WO2013055343A1 - System and method for operating a host device capable of providing a plurality of services - Google Patents

System and method for operating a host device capable of providing a plurality of services Download PDF

Info

Publication number
WO2013055343A1
WO2013055343A1 PCT/US2011/056134 US2011056134W WO2013055343A1 WO 2013055343 A1 WO2013055343 A1 WO 2013055343A1 US 2011056134 W US2011056134 W US 2011056134W WO 2013055343 A1 WO2013055343 A1 WO 2013055343A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
host
services
users
providing
Prior art date
Application number
PCT/US2011/056134
Other languages
French (fr)
Inventor
Paul L. Jeran
Sean D. FITZGERALD
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to PCT/US2011/056134 priority Critical patent/WO2013055343A1/en
Publication of WO2013055343A1 publication Critical patent/WO2013055343A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N1/00Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
    • H04N1/00127Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture
    • H04N1/00204Connection or combination of a still picture apparatus with another apparatus, e.g. for storage, processing or transmission of still picture signals or of information associated with a still picture with a digital computer or a digital computer system, e.g. an internet server
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N2201/00Indexing scheme relating to scanning, transmission or reproduction of documents or the like, and to details thereof
    • H04N2201/32Circuits or arrangements for control or supervision between transmitter and receiver or between image input and image output device
    • H04N2201/3201Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title
    • H04N2201/3204Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to a user, sender, addressee, machine or electronic recording medium
    • H04N2201/3205Display, printing, storage or transmission of additional information, e.g. ID code, date and time or title of data relating to a user, sender, addressee, machine or electronic recording medium of identification information, e.g. name or ID code

Abstract

A method for operating a host device capable of providing a plurality of services may include managing user accounts for users who are to connect over a network to the host device. Each of the user accounts is assigned to of one or more of the users. The user account may include account information identifying the users and identifying the services that these users are entitled to use. The method may also include receiving a request for a service from a user over a communication network and providing the requested service after authenticating that user to be associated with one of the user accounts and that according to that user account this user is entitled to use the requested service.

Description

SYSTEM AND METHOD FOR OPERATING A HOST DEVICE CAPABLE OF PROVIDING A PLURALITY OF SERVICES

BACKGROUND

[001] Today, many machines offer a large variety of services and capabilities. For example, all-in-one printers typically offer printing, scanning, faxing and photocopying. Such machines are available in various formats - for home, small and large businesses and for large commercial uses.

[002] Small scale machines are typically designed to be used by one or a few users. However, in large organizations one machine may be used by a plurality of users, some local and some remote.

[003] In many cases multiple users, who are from different business units or departments or who are from different cost centers may be using the same host device for a variety of required functions. Such a host device may be accessed by local and remote users over a communication network.

BRIEF DESCRIPTION OF THE DRAWINGS

[004] Embodiments of the present invention are described in the following detailed description and illustrated in the accompanying drawings in which:

[005] Fig. 1 illustrates a system for operating a host device capable of providing a plurality of services, in accordance with an example of the present invention.

[006] Fig. 2 illustrates a system for operating a host device capable of providing a plurality of services, in accordance with another example of the present invention. [007] Fig. 3 illustrates a system for operating a host device capable of providing a plurality of services, in accordance with another example of the present invention.

[008] Fig. 4 illustrates a method for operating a host device capable of providing a plurality of services, in accordance with an example of the present invention.

DETAILED DESCRIPTION

[009] Multi-function devices, such as, for example, a combined printer/fax/copier/scanner, which are sometimes referred to as "all-in-one" devices, are capable of providing a variety of services. When such a device (hereinafter referred to as - "host device") is connected to a network, network users may access the host device and use its various services.

[0010] Fig. 1 illustrates a system for operating a host device capable of providing a plurality of services, in accordance with an example of the present invention. By "services" is meant a variety of different functions or actions that the host is capable of performing.

[0011] System 100 may include a plurality of users (represented in this figure by three users1 14a, 1 14b and 1 14c), which are connected over a communication network 102 to host device 104. Host device 104 may be, or example, a multifunction device, capable of providing a plurality of services, such as printing 106a, photocopying 106b, scanning 106c and faxing 106d. In other examples of the invention, other services, or same services as well as other services may be offered, for example, printing in color, printing in black and white only, printing of high-quality prints, printing only draft-quality prints, etc.

