JP2016021654A - System having information processing apparatus and image forming apparatus, information processing apparatus, image forming apparatus, control method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a system having an information processing device and image forming apparatus, information processing device, image forming apparatus, control method, and program that can suitably execute user's login processing on the basis of user authentication information transmitted by radio communication.SOLUTION: A portable terminal reads NFC tag information from a compound machine by an NFC communication system (S1002); starts a Wi-Fi connection on the basis of the SSID and Key information of a wireless LAN access point contained in NFC tag information (S1004); and adds an MFP-ID to inputted user authentication information and transmits the information to the compound machine (S1009). The compound machine checks whether or not the MFP-ID written in an NFC reader/writer and the MFP-ID added to the user authentication information transmitted from the portable terminal match with each other; and, if they match, performs user authentication and performs a local login (S1012).SELECTED DRAWING: Figure 8

Description

  The present invention is a system having an information processing apparatus and an image forming apparatus, and in particular, the information processing apparatus transmits user authentication information to the image forming apparatus, and the image forming apparatus executes login based on the user authentication information. Related to the system.

  2. Description of the Related Art In recent years, multifunction devices equipped with a copy function, a print function, and the like are compatible with wireless LAN, and can exchange data by connecting to a mobile terminal such as a smartphone via a wireless LAN access point. A method is also known in which a portable terminal transmits authentication information to a multifunction peripheral using a wireless LAN, and the multifunction peripheral authenticates a user based on the authentication information.

  Patent Document 1 describes an image output system having a portable terminal device and a multifunction peripheral.

  According to Patent Literature 1, the mobile terminal device transmits user information including a user ID and a password to the multi-function device using a wireless LAN such as Wi-Fi (registered trademark). The multi-function device performs user authentication using user information transmitted from the mobile terminal device via the wireless LAN. When the user authentication is successful, the multifunction peripheral displays a UI image customized for the user with the user ID on the operation panel of the multifunction peripheral.

JP 2014-26163 A

  The portable terminal device of Patent Literature 1 transmits user information to a multifunction device when requesting user authentication from the multifunction device using a wireless LAN. For this reason, the user has to set destination information (such as an IP address) of the multifunction peripheral that is the transmission destination of the authentication request in advance in the portable terminal device, and a complicated operation has occurred.

  The present invention has been made in view of such problems, and an object of the present invention is to provide means for suitably executing user authentication processing using user information transmitted by wireless communication.

  In order to achieve the above object, a system according to the present invention includes an information processing apparatus and an image forming apparatus, and the information processing apparatus acquires destination information from the image forming apparatus by a first communication method. The image forming apparatus includes: an acquisition unit configured to input; an input unit configured to input user authentication information; and a transmission unit configured to transmit the authentication information to a destination indicated by the destination information using a second communication method. Storage means for storing the destination information, display means for displaying an operation screen for using the function of the image forming apparatus, and receiving means for receiving the authentication information transmitted by the second communication method. And control means for enabling a user operation using the operation screen in response to successful authentication of the user using the authentication information.

  ADVANTAGE OF THE INVENTION According to this invention, a user's login process can be performed suitably based on the user authentication information transmitted by radio | wireless communication.

It is a figure which shows the structure of the whole system. 2 is a block diagram illustrating a hardware configuration of a multifunction peripheral and a mobile terminal. FIG. FIG. 2 is a block diagram illustrating a software configuration of a multifunction peripheral and a mobile terminal. FIG. 6 is a diagram illustrating a data format of a user authentication table held by a multifunction machine. It is a block diagram which shows the structure of a NFC reader / writer and a NFC tag seal. It is a figure which shows the data format of the NFC tag information stored in the NFC reader / writer. It is a figure which shows the screen displayed on the operation part of a portable terminal. FIG. 11 is a sequence diagram of local login using MFP-ID. 6 is a flowchart for explaining login processing in a multifunction peripheral. It is a flowchart for demonstrating the login process in a portable terminal. FIG. 10 is a sequence diagram of remote login when the MFP-ID is empty. FIG. 10 is a sequence diagram of local login using an NFC tag seal in the second embodiment. It is a sequence diagram of local login using portable terminal ID in a 3rd embodiment. It is a sequence diagram of the local login using Wi-Fi Direct connection in 4th Embodiment. FIG. 6 is a diagram illustrating a screen displayed on an operation unit of the multifunction machine.

  Embodiments of the present invention will be described below with reference to the accompanying drawings. The configurations shown in the following embodiments are merely examples, and the present invention is not limited to the illustrated configurations.

(First embodiment)
<System configuration>
FIG. 1 is a diagram showing an overall configuration of a system in the present embodiment. This system includes a wireless LAN access point 103, a multifunction machine 101, and a mobile terminal 102. The wireless LAN access point 103 and the multifunction machine 101 are connected to a local area network 104 (LAN). The LAN 104 is a wired network conforming to the Ethernet (registered trademark) standard. The MFP 101, the portable terminal 102, and the wireless LAN access point 103 are set with IP addresses for identifying devices.

  The wireless LAN access point 103 is a wireless LAN router that uses a wireless communication system defined by the IEEE802.11a / b / g / n standard. The wireless LAN access point 103 is configured to be able to communicate with the multi-function peripheral 101 via the wired LAN 104 and to be able to communicate with the portable terminal 102 via the wireless LAN 111.

  The multifunction machine 101 is an image forming apparatus having a copy function, a scan function, a network print function, and the like. In the present exemplary embodiment, the multifunction peripheral 101 is described as an example of the image forming apparatus. However, the image forming apparatus is not limited to the multifunction peripheral 101. For example, an SFP (Single Function Printer) may be used.

