

The user authentication means 43 holds in advance question information in which question content is recorded for each user ID, reads out a question corresponding to the user ID to be processed from the question information (S56), and identifies the question information by tag identification. It is supplied to means 42a (S57). When receiving the question information, the tag identification means 42a supplies a request for input of user information and an answer to the question to the user information input/output means 46 (S58). The user information input/output unit 46 displays on the screen of the operation panel 27 a request for input of user information and an input of an answer to the question, and presents it to the user (S59). When the user information and the answer to the question are input (S60), the user information input/output means 46 notifies the tag identifying means 42a of the user information and the answer information (S61). The tag identification means 42a supplies the user information and the answer information to the user authentication means 43 and requests user authentication (S62). When the user authentication means 43 succeeds in both the authentication by the user information (S63) and the authentication by the answer to the question (S64), the user authentication means 43 notifies the tag identification means 42a of the authentication OK (S65). Then, the processing after S66 is performed in the same manner as the processing after S23 shown in FIG.

Further, fingerprint authentication may be performed as an extension procedure according to the number of times of extension, and in the case of performing fingerprint authentication, the operation shown in FIG. 13 may be performed. FIG. 13 is a sequence diagram showing a case of executing an extension procedure (fingerprint authentication) according to the number of extensions in the third modification of the embodiment.

S71 to S74 are the same as S11 to S13 shown in FIG.

The tag identifying means 42a receives the notification of the expiration date, checks whether the number of times of extension exceeds the limit, and if not (S74), checks the number of times of extension, and confirms that it is the second time. Then, an input request for user information and fingerprint is supplied to the user information input/output means 46 (S75). The user information input/output means 46 displays a display requesting the input of user information and the input of the fingerprint on the screen of the operation panel 27, and presents it to the user (S76). When the user information and the fingerprint data are input (S77), the user information input/output means 46 notifies the tag identification means 42a of the user information and the fingerprint data (S78). The tag identification means 42a supplies the user information and fingerprint data to the user authentication means 43 and requests user authentication (S79). When both the user information authentication (S80) and the fingerprint authentication are successful (S81), the user authentication means 43 notifies the tag identification means 42a of the authentication OK (S82). Then, the processing after S83 is performed in the same manner as the processing after S23 shown in FIG.

Further, when performing authentication and/or fingerprint authentication based on answers to questions as an extension procedure according to the number of times of extension, the user authentication means 43 may hold authentication information 43a including information on a plurality of authentications. Authentication information 43a in which user information, information indicating questions, information indicating answers, and information indicating fingerprint data are associated with each other may be held. The authentication information 43a may be implemented as an authentication management table as shown in FIG. FIG. 14 illustrates an authentication management table in which user information is user ID+password. As a result, the user authentication means 43 can perform authentication that gradually becomes stricter while appropriately combining a plurality of authentications according to the number of times of extension.

Note that the information processing device 1 is not limited to an image forming device as long as it is a device having a communication function. The information processing apparatus 1 is, for example, a PJ (Projector), an IWB (Interactive White Board), an output device such as a digital signage, or a HUD (Head Up Display) device. , industrial machinery, imaging devices, sound collectors, medical equipment, network home appliances, automobiles (connected cars), notebook PCs (personal computers), mobile phones, smart phones, tablet terminals, game machines, PDAs (personal digital assistants), digital cameras , a wearable PC, a desktop PC, or the like.

The information processing apparatus 1 may be an MFP 9 as shown in FIG. 15, for example. FIG. 15 is a diagram showing the hardware configuration of the MFP 9 as an example of the hardware configuration of the predetermined device 1. As shown in FIG. As shown in FIG. 15, the MFP (Multifunction Peripheral/Product/Printer 9) includes a controller 910, a short-range communication circuit 920, an engine control section 930, an operation panel 940, and a network I/F 950.