[0012] In organizations that include a plurality of users of various levels of hierarchy, it may be advantageous to allow different users access to services with different permissions. For example, a large law firm may want to allow only

9 partners and associates and senior executives access to high-quality printing, assuming that only partners and senior executives are allowed to send out letters and printed matter on behalf of the firm. The interns and low-level executives would only be allowed to access low-quality printing assuming they only prepare drafts for review by partners and associates. Similarly, only partners and associates may be allowed to access fax services assuming only they are allowed to fax out documents, whereas interns and low-level executives may be barred from accessing fax services assuming they are restricted from sending out faxed documents.

[0013] Organizations having a plurality of users may include various departments which have different budget allocations and may wish to restrict use of the services provided by the host device to the staff of a specific department in order to control expenses.

[0014] User accounts may be managed at the host device 104, for example, by saving a data base of user accounts on storage device 1 10 (e.g. non-volatile storage device such as a hard disk), which may be accessed by processing unit 108 of host device 104.

[0015] Each of users 1 14a, 1 14b and 1 14c may be issued a unique key 1 16a, 1 16b, 1 16c, respectively, which is used to identify that user upon accessing the host device.

[0016] Such a key may include, for example, a secure authentication mechanism , such as a smart card, encrypted wireless transmission, biometrics, etc., which is used in the authentication process of the user. The host device authenticates the user ID and what capabilities have been authorized for that user.

[0017] The user identification information may comprise multiple parts, such as, User, Company, Country to facilitate the restriction of permission to the services offered by the host device. [0018] In another example of the invention, a host device capable of providing a plurality of services may offer to the public controlled access to the various services. A user may be offered to buy a limited access to one or a few of the plurality of services offered by the host device. For example, a user may purchase only black-and-white printing, which is inexpensive with respect to the more expensive color printing, or buy just scanning and black-and white printing services.

[0019] In accordance with an example of the present invention, an account would be established for each user, which may include user identification information (e.g. name, user name, password, PIN code etc.), details on the services to which that user has permission to access and account balance information.

[0020] User identification information may include an individual identifier, departmental identifier, organizational identifier, regional identifier and so on. For example, a user having a key with an individual identifier may access services to which that individual has permission to use. A person with a departmental identifier may have the same identity information of the entire group of users working in the same department, so that each of them may use the services that department has permission to use. The department may have a single account managed who balance may change each time any one of the department users uses the services allocated to that department. Similarly organization-based restrictions on the allowed services may apply as well as regional restrictions.

[0021] In some examples of the invention information on the specified services which the user may use is included in the key each user holds and when the user accesses the host device and presents his key this information becomes available to the host device. The information on the services to which the user has permission to access may be embedded uploaded into the key, when the user purchases his permissions or later on when the user has depleted the credit on the key and recharges that key. Recharging the key with credit may be done in many ways. For example, the user may pay the operator of the host device locally or make a transaction over a network (e.g. the Internet). The user may also buy credit at a third party vendor, licensed by the operator of the host device to sell credit.

[0022] Users 1 14a, 1 14b and 1 14c may access host device 104 over network 102. When accessing host device 104 users 1 14a, 1 14b and 1 14c may be required, each to pass an authentication procedure by presenting the key (1 16a, 1 16b, or 1 16c respectively) which is processed by authentication module 1 12, to verify that the user is indeed allowed access.

[0023] After the user is authenticated securely - the next step in authentication is to determine if the selected task is authorized and if there is a balance remaining for that task. Each user may use any of services 106a, 106b, 106c and 106d to which that user has permission to use according to an assigned permission of that user. Processing unit 108 of host device 104 may determine the permission of each user by referring to a database stored on storage device 1 10 which contains information on the authorized users and their permissions to the various services 106a, 106b, 106c and 106d of host device 104.

[0024] Processing unit 108 (which may be for example an Application Specific Integrated Circuit - ASIC) may determine whether the user has credit in the account balance, and may deduct a value from that credit associated with the service the user is requesting to use and process the task. This may involve internal authentication of other components in the system.

[0025] According to some examples of the present invention, when a user has depleted the credit in the key that user can purchase additional credit. The newly acquired credit may be updated in the database stored in the storage device 1 10 and managed ay host device 104.

[0026] Fig. 2 illustrates a system 101 for operating a host device capable of providing a plurality of services, in accordance with another example of the present invention. [0027] System 101 may include a plurality of users 1 14a, 1 14b and 1 14c, which are connected over communication network 102 to host device 104. Host device 104 may be a multi-function device, capable of providing a plurality of services, such as printing 106a, photocopying 106b, scanning 106c and faxing 106d.