  The multifunction machine 101 includes an NFC reader / writer 105, and can perform short-range wireless communication between the mobile terminal 102 and NFC (Near Field Communication). The NFC reader / writer 105 is an NFC communication unit for two-way communication with the portable terminal 102 in a non-contact manner in accordance with a wireless communication standard.

  The multifunction machine 101 includes an operation unit 106. The operation unit 106 is a means for allowing the user to use various functions such as a copy function, a scan function, and a network print function of the multifunction machine 101. The operation unit 106 displays a function selection screen and a copy screen after performing user authentication processing described later. Specifically, when the user authentication process is successful, the operation unit 106 switches from the authentication screen to an initial screen such as a menu screen (function selection screen) for selecting various functions or a copy screen. The screen displayed on the operation unit 106 is also referred to as a local UI. In this way, the initial screen is displayed on the local UI, so that the user can operate.

  Note that the MFP 101 may use an NFC tag seal instead of the NFC reader / writer 105. An example using an NFC tag seal will be described with reference to FIG.

  The portable terminal 102 is a portable communication terminal device (information processing device) such as a smartphone or a tablet. The mobile terminal 102 is equipped with a camera, a network browser, a mail function, etc. in addition to the function of the mobile phone. The portable terminal 102 further includes an NFC reader / writer, and performs near field communication with the multifunction machine 101. The mobile terminal 102 includes a wireless LAN I / F, connects to the wireless LAN access point 103, and communicates with the multifunction machine 101. In the present embodiment, a portable terminal is used as an example of the information processing apparatus, but the information processing apparatus is not limited to the portable terminal. For example, a notebook PC or the like may be applied as the information processing apparatus. In addition, an IC card or the like may be applied as the information processing apparatus.

<Hardware configuration of MFP 101>
FIG. 2 is a block diagram showing a hardware configuration of the multifunction machine 101 and the portable terminal 102 shown in FIG. First, the hardware configuration of the multifunction machine 101 will be described. The CPU 201 is a processor (arithmetic unit) that controls the multifunction machine 101. A hard disk drive (HDD) 202 is a non-volatile storage device that stores software programs executed by the CPU 201 and data. A RAM 203 is a work area of the CPU 201, a reception buffer, and a volatile memory used for image drawing. The RAM 203 is provided by, for example, a DRAM (Dynamic Random Access Memory).

  The operation unit 106 is a touch panel type liquid crystal panel that provides a user interface having various switches and buttons. The operation unit 106 notifies the CPU 201 of a user instruction or displays screen data. The operation unit 106 also includes buttons for instructing login processing and logout processing of the multifunction machine 101.

  The NFC reader / writer 105 is an NFC communication unit for performing NFC communication. In the present embodiment, information necessary for user authentication and information necessary for wireless communication using Wi-Fi (registered trademark) (wireless communication information) are transmitted to and received from the mobile terminal 102. NFC transmits and receives data by non-contact wireless communication of about 0 to 10 cm.

  The wired LAN I / F 206 is a NIC (Network Interface Card) compliant with the Ethernet (registered trademark) standard. The wired LAN I / F 206 exchanges information with various network devices such as the wireless LAN access point 103 and a personal computer (not shown).

  The printer unit 207 is an image forming unit that prints on recording paper based on input image data. The printer unit 207 includes a paper feeding mechanism for taking out paper from a paper tray, a mechanism for feeding paper from the inside to the outside, a mechanism for transferring and fixing an image, and the like. The printer unit 207 has a finishing mechanism (finisher) as an additional function. The finishing mechanism has a function of sorting the printed material in units, stapling, and folding the printed material.

  The scanner unit 208 is an input device that shines light on a paper document and reads reflected light with an image sensor such as a CCD (Chage Coupled Devices). The scanner unit 208 includes a reading table such as glass for reading one document at a time. Further, an ADF (Auto Document Feeder) is attached to continuously read a plurality of stacked originals.

  Note that the hardware of 105, 106, 201-208 is connected by an internal bus (not shown) and can exchange data with each other.

<Hardware configuration of portable terminal 102>
Next, the hardware configuration of the mobile terminal 102 will be described. The CPU 209 is a processor (arithmetic device) that controls the mobile terminal 102. The flash memory 210 is a non-volatile memory that stores software programs executed by the CPU 209 and data. The RAM 211 is a volatile memory that the CPU 209 uses as a work area for executing a software program. The operation unit 212 is a touch panel type liquid crystal panel that can be operated with a user's finger. The wireless LAN I / F 213 is a wireless-compatible network interface that can connect to the wireless LAN access point 103 and perform network communication. The NFC reader / writer 214 performs processing for reading wireless communication information and the like written in the NFC reader / writer 105 of the multifunction peripheral.

<Software Configuration of MFP 101 in this Embodiment>
FIG. 3 is a diagram illustrating the software configuration of the multifunction machine 101 and the portable terminal 102. FIG. 3A is a block diagram illustrating a software configuration of the multifunction machine 101. The device driver 301 is a device driver for controlling various input / output devices.

  The application platform 302 is an application platform that manages the start or stop of applications and services that operate on the multifunction peripheral 101. The application platform 302 provides an API for exchanging data between applications and an API for using hardware functions from an application via a device driver group.

  The application platform 302 can be configured to include an operating system such as Linux (registered trademark), a virtual machine of JAVA (registered trademark), and an OSGi framework. JAVA (registered trademark) is a registered trademark of Oracle Corporation, and the OSGi framework is a JAVA (registered trademark) -based service platform defined by OSGi Alliance (standardization organization).

