JP2010149368A - Image forming apparatus, information processing system, processing method in the apparatus and system, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a structure that enables flexible usage of a temporarily given recording medium by setting, for each recording medium, a proper term temporarily given to a user. <P>SOLUTION: In a multifunctional machine 300, user identification information for identifying a user, which is input through an operation part, is received, and first storage medium identification information is obtained by giving the recording medium. If the first storage medium identification information is a storage medium temporarily given to a user, information about the validity of term for the recording medium, which is temporarily given to the user, can be set. In order that the first storage medium identification information is stored so as to correspond to the user identification information as a recording medium temporarily given to a user, a registration request including the first storage medium identification information and the information about the validity of term is transmitted to an authentication server 200. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an image forming apparatus, an information processing system, a processing method thereof, and a program for enabling authentication using a storage medium temporarily provided to a user in authentication of the image forming apparatus using the storage medium.

  2. Description of the Related Art Conventionally, a so-called “pull print (accumulated printing)” printing system in which a user outputs print data from a printing apparatus by making a printing request from the printing apparatus to print data temporarily accumulated on a server. It has been known. Accordingly, the user can output print data from a desired printing apparatus instead of outputting to a specific printing apparatus during printing from an application (for example, Patent Document 1).

  An example of a printing procedure in such a printing system is as follows.

  When the user holds the IC card over the IC card reader connected to the printing apparatus, the IC card reader detects the UID (unique ID) of the IC card. Then, in order to determine whether or not the user is a usable user, the printing apparatus refers to the authentication table stored in the authentication server and set to allow login based on the UID, and executes user authentication processing. As a result of the authentication process, if the login is successful, the printing apparatus acquires and prints the print data of the user temporarily stored on the server.

  In such a mechanism, when a new person who uses the printing apparatus or a person who stops using the printer occurs, the administrator requests the administrator to register the UID or delete the UID, and the administrator performs the processing. The problem that an administrator's trouble is required arises.

Therefore, Patent Document 2 discloses a mechanism for registering the UID of the IC card in the authentication table if the UID is not registered at the time of IC card authentication.
JP 2006-99714 A JP 2008-181491 A

  In the system of Patent Document 2 above, when a newly issued IC card is held and IC card authentication is executed, the card information (UID) of the held IC card is registered in the authentication table of the authentication server. Otherwise, the system registers the card information of the IC card.

  On the other hand, companies that use IC cards often use temporary lending cards (temporary cards) when IC cards are lost or forgotten. Since the temporary card is lent to different users every day, when using the system of Patent Document 2, the temporary card information is linked to the first registered user, and the next lent user registers the card. The problem of not being able to do arises. Also, if you hold the card as it is, there is a problem that you log in as a previous user, making it difficult to use temporary cards.

  It is also possible to use a system that allows the temporary card to be used only on the registration date. In this case, however, the system cannot be operated for a long time. For example, the temporary card can be lent for a certain period during a business trip. I can't do it. In particular, in the use of a temporary card, since the usage period of the temporary card varies for each user, flexible setting and registration of the temporary card is desired.

  Accordingly, an object of the present invention is to provide a mechanism that enables flexible operation of a temporarily given storage medium by allowing a user to set an appropriate period for each temporarily given storage medium. is there.

  According to a first aspect of the present invention, there is provided user information storage means for storing user identification information for identifying a user in order to perform authentication using a storage medium held over the image forming apparatus. An image forming apparatus capable of communicating with an authentication server via a communication medium, the user identification information receiving means for receiving user identification information for identifying a user input from an operation unit, and the storage medium being held over If the first storage medium identification information acquisition means for acquiring the first storage medium identification information obtained by the above and the first storage medium identification information is a storage medium that is temporarily given to the user, Expiration date setting display means capable of setting expiry date information of a temporarily given storage medium, and the first storage medium identifier as a storage medium temporarily given to the user. Expiration date information set by the first storage medium identification information and the expiration date setting display means to store information in the user information storage means corresponding to the user identification information received by the user identification information acceptance means An image forming apparatus comprising: a first storage medium identification information transmitting unit configured to transmit a registration request including the information to the authentication server.

  In addition, when the expiration date information is set by the expiration date setting display means, the storage device further comprises second storage medium identification information acquisition means for acquiring second storage medium identification information obtained by holding the storage medium. The expiration date setting display means is set to an administrator when the second storage medium identification information is acquired and the second storage medium identification information is storage medium identification information of a user with administrator authority. In the image forming apparatus, the first maximum expiration date information is displayed.

  In addition, when the user identification information received by the user identification information receiving unit is user identification information of a user having administrator authority, the expiration date setting display unit includes first maximum expiration date information set for the administrator. When the user identification information received by the user identification information receiving means is user identification information of a user who does not have administrator authority, second maximum expiration date information set for a user who does not become an administrator is displayed. An image forming apparatus is characterized by displaying.

  Further, when it is determined that the first storage medium identification information is not a storage medium temporarily given to the user, the first storage medium identification information is accepted as the user identification information as a normally used storage medium. Means for transmitting the first storage medium identification information to the authentication server for storing in the user information storage means corresponding to the user identification information received by the means. The image forming apparatus is characterized.

  A storage medium identification information list storage means for storing a list of storage medium identification information of the storage medium temporarily given to the user; and the first storage medium identification information acquisition means in the storage medium identification information list. An image forming apparatus, further comprising: a storage medium determination unit that determines whether or not the storage medium identification information that matches the acquired first storage medium identification information exists.

  In addition, when logging in with a storage medium temporarily given to the user, the usable functions set corresponding to the first storage medium identification information acquired by the first storage medium identification information acquisition unit are limited. An image forming apparatus, further comprising: function restriction information obtaining means for obtaining function restriction information for performing; and a log-in means for performing function restriction in accordance with the function restriction information obtained by the function restriction information obtaining means. It is.

  In addition, the function restriction information uses authority information given when a storage medium temporarily given to the user is held over and authority information given when a normally used storage medium is held over An image forming apparatus that is generated.

  According to a second aspect of the present invention, there is provided an authentication server comprising user information storage means for storing user identification information for identifying a user, and performing authentication using a storage medium held over the image forming apparatus, and the authentication server and the communication medium An information processing system comprising an image forming apparatus capable of communicating via a user identification information receiving means for receiving user identification information for identifying a user, which is input from the operation unit A first storage medium identification information acquisition means for acquiring first storage medium identification information obtained by holding the storage medium, and the first storage medium identification information is temporarily given to the user An expiration date setting display means capable of setting expiration date information of a storage medium temporarily given to the user when determined to be a storage medium; In order to store the first storage medium identification information as the assigned storage medium in the user information storage means corresponding to the user identification information received by the user identification information reception means, the first storage medium identification Storage medium identification information transmitting means for transmitting a registration request including information and expiration date information set by the expiration date setting display means to the authentication server, wherein the authentication server is transmitted from the image forming apparatus. Included in the registration request received by the storage medium identification information receiving means and the storage medium identification information receiving means for receiving the registration request including the expiration date information set by the first storage medium identification information and the expiration date setting display means The first storage medium identification information to be received as the storage medium identification information of the temporarily given storage medium together with the expiration date information. An information processing system comprising: storage medium identification information storage means for storing corresponding to the user identification information received by the attaching means.

  Further, the authentication server deletes the storage medium identification information of the temporarily given storage medium including the first storage medium identification information according to the expiration date information stored in the storage medium identification information storage means An information processing system further comprising means.

  The authentication server and the image forming apparatus may be configured as separate bodies.

