JP2006339779A - Multifunctional machine, client terminal, and information processing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To properly set a security level of a multifunctional machine and a client terminal. <P>SOLUTION: A control section 121 of the multifunctional machine includes: a determination section 121b that determines permission of execution of a plurality of functions of the multifunctional machine (at least two or more functions of copying machine, scanner, facsimile, Internet facsimile, and network printer functions); and an inhibit section 121c for inhibiting the execution of the function whose execution is determined to be inhibited by the discrimination section 121b, and the determination section 121b receives presence information denoting whether or not an administrator for managing security is present in a prescribed area from a server 11 and determines execution permission for each function on the basis of the received presence information. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention is communicatively connected to a server device for managing presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area, and includes a copying machine, a scanner, a facsimile, an Internet facsimile, and a network printer. The present invention relates to a multifunction peripheral capable of executing at least two functions, a client terminal device, and an information processing system.

  The server device is communicably connected to a multifunction device capable of executing at least two functions of a copying machine, a scanner, a facsimile machine, an Internet facsimile machine, and a network printer, and a client terminal device, and performs various data transmission / reception and print processing. Information processing systems are widespread.

  In such an information processing system, it is an important issue to perform security management for preventing leakage of confidential information to the outside, and various proposals have been made. For example, a plurality of host PCs, a plurality of storages set with a plurality of levels (for example, three levels), a plurality of printers set with a plurality of levels (for example, three levels), and a set An information processing system has been proposed that includes a storage and a search server that searches for printers that match the security level (see Patent Document 1).

  Here, the host PC transmits print data to the printer, the storage temporarily stores the print data transmitted from the host PC, and outputs it to the printer as necessary. The printer transmits from the storage. Print data output processing, that is, printing is performed.

In the information processing system described above, a search server searches for a storage and a printer having a security function that matches a desired security level from a plurality of storages and a plurality of printers, and performs output processing through the search. Is possible.
Japanese Patent Laid-Open No. 2004-234241

  However, since the user can set the security level, there is a risk that confidential information or the like may leak to the outside if an appropriate security level is not set due to an erroneous operation, a determination error, or the like.

  SUMMARY An advantage of some aspects of the invention is that it provides a multifunction peripheral, a client terminal device, and an information processing system capable of appropriately setting a security level.

  The multifunction device according to claim 1 is communicably connected to a server device that manages presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area, and includes a copying machine, a scanner, and a facsimile A multifunction device capable of executing at least two or more functions of an Internet facsimile machine and a network printer, wherein a judgment means for judging whether or not to execute each function based on the presence / absence information; And a prohibiting unit that prohibits execution of the function determined to be permitted.

  According to the above configuration, the determination means determines whether or not execution is permitted for each of a plurality of functions of the MFP based on the presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area. Determined. Then, the prohibition unit prohibits the execution of the function determined to be unpermitted by the determination unit.

  That is, when the user gives an instruction to execute a function that is determined to be permitted by the determination unit, the process corresponding to the function is executed, but the user determines that the execution is not permitted by the determination unit. When an instruction to execute the function is issued, processing corresponding to the function is not executed.

  Therefore, based on the presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area, whether or not to execute is determined for each of a plurality of functions of the multifunction device, and it is determined that execution is not permitted. Therefore, it is possible to set an appropriate security level based on the presence / absence information.

  For example, if the administrator is in a predetermined area, security can be monitored by the administrator, so a low security level is set. If the administrator is not in the predetermined area, the administrator Since security is not monitored, a high security level can be set.

  The multifunction device according to claim 2 includes a user reception unit that receives user identification information that is information for identifying a user, and the determination unit determines whether to permit execution for each function based on the user identification information. It is characterized by that.

  According to the above configuration, user identification information, which is information for identifying a user, is received by the user reception unit, and is executed for each of a plurality of functions of the MFP by the determination unit based on the received user identification information. Judgment is made.

  Therefore, since the determination unit determines whether or not the execution is permitted for each of a plurality of functions of the multifunction peripheral based on the user identification information, a more appropriate security level can be set based on the user identification information.

  The multifunction device according to claim 3 includes user storage means for storing attribute information representing an attribute set in advance for a user in association with the user identification information in order to determine whether or not execution is permitted for each function. The determination unit reads attribute information corresponding to the user identification information from the user storage unit, and determines whether or not execution is permitted for each function based on the read attribute information.

  According to said structure, the attribute information showing the attribute preset with respect to the user in order to determine whether to permit execution for each of a plurality of functions of the multifunction peripheral is stored in the user storage means in association with the user identification information. The attribute information corresponding to the user identification information is read from the user storage unit by the determination unit, and whether or not to execute is determined for each of a plurality of functions of the multifunction peripheral based on the read attribute information. The

  Therefore, based on the attribute information representing the attribute set in advance for the user in order to determine the permission of execution for each of the plurality of functions of the multifunction peripheral, the permission for execution is determined for each of the plurality of functions of the multifunction peripheral by the determination unit. Therefore, a more appropriate security level based on the attribute information can be set.