  The local application 303 includes a UI application that provides a user interface to the operation unit 106 of the multifunction peripheral 101, a copy application that provides a copy function, a scan application that provides a scan function, and the like. The remote application 304 provides a user interface described in HTML (screen data) to the mobile terminal 102 or a Web browser of a personal computer. The remote application 304 includes a multifunction device management application that provides a setting function of the multifunction device 101, a direct print application that provides a PDF format document print function, and the like.

(Login service)
The login service 305 exchanges user authentication information via the wireless LAN access point 103 when the portable terminal 102 is held over the NFC reader / writer 105, performs user authentication, and logs the authenticated user into the MFP 101. Let

  The login service 305 provides a local login function and a remote login function which will be described later. The login service 305 receives the user ID and password input from the mobile terminal 102 when performing local login or remote login, and performs user authentication.

  The login service 305 can switch whether to perform user management (ON) or not (OFF), and provides a local login or remote login service when performing user management. The user management function is switched on and off from, for example, an operation unit 106 of the multifunction peripheral 101 or a remote management computer (not shown) by an administrator having a certain authority.

  In the present embodiment, in order to allow a specific user to use various functions of the multifunction machine 101, making the operation unit 106 included in the multifunction machine 101 operable is referred to as “local login”. And

  On the other hand, in order to allow a specific user to use various functions of the multi-function peripheral 101, “remote login” refers to enabling operation using a device (for example, the mobile terminal 102) different from the multi-function peripheral 101. I will call it.

(Local login)
The login service 305 has two types of services, local login and remote login. When the local login is selected on the portable terminal 102, the operation unit 106 is occupied by the user and the multifunction peripheral 101 is made available. Specifically, an initial screen after login (menu screen (function selection screen) or a screen customized for the authenticated user) is displayed on the liquid crystal panel of the operation unit 106.

  The login service 305 permits the authenticated user to access the local application 303. Note that the number of users who can log in locally simultaneously is one, and a plurality of users cannot log in locally at the same time.

(Remote login)
The login service 305 acquires user authentication information via the LAN 104 and performs user authentication. When remote login is selected from the mobile terminal 102, access to the remote application 304 is permitted for the authenticated user. Specifically, Web content (HTML) for displaying an operation screen on the liquid crystal panel of the operation unit 212 of the mobile terminal 102 is transmitted to the mobile terminal 102. The login service 305 is configured so that a plurality of users can remotely log in at the same time.

<Software configuration of portable terminal 102>
FIG. 3B is a block diagram illustrating a software configuration of the mobile terminal 102. The device driver 306 is a device driver for controlling various hardware of the mobile terminal 102. The application platform 307 manages the activation of applications and services that operate on the mobile terminal 102. The application platform 307 provides an API for an application to use hardware functions via the device driver 306 and an API for accessing data stored in the flash memory 210. The application platform 307 can be configured by a platform such as Android (registered trademark) of Google, or iOS of Apple. Various applications can be installed on the mobile terminal 102 and run on the application platform 307. For example, it is assumed that the multifunction device application 308 and the Web browser 309 are available on the mobile terminal 102. The multifunction device application 308 is an application for performing user authentication using the portable terminal 102.

<User authentication information table>
FIG. 4 is a user authentication information table 401 that the login service 305 refers to when performing user authentication. The user authentication information table 401 includes a user ID and password used for user authentication. Information in the user authentication information table 401 is stored in the HDD 202. The user ID and password are registered through a user interface provided by the login service 305 according to an instruction from the administrator of the multifunction machine 101.

  The personal setting value corresponding to the user may be stored in the HDD 202 in association with the user ID included in the user authentication information table of FIG. The personal setting value is, for example, information on a display language of a screen displayed on the operation unit 106, information on an initial screen displayed immediately after login on the operation unit 106, or user preference setting information.

<Configuration of NFC reader / writer / NFC tag seal>
FIG. 5A is a diagram illustrating a configuration of the NFC reader / writer 105 provided in the multifunction machine 101.

  The NFC reader / writer 105 includes an NFC chip 501 and an antenna 502, and the NFC chip 501 includes an NFC tag controller 503 and a storage unit 504. Further, the NFC reader / writer 105 is connected to an internal bus (not shown) of the multi-function peripheral 101 via a wired interface 505. The CPU 201 of the multifunction machine 101 can read data from the storage unit 504 of the NFC reader / writer 105 and write data to the storage unit 504.

  The antenna 502 receives a specific radio wave from the outside. Then, the NFC tag controller 503 writes and reads data to and from the storage unit 504 in response to a data input / output request through the antenna 502, and returns data as necessary. Note that data access to the storage unit 504 can be performed only with power supplied from the antenna 502.

  FIG. 5B is a diagram illustrating a configuration of an NFC tag seal provided in the multifunction machine 101. The NFC tag seal 120 includes an NFC chip 506 and an antenna 507. The NFC chip 506 includes an NFC tag controller 509 and a storage unit 508. The antenna 507 receives specific radio waves from the outside, thereby supplying power to each block in the NFC chip 506 and communicating with an external NFC reader / writer (for example, the NFC reader / writer 214 of the mobile terminal 102). . The NFC tag controller 509 establishes near field communication by a known method. Further, the NFC tag controller 509 writes and reads data to and from the storage unit 508 in response to a data input / output request through the antenna 507, and returns data as necessary. Note that data access to the storage unit 508 can be performed only with power supplied from the antenna 507.

