JP2005202539A - Image processor, image processing program, image processing method, control device, control program, and control method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform security management of general user information at the time of maintenance work in an image processor. <P>SOLUTION: A composite machine 10 as the image processor comprises a management user managing the composite machine and a maintenance user performing the maintenance work of the device. The management user determines an item for giving an access right to the maintenance work user among various pieces of general user information held in a general user information holding part 44 in an access setting part 36. In a password assignment part 38, a password with maintenance management right including this access right is issued. The maintenance management user can access corresponding general user information to perform the maintenance work by logging in the composite machine by use of this password. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a technique for improving security during maintenance and inspection of an apparatus that captures an image or prints a printed image.

  An image processing apparatus such as a scanner apparatus, a printer apparatus, or a copier having these stacked is usually used by many users. In view of this, there is known a means for holding information on a specific general user in an area called a confidential box while ensuring confidentiality from other general users. As a result, not only the security can be improved, but also a detailed service according to each user's request can be implemented.

  Patent Document 1 below discloses a means for storing and holding log information in a server device used for communication so that only a predetermined person can access log information. In Patent Document 2 below, when the second company remotely diagnoses the equipment under the control of the first company, the security level determination control for changing the response range to the inquiry according to the degree of the event related to the inquiry There is a description of the means.

JP 2002-366461 A JP 2002-32274 A

  An image processing apparatus is required to have high security management due to handling of image data. However, the maintenance work of the image processing apparatus is often performed by a third party such as a manufacturer employee (referred to as a customer engineer) or a staff member in charge of another department of the company. Such a third party, for example, receives a request from a company or department that uses the image processing apparatus, and performs maintenance work while referring to a borrowed setting information list. In order to smoothly perform this maintenance work without restriction, it is necessary to be able to access all information in the image processing apparatus. This situation is not preferable from the viewpoint of improving security even if a third party can trust. That is, it is desirable to construct a security system that can maintain confidentiality of general user information from a third party in consideration of convenience in maintenance work.

  The above-mentioned Patent Documents 1 and 2 are documents obtained as a result of extensive investigations at the time of application preparation, but both are different from the present invention related to an image processing apparatus in the field. In particular, no countermeasure is shown for general user information for which confidentiality management is important in the image processing apparatus.

  An object of the present invention is to perform confidentiality management of general user information during maintenance work in an image processing apparatus.

  Another object of the present invention is to achieve both ease of maintenance work and confidentiality of general user information in an apparatus related to image processing.

  Still another object of the present invention is to facilitate security management by assigning special authorities having different contents to different users in an apparatus related to image processing.

  The image processing apparatus of the present invention has at least a function of capturing an image under general user authority and generating image data, or a function of forming a print image on a sheet based on image data under general user authority. In an image processing apparatus having image data processing means including one of the above, the general user information related to the general user having the general user authority is set without setting the access right for the general user having the other general user authority. Holding means for holding, and setting means for switching the access right to at least a part of the general user information to set or non-set for a maintenance work user having maintenance work authority for performing maintenance work on the image processing apparatus; .

  The image processing apparatus is provided with general user authority and maintenance work authority. These authorities define the operable range of the user who operates the image processing apparatus. A general user having a general user authority can execute the image data processing means after specifying that the operation is performed by the general user. The general user information related to the general user is held by the holding means. General user information refers to information that a general user manages under the general user authority, and information that the image processing apparatus uses to manage a user with the general user authority. As an example of the former, image data acquired by a general user based on input / output or imaging can be cited. Examples of the latter include password information and billing information of the general user. In this holding means, other general users cannot access the general user information of the general users. As a result, among the general users, the confidential management of the general user information is realized. Although it is possible to set the image processing apparatus to be used by an anonymous user who does not have general user authority, in this case, the anonymous user cannot access the general user information. Can be set to