  The client terminal device according to claim 4 is a client terminal device that is communicably connected to a server device that manages presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area. And determining means for determining whether or not execution is permitted for each of a plurality of functions of the client terminal device based on the presence / absence information, and prohibiting means for prohibiting execution of the function determined to be non-permitted by the determining means. It is characterized by comprising.

  According to the above configuration, execution permission / prohibition for each of a plurality of functions of the client terminal device is determined by the determination unit based on presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area. Is determined. Then, the prohibition unit prohibits the execution of the function determined to be unpermitted by the determination unit.

  Therefore, based on presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area, whether or not execution is determined is determined for each of a plurality of functions of the client terminal device, and it is determined that execution is not permitted. Since the execution of the performed function is prohibited, an appropriate security level based on the presence / absence information can be set.

  The client terminal device according to claim 5, further comprising: a user receiving unit that receives user identification information that is information for identifying a user, and the determination unit determines whether to permit execution for each function based on the user identification information. It is characterized by doing.

  According to the above configuration, user identification information, which is information for identifying a user, is received by the user reception unit, and is executed for each of a plurality of functions of the MFP by the determination unit based on the received user identification information. Judgment is made.

  Therefore, since the determination unit determines whether or not the execution is permitted for each of a plurality of functions of the client terminal device based on the user identification information, a more appropriate security level can be set based on the user identification information.

  The client terminal device according to claim 6, wherein user storage means for storing attribute information representing an attribute set in advance for the user in association with the user identification information in order to determine whether or not execution is permitted for each function. And the determination unit reads attribute information corresponding to the user identification information from the user storage unit, and determines whether or not to execute each function based on the read attribute information.

  According to said structure, the attribute information showing the attribute preset with respect to the user in order to determine execution permission / prohibition for each of the plurality of functions of the client terminal device is associated with the user identification information in the user storage means. The attribute information corresponding to the user identification information is read from the user storage means by the determination means, and whether or not to execute is determined for each of a plurality of functions of the multifunction peripheral based on the read attribute information. Is done.

  Therefore, based on attribute information representing attributes set in advance for the user in order to determine whether or not execution is permitted for each of the plurality of functions of the client terminal device, the determination unit executes the function for each of the plurality of functions of the MFP. Since permission / denial is determined, a more appropriate security level based on the attribute information can be set.

  The information processing system according to claim 7 is an information processing system that provides various information processing functions to a user, and that manages presence / absence information indicating whether or not a predetermined administrator is in a predetermined area. And a client terminal device according to any one of claims 4 to 6, and a client terminal device according to any one of claims 4 to 6.

  According to the above configuration, the server device is an information processing system that provides various information processing functions to the user, and the presence / absence information indicating whether or not a predetermined administrator is in a predetermined area is managed. And at least one of the multi-function device according to any one of claims 1 to 3 and the client terminal device according to any one of claims 4 to 6, which are communicably connected to the server device. Based on the presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area, execution permission / prohibition is determined for each of a plurality of functions of the multifunction peripheral (or client terminal device) and executed. Since the execution of the function determined to be unauthorized is prohibited, an appropriate security level can be set based on the presence / absence information.

  9. The information processing system according to claim 8, wherein the information processing system is configured to be able to communicate with the server device, and to identify a user when a user including the predetermined manager enters and exits the predetermined area. And an entry / exit management device that receives the user identification information, which is information to be transmitted, and transmits the received user identification information to the server device.

  According to the above configuration, the information for identifying a user when a user including a predetermined administrator enters and exits a predetermined area by an entry / exit management device capable of communicating with the server device. The user identification information is received, and the received user identification information is transmitted to the server device.

  Therefore, when a user including a predetermined administrator enters and exits a predetermined area, user identification information that is information for identifying the user is received and the received user identification information is transmitted to the server device. Therefore, presence / absence information indicating whether or not a predetermined manager is in a predetermined area can be easily and accurately grasped.

  According to the first aspect of the present invention, execution permission / rejection is determined for each of a plurality of functions of the MFP based on presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area. Since the execution of the function that is determined and determined not to be permitted is prohibited, an appropriate security level can be set based on the presence / absence information.

  According to the second aspect of the present invention, since the determination unit determines whether or not execution is permitted for each of a plurality of functions of the multifunction peripheral based on the user identification information, a more appropriate security level based on the user identification information Can be set.

  According to the third aspect of the present invention, based on the attribute information representing the attribute set in advance for the user in order to determine whether or not execution is permitted for each of a plurality of functions of the multifunction device, the multifunction device can determine Therefore, it is possible to set a more appropriate security level based on the attribute information.

  According to the invention described in claim 4, execution permission / prohibition for each of a plurality of functions of the client terminal device based on presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area. And the execution of the function determined to be unpermitted is prohibited, so that an appropriate security level can be set based on the presence / absence information.