  FIG. 6 is a diagram showing the NFC tag information 601 stored in the storage unit 504 of the NFC reader / writer 105. The authentication information delivery destination is destination information, and in this embodiment is the IP address of the multifunction machine 101 (“172.123.456” in the example of FIG. 6). In this embodiment, an IP address is described as an example of destination information. However, for example, the host name of the MFP 101 may be used instead of the IP address. Further, a URL that combines a host name and a specific application name may be used as the destination information.

  The wireless LAN access point SSID is an identifier uniquely assigned to an access point corresponding to a communication method defined by a standard such as IEEE 802.11a / b / g / n, and stores the SSID of the wireless LAN access point 103. Yes. In the key information, a key (password) necessary for performing wireless communication with the wireless LAN access point 103 is stored. Note that the SSID and Key information of the wireless LAN access point included in the NFC tag information 601 is an example of wireless communication information.

  The MFP-ID is an ID used when executing a local login process or a remote login process. In the present embodiment, the MFP-ID is a character string that combines the serial number (zzz) of the MFP and the date and time (201404210900) when the MFP-ID was written. The MFP-ID may be only a serial number or may include a serial number and a writing date / time.

<Local login operation using portable terminal 102>
FIG. 8 is a sequence diagram of local login in this system.

  First, in order to perform local login, the user brings the mobile terminal 102 close to the NFC reader / writer 105 of the multifunction machine 101 (S1001), and uses the first wireless communication method, which is a communication method compatible with short-range wireless communication, to use the NFC tag. Information 601 is read (S1002). As shown in FIG. 6, the NFC tag information 601 includes destination information that is the IP address of the multifunction device, wireless communication information including the SSID and Key of the wireless LAN access point 103, and MFP-ID.

  Then, the mobile terminal 102 activates the MFP application 308 in response to the short-range wireless communication being performed (S1003). However, a method in which the portable terminal 102 is brought close to the multifunction device 101 in a state where the multifunction device application 308 is activated in advance may be used.

  Next, the mobile terminal 102 performs processing for establishing wireless communication by a wireless LAN standard method (second wireless communication method). Specifically, pairing with the wireless LAN access point 103 is executed using the SSID and Key of the wireless LAN access point 103 included in the NFC tag information 601 read in S1002 (S1004). The MFP application 308 of the portable terminal 102 displays a screen for inputting a user name and password as user authentication information on the operation unit 212 (S1005).

  FIG. 7 is an example of an operation screen displayed on the operation unit 212 of the mobile terminal 102. The operation screen of FIG. 7 is a screen displayed by the multifunction machine application 308 running on the application platform 307 such as Android OS or iOS.

  D701 in FIG. 7 is an operation screen displayed on the operation unit 212 in S1005. The portable terminal 102 accepts a local login selection as a login type from the user via the operation screen of D701 (S1006). Next, the portable terminal 102 allows the user to input the user ID and password via the operation screen of D701 (S1007), and then accepts the touch operation of the transmission button (S1008). Accordingly, the user authentication information is transmitted to the multi-function peripheral 101 by wireless communication established in S1004 (S1009). At this time, in addition to the user ID and password input in S1007, the MFP-ID included in the NFC tag information 601 acquired in S1002 is also transmitted as user authentication information. The user authentication information is transmitted as an HTTP request message for the URL generated by the MFP application 308. For transmission processing of user authentication information, HTTPS, which is a secure communication protocol using SSL, is used.

Specifically, the MFP application 308 generates the following URL, for example.
・ Https: // multifunction peripheral IP address / login type /? MFP-ID = zzzz-201404200900, UserID = taro, Password = 1234567
In the “multifunction machine IP address” portion of this URL, the multifunction machine IP address (173.123.456.789 in the example of FIG. 6) included in the NFC tag information 602 acquired in S1002 is set as the destination information. Is done. In the “login type” portion, a character string “Local-Login” is set when local login is selected on the screen of D701 in FIG. 7, and “Remote-Login” is selected when remote login is selected. Is set. In the sequence of FIG. 8, since local login is selected as the login type, the character string “Local-Login” is set. Then, the user ID and password input on the screen of D701, and the MFP-ID included in the NFC tag information 601 are added as URL arguments.

  If “Store ID and password” is selected, the user ID and password are stored in the flash memory 210, and the user ID and password input in step S1007 are set in the input field in advance.

  The multi-function peripheral 101 receives the user authentication information transmitted from the mobile terminal 102, and analyzes the received user authentication information (S1010). Subsequently, the MFP 101 performs user authentication processing by comparing the received user authentication information with the user authentication information table 401 (S1011), and executes local login processing when user authentication is successful (S1012).

  Next, the multifunction machine 101 transmits a user authentication success notification to the mobile terminal 102 (S1013). Then, the MFP 101 deletes the MFP-ID stored in the storage unit 504 of the NFC reader / writer 105 in order to restrict other people's local login (S1014).

  On the other hand, the portable terminal 102 displays a message (D705) indicating the success of user authentication on the operation unit 106 (S1015). Subsequently, the mobile terminal 102 detects the touch operation of the end button from the user (S1016), and stops the multifunction device application 308 (S1017).

  Through the processing up to this point, the multifunction peripheral 101 automatically performs local login by bringing the mobile terminal 102 close to it, and uses functions using the operation unit 106 of the multifunction peripheral 101 (for example, use of a copy function or a printer function). Is permitted to the user who possesses the portable terminal. Specifically, the multifunction machine 101 switches the local UI display of the operation unit 106 from the authentication screen to the menu screen (function screen) or the copy screen. And it will be in the state which receives the user operation for using the function of the multi-function peripheral 101. FIG.

  When the user of the portable terminal 102 finishes using the function, for example, the user presses the logout button provided in the operation unit 106 (S1018). The multifunction machine 101 that has detected this button press executes logout processing (S1019) and MFP-ID rewrite processing (S1020).