  A maintenance work user having maintenance work authority can perform maintenance work on the image processing apparatus. From the viewpoint of smooth execution of maintenance work, it is desirable to give access rights to general user information to maintenance work users. On the other hand, from the viewpoint of confidentiality management of general user information, it is desirable not to give access rights to general user information. Therefore, setting means for switching the access right to the general user information for the maintenance work user between setting and non-setting is provided. Accordingly, it is possible to select whether to set or not set the access right to the general user information for the maintenance work user in consideration of both viewpoints. The person who instructs the implementation of the setting means is not particularly specified, and may be performed by, for example, a general user corresponding to general user information. A general user is usually the person who knows the necessity of confidentiality of the general user information best, and can thereby ensure confidentiality. Further, for example, the maintenance user himself / herself may perform switching on the premise that a record of switching is left or a system for notifying general users or the like of switching is provided. In this case, the maintenance work user is expected to have a confidentiality preservation effect because psychological pressure is applied to the change. The general user does not necessarily need to be a single user, and may be a group name of a plurality of users.

  According to this device configuration, the access to the general user information is not set by the setting means, so that the general user information can be kept secret from the maintenance user. Further, by setting the access to the general user information in the setting means, it is possible to give the maintenance work authority in the area of the general user information to the maintenance work user.

  Desirably, in the image processing apparatus of the present invention, the switching in the setting means is an administrative user having the authority to set the general user authority and the authority to access the corresponding general user information. Based on the instructions. That is, the image processing apparatus is provided with management authority in addition to user authority and maintenance work authority. The management authority includes an authority to set the general user authority for the general user and an authority to access the general user information of the general user, and is an authority that enables management of the image processing apparatus. The setting means is performed based on an instruction of a management user having the management authority.

  According to this apparatus configuration, two special authorities, that is, a management authority and a maintenance work authority are provided. Then, the setting user is realized by the management user having the management authority giving at least a part of the management authority to the maintenance work user having the maintenance work authority. Management authority and maintenance authority, except for switching instruction authority in the setting means, may be in an authority relationship that completely includes the other, an authority relationship that is independent of each other, or an authority relationship that has a part in common. There may be. In any case, in the image processing apparatus, by providing two special authorities (management authority and maintenance authority) having different authorities for general user information, security for general user information is improved and work efficiency related to maintenance management is improved. It is possible to work together.

  Preferably, in the image processing apparatus of the present invention, switching to the setting in the setting means is performed by giving a password for acquiring the access right to the maintenance work user. There are various ways to give a password. For example, a maintenance work that grants access rights by setting a password used for authentication when acquiring maintenance work authority without access right and a password used for authentication when obtaining maintenance work authority with access right. The user may be given the latter password. Further, an access right may be additionally granted to a maintenance work user who has once acquired a maintenance work right without access right, and a password used for additional authentication at that time may be given. In any case, since the setting or non-setting of the access right can be associated with the issuance or invalidation of the password (or the discard for erasing the password itself), the management becomes easy.

  Preferably, in the image processing apparatus of the present invention, a plurality of passwords are issued according to the range of access rights to be set. Thus, for example, even when a maintenance work user who sets access rights and a maintenance work user who does not set access rights exist at the same time, or a maintenance work user who has access rights of multiple contents is set, Because the difference can be reflected in the password, management becomes easy.

  Preferably, in the image processing apparatus of the present invention, the setting means switches the access right for each item included in the general user information. That is, when the general user information is composed of a plurality of items, it is possible to make fine settings such as setting an access right for one item and not setting an access right for another item. As a result, for example, the importance level for confidentiality management is set in advance or by setting for each item, and the access right corresponding to the importance level according to the reliability of the maintenance worker (whether it is an employee or non-employee, etc.) The setting / non-setting can be separated.

  Preferably, in the image processing apparatus of the present invention, the general user information related to the general user includes image data owned by the general user, and billing information imposed on the general user according to use of the image processing apparatus. , At least one item of password information for the general user to log in to the image processing apparatus is included.