[0028] Each of users 1 14a, 1 14b and 1 14c may be issued a unique key 1 16a, 1 16b, 1 16c. Each key may further include a data storage device 1 15a, 1 15b, 1 15c, respectively, for storing and managing user account data for that user. The user account data of each user may include identifying information to identify that user upon accessing the host device. The user account data may also include, for example, a secure authentication mechanism , such as a smart card, encrypted wireless transmission, biometrics, etc., which is used in the authentication process of the user. The user account data may also include information on the capabilities that have been authorized for that user. Each user may thus access host device 104 from any location in the world that provides access to host device 104. Such a system may facilitate a user printing at a kiosk type of service.

[0029] In some examples of the invention management of user accounts may be carried out in a hybrid configuration where some of the user account information is stored and managed on the storage device 1 15a, 1 15b and 1 15c of keys 1 16a, 1 16b and 1 16c, respectively, while some of the user account information is stored and managed locally using storage device 1 10 of host device 104.

[0030] Fig. 3 illustrates a system 200 with a host device 104 capable of providing a plurality of services with remote management of user accounts a plurality of users having different service permissions, in accordance with another example of the present invention.

[0031] In system 200 a third-party device 202, such as, for example, a remote server may offer to users the possibility of setting up user accounts, thereby determining the services to which access is desired (that is permission level for the services provided by host device 104), obtaining keys (such as 1 16a, 1 16b and 1 16c) and/or updating account information and balance.

[0032] Users may approach third-party device 202 and obtain a key. In the process, a user may indicate the specific services offered by host device 104 which are desired and determine the credit in the account balance. Users 1 14a 1 14b and 1 14c may communicate with third-part device 202 in various ways, such as, for example, over network 102. Processor 206 of third-part unit 202 may manage the interaction with the users, and user account information may be stored on storage device 204 (e.g. hard disk, or other non-volatile storage device). User account information may be communicated from third-party device 202 to host device 104, for example, over communication network 102 to be stored (on storage device 1 10) and/or managed locally on host device 104.

[0033] In some examples of the invention user access communication with host device 104 may be parsed to services offered by host device 104, so as to allow some user accounts to access select services while other user accounts may be allowed access to all services (e.g. Scan and Fax only for Account "A" of user 1 14a, and Print, Copy only for Account "B" and Copy only for Account "C", of user 1 14b, etc.).

[0034] In some examples of the invention the third-party device may be used in establishing user accounts. Users may be required to set up an account by connecting (or otherwise communicating with) the third-party device, provide identification details, select the services they wish to be allowed to use, and obtain credit (e.g. by paying for that credit, by charging a credit card or a bank account or by providing details of an allocated budget).

[0035] In some examples user accounts may be stored and managed on the third party device, who may send information and/or operation instructions over the network (or otherwise) to the host device. In other examples, the user accounts may be managed locally on the host device and the third party device may only be used for setting up the accounts. [0036] In some embodiments of the invention users may have different permission levels, so that the same service may be used, but with different kinds of restrictions. For example, one user may be allowed to use color printing service up to 1000 sheets, whereas another user may be allowed to use the same color printing service, but may be restricted to just 500 sheets.

[0037] In some examples of the invention, frequent users of the same host device may want to "upload" value from a Secure Card, Mobile Phone, etc. to the host device, and may wish to establish an Account to ensure they do not have to conduct a payment transaction for each job performed on the device.

[0038] Figure 4 illustrates a method 300 according to examples of the present invention. Method 300 may include managing 302 user accounts for users who are to connect over a network to a host device capable of providing a plurality of services. Each of the user accounts may be assigned to of one or more of the users. The user account may include account information identifying one or more of the users (e.g. a single user of a subgroup of users) and identifying services of the plurality of services the host device is capable of providing that user or these users are entitled to use.

[0039] Method 300 may also include receiving a request for a service from a user over a communication network and providing the requested service after authenticating that user to be associated with one of the user accounts and that according to that user account the user associated with that account is entitled to use the requested service.

[0040] According to examples of the invention, each of the user accounts may further include balance information, and the balance for the requested service may be debited from the user account of the user who had requested and has been provided the service.

[0041] In some examples of the present invention the user accounts may be managed at the host device. User account information may be stored on a local storage device and a controller or a processing unit of the host device may communicated to that database to obtain authentication information for users and verify the services which are available for these users.

[0042] According to examples of the invention a third-party device that is capable of communicating with the host device may be used in establishing one or more of the user accounts. Also, a third-party device that is capable of communicating with the host device may be used to credit one or more of the user accounts.