Among them, the controller 910 includes a CPU 901, a system memory (MEM-P) 902, a north bridge (NB) 903, a south bridge (SB) 904, an ASIC (Application Specific Integrated Circuit) 906, and a storage unit. , a local memory (MEM-C) 907 , an HDD controller 908 , and an HD 909 as a storage unit.

Among these, the CPU 901 is a control unit that performs overall control of the MFP 9 . The NB 903 is a bridge for connecting the CPU 901, the MEM-P 902, the SB 904, and the AGP bus 921, and includes a memory controller that controls reading and writing with respect to the MEM-P 902, a PCI (Peripheral Component Interconnect) master, and an AGP target. have

The MEM-P 902 is composed of a ROM 902a, which is a memory for storing programs and data for realizing each function of the controller 910, and a RAM 902b, which is used as a drawing memory for expansion of programs and data, memory printing, and the like. The program stored in the RAM 902b is configured to be provided by being recorded in a computer-readable recording medium such as a CD-ROM, CD-R, DVD, etc. as a file in an installable format or an executable format. You may

SB 904 is a bridge for connecting NB 903 with PCI devices and peripheral devices. The ASIC 906 is an image processing IC (Integrated Circuit) having hardware elements for image processing, and serves as a bridge that connects the AGP bus 921, PCI bus 922, HDD controller 908, and MEM-C 907, respectively. This ASIC 906 includes a PCI target and AGP master, an arbiter (ARB) that forms the core of the ASIC 906, a memory controller that controls the MEM-C 907, and multiple DMACs (Direct Memory Access Controllers) that rotate image data using hardware logic. , and a PCI unit that transfers data between the scanner unit 931 and the printer unit 932 via the PCI bus 922 . Note that the ASIC 906 may be connected to a USB (Universal Serial Bus) interface or an IEEE 1394 (Institute of Electrical and Electronics Engineers 1394) interface.

MEM-C 907 is a local memory used as an image buffer for copying and an encoding buffer. The HD 909 is a storage for accumulating image data, accumulating font data used for printing, and accumulating forms. The HD 909 controls reading or writing of data to or from the HD 909 under the control of the CPU 901 . The AGP bus 921 is a bus interface for graphics accelerator cards proposed to speed up graphics processing, and can speed up the graphics accelerator card by directly accessing the MEM-P 902 with high throughput. .

The near field communication circuit 920 also includes a near field communication circuit 920a. The short-range communication circuit 920 is a communication circuit for NFC, Bluetooth (registered trademark), or the like.

Furthermore, the engine control section 930 is configured by a scanner section 931 and a printer section 932 . The operation panel 940 displays a current setting value, a selection screen, and the like, and a panel display unit 940a such as a touch panel for receiving input from an operator, and setting values for image forming conditions such as density setting conditions. An operation panel 940b is provided which includes a numeric keypad for accepting a copy start instruction, a start key for accepting a copy start instruction, and the like. A controller 910 controls the entire MFP 9, for example, controls drawing, communication, input from the operation panel 940, and the like. The scanner unit 931 or printer unit 932 includes an image processing part such as error diffusion and gamma conversion.

The MFP 9 can switch and select the document box function, the copy function, the printer function, and the facsimile function in sequence using the application switching key on the operation panel 940 . The document box mode is set when the document box function is selected, the copy mode is set when the copy function is selected, the printer mode is set when the printer function is selected, and the facsimile mode is set when the facsimile mode is selected.

A network I/F 950 is an interface for data communication using the network 3 . A short-range communication circuit 920 and a network I/F 950 are electrically connected to the ASIC 906 via a PCI bus 922 .

Also, each function of the embodiments described above can be realized by one or more processing circuits. Here, the "processing circuit" in this specification means a processor programmed by software to perform each function, such as a processor implemented by an electronic circuit, or a processor designed to perform each function described above. ASICs (Application Specific Integrated Circuits), DSPs (Digital Signal Processors), FPGAs (Field Programmable Gate Arrays), and devices such as conventional circuit modules.