  Preferably, the image processing apparatus of the present invention includes recording means for recording that the maintenance work user has accessed the general user information. The contents of the recording can be various, and only the presence / absence of access may be recorded, or the contents of the operation performed by the access may be recorded. The recorded contents may be viewable by general users as well as administrative users who manage the image processing apparatus.

  Preferably, in the image processing apparatus of the present invention, the access right switched by the setting unit is a right to read general user information. In the image processing apparatus of the present invention, the access right switched by the setting unit may be a right to change or delete general user information. Of course, the access right switched by the setting means may include both the right to read general user information and the right to change or delete.

  The image processing program of the present invention has at least a function of capturing an image under a general user authority and generating image data, or a function of forming a print image on a sheet based on the image data under a general user authority. A program executed in an image processing apparatus including an image data processing means including one of the general user information related to a general user having the general user authority to a general user having another general user authority A module for holding the access right without setting, and a module for switching the access right to the general user information between setting and non-setting for a maintenance user having maintenance work authority for performing maintenance work on the image processing apparatus And including.

  The image processing method of the present invention includes at least a function of capturing an image under general user authority and generating image data, or a function of forming a print image on a sheet based on image data under general user authority. A method executed by an image processing apparatus including an image data processing means including one of the general user information related to the general user having the general user authority to the general user having another general user authority A holding step for holding without setting a right, and a setting for switching the access right to the general user information between setting and non-setting for a maintenance user having maintenance work authority for performing maintenance work on the image processing apparatus Steps.

  The control device of the present invention has at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on the image data under general user authority. A control apparatus for controlling an image processing system including image data processing means including general user information related to a general user having the general user authority to a general user having another general user authority The access right to the general user information is set or not set with respect to a means for instructing to hold the setting without setting the right and a maintenance work user having a maintenance work right to perform maintenance work on the image processing apparatus. Means for instructing switching. The control device may be incorporated in a housing (group) constituting the image processing system, or may be separately configured using an arithmetic device such as a PC (personal computer).

  The control program of the present invention is at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on the image data under general user authority. A program executed by a control device for controlling an image processing system having image data processing means including general user information related to a general user having the general user authority and other general user authority A procedure for instructing the user to hold without setting the access right, and a maintenance work user having a maintenance work right to perform maintenance work on the image processing apparatus are given access rights to the general user information. And a command for switching to setting or non-setting.

  The control method of the present invention is at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on the image data under general user authority. A method executed by a control apparatus for controlling an image processing system including image data processing means including general user information related to a general user having the general user authority and a general user having another general user authority A command to hold without setting an access right for the user, and a right to access the general user information is set for a maintenance user who has a maintenance right to perform maintenance work on the image processing apparatus. Or a step of giving a command to switch to non-setting.

  Embodiments of the present invention will be described below.

  FIG. 1 is a functional block diagram showing a schematic configuration of a multifunction machine 10 as an image processing apparatus according to the present embodiment. The multifunction machine 10 includes an image data processing unit 12, and the image data processing unit 12 includes an imaging unit 14 and a printing unit 16. The imaging unit 14 captures an image written on a sheet such as paper and generates image data. The printing unit 16 performs a printing process based on the image data, and forms a print image on the paper. Therefore, the multifunction machine 10 can be used as a scanner device, and can also be used as a printer device or a facsimile machine. Further, it may be used as a multifunction machine such as a copying machine in which a scanner device and a printer device are combined.

  The user management unit 18 is provided to manage users who use the multifunction machine 10. The login user is authenticated by a password or the like, or the corresponding user authority is given to the logged-in user. Users who use the multifunction machine 10 are divided into an administrative user having administrative authority, a maintenance user having maintenance authority, and a general user having general user authority. Each of these users is managed by a management user unit 20, a maintenance work user unit 22, and a general user unit 24, respectively.

  The control unit 26 is provided to control each component of the multifunction machine 10. The control unit 26 is realized by hardware having an arithmetic function and software (program) that defines the operation thereof. Each component is controlled based on the operation command signal. Some or all of the functions of the control unit 26 may be set outside the multifunction machine 10. That is, a device having a calculation function such as a PC (personal computer) may be caused to function as a control device for controlling the multifunction machine 10.