  According to the fifth aspect of the present invention, execution permission / prohibition is determined for each of a plurality of functions of the client terminal device by the determination unit based on the user identification information. Therefore, more appropriate security based on the user identification information You can set the level.

  According to the sixth aspect of the present invention, based on the attribute information representing the attribute set in advance for the user in order to determine whether or not the execution is permitted for each of the plurality of functions of the client terminal device, the determination means causes the client to Since execution permission / prohibition is determined for each of a plurality of functions of the terminal device, it is possible to set a more appropriate security level based on the attribute information.

  According to invention of Claim 7, it is an information processing system which provides a user with various information processing functions with a server apparatus, Comprising: Presence-absence information showing whether a predetermined manager exists in a predetermined area Are managed, and are connected so as to be communicable with the server device, and at least one of the multifunction device according to any one of claims 1 to 3 and the client terminal device according to any one of claims 4 to 6. Therefore, on the basis of presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area, execution permission / rejection is determined for each of a plurality of functions of the multifunction peripheral (or client terminal device). Since the execution of the function that is determined and determined not to be permitted is prohibited, an appropriate security level can be set based on the presence / absence information.

  According to the invention described in claim 8, when a user including a predetermined administrator enters and exits a predetermined area, user identification information that is information for identifying the user is received and received. Since the user identification information is transmitted to the server device, the presence / absence information indicating whether or not the user is in the predetermined area of the predetermined administrator can be easily and accurately grasped.

  FIG. 1 is a configuration diagram showing an example of an information processing system according to the present invention. The information processing system 1 is connected to a multifunction machine 12 capable of executing functions of a copying machine, a scanner, a facsimile machine, an Internet facsimile machine, and a network printer, and a multifunction machine 12 via a LAN (Local Area Network) 15 so as to be communicable. A server device 11, a plurality of client terminal devices 13 that are communicably connected to the MFP 12 and the server device 11 via the LAN 15, and an input / output management device 14 that is communicably connected to the server device 11. ing.

  The multifunction machine 12 is connected to a plurality of facsimiles 2 via a public telephone line 21 so as to be communicable. The multifunction machine 12 is communicably connected to a plurality of client terminal devices 3 via the Internet (WWW) 31.

  When the multifunction machine 12 functions as a scanner, the multifunction machine 12 generates image data by reading an image from a document on which an image is formed by a scanner unit 122 (see FIG. 2) described later, and the generated image data. Is transmitted to the client terminal device 13 via an interface unit 128c (see FIG. 2) described later and the LAN 15.

  When the multifunction machine 12 functions as a facsimile, the multifunction machine 12 communicates image data with a plurality of facsimiles 2 via the public telephone line 21, and when transmitting image data, the scanner unit 122 described later. When reading image data of an original from (see FIG. 2), transmitting the image data to the facsimile 2 via a facsimile communication unit 127 (see FIG. 2) and a public telephone line 21 described later, and receiving the image data, Image data from the facsimile 2 is received via the facsimile communication unit 127 and the public telephone line 21, and an image is formed on a recording sheet by a printer unit 123 described later.

  When the multifunction machine 12 functions as an Internet facsimile machine, the multifunction machine 12 communicates image data with a plurality of client terminal devices 3 via the Internet 31, and when transmitting image data, the scanner unit described later. When reading image data of an original from 122 (see FIG. 2), transmitting the image data to the client terminal device 3 via an interface unit 128a (see FIG. 2) described later and the Internet 31, and receiving the image data, Image data from the client terminal device 3 is received via the interface unit 128a (see FIG. 2) and the Internet 31, and an image is formed on a recording sheet by a printer unit 123 (see FIG. 2) described later.

  When the multifunction machine 12 functions as a network printer, the multifunction machine 12 receives image data from the client terminal device 13 via the LAN 15 and the interface unit 128c (see FIG. 2), and a printer unit 123 (see FIG. 2) described later. The image is formed on the recording paper. When the multifunction machine 12 functions as a copying machine, the multifunction machine 12 reads image data of a document from a scanner unit 122 (see FIG. 2), which will be described later, and places an image on a recording sheet by a printer unit 123, which will be described later. To form.

  Whether or not the server device 11 has a predetermined administrator who performs security management (here, referred to as a system administrator) in a predetermined area (here, the company where the information processing system 1 is installed). The presence / absence information to the predetermined area of the predetermined manager is acquired from the entry / exit management device 14 and the system manager presence / absence information is transmitted to the multifunction machine 12. To do.

  The client terminal device 13 is composed of a personal computer or the like, accepts user operation input via a keyboard or the like, reads various information stored in the server device 11 according to the accepted operation input, and displays it on a monitor. At the same time, information is written on a recording medium such as a CD or FD. Further, the client terminal device 13 outputs various instruction information to the multifunction machine 12 in response to the received operation input. For example, the client terminal device 13 outputs various information on a recording sheet.