  According to a third aspect of the present invention, there is provided an authentication server including a user information storage unit for storing user identification information for identifying a user and a communication medium for performing authentication using a storage medium held over the image forming apparatus. A processing method in a communicable image forming apparatus, which is obtained by a user identification information receiving step for receiving user identification information for identifying a user input from an operation unit, and the storage medium being held over the first A first storage medium identification information acquisition step for acquiring the storage medium identification information, and when the first storage medium identification information is a storage medium temporarily provided to the user, the first storage medium identification information is temporarily provided to the user. An expiration date setting display step capable of setting the expiration date information of the storage medium, and the first storage medium identification information as the storage medium temporarily given to the user. Registration including the first storage medium identification information and the expiration date information set in the expiration date setting display step to be stored in the user information storage unit corresponding to the user identification information received in the identification information reception step And a first storage medium identification information transmitting step for transmitting a request to the authentication server.

  According to a fourth aspect of the present invention, there is provided an authentication server that includes a user information storage unit that stores user identification information for identifying a user and that performs authentication using a storage medium held over the image forming apparatus, and the authentication server and the communication medium. Is a processing method in an information processing system configured by an image forming apparatus capable of communicating via a user identification information for receiving user identification information for identifying a user, which is input from an operation unit, by the image forming apparatus A receiving step, a first storage medium identification information acquisition step for acquiring first storage medium identification information obtained by holding the storage medium, and the first storage medium identification information are temporarily received by a user. When it is determined that the storage medium is to be assigned, an expiration date setting display step capable of setting expiration date information of the storage medium temporarily given to the user, and the user As the storage medium temporarily given to the user, the first storage medium identification information should be stored in the user information storage unit corresponding to the user identification information received in the first user identification information reception step. A storage medium identification information transmission step of transmitting a registration request including the first storage medium identification information and the expiration date information set in the expiration date setting display step to the authentication server, and the authentication server includes the authentication server, A storage medium identification information receiving step for receiving a registration request including the first storage medium identification information transmitted from the image forming apparatus and the expiration date information set in the expiration date setting display step; and the storage medium identification information reception The first storage medium identification information included in the registration request received in the step is used as the storage medium identification information of the temporarily given storage medium together with the expiration date information. It is a processing method in an information processing system which comprises a storage medium identification information storing step of storing in response to the user identification information accepted by the user identification information receiving step.

  A fifth invention is a program for causing a computer to execute the processing method of the third invention or the fourth invention.

  According to the present invention, it is possible to provide an image forming apparatus, an information processing system, a processing method thereof, and a program capable of appropriately performing an authentication process even on a storage medium temporarily given to a user.

  Hereinafter, a preferred embodiment of a screen forming system according to the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a system configuration diagram illustrating an example of an image forming system (information processing system) of the present embodiment.

  As shown in FIG. 1, an image forming system (information processing system) includes, for example, one or a plurality of multifunction peripherals 300, one or two IC card authentication servers 200, and one or a plurality of client PCs 100 in a local area network (LAN). ) 400 (communication medium) connected.

  The multi-function device 300 transmits a card number read from a card held over a card reader 319, which will be described later, to the IC card authentication server 200 as an authentication request, and this is also input by the operation unit 308 of the multi-function device described later. The name and password are transmitted to the IC card authentication server 200 as an authentication request.

  The IC card authentication server 200 stores an IC card authentication table (FIG. 15), which will be described later, in response to an authentication request from the multifunction device 300 using an IC card or an authentication request using a user name and password. Authentication processing is performed using the authentication table. The IC card authentication table in FIG. 15 can be paraphrased as user information for storing user identification information (for example, a user name) for identifying a user.

The IC card authentication server 200 is configured to be communicable with, for example, a directory server (not shown), and when there is an authentication request using a user name and password, the directory server is inquired and the user name is stored in the directory server. It is also possible to determine that the authentication is successful, and to transmit the authentication result from the IC card authentication server 200 to the multifunction device 300. That is, the IC card authentication server 200 is a device having a directory server function. In addition, the client PC 100 performs print settings for the multifunction device 300.

  Next, the hardware configuration of the client PC 100 and the IC card authentication server 200 shown in FIG. 1 will be described with reference to FIG.

  FIG. 2 is a block diagram illustrating a hardware configuration example of an information processing apparatus applicable to the client PC 100 and the IC card authentication server 200.

  As shown in FIG. 2, the client PC 100 and the IC card authentication server 200 include a CPU (Central Processing Unit) 201, a RAM (Random Access Memory) 203, a ROM (Read Only Memory) 202, and an input controller 205 via a system bus 204. The video controller 206, the memory controller 207, the communication I / F controller 208, etc. are connected.

  The CPU 201 comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 211 will be described later, which is necessary for realizing the functions executed by each server or each PC, such as BIOS (Basic Input / Output System) and OS (Operating Systems) which are control programs of the CPU 201. Various programs are stored.

  The RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for executing the processing from the ROM 202 or the external memory 211 to the RAM 203 and executing the loaded program.

  The input controller 205 controls input from a keyboard (KB) 209 or a pointing device such as a mouse (not shown). The video controller 206 displays on a display such as a CRT display (Cathode Ray Tube) 210 or the like. 2, the display is not limited to the CRT, but may be another display such as a liquid crystal display, etc. These are used by the administrator as necessary.

  The memory controller 207 is an external storage device (hard disk (HD)), flexible disk (FD), or PCMCIA (Personal Computer) that stores a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 211 such as a Compact Flash (registered trademark) memory connected to a Memory Card International Association (Card Memory) card slot via an adapter.

  The communication I / F controller 208 is connected to and communicates with an external device via a network (for example, the LAN 400 shown in FIG. 1), and executes communication control processing in the network. For example, communication using TCP / IP (Transmission Control Protocol / Internet Protocol) is possible.

  Note that the CPU 201 can display on the CRT 210 by executing an outline font rasterization process on a display information area in the RAM 203, for example. Further, the CPU 201 enables a user instruction using a mouse cursor (not shown) on the CRT 210 or the like.

  Various programs to be described later for realizing the present invention are recorded in the external memory 211 and executed by the CPU 201 by being loaded into the RAM 203 as necessary. Furthermore, a definition file and various information tables used when executing the program are also stored in the external memory 211, and a detailed description thereof will be described later.

  Next, the hardware configuration of the controller unit that controls the multifunction peripheral 300 as the information processing apparatus of the present invention will be described with reference to FIG.

  FIG. 3 is a block diagram illustrating a hardware configuration example of the multifunction machine 300.

  In FIG. 3, a controller unit 316 is connected to a scanner 314 functioning as an image input device and a printer 312 functioning as an image output device, and is connected to a local area network such as the LAN 400 shown in FIG. By connecting to a public line (WAN) such as ISDN, image data and device information are input and output.

  As shown in FIG. 3, the controller unit 316 includes a CPU 301, a RAM 302, a ROM 303, an external storage device (hard disk drive (HDD)) 304, a network interface (Network I / F) 305, a modem (Modem) 306, an operation unit interface ( Operation unit I / F) 307, external interface (external I / F) 318, image bus interface (IMAGE BUS I / F) 320, raster image processor (RIP) 310, printer interface (printer I / F) 311, scanner interface (Scanner I / F) 313, an image processing unit 317, and the like.

  The CPU 301 is a processor that controls the entire system. A RAM 302 is a system work memory for the operation of the CPU 301, and is a program memory for recording a program and an image memory for temporarily storing image data. The ROM 303 stores a system boot program and various control programs. An external storage device (hard disk drive HDD) 304 stores various programs for controlling the system, image data, and the like.