  The input / output unit 28 has a function of transmitting / receiving data and command signals to / from an external device. The input / output unit 28 is connected to a LAN (local area network) 60 and can communicate with various external devices connected to the LAN 60. The display unit 30 includes a display device such as a liquid crystal display, and provides information to the user of the device through the device. The user input unit 32 is used by a user to input a command signal using an input device such as a touch panel or a keyboard on the display unit 30. Note that the user can also input a command signal from the external device through the input / output unit 28.

  The recording unit 34 performs various operation recordings in the multifunction machine 10 such as image processing recording in the image data processing unit 12. Among them, a characteristic point is that the maintenance user keeps a record of accessing the general user information holding unit 44 to be described later. The recorded content is stored, for example, in the storage unit 40 described later. At that time, the recorded content is processed so that a general user or a maintenance user cannot modify the recorded content. The access setting unit 36 performs switching for setting or not setting the access right to the general user information holding unit 44 for the maintenance user based on an instruction from the management user. The password grant unit 38 is provided to give the set access right to the maintenance user by giving a password. When the access right is not set, the password is invalidated or discarded. The access right and the corresponding password can be individually set for each content of the general user information holding unit 44.

  The storage unit 40 is configured by a hard disk, a semiconductor memory, or the like, and stores various data. The storage unit 40 includes a manufacturer information holding unit 42 and a general user information holding unit 44. The manufacturer information holding unit 42 holds contents commonly set for each user, such as a scan parameter used in the imaging unit 14, a print parameter used in the printing unit 16, and a display content template used in the display unit 30. doing.

  The general user information holding unit 44 holds various types of information related to general users (referred to as general user information). Specific items include confidential box information 46 such as image data placed in a general user usable area called a confidential box assigned to the general user. Furthermore, the general user information includes address book information 48 used when the general user inputs / outputs information such as image data to / from an external device, and billing information charged to the general user according to the usage status of the multifunction device 10. 50, each item of password information 52 used for authentication when the general user acquires the general user authority is also included.

  Next, the operation of the multifunction machine 10 will be described with reference to FIGS.

  FIG. 2 is a flowchart illustrating a process in which a general user performs processing using the imaging unit 14 of the multifunction machine 10. First, a general user logs in to the multifunction machine 10 from the user input unit 32 or from an external device through the input / output unit 28 (S10). The general user unit 24 performs password authentication for the logged-in user, and grants general user authority to the authenticated general user. Thereafter, the general user operates the multifunction machine 10 under the general user authority. Subsequently, the general user instructs imaging, and the imaging unit 14 performs imaging according to this instruction (S12). The image data generated by the imaging is stored as confidential box information 46 in the confidential box managed by the general user (S14). Therefore, other general users cannot access this image data. The general user can perform data transfer to an external PC using mail or a file transfer protocol in accordance with an address registered in advance in the address book information 48 (S16). When this series of operations is completed, the general user logs out from the multifunction machine 10 (S18). Then, the charge amount is calculated according to the contents of the series of operations, and the charge information 50 is updated (S20).

  FIG. 3 is a flowchart illustrating an example of processing performed by the management user. The administrative user acquires administrative user authority through password authentication by the administrative user unit 20 (S30). Therefore, the operation of the multifunction machine 10 by the management user is performed under the management user authority. Here, the management user instructs an access right setting item for the general user information holding unit 44 for the maintenance user (S32). The access setting unit 36 determines an access setting item based on this instruction. Next, the management user sets a password for actually accessing the set access item by using the password assigning unit 38 (S34). The maintenance user is informed of this password verbally or through other methods that can ensure sufficient confidentiality.