  Note that the MFP-ID in the storage unit 504 of the NFC reader / writer 105 is erased from S1014 to S1020. Therefore, even if the second user holds up a new mobile terminal, the MFP-ID cannot be read and local login cannot be executed.

  The basic login sequence between the mobile terminal 102 and the multifunction machine 101 has been described above. Next, individual processing flows of the portable terminal 102 and the multifunction peripheral 101 will be described with reference to FIGS.

<Processing flow in MFP 101>
FIG. 9 is a flowchart for explaining login processing in the multifunction machine 101. Each step shown in the flowchart of FIG. 9 is realized by the CPU 201 executing a program loaded from the HDD 202 to the RAM 203.

  First, the CPU 201 receives a user authentication request from the mobile terminal 102 or the like that is in close proximity to the multi-function peripheral 101 via the wireless LAN access point 103 (S1501). This request is an HTTP request message for a specific URL. HTTPS, which is a secure communication protocol using SSL, is used for the reception process of the user authentication request here.

In the user authentication request, the following user authentication information is described as a URL argument.
・ Https: // multifunction peripheral IP address / login type /? MFP-ID = zzzz-201404200900, UserID = taro, Password = 1234567
In step S <b> 1502, the CPU 201 acquires the MFP-ID written in the storage unit 504 of the NFC reader / writer 105. In step S1503, the CPU 201 determines whether the MFP-ID extracted from the received user authentication request (in the above example, “zzz-201404200900”) and the MFP-ID stored in the NFC reader / writer 105 acquired in step S1502 are the same. judge.

  If these MFP-IDs are different, the multi function peripheral 101 determines that the request is not an authentication request from a device close to the NFC reader / writer. Therefore, the CPU 201 returns an error message indicating that login is not possible to the device that transmitted the authentication request (S1504), and ends the process. The error message transmitted in S1504 is transmitted as an HTTP response message corresponding to the HTTP request message received in S1501. At this time, for example, a message such as “Please hold the mobile terminal over the multifunction device” may be notified to the user.

  On the other hand, if the MFP-ID is the same, the process advances to step S1505 to perform user authentication processing. In step S <b> 1505, the CPU 201 refers to the user authentication information table 401 using the user ID and password included in the user authentication information. In step S1506, it is determined whether the user authentication process is successful. If user authentication fails, the process advances to step S1507, and an authentication error is returned to the mobile terminal 102. Accordingly, for example, the screen of D702 in FIG. 7 is displayed on the operation unit 212 of the mobile terminal 102.

  On the other hand, if the user authentication is successful, the process advances to step S1508 to determine whether the login type added to the received user authentication information is a local login or a remote login. Specifically, if the character string “Local-Login” is described in the character string described in the URL path, the local login is performed. If the character string “Remote-Login” is described, the remote control is performed. Determine login.

  If the login type is local login, local login processing (S1509) in the multifunction machine 101 is executed. As a result, the operation unit 106 of the multi-function peripheral 101 becomes usable by the user who owns the portable terminal 102. At this time, the personal setting value of the authenticated user may be read from the HDD 202 and an operation screen customized for the user may be displayed on the operation unit 106. The personal setting value includes, for example, a display language of the operation screen displayed on the operation unit 106, information on an initial screen displayed on the operation unit 106 immediately after login, user preference settings, and the like.

  FIG. 15 is an example of an operation screen displayed on the operation unit 106 of the multifunction machine 101. FIG. 15A is an example in which the menu screen (function selection screen) of the multifunction machine 101 is displayed by executing the login process. FIG. 15B is an example in which a copy screen is displayed by executing the login process. For example, when the first user logs in, the screen of FIG. 15A may be displayed, and when the second user logs in, the screen of FIG. 15B may be displayed.

  In step S1510, the mobile terminal 102 is notified of a message indicating that user authentication has been successful. In step S <b> 1511, the CPU 201 deletes the MFP-ID stored in the storage unit 504 of the NFC reader / writer 105. In step S1512, it is determined whether logout of the multifunction peripheral 101 has been instructed, and loop processing is performed until a logout instruction is issued by the user. When logout is instructed, logout processing is executed in S1513. As a result, as shown in FIG. 15, for example, the operation screen of the operation unit 106 should touch NFC until a beep sound is heard. To a screen displaying a message such as “ In step S <b> 1514, the CPU 201 performs processing for writing the MFP-ID into the storage unit 504 of the NFC reader / writer 105. On the other hand, if the login type is not local login in S1508, remote login processing (S1515) in the MFP 101 is executed. Subsequently, in S1516, the HTML data (screen data) of the remote login top screen (D706) is transmitted. When remote login is executed, the login user is permitted to access the remote application 304 of the multifunction peripheral 101, and can use the setting function of the multifunction peripheral 101, the direct print function of the PDF document, and the like.

<Processing Flow of Multifunction Device Application 308 in Portable Terminal 102>
FIG. 10 is a flowchart for explaining login processing in the mobile terminal 102. Each step shown in the flowchart of FIG. 10 is realized by the CPU 209 executing a program loaded from the flash memory 210 to the RAM 211.

  First, the CPU 209 reads the NFC tag information 601 in the storage unit 504 of the NFC reader / writer 105 (S2001). Next, in S2002, the CPU 209 activates the MFP application 308 (S2002). In S2003, the CPU 209 acquires the wireless LAN access point SSID and the wireless LAN access point Key from the NFC tag information 601 acquired in S2001. Based on the acquired information, the wireless network interface 213 is controlled to establish a Wi-FI connection with the wireless LAN access point 103. In step S2004, the CPU 209 analyzes the acquired NFC tag information 601 and confirms whether the MFP-ID is empty. When the MFP-ID is empty, the local login is restricted because the local login is performed by another device. In step S2005, the CPU 209 displays a local UI error (D704) on the operation unit 212.