  The entry / exit management device 14 is communicable with the server device 11, and when a user including a system administrator enters a company where the information processing system 1 is installed or from a company where the information processing system 1 is installed. When the user exits, user identification information that is information for identifying the user is received, and the received user identification information is transmitted to the server device 11. A specific configuration of the entry / exit management device 14 will be described later with reference to FIG.

  FIG. 2 is a configuration diagram illustrating an example of the multifunction machine 12. The multifunction machine 12 includes a control unit 121 that controls the operation of the entire multifunction machine 12, a scanner unit 122 that reads an image printed (or described) on a document and forms image data, and forms an image from the image data on a recording sheet. A printer unit 123, an operation unit 124 (corresponding to a part of the operation display means) that accepts user operations, and a display unit that displays operation guidance information and the like, including an LCD (Liquid Crystal Display). 125, an image memory 126 for storing image data, a facsimile communication unit 127 for performing transmission / reception processing of image data with the facsimile 2, an interface unit 128a for performing transmission / reception processing of various data with the client terminal device 3, and a server Interface that performs transmission / reception processing of various data with the apparatus 11 128b and an interface unit 128c for performing various data transmission / reception processes with the client terminal device 13.

  The control unit 121 includes a CPU (Central Processing Unit), various image information displayed on the display unit 125, a ROM (Read Only Memory) that stores control programs, and a RAM (Random Access Memory) that temporarily stores processing data. ) And the like, and receives user operation information from the operation unit 124 to control the overall operation of the multifunction machine 12.

  The scanner unit 122 reads a document set on a document placement unit (not shown), converts it into an image signal line by line, and performs predetermined signal processing (level correction, γ correction, A / D conversion, etc.) on the image signal. ) And sequentially outputting to the control unit 121, the scanner function is exhibited.

  The printer unit 123 performs a printer function (or a copy function) by printing out image data onto a recording sheet. The printer unit 123 is composed of, for example, a laser printer or the like. The printer unit 123 irradiates a photosensitive member with laser light modulated with image data to form a latent image of the image data. The material is electrically attached and becomes visible, and this visible image is transferred to a recording sheet to form an image.

  The operation unit 124 includes, for example, a numeric keypad and a touch panel, and receives a user operation. A known thing can be used for this touch panel. For example, a touch panel is a rectangular thin layered body that is configured by covering with a transparent cover a pressure-sensitive material made of a linear transparent material at predetermined pitches in the vertical and horizontal directions. Affixed to the upper surface of 125. The touch panel can determine which button is instructed from the address of the button that prompts the selection displayed on the screen of the display unit 125 and the pressed position.

  The display unit 125 includes an LCD, an LED (Light Emitted Diode), and the like, and includes various states such as a connection state of the public telephone line 21 and a transmission / reception state of image information, information on the transmission destination of image data (FAX No.), and the like Is displayed on the LCD as character information and image information, and the presence / absence of a communication error and the necessity of maintenance are displayed on the LED.

  The image memory 126 stores image data and the like, and is a large-capacity memory that can store, for example, about 100 pieces of image data corresponding to a standard document of A4 size.

  The facsimile communication unit 127 performs image data transmission / reception processing with the facsimile 2 via the public telephone line 21 when the multifunction machine 12 functions as a facsimile. The facsimile communication unit 127 includes an encoding / decoding unit 127a and a modulation / demodulation unit 127b. And a network control unit 127c. The encoding / decoding unit 127a compresses and encodes image data to be transmitted, and decompresses and decodes received image data. The modem unit 127b performs modulation of compressed / encoded image data into an audio signal and demodulation of a received signal (audio signal) into image data. The network control unit 127c corresponds to an NCU (Network Control Unit) and controls the connection of the public telephone line 21 with the facsimile 2 which is a transmission / reception partner.

  The interface unit 128a performs transmission / reception processing of image data and the like with the client terminal device 3 when the multifunction machine 12 functions as an Internet facsimile machine. The interface unit 128b performs transmission / reception processing of various data (for example, presence / absence information of a system administrator from the server device 11) with the server device 11. The interface unit 128c performs transmission / reception processing of image data and the like with the client terminal device 13 when the multifunction machine 12 functions as a network printer.

  FIG. 3 is a functional configuration diagram illustrating an example of the control unit 121 of the multifunction machine 12. The CPU 1211 of the control unit 121 functionally includes a user reception unit 121a (corresponding to a user reception unit) that receives user identification information (here, a user ID), and a determination unit that determines whether or not execution is permitted for each function. 121b (corresponding to a determining unit) and a prohibiting unit 121c (corresponding to a prohibiting unit) that prohibits execution of a function that is determined not to be permitted by the determining unit 121b.

  The RAM 1212 of the control unit 121 functionally includes a user storage unit 121d that stores attribute information (to be described later) in association with a user ID, and a determination condition storage unit 121e that stores conditions for determining whether or not to execute each function. ing.