In addition, the program executed by each device of the present embodiment is a file in an installable format or an executable format, and can be stored in a computer such as a CD-ROM, a flexible disk (FD), a CD-R, a DVD (Digital Versatile Disk), etc. provided on a recording medium readable by

Also, the program executed by each device of the present embodiment may be stored in a computer connected to a network such as the Internet, and may be provided by being downloaded via the network. Also, the program executed by the apparatus of this embodiment may be provided or distributed via a network such as the Internet.

Further, the program of the present embodiment may be configured so as to be pre-installed in a ROM or the like and provided.

The program executed by each apparatus of the present embodiment has a module configuration including the above-described units, and as actual hardware, a CPU (processor) reads the program from the storage medium and executes the above Each part is loaded onto the main memory and each is generated on the main memory.

Further, in the above embodiments, an example in which the image forming apparatus of the present invention is applied to a multifunction machine having at least two functions out of a copy function, a printer function, a scanner function, and a facsimile function will be described. , printers, scanners, facsimile machines, and other image forming apparatuses.

1 information processing device 3 recording medium 41 tag information input means 42 registration means 43 user authentication means 44 restriction means 45 application 46 user information input/output means

JP 2017-123075 A

Claims (5)

An information processing device,
Acquisition means for acquiring the first identification information from a recording medium on which the first identification information is recorded;
authentication means for executing user authentication based on the first identification information, the second identification information registered in advance, and information indicating a first expiration date of the second identification information;
receiving means for receiving an operation to extend the first expiration date from the first expiration date to a second expiration date when it is determined in the user authentication that the first expiration date has passed;
registration means for, when the extension operation is accepted, updating frequency information indicating the number of times the extension operation has been accepted, and registering the updated frequency information in association with the second identification information;
When user authentication based on the first identification information, the second identification information, and the information indicating the second expiration date is successful, based on the number of times information corresponding to the second identification information, the restriction means for restricting use of functions of the information processing device ;
Information processing device having The registration means compares the updated number of times information with the permitted number of extensions, and determines whether or not the extension corresponding to the extension operation is permitted based on the comparison result,
When it is determined that the extension according to the extension operation is possible, and the user authentication based on the first identification information, the second identification information, and the information indicating the second expiration date is successful. 2. The information processing apparatus according to claim 1, wherein use of functions is restricted. The information processing device has a plurality of functions,
The restriction means holds function management information in which information indicating a function, information indicating whether or not use is permitted, and an expiration date are associated with each other, and updates the function management information in accordance with a determination result as to whether extension is permitted or not. 3. The information processing apparatus according to claim 2, wherein use of each of the plurality of functions is restricted according to updated function management information. The information processing device acquires the first identification information from a recording medium on which the first identification information is recorded,
The information processing device executes user authentication based on the first identification information, second identification information registered in advance, and information indicating a first expiration date of the second identification information,
The information processing device receives an operation to extend the first expiration date from the first expiration date to a second expiration date when it is determined in the user authentication that the first expiration date has passed,
When the extension operation is accepted, the information processing device updates frequency information indicating the number of times the extension operation has been accepted,
The information processing device registers the updated number of times information in association with the second identification information,
The information processing device, when user authentication based on the first identification information, the second identification information, and the information indicating the second expiration date is successful, the number of times corresponding to the second identification information An information processing method for restricting the use of functions based on information. information processing equipment,
Acquisition means for acquiring the first identification information from a recording medium on which the first identification information is recorded;
authentication means for executing user authentication based on the first identification information, the second identification information registered in advance, and information indicating a first expiration date of the second identification information;
receiving means for receiving an operation to extend the first expiration date from the first expiration date to a second expiration date when it is determined in the user authentication that the first expiration date has passed;
registration means for, when the extension operation is accepted, updating frequency information indicating the number of times the extension operation has been accepted, and registering the updated frequency information in association with the second identification information;
When user authentication based on the first identification information, the second identification information, and the information indicating the second expiration date is successful, the function is performed based on the number of times information corresponding to the second identification information Restrictive means for restricting the use of
A program that acts as a

Images