  On the other hand, if the MFP-ID is not empty, the process advances to step S2006, and the user selects local login or remote login as the type of login to be executed. In S2007, a user ID and a password are input as user authentication information. Next, in S2008, with the IP address of the multifunction device as the destination IP address, the login type selected in S2006, the MFP-ID acquired by NFC communication, and the user ID / password information input via the authentication screen Send.

  In step S2009, the CPU 209 receives the result of user authentication from the multi-function peripheral 101, and determines whether the result of user authentication is successful (S2010). When the user authentication is unsuccessful, the CPU 209 displays a user authentication error display (D702 in FIG. 7) on the operation unit 212 (S2011). If the user authentication is successful, it is determined in step S2012 whether the login type is local login. If the login type is local login, the process proceeds to S2013, and a successful user authentication display (D705) is performed (S2013). On the other hand, when the login type is remote login, the CPU 209 displays a remote login top screen (D706 in FIG. 7) on the operation unit 212 (S2014).

  As a modification, when it is confirmed in S2004 that the MFP-ID is empty, instead of displaying a local UI error (D704), remote login is automatically performed as shown in the sequence diagram of FIG. You may make it select.

  FIG. 11 is a sequence diagram for executing remote login when the MFP-ID is empty.

  The sequence diagram of FIG. 11 is started in a state where another user has already logged in locally and is operating the multifunction machine 101. First, the user brings the mobile terminal 102 close to the NFC reader / writer 105 of the multifunction machine 101 (S2501). The portable terminal 102 reads the NFC tag information 601 from the storage unit 504 of the NFC reader / writer 105 of the multifunction machine 101 (S2502). In this case, the MFP-ID in the NFC tag information 601 is empty because another user is logging in locally. When the MFP-ID is acquired empty, the mobile terminal 102 activates the Web browser 309 (S2503). Next, in S2504, the mobile terminal 102 connects to the wireless LAN access point 103 using the SSID and Key of the wireless LAN access point 103 included in the NFC tag information 601 read in S2502 (S2504). In step S <b> 2505, the mobile terminal 102 automatically selects remote login as the login type. The Web browser 309 transmits an HTTP request message to the URL including the MFP IP address and the login type (Remote-Login) automatically selected in S2505. Thereby, an acquisition request for an authentication screen (D703) for remote login is made to the login service 305 (S2506). The login service 305 of the MFP 101 returns HTML data (screen data) corresponding to the request in S2506 (S2507). In S2508, the Web page generated based on the HTML data received from the login service 305 is displayed on the operation unit 212 of the mobile terminal 102 as an authentication screen (D703) for remote login (S2508). As in the sequence of FIG. 8, user authentication information is input and transmitted (S2509 to S2511), and user authentication processing based on the user authentication information is executed (S2512). If the user authentication is successful in S2512, remote login processing is performed according to the designation of the portable terminal 102 (S2513). In S2514, the HTML data of the remote login top screen (D706) is acquired (S2514), and the remote login top screen (D706) is displayed on the operation unit 212 of the portable terminal 102 (S2515).

  As described above, by implementing the configuration described in the first embodiment, only the user who holds the portable terminal 102 over the NFC reader / writer 105 of the multifunction machine 101 can log in the multifunction machine 101 locally. In addition, a configuration in which user authentication information is input via the authentication screen of the operation unit 212 of the mobile terminal 102 is adopted, and the user authentication information is transmitted by secure communication. The risk of being read can be reduced.

  Further, when the MFP-ID is empty, the remote login is automatically selected. As a result, even when another user is logged in to the multifunction peripheral 101 locally, remote login can be performed to acquire the state of the multifunction peripheral 101 and to operate a management application.

  In the present embodiment, NFC has been described as an example of the first wireless communication method. However, the first wireless communication method is not limited to NFC. For example, it may be IrDa (Infrared Data Association).

  In the present embodiment, Wi-Fi has been described as an example of the second wireless communication method, but the second wireless communication method is not limited to Wi-Fi. For example, it may be Bluetooth (registered trademark).

(Second Embodiment)
Next, a second embodiment will be described. In the first embodiment, the MFP 101 includes the NFC reader / writer 105, and the CPU 201 can read and write the NFC tag information 601 (particularly MFP-ID) in the storage unit 504 via the wired interface 505. . However, in the second embodiment, as shown in FIG. 5B, a configuration example that can be realized by using an inexpensive NFC tag seal 120 instead of the NFC reader / writer will be described.

In the second embodiment, the MFP-ID is a combination of the serial number (zzzz) and serial number (0000010) of the multifunction machine 101. Using this serial number, it is determined whether the MFP-ID is the latest one.
MFP-ID: zzz-0000010
FIG. 12 is a sequence diagram of local login using the NFC tag seal 120 in the second embodiment.

  In order to perform local login, the user brings the mobile terminal 102 close to the NFC tag seal 120 of the multifunction machine 101 (S3501), and reads the NFC tag information 601 by the first wireless communication method, which is a short-range wireless communication method ( S3502). The portable terminal 102 activates the multifunction machine application 308 (S3503). Next, the MFP-ID included in the NFC tag information 601 is referred to, and 1 is added to the serial number (S3504). Subsequently, the MFP-ID (zzz-0000011) is written into the NFC tag seal 120 using the writer function of the NFC reader / writer 214 provided in the portable terminal 102 (S3505). From S3506 to S3511, similarly to the sequence diagram of FIG. 8, wireless communication is performed by the wireless LAN standard method (second wireless communication method) using the SSID and Key of the wireless LAN access point 103. Then, it connects to the wireless LAN access point 103 and transmits user authentication information.