  Here, the CPU 1211 reads out and executes a control program stored in advance in a ROM or the like, so that a functional unit including a user reception unit 121a, a determination unit 121b, a prohibition unit 111c, a user storage unit 121d, and a determination condition storage unit 121e. It functions as.

  Of the various data stored in the RAM 1212 and ROM, data that can be stored in a removable recording medium is read by a driver such as a hard disk drive, an optical disk drive, a flexible disk drive, a silicon disk drive, or a cassette medium reader. In this case, the recording medium is, for example, a hard disk, an optical disk, a flexible disk, a CD, a DVD, a semiconductor memory, or the like.

  The user reception unit 121a receives a user ID via the operation unit 124, and whether or not the received user ID matches the user ID stored in the user storage unit 121d as a registered user who is a registered user. Is to discriminate. Here, password information is also registered in advance in association with the user ID and stored in the user storage unit 121d. The user reception unit 121a receives the user ID and password via the operation unit 124, Whether or not the user is a registered user is determined based on whether or not the user ID and password match the information stored in the user storage unit 121d.

  The determination unit 121b obtains presence / absence information indicating whether or not the system administrator is in the company from the server device 11 and obtains attribute information corresponding to the user ID received by the user reception unit 121a from the user storage unit 121d. Based on the attribute information and presence / absence information, the execution permission / prohibition is determined for each function according to the determination condition stored in the determination condition storage unit 121e.

  The prohibition unit 121c prohibits the execution of the function that is determined not to be executed by the determination unit 121b. For example, when printing is prohibited, the function of the multifunction machine 12 as a copier and the function of a network printer are prohibited, and the function of the receiving side among the functions of the Internet facsimile is prohibited. Is. In this case, command information for prohibiting the operation is output from the prohibition unit 121c to the printer unit 123.

  The user storage unit 121d stores attribute information representing an attribute set in advance for the user in association with the user ID in order to determine whether or not execution is permitted for each password and function. The attribute information is personal attribute information related to the security level, and here is an employee classification (see FIG. 4) indicating whether the employee is a general employee or a temporary employee.

  The determination condition storage unit 121e is classified according to presence / absence information indicating whether or not the system administrator is in the company and employee classification, and further stores execution permission / inhibition information indicating execution permission / inhibition for each function. is there.

  FIG. 4 is a chart showing an example of the presence / absence information stored in the determination condition storage unit 121e, employee permission / inhibition information, and execution permission / inhibition information. In order from the left side of the figure, an employee classification A, an administrator classification B indicating presence / absence information, a work content classification C indicating a work content, and a permission / denial D indicating execution permission / denial information are described.

  For example, if the employee category A is “general employee”, when the system administrator is in the company (when the administrator category B is “resident”), both “print” and “scan” When the system administrator is not present in the company (when the administrator category B is “absent”), neither “printing” nor “scanning” is permitted.

  Further, for example, when the employee category A is “temporary employee”, “printing” is not permitted when the system administrator is in the company (when the administrator category B is “resident”). When “scan” is permitted and the system administrator is not in the company (when the administrator category B is “absent”), neither “print” nor “scan” is permitted.

  Here, for example, when “printing” is set to “non-permitted”, the prohibition unit 111c prohibits the execution of the function of the multifunction machine 12 as a copier and the function of a network printer. Among these functions, execution of the function on the receiving side is prohibited.

  FIG. 5 is a functional configuration diagram illustrating an example of the client terminal device 13. The client terminal device 13 performs a CPU 131 that controls the operation of the entire client terminal device 13, an HDD 132 that stores various information, an operation unit 133 that includes a keyboard, a mouse, and the like, reading from the FD, and writing to the FD. An FDD 134, a CDD 135 that reads from and writes to a CD, a communication unit 136 that communicates image data and the like with the multifunction machine 12, and a display unit 137 that includes an LCD or the like and displays various information. ing.

  The CPU 131 functionally determines whether or not execution is permitted for each function of the user reception unit 131a (corresponding to a user reception unit) that receives user identification information (here, a user ID) and the client terminal device 13. A determination unit 131b (corresponding to a determination unit) and a prohibition unit 131c (corresponding to a prohibition unit) that prohibits execution of a function that is determined not to be permitted by the determination unit 131b.

  The HDD 132 functionally includes a user storage unit 132 a that stores attribute information in association with a user ID, and a determination condition storage unit 132 b that stores a condition for determining whether to permit execution for each function of the client terminal device 13. ing.

  Here, the CPU 1211 reads out and executes a control program stored in advance in a ROM or the like, whereby a functional unit including a user reception unit 131a, a determination unit 131b, a prohibition unit 131c, a user storage unit 132a, and a determination condition storage unit 132b. It functions as.

  Of the various data stored in the HDD 132, RAM, and ROM, data that can be stored in a removable recording medium can be read by a driver such as an optical disk drive, flexible disk drive, silicon disk drive, or cassette medium reader. In this case, the recording medium is, for example, an optical disk, a flexible disk, a CD, a DVD, a semiconductor memory, or the like.

