INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS AND METHOD AND PROGRAM THEREFOR

US 20080178265A1
Filed: 12/26/2007
Published: 07/24/2008
Est. Priority Date: 12/28/2006
Status: Active Grant

First Claim

Patent Images

1. An information processing system, in which one or plural information processing apparatuses, a first authentication server storing first authentication information for permitting use of the information processing apparatus, and a second authentication server storing at least second authentication information for identifying a user, are capable of communication through a communication medium,wherein the first authentication server comprises:

an authentication information storing unit configured to store a first authentication information for permitting use of the information processing apparatus;

a determination unit configured, in order to execute an authentication based on the first authentication information received from the information processing apparatus, to determine whether the first authentication information is stored in the authentication information storing unit;

an enquiry unit configured to enquire registration of the first authentication information to the information processing apparatus, when the determination unit determines that the first authentication information received from the information processing apparatus is not stored in the authentication information storing unit;

a first request unit configured, upon receiving a request for registration from the information processing apparatus as a response to the enquiry by the enquiry unit, to request an authentication based on a second authentication information for identifying the user contained in the request for registration to the second authentication server; and

a registration unit configured, in response to a reception of a result indicating that the second authentication information is registered in the second authentication server from the second authentication server as a response to the request by the first request unit, to register the second authentication information and the first authentication information that is determined by the determination unit as not stored in the authentication information storing unit in mutual combination in the authentication information storing unit, andwherein the information processing unit comprises;

a second request unit configured to transmit the input first authentication information to the first authentication server thereby requesting an authentication based on the first authentication information to the first authentication server;

a result acquiring unit configured to acquire a result based on the determination by the determination unit from the first authentication server in response to the request from the second request unit;

a permission unit configured to permit use of the information processing apparatus when the authentication is determined as successful based on the result acquired by the result acquiring unit; and

a registration request unit that is configured, in the case that the authentication is determined as failed based on the result acquired by the result acquiring unit and in the case of receiving an enquiry for the registration of the first authentication information, to transmit the second authentication information for identifying the user input from an operation unit to the first authentication server thereby requesting a registration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is to alleviate cumbersome operations of manager such as registration and deletion of authentication information. A card ID read from an IC card is transmitted to an IC card authentication server to obtain a first authentication result, and when the first authentication result indicates a successful authentication, the use of a composite apparatus is permitted. When the first authentication result indicates a failed authentication, an input user name is transmitted to a directory service server to obtain a second authentication result, and, when the second authentication result indicate a successful authentication, the card ID failing the authentication and the user name succeeding in the authentication are transmitted for requesting a registration to an IC card authentication server, which, receiving the request, registers the card ID and the user name in the registration request in combination in an authentication table.

37 Citations

View as Search Results

17 Claims

1. An information processing system, in which one or plural information processing apparatuses, a first authentication server storing first authentication information for permitting use of the information processing apparatus, and a second authentication server storing at least second authentication information for identifying a user, are capable of communication through a communication medium,wherein the first authentication server comprises:
- an authentication information storing unit configured to store a first authentication information for permitting use of the information processing apparatus;
  
  a determination unit configured, in order to execute an authentication based on the first authentication information received from the information processing apparatus, to determine whether the first authentication information is stored in the authentication information storing unit;
  
  an enquiry unit configured to enquire registration of the first authentication information to the information processing apparatus, when the determination unit determines that the first authentication information received from the information processing apparatus is not stored in the authentication information storing unit;
  
  a first request unit configured, upon receiving a request for registration from the information processing apparatus as a response to the enquiry by the enquiry unit, to request an authentication based on a second authentication information for identifying the user contained in the request for registration to the second authentication server; and
  
  a registration unit configured, in response to a reception of a result indicating that the second authentication information is registered in the second authentication server from the second authentication server as a response to the request by the first request unit, to register the second authentication information and the first authentication information that is determined by the determination unit as not stored in the authentication information storing unit in mutual combination in the authentication information storing unit, andwherein the information processing unit comprises;
  
  a second request unit configured to transmit the input first authentication information to the first authentication server thereby requesting an authentication based on the first authentication information to the first authentication server;
  
  a result acquiring unit configured to acquire a result based on the determination by the determination unit from the first authentication server in response to the request from the second request unit;
  
  a permission unit configured to permit use of the information processing apparatus when the authentication is determined as successful based on the result acquired by the result acquiring unit; and
  
  a registration request unit that is configured, in the case that the authentication is determined as failed based on the result acquired by the result acquiring unit and in the case of receiving an enquiry for the registration of the first authentication information, to transmit the second authentication information for identifying the user input from an operation unit to the first authentication server thereby requesting a registration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. An information processing system according to claim 1, wherein the first authentication server further comprises:
    - a black list storing unit configured to store a black list information registering the first authentication information for which the use of the information processing apparatus is not permitted; and
      
      a search unit configured to search whether the first authentication information received from the information processing apparatus is registered in the black list information stored in the black list storing unit; and
      