  The multi-function peripheral 101 analyzes the received user authentication information (S3512). Specifically, the CPU 201 determines whether or not the serial number of the MFP-ID received this time is larger than the MFP-ID (previously received) held in advance in the HDD. If the received MFP-ID serial number is larger, the processing is continued as the latest MFP-ID, and the received MFP-ID is stored in the HDD 202 of the multi-function peripheral 101. Subsequently, user authentication processing is performed in S3514. If user authentication is successful, local login processing is performed (S3516). The subsequent processing is the same as that in the sequence diagram of FIG.

  As described above, in the configuration using the NFC tag seal 120, the multifunction peripheral 101 cannot directly refer to the NFC tag information 601. Therefore, the MFP 101 stores in advance the MFP-ID transmitted from the portable terminal 102 in the HDD 202 and compares it with the serial number of the received MFP-ID, so that the received user authentication information is a correct request. Is judged.

  As described above, by implementing the configuration described in the second embodiment, local login processing using the mobile terminal 102 can be performed even when the multifunction machine 101 includes the inexpensive NFC tag seal 120.

(Third embodiment)
Next, a third embodiment will be described. In the first embodiment and the second embodiment, the MFP-ID is included in the NFC tag information 601. If the MFP-ID is added to the user authentication information received via the LAN 104, the multi-function peripheral 101 has determined that the authentication request is from the portable terminal 102 in the vicinity of the multi-function peripheral 101. However, the third embodiment describes a configuration example that is realized by writing a unique ID (mobile terminal ID) to the multifunction peripheral 101 without using the MFP-ID.

  FIG. 13 is a sequence diagram for explaining the local login operation using the mobile terminal ID. In order to perform local login, the user brings the mobile terminal 102 close to the NFC reader / writer 105 of the multifunction machine 101 (S6501), and acquires the NFC tag information 601 (S6502). The NFC tag information 601 acquired in S6502 does not include the MFP-ID, but includes only the MFP IP address, the SSID of the wireless LAN access point 103, and key information. The portable terminal 102 activates the multifunction machine application 308 (S6503). Subsequently, the portable terminal ID is written into the NFC reader / writer 105 using the writer function of the NFC reader / writer 214 provided in the portable terminal 102 (S6504). From S6505 to S6511, similarly to the sequence diagram of FIG. 8, wireless communication is connected and user authentication information is transmitted.

  The multi-function peripheral 101 analyzes the received user authentication information (S6512). Specifically, it is determined whether the mobile terminal ID added to the user authentication information matches the mobile terminal ID in the NFC tag information 601. If the mobile terminal IDs match, it is determined that the request is an authentication request from the mobile terminal 102 that has performed short-range wireless communication with the NFC reader / writer 105 (in the vicinity of the multifunction machine 101), and user authentication processing is performed (S6513). If the user authentication is successful, a local login process is performed (S6514). The subsequent processing is the same as that in the sequence diagram of FIG.

  As described above, by implementing the configuration described in the third embodiment, local login processing using the mobile terminal 102 can be realized without storing the MFP-ID in the NFC reader / writer 105.

(Fourth embodiment)
Next, a fourth embodiment will be described. In the first, second, and third embodiments, the multifunction machine 101 is connected to the wireless LAN access point 103 via the LAN 104. The mobile terminal 102 makes an authentication request to the multifunction machine 101 by connecting to the wireless LAN access point 103. However, in the fourth embodiment, an example will be described in which the multifunction peripheral 101 operates as an access point in accordance with a standard called Wi-FiDirect (registered trademark) established by Wi-Fi Alliance. Furthermore, in the fourth embodiment, by writing the MAC address of the portable terminal 102 as the portable terminal ID in the NFC reader / writer 105 of the multifunction machine 101, Wi-Fi Direct connection is performed and data is transferred to the multifunction machine 101. Is also possible. In this case, the wireless LAN access point 103 becomes unnecessary. A configuration example is shown below.

  FIG. 14 is a sequence diagram for explaining an operation of local login using Wi-Fi Direct connection. In order to perform local login, the user brings the mobile terminal 102 close to the NFC reader / writer 105 of the multifunction machine 101 (S8001) and reads the NFC tag information 601 (S8002). The NFC tag information 601 read in S8002 includes the MFP IP address, the SSID of the MFP 101 itself, and Key information. The portable terminal 102 activates the multifunction machine application 308 (S8003). Subsequently, the MAC address of the portable terminal 102 is written into the NFC reader / writer 105 using the writer function of the NFC reader / writer 214 provided in the portable terminal 102 (S8004).

  The multi-function peripheral 101 detects writing to the NFC reader / writer 105, enables the WiDirect function, and waits for a connection from the portable terminal 102 (S8005). The portable terminal 102 requests WiFi Direct connection using the SSID and key information of the multifunction machine 101 acquired in S8002 (S8006). Subsequently, if the MAC address in the NFC reader / writer 105 is identical to the MAC address of the portable terminal requested to connect in S8006, the multi-function peripheral 101 establishes a Wi-Fi Direct connection.

  Steps S8007 to S8010 are the same as the processing shown in the sequence diagram of FIG. In step S8011, the user authentication information is transmitted to the multifunction machine 101. This user authentication information does not include a unique ID of the multifunction device or the portable terminal. This is because wireless communication is directly connected between the portable terminal 102 and the multifunction peripheral 101, and user authentication information is not transmitted from other information devices.