  An operation unit interface (operation unit I / F) 307 is an interface unit with the operation unit (UI) 308, and outputs image data to be displayed on the operation unit 308 to the operation unit 308. The operation unit I / F 307 serves to transmit information (for example, user information) input by the system user from the operation unit 308 to the CPU 301. Note that the operation unit 308 includes a display unit having a touch panel, and various instructions can be given by a user pressing (touching with a finger or the like) a button displayed on the display unit.

  A network interface (Network I / F) 305 is connected to a network (LAN) and inputs / outputs data. A modem (MODEM) 306 is connected to a public line and inputs / outputs data such as FAX transmission / reception.

  An external interface (external I / F) 318 is an interface unit that accepts external inputs such as USB, IEEE 1394, printer port, RS-232C, etc. In this embodiment, a card reader for reading an IC card required for authentication is used. 319 is connected. The CPU 301 can control reading of information from the IC card by the card reader 319 via the external I / F 318, and can acquire information read from the IC card. Note that the storage medium is not limited to an IC card, and any storage medium that can identify a user may be used. In this case, identification information for identifying the user is stored in the storage medium. This identification information may be a production number of the storage medium or a user code given by the user within the company. The above devices are arranged on the system bus 309.

  On the other hand, an image bus interface (IMAGE BUS I / F) 320 is a bus bridge that connects a system bus 309 and an image bus 315 that transfers image data at high speed and converts a data structure. The image bus 315 is configured by a PCI bus or IEEE1394. The following devices are arranged on the image bus 315.

  A raster image processor (RIP) 310 develops vector data such as a PDL code into a bitmap image, for example. A printer interface (printer I / F) 311 connects the printer 312 and the controller unit 316 to perform synchronous / asynchronous conversion of image data. A scanner interface (scanner I / F) 313 connects the scanner 314 and the controller unit 316, and performs synchronous / asynchronous conversion of image data.

  An image processing unit 317 corrects, processes, and edits input image data, and performs printer correction, resolution conversion, and the like on print output image data. In addition to this, the image processing unit 317 performs image data rotation and compression / decompression processing such as JPEG for multi-valued image data and JBIG, MMR, MH for binary image data.

  A scanner 314 connected to the scanner I / F 313 illuminates an image on paper as a document and scans it with a CCD line sensor, thereby converting it into an electrical signal as raster image data. The original paper is set on the tray of the original feeder, and when the apparatus user gives a reading start instruction from the operation unit 308, the CPU 301 gives an instruction to the scanner, and the feeder feeds the original paper one by one to read the original image. I do.

  The printer 312 connected to the printer I / F 311 is a part that converts raster image data into an image on paper. The method is an electrophotographic method using a photosensitive drum or a photosensitive belt, and ink is supplied from a micro nozzle array. There is an ink jet method for ejecting and printing an image directly on a sheet, but any method may be used. The activation of the printing operation is started by an instruction from the CPU 301. The printer 312 has a plurality of paper feed stages so that different paper sizes or different paper orientations can be selected, and has a paper cassette corresponding thereto.

  The operation unit 308 connected to the operation unit I / F 307 includes a liquid crystal display (LCD) display unit. A touch panel sheet is affixed on the LCD to display a system operation screen, and when a displayed key is pressed, the position information is transmitted to the CPU 301 via the operation unit I / F 307. The operation unit 308 includes, for example, a start key, a stop key, an ID key, a reset key, and the like as various operation keys. Here, the start key of the operation unit 308 is used when starting a document image reading operation. There are green and red LEDs in the center of the start key, and indicates whether or not the start key can be used depending on the color. In addition, the stop key of the operation unit 308 functions to stop the operation being performed. The ID key of the operation unit 308 is used when inputting the user ID of the user. The reset key is used when initializing settings from the operation unit 308.

  A card reader 319 connected to the external I / F 318 reads information stored in an IC card (for example, Sony Felica (registered trademark)) under the control of the CPU 301, and reads the read information to the external I / F. The CPU 301 is notified via F318.

  Next, functions of the client PC 100, the authentication server 200, and the multifunction peripheral 300 as the information processing apparatus according to the present invention will be described with reference to FIG.

  FIG. 4 is a functional block diagram illustrating an example of functions of the client PC 100, the authentication server 200, and the multifunction peripheral 300. Details of processing of each function will be described with reference to flowcharts of FIGS.

  The client PC 100 has functions such as the Web browser 150. The web browser 150 is used to access a web service of the MFP 300 (not shown). An authentication application setting file (not shown) can be created on the web service. This authentication application setting file stores the IP address and the like of the authentication server 200 used by the MFP 300.

  The authentication server 200 includes functions of a multifunction peripheral communication unit 250, an authentication unit 251, a user information management unit 252, a use restriction management unit 253, a temporary card information management unit 254, a temporary card information deletion unit 255, and the like.

  The MFP communication unit 250 receives an authentication request / card information registration request from the authentication server communication unit 351 in the MFP 300 and returns an authentication result to the authentication server communication unit 351.

  In accordance with the authentication request received by the MFP communication unit 250, the authentication unit 251 acquires user information that matches the card information from an IC card authentication table shown in FIG. The authentication result is transmitted by the MFP communication unit 250.

  The user information management unit 252 rewrites the IC card authentication table shown in FIG. 15 according to a request related to user information management such as a card information registration request received by the multi-function peripheral communication unit 250.

  The usage restriction management unit 253 compares the usage restriction information illustrated in FIG. 16 and merges the restriction information. In the processing within the present invention, the use restriction information of the user is compared with the use restriction information specified at the time of logging in the temporary card and the use restriction information with low authority is adopted at the time of logging in the temporary card (temporary IC card).

  The temporary card information management unit 254 confirms whether or not the card information of the held IC card exists in a temporary card list (list of storage medium identification information temporarily given to the user) shown in FIG. To do.

  The temporary card information deletion unit 255 deletes information on a temporary card number 2502 and a temporary card expiration date 2503 in the IC card authentication table shown in FIG.

  The multifunction device 300 includes functions of a card reader control unit 350, an authentication server communication unit 351, an authentication processing unit 352, a card information registration unit 353, and the like.

  The card reader control unit 350 communicates with the card reader 319 connected to the multifunction device 300 and controls the card reading state of the card reader 319. When the IC card is held over the card reader, the card information held in the IC card is acquired.

  The authentication server communication unit 351 communicates with the multi-function device communication unit 250 in the authentication server 200 to transmit / receive an authentication request / card information registration request and the like.

  The authentication processing unit 352 logs in to the multifunction device 300 according to the authentication result received from the authentication server 200 by the authentication server communication unit 351.

  The card information registration unit 353 manages processing related to card information registration, and controls screen transition and the like according to each processing.

  The flow of temporary card authentication information management (registration) processing without an administrator by the image forming system (information processing system) 1 of the present embodiment will be described below with reference to FIGS.

  5 to 9 are flowcharts showing the flow of the card registration process of the multifunction machine 300 according to the present invention. With this flowchart, it is possible to register a normal IC card or temporary card (a storage medium temporarily given to the user) used by the user in the IC card authentication table of FIG. As the information of the user who registered the card in the IC card authentication table shown in FIG. 15, the user name, mail address, affiliation group, and card information are registered. The card information includes normal card information 2501, a temporary card number 2502, and a temporary card expiration date 2503.

  When registering a temporary card, it is necessary to specify a temporary card expiration date. As this expiration date, a designated value or a fixed value from the MFP 300 is designated and stored according to the operation mode of the server. In the case of the designated value, the expiration date that can be designated from the multifunction device 300 increases by holding the administrator card over the card reader 319 when registering the temporary card. This is effective when a temporary card is desired for a certain period during a long business trip or the like.

