Multi-Function Devices (MFDs) is a name given to that family of products that integrate facsimile, scanner, copier and printer functions in a single device. MFDs have become commonplace in the modern office environment, and also in the so-called “home office”.
In a networked office environment, a document may have its printing instigated from a personal computer in one location in the network, and the printing performed by an MFD at another location in the network. Users often wish to prevent un-authorised viewing of confidential documents prior to the user arriving at the MFD to retrieve their hard-copy printout. Many MFDs incorporate a secure print feature which commences the print job only when the sender arrives at the print device and is subsequently authenticated.
Many MFDs also have advanced scan and send functionality, allowing users to email, fax, or store documents on remote server locations such as document management systems. To ensure network security and prevent unauthorised viewing of confidential information, it is important that the user be authenticated at the MFD.
Many organisations perform cost recovery of resources such as paper and toner, or they limit the amount or types of copying and printing users can perform. Authentication of users at the MFD allows resource usage to be tracked or limited.
For these reasons, many MFDs provide a means of authenticating a user of the MFD prior to particular functionality being enabled.
The usual approach to authentication on most networked devices is through a username and password combination. Since most users of the network have a username and password assigned in order to access their personal computers on the network, using the same username and password to access other networked device can be simple to administer.
However a username-password combination is very inconvenient for user authentication at an MFD, due to the limited keystroke input capabilities and the public location of these devices. Users will generally be authenticating themselves many times throughout the day and only staying authenticated for short periods of time (e.g. 5 minutes or less) whilst they collect their secure print jobs or perform their required functions.
For this reason a physical card, token or something on or carried by the user is preferred for authentication at the MFD. This allows users to quickly authenticate themselves at the device. An example is a building access card which is carried by many office workers to access the office premises.
Currently, if a user wishes to use physical credentials for authentication at the MFD, a Systems Administrator of the office network must first setup the system to include their credentials prior to their use. This greatly increases network administration workload. Whilst the term “credentials” is plural, in the context of the present specification, such may be embodied by a single card or token, sufficient to authenticate the user at the MFD. Also, physical credential systems such as building access systems are not normally designed to be network accessible, making it difficult for them to provide authentication at the MFD. For example, building access cards are often issued by a different organisation (the organisation that manages the building services), from that organisation responsible for network security.
The Systems Administrator's workload is also increased if an organisation wishes to implement a new MFD authentication system using existing physical security credentials. If the users are in many different remote offices with different security systems, it may be difficult to obtain all the information from the security systems in order to provide accounts for all users wishing to access the system.
A method which allows fast and simple authentication at the device using physical credentials without the increasing system administration workload or complexity is needed.