  Subsequently, the multifunction machine 101 performs an analysis process on the received user authentication information (S8012). Specifically, only the login type is confirmed. In this embodiment, user authentication information for local login is accepted only when Wi-Fi Direct communication is enabled. This is because, in the user authentication information analysis process (S8012), only the login type is confirmed, so that it is impossible to determine whether the request is for the mobile terminal 102 or from another information device from the user authentication information. Next, user authentication processing is performed in S8013, and if user authentication is successful, local login processing is performed (S8014).

  The subsequent processing is the same as that in the sequence diagram of FIG.

  As described above, by implementing the configuration described in the fourth embodiment, local login processing using the mobile terminal 102 can be realized without using the wireless LAN access point 103.

(Other embodiments)
The present invention supplies a program that realizes one or more functions of the above-described embodiments to a system or apparatus via a network or a storage medium, and one or more processors in a computer of the system or apparatus read and execute the program This process can be realized. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

101 MFP 102 Mobile terminal 103 Wireless LAN access point 104 Local area network 105 NFC reader / writer 106 Operation unit

Claims (15)

A system having an information processing apparatus and an image forming apparatus,
The information processing apparatus includes:
Obtaining means for obtaining destination information from the image forming apparatus by a first communication method;
An input means for inputting user authentication information;
Transmitting means for transmitting the authentication information to a destination indicated by the destination information by a second communication method;
The image forming apparatus includes:
Storage means for storing the destination information;
Display means for displaying an operation screen for using the function of the image forming apparatus;
Receiving means for receiving authentication information transmitted by the second communication method;
In response to the successful authentication of the user using the authentication information, a control unit that enables a user operation using the operation screen;
Having a system.   The system according to claim 1, wherein the control unit switches the display of the display unit from the authentication screen to the operation screen in response to the successful authentication of the user.   The system according to claim 1, wherein the operation screen is a function selection screen for selecting a function included in the image forming apparatus.   The system according to claim 1, wherein the control unit displays an operation screen corresponding to the authenticated user on the display unit as an initial screen.   The system according to any one of claims 1 to 4, wherein the first communication method is a communication method compatible with short-range wireless communication, and the second communication method is a wireless LAN.   The system according to claim 1, wherein the destination information is an IP address or a host name of the image forming apparatus. The acquisition means further acquires communication information necessary for performing communication according to the second communication method,
The system according to claim 1, wherein the transmission unit establishes communication with an access point corresponding to the second communication method based on the communication information. An ID is written in the storage means,
The acquisition unit acquires the ID together with the destination information from the image forming apparatus,
The transmitting means transmits the ID together with the authentication information,
8. The control unit according to claim 1, wherein the control unit controls whether or not to perform user authentication based on whether or not the ID is added to the authentication information received by the receiving unit. The system according to any one of the above.   The system according to claim 8, wherein the ID is a serial number of the image forming apparatus. The receiving means receives information indicating a login type together with authentication information,
The control means allows the user operation using the operation screen based on the information indicating the login type received by the receiving means, or screen data for displaying the operation screen on the information processing apparatus The system according to any one of claims 1 to 9, wherein the system controls whether or not to transmit. The information processing apparatus further includes writing means for writing an ID into the storage means,
The transmission means transmits the ID added to the authentication information,
The system according to claim 1, wherein the control unit controls whether to perform user authentication based on whether the ID is added to the received authentication information. An acquisition unit that acquires destination information by a first communication method, an input unit that inputs user authentication information, and a transmission unit that transmits the authentication information to a destination indicated by the destination information by a second communication method An image forming apparatus capable of communicating with an information processing apparatus having
Storage means for storing the destination information;
Display means for displaying an operation screen for using the function of the image forming apparatus;
Receiving means for receiving authentication information transmitted by the second communication method;
In response to the successful authentication of the user using the authentication information, a control unit that enables a user operation using the operation screen;
An image forming apparatus comprising: Storage means for storing destination information, display means for displaying an operation screen for using the function of the apparatus, receiving means for receiving authentication information transmitted by the second communication method, and using the authentication information An information processing apparatus capable of communicating with an image forming apparatus having a control unit that enables a user operation using the operation screen in response to successful user authentication,
Obtaining means for obtaining destination information from the image forming apparatus by a first communication method;
An input means for inputting user authentication information;
An information processing apparatus comprising: a transmission unit configured to transmit the authentication information to a destination indicated by the destination information by the second communication method. A control method for a system including an information processing apparatus and an image forming apparatus including a storage unit that stores destination information.
An acquisition step in which the information processing apparatus acquires destination information from the image forming apparatus by a first communication method;
An input step in which the information processing apparatus inputs user authentication information;
A step of transmitting the authentication information to a destination indicated by the destination information by a second communication method;
A display step for displaying an operation screen for using the function of the image forming apparatus;
A receiving step of receiving authentication information transmitted by the second communication method;
A control step that enables a user operation using the operation screen in response to successful authentication of the user using the authentication information;
A control method characterized by comprising: Storage means for storing destination information, display means for displaying an operation screen for using the function of the apparatus, receiving means for receiving authentication information transmitted by the second communication method, and using the authentication information An information processing apparatus capable of communicating with an image forming apparatus having a control unit that enables a user operation using the operation screen in response to successful user authentication.
An acquisition step of acquiring destination information from the image forming apparatus by a first communication method;
An input step for entering user authentication information;
A transmission step of transmitting the authentication information to a destination indicated by the destination information by a second communication method;
A program characterized by having executed.

Images