Two-pass device access management

US 20030167336A1
Filed: 12/05/2002
Published: 09/04/2003
Est. Priority Date: 12/05/2001
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user based on centralized access management information accessible by a server, the method comprising:

authenticating the walk-up user based on authentication information corresponding to the user;

determining, at the server, a first level of access to the networked peripheral device available to the walk-up user based on the access management information;

transmitting access management information for the walk-up user to the networked peripheral device a centralized location indicative of the determined first level of access;

determining, at the networked peripheral device, a second level of access to the networked peripheral device available to the walk-up user based on the received access management information; and

allowing the walk-up user to access to the networked peripheral device based on the first and second determined levels of access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access control to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user, based on centralized access management information. Access control comprises receiving authenticated information for the walk-up user from the networked peripheral device at a centralized location, determining at a server connected to the network a first level of access to the networked peripheral device, determining at the networked peripheral device a second level of access to the networked peripheral device by the walk-up user based on received access management information for the walk-up user, and allowing the walk-up user to access determined user-available features of the networked peripheral device based on the determined first and second levels of access.

Citations

18 Claims

1. A method for controlling access to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user based on centralized access management information accessible by a server, the method comprising:
- authenticating the walk-up user based on authentication information corresponding to the user;
  
  determining, at the server, a first level of access to the networked peripheral device available to the walk-up user based on the access management information;
  
  transmitting access management information for the walk-up user to the networked peripheral device a centralized location indicative of the determined first level of access;
  
  determining, at the networked peripheral device, a second level of access to the networked peripheral device available to the walk-up user based on the received access management information; and
  
  allowing the walk-up user to access to the networked peripheral device based on the first and second determined levels of access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14)
- - 2. A method according to claim 1, wherein the networked peripheral device is a multifunction peripheral device.
  - 3. A method according to claim 1, wherein the access management information is supplied by an authentication server once the authentication server authenticates the walk-up user based on authentication information received from the networked peripheral device.
  - 4. A method according to claim 1, wherein a user interface is devised by the networked peripheral device that is specific to the determined second access level.
  - 5. A method according to claim 1, wherein buttons on a keypad on the device are enabled and/or disabled according to the determined second access level.
  - 6. A method according to claim 1, wherein the access management information is supplied by an authentication server that authenticates both the walk-up user and the remote user.
  - 7. A method according to claim 3, wherein the authentication information is a username and/or password.
  - 8. A method according to claim 3, wherein the authentication information is entered by inserting a smart card at the networked peripheral device.
  - 9. A method according to claim 6, wherein the access management information is encrypted.
  - 10. A method according to claim 3, wherein the authentication information received from the networked peripheral device is encrypted.
  - 11. A method according to claim 1, wherein the determined first level of access indicates that the walk-up user should have no access to the networked peripheral device, and wherein access management information includes an “
    - access denied”
      
      message.
  - 14. An apparatus for controlling access to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user based on centralized access management information accessible by a server, said apparatus comprising means for performing the functions specified in any of claims 1 to 11.

12. A computer-readable memory medium in which computer-executable process steps are stored, the process steps for controlling access to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user based on centralized access management information accessible by a server, wherein the process steps comprise:
- an authenticating step of authenticating the walk-up user based on authentication information corresponding to the user;
  
  a first determining step of determining, at the server, a first level of access to the networked peripheral device available to the walk-up user based on the access management information;
  
  a transmitting step of transmitting access management information for the walk-up user to the networked peripheral device a centralized location based on the determined first level of access;
  
  a second determining step of determining, at the networked peripheral device, a second level of access to the networked peripheral device available to the walk-up user based on the received access management information; and
  
  an allowing step of allowing the walk-up user to access to the networked peripheral device based on the first and second determined levels of access.

13. A computer-executable program code stored on a computer readable medium, said computer-executable program code for controlling access to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user based on centralized access management information accessible by a server, said computer-executable program code comprising:
- code to authenticate the walk-up user based on authentication information corresponding to the user;
  
  code to determine, at the server, a first level of access to the networked peripheral device available to the walk-up user based on the access management information;
  
  code to transmit access management information for the walk-up user to the networked peripheral device a centralized location based on the determined first level of access;
  
  code to determine, at the networked peripheral device, a second level of access to the networked peripheral device available to the walk-up user based on the received access management information; and
  
  code to allow the walk-up user to access to the networked peripheral device based on the first and second determined levels of access determined by the network peripheral device.

15. A server for use in controlling access to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user based on centralized access management information accessible by a server, the server comprising:
- receiving a request for access policy information, the request including authentication information;
  
  authenticating the user using the authentication information;
  
  determining a level of access to features and/or services of the networked peripheral device available to the walk-up user based on centralized access management information; and
  
  transmitting access management information for the user to the networked peripheral device, which comprises an access policy in a case that authentication of the user is successful and the user is authorized to use at least some portion of the features and/or services of the networked peripheral device.
- View Dependent Claims (16)
- - 16. A server according to claim 15, further comprising:
    - transmitting an error message as the access management information in a case that either authentication of the user failed or the walk-up user has no level of access to features and/or services of the networked peripheral device.

17. A method of controlling access to a networked peripheral device by a walk-up user, wherein the networked peripheral device is accessible by both the walk-up user and a remote user based on centralized access management information accessible over a network, the method comprising:
- transmitting authentication information over the network;
  
  receiving, over the network, access management information for the walk-up user at the networked peripheral device from the centralized location;
  
  examining the received access management information to determine whether it includes an access policy corresponding to the walk-up user;
  
  determining, at the networked peripheral device, a level of access to the networked peripheral device available to the walk-up user based on received access policy in a case that an access policy is received by the networked peripheral device; and
  
  allowing the walk-up user to access the networked peripheral device based on the determined level of access.
- View Dependent Claims (18)
- - 18. A method according to claim 17, wherein the access policy is received by the network peripheral device in a case that the user is authenticated by a server connected to the network and a first-level authorization performed by the server based on the access management information of the walk-up user is successful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Yang, Joseph, Khosrova, Eliza, Martinez, Martin, Seikh, Attaullah, Iwamoto, Neil Y., Chern, Wei-Jhy, Slick, Royce E., Paek, Jeanette Yang

Granted Patent

US 7,167,919 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/608   Secure printing

G06F 21/6218   to a system of files or obj...

G06F 21/84   output devices, e.g. displa...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2149   Restricted operating enviro...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04N 1/00509   Personalising for a particu...

Two-pass device access management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Two-pass device access management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links