INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREOF, STORAGE MEDIUM, AND IMAGE PROCESSING APPARATUS

US 20130318585A1
Filed: 05/08/2013
Published: 11/28/2013
Est. Priority Date: 05/22/2012
Status: Active Grant

First Claim

Patent Images

1. An information processing apparatus comprising:

an authentication unit configured to execute processing for user authentication using any one of a plurality of authentication methods;

a management unit configured to manage a user credential generated when said authentication unit authenticates a user;

a setting unit configured to record setting contents whether or not to permit the credential managed by said management unit to be used for a specific authentication method of the plurality of authentication methods of said authentication unit, to execute a function included in said information processing apparatus;

a decision unit configured to decide, when said authentication unit authenticates a user using the specific authentication method and the user instructs to execute the function included in said information processing apparatus, whether or not the function uses the user credential according to setting contents set by said setting unit; and

a control unit configured to control, when said decision unit decides to permit use of the credential, to execute the function using the credential, and to control, when said decision unit decides to inhibit use of the credential, to prompt the user to execute user authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user credential sharing mechanism which can suitably implement a single sign-on function while preventing illicit accesses by accidental matches of authentication data in a mixed environment of an environment suitable for use of a single sign-on function and an unsuitable environment is provided. To accomplish this, when an information processing apparatus of this invention receives, from a user, an access request instruction to an external apparatus connected to be able to communicate with the information processing apparatus, if an authentication protocol related to user credentials generated at the time of a login operation is that which can limit a security domain, the apparatus accesses the external apparatus using the user credentials, and if that authentication protocol is that which cannot limit a security domain, the apparatus prompts the user to input an account accessible to the external apparatus.

73 Citations

View as Search Results

15 Claims

1. An information processing apparatus comprising:
- an authentication unit configured to execute processing for user authentication using any one of a plurality of authentication methods;
  
  a management unit configured to manage a user credential generated when said authentication unit authenticates a user;
  
  a setting unit configured to record setting contents whether or not to permit the credential managed by said management unit to be used for a specific authentication method of the plurality of authentication methods of said authentication unit, to execute a function included in said information processing apparatus;
  
  a decision unit configured to decide, when said authentication unit authenticates a user using the specific authentication method and the user instructs to execute the function included in said information processing apparatus, whether or not the function uses the user credential according to setting contents set by said setting unit; and
  
  a control unit configured to control, when said decision unit decides to permit use of the credential, to execute the function using the credential, and to control, when said decision unit decides to inhibit use of the credential, to prompt the user to execute user authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus according to claim 1, wherein the specific authentication method is an authentication method which is not configured to limit a security domain.
  - 3. The apparatus according to claim 2, wherein the authentication method which is not configured to limit a security domain is local authentication.
  - 4. The apparatus according to claim 2, wherein the authentication method which is not configured to limit a security domain is LDAP authentication.
  - 5. The apparatus according to claim 2, wherein when said authentication unit executes processing for user authentication using an unknown authentication method, the unknown authentication method is treated as an authentication protocol which is not configured to limit a security domain.
  - 6. The apparatus according to claim 1, wherein a user credential generated based on user authentication using the specific authentication method by said authentication unit does not include domain information.
  - 7. The apparatus according to claim 1, wherein a user credential generated based on user authentication using the specific authentication method by said authentication unit is plaintext information.
  - 8. The apparatus according to claim 1, wherein the function is a transmission function of transmitting data to an external server, andthe transmission function requests user authentication required to access the external server using the user credential or authentication information input by the user.
  - 9. The apparatus according to claim 1, wherein said management unit stores a generated credential in a storage unit, and discards the credential stored in the storage unit when the user is released from an authentication state.
  - 10. The apparatus according to claim 1, wherein an authentication method which is not the specific authentication method of the plurality of authentication methods is an authentication protocol which is configured to limit a security domain.
  - 11. The apparatus according to claim 10, wherein the authentication protocol which is configured to limit a security domain is Kerberos authentication.
  - 12. The apparatus according to claim 1, wherein when said decision unit decides to inhibit use of the credential, said control unit controls to display a screen used to input information required for user authentication on an operation screen.

13. A control method of an information processing apparatus, which includes an authentication unit configured to execute processing for user authentication using any one of a plurality of authentication methods and a management unit configured to manage a credential generated when the authentication unit authenticates a user, the method comprising:
- a setting step of setting whether or not to permit the credential managed by the management unit to be used for a specific authentication method of the plurality of authentication methods of the authentication unit, to execute a function included in the information processing apparatus;
  
  a decision step of deciding, when the authentication unit authenticates a user using the specific authentication method and the user instructs to execute the function included in the information processing apparatus, whether or not the function uses the user credential according to setting contents set in the setting step; and
  
  a control step of controlling, when it is decided in the decision step to permit use of the credential, to execute the function using the credential, and controlling, when it is decided in the decision step to inhibit use of the credential, to prompt the user to execute user authentication.
- View Dependent Claims (14)
- - 14. A non-transitory computer-readable storage medium storing a program for causing a computer to perform the method of claim 13.

15. An image processing apparatus having a single sign-on function, comprising:
- an authentication unit configured to authenticate a user who logs in to said image processing apparatus;
  
  a storage unit configured to store a user credential including authentication information used in user authentication by said authentication unit and information indicating an authentication protocol related to the user credential in association with each other;
  
  a reading unit configured to read an image from an original;
  
  a determination unit configured to determine, when an instruction to transmit image data of an original read by said reading unit to an external apparatus connected to be able to communicate with said image processing apparatus is received from a user, whether or not the external apparatus is accessible using the user credential, based on the user credential of the user and the information indicating the authentication, which are stored in said storage unit; and
  
  a control unit configured to prompt, when said determination unit determines that the external apparatus is not accessible using the user credential, to input an account accessible to the external apparatus, and to transmit, when said determination unit determines that the external apparatus is accessible using the user credential, the image data of the original read by said reading unit to the external apparatus,wherein when the authentication protocol is an authentication protocol which is configured to limit a security domain, said determination unit determines that the external apparatus is accessible using the user credential, and when the authentication protocol is an authentication protocol which is not configured to limit a security domain, said determination unit determines that the external apparatus is not accessible using the user credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Ayutthaya Limited (Canon Inc.)
Original Assignee
Canon Ayutthaya Limited (Canon Inc.)
Inventors
Hosoda, Yasuhiro

Granted Patent

US 9,166,968 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREOF, STORAGE MEDIUM, AND IMAGE PROCESSING APPARATUS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

73 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREOF, STORAGE MEDIUM, AND IMAGE PROCESSING APPARATUS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links