      wherein the information processing apparatus further comprises;
      
      a search result acquiring unit configured to acquire a result of the search by the search unit; and
      
      a determination unit configured to determine not to permit the use of the information processing apparatus in the case that the result of search acquired by the search result acquiring unit indicates that the first authentication information is registered in the black list information.
  - 3. An information processing system according to claim 1, wherein the first authentication server further comprises:
    - a registration determination unit configured to determine whether the second authentication information, requested for registration by the registration request unit, is registered in the authentication information storing unit; and
      
      a transmission unit configured to transmit a result of determination by the registration determination unit to the information processing apparatus;
      
      wherein the information processing apparatus further comprises;
      
      a registration request transmission unit that is configured, in the case that a result of determination by the registration determination unit indicates that the second authentication information is registered, to transmit, to the first authentication server, an overwrite registration request for registering the first authentication information combined with the second authentication information registered by the registration unit by overwriting the first authentication information requested by the second request unit; and
      
      wherein the registration unit of the first authentication server, upon receiving the overwrite registration request, registers the first authentication information registered by the registration unit by overwriting the first authentication information requested by the request unit.
  - 4. An information processing system according to claim 1, wherein the first authentication server further comprises:
    - a period setting unit configured to set a period for registering the first authentication information;
      
      a latest log-in time storing unit configured to store a latest time information at which the authentication is successful in the authentication unit as a latest log-in time in combination with the first authentication information; and
      
      a deletion unit configured, in the case that the period set by the period setting unit elapses from the latest log-in time stored in the latest log-in time storing unit, to delete the first authentication information combined with the latest log-in time and the second authentication information combined with the first authentication information from the authentication information storing unit.
  - 5. An information processing system according to claim 1, wherein the first authentication server further comprises:
    - a second authentication server enquiry unit configured to enquire whether the second authentication information stored in the authentication information storing unit is registered in the second authentication server;
      
      a second authentication information acquiring unit configured to acquire, from the second authentication server, the second authentication information not registered in the second authentication server; and
      
      a deletion unit configured to delete the second authentication information acquired by the second authentication information acquiring unit and the first authentication information combined with the second authentication information, from the authentication information storing unit.
  - 6. An information processing system according to claim 4, wherein the first authentication server further comprises:
    - a notice address registration unit configured to register a notice address in combination with the first authentication information or with the second authentication information; and
      
      a notice unit configured, at a predetermined time before the lapse of the period set by the period setting unit from the latest log-in time stored in the latest log-in time storing unit, to send, to the notice address combined with the first authentication information or with the second authentication information, a notice that the first authentication information combined with the latest log-in time and the second authentication information combined with the first authentication information are to be deleted from the first registration unit at a predetermined time after.
  - 7. An information processing system according to claim 1, wherein the information processing apparatus further comprises:
    - a log-off unit configured, in the case of an input of a first authentication information different from the first authentication information for which the use of the information processing apparatus is permitted by the permission unit, to forcedly cancel the permission of use by the first authentication information by which the use is permitted.
  - 8. An information processing system according to claim 1, wherein the first authentication server further comprises:
    - a log storing unit configured to store the first authentication information and the second authentication information registered by the registration unit, together with a registration time at which the first authentication information and the second authentication information are registered by the registration unit, as a log information.

9. An information processing apparatus capable of communication with a first authentication server for executing an authentication of a first authentication information, comprising:
- an authentication request unit configured to transmit an input first authentication information to the first authentication server thereby requesting an authentication;
  
  a result acquiring unit configured to acquire a result from the first authentication server in response to the request from the authentication request unit;
  
  a permission unit configured to permit use of the information processing apparatus when the authentication is determined as successful based on the result acquired by the result acquiring unit; and
  
  a registration request unit that is configured, in the case that the authentication is determined as failed based on the result acquired by the result acquiring unit and in the case of receiving an enquiry for the registration of the first authentication information, to transmit the second authentication information for identifying a user input from an operation unit to the first authentication server thereby requesting a registration.
- View Dependent Claims (10)
- - 10. An information processing apparatus according to claim 9, wherein the permission unit further comprises:
    - a log-off unit configured, in the case of an input of a first authentication information different from the first authentication information for which the use of the information processing apparatus is permitted, to forcedly cancel the permission of use by the first authentication information by which the use is permitted.