  The user receiving unit 131a receives the user ID via the operation unit 133, and whether or not the received user ID matches the user ID stored in the user storage unit 132a as a registered user who is a registered user. Is to discriminate. Here, password information is also registered in advance in association with the user ID and stored in the user storage unit 132a. The user reception unit 121a receives the user ID and password via the operation unit 124, Whether or not the user is a registered user is determined based on whether or not the user ID and the password match the information stored in the user storage unit 132a.

  The determination unit 131b obtains presence / absence information indicating whether or not the system administrator is in the company from the server device 11 and obtains attribute information corresponding to the user ID received by the user reception unit 131a from the user storage unit 132a. Based on the attribute information and presence / absence information, the permission / inhibition is determined for each function according to the determination condition stored in the determination condition storage unit 132b.

  The prohibition unit 131c prohibits the execution of the function that is determined not to be permitted by the determination unit 131b. For example, when output to a recording medium is prohibited, execution of a function for writing information to the FD and CD is prohibited for the FDD 134 and CDD 135 of the client terminal device 13. In this case, command information for prohibiting the writing operation to the FDD 134 and the CDD 135 is output from the prohibition unit 131c.

  The user storage unit 132a stores attribute information representing attributes set in advance for the user in association with the user ID in order to determine whether or not execution is permitted for each password and function. The attribute information is personal attribute information related to the security level, and here is an employee classification (see FIG. 6) indicating whether the employee is a general employee or a temporary employee.

  The determination condition storage unit 132b is classified according to the presence / absence information indicating whether the system administrator is in the company and the employee classification, and further indicates whether the client terminal device 13 has the execution permission / inhibition for each function. Stores information.

  FIG. 6 is a chart showing an example of presence / absence information stored in the determination condition storage unit 132b, employee permission / inhibition information, and execution permission / rejection information. In order from the left side of the figure, an employee classification A, an administrator classification B indicating presence / absence information, a work content classification C indicating a work content, and a permission / denial D indicating execution permission / denial information are described.

  For example, when the employee category A is “general employee”, when the system administrator is in the company (when the administrator category B is “resident”), “output to recording medium”, “ Both “input from recording medium” and “display on screen” are allowed, and “display on screen” is allowed when the system administrator is not in the company (when manager category B is “absent”) However, “output to recording medium” and “input from recording medium” are not permitted.

  For example, when the employee category A is “temporary employee”, when the system administrator is in the company (when the administrator category B is “resident”), “display on screen” and When “input from recording medium” is permitted, but “output to recording medium” is not permitted and the system administrator is not in the company (when manager category B is “absent”), “ “Output to recording medium”, “input from recording medium”, and “display on screen” are all not permitted.

  Here, when “output to recording medium” is set to “non-permitted”, the prohibition unit 111c outputs command information for prohibiting the writing operation to the FDD 134 and the CDD 135.

  FIG. 7 is a configuration diagram illustrating an example of the server device 11. The server device 11 includes a CPU 111 that controls the operation of the entire server device 11 and an HDD 112 that stores various types of information.

  The CPU 111 functionally accepts user identification information (here, a user ID) and entry / exit information, which is information for identifying the user, from the entry / exit management device 14 and stores them in the entry / exit storage unit 112a described later. An entry / exit acceptance unit 111 a and an entry / exit transmission unit 111 b that transmits a user ID and entry / exit information to the multifunction machine 12 and the client terminal device 13 are provided. The HDD 112 functionally includes an entry / exit storage unit 112a that stores a user ID and entry / exit information received by the entry / exit acceptance unit 111a.

  Here, the CPU 131 functions as a functional unit including an entry / exit acceptance unit 111a, an entry / exit transmission unit 111b, and an entry / exit storage unit 112a by reading and executing a control program stored in advance in a ROM or the like. .

  Of the various data stored in the HDD 112 and ROM, data that can be stored in a removable recording medium can be read by a driver such as an optical disk drive, a flexible disk drive, a silicon disk drive, or a cassette medium reader. In this case, the recording medium is, for example, an optical disk, a flexible disk, a CD, a DVD, a semiconductor memory, or the like.

  FIG. 8 is a configuration diagram illustrating an example of the entry / exit management device 14. The entry / exit management device 14 includes a CPU 141 that controls the overall operation of the entry / exit management device 14, an HDD 142 that stores various information, a card reader 143 that reads information such as a user ID stored in an ID card, and a keyboard 144. I have.

  Functionally, the CPU 141 functionally includes a user ID receiving unit 141 a that receives a user ID read by the card reader 143, a password receiving unit 141 b that receives a password input from the keyboard 144, and enters and exits when a predetermined condition is satisfied. And an entry / exit permission unit 141c for permission.

  The HDD 142 functionally includes a user storage unit 142a that stores a user ID and a password, and an entry / exit storage unit 142b that stores a user ID and entry / exit information.