  FIG. 4 is a flowchart illustrating a process in which a maintenance user performs maintenance work. The maintenance work user logs in to the multifunction machine 10 under the control of the maintenance work user unit 22 (S40). It is assumed that the password used for authentication at this time is a password that can acquire the authority to access general user information. The maintenance work user performs the maintenance work under the maintenance work user authority (S42). The content of the maintenance work is not particularly limited, and examples thereof include adjustment of the operation of the image data processing unit 12 and confirmation of various records remaining in the recording unit 34. It is also possible to perform maintenance work that requires access to general user information. For example, if a defect is found during the printing process of specific image data included in the confidential box information 46 from the recording of the recording unit 34, it is desirable that the image data can be confirmed. Alternatively, there may be a case where access to this area is necessary for checking or repairing the hard disk storing the general user information holding unit 44. Thus, the maintenance work user accesses the item of the general user information holding unit 44 and continues the maintenance work (S44). The contents of the general user information holding unit 44 operated by the maintenance user are recorded in detail in the recording unit 34 (S46).

  Next, details of the access setting process for the general user information holding unit 44 will be described with reference to Table 1, FIG. 5, and FIG.

表１は、パスワード付与部３８において設定されるパスワードと、そのパスワードの現時点での有効性、そのパスワードに対応するアクセス項目とアクセス属性を示した表である。例えば、パスワード「fujixerox11」は、現在有効であり、このパスワードを用いて親展ボックス情報の読み込み（Ｒ）と書き込み（Ｗ）、及び、課金情報の読み込みを行うことができる。なお、書き込みとは、親展ボックス情報に対する追加の書き込み、改変、削除の処理をあらわしている。また、パスワード「xeroxcorp001」は、現在有効であり、アドレス帳情報への読み込み及び書き込み権限を有している。そして、パスワード「highend02」は、現在無効であるが、もし有効であればパスワード情報に対する読み込み及び書き込み処理が可能となる。

Table 1 is a table showing the password set in the password assigning unit 38, the current validity of the password, the access items and access attributes corresponding to the password. For example, the password “fujixerox11” is currently valid, and the confidential box information can be read (R) and written (W) and billing information can be read using this password. Note that writing means additional writing, modification, or deletion processing for confidential box information. Also, the password “xeroxcorp001” is currently valid and has read / write authority to the address book information. The password “highend02” is currently invalid, but if it is valid, the password information can be read and written.

  FIG. 5 is a diagram showing which information of the information 70 in the MFP can be accessed by a maintenance user who is not given any valid password shown in Table 1. The information 70 in the multifunction peripheral includes manufacturer information 80 held in the manufacturer information holding unit 42 and general user information 90 held in the general user information holding unit 44. The maintenance user can access all the information included in the manufacturer information 80, for example, the scan parameter 82 and the print parameter 84, but the information included in the shaded area of the general user information 90, that is, the confidential box information 46. The billing information 50, the address book information 48, and the password information 52 cannot be accessed. Therefore, the confidentiality of the general user information 90 is kept completely.

  FIG. 6 is a diagram showing items accessible by the maintenance user who has logged in using the password “fujixerox11” shown in Table 1. This figure is basically the same as FIG. 5, but the shaded area indicating the non-set item of the access right is different. That is, the maintenance user can access all the information included in the manufacturer information 80 and can also access the confidential box information 46 and the billing information 50 included in the general user information 90. The address book information 48 and the password information 52 included in the general user information 90 cannot be accessed. That is, the maintenance management user having this password can access the confidential box information 46 and the billing information 50 in the general user information 90 and perform maintenance work, but determines that the confidentiality is high or the maintenance work is less necessary. Accessed address book information 48 and password information 52 cannot be accessed.