  First, the CPU 301 of the multifunction machine 300 executes an application program activation process for executing a card registration process. In other words, the application program stored in the HDD 304 on the multifunction device 300 is loaded onto the RAM 302 and the application program is executed (step 101).

  The application program includes various functions shown in FIG. 4, that is, a card reader control unit 350, an authentication server communication unit 351, an authentication processing unit 352, and a card information registration unit 353.

  Next, the CPU 301 causes the card reader control unit 350 on the multifunction device 300 to start the connected card reader 319 in a reading start state (step 102). Thereby, an event from the card reader 319 such as card detection or card removal can be acquired. The event includes card information (manufacturing number) read from the card.

  Next, the CPU 301 displays the IC card authentication screen shown in FIG. 17 by the authentication processing unit 352 on the multifunction machine 300 (step 200).

  Next, the CPU 301 detects that the user information management button 1000 on the IC card authentication screen in FIG. 17 is pressed by the card information registration unit 353 on the multi-function peripheral 300 (step 201). As a result, the user management mode is entered, and a temporary card can be registered when the card information registration button 1002 is pressed. In step 201, a card reading stop command is transmitted to the card reader 319. That is, a polling stop command is sent to the card reader 319 so that the card information cannot be read even if the IC card is held over the card reader.

  Next, the CPU 301 displays the user information confirmation screen of FIG. 18 by the card information registration unit 353 on the multifunction machine 300 (step 202).

  Then, the CPU 301 detects that the user confirmation button 1001 on the user information confirmation screen in FIG. 18 is pressed by the card information registration unit 353 (step 203), and is input on the user information confirmation screen in FIG. Information input in the columns of user name, password, and user confirmation destination (domain information managed by the authentication server 200) is acquired (step 204).

  Next, the CPU 301 uses the user name, password, and user confirmation destination (domain information managed by the authentication server 200) acquired in step 208 to the authentication server 200 by the authentication server communication unit 351 on the MFP 300. Then, a user information confirmation request (authentication request) is transmitted (step 205).

  The CPU 201 of the authentication server 200 receives a user information confirmation request (authentication request) from the authentication server communication unit 351 on the multifunction device 300 by the multifunction device communication unit 250 on the authentication server 200 (step 206). According to the user information confirmation request (authentication request) from the MFP 300, the above authentication unit 251 searches the IC card authentication table (FIG. 15) held in the authentication server 200 for a user whose user name and password match. The user information of the user including the user name, e-mail address, usage restriction information, etc. is acquired (step 207).

  FIG. 15 is an example of user information (IC card authentication table) stored in the authentication server 200. The user name (user identification information), password, card information (storage medium identification information), mail address, affiliation group Etc. are stored as user information correspondingly. Also, as card information (storage identification information), the IC card information (manufacturing number) currently used (storage medium identification information) is used as normal card information 2501 and the registered temporary card information (manufacturing number) is used as a temporary card. Temporary card expiration date information set when registering temporary card information is stored in a temporary card expiration date 2503. In addition, the affiliation group is stored with a group name and a role name associated with each other, and is associated with authority information having a structure as shown in FIG.

  At this time, if the user information can be retrieved, the authentication is successful, and authentication result information including the user name is generated. On the other hand, if the user information cannot be searched, the authentication is unsuccessful, and an authentication result including the unsuccessful authentication information is generated.

  Then, the CPU 201 of the authentication server 200 transmits the authentication result (confirmation result) acquired in step 207 to the multi-function device 300 by the multi-function device communication unit 250 on the authentication server 200 (step 208).

  The CPU 301 of the MFP 300 receives the authentication result (confirmation result) by the authentication server communication unit 351 (step 209).

  In the present embodiment, the user information confirmation process in steps 202 to 209 is executed when the user information management button 1000 is pressed in step 201. However, this process is not limited to this timing. You may comprise so that it may be performed when it is YES (after button pressing) in step 223 of FIG. 6 mentioned later. That is, the user information confirmation process may be executed at any timing before the authentication server 200 registers the card information.

  Next, the CPU 301 of the multifunction machine 300 analyzes the contents of the confirmation result received in step 209 by the card information registration unit 353 (step 210). If the authentication is successful (YES in step 210), the process proceeds to step 211. If the authentication is unsuccessful (NO in step 210), the process proceeds to step 220.

  When the user information confirmation is unsuccessful in step 210 described above (NO in step 210), the CPU 301 displays a user information confirmation error screen shown in FIG. 20 by the card information registration unit 353 (step 220).

  Then, the CPU 301 detects the depression of the OK button 1003 on the user information confirmation error screen of FIG. 20 by the card information registration unit 353 (step 221). If pressing is detected in step 221 (YES in step 221), the user information confirmation error screen in FIG. 20 is subsequently deleted, and the process returns to step 200.

  On the other hand, if it is determined in step 210 that the authentication is successful (YES in step 210), the CPU 301 of the multifunction machine 300 displays the user information management menu screen shown in FIG. 19 by the card information registration unit 353 (step 211). It is detected that the card information registration button 1002 has been pressed (step 212).

  When the depression of the card information registration button 1002 is detected in step 212 (YES in step 212), the CPU 301 of the multifunction machine 300 displays the card information registration screen shown in FIG. 19 by the card information registration unit 353 (step 213). ), A card reading start command is transmitted to the card reader 319 (step 214 in FIG. 6). That is, a polling start command is sent to the card reader 319.

  The card reader 319 starts polling by the processing of step 214 described above, and enters the card reading state (step 215).

  The card reader 319 detects that the card is held over and issues a card detection event including card information to the multi-function device 300 (step 216).

  The CPU 301 of the MFP 300 receives a card detection event by the card reader control unit 350 (step 217), and acquires card information (card number such as a manufacturing number) of the IC card held over the card reader (step 218). ). Note that the card information of the IC card is included in the card detection event.

  Next, the CPU 301 of the multifunction peripheral 300 displays the card information acquired in step 218 by the card information registration unit 353 on the card information registration screen displayed in step 213 as shown in FIG. The OK button 1004 is displayed so that it can be pressed. (Step 219).

  The CPU 301 of the multifunction machine 300 detects that the button on the card information registration screen in FIG. 22 is pressed by the card information registration unit 353. If it is detected that the OK button 1004 has been pressed, the process proceeds to step 221. If it is detected that the return button 1005 has been pressed, the process returns to step 211 in FIG. 5 to display the user information management menu screen (FIG. 19). (Step 220).

  The CPU 301 of the MFP 300 transmits a card registration request command to the authentication server 200 through the authentication server communication unit 351. The card registration request command includes the user name acquired in step 209, the card information acquired in step 218, and the expiration date information. Here, since expiration date information is not designated, 0 is transmitted (step 221).

  The CPU 201 of the authentication server 200 receives the card registration request command sent from the authentication server communication unit 351 by the multi-function device communication unit 250 (step 222).

  The CPU 201 of the authentication server 200 acquires the temporary card list shown in FIG. 13 held in the authentication server 200 by the user information management unit 252 (step 223).

  The CPU 201 of the authentication server 200 searches the user information by the user name received in step 222 from the IC card authentication table (FIG. 15) held in the authentication server 200 by the user information management unit 252, and the user name and mail address User information corresponding to the user name received in step 222, which is composed of usage restriction information, temporary card information, temporary card expiration date information, etc., is acquired (step 224).

  The CPU 201 of the authentication server 200 determines whether or not the card information (manufacturing number) received in step 222 is included in the temporary card list (FIG. 13) acquired in step 223 by the temporary card information management unit 254. If it is included, that is, if it is a temporary card, the process proceeds to step 228, and if it is not included, the process proceeds to step 226 (step 225).