  Here, the CPU 141 reads and executes a control program stored in advance in a ROM or the like, whereby a user ID reception unit 141a, a password reception unit 141b, an entry / exit permission unit 141c, a user storage unit 142a, and an entry / exit storage unit 142b. It functions as a functional part including

  Of the various data stored in the HDD 142 and ROM, data that can be stored in a removable recording medium can be read by a driver such as an optical disk drive, a flexible disk drive, a silicon disk drive, or a cassette medium reader. In this case, the recording medium is, for example, an optical disk, a flexible disk, a CD, a DVD, a semiconductor memory, or the like.

  The user ID receiving unit 141a receives a user ID read by the card reader 143, and the password receiving unit 141b receives a password input from the keyboard 144.

  The entry / exit permission unit 141c determines whether or not the user ID received by the password receiving unit 141b and the password received by the password receiving unit 141b match the information stored in the user storage unit 142a. It is. If the information matches, the entry / exit permission unit 141c permits entry / exit and unlocks the door and the like, and among the information stored in the entry / exit storage unit 142b, the password acceptance unit 141b. In addition to updating the entry / exit information indicating whether or not the user corresponding to the user ID accepted in step S1 is in the office, the user ID and the entry / exit information are transmitted to the server device 11.

  The user storage unit 142a stores a user ID and a password. The entry / exit storage unit 142b stores entry / exit information indicating whether the user is in the company in association with the user ID.

  FIG. 9 is an example of a flowchart for explaining the operation of the control unit 121 of the multifunction machine 12. First, a user ID is received by the user receiving unit 121a (step S101), then a password is received (step S103), and whether or not the user ID and password match information stored in the user storage unit 121d. Is determined (step S105).

  If it is determined that they do not match (NO in step S105), the process returns to step S101. If it is determined that they match (YES in step S105), presence / absence information is acquired from the server device 11 by the determination unit 121b (step S107). Then, the determination unit 121b determines whether or not the system administrator is in the company based on the presence / absence information (step S109). If it is determined that the system administrator is in-house (YES in step S109), the determination unit 121b sets a low security level according to the determination condition stored in the determination condition storage unit 121e (step S111). If it is determined that the administrator is not in the company (NO in step S109), the determination unit 121b sets a high security level according to the determination condition stored in the determination condition storage unit 121e (step S113), and the process is performed. Is terminated.

  Note that a flowchart for explaining the operation of the CPU 131 of the client terminal device 13 is the same as the flowchart for explaining the operation of the control unit 121 of the multifunction machine 12 shown in FIG.

  In this way, based on the presence / absence information indicating whether or not a predetermined administrator (here, a system administrator) who performs security management is in a predetermined area (here, in-house), a plurality of MFPs 12 have. The execution permission / prohibition is determined for each of the functions, and the execution of the function determined to be unpermitted is prohibited, so that an appropriate security level can be set for the multifunction machine 12 based on the presence / absence information.

  Further, since the permission of execution is determined for each of a plurality of functions of the multifunction device 12 based on the user identification information (here, the user ID), a more appropriate security level based on the user ID for the multifunction device 12 is determined. Can be set.

  Further, attribute information indicating attributes preset for the user in order to determine whether or not to execute each function of the multifunction device 12 (in this case, an employee indicating whether it is a general employee or a temporary employee) The execution permission / prohibition is determined for each of a plurality of functions of the multifunction device 12 based on the classification information), and thus a more appropriate security level can be set for the multifunction device 12 based on the attribute information.

  In addition, based on presence / absence information indicating whether or not a predetermined administrator (here, a system administrator) who performs security management is in a predetermined area (here, in-house), a plurality of client terminals 13 have The execution permission / prohibition is determined for each of the functions, and the execution of the function determined to be unpermitted is prohibited. Therefore, an appropriate security level can be set for the client terminal device 13 based on the presence / absence information.

  Moreover, since execution permission / prohibition is determined for each of a plurality of functions of the client terminal device 13 based on the user ID, a more appropriate security level based on the user ID can be set for the client terminal device 13.

  Furthermore, attribute information (in this case, indicating whether the client terminal device 13 is a regular employee or a temporary employee) that represents an attribute set in advance for the user in order to determine whether or not execution is permitted for each of a plurality of functions of the client terminal device 13. The execution permission / prohibition is determined for each of the plurality of functions of the client terminal device 13 based on the employee classification information), so that a more appropriate security level can be set for the client terminal device 13 based on the attribute information.

  In addition, user identification, which is information for identifying a user when a user including a predetermined administrator (here, a system administrator) enters and leaves a predetermined area (here, in-house) Since the information (here, user ID) is received and the received user ID is transmitted to the server device 11, presence / absence information indicating whether the system administrator is in the office can be easily and accurately grasped. .

  The present invention can also be applied to the following forms.