[0043] In some examples of the invention, each of the users may be provided with a key for authenticating that user.

[0044] Such a key may include, for example, secure chip technology, secure USB stick, etc. A system according to examples of the invention may include distributed central system for authorization and rights management via an online repository for data that is availible by a wired or wireless connection (commonly referred to as "the cloud") for the purpose of tracking and charging/billing against functions (services) that are performed by the host device. A user may interact with the host device wirelessly (e.g. Blue Tooth, 802.1 1 b/g/n, Wireless USB, NFC, RFID, IR, etc.), wired, or through some other input arrangement (USB Storage Device, Control Panel Interface, Bar-Code, etc.) to specify quantities, functions (services), features, location, etc. for transferring, archiving, or printing data. A host device may negotiate (e.g. via a central system) authorization of a User to determine the applicable Rights available, costs associated/required, and bill/enact payment against the user account prior to performing the specified functions. In some examples of the invention, a user may be prompted to confirm functions or amends functions requested, and enter unique identification information (e.g. biometric, alphanumeric, voice recognition, etc.) for the purpose of having the host device system charge against the user account for immediate payment or billing. Technical ways for secure storage and authentication of the user may include, for example, integration of a secure chip , stored key encryption, stored number of pages, etc. unique PIN code may be assigned for each user account. [0045] A key may include some or all of the user account information for that user.

[0046] In some examples of the invention, a third-party device may be used that is capable of communicating with the host device for issuing and for updating the key.

[0047] By employing method or system according to examples of the invention user accounts may be aggregated up for a centralized billing process (e.g. on a business department or workgroup level) for batch payment or managing user accounts individually without the user having to enact a payment mechanism for each service used. Settlement could be handled on a per-use basis or specified time basis (e.g. daily, weekly, monthly, etc.).

[0048] Aspects of the invention may be embodied in the form of a system, a method or a computer program product. Similarly, aspects of the invention may be embodied as hardware, software or a combination of both. Aspects of the invention may be embodied as a computer program product saved on one or more non-transitory computer readable medium (or mediums) in the form of computer readable program code embodied thereon. Such non-transitory computer readable medium may include instructions that when executed cause a processor to execute method steps in accordance with embodiments of the present invention. In some embodiments of the present invention the instructions stores on the computer readable medium may be in the form of an installed application and in the form of an installation package.

[0049] For example, the computer readable medium may be a non-transitory computer readable storage medium. A non-transitory computer readable storage medium may be, for example, an electronic, optical, magnetic, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. [0050] Computer program code may be written in any suitable programming language. The program code may execute on a single computer, or on a plurality of computers.

[0051] Aspects of the invention are described hereinabove with reference to flowcharts and/or block diagrams depicting methods, systems and computer program products according to embodiments of the invention.

Claims

CLAIMS What is claimed is:
1 . A method for operating a host device capable of providing a plurality of services, the method comprising:
managing user accounts for users who are to connect over a network to the host device, each of the user accounts assigned to of one or more of the users, the user account including account information identifying said one or more users and identifying services of the plurality of services that users of that said one or more users are entitled to use;
receiving a request for a service from said plurality of services from a user over a communication network; and
providing the requested service after authenticating that user to be associated with one of the user accounts and that according to that user account that user is entitled to use the requested service.
2. The method of claim 1 , wherein each of the user accounts further includes balance information, the method further comprising debiting the balance for the requested service.
3. The method of claim 1 , wherein managing of the user accounts is performed at the host device.
4. The method of claim 1 , wherein a third-part device that is capable of communicating with the host device is used in establishing one or more of the user accounts.
5. The method of claim 1 , wherein a third-party device that is capable of communicating with the host device is used to credit one or more of the user accounts.
6. The method of claim 1 , further comprising providing to each of the plurality of users a key for authentication of that user.
7. The method of claim 6, wherein the key further includes some or all of the user account information for that user.
8. The method of claim 6, comprising providing a third-party device that is capable of communicating with the host device for issuing and for updating the key.
9. A system for operating a host device capable of providing a plurality of services, the system comprising a control device for controlling the host device, the control device designed to receive a request for a service from said plurality of services from a user of a plurality of users over a communication network; and cause the host device to provide the requested service after authenticating that user to be associated with a user account of a plurality of user accounts, each of the user accounts assigned to of one or more of the users, the user account including account information identifying the user and identifying services of the plurality of services that user is entitled to use.
10. The system of claim 9, therein the control device is designed to manage the user accounts using a database stored locally.
1 1 . The system of claim 9, further comprising a third-part device that is capable of communicating with the host device for establishing one or more of the user accounts.
12. The system of claim 9, further comprising a third-party device that is capable of communicating with the host device for crediting one or more of the user accounts.
13. The system of claim 9, further comprising keys, each of the keys provided to a user of the plurality of users for authentication of that user.
14. The system of claim 13, wherein each of the keys further includes some or all of the user account information for that user.
15. The system of claim 13, comprising a third-party device capable of communicating with the host device for issuing and for updating the each of keys.
PCT/US2011/056134 2011-10-13 2011-10-13 System and method for operating a host device capable of providing a plurality of services WO2013055343A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2011/056134 WO2013055343A1 (en) 2011-10-13 2011-10-13 System and method for operating a host device capable of providing a plurality of services