  The CPU 201 of the authentication server 200 overwrites and registers the card information (manufacturing number) received in step 222 in the normal card information 2501 of the IC card authentication table (FIG. 15) by the user information management unit 252. Here, the normal card registration is described as overwriting. However, a plurality of normal card information 2501 may be provided in the authentication table (FIG. 15), and additional registration may be performed. Further, it may be a registered error (step 226).

  The CPU 201 of the authentication server 200 creates the result command (according to the registration result) in step 226 by the user information management unit 252 (step 227).

  The CPU 201 of the authentication server 200 determines whether or not the temporary card number 2502 is registered in the user information acquired in step 224 by the user information management unit 252. If temporary card information is already registered for the user, the process proceeds to S229, and if not registered, the process proceeds to step 230 (step 228).

  The CPU 201 of the authentication server 200 creates a result command (failure) at step 228 by the user information management unit 252 (step 229).

  The CPU 201 of the authentication server 200 determines whether the expiration date of the card included in the registration request command acquired in step 222 is specified by the user information management unit 252 (other than 0). If it is specified, that is, other than 0, the process proceeds to step 231. If it is not specified, that is, 0, the process proceeds to step 233 (step 230).

  The CPU 201 of the authentication server 200 registers the card information acquired in step 222 and the expiration date in the temporary card number 2502 and the temporary card expiration date 2503 of the IC card authentication table (FIG. 15) by the user information management unit 252. . Here, the expiration date information registered in the temporary card expiration date 2503 is the date and time when “the expiration date received in step 222 −1” is added to the current date and time managed in the authentication server. That is, as shown in FIG. 23, when the expiration date is designated as 2 days, “expiration date—1 (minus 1)”, the number of days added is 1 day, and the date and time registered in the temporary card expiration date 2503 is This is the day after the registration date plus one day, and the temporary card can be used only on the registration date and the date following the registration date (step 231).

  The CPU 201 of the authentication server 200 creates the result command (success) in step 231 by the user information management unit 252 (step 232).

  The CPU 201 of the authentication server 200 acquires the temporary card setting file shown in FIG. 14 held in the external memory 211 of the authentication server 200 by the user information management unit 252 (step 233). The temporary card setting file in FIG. 14 is set in advance by the system administrator, and is a setting file used in the IC card registration process of this system.

  The temporary setting file shown in FIG. 14 stores a registration mode, a fixed expiration date, a maximum expiration date (second expiration date information), an administrator maximum expiration date (first expiration date information), and a temporary roll. . The registration mode can be set to FIX or FLEX, and when FIX is set, the period stored in the fixed expiration date is used. Further, when FLEX is set, the period stored in the maximum expiration date or the administrator maximum expiration date is used. Note that the maximum expiration date is a period that can be set by the user using the operation unit 308 of the MFP 300 when the administrator's IC card is not held over (when the user corresponding to the IC card is not the administrator). The administrator maximum expiration date is a period that can be set by the user using the operation unit 308 of the MFP 300 when the administrator's IC card is held over. The temporary roll stores a role name of restriction information for restricting the function of the multifunction peripheral 300 that can be applied when the IC card is a temporary card.

  The CPU 201 of the authentication server 200 determines the temporary card registration mode in the temporary card setting file (FIG. 14) acquired in step 233 by the user information management unit 252. If the temporary card registration mode is FLEX, the process proceeds to step 237, and if it is FIX, the process proceeds to step 235 (step 234).

  The CPU 201 of the authentication server 200 registers the card information acquired in step 222 and the expiration date in the temporary card number 2502 and the temporary card expiration date 2503 of the IC card authentication table (FIG. 15) by the user information management unit 252. . Here, as the expiration date information registered in the temporary card expiration date 2503, the fixed expiration date in the temporary card setting file (FIG. 14) is used, and the date and time with “fixed expiration date −1” added to the current date and time is registered. (Step 235).

  The CPU 201 of the authentication server 200 creates the result command (success) in step 235 by the user information management unit 252 (step 236).

  The CPU 201 of the authentication server 200 acquires the maximum expiration date / maximum administrator expiration date in the temporary card setting file (FIG. 14) held in the authentication server 200 by the user information management unit 252 (step 237).

  The CPU 201 of the authentication server 200 transmits the maximum expiration date / administrator maximum expiration date acquired in Step 237 to the MFP 300 by the MFP communication unit 250 (Step 238).

  The CPU 301 of the MFP 300 receives the maximum expiration date / maximum administrator expiration date from the authentication server 200 through the authentication server communication unit 351 (step 239).

  The CPU 301 of the MFP 300 determines whether the user is an administrator based on the user information acquired in step 209. Here, whether or not the user is an administrator is determined based on whether or not the role information corresponding to the affiliation group associated with the user information is the role information with administrator authority. The administrator determination method in this embodiment is determined based on role information, but it is determined based on the group name or role name in FIG. 15, or the IC card authentication table in FIG. If the administrator flag is ON, it may be determined as an administrator.

  The CPU 301 of the MFP 300 displays the temporary card expiration date setting screen shown in FIG. 23 by the card information registration unit 353 (expiration date setting display). Since the user who registers the temporary card is a user with administrator authority, the expiration date 1010 displayed on the screen reflects (sets) the administrator maximum expiration date (1 day to 7 days) acquired in S239 ( Step 241). Reference numerals 1013 and 1014 are display examples of the expiration date 1010. Reference numeral 1013 denotes an expiration date of the display example when the maximum expiration date of the temporary card setting file of FIG. 14 is reflected. Reference numeral 1014 denotes an example of display when the administrator maximum expiration date of the temporary card setting file of FIG. 14 is reflected. It is.

  The CPU 301 of the MFP 300 displays the temporary card expiration date setting screen shown in FIG. 23 by the card information registration unit 353. Since the user who performs temporary card registration is a user who does not have administrator authority, the maximum expiration date (1 day to 3 days) acquired in S239 is reflected (set) in the expiration date 1010 displayed on the screen (step). 242). Note that the period displayed in the expiration date 1010 is the maximum value of the expiration date.

  The CPU 301 of the MFP 300 causes the card reader control unit 350 to start polling of the card reader 319 (step 243). As a result, when an IC card is held over the card reader 319, the card information (manufacturing number) can be acquired together with the card detection event. When polling starts, the card reader 319 performs the same processing as in step 215.

  The CPU 301 of the multifunction machine 300 waits for the card reader control unit 350 to hold the IC card (administrator or own IC card) over the card reader 319. If the card is held over, that is, if a card detection event is received, the process proceeds to step 245 (step 244). In this embodiment, the OK button 1012 is pressed after detecting the card. For example, when registering a temporary card without holding the IC card of the administrator, the user does not hold the IC card. It is also possible to press the OK button 1012. In this case, after the process of step 243, the process proceeds to step 254.

  The CPU 301 of the multifunction device 300 acquires card information (manufacturing number) from the card detection event acquired in step 244 by the card reader control unit 350 (step 245).

  The CPU 301 of the multifunction machine 300 causes the card reader control unit 350 to stop polling of the card reader 319 (step 246). When the polling is stopped and the IC card is held over the card reader 319, the card detection event is not acquired.

  The CPU 301 of the MFP 300 transmits an authentication request command to the authentication server 200 for the card information (manufacturing number) acquired in step 245 by the authentication server communication unit 351 (step 247).

  The CPU 201 of the authentication server 200 receives the authentication request command sent from the authentication server communication unit 351 by the multi-function device communication unit 250 (step 248).