11. An authentication server capable of communication with one or plural information processing apparatuses, and a user authentication server storing at least second authentication information for identifying a user, through a communication medium, comprising:
- an authentication information storing unit configured to store a first authentication information for permitting use of the information processing apparatus;
  
  a determination unit configured to determine whether the first authentication information received from the information processing apparatus is stored in the authentication information storing unit in order to execute an authentication based on the first authentication information;
  
  an enquiry unit configured to enquire registration of the first authentication information to the information processing apparatus, when the determination unit determines that the first authentication information received from the information processing apparatus is not stored in the authentication information storing unit;
  
  a first request unit that is configured, upon receiving a request for registration from the information processing apparatus as a response to the enquiry by the enquiry unit, to request an authentication based on a second authentication information for identifying the user contained in the request for registration to the user authentication server; and
  
  a registration unit that is configured, in case of a reception of a result of authentication indicating that the second authentication information is registered in the user authentication server from the user authentication server, to register the second authentication information and the first authentication information that is determined by the determination unit as not stored in the authentication information storing unit in mutual combination in the authentication information storing unit.
- View Dependent Claims (12)
- - 12. An authentication server according to claim 11, further comprising:
    - a black list storing unit configured to store a black list information registering the first authentication information for which the use of the information processing apparatus is not permitted; and
      
      a search unit configured to search whether the first authentication information received from the information processing apparatus is registered in the black list information stored in the black list storing unit.

13. A method for an information processing system, in which one or plural information processing apparatuses, a first authentication server storing first authentication information for permitting use of the information processing apparatus, and a second authentication server storing at least second authentication information for identifying a user, are capable of communication through a communication medium, wherein the first authentication server, which includes an authentication information storing unit configured to store a first authentication information for permitting use of the information processing apparatus, the method comprises:
- determining, in first authentication server, in order to execute an authentication based on the first authentication information received from the information processing apparatus, whether the first authentication information is stored in the authentication information storing unit;
  
  enquiring, in first authentication server, registration of the first authentication information to the information processing apparatus, in the case that the first authentication information received from the information processing apparatus is not stored in the authentication information storing unit;
  
  making, in first authentication server, a first request, upon receiving a request for registration from the information processing apparatus as a response to the enquiry, for an authentication based on a second authentication information for identifying the user contained in the request for registration to the second authentication server;
  
  registering, in first authentication server, in response to a reception of a result indicating that the second authentication information is registered in the second authentication server from the second authentication server as a response to the first request, the second authentication information and the first authentication information that is determined as not stored in the authentication information storing unit in mutual combination in the authentication information storing unit;
  
  making, in the information processing unit, a second request by transmitting the input first authentication information to the first authentication server thereby requesting an authentication based on the first authentication information to the first authentication server;
  
  acquiring, in the information processing unit, a result based on the determination from the first authentication server in response to the second request;
  
  permitting, in the information processing unit, use of the information processing apparatus when the authentication is determined as successful based on the acquired result; and
  
  requesting, in the information processing unit, a registration, in the case that the authentication is determined as failed based on the acquired result and in the case of receiving an enquiry for the registration of the first authentication information, by transmitting the second authentication information for identifying the user input from an operation unit to the first authentication server.

14. A method in an information processing apparatus capable of communication with a first authentication server for executing an authentication of a first authentication information, which comprises:
- requesting, by transmitting an input first authentication information to the first authentication server, an authentication of the first authentication information to the first authentication server;
  
  acquiring a result from the first authentication server in response to the request;
  
  permitting use of the information processing apparatus when the authentication is determined as successful based on the acquired result; and
  
  requesting a registration, in the case that the authentication is determined as failed based on the acquired result and in the case of receiving an enquiry for the registration of the first authentication information, by transmitting the second authentication information for identifying a user input from an operation unit to the first authentication server.
- View Dependent Claims (15)
- - 15. A program stored in a computer-readable memory medium, for causing a computer to execute the method according to claim 14.

16. A method in an authentication server which is capable of communication with one or plural information processing apparatuses, and a user authentication server storing at least second authentication information for identifying a user, through a communication medium, and which includes an authentication information storing unit configured to store a first authentication information for permitting use of the information processing apparatus, the method comprising:
- determining whether the first authentication information received from the information processing apparatus is stored in the authentication information storing unit in order to execute an authentication based on the first authentication information;
  
  enquiring registration of the first authentication information to the information processing apparatus, in the case that the first authentication information received from the information processing apparatus is determined as not stored in the authentication information storing unit;
  
  requesting, upon receiving a request for registration from the information processing apparatus as a response to the enquiry, to request an authentication based on a second authentication information for identifying the user contained in the request for registration to the user authentication server; and
  
  registering, in case of a reception of a result of authentication indicating that the second authentication information is registered in the user authentication server from the user authentication server, the second authentication information and the first authentication information that is determined as not stored in the authentication information storing unit in mutual combination in the authentication information storing unit.
- View Dependent Claims (17)
- - 17. A program stored in a computer-readable memory medium, for causing a computer to execute the method according to claim 16.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Tsuchiya, Masakazu, Ueki, Motonori

Granted Patent

US 8,225,375 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/608   Secure printing

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/388   using mutual authentication...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4097   using mutual authentication...

G07F 7/08   by coded identity card or c...

G07F 7/1008   Active credit-cards provide...

G07F 7/12   Card verification

G07F 7/122   Online card verification

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS AND METHOD AND PROGRAM THEREFOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS AND METHOD AND PROGRAM THEREFOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links