2 is a functional block diagram illustrating a schematic configuration example of a multifunction peripheral. FIG. It is a flowchart explaining the utilization process of a general user. It is a flowchart explaining the utilization process of a management user. It is a flowchart explaining the utilization process of a maintenance user. It is a figure which shows an example of the accessible item of a maintenance work user. It is a figure which shows another example of the accessible item of a maintenance work user.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 MFP, 12 Image data processing part, 14 Imaging part, 16 Printing part, 18 User management part, 20 Management user part, 22 Maintenance work user part, 24 General user part, 26 Control part, 28 Input / output part, 30 Display Part, 32 user input part, 34 recording part, 36 access setting part, 38 password giving part, 40 storage part, 42 manufacturer information holding part, 44 general user information holding part, 46 confidential box information, 48 address book information, 50 Billing information, 52 password information, 70 information, 80 manufacturer information, 90 general user information.

Claims (15)

Image data processing means including at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on image data under general user authority In the image processing apparatus provided,
Holding means for holding general user information related to a general user having the general user right without setting an access right for a general user having another general user right;
Setting means for switching access rights to at least a part of the general user information for a maintenance work user having maintenance work authority for performing maintenance work on the image processing apparatus;
An image processing apparatus comprising: The image processing apparatus according to claim 1.
The switching in the setting means is performed based on an instruction of a management user having management authority of the image processing apparatus including authority to set the general user authority and authority to access corresponding general user information. An image processing apparatus. The image processing apparatus according to claim 2,
Switching to setting in the setting means is performed by giving a password for acquiring the access right to the maintenance work user. The image processing apparatus according to claim 3.
An image processing apparatus, wherein a plurality of passwords are issued according to a range of access rights to be set. The image processing apparatus according to claim 1.
The image processing apparatus, wherein the setting unit switches the access right for each item included in the general user information. The image processing apparatus according to claim 1.
The general user information related to the general user includes image data owned by the general user, billing information imposed on the general user according to the use of the image processing apparatus, and the general user logs into the image processing apparatus. An image processing apparatus, comprising at least one item of password information for use. The image processing apparatus according to claim 1.
An image processing apparatus comprising recording means for recording that the maintenance work user has accessed the general user information. The image processing apparatus according to claim 1.
The access right switched by the setting means is a right to read general user information.   The image processing apparatus according to claim 1, wherein the access right switched by the setting unit is a right to change or delete general user information.   The image processing apparatus according to claim 1, wherein the access right switched by the setting unit is a right to read general user information and a right to change or delete the general user information. Image data processing means including at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on image data under general user authority A program executed in the image processing apparatus provided,
A module for holding general user information related to a general user having the general user authority without setting an access right for the general user having another general user authority;
A module that switches the access right to the general user information between setting and non-setting for a maintenance work user having maintenance work authority to perform maintenance work of the image processing apparatus;
An image processing program characterized by comprising: Image data processing means including at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on image data under general user authority A method executed by an image processing apparatus provided,
Holding a general user information related to a general user having the general user right without setting an access right for a general user having another general user right;
A setting step for switching the access right to the general user information between setting and non-setting for a maintenance work user having maintenance work authority for performing maintenance work of the image processing apparatus;
An image processing method comprising: Image data processing means including at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on image data under general user authority A control device for controlling an image processing system provided,
Means for instructing general user information related to the general user having the general user authority to hold the general user having another general user authority without setting the access right;
Means for instructing a maintenance user having maintenance authority to perform maintenance work of the image processing apparatus to switch the access right to the general user information between setting and non-setting;
A control device comprising: Image data processing means including at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on image data under general user authority A program executed by a control device that controls an image processing system provided,
A procedure for instructing general user information related to a general user having the general user authority to hold a general user having another general user authority without setting an access right;
A procedure for instructing a maintenance work user having maintenance work authority to perform maintenance work of the image processing apparatus to switch the access right to the general user information between setting and non-setting,
A control program comprising: Image data processing means including at least one of a function of capturing an image under general user authority and generating image data, or a function of forming a print image on paper based on image data under general user authority A method executed by a control device that controls an image processing system provided,
Instructing general user information related to the general user having the general user authority to hold the general user having another general user authority without setting the access right; and
Commanding a maintenance work user having maintenance work authority to perform maintenance work of the image processing apparatus to switch the access right to the general user information between setting and non-setting;
A control method comprising:

Images