  The CPU 201 of the authentication server 200 uses the user information management unit 252 to search for a user from the IC card authentication table (FIG. 15) held in the authentication server 200 using the card information (manufacturing number) acquired in step 248 as a key. The user information is acquired (step 249).

  The CPU 201 of the authentication server 200 transmits the authentication result of step 249 to the multifunction device 300 by the multifunction device communication unit 250. The authentication result includes the user name / mail address / affiliation group / role information acquired in step 249 (step 250).

  The CPU 301 of the MFP 300 receives the authentication result from the authentication server 200 through the authentication server communication unit 351 (step 251).

  The CPU 301 of the MFP 300 determines whether the user is an administrator from the role information of the authentication result acquired in step 252. If the user is an administrator, the process proceeds to step 253, and if not, the process proceeds to step 254 (step 252). Although the administrator determination method in this embodiment is determined based on role information, it is determined based on the group name or role name in FIG. 15, or an administrator flag is added to the IC card authentication table in FIG. When the manager flag is ON, it may be determined as the manager.

  The CPU 301 of the MFP 300 uses the card information registration unit 353 to change the expiration date 1010 displayed on the temporary card expiration date setting screen shown in FIG. 23 to the administrator maximum expiration date acquired in step 239 (step 239). 253). An example of the expiration date 1010 before the change (when the maximum expiration date is displayed) is 1013, and an example 1010 after the change (after the change to the administrator maximum expiration date) is 1014.

  The CPU 301 of the multifunction machine 300 detects that the button on the temporary card expiration date setting screen of FIG. 23 is pressed by the card information registration unit 353 (step 254). If the OK button 1012 is pressed, the process proceeds to step 255. If the return button 1011 is pressed, the process returns to step 211 in FIG. 5 to display the user information management menu screen.

  The CPU 301 of the multifunction machine 300 transmits a card registration request command to the authentication server 200 through the authentication server communication unit 351 (step 255). The card registration request command includes the user name acquired in step 209, the card information acquired in step 218, and the expiration date information. The expiration date information is the expiration date designated on the temporary card expiration date setting screen of FIG.

  The CPU 201 of the authentication server 200 transmits the registration result command created in any one of step 227, step 229, step 232, and step 236 to the multifunction device 300 through the multifunction device communication unit 250 (step 256).

  The CPU 301 of the MFP 300 receives the registration result from the authentication server 200 through the authentication server communication unit 351 (step 257).

  The CPU 301 of the MFP 300 determines whether the card registration result is successful based on the registration result acquired in step 257. If the result is successful, the process proceeds to step 259, and if unsuccessful, the process proceeds to step 260 (step 258).

  The CPU 301 of the multifunction machine 300 displays the card registration success screen shown in FIG. 24 by the card information registration unit 353 (step 259).

  The CPU 301 of the multifunction machine 300 displays the card registration failure screen shown in FIG. 25 by the card information registration unit 353 (step 260).

  Next, card authentication processing according to the present embodiment will be described with reference to FIGS.

  10 and 11 are flowcharts showing the flow of the card authentication process.

  The card reader 319 connected to the multifunction device 300 detects that the IC card is held over (step 300). When the IC card is detected, the IC card reader 319 acquires IC card information (manufacturing number) and transmits a card detection event to the multi-function device 300 together with the acquired IC card information (manufacturing number) (step 301). .

  The CPU 301 of the multifunction machine 300 receives the card detection event by the card reader control unit 350 and acquires the IC card information (manufacturing number) of the IC card held over (step 302).

  Next, the CPU 301 of the MFP 300 transmits an authentication request including the IC card information acquired in step 302 to the authentication server 200 by the authentication server communication unit 351 (step 303).

  The CPU 201 of the authentication server 200 receives the authentication request including the IC card information sent from the authentication server communication unit 351 by the MFP communication unit 250 (step 304), and the authentication unit 251 sends an authentication request from the MFP 300. Accordingly, the IC card information acquired in step 304 is searched from the IC card authentication table (FIG. 15) held in the authentication server (step 305).

  That is, the IC card authentication table shown in FIG. 15 is searched to determine whether the IC card information exists. When the IC card is registered, the IC card information and the user information are stored in association with each other in the IC card authentication table. Therefore, if the IC card information exists in the IC card authentication table, the user information is stored. It is registered and authentication is successful.

  The CPU 201 of the authentication server 200 determines the authentication result of step 305 by the authentication unit 251 (step 306). That is, if the IC card information is present in the IC card authentication table, the user information is registered, the authentication is successful (YES in step 306), and the step for determining the right to use the MFP 300 of the user is determined. Proceed to 307. On the other hand, if the IC card information does not exist in the IC card authentication table, the user information is not registered, the authentication is failed (NO in step 306), and the process proceeds to step 312 in order to end the authentication process due to the failure.

When the user information has been registered in step 306 (YES in step 306), the CPU 201 of the authentication server 200 displays the IC card authentication field in FIG. 15 in which the IC card information searched in step 305 is stored by the authentication unit 251. It is determined whether the information is stored in the normal card information 2501 or the temporary card number 2502 of the table. If it is registered in the normal card information 2501, the process proceeds to S 312, and if it is registered in the temporary card number 2502, the process proceeds to Step 308. (Step 307)
If the IC card registered in the temporary card number 2502, that is, the IC card held over is a temporary card, the process proceeds to step 308 for merging the authority of the user and the authority of the temporary card. On the other hand, if the IC card registered in the normal card information 2501, that is, the IC card held over is a card that is normally used by the user, the IC card is determined not to be a temporary card but to be its own card. move on. In the case of a normal card (a card that is normally used), the user authority is used as it is.

  When step 307 is “True” and it is determined that the card is a temporary card, the CPU 201 of the authentication server 200 uses the use restriction management unit 253 to indicate the use restriction information about the user acquired in step 305 to the IC card authentication table (FIG. 15). Is acquired (step 308).

  That is, the user name acquired in step 305 is searched from the IC card authentication table (FIG. 15), the group name associated with the user information is obtained, and the role name associated with the group is further obtained. Use restriction information associated with the role name is acquired. Here, the reason why the user, group, and role are linked is to facilitate the use restriction management of the user. A user must belong to one or more groups. Further, it is assumed that one or more roles are set for the group. By adopting such a configuration, the user is always associated with one or more rolls. When the user is associated with one or more roles, the items of the usage restriction information as shown in FIG. 16 are compared, and the stronger authority (the weaker restriction) is acquired as the usage restriction information of the own user. . This use restriction information is function restriction information for restricting the function of the multifunction peripheral 300.

  FIG. 16 is an example of the authority information structure stored in the authentication server 200, and defines restrictions on functions that can be used in the MFP 300.

  Next, the CPU 201 of the authentication server 200 acquires the use restriction information of the temporary roll specified in the temporary card setting file (FIG. 14) that can be held in the authentication server 200 by the use restriction management unit 253 (step 309). ).

  Next, the CPU 201 of the authentication server 200 compares the use restriction information of the own user acquired in step 308 with the use restriction information of the role specified in the temporary roll acquired in step 309 by the use restriction management unit 253, The lower authority (the more restrictive) is acquired as the use restriction information (step 310).

  For example, it is assumed that the color copy is “no restriction” among the use restrictions of the role set by the user. On the other hand, it is assumed that the color copy is “only monochrome copy is possible” within the use restriction of the roll designated as the temporary roll. In this case, the merged use restriction of the temporary card reflects “only monochrome copy is possible” with low authority.

  In step 308, when a plurality of roles are associated with the user, the stronger authority is applied, but in the merge process with the temporary roll, the lesser authority is applied.