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2011/056134 WO2013055343A1 (en) 2011-10-13 2011-10-13 System and method for operating a host device capable of providing a plurality of services

Publications (1)

Publication Number Publication Date
WO2013055343A1 true WO2013055343A1 (en) 2013-04-18

Family

ID=48082217

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/056134 WO2013055343A1 (en) 2011-10-13 2011-10-13 System and method for operating a host device capable of providing a plurality of services

Country Status (1)

Country Link
WO (1) WO2013055343A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10592289B2 (en) 2014-10-31 2020-03-17 Hewlett-Packard Development Company, L.P. Providing auxiliary services or functionality on an apparatus

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999066400A2 (en) * 1998-06-19 1999-12-23 Livingston Enterprises, Inc. Centralized authentication, authorization and accounting server with support for multiple transport protocols
JP2006190038A (en) * 2005-01-05 2006-07-20 Nec Corp System, method, program, cellular phone, personal computer, and server for internet service charging
US20110173105A1 (en) * 2010-01-08 2011-07-14 Nokia Corporation Utilizing AAA/HLR infrastructure for Web-SSO service charging

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999066400A2 (en) * 1998-06-19 1999-12-23 Livingston Enterprises, Inc. Centralized authentication, authorization and accounting server with support for multiple transport protocols
JP2006190038A (en) * 2005-01-05 2006-07-20 Nec Corp System, method, program, cellular phone, personal computer, and server for internet service charging
US20110173105A1 (en) * 2010-01-08 2011-07-14 Nokia Corporation Utilizing AAA/HLR infrastructure for Web-SSO service charging

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10592289B2 (en) 2014-10-31 2020-03-17 Hewlett-Packard Development Company, L.P. Providing auxiliary services or functionality on an apparatus

Similar Documents

Publication Publication Date Title
US10498927B2 (en) Management apparatus, image forming apparatus management system for managing usage of the image forming apparatus
US8064074B2 (en) Image reading apparatus, personalizing method, program, and storage medium
CN104284040B (en) Image forming apparatus and method, non-transient computer-readable medium and image formation system
US20140013410A1 (en) Access right management system, access right management method, and access right management program
JP5602841B2 (en) Product enhancement based on user identification
US7113299B2 (en) Printing with credit card as identification
US8130392B2 (en) Document providing system and document management server
KR20140079195A (en) Image forming apparatus supporting function of near field communication (NFC) and method for performing authentication of NFC device thereof
US7155413B2 (en) Electronic apparatus and management system of the same
JP4339004B2 (en) Paper-based digital data correction method and program
US10375069B2 (en) Authorization delegation system, information processing apparatus, authorization server, control method, and storage medium
JP6089932B2 (en) Image forming apparatus, information processing system, and program
TWI250435B (en) Method of copyright publication and trade for stepwise digital content
US9160724B2 (en) Devices, systems, and methods for device provisioning
US7315824B2 (en) Internet printing by hotel guests
EP1237352B1 (en) A system, method and computer program for managing documents
CN101556637B (en) Information processing device, computer, peripheral equipment and control method
US9584506B2 (en) Server apparatus, information processing method, program, and storage medium
US6931379B1 (en) IC card system and IC card
US8424056B2 (en) Workflow system and object generating apparatus
JP2014095969A (en) Network printing system and network printing program
US8120804B2 (en) Image processing system, image managing device, method, storage medium and image processing device
CN103425924B (en) Information processor, its control method and image processing apparatus
US7730393B2 (en) System and method for providing fee-based data services to mobile users
EP1729499B1 (en) Management of physical security credentials at a multifunction device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11874015

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11874015

Country of ref document: EP

Kind code of ref document: A1