  (A) In the present embodiment, the case where the multifunction machine 12 can execute the functions of a copying machine, a scanner, a facsimile machine, an Internet facsimile machine, and a network printer has been described. The form which can perform two or more functions may be sufficient.

  (B) In this embodiment, the case where the multifunction machine 12 includes the user reception unit 121a, the determination unit 121b, and the prohibition unit 121c has been described. However, the server apparatus 11 includes the user reception unit 121a, the determination unit 121b, and the prohibition unit 121c. The form which has a function part equivalent to at least 1 function part among them may be sufficient.

  Similarly, the case where the client terminal device 13 includes the user reception unit 131a, the determination unit 131b, and the prohibition unit 131c has been described. However, the server device 11 includes at least one of the user reception unit 121a, the determination unit 131b, and the prohibition unit 131c. The form which has a function part equivalent to a function part may be sufficient. In this way, by concentrating functions on the server device 11, centralization of security management is achieved.

  (C) In the present embodiment, a case has been described in which the determination unit 121b of the multifunction machine 12 determines execution permission / prohibition for each function based on the attribute information and the presence / absence information. It may be a form in which execution permission / rejection is determined for each function based on either one.

  Similarly, a case has been described in which the determination unit 131b of the client terminal device 13 determines whether to permit execution for each function based on the attribute information and the presence / absence information, but at least one of the attribute information and the presence / absence information is included. Based on this, it is possible to determine whether to permit or not execute each function.

  (D) In the present embodiment, the case where the server device 11 manages the presence / absence information has been described. However, the entry / exit management device 14 may manage the presence / absence information. In this case, it is not necessary to provide the server device 11, and the information processing system 1 is simplified.

It is a block diagram which shows an example of the information processing system which concerns on this invention. 1 is a configuration diagram illustrating an example of a multifunction peripheral. 2 is a functional configuration diagram illustrating an example of a control unit of a multifunction peripheral. FIG. It is a graph which shows an example of the presence / absence information stored in the determination condition memory | storage part, the employee permission classification, and the execution permission information classified by the function. It is a functional block diagram which shows an example of a client terminal device. It is a graph which shows an example of the presence / absence information stored in the determination condition memory | storage part, the employee permission classification, and the execution permission information classified by the function. It is a block diagram which shows an example of a server apparatus. It is a block diagram which shows an example of an entrance / exit management apparatus. 3 is an example of a flowchart for explaining an operation of a control unit of the multifunction machine.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information processing system 11 Server apparatus 12 Multifunction machine 121 Control part 121a User reception part (user reception means)
121b determination unit (determination means)
121c Prohibited part (prohibited means)
121d User storage unit (user storage means)
121e Judgment condition storage unit 122 Scanner unit 123 Printer unit 124 Operation unit 125 Display unit 13 Client terminal device 14 Entry / exit management device

Claims (8)

At least two or more of a copier, a scanner, a facsimile, an internet facsimile, and a network printer are connected to be able to communicate with a server device that manages presence / absence information indicating whether or not a predetermined administrator who performs security management is in a predetermined area. This is a multifunction device that can execute the functions of
A determination means for determining whether or not to execute each function based on the presence / absence information;
A multifunction device comprising: prohibiting means for prohibiting execution of the function determined to be unpermitted by the determining means. User receiving means for receiving user identification information that is information for identifying a user,
The multifunction device according to claim 1, wherein the determination unit determines whether to permit execution for each function based on the user identification information. User storage means for storing attribute information representing attributes set in advance for a user in order to determine execution permission for each function in association with the user identification information;
3. The determination unit reads attribute information corresponding to the user identification information from the user storage unit, and determines whether or not to execute each function based on the read attribute information. A multi-function machine described in 1. A client terminal device communicably connected to a server device that manages presence / absence information indicating whether a predetermined administrator performing security management is in a predetermined area,
Based on the presence / absence information, a determination unit that determines whether or not to permit execution for each of a plurality of functions of the client terminal device;
A client terminal device comprising: prohibiting means for prohibiting execution of the function determined to be unpermitted by the determining means. User receiving means for receiving user identification information that is information for identifying a user,
The client terminal apparatus according to claim 4, wherein the determination unit determines whether or not to execute each function based on the user identification information. User storage means for storing attribute information representing attributes set in advance for a user in order to determine execution permission for each function in association with the user identification information;
6. The determination unit reads attribute information corresponding to the user identification information from the user storage unit, and determines whether or not execution is permitted for each function based on the read attribute information. The client terminal device described in 1. An information processing system that provides various information processing functions to a user,
A server device for managing presence / absence information indicating whether or not a predetermined administrator is in a predetermined area;
An information processing system comprising: the multifunction device according to any one of claims 1 to 3; and at least one of the client terminal device according to any one of claims 4 to 6.   When a user including the predetermined administrator is allowed to communicate with the server device and enters the predetermined area and exits the predetermined area, user identification information that is information for identifying the user is received, The information processing system according to claim 7, further comprising an entry / exit management device that transmits the received user identification information to the server device.

Images