  Next, the CPU 201 of the authentication server 200 is necessary for the authentication including the user information (user name, email address, temporary card flag) acquired in step 305 and the use restriction information acquired in step 310 by the use restriction management unit 253. User information (user name, mail address, use restriction information) is created (step 311).

  After step 311, if user information does not exist in step 306 (NO in step 306), and if the IC card is normal card information in step 307, the CPU 201 of the step authentication server 200 The MFP communication unit 250 transmits user information including an authentication result, card information (whether it is a temporary card) and usage restriction information to the MFP 300 (step 312).

  At this time, if user information does not exist in step 306 (NO in step 306), information indicating that the IC card has not been registered (authentication unsuccessful) is sent to the multi-function device 300 as an authentication result.

  If the IC card is normal card information in step 307, although not shown, use restriction information associated with the user name obtained by the user search in step 305 is acquired, and the MFP is used as user information. Send to 300. In this case and the authentication result after step 311, the authentication is successful because the IC card is registered.

  The CPU 301 of the MFP 300 receives the authentication result by the authentication server communication unit 351 (step 313), and the authentication processing unit 352 analyzes the authentication result acquired in step 313 (step 314).

  If the authentication result is successful (YES in step 314), the process proceeds to step 315 to perform a login process, and if unsuccessful (NO in step 314), the process proceeds to step 320 to display an error screen. That is, the CPU 301 displays an authentication error screen as shown in FIG. 27 by the authentication processing unit 352 (step 320), detects pressing of the OK button 1009 on the authentication error screen (step 321), and performs authentication after detection. The error screen is deleted (step 322), and the process returns to step 300 in FIG. 10 to wait for a new IC card to be held.

  If the authentication result is successful in step 314 (YES in step 314), the CPU 301 of the MFP 300 determines whether the IC card in the user information acquired in step 313 is a temporary card by the authentication processing unit 352. Confirm (step 315).

  If it is a temporary card, the process proceeds to step 316 to display the temporary card authentication dialog screen, and if it is a normal card, the process proceeds to step 319 to log in as it is.

  If the IC card is a temporary card in step 315 (YES in step 315), the CPU 301 of the multifunction peripheral 300 displays a temporary card authentication screen as shown in FIG. 26 by the authentication processing unit 352 (step 316). The pressing of the OK button 1008 on the temporary card authentication screen is detected (step 317). After the detection, the temporary card authentication screen shown in FIG. 26 is deleted (step 318).

  After step 318 and when the card is not a temporary card in step 315 (NO in step 315), the CPU 301 of the multifunction device 300 uses the user information acquired in step 313 to the multifunction device 300 by the authentication processing unit 352. A login instruction is given to an OS (operating system) provided, and the MFP 300 is logged in.

When logging in to the multifunction device 300, functions that cannot be used in the multifunction device 300 are restricted according to the authority information (function restriction information) included in the authentication result received in step 313, and the display of the operation unit 308 is controlled. In the case of a temporary card, the authority for the temporary card and the authority of the weaker authority of the own card are applied, and in the case of the own card, the authority of the own card is applied. In the case where a plurality of roles exist on the own card, the authority with the higher authority among the plurality of roles is applied.

  Next, the temporary card deletion process of the present embodiment will be described with reference to FIG.

  FIG. 12 is a flowchart showing the flow of the temporary card deletion process. By performing this process at a fixed time every day (when the date is changed), it is possible to delete a temporary card whose expiration date has expired from the user information table.

  The CPU 201 of the authentication server 200 acquires the current date and time set in the authentication server 200 by using the temporary card information deletion unit 255 (step 400).

  The CPU 201 of the authentication server 200 determines whether there is an unacquired user from the IC card authentication table (FIG. 15) held in the authentication server 200 by the temporary card information deletion unit 255. If there is an unacquired user, the process proceeds to step 402; otherwise, the process ends (step 401).

  The CPU 201 of the authentication server 200 acquires one piece of unacquired user information from the IC card authentication table (FIG. 15) held in the authentication server 200 by the temporary card information deletion unit 255 (step 402).

  The CPU 201 of the authentication server 200 determines whether the temporary card information is registered in the user information acquired in step 402 by the temporary card information deletion unit 255. If it is registered, the process proceeds to step 404. If it is not registered, the process proceeds to step 401 (step 403).

  The CPU 201 of the authentication server 200 acquires the temporary card expiration date of the user information acquired in step 402 by using the temporary card information deletion unit 255 (step 404).

  The CPU 201 of the authentication server 200 uses the temporary card information deletion unit 255 to compare the temporary card expiration date of the user information acquired at step 404 with the current date and time acquired at step 400. If the registered temporary card expiration date is earlier than the current date and time (eg, temporary card expiration date = 200081127, current date = 20081128), the process proceeds to step 406, where the temporary card expiration date is the same as or later than the current date and time. If it is the date and time, the process proceeds to step 401 (step 405).

  The CPU 201 of the authentication server 200 uses the temporary card information deletion unit 255 to delete the temporary card number 2502 and the temporary card expiration date 2503 of the user information acquired in step 404 (step 406).

As described above, in the image forming system (information processing system) according to the present invention, when the user's IC card cannot be used for some reason, an administrator who can operate the temporary card while maintaining safety is unnecessary. An image forming system (information processing system) can be constructed.
In other words, by holding the temporary card list, it is possible to identify that the card to be used is a temporary card, and when registering a temporary card, it is possible to allow a registered user to specify a temporary card expiration date. . Further, the temporary card that has passed the expiration date is automatically deleted, and the temporary card can be operated without increasing the load on the user.

  Further, the authentication server determines whether or not to log in with a temporary card. When logging in with a temporary card, the authority information registered for the temporary card and the authority information of a user who has already been authenticated are merged. It is possible to construct authentication information including authority information giving priority to the one with lower authority. That is, when a temporary card is used, it is possible to set the use authority of the multifunction device 300 to be lower than when using a normal own card.

  The preferred embodiments of the image generation system, the image forming apparatus, the authentication server, and the like according to the present invention have been described above with reference to the accompanying drawings, but are not limited to the above-described embodiments.

  For example, the present embodiment employs a configuration in which a temporary card list is registered in the authentication server 200 in advance, but this list may be held on the multifunction device 300 side.

  In this embodiment, the number of IC cards that can be registered in the IC card authentication table of the authentication server is one regardless of the type of card (temporary card or normal card), but only the temporary card is overwritten. Normal card registration may be additional registration processing.

  Furthermore, in the present embodiment, the authentication server 200 and the multifunction peripheral 300 are configured as separate units. However, the function of the authentication server 200, an IC card authentication table managed by the authentication server 200, and the like (FIGS. 14 to FIG. 16) may be provided in the multi-function device 300 to perform card authentication and card registration in the multi-function device 300.

  It is obvious for those skilled in the art that various changes or modifications can be conceived within the scope of the technical idea described in the claims. It is understood that it belongs to the range.

1 is a diagram showing a configuration of an image forming system according to an embodiment of the present invention. The figure which shows the hardware constitutions of the authentication server 200 and the client PC100 The figure which shows the hardware constitutions of the compound machine 300 1 is a diagram illustrating a functional configuration of an image forming system according to an embodiment. Flow chart showing the flow of IC card registration processing Flow chart showing the flow of IC card registration processing Flow chart showing the flow of IC card registration processing Flow chart showing the flow of IC card registration processing Flow chart showing the flow of IC card registration processing Flow chart showing the flow of card authentication processing Flow chart showing the flow of card authentication processing Flow chart showing the flow of temporary card deletion processing FIG. 5 is a diagram showing an example of a temporary card list managed in the multifunction machine 300 The figure which shows an example of the file for the authority setting of the temporary card managed in the authentication server 200 The figure which shows an example of the IC card authentication table managed in the authentication server 200 The figure which shows an example of the use restriction information which is the role information in the IC card authentication table managed in the authentication server 200 IC card authentication screen example User information management screen example User information management menu screen example User information confirmation error screen example Card information registration screen example Card information registration screen example (card information display) Temporary card expiry date setting screen example Card information registration screen example (registration success display) Card information registration screen example (registration processing error) Example of temporary card authentication screen Authentication error display screen example

Explanation of symbols

100: Client PC
150... Web browser 200... Authentication server 250... Multifunction device communication unit 251... Authentication unit 252... User information management unit 253 ... Use restriction management unit 254 ... Temporary card information management Unit 255... Temporary card information deletion unit 300... MFP 319... Card reader 350... Card reader control unit 351... Authentication server communication unit 352. Information registration department

Claims (13)

Image forming apparatus capable of communicating via a communication medium with an authentication server including user information storage means for storing user identification information for identifying a user in order to perform authentication using a storage medium held over the image forming apparatus Because
User identification information receiving means for receiving user identification information for identifying a user input from the operation unit;
First storage medium identification information acquisition means for acquiring first storage medium identification information obtained by holding the storage medium;
When the first storage medium identification information is a storage medium temporarily given to the user, expiration date setting display means capable of setting the expiration date information of the storage medium temporarily given to the user;
As the storage medium temporarily given to the user, the first storage medium identification information is stored in the user information storage means corresponding to the user identification information received by the user identification information reception means. 1st storage medium identification information transmission means which transmits the registration request containing the storage medium identification information of 1 and the expiration date information set by the said expiration date setting display means to the said authentication server, The image formation characterized by the above-mentioned. apparatus. A second storage medium identification information acquisition unit configured to acquire second storage medium identification information obtained by holding the storage medium when the expiration date information is set by the expiration date setting display unit;
The expiration date setting display means is set to an administrator when the second storage medium identification information is acquired and the second storage medium identification information is storage medium identification information of a user with administrator authority. The image forming apparatus according to claim 1, wherein the first maximum expiration date information is displayed. When the user identification information received by the user identification information receiving unit is user identification information of a user having administrator authority, the expiration date setting display unit displays first maximum expiration date information set for the administrator. When the user identification information received by the user identification information receiving means is user identification information of a user who does not have administrator authority, the second maximum expiration date information set for a user who does not become an administrator is displayed. The image forming apparatus according to claim 1, wherein the image forming apparatus is an image forming apparatus. When it is determined that the first storage medium identification information is not a storage medium that is temporarily given to a user, the first storage medium identification information is used as a normally used storage medium by the user identification information receiving unit. The apparatus further comprises second storage medium identification information transmitting means for transmitting the first storage medium identification information to the authentication server so as to be stored in the user information storage means corresponding to the received user identification information. The image forming apparatus according to any one of claims 1 to 3. Storage medium identification information list storage means for storing a list of storage medium identification information of the storage medium temporarily given to the user;
Storage medium determination means for determining whether or not the storage medium identification information that matches the first storage medium identification information acquired by the first storage medium identification information acquisition means exists in the storage medium identification information list The image forming apparatus according to claim 1, further comprising: In order to restrict the usable functions set corresponding to the first storage medium identification information acquired by the first storage medium identification information acquisition means when logging in with the storage medium temporarily given to the user Function restriction information acquisition means for acquiring the function restriction information of
6. The image forming apparatus according to claim 1, further comprising: a log-in unit configured to log in with a function restriction according to the function restriction information obtained by the function restriction information obtaining unit. The function restriction information is generated using authority information given when a storage medium temporarily given to the user is held over and authority information given when a normally used storage medium is held over. The image forming apparatus according to claim 6. User information storage means for storing user identification information for identifying a user, an authentication server that performs authentication using a storage medium held over the image forming apparatus, and can communicate with the authentication server via a communication medium An information processing system including an image forming apparatus,
The image forming apparatus includes:
User identification information receiving means for receiving user identification information for identifying a user input from the operation unit;
First storage medium identification information acquisition means for acquiring first storage medium identification information obtained by holding the storage medium;
When it is determined that the first storage medium identification information is a storage medium temporarily given to the user, an expiration date setting display capable of setting the expiration date information of the storage medium temporarily given to the user Means,
In order to store the first storage medium identification information as the storage medium temporarily given to the user in the user information storage unit corresponding to the user identification information received by the user identification information reception unit, Storage medium identification information transmitting means for transmitting a registration request including first storage medium identification information and expiration date information set by the expiration date setting display means to the authentication server,
The authentication server is
Storage medium identification information receiving means for receiving a registration request including the first storage medium identification information transmitted from the image forming apparatus and the expiration date information set by the expiration date setting display means;
The first storage medium identification information included in the registration request received by the storage medium identification information receiving means is used as the storage medium identification information of the temporarily given storage medium together with the expiration date information and the user identification information receiving means. An information processing system comprising: a storage medium identification information storage unit that stores information corresponding to the user identification information received in step (1). The authentication server is
According to the expiration date information stored in the storage medium identification information storage unit, the storage medium identification information of the temporarily given storage medium including the first storage medium identification information is further deleted. The information processing system according to claim 8.   The information processing system according to claim 8, wherein the authentication server and the image forming apparatus are configured separately. Image forming apparatus capable of communicating via a communication medium with an authentication server including a user information storage unit for storing user identification information for identifying a user in order to perform authentication using a storage medium held over the image forming apparatus A processing method in which
A user identification information receiving step for receiving user identification information for identifying a user, which is input from the operation unit;
A first storage medium identification information acquisition step of acquiring first storage medium identification information obtained by holding the storage medium;
When the first storage medium identification information is a storage medium temporarily given to the user, an expiration date setting display step capable of setting expiration date information of the storage medium temporarily given to the user;
In order to store the first storage medium identification information as the storage medium temporarily given to the user in the user information storage unit corresponding to the user identification information received in the user identification information reception step. And a first storage medium identification information transmitting step for transmitting a registration request including the storage medium identification information and the expiration date information set in the expiration date setting display step to the authentication server. Processing method in the apparatus. An authentication server that includes a user information storage unit that stores user identification information for identifying a user and performs authentication using a storage medium held over the image forming apparatus, and is capable of communicating with the authentication server via the communication medium A processing method in an information processing system including image forming apparatuses,
The image forming apparatus includes:
A user identification information receiving step for receiving user identification information for identifying a user, which is input from the operation unit;
A first storage medium identification information acquisition step of acquiring first storage medium identification information obtained by holding the storage medium;
When it is determined that the first storage medium identification information is a storage medium temporarily given to the user, an expiration date setting that can set expiration date information of the storage medium temporarily given to the user Display process;
As the storage medium temporarily given to the user, the first storage medium identification information is stored in the user information storage unit corresponding to the user identification information received in the first user identification information reception step. Therefore, a storage medium identification information transmission step of transmitting a registration request including the first storage medium identification information and the expiration date information set in the expiration date setting display step to the authentication server,
The authentication server is
A storage medium identification information receiving step for receiving a registration request including the first storage medium identification information transmitted from the image forming apparatus and the expiration date information set in the expiration date setting display step;
The first storage medium identification information included in the registration request received in the storage medium identification information receiving step is used as the storage medium identification information of the temporarily given storage medium together with the expiration date information and the user identification information receiving step. And a storage medium identification information storage step for storing the information corresponding to the user identification information received in step (b).   The program for making a computer perform the processing method of Claim 11 